Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help!


  • This topic is locked This topic is locked
13 replies to this topic

#1 SEspider

SEspider

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Location:Greenville, NC
  • Local time:06:35 PM

Posted 20 February 2007 - 02:04 AM

Hello everyone. I stumbled abone this site when I did a search on InetGet2. Followed this link. I trieed it and it WORKED!!! THANK YOU SO MUCH!!!
Unfortaintly I'm still having problems. Pop Ups (to ZEDO and other sites), slow computer, and forums (threads, comments, and new images) are not refreshing at all. And I was suppose to start work helping at 360style.net on Monday!!! The last problem is the most fustrating. I've tried retoring to an earlier Date, but I KEEP getting the "Can Not Restore To..." message. I've tried going all the way back to AUGUST 2006!! NOTHING WORKS!!

PLEASE HELP!!![size=4]

Below are images of my "Add/Remove Programs," and my "System Restore."
Below that is my Log from HiJackThis

Don't take it personally if I don't reply soon to thank you. As I said, something is interacting with Forums and sites. Don't worry. I've done a number of test and there doesn't seem to be any viruses or anything encoded with the images below. But to be safe, don't save them. Thanks you.

Logfile of HijackThis v1.99.1
Scan saved at 1:12:11 AM, on 2/20/2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Images Hosted by Imageshack
Posted Image
Posted Image

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\svchosts.exe
C:\Program Files\Network Monitor\netmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Common Files\{B8259167-018E-1033-0722-989805250001}\Update.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = 005618565118
O2 - BHO: (no name) - {40A2988E-C954-4DDE-BD08-453191805BB9} - C:\WINDOWS\system32\durvilz.dll
O2 - BHO: (no name) - {54698A2F-2247-4538-82FC-2B5443D66945} - C:\WINDOWS\system32\drivera.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [{B8259167-018E-1033-0722-989805250001}] "C:\Program Files\Common Files\{B8259167-018E-1033-0722-989805250001}\Update.exe" te-110-12-0000213
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.3.102.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1002230798640
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1002230783659
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: COM+ Messages - Unknown owner - C:\WINDOWS\System32\svchosts.exe" -e te-110-12-0000213 (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe

BC AdBot (Login to Remove)

 


#2 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:11:35 PM

Posted 20 February 2007 - 04:41 AM

Welcome SEspider :thumbsup:

Please download DrWeb-CureIt & save it to your desktop. DO NOT perform a scan yet.

You should copy/print the following because you need to be in Safe Mode from here on.

Reboot your computer into SAFE MODE" using the F8 method.
To do this,restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly.
A menu will appear with several options.
Use the arrow keys on your keyboard to navigate and select the option to run Windows in "Safe Mode".

Scan with DrWeb-CureIt as follows:
* Double-click on drweb-cureit.exe to start the program. An "Express Scan of your PC" notice will appear.
* Under "Start the Express Scan Now", Click "OK" to start. This is a short scan that will scan the files currently running in memory and when something is found, click the Yes button when it asks you if you want to cure it.
* Once the short scan has finished, Click Options > Change settings
* Choose the "Scan tab" and UNcheck "Heuristic analysis"
* Back at the main window, click "Select drives" (a red dot will show which drives have been chosen)
* Then click the "Start/Stop Scanning" button (green arrow on the right) and the scan will start.
* When done, a message will be displayed at the bottom advising if any viruses were found.
* Click "Yes to all" if it asks if you want to cure/move the file.
* When the scan has finished, look if you can see the icon next to the files found. If so, click it, then click the next icon right below and select "Move incurable".
(This will move it to the C:\Documents and Settings\userprofile\DoctorWeb\Quarantine folder if it can't be cured)
* Next, in the Dr.Web CureIt menu on top, click file and choose save report list.
* Save the DrWeb.csv report to your desktop.
* Exit Dr.Web Cureit when done.
* Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
* After reboot, post the contents of the log from Dr.Web in your next reply. (You can use Notepad to open the DrWeb.cvs report)

Post the DrWeb.cvs report and a new Hijackthis log into your next reply please.
Posted Image
Posted Image

#3 SEspider

SEspider
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Location:Greenville, NC
  • Local time:06:35 PM

Posted 23 February 2007 - 06:31 AM

Thanks Much, RichieUK

I did as you said and the logs are below. Unfortaintly I STILL get pop ups (so far not from ZEDO) and the sites STILL don't Refresh Automatically like they should. I keep having to hit F5 to see the new Info, Images and Posts. Even the Advertisements are locked!! This is more fustrating then the pop-ups.
Anyway, The Dr.Web CureIt Scan stopped early at 142202 of 178052. Gave the message "Scanning interrupted by user! - viruses found." No idea why it stopped. I was no where near the computer at the time. I was at the other end of the room drawing at the time. When the scan stopped, I went through and "Move incurable." But there were a LOT of Adwares with no icons and no action made to them. About half provided a Green Dot for editing but had no icons. I let them alone since they were not mentioned in the instructions you gave. I didn't want to risk screwing something up. :thumbsup:
Thanks for your help. I BADLY need it.

On to the Logs!!
-------------------
Dr.Web CureIt

netmon.exe;c:\program files\network monitor;Trojan.DnsChange;Deleted.;
drivera.dll;c:\windows\system32;Trojan.Durvil;Deleted.;
svchosts.exe;c:\windows\system32;Adware.Macfa;Incurable.Deleted.;
131392_1752_1220_2080_73.41.tmp;C:\Documents and Settings\Administrator\Local Settings\Temp;Adware.EliteBar;Incurable.Moved.;
180sainstallersca.exe;C:\Documents and Settings\Administrator\Local Settings\Temp;Trojan.MulDrop.2972;Deleted.;
262316_828_656_2224_73.41.tmp;C:\Documents and Settings\Administrator\Local Settings\Temp;Adware.EliteBar;Incurable.Moved.;
60001.exe;C:\Documents and Settings\Administrator\Local Settings\Temp;Trojan.DownLoader.4536;Deleted.;
cmdinst.exe;C:\Documents and Settings\Administrator\Local Settings\Temp;Adware.IESearch;Incurable.Moved.;
f7111766.exe;C:\Documents and Settings\Administrator\Local Settings\Temp;Adware.Nexus;Incurable.Moved.;
f7119737.exe\data001;C:\Documents and Settings\Administrator\Local Settings\Temp\f7119737.exe;Adware.Nexus;;
f7119737.exe\data002;C:\Documents and Settings\Administrator\Local Settings\Temp\f7119737.exe;Adware.Nexus;;
f7119737.exe;C:\Documents and Settings\Administrator\Local Settings\Temp;Archive contains infected objects;Moved.;
f7351460.exe;C:\Documents and Settings\Administrator\Local Settings\Temp;Adware.Nexus;Incurable.Moved.;
i5.tmp;C:\Documents and Settings\Administrator\Local Settings\Temp;Adware.Surfside;Incurable.Moved.;
installer216.exe;C:\Documents and Settings\Administrator\Local Settings\Temp;Trojan.DownLoader.4387;Deleted.;
jfghjfgudk.exe;C:\Documents and Settings\Administrator\Local Settings\Temp;Trojan.Swizzor;Deleted.;
k_16A2.tmp;C:\Documents and Settings\Administrator\Local Settings\Temp;Adware.EliteBar;Incurable.Moved.;
k_3096.tmp;C:\Documents and Settings\Administrator\Local Settings\Temp;Adware.EliteBar;Incurable.Moved.;
k_315A.tmp;C:\Documents and Settings\Administrator\Local Settings\Temp;Adware.EliteBar;Incurable.Moved.;
k_3D7C.tmp;C:\Documents and Settings\Administrator\Local Settings\Temp;Adware.EliteBar;Incurable.Moved.;
k_4116.tmp;C:\Documents and Settings\Administrator\Local Settings\Temp;Adware.EliteBar;Incurable.Moved.;
k_5364.tmp;C:\Documents and Settings\Administrator\Local Settings\Temp;Adware.EliteBar;Incurable.Moved.;
k_8DEA.tmp;C:\Documents and Settings\Administrator\Local Settings\Temp;Adware.EliteBar;Incurable.Moved.;
k_D030.tmp;C:\Documents and Settings\Administrator\Local Settings\Temp;Adware.EliteBar;Incurable.Moved.;
k_E316.tmp;C:\Documents and Settings\Administrator\Local Settings\Temp;Adware.EliteBar;Incurable.Moved.;
k_EC3B.tmp;C:\Documents and Settings\Administrator\Local Settings\Temp;Adware.EliteBar;Incurable.Moved.;
k_F3FF.tmp;C:\Documents and Settings\Administrator\Local Settings\Temp;Adware.EliteBar;Incurable.Moved.;
MediaAccessInstPack.exe;C:\Documents and Settings\Administrator\Local Settings\Temp;Adware.Winad;Incurable.Moved.;
NNCLXA638.EXE;C:\Documents and Settings\Administrator\Local Settings\Temp;Adware.NewDotNet;Incurable.Moved.;
pcs_0002.exe;C:\Documents and Settings\Administrator\Local Settings\Temp;Trojan.DownLoader.2432;Deleted.;
ptf_0002.exe;C:\Documents and Settings\Administrator\Local Settings\Temp;Adware.PaciMedia;Incurable.Moved.;
res12.tmp;C:\Documents and Settings\Administrator\Local Settings\Temp;Adware.nCase;Incurable.Moved.;
res412.tmp;C:\Documents and Settings\Administrator\Local Settings\Temp;Adware.nCase;Incurable.Moved.;
SSK3_B5 Seedcorn 4.exe;C:\Documents and Settings\Administrator\Local Settings\Temp;Trojan.MulDrop.2321;Deleted.;
mm[2].js;C:\Documents and Settings\Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\MHRF9F22;Adware.Chikita;Incurable.Moved.;
rcverlib[1].exe;C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\8X270TMZ;Adware.Nexus;Incurable.Moved.;
knnp.exe;C:\Documents and Settings\All Users\Start Menu\Programs\Startup;Adware.Nexus;Incurable.Moved.;
!update.exe;C:\Documents and Settings\SEspider.GALAXY-12FJ916C\Local Settings\Temp;Trojan.PurityAd;Deleted.;
1168401578gmoBa.exe;C:\Documents and Settings\SEspider.GALAXY-12FJ916C\Local Settings\Temp;Trojan.DownLoader.17526;Deleted.;
cmdinst.exe;C:\Documents and Settings\SEspider.GALAXY-12FJ916C\Local Settings\Temp;Trojan.Proxy.493;Incurable.Moved.;
ze.exe;C:\Documents and Settings\SEspider.GALAXY-12FJ916C\Local Settings\Temp;Adware.Macfa;Incurable.Moved.;
~ds39990.tmp;C:\Documents and Settings\SEspider.GALAXY-12FJ916C\Local Settings\Temp;Trojan.Durvil;Deleted.;
WxBug.EXE;C:\Program Files\AIM\Sysfiles;Adware.Aws;Incurable.Moved.;
MiniBugTransporter.dll;C:\Program Files\AWS\WeatherBug;Adware.Aws;Incurable.Moved.;
mc-58-12-0000119.exe;C:\Program Files\Common Files;Trojan.DownLoader.4473;Incurable.Moved.;
Yazzle1122OinAdmin.exe\data001;C:\Program Files\Common Files\Yazzle1122OinAdmin.exe;Adware.ClickSpring;;
Yazzle1122OinAdmin.exe;C:\Program Files\Common Files;Archive contains infected objects;Moved.;
imiia.exe;C:\Program Files\Common Files\imii;Trojan.DownLoader.5289;Deleted.;
imiil.exe;C:\Program Files\Common Files\imii;Adware.TargetServer;Incurable.Moved.;
imiim.exe;C:\Program Files\Common Files\imii;Adware.TargetServer;Incurable.Moved.;
imiip.exe;C:\Program Files\Common Files\imii;Adware.TargetServer;Incurable.Moved.;
imiic.dll;C:\Program Files\Common Files\imii\imiid;Adware.TargetServer;Incurable.Moved.;
mc-58-12-0000119.exe;C:\Program Files\Common Files\Windows;Trojan.Maxi;Incurable.Moved.;
services32.exe;C:\Program Files\Common Files\Windows;Trojan.DownLoader.3926;Deleted.;
system.dll;C:\Program Files\Common Files\{B8259167-018D-1033-0722-989805250001};Adware.Macfa;Incurable.Moved.;
Update.exe;C:\Program Files\Common Files\{B8259167-018D-1033-0722-989805250001};Adware.Macfa;Incurable.Moved.;
system.dll;C:\Program Files\Common Files\{B8259167-018E-1033-0722-989805250001};Adware.Macfa;Incurable.Moved.;
Update.exe;C:\Program Files\Common Files\{B8259167-018E-1033-0722-989805250001};Adware.Macfa;Incurable.Moved.;
Catcher.dll;C:\Program Files\DNS;Adware.Catcher;Incurable.Moved.;
cwebpage.dll;C:\Program Files\DNS;Adware.Maxifiles;Incurable.Moved.;
ace.dll;C:\Program Files\Mysdaz;Adware.Apropos;Incurable.Moved.;
atl.dll;C:\Program Files\Mysdaz;Adware.Apropos;Incurable.Moved.;
dskhupnp.exe;C:\Program Files\Mysdaz;Adware.Apropos;Incurable.Moved.;
ipnquoui.exe;C:\Program Files\Mysdaz;Adware.Apropos;Incurable.Moved.;
WinGenerics.dll;C:\Program Files\Mysdaz;Adware.Apropos;Incurable.Moved.;
plugin.dll;C:\Program Files\System Files;Adware.Casclient;Incurable.Moved.;
Dc422.exe;C:\Recycled;Trojan.MulDrop.2785;Deleted.;
Dc429.exe;C:\Recycled;Adware.PaciMedia;;
MediaAccC.dll;C:\Recycled\Dc419;Adware.Winad;;
MediaAccess.exe;C:\Recycled\Dc419;Adware.Winad;;
MediaAccK.exe;C:\Recycled\Dc419;Adware.Winad;;
nxuggpk.exe;C:\Recycled\Dc420;Trojan.DownLoader.4504;Deleted.;
nt_hide73.dll;C:\Recycled\Dc421;Trojan.Elitehide;Deleted.;
pokapoka73.exe;C:\Recycled\Dc421;Trojan.MulDrop.2767;Deleted.;
system.dll;C:\RECYCLER\S-1-5-18\Dc1;Adware.Macfa;;
Update.exe;C:\RECYCLER\S-1-5-18\Dc1;Adware.Macfa;;
system.dll;C:\RECYCLER\S-1-5-18\Dc10;Adware.Macfa;;
Update.exe;C:\RECYCLER\S-1-5-18\Dc10;Adware.Macfa;;
system.dll;C:\RECYCLER\S-1-5-18\Dc11;Adware.Macfa;;
Update.exe;C:\RECYCLER\S-1-5-18\Dc11;Adware.Macfa;;
system.dll;C:\RECYCLER\S-1-5-18\Dc12;Adware.Macfa;;
Update.exe;C:\RECYCLER\S-1-5-18\Dc12;Adware.Macfa;;
system.dll;C:\RECYCLER\S-1-5-18\Dc13;Adware.Macfa;;
Update.exe;C:\RECYCLER\S-1-5-18\Dc13;Adware.Macfa;;
system.dll;C:\RECYCLER\S-1-5-18\Dc14;Adware.Macfa;;
Update.exe;C:\RECYCLER\S-1-5-18\Dc14;Adware.Macfa;;
system.dll;C:\RECYCLER\S-1-5-18\Dc15;Adware.Macfa;;
Update.exe;C:\RECYCLER\S-1-5-18\Dc15;Adware.Macfa;;
system.dll;C:\RECYCLER\S-1-5-18\Dc16;Adware.Macfa;;
Update.exe;C:\RECYCLER\S-1-5-18\Dc16;Adware.Macfa;;
system.dll;C:\RECYCLER\S-1-5-18\Dc17;Adware.Macfa;;
Update.exe;C:\RECYCLER\S-1-5-18\Dc17;Adware.Macfa;;
system.dll;C:\RECYCLER\S-1-5-18\Dc18;Adware.Macfa;;
Update.exe;C:\RECYCLER\S-1-5-18\Dc18;Adware.Macfa;;
system.dll;C:\RECYCLER\S-1-5-18\Dc19;Adware.Macfa;;
Update.exe;C:\RECYCLER\S-1-5-18\Dc19;Adware.Macfa;;
SPAM!;C:\RECYCLER\S-1-5-18\Dc2;Adware.Macfa;;
SPAM!!.exe;C:\RECYCLER\S-1-5-18\Dc2;Adware.Macfa;;
system.dll;C:\RECYCLER\S-1-5-18\Dc20;Adware.Macfa;;
Update.exe;C:\RECYCLER\S-1-5-18\Dc20;Adware.Macfa;;
system.dll;C:\RECYCLER\S-1-5-18\Dc21;Adware.Macfa;;
Update.exe;C:\RECYCLER\S-1-5-18\Dc21;Adware.Macfa;;
system.dll;C:\RECYCLER\S-1-5-18\Dc22;Adware.Macfa;;
Update.exe;C:\RECYCLER\S-1-5-18\Dc22;Adware.Macfa;;
system.dll;C:\RECYCLER\S-1-5-18\Dc23;Adware.Macfa;;
Update.exe;C:\RECYCLER\S-1-5-18\Dc23;Adware.Macfa;;
system.dll;C:\RECYCLER\S-1-5-18\Dc24;Adware.Macfa;;
Update.exe;C:\RECYCLER\S-1-5-18\Dc24;Adware.Macfa;;
system.dll;C:\RECYCLER\S-1-5-18\Dc25;Adware.Macfa;;
Update.exe;C:\RECYCLER\S-1-5-18\Dc25;Adware.Macfa;;
system.dll;C:\RECYCLER\S-1-5-18\Dc26;Adware.Macfa;;
Update.exe;C:\RECYCLER\S-1-5-18\Dc26;Adware.Macfa;;
system.dll;C:\RECYCLER\S-1-5-18\Dc27;Adware.Macfa;;
Update.exe;C:\RECYCLER\S-1-5-18\Dc27;Adware.Macfa;;
system.dll;C:\RECYCLER\S-1-5-18\Dc28;Adware.Macfa;;
Update.exe;C:\RECYCLER\S-1-5-18\Dc28;Adware.Macfa;;
system.dll;C:\RECYCLER\S-1-5-18\Dc29;Adware.Macfa;;
Update.exe;C:\RECYCLER\S-1-5-18\Dc29;Adware.Macfa;;
system.dll;C:\RECYCLER\S-1-5-18\Dc3;Adware.Macfa;;
Update.exe;C:\RECYCLER\S-1-5-18\Dc3;Adware.Macfa;;
system.dll;C:\RECYCLER\S-1-5-18\Dc30;Adware.Macfa;;
Update.exe;C:\RECYCLER\S-1-5-18\Dc30;Adware.Macfa;;
system.dll;C:\RECYCLER\S-1-5-18\Dc31;Adware.Macfa;;
Update.exe;C:\RECYCLER\S-1-5-18\Dc31;Adware.Macfa;;
system.dll;C:\RECYCLER\S-1-5-18\Dc32;Adware.Macfa;;
Update.exe;C:\RECYCLER\S-1-5-18\Dc32;Adware.Macfa;;
system.dll;C:\RECYCLER\S-1-5-18\Dc33;Adware.Macfa;;
Update.exe;C:\RECYCLER\S-1-5-18\Dc33;Adware.Macfa;;
system.dll;C:\RECYCLER\S-1-5-18\Dc34;Adware.Macfa;;
Update.exe;C:\RECYCLER\S-1-5-18\Dc34;Adware.Macfa;;
system.dll;C:\RECYCLER\S-1-5-18\Dc35;Adware.Macfa;;
Update.exe;C:\RECYCLER\S-1-5-18\Dc35;Adware.Macfa;;
system.dll;C:\RECYCLER\S-1-5-18\Dc36;Adware.Macfa;;
Update.exe;C:\RECYCLER\S-1-5-18\Dc36;Adware.Macfa;;
system.dll;C:\RECYCLER\S-1-5-18\Dc37;Adware.Macfa;;
Update.exe;C:\RECYCLER\S-1-5-18\Dc37;Adware.Macfa;;
system.dll;C:\RECYCLER\S-1-5-18\Dc38;Adware.Macfa;;
Update.exe;C:\RECYCLER\S-1-5-18\Dc38;Adware.Macfa;;
system.dll;C:\RECYCLER\S-1-5-18\Dc39;Adware.Macfa;;
Update.exe;C:\RECYCLER\S-1-5-18\Dc39;Adware.Macfa;;
system.dll;C:\RECYCLER\S-1-5-18\Dc4;Adware.Macfa;;
Update.exe;C:\RECYCLER\S-1-5-18\Dc4;Adware.Macfa;;
system.dll;C:\RECYCLER\S-1-5-18\Dc40;Adware.Macfa;;
Update.exe;C:\RECYCLER\S-1-5-18\Dc40;Adware.Macfa;;
system.dll;C:\RECYCLER\S-1-5-18\Dc41;Adware.Macfa;;
Update.exe;C:\RECYCLER\S-1-5-18\Dc41;Adware.Macfa;;
system.dll;C:\RECYCLER\S-1-5-18\Dc42;Adware.Macfa;;
Update.exe;C:\RECYCLER\S-1-5-18\Dc42;Adware.Macfa;;
system.dll;C:\RECYCLER\S-1-5-18\Dc43;Adware.Macfa;;
Update.exe;C:\RECYCLER\S-1-5-18\Dc43;Adware.Macfa;;
system.dll;C:\RECYCLER\S-1-5-18\Dc44;Adware.Macfa;;
Update.exe;C:\RECYCLER\S-1-5-18\Dc44;Adware.Macfa;;
system.dll;C:\RECYCLER\S-1-5-18\Dc45;Adware.Macfa;;
Update.exe;C:\RECYCLER\S-1-5-18\Dc45;Adware.Macfa;;
system.dll;C:\RECYCLER\S-1-5-18\Dc46;Adware.Macfa;;
Update.exe;C:\RECYCLER\S-1-5-18\Dc46;Adware.Macfa;;
system.dll;C:\RECYCLER\S-1-5-18\Dc47;Adware.Macfa;;
Update.exe;C:\RECYCLER\S-1-5-18\Dc47;Adware.Macfa;;
system.dll;C:\RECYCLER\S-1-5-18\Dc48;Adware.Macfa;;
Update.exe;C:\RECYCLER\S-1-5-18\Dc48;Adware.Macfa;;
system.dll;C:\RECYCLER\S-1-5-18\Dc49;Adware.Macfa;;
Update.exe;C:\RECYCLER\S-1-5-18\Dc49;Adware.Macfa;;
system.dll;C:\RECYCLER\S-1-5-18\Dc5;Adware.Macfa;;
Update.exe;C:\RECYCLER\S-1-5-18\Dc5;Adware.Macfa;;
system.dll;C:\RECYCLER\S-1-5-18\Dc50;Adware.Macfa;;
Update.exe;C:\RECYCLER\S-1-5-18\Dc50;Adware.Macfa;;
system.dll;C:\RECYCLER\S-1-5-18\Dc51;Adware.Macfa;;
Update.exe;C:\RECYCLER\S-1-5-18\Dc51;Adware.Macfa;;
system.dll;C:\RECYCLER\S-1-5-18\Dc6;Adware.Macfa;;
Update.exe;C:\RECYCLER\S-1-5-18\Dc6;Adware.Macfa;;
system.dll;C:\RECYCLER\S-1-5-18\Dc7;Adware.Macfa;;
Update.exe;C:\RECYCLER\S-1-5-18\Dc7;Adware.Macfa;;
system.dll;C:\RECYCLER\S-1-5-18\Dc8;Adware.Macfa;;
Update.exe;C:\RECYCLER\S-1-5-18\Dc8;Adware.Macfa;;
system.dll;C:\RECYCLER\S-1-5-18\Dc9;Adware.Macfa;;
Update.exe;C:\RECYCLER\S-1-5-18\Dc9;Adware.Macfa;;
A0034888.exe;C:\System Volume Information\_restore{8E9DC7BE-753C-4CED-B551-03F8622E0156}\RP215;Trojan.Durvil;Deleted.;
A0034889.exe;C:\System Volume Information\_restore{8E9DC7BE-753C-4CED-B551-03F8622E0156}\RP215;Trojan.Durvil;Deleted.;
A0034890.exe;C:\System Volume Information\_restore{8E9DC7BE-753C-4CED-B551-03F8622E0156}\RP215;Trojan.Durvil;Deleted.;
A0034898.exe;C:\System Volume Information\_restore{8E9DC7BE-753C-4CED-B551-03F8622E0156}\RP215;Trojan.Durvil;Deleted.;
A0034899.exe;C:\System Volume Information\_restore{8E9DC7BE-753C-4CED-B551-03F8622E0156}\RP215;Trojan.Durvil;Deleted.;
A0034902.exe;C:\System Volume Information\_restore{8E9DC7BE-753C-4CED-B551-03F8622E0156}\RP215;Trojan.Durvil;Deleted.;
A0034921.exe;C:\System Volume Information\_restore{8E9DC7BE-753C-4CED-B551-03F8622E0156}\RP215;Trojan.Durvil;Deleted.;
A0034922.exe;C:\System Volume Information\_restore{8E9DC7BE-753C-4CED-B551-03F8622E0156}\RP215;Trojan.Durvil;Deleted.;
A0034928.dll;C:\System Volume Information\_restore{8E9DC7BE-753C-4CED-B551-03F8622E0156}\RP215;Adware.Maxifiles;Incurable.Moved.;
A0034929.exe;C:\System Volume Information\_restore{8E9DC7BE-753C-4CED-B551-03F8622E0156}\RP215;Adware.Maxifiles;Incurable.Moved.;
A0034957.exe;C:\System Volume Information\_restore{8E9DC7BE-753C-4CED-B551-03F8622E0156}\RP215;Trojan.Durvil;Deleted.;
A0034958.exe;C:\System Volume Information\_restore{8E9DC7BE-753C-4CED-B551-03F8622E0156}\RP215;Trojan.Durvil;Deleted.;
A0034960.exe;C:\System Volume Information\_restore{8E9DC7BE-753C-4CED-B551-03F8622E0156}\RP215;Trojan.Durvil;Deleted.;
A0034962.exe;C:\System Volume Information\_restore{8E9DC7BE-753C-4CED-B551-03F8622E0156}\RP216;Trojan.Durvil;Deleted.;
A0035961.exe;C:\System Volume Information\_restore{8E9DC7BE-753C-4CED-B551-03F8622E0156}\RP216;Trojan.Durvil;Deleted.;
A0035962.exe;C:\System Volume Information\_restore{8E9DC7BE-753C-4CED-B551-03F8622E0156}\RP216;Trojan.Durvil;Deleted.;
A0035985.exe;C:\System Volume Information\_restore{8E9DC7BE-753C-4CED-B551-03F8622E0156}\RP217;Trojan.Durvil;Deleted.;
A0035986.exe;C:\System Volume Information\_restore{8E9DC7BE-753C-4CED-B551-03F8622E0156}\RP217;Trojan.Durvil;Deleted.;
A0035990.exe;C:\System Volume Information\_restore{8E9DC7BE-753C-4CED-B551-03F8622E0156}\RP217;Trojan.Durvil;Deleted.;
A0038010.exe;C:\System Volume Information\_restore{8E9DC7BE-753C-4CED-B551-03F8622E0156}\RP217;Trojan.Durvil;Deleted.;
A0038011.exe;C:\System Volume Information\_restore{8E9DC7BE-753C-4CED-B551-03F8622E0156}\RP217;Trojan.Durvil;Deleted.;
A0038014.exe;C:\System Volume Information\_restore{8E9DC7BE-753C-4CED-B551-03F8622E0156}\RP217;Trojan.Durvil;Deleted.;
A0039012.exe;C:\System Volume Information\_restore{8E9DC7BE-753C-4CED-B551-03F8622E0156}\RP218;Trojan.Durvil;Deleted.;
A0039013.exe;C:\System Volume Information\_restore{8E9DC7BE-753C-4CED-B551-03F8622E0156}\RP218;Trojan.Durvil;Deleted.;
A0039016.exe;C:\System Volume Information\_restore{8E9DC7BE-753C-4CED-B551-03F8622E0156}\RP218;Trojan.Durvil;Deleted.;
A0039038.exe;C:\System Volume Information\_restore{8E9DC7BE-753C-4CED-B551-03F8622E0156}\RP219;Trojan.Durvil;Deleted.;
A0039039.exe;C:\System Volume Information\_restore{8E9DC7BE-753C-4CED-B551-03F8622E0156}\RP219;Trojan.Durvil;Deleted.;
A0039040.exe;C:\System Volume Information\_restore{8E9DC7BE-753C-4CED-B551-03F8622E0156}\RP219;Trojan.Durvil;Deleted.;
A0040047.exe;C:\System Volume Information\_restore{8E9DC7BE-753C-4CED-B551-03F8622E0156}\RP219;Trojan.Durvil;Deleted.;
A0040048.exe;C:\System Volume Information\_restore{8E9DC7BE-753C-4CED-B551-03F8622E0156}\RP219;Trojan.Durvil;Deleted.;
A0040057.dll;C:\System Volume Information\_restore{8E9DC7BE-753C-4CED-B551-03F8622E0156}\RP219;Adware.Maxifiles;Incurable.Moved.;
A0040058.exe;C:\System Volume Information\_restore{8E9DC7BE-753C-4CED-B551-03F8622E0156}\RP219;Adware.Maxifiles;Incurable.Moved.;
A0040108.exe;C:\System Volume Information\_restore{8E9DC7BE-753C-4CED-B551-03F8622E0156}\RP221;Trojan.Durvil;Deleted.;
A0040109.exe;C:\System Volume Information\_restore{8E9DC7BE-753C-4CED-B551-03F8622E0156}\RP221;Trojan.Durvil;Deleted.;
A0040135.exe;C:\System Volume Information\_restore{8E9DC7BE-753C-4CED-B551-03F8622E0156}\RP221;Trojan.Durvil;Deleted.;
A0040136.exe;C:\System Volume Information\_restore{8E9DC7BE-753C-4CED-B551-03F8622E0156}\RP221;Trojan.Durvil;Deleted.;
A0040138.exe;C:\System Volume Information\_restore{8E9DC7BE-753C-4CED-B551-03F8622E0156}\RP221;Trojan.Durvil;Deleted.;
A0040170.exe;C:\System Volume Information\_restore{8E9DC7BE-753C-4CED-B551-03F8622E0156}\RP223;Trojan.Durvil;Deleted.;
A0040171.exe;C:\System Volume Information\_restore{8E9DC7BE-753C-4CED-B551-03F8622E0156}\RP223;Trojan.Durvil;Deleted.;
A0041176.exe;C:\System Volume Information\_restore{8E9DC7BE-753C-4CED-B551-03F8622E0156}\RP224;Trojan.Durvil;Deleted.;
A0041177.exe;C:\System Volume Information\_restore{8E9DC7BE-753C-4CED-B551-03F8622E0156}\RP224;Trojan.Durvil;Deleted.;
A0041196.exe;C:\System Volume Information\_restore{8E9DC7BE-753C-4CED-B551-03F8622E0156}\RP225;Trojan.Durvil;Deleted.;
A0041197.exe;C:\System Volume Information\_restore{8E9DC7BE-753C-4CED-B551-03F8622E0156}\RP225;Trojan.Durvil;Deleted.;
A0041232.exe;C:\System Volume Information\_restore{8E9DC7BE-753C-4CED-B551-03F8622E0156}\RP226;Trojan.Durvil;Deleted.;
A0041233.exe;C:\System Volume Information\_restore{8E9DC7BE-753C-4CED-B551-03F8622E0156}\RP226;Trojan.Durvil;Deleted.;
A0041237.dll;C:\System Volume Information\_restore{8E9DC7BE-753C-4CED-B551-03F8622E0156}\RP226;Adware.Macfa;Incurable.Moved.;
A0041238.exe;C:\System Volume Information\_restore{8E9DC7BE-753C-4CED-B551-03F8622E0156}\RP226;Adware.Macfa;Incurable.Moved.;
A0041246.dll;C:\System Volume Information\_restore{8E9DC7BE-753C-4CED-B551-03F8622E0156}\RP227;Adware.Macfa;Incurable.Moved.;
A0041247.exe;C:\System Volume Information\_restore{8E9DC7BE-753C-4CED-B551-03F8622E0156}\RP227;Adware.Macfa;Incurable.Moved.;
A0041255.dll;C:\System Volume Information\_restore{8E9DC7BE-753C-4CED-B551-03F8622E0156}\RP228;Adware.Macfa;Incurable.Moved.;
A0041256.exe;C:\System Volume Information\_restore{8E9DC7BE-753C-4CED-B551-03F8622E0156}\RP228;Adware.Macfa;Incurable.Moved.;
A0041262.dll;C:\System Volume Information\_restore{8E9DC7BE-753C-4CED-B551-03F8622E0156}\RP229;Adware.Macfa;Incurable.Moved.;
A0041263.exe;C:\System Volume Information\_restore{8E9DC7BE-753C-4CED-B551-03F8622E0156}\RP229;Adware.Macfa;Incurable.Moved.;
A0041273.dll;C:\System Volume Information\_restore{8E9DC7BE-753C-4CED-B551-03F8622E0156}\RP229;Trojan.Proxy.493;Deleted.;
A0041274.exe;C:\System Volume Information\_restore{8E9DC7BE-753C-4CED-B551-03F8622E0156}\RP229;Trojan.Proxy.493;Deleted.;
A0041277.dll;C:\System Volume Information\_restore{8E9DC7BE-753C-4CED-B551-03F8622E0156}\RP229;Adware.Maxifiles;Incurable.Moved.;
A0041278.exe;C:\System Volume Information\_restore{8E9DC7BE-753C-4CED-B551-03F8622E0156}\RP229;Adware.Maxifiles;Incurable.Moved.;
A0041311.exe;C:\System Volume Information\_restore{8E9DC7BE-753C-4CED-B551-03F8622E0156}\RP229;Trojan.Durvil;Deleted.;
A0041312.exe;C:\System Volume Information\_restore{8E9DC7BE-753C-4CED-B551-03F8622E0156}\RP229;Trojan.Durvil;Deleted.;
A0041353.exe;C:\System Volume Information\_restore{8E9DC7BE-753C-4CED-B551-03F8622E0156}\RP231;Trojan.Durvil;Deleted.;
A0041354.exe;C:\System Volume Information\_restore{8E9DC7BE-753C-4CED-B551-03F8622E0156}\RP231;Trojan.Durvil;Deleted.;
A0041355.exe;C:\System Volume Information\_restore{8E9DC7BE-753C-4CED-B551-03F8622E0156}\RP231;Trojan.Durvil;Deleted.;
A0041364.exe;C:\System Volume Information\_restore{8E9DC7BE-753C-4CED-B551-03F8622E0156}\RP231;Trojan.DnsChange;Deleted.;
A0041365.dll;C:\System Volume Information\_restore{8E9DC7BE-753C-4CED-B551-03F8622E0156}\RP231;Trojan.Durvil;Deleted.;
A0041366.exe;C:\System Volume Information\_restore{8E9DC7BE-753C-4CED-B551-03F8622E0156}\RP231;Adware.Macfa;Incurable.Moved.;
A0041367.exe;C:\System Volume Information\_restore{8E9DC7BE-753C-4CED-B551-03F8622E0156}\RP231;Trojan.MulDrop.2972;Deleted.;
A0041368.exe;C:\System Volume Information\_restore{8E9DC7BE-753C-4CED-B551-03F8622E0156}\RP231;Trojan.DownLoader.4536;Deleted.;
A0041369.exe\data001;C:\System Volume Information\_restore{8E9DC7BE-753C-4CED-B551-03F8622E0156}\RP231\A0041369.exe;Adware.Nexus;;
A0041369.exe\data002;C:\System Volume Information\_restore{8E9DC7BE-753C-4CED-B551-03F8622E0156}\RP231\A0041369.exe;Adware.Nexus;;
A0041369.exe;C:\System Volume Information\_restore{8E9DC7BE-753C-4CED-B551-03F8622E0156}\RP231;Archive contains infected objects;Moved.;
A0041370.exe;C:\System Volume Information\_restore{8E9DC7BE-753C-4CED-B551-03F8622E0156}\RP231;Trojan.DownLoader.4387;Deleted.;
A0041371.exe;C:\System Volume Information\_restore{8E9DC7BE-753C-4CED-B551-03F8622E0156}\RP231;Trojan.Swizzor;Deleted.;
A0041372.exe;C:\System Volume Information\_restore{8E9DC7BE-753C-4CED-B551-03F8622E0156}\RP231;Trojan.DownLoader.2432;Deleted.;
A0041373.exe;C:\System Volume Information\_restore{8E9DC7BE-753C-4CED-B551-03F8622E0156}\RP231;Trojan.MulDrop.2321;Deleted.;
A0041374.exe;C:\System Volume Information\_restore{8E9DC7BE-753C-4CED-B551-03F8622E0156}\RP231;Trojan.DownLoader.4473;Incurable.Moved.;
A0041375.exe\data001;C:\System Volume Information\_restore{8E9DC7BE-753C-4CED-B551-03F8622E0156}\RP231\A0041375.exe;Adware.ClickSpring;;
A0041375.exe;C:\System Volume Information\_restore{8E9DC7BE-753C-4CED-B551-03F8622E0156}\RP231;Archive contains infected objects;Moved.;
A0041376.exe;C:\System Volume Information\_restore{8E9DC7BE-753C-4CED-B551-03F8622E0156}\RP231;Trojan.DownLoader.5289;Deleted.;
A0041377.exe;C:\System Volume Information\_restore{8E9DC7BE-753C-4CED-B551-03F8622E0156}\RP231;Trojan.Maxi;Incurable.Moved.;
A0041378.exe;C:\System Volume Information\_restore{8E9DC7BE-753C-4CED-B551-03F8622E0156}\RP231;Trojan.DownLoader.3926;Deleted.;
A0041379.exe;C:\System Volume Information\_restore{8E9DC7BE-753C-4CED-B551-03F8622E0156}\RP231;Trojan.MulDrop.2785;Deleted.;
A0041380.exe;C:\System Volume Information\_restore{8E9DC7BE-753C-4CED-B551-03F8622E0156}\RP231;Trojan.DownLoader.4504;Deleted.;
A0041381.dll;C:\System Volume Information\_restore{8E9DC7BE-753C-4CED-B551-03F8622E0156}\RP231;Trojan.Elitehide;Deleted.;
A0041382.exe;C:\System Volume Information\_restore{8E9DC7BE-753C-4CED-B551-03F8622E0156}\RP231;Trojan.MulDrop.2767;Deleted.;
monterreya_unknown.exe;C:\WINDOWS;Trojan.Durvil;Deleted.;
NDNuninstall6_38.exe;C:\WINDOWS;Adware.NewDotNet;Incurable.Moved.;
NDNuninstall6_90.exe;C:\WINDOWS;Adware.NewDotNet;Incurable.Moved.;
drivera.exe;C:\WINDOWS\system32;Trojan.Durvil;Deleted.;
druidy_redux.exe;C:\WINDOWS\system32;Trojan.Durvil;Deleted.;
druidz_unknown.exe;C:\WINDOWS\system32;Trojan.Durvil;Deleted.;
durvily.dll;C:\WINDOWS\system32;Trojan.Durvil;Deleted.;
durvily.exe;C:\WINDOWS\system32;Trojan.Durvil;Deleted.;
durvilz.exe;C:\WINDOWS\system32;Trojan.Durvil;Deleted.;
lsasss.exe;C:\WINDOWS\system32;Trojan.DownLoader.17526;Deleted.;
monterreya_unknown.exe;C:\WINDOWS\system32;Trojan.Durvil;Deleted.;
regapi.exe;C:\WINDOWS\system32;Trojan.DownLoader.18340;Deleted.;
~ds39990.tmp;C:\WINDOWS\Temp;Trojan.Durvil;Deleted.;

------------------------------------------------
HiJackThis Log

Logfile of HijackThis v1.99.1
Scan saved at 5:51:39 AM, on 2/23/2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = 005618565118
O2 - BHO: (no name) - {40A2988E-C954-4DDE-BD08-453191805BB9} - C:\WINDOWS\system32\durvilz.dll
O2 - BHO: (no name) - {54698A2F-2247-4538-82FC-2B5443D66945} - C:\WINDOWS\system32\drivera.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.3.102.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1002230798640
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1002230783659
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: COM+ Messages - Unknown owner - C:\WINDOWS\System32\svchosts.exe" -e te-110-12-0000213 (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)

Posted Image

#4 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:11:35 PM

Posted 23 February 2007 - 07:51 AM

Ok,please do the following:
Click on Start>Run,type msconfig then press Ok.
Under the Startup tab,place a check in ALL the boxes,press Apply/Ok.
Reboot when prompted.
Post a new Hijackthis log into your next reply.
Posted Image
Posted Image

#5 SEspider

SEspider
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Location:Greenville, NC
  • Local time:06:35 PM

Posted 23 February 2007 - 10:31 AM

This Poped up. It's the Only error message I got.
Posted Image

Just a side note. I don't want all of those programs (14) to load at Start Up.

It may be Sat. before I get to try any other advice you post. I celebrate my B-day today and wiil not be on the PC. ^_^

---------------


Logfile of HijackThis v1.99.1
Scan saved at 10:23:52 AM, on 2/23/2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.5.0_05\bin\jucheck.exe
C:\Program Files\Common Files\AOL\1162197751\ee\AOLSoftware.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\AIM\aim.exe
C:\Corel\Suite8\Programs\DAD8.EXE
C:\Program Files\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = 005618565118
O2 - BHO: (no name) - {40A2988E-C954-4DDE-BD08-453191805BB9} - C:\WINDOWS\system32\durvilz.dll
O2 - BHO: (no name) - {54698A2F-2247-4538-82FC-2B5443D66945} - C:\WINDOWS\system32\drivera.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [{B8259167-018E-1033-0722-989805250001}] "C:\Program Files\Common Files\{B8259167-018E-1033-0722-989805250001}\Update.exe" te-110-12-0000213
O4 - HKLM\..\Run: [{B8259167-018D-1033-0722-989805250001}] "C:\Program Files\Common Files\{B8259167-018D-1033-0722-989805250001}\Update.exe" te-110-12-0000213
O4 - HKLM\..\Run: [WhenUSearchWHSE] "C:\Program Files\WhenUSearch\whse.exe"
O4 - HKLM\..\Run: [WhenUSearch] "C:\Program Files\WhenUSearch\Search.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s
O4 - HKLM\..\Run: [Lexmark_X79-55] C:\WINDOWS\System32\lsasss.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IpWins] C:\Program Files\Ipwindows\ipwins.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1162197751\ee\AOLSoftware.exe
O4 - HKCU\..\Run: [WhenUSave] "C:\Program Files\Save\Save.exe"
O4 - HKCU\..\Run: [Rswp] "C:\WINDOWS\WNSXS~1\scanregw.exe" -vt yazb
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Lvjrplna] C:\WINDOWS\?ppPatch\?vchost.exe
O4 - HKCU\..\Run: [imii] C:\PROGRA~1\COMMON~1\imii\imiim.exe
O4 - HKCU\..\Run: [iimi] C:\Program Files\InetGet2\stub_109_4_0_4_0.exe
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\IGN\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Corel Desktop Application Director 8.LNK = C:\Corel\Suite8\Programs\DAD8.EXE
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\Wtablet\TabUserW.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.3.102.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1002230798640
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1002230783659
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: COM+ Messages - Unknown owner - C:\WINDOWS\System32\svchosts.exe" -e te-110-12-0000213 (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)

#6 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:11:35 PM

Posted 23 February 2007 - 10:51 AM

Download\install AVG Free Edition Antivirus:
http://free.grisoft.com/softw/70free/setup...ree_441a944.exe
Update its definitions and run a full system virus scan.

****************************

Download SDFix and save it to your desktop.
http://downloads.andymanchesta.com/RemovalTools/SDFix.zip

Please then reboot your computer into Safe Mode by doing the following :

* Restart your computer
* After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
* Instead of Windows loading as normal, a menu with options should appear;
* Select the first option, to run Windows in Safe Mode, then press "Enter".
* Choose your usual account.

* In Safe Mode, right click the SDFix.zip folder and choose Extract All,
* Open the extracted folder and double click RunThis.bat to start the script.
* Type Y to begin the script.
* It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
* Press any Key and it will restart the PC.
* Your system will take longer that normal to restart as the fixtool will be running and removing files.
* When the desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons.
* Finally open the SDFix folder on your desktop,then copy and paste the contents of the results file Report.txt into your next reply,along with a new Hijackthis log please.
Posted Image
Posted Image

#7 SEspider

SEspider
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Location:Greenville, NC
  • Local time:06:35 PM

Posted 23 February 2007 - 10:39 PM

Posted Image


SDFix: Version 1.68

Run by SEspider - Fri 02/23/2007 @ 21:28:53.97

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:

Name:
COM+ Messages

Path:
"C:\WINDOWS\System32\svchosts.exe" -e te-110-12-0000213

COM+ Messages Deleted

Restoring Windows Registry Entries
Restoring Default Hosts File


Rebooting...

Normal Mode:
Checking Files:

Below files will be copied to Backups folder then removed:

C:\WINDOWS\system32\abc.exe - Deleted
C:\WINDOWS\system32\unsvchosts.lzma - Deleted



ADS Check:

C:\WINDOWS\system32
No streams found.


Final Check:

Remaining Services:
------------------


Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"


Remaining Files:
---------------

Backups Folder: - C:\SDFix\backups\backups.zip


Checking For Files with Hidden Attributes :

C:\Program Files\Common Files\services.exe
C:\Program Files\Common Files\Yazzle1122OinUninstaller.exe
C:\Program Files\InterActual\InterActual Player\iti3.tmp

Add/Remove Programs List:

AC3Filter (remove only)
Adobe ActiveShare 1.3.1
Adobe Photoshop CS2
AOL Instant Messenger
AOL Uninstaller (Choose which Products to Remove)
AVG 7.5
DirectVobSub (remove only)
ffdshow (remove only)
HijackThis 1.99.1
HP PrecisionScan LTX
QuickTime
iTunes
InterActual Player
Knoll Light Factory 2 Photoshop
Lexmark 510 Series
Intel RSX 3D
Adobe Flash Player 9 ActiveX
TSA
Terminal Services Web Client
WinRAR archiver
XBOX
Outerinfo
Adobe Photoshop CS2
J2SE Runtime Environment 5.0 Update 5
Microsoft DirectX 9.0 SDK Update (October 2005)
Windows Live Sign-in Assistant
QuickTime
Windows Live Messenger
Adobe Stock Photos 1.0
iTunes
Adobe Common File Installer
Network Monitor
Adobe Bridge 1.0
Halo Themes
Camera Driver
Adobe Help Center 1.0

Finished


------------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 10:35:38 PM, on 2/23/2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Java\jre1.5.0_05\bin\jucheck.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Common Files\AOL\1162197751\ee\AOLSoftware.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AIM\aim.exe
C:\Corel\Suite8\Programs\DAD8.EXE
C:\Program Files\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = 005618565118
O2 - BHO: (no name) - {40A2988E-C954-4DDE-BD08-453191805BB9} - C:\WINDOWS\system32\durvilz.dll
O2 - BHO: (no name) - {54698A2F-2247-4538-82FC-2B5443D66945} - C:\WINDOWS\system32\drivera.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [{B8259167-018E-1033-0722-989805250001}] "C:\Program Files\Common Files\{B8259167-018E-1033-0722-989805250001}\Update.exe" te-110-12-0000213
O4 - HKLM\..\Run: [{B8259167-018D-1033-0722-989805250001}] "C:\Program Files\Common Files\{B8259167-018D-1033-0722-989805250001}\Update.exe" te-110-12-0000213
O4 - HKLM\..\Run: [WhenUSearchWHSE] "C:\Program Files\WhenUSearch\whse.exe"
O4 - HKLM\..\Run: [WhenUSearch] "C:\Program Files\WhenUSearch\Search.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s
O4 - HKLM\..\Run: [Lexmark_X79-55] C:\WINDOWS\System32\lsasss.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IpWins] C:\Program Files\Ipwindows\ipwins.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1162197751\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [WhenUSave] "C:\Program Files\Save\Save.exe"
O4 - HKCU\..\Run: [Rswp] "C:\WINDOWS\WNSXS~1\scanregw.exe" -vt yazb
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Lvjrplna] C:\WINDOWS\?ppPatch\?vchost.exe
O4 - HKCU\..\Run: [imii] C:\PROGRA~1\COMMON~1\imii\imiim.exe
O4 - HKCU\..\Run: [iimi] C:\Program Files\InetGet2\stub_109_4_0_4_0.exe
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\IGN\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Corel Desktop Application Director 8.LNK = C:\Corel\Suite8\Programs\DAD8.EXE
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\Wtablet\TabUserW.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.3.102.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1002230798640
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1002230783659
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)

#8 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:11:35 PM

Posted 23 February 2007 - 11:04 PM

First go to Add or Remove Programs and remove/uninstall Outerinfo,then reboot.

*******************************

Click on Start>Run and type Services.msc then hit Ok.
Scroll down and find the service called:
Network Monitor
When you find it, double-click on it.
In the next window that opens, click the 'Stop' button.
Then change the 'Startup Type:' to 'Disabled'.
Now press Apply and then Ok and close any open windows.

*******************************

Please make sure all hidden files are showing:

* Click 'Start'.
* Open 'My Computer'.
* Select the 'Tools' menu and click 'Folder Options'.
* Select the 'View' tab.
* Under the 'Hidden files and folders' heading select 'Show hidden files and folders'.
* Uncheck the 'Hide file extensions for known types' option.
* Uncheck the 'Hide protected operating system files (recommended)' option.
* Click Yes to confirm.
* Click OK.

*****************************

Download/install AVG Anti-Spyware 7.5.

Please follow these instructions carefully.

Launch/start up AVG Anti-Spyware.
On the main page click the 'Update' tab,and then 'Start Update'.
Once the updates have been installed,do the following:
Select the 'Scanner' icon at the top of the screen, then select the 'Settings' tab.
Once in the 'Settings' screen,under 'How to act?',then under 'Set default action for detected malware to:', click on 'Recommended actions',then click on 'Quarantine'.
Under 'Reports' select 'Automatically generate report after every scan' and unselect 'Only if threats were found'.
Exit AVG Anti-Spyware,don't run the scan just yet.

You might want to print/copy the following as you need to be in Safe Mode from here on.

Reboot your computer into SAFE MODE" using the F8 method.
To do this,restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly.
A menu will appear with several options.
Use the arrow keys on your keyboard to navigate and select the option to run Windows in "Safe Mode".

Have Hijack This fix the following [If still present], by placing a check in the appropriate boxes and selecting 'Fix checked'.
Make sure all browser and all Windows Explorer windows are closed before fixing:

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = 005618565118
O2 - BHO: (no name) - {40A2988E-C954-4DDE-BD08-453191805BB9} - C:\WINDOWS\system32\durvilz.dll
O2 - BHO: (no name) - {54698A2F-2247-4538-82FC-2B5443D66945} - C:\WINDOWS\system32\drivera.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [{B8259167-018E-1033-0722-989805250001}] "C:\Program Files\Common Files\{B8259167-018E-1033-0722-989805250001}\Update.exe" te-110-12-0000213
O4 - HKLM\..\Run: [{B8259167-018D-1033-0722-989805250001}] "C:\Program Files\Common Files\{B8259167-018D-1033-0722-989805250001}\Update.exe" te-110-12-0000213
O4 - HKLM\..\Run: [WhenUSearchWHSE] "C:\Program Files\WhenUSearch\whse.exe"
O4 - HKLM\..\Run: [WhenUSearch] "C:\Program Files\WhenUSearch\Search.exe"
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s
O4 - HKLM\..\Run: [IpWins] C:\Program Files\Ipwindows\ipwins.exe
O4 - HKCU\..\Run: [WhenUSave] "C:\Program Files\Save\Save.exe"
O4 - HKCU\..\Run: [Rswp] "C:\WINDOWS\WNSXS~1\scanregw.exe" -vt yazb
O4 - HKCU\..\Run: [Lvjrplna] C:\WINDOWS\?ppPatch\?vchost.exe
O4 - HKCU\..\Run: [imii] C:\PROGRA~1\COMMON~1\imii\imiim.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)


Find and delete if present:
C:\WINDOWS\system32\durvilz.dll
C:\WINDOWS\system32\drivera.dll
C:\Program Files\Common Files\{B8259167-018E-1033-0722-989805250001}
C:\Program Files\Common Files\{B8259167-018D-1033-0722-989805250001}
C:\Program Files\WhenUSearch
C:\Program Files\NEWDOTNET or NEWNET.
C:\Program Files\Ipwindows
C:\Program Files\Save
C:\WINDOWS\WNSXS~1<-File or Folder with the name beginning with WNSXS
C:\Program Files\Common Files\imii

Still in Safe Mode launch AVG Anti-Spyware.
Click the 'Scanner' icon at the top.
To start the scan click on 'Complete System Scan'.
Please be patient,it takes a while for the scan to finish.

Once the scan is complete,do the following.
If AVG Anti-Spyware detected any infected objects:,click on 'Apply All Actions'.
Next click on 'Save Report'.
Copy and paste that report into your next reply.
The report can be found under the 'Reports' tab at the top.
Close AVG Anti-Spyware when you've done.
Reboot normally.

Post the AVG Anti Spyware report and a new Hijackthis log into your next reply.
Please don't post any more images/screenshots,its just confusing the issue,thanks.
Posted Image
Posted Image

#9 SEspider

SEspider
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Location:Greenville, NC
  • Local time:06:35 PM

Posted 25 February 2007 - 04:52 AM

Logfile of HijackThis v1.99.1
Scan saved at 4:33:15 AM, on 2/25/2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\HijackThis.exe

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Lexmark_X79-55] C:\WINDOWS\System32\lsasss.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [iimi] C:\Program Files\InetGet2\stub_109_4_0_4_0.exe
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\IGN\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Corel Desktop Application Director 8.LNK = C:\Corel\Suite8\Programs\DAD8.EXE
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\Wtablet\TabUserW.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.3.102.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1002230798640
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1002230783659
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

=================================

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 4:14:45 AM 2/25/2007

+ Scan result:



C:\Documents and Settings\SEspider.GALAXY-12FJ916C\DoctorWeb\Quarantine\res12.tmp -> Adware.180Solutions : Cleaned with backup (quarantined).
C:\Documents and Settings\SEspider.GALAXY-12FJ916C\DoctorWeb\Quarantine\res412.tmp -> Adware.180Solutions : Cleaned with backup (quarantined).
C:\Documents and Settings\SEspider.GALAXY-12FJ916C\DoctorWeb\Quarantine\MiniBugTransporter.dll -> Adware.Aws : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8E9DC7BE-753C-4CED-B551-03F8622E0156}\RP231\A0041402.dll -> Adware.Aws : Cleaned with backup (quarantined).
C:\Documents and Settings\SEspider.GALAXY-12FJ916C\DoctorWeb\Quarantine\plugin.dll -> Adware.CASClient : Cleaned with backup (quarantined).
C:\Program Files\System Files\System.exe -> Adware.CASClient : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8E9DC7BE-753C-4CED-B551-03F8622E0156}\RP231\A0041418.dll -> Adware.CASClient : Cleaned with backup (quarantined).
C:\Documents and Settings\SEspider.GALAXY-12FJ916C\DoctorWeb\Quarantine\cmdinst.exe -> Adware.CommAd : Cleaned with backup (quarantined).
C:\Documents and Settings\SEspider.GALAXY-12FJ916C\DoctorWeb\Quarantine\131392_1752_1220_2080_73.41.tmp -> Adware.EliteBar : Cleaned with backup (quarantined).
C:\Documents and Settings\SEspider.GALAXY-12FJ916C\DoctorWeb\Quarantine\262316_828_656_2224_73.41.tmp -> Adware.EliteBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Administrator\Local Settings\Temp\Advtg.exe -> Adware.EZula : Cleaned with backup (quarantined).
C:\Program Files\System Icons -> Adware.Generic : Cleaned with backup (quarantined).
C:\Program Files\System Icons\14.ico -> Adware.Generic : Cleaned with backup (quarantined).
C:\Program Files\System Icons\16.ico -> Adware.Generic : Cleaned with backup (quarantined).
C:\Program Files\System Icons\18.ico -> Adware.Generic : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a} -> Adware.Generic : Cleaned with backup (quarantined).
C:\Documents and Settings\SEspider.GALAXY-12FJ916C\DoctorWeb\Quarantine\A0034928.dll -> Adware.Maxifiles : Cleaned with backup (quarantined).
C:\Documents and Settings\SEspider.GALAXY-12FJ916C\DoctorWeb\Quarantine\A0034929.exe -> Adware.Maxifiles : Cleaned with backup (quarantined).
C:\Documents and Settings\SEspider.GALAXY-12FJ916C\DoctorWeb\Quarantine\A0040057.dll -> Adware.Maxifiles : Cleaned with backup (quarantined).
C:\Documents and Settings\SEspider.GALAXY-12FJ916C\DoctorWeb\Quarantine\A0040058.exe -> Adware.Maxifiles : Cleaned with backup (quarantined).
C:\Documents and Settings\SEspider.GALAXY-12FJ916C\DoctorWeb\Quarantine\A0041277.dll -> Adware.Maxifiles : Cleaned with backup (quarantined).
C:\Documents and Settings\SEspider.GALAXY-12FJ916C\DoctorWeb\Quarantine\A0041278.exe -> Adware.Maxifiles : Cleaned with backup (quarantined).
C:\Documents and Settings\SEspider.GALAXY-12FJ916C\DoctorWeb\Quarantine\A0041377.exe -> Adware.Maxifiles : Cleaned with backup (quarantined).
C:\Documents and Settings\SEspider.GALAXY-12FJ916C\DoctorWeb\Quarantine\Catcher.dll -> Adware.Maxifiles : Cleaned with backup (quarantined).
C:\Documents and Settings\SEspider.GALAXY-12FJ916C\DoctorWeb\Quarantine\cwebpage.dll -> Adware.Maxifiles : Cleaned with backup (quarantined).
C:\Documents and Settings\SEspider.GALAXY-12FJ916C\DoctorWeb\Quarantine\mc-58-12-0000110.exe -> Adware.Maxifiles : Cleaned with backup (quarantined).
C:\Program Files\Common Files\services.exe -> Adware.Maxifiles : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8E9DC7BE-753C-4CED-B551-03F8622E0156}\RP231\A0041411.dll -> Adware.Maxifiles : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8E9DC7BE-753C-4CED-B551-03F8622E0156}\RP231\A0041412.dll -> Adware.Maxifiles : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8E9DC7BE-753C-4CED-B551-03F8622E0156}\RP232\A0041478.dll/Catcher.dll -> Adware.Maxifiles : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8E9DC7BE-753C-4CED-B551-03F8622E0156}\RP232\A0041478.dll/cwebpage.dll -> Adware.Maxifiles : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8E9DC7BE-753C-4CED-B551-03F8622E0156}\RP232\A0041477.exe -> Adware.MaxSearch : Cleaned with backup (quarantined).
C:\Documents and Settings\SEspider.GALAXY-12FJ916C\DoctorWeb\Quarantine\cmdinst0.exe -> Adware.MDH : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8E9DC7BE-753C-4CED-B551-03F8622E0156}\RP231\A0041393.exe -> Adware.MDH : Cleaned with backup (quarantined).
C:\Documents and Settings\SEspider.GALAXY-12FJ916C\DoctorWeb\Quarantine\NDNuninstall6_38.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\Documents and Settings\SEspider.GALAXY-12FJ916C\DoctorWeb\Quarantine\NDNuninstall6_90.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\Documents and Settings\SEspider.GALAXY-12FJ916C\DoctorWeb\Quarantine\NNCLXA638.EXE -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8E9DC7BE-753C-4CED-B551-03F8622E0156}\RP231\A0041397.EXE -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8E9DC7BE-753C-4CED-B551-03F8622E0156}\RP231\A0041419.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8E9DC7BE-753C-4CED-B551-03F8622E0156}\RP231\A0041420.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\Documents and Settings\SEspider.GALAXY-12FJ916C\DoctorWeb\Quarantine\ptf_0002.exe -> Adware.Pacer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8E9DC7BE-753C-4CED-B551-03F8622E0156}\RP231\A0041398.exe -> Adware.Pacer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8E9DC7BE-753C-4CED-B551-03F8622E0156}\RP232\A0041481.exe -> Adware.Pacer : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Clickspring -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\Documents and Settings\SEspider.GALAXY-12FJ916C\Start Menu\Programs\WhenU -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\Documents and Settings\SEspider.GALAXY-12FJ916C\Start Menu\Programs\WhenU\Learn More About WhenU Save.url -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\Documents and Settings\SEspider.GALAXY-12FJ916C\Start Menu\Programs\WhenU\Learn More About WhenU SaveNow.url -> Adware.SaveNow : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\WUSE.1 -> Adware.SaveNow : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\WUSN.1 -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\Documents and Settings\SEspider.GALAXY-12FJ916C\DoctorWeb\Quarantine\A0041237.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\Documents and Settings\SEspider.GALAXY-12FJ916C\DoctorWeb\Quarantine\A0041238.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\Documents and Settings\SEspider.GALAXY-12FJ916C\DoctorWeb\Quarantine\A0041246.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\Documents and Settings\SEspider.GALAXY-12FJ916C\DoctorWeb\Quarantine\A0041247.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\Documents and Settings\SEspider.GALAXY-12FJ916C\DoctorWeb\Quarantine\A0041255.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\Documents and Settings\SEspider.GALAXY-12FJ916C\DoctorWeb\Quarantine\A0041256.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\Documents and Settings\SEspider.GALAXY-12FJ916C\DoctorWeb\Quarantine\A0041262.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\Documents and Settings\SEspider.GALAXY-12FJ916C\DoctorWeb\Quarantine\A0041263.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\Documents and Settings\SEspider.GALAXY-12FJ916C\DoctorWeb\Quarantine\Update.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\Documents and Settings\SEspider.GALAXY-12FJ916C\DoctorWeb\Quarantine\Update_0.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\Documents and Settings\SEspider.GALAXY-12FJ916C\DoctorWeb\Quarantine\system.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\Documents and Settings\SEspider.GALAXY-12FJ916C\DoctorWeb\Quarantine\system_0.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\Documents and Settings\SEspider.GALAXY-12FJ916C\Local Settings\Temp\b116.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\Documents and Settings\SEspider.GALAXY-12FJ916C\Local Settings\Temp\b122.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-18\Dc10\Update.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-18\Dc10\system.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-18\Dc11\Update.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-18\Dc11\system.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-18\Dc12\Update.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-18\Dc12\system.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-18\Dc13\Update.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-18\Dc13\system.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-18\Dc14\Update.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-18\Dc14\system.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-18\Dc15\Update.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-18\Dc15\system.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-18\Dc16\Update.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-18\Dc16\system.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-18\Dc17\Update.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-18\Dc17\system.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-18\Dc18\Update.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-18\Dc18\system.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-18\Dc19\Update.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-18\Dc19\system.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-18\Dc1\Update.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-18\Dc1\system.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-18\Dc20\Update.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-18\Dc20\system.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-18\Dc21\Update.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-18\Dc21\system.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-18\Dc22\Update.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-18\Dc22\system.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-18\Dc23\Update.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-18\Dc23\system.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-18\Dc24\Update.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-18\Dc24\system.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-18\Dc25\Update.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-18\Dc25\system.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-18\Dc26\Update.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-18\Dc26\system.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-18\Dc27\Update.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-18\Dc27\system.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-18\Dc28\Update.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-18\Dc28\system.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-18\Dc29\Update.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-18\Dc29\system.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-18\Dc2\SPAM! -> Adware.Softomate : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-18\Dc2\SPAM!!.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-18\Dc30\Update.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-18\Dc30\system.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-18\Dc31\Update.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-18\Dc31\system.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-18\Dc32\Update.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-18\Dc32\system.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-18\Dc33\Update.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-18\Dc33\system.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-18\Dc34\Update.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-18\Dc34\system.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-18\Dc35\Update.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-18\Dc35\system.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-18\Dc36\Update.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-18\Dc36\system.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-18\Dc37\Update.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-18\Dc37\system.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-18\Dc38\Update.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-18\Dc38\system.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-18\Dc39\Update.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-18\Dc39\system.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-18\Dc3\Update.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-18\Dc3\system.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-18\Dc40\Update.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-18\Dc40\system.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-18\Dc41\Update.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-18\Dc41\system.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-18\Dc42\Update.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-18\Dc42\system.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-18\Dc43\Update.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-18\Dc43\system.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-18\Dc44\Update.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-18\Dc44\system.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-18\Dc45\Update.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-18\Dc45\system.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-18\Dc46\Update.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-18\Dc46\system.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-18\Dc47\Update.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-18\Dc47\system.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-18\Dc48\Update.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-18\Dc48\system.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-18\Dc49\Update.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-18\Dc49\system.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-18\Dc4\Update.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-18\Dc4\system.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-18\Dc50\Update.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-18\Dc50\system.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-18\Dc51\Update.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-18\Dc51\system.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-18\Dc5\Update.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-18\Dc5\system.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-18\Dc6\Update.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-18\Dc6\system.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-18\Dc7\Update.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-18\Dc7\system.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-18\Dc8\Update.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-18\Dc8\system.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-18\Dc9\Update.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-18\Dc9\system.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8E9DC7BE-753C-4CED-B551-03F8622E0156}\RP231\A0041407.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8E9DC7BE-753C-4CED-B551-03F8622E0156}\RP231\A0041408.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8E9DC7BE-753C-4CED-B551-03F8622E0156}\RP231\A0041409.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8E9DC7BE-753C-4CED-B551-03F8622E0156}\RP231\A0041410.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\Documents and Settings\SEspider.GALAXY-12FJ916C\DoctorWeb\Quarantine\i5.tmp -> Adware.SurfSide : Cleaned with backup (quarantined).
C:\Documents and Settings\SEspider.GALAXY-12FJ916C\DoctorWeb\Quarantine\imiic.dll -> Adware.TargetServer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8E9DC7BE-753C-4CED-B551-03F8622E0156}\RP231\A0041406.dll -> Adware.TargetServer : Cleaned with backup (quarantined).
C:\Documents and Settings\SEspider.GALAXY-12FJ916C\DoctorWeb\Quarantine\MediaAccessInstPack.exe -> Adware.WinAD : Cleaned with backup (quarantined).
C:\Recycled\Dc419\MediaAccC.dll -> Adware.WinAD : Cleaned with backup (quarantined).
C:\Recycled\Dc419\MediaAccK.exe -> Adware.WinAD : Cleaned with backup (quarantined).
C:\Recycled\Dc419\MediaAccess.exe -> Adware.WinAD : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8E9DC7BE-753C-4CED-B551-03F8622E0156}\RP231\A0041396.exe -> Adware.WinAD : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8E9DC7BE-753C-4CED-B551-03F8622E0156}\RP232\A0041465.exe -> Downloader.Agent.bca : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8E9DC7BE-753C-4CED-B551-03F8622E0156}\RP232\A0041478.dll/gui.exe -> Downloader.Agent.rv : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8E9DC7BE-753C-4CED-B551-03F8622E0156}\RP232\A0041479.exe -> Downloader.Agent.rv : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8E9DC7BE-753C-4CED-B551-03F8622E0156}\RP232\A0041467.exe -> Downloader.PurityScan.dy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8E9DC7BE-753C-4CED-B551-03F8622E0156}\RP232\A0041476.exe -> Downloader.PurityScan.dy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8E9DC7BE-753C-4CED-B551-03F8622E0156}\RP232\A0041468.exe -> Downloader.Qoologic.ac : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8E9DC7BE-753C-4CED-B551-03F8622E0156}\RP232\A0041470.exe -> Downloader.Qoologic.ac : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8E9DC7BE-753C-4CED-B551-03F8622E0156}\RP232\A0041466.exe -> Downloader.Qoologic.ad : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8E9DC7BE-753C-4CED-B551-03F8622E0156}\RP232\A0041469.exe -> Downloader.Qoologic.ad : Cleaned with backup (quarantined).
C:\Documents and Settings\SEspider.GALAXY-12FJ916C\DoctorWeb\Quarantine\A0041374.exe -> Downloader.Small.bqq : Cleaned with backup (quarantined).
C:\Documents and Settings\SEspider.GALAXY-12FJ916C\DoctorWeb\Quarantine\mc-58-12-0000119.exe -> Downloader.Small.bqq : Cleaned with backup (quarantined).
C:\Documents and Settings\SEspider.GALAXY-12FJ916C\Local Settings\Temp\b104.exe -> Downloader.Small.buy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8E9DC7BE-753C-4CED-B551-03F8622E0156}\RP232\A0041480.dll -> Downloader.Small.cal : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8E9DC7BE-753C-4CED-B551-03F8622E0156}\RP232\A0041473.exe -> Downloader.TSUpdate.f : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-1659004503-1935655697-1708537768-1003\Dc170\imiid\vocabulary -> Downloader.TSUpdate.j : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8E9DC7BE-753C-4CED-B551-03F8622E0156}\RP232\A0041472.exe -> Downloader.TSUpdate.n : Cleaned with backup (quarantined).
C:\Documents and Settings\SEspider.GALAXY-12FJ916C\Local Settings\Temp\b103.exe -> Downloader.TSUpdate.o : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8E9DC7BE-753C-4CED-B551-03F8622E0156}\RP232\A0041471.exe -> Downloader.TSUpdate.p : Cleaned with backup (quarantined).
C:\Documents and Settings\SEspider.GALAXY-12FJ916C\Cookies\sespider@247realmedia[1].txt -> TrackingCookie.247realmedia : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\SEspider.GALAXY-12FJ916C\Cookies\sespider@112.2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\SEspider.GALAXY-12FJ916C\Cookies\sespider@2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\SEspider.GALAXY-12FJ916C\Cookies\sespider@beachcamera.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\SEspider.GALAXY-12FJ916C\Cookies\sespider@buycom.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\SEspider.GALAXY-12FJ916C\Cookies\sespider@metacafe.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\SEspider.GALAXY-12FJ916C\Cookies\sespider@microsoftgamestudio.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\SEspider.GALAXY-12FJ916C\Cookies\sespider@msninvite.112.2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\SEspider.GALAXY-12FJ916C\Cookies\sespider@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\SEspider.GALAXY-12FJ916C\Cookies\sespider@torstardigital.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\SEspider.GALAXY-12FJ916C\Cookies\sespider@adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@ads.addynamix[2].txt -> TrackingCookie.Addynamix : Cleaned.
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@ads.addynamix[2].txt -> TrackingCookie.Addynamix : Cleaned.
C:\Documents and Settings\SEspider.GALAXY-12FJ916C\Cookies\sespider@ads.addynamix[2].txt -> TrackingCookie.Addynamix : Cleaned.
C:\Documents and Settings\SEspider.GALAXY-12FJ916C\Cookies\sespider@rotator.adjuggler[1].txt -> TrackingCookie.Adjuggler : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@ad.admarketplace[1].txt -> TrackingCookie.Admarketplace : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@adrevolver[1].txt -> TrackingCookie.Adrevolver : Cleaned.
C:\Documents and Settings\SEspider.GALAXY-12FJ916C\Cookies\sespider@adrevolver[1].txt -> TrackingCookie.Adrevolver : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@z1.adserver[1].txt -> TrackingCookie.Adserver : Cleaned.
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@z1.adserver[1].txt -> TrackingCookie.Adserver : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@adtech[2].txt -> TrackingCookie.Adtech : Cleaned.
C:\Documents and Settings\SEspider.GALAXY-12FJ916C\Cookies\sespider@adtech[2].txt -> TrackingCookie.Adtech : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@advertising[1].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@servedby.advertising[1].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@advertising[2].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@servedby.advertising[2].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\SEspider.GALAXY-12FJ916C\Cookies\sespider@advertising[1].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\SEspider.GALAXY-12FJ916C\Local Settings\Temp\Cookies\sespider@advertising[2].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\SEspider.GALAXY-12FJ916C\Cookies\sespider@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\SEspider.GALAXY-12FJ916C\Local Settings\Temp\Cookies\sespider@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\SEspider.GALAXY-12FJ916C\Cookies\sespider@bfast[2].txt -> TrackingCookie.Bfast : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@bluestreak[2].txt -> TrackingCookie.Bluestreak : Cleaned.
C:\Documents and Settings\SEspider.GALAXY-12FJ916C\Cookies\sespider@bluestreak[1].txt -> TrackingCookie.Bluestreak : Cleaned.
C:\Documents and Settings\SEspider.GALAXY-12FJ916C\Local Settings\Temp\Cookies\sespider@bluestreak[1].txt -> TrackingCookie.Bluestreak : Cleaned.
C:\Documents and Settings\SEspider.GALAXY-12FJ916C\Cookies\sespider@ads15.bpath[1].txt -> TrackingCookie.Bpath : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@citi.bridgetrack[1].txt -> TrackingCookie.Bridgetrack : Cleaned.
C:\Documents and Settings\SEspider.GALAXY-12FJ916C\Cookies\sespider@cc.bridgetrack[2].txt -> TrackingCookie.Bridgetrack : Cleaned.
C:\Documents and Settings\SEspider.GALAXY-12FJ916C\Cookies\sespider@citi.bridgetrack[2].txt -> TrackingCookie.Bridgetrack : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@www.burstbeacon[2].txt -> TrackingCookie.Burstbeacon : Cleaned.
C:\Documents and Settings\SEspider.GALAXY-12FJ916C\Cookies\sespider@www.burstbeacon[1].txt -> TrackingCookie.Burstbeacon : Cleaned.
C:\Documents and Settings\SEspider.GALAXY-12FJ916C\Local Settings\Temp\Cookies\sespider@www.burstbeacon[1].txt -> TrackingCookie.Burstbeacon : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\SEspider.GALAXY-12FJ916C\Cookies\sespider@burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\SEspider.GALAXY-12FJ916C\Cookies\sespider@www.burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\SEspider.GALAXY-12FJ916C\Local Settings\Temp\Cookies\sespider@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\SEspider.GALAXY-12FJ916C\Local Settings\Temp\Cookies\sespider@www.burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@casalemedia[2].txt -> TrackingCookie.Casalemedia : Cleaned.
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@casalemedia[2].txt -> TrackingCookie.Casalemedia : Cleaned.
C:\Documents and Settings\SEspider.GALAXY-12FJ916C\Cookies\sespider@casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned.
C:\Documents and Settings\SEspider.GALAXY-12FJ916C\Local Settings\Temp\Cookies\sespider@casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@centrport[1].txt -> TrackingCookie.Centrport : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@ad1.clickhype[1].txt -> TrackingCookie.Clickhype : Cleaned.
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@ad1.clickhype[1].txt -> TrackingCookie.Clickhype : Cleaned.
C:\Documents and Settings\SEspider.GALAXY-12FJ916C\Cookies\sespider@ads.guardian.co[1].txt -> TrackingCookie.Co : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@com[1].txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\SEspider.GALAXY-12FJ916C\Cookies\sespider@com[1].txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\SEspider.GALAXY-12FJ916C\Cookies\sespider@data.coremetrics[1].txt -> TrackingCookie.Coremetrics : Cleaned.
C:\Documents and Settings\SEspider.GALAXY-12FJ916C\Local Settings\Temp\Cookies\sespider@data.coremetrics[1].txt -> TrackingCookie.Coremetrics : Cleaned.
C:\Documents and Settings\SEspider.GALAXY-12FJ916C\Cookies\sespider@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@doubleclick[2].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\SEspider.GALAXY-12FJ916C\Cookies\sespider@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\SEspider.GALAXY-12FJ916C\Local Settings\Temp\Cookies\sespider@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\LocalService.NT AUTHORITY\Cookies\system@enhance[1].txt -> TrackingCookie.Enhance : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wjnyuodzckp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\SEspider.GALAXY-12FJ916C\Cookies\sespider@e-2dj6wfkyupcjelp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\SEspider.GALAXY-12FJ916C\Cookies\sespider@e-2dj6wjny-1kazkb.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\SEspider.GALAXY-12FJ916C\Cookies\sespider@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@as-us.falkag[1].txt -> TrackingCookie.Falkag : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@as1.falkag[1].txt -> TrackingCookie.Falkag : Cleaned.
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@as-eu.falkag[2].txt -> TrackingCookie.Falkag : Cleaned.
C:\Documents and Settings\SEspider.GALAXY-12FJ916C\Cookies\sespider@as-eu.falkag[2].txt -> TrackingCookie.Falkag : Cleaned.
C:\Documents and Settings\SEspider.GALAXY-12FJ916C\Cookies\sespider@as-us.falkag[2].txt -> TrackingCookie.Falkag : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\SEspider.GALAXY-12FJ916C\Cookies\sespider@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\LocalService.NT AUTHORITY\Cookies\system@findwhat[1].txt -> TrackingCookie.Findwhat : Cleaned.
C:\Documents and Settings\SEspider.GALAXY-12FJ916C\Cookies\sespider@findwhat[1].txt -> TrackingCookie.Findwhat : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@ehg-idgentertainment.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@hg1.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\SEspider.GALAXY-12FJ916C\Cookies\sespider@ehg-alt64.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\SEspider.GALAXY-12FJ916C\Cookies\sespider@ehg-digg.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\SEspider.GALAXY-12FJ916C\Cookies\sespider@ehg-foxmovies.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\SEspider.GALAXY-12FJ916C\Cookies\sespider@ehg-globalgamingleague.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\SEspider.GALAXY-12FJ916C\Cookies\sespider@ehg-youtube.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\SEspider.GALAXY-12FJ916C\Cookies\sespider@hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\SEspider.GALAXY-12FJ916C\Cookies\sespider@w129.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@counter.hitslink[1].txt -> TrackingCookie.Hitslink : Cleaned.
C:\Documents and Settings\SEspider.GALAXY-12FJ916C\Cookies\sespider@hotlog[1].txt -> TrackingCookie.Hotlog : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@searchportal.information[1].txt -> TrackingCookie.Information : Cleaned.
C:\Documents and Settings\SEspider.GALAXY-12FJ916C\Cookies\sespider@searchportal.information[1].txt -> TrackingCookie.Information : Cleaned.
C:\Documents and Settings\SEspider.GALAXY-12FJ916C\Local Settings\Temp\Cookies\sespider@searchportal.information[1].txt -> TrackingCookie.Information : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@kmpads[2].txt -> TrackingCookie.Kmpads : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@server.iad.liveperson[2].txt -> TrackingCookie.Liveperson : Cleaned.
C:\Documents and Settings\SEspider.GALAXY-12FJ916C\Cookies\sespider@sec1.liveperson[2].txt -> TrackingCookie.Liveperson : Cleaned.
C:\Documents and Settings\SEspider.GALAXY-12FJ916C\Cookies\sespider@server.iad.liveperson[2].txt -> TrackingCookie.Liveperson : Cleaned.
C:\Documents and Settings\SEspider.GALAXY-12FJ916C\Cookies\sespider@server.lon.liveperson[1].txt -> TrackingCookie.Liveperson : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@image.masterstats[1].txt -> TrackingCookie.Masterstats : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@mediaplex[2].txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\SEspider.GALAXY-12FJ916C\Cookies\sespider@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\SEspider.GALAXY-12FJ916C\Local Settings\Temp\Cookies\sespider@mediaplex[2].txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\SEspider.GALAXY-12FJ916C\Cookies\sespider@www.myaffiliateprogram[1].txt -> TrackingCookie.Myaffiliateprogram : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@stat.onestat[2].txt -> TrackingCookie.Onestat : Cleaned.
C:\Documents and Settings\SEspider.GALAXY-12FJ916C\Cookies\sespider@stat.onestat[1].txt -> TrackingCookie.Onestat : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@perf.overture[1].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\SEspider.GALAXY-12FJ916C\Cookies\sespider@data2.perf.overture[2].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\SEspider.GALAXY-12FJ916C\Cookies\sespider@overture[1].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\SEspider.GALAXY-12FJ916C\Cookies\sespider@perf.overture[1].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@paypopup[2].txt -> TrackingCookie.Paypopup : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@ads.pointroll[1].txt -> TrackingCookie.Pointroll : Cleaned.
C:\Documents and Settings\SEspider.GALAXY-12FJ916C\Cookies\sespider@ads.pointroll[1].txt -> TrackingCookie.Pointroll : Cleaned.
C:\Documents and Settings\SEspider.GALAXY-12FJ916C\Cookies\sespider@pro-market[2].txt -> TrackingCookie.Pro-market : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@qksrv[2].txt -> TrackingCookie.Qksrv : Cleaned.
C:\Documents and Settings\SEspider.GALAXY-12FJ916C\Cookies\sespider@qksrv[1].txt -> TrackingCookie.Qksrv : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\SEspider.GALAXY-12FJ916C\Cookies\sespider@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@realmedia[2].txt -> TrackingCookie.Realmedia : Cleaned.
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@realmedia[1].txt -> TrackingCookie.Realmedia : Cleaned.
C:\Documents and Settings\SEspider.GALAXY-12FJ916C\Cookies\sespider@realmedia[2].txt -> TrackingCookie.Realmedia : Cleaned.
C:\Documents and Settings\SEspider.GALAXY-12FJ916C\Cookies\sespider@web4.realtracker[1].txt -> TrackingCookie.Realtracker : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@revenue[2].txt -> TrackingCookie.Revenue : Cleaned.
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@revenue[2].txt -> TrackingCookie.Revenue : Cleaned.
C:\Documents and Settings\SEspider.GALAXY-12FJ916C\Cookies\sespider@revenue[1].txt -> TrackingCookie.Revenue : Cleaned.
C:\Documents and Settings\SEspider.GALAXY-12FJ916C\Local Settings\Temp\Cookies\sespider@revenue[2].txt -> TrackingCookie.Revenue : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@edge.ru4[1].txt -> TrackingCookie.Ru4 : Cleaned.
C:\Documents and Settings\SEspider.GALAXY-12FJ916C\Cookies\sespider@edge.ru4[1].txt -> TrackingCookie.Ru4 : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\SEspider.GALAXY-12FJ916C\Cookies\sespider@bs.serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\SEspider.GALAXY-12FJ916C\Cookies\sespider@serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\SEspider.GALAXY-12FJ916C\Local Settings\Temp\Cookies\sespider@bs.serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\SEspider.GALAXY-12FJ916C\Local Settings\Temp\Cookies\sespider@serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@sexlist[1].txt -> TrackingCookie.Sexlist : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@counter7.sextracker[1].txt -> TrackingCookie.Sextracker : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@sextracker[1].txt -> TrackingCookie.Sextracker : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : Cleaned.
C:\Documents and Settings\SEspider.GALAXY-12FJ916C\Cookies\sespider@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@spylog[1].txt -> TrackingCookie.Spylog : Cleaned.
C:\Documents and Settings\SEspider.GALAXY-12FJ916C\Cookies\sespider@spylog[1].txt -> TrackingCookie.Spylog : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@starware[2].txt -> TrackingCookie.Starware : Cleaned.
C:\Documents and Settings\SEspider.GALAXY-12FJ916C\Cookies\sespider@h.starware[1].txt -> TrackingCookie.Starware : Cleaned.
C:\Documents and Settings\SEspider.GALAXY-12FJ916C\Cookies\sespider@try.starware[1].txt -> TrackingCookie.Starware : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@statcounter[1].txt -> TrackingCookie.Statcounter : Cleaned.
C:\Documents and Settings\SEspider.GALAXY-12FJ916C\Cookies\sespider@statcounter[2].txt -> TrackingCookie.Statcounter : Cleaned.
C:\Documents and Settings\SEspider.GALAXY-12FJ916C\Local Settings\Temp\Cookies\sespider@statcounter[2].txt -> TrackingCookie.Statcounter : Cleaned.
C:\Documents and Settings\SEspider.GALAXY-12FJ916C\Cookies\sespider@anad.tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\SEspider.GALAXY-12FJ916C\Cookies\sespider@anat.tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\SEspider.GALAXY-12FJ916C\Cookies\sespider@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\SEspider.GALAXY-12FJ916C\Local Settings\Temp\Cookies\sespider@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@targetnet[1].txt -> TrackingCookie.Targetnet : Cleaned.
C:\Documents and Settings\SEspider.GALAXY-12FJ916C\Cookies\sespider@targetnet[1].txt -> TrackingCookie.Targetnet : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@login.tracking101[2].txt -> TrackingCookie.Tracking101 : Cleaned.
C:\Documents and Settings\SEspider.GALAXY-12FJ916C\Cookies\sespider@login.tracking101[1].txt -> TrackingCookie.Tracking101 : Cleaned.
C:\Documents and Settings\SEspider.GALAXY-12FJ916C\Cookies\sespider@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@trafficmp[1].txt -> TrackingCookie.Trafficmp : Cleaned.
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@trafficmp[2].txt -> TrackingCookie.Trafficmp : Cleaned.
C:\Documents and Settings\SEspider.GALAXY-12FJ916C\Cookies\sespider@trafficmp[1].txt -> TrackingCookie.Trafficmp : Cleaned.
C:\Documents and Settings\SEspider.GALAXY-12FJ916C\Local Settings\Temp\Cookies\sespider@trafficmp[2].txt -> TrackingCookie.Trafficmp : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\SEspider.GALAXY-12FJ916C\Cookies\sespider@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\SEspider.GALAXY-12FJ916C\Local Settings\Temp\Cookies\sespider@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\SEspider.GALAXY-12FJ916C\Cookies\sespider@reduxads.valuead[1].txt -> TrackingCookie.Valuead : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@valueclick[2].txt -> TrackingCookie.Valueclick : Cleaned.
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@valueclick[1].txt -> TrackingCookie.Valueclick : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@server3.web-stat[2].txt -> TrackingCookie.Web-stat : Cleaned.
C:\Documents and Settings\SEspider.GALAXY-12FJ916C\Cookies\sespider@web-stat[1].txt -> TrackingCookie.Web-stat : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@weborama[2].txt -> TrackingCookie.Weborama : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@statse.webtrendslive[1].txt -> TrackingCookie.Webtrendslive : Cleaned.
C:\Documents and Settings\SEspider.GALAXY-12FJ916C\Cookies\sespider@statse.webtrendslive[2].txt -> TrackingCookie.Webtrendslive : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@yadro[1].txt -> TrackingCookie.Yadro : Cleaned.
C:\Documents and Settings\SEspider.GALAXY-12FJ916C\Cookies\sespider@yadro[2].txt -> TrackingCookie.Yadro : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\SEspider.GALAXY-12FJ916C\Cookies\sespider@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\SEspider.GALAXY-12FJ916C\Local Settings\Temp\Cookies\sespider@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@zedo[1].txt -> TrackingCookie.Zedo : Cleaned.
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@c5.zedo[1].txt -> TrackingCookie.Zedo : Cleaned.
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@zedo[1].txt -> TrackingCookie.Zedo : Cleaned.
C:\Documents and Settings\SEspider.GALAXY-12FJ916C\Cookies\sespider@zedo[2].txt -> TrackingCookie.Zedo : Cleaned.
C:\Documents and Settings\SEspider.GALAXY-12FJ916C\Local Settings\Temp\~ds39990.tmp -> Trojan.Kolweb.j : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8E9DC7BE-753C-4CED-B551-03F8622E0156}\RP231\A0041383.exe -> Trojan.Kolweb.j : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8E9DC7BE-753C-4CED-B551-03F8622E0156}\RP231\A0041391.exe -> Trojan.Kolweb.j : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8E9DC7BE-753C-4CED-B551-03F8622E0156}\RP232\A0041791.dll -> Trojan.Kolweb.j : Cleaned with backup (quarantined).
C:\WINDOWS\system32\drivera.exe -> Trojan.Kolweb.j : Cleaned with backup (quarantined).
C:\WINDOWS\system32\monterreya_unkno

#10 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:11:35 PM

Posted 25 February 2007 - 07:49 AM

Go to Control Panel>Add\Remove Programs and remove the following if listed,then reboot:
InetGet2

************************

Have Hijack This fix the following by placing a check in the appropriate boxes and selecting 'Fix checked'.
Make sure all browser and all Windows Explorer windows are closed before fixing:
O4 - HKCU\..\Run: [iimi] C:\Program Files\InetGet2\stub_109_4_0_4_0.exe
Exit Hijackthis.

************************

Reboot your computer into SAFE MODE" using the F8 method.
To do this,restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly.
A menu will appear with several options.
Use the arrow keys on your keyboard to navigate and select the option to run Windows in "Safe Mode".

Find and delete if present:
C:\Program Files\InetGet2
Reboot normally.

************************

Your log is clean :thumbsup:
If all's ok,please do the following:

Revert these settings back to default:
* Click 'Start'.
* Open 'My Computer'.
* Select the 'Tools' menu and click 'Folder Options'.
* Select the 'View' tab.
* Under the 'Hidden files and folders' heading select 'Show hidden files and folders'.
* Uncheck the 'Hide file extensions for known types' option.
* Uncheck the 'Hide protected operating system files (recommended)' option.
* Click Yes to confirm.
* Click OK.

Clear your 'System Restore' points by doing the following:
Right-click on 'My Computer' and select 'Properties'.
Select 'System Restore'.
Select 'Turn Off System Restore On All Drives'.
Select 'Apply'.
You will then get the following warning:
"You have chosen to turn off System Restore.
If you continue,all existing restore points will be deleted,and you will not be able to track or undo changes to your computer.
Do you want to turn off System Restore?".
Then select 'Yes',your 'System Restore' directories will be purged.

Turn 'System Restore' back on:
Right click on 'My Computer' and select 'Properties'.
Select 'System Restore'.
Unselect 'Turn Off System Restore On All Drives'.
Select 'Apply',then click 'Ok'.

Create a new 'System Restore' point:
Click on Start/All Programs/Accessories/System Tools/System Restore.
In the 'System Restore' window,click 'Create a Restore Point' button,then click 'Next'.
In the window that appears,enter a description,then click on 'Create',then click 'Close'.
The date and time is created automatically.

You should now go to Windows Update and install any available critical/high priority updates.

Read through the info found here,to help you prevent any possible future infections.
How did I get infected?
http://www.bleepingcomputer.com/forums/t/2520/how-did-i-get-infected/

Please Note:
Your version of Sun Java is out of date.
Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older versions of Sun Java,and then update.
1. Download the latest version of Java Runtime Environment (JRE)
2. Scroll down to where it says 'Java Runtime Environment (JRE) 6.0'.
3. Click the "Download" button to the right.
4. Check the box that says: "Accept License Agreement".
5. The page will refresh.
6. Click on the link to download 'Windows Offline Installation, Multi-language' and save to your desktop.
7. Close any programs you may have running - especially your web browser.
8. Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
9. Check any item with Java Runtime Environment (JRE or J2SE) in the name.
10. Click the Change/Remove button.
11. Repeat as many times as necessary to remove each Java versions.
12. Reboot your computer once all Java components are removed.
13. Then from your desktop double-click on jre-6-windows-i586.exe to install the newest version.
Posted Image
Posted Image

#11 SEspider

SEspider
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Location:Greenville, NC
  • Local time:06:35 PM

Posted 25 February 2007 - 09:02 AM

First off, RichieUK, THANK YOU!!!! You've been a HUGE help over the last 4 days

:thumbsup: :flowers: :huh: :huh: :huh: :huh: :huh: :o :)

We'll all be completely doomed if it weren't for pros like yourself helping the dumb :), like us.

I'll do all you command in your last post. I just have one quick question.
- What is TSA? Saw it in my Add/Remove Program Files but it has no size listing nor info on it.
I clicked to remove it just to see what it is, and it only gives the option to uninstall the UNINSTALL. Thought it was a bit weird. C:\WINDOWS\system32\tsuninst.exe
It's still there because I don't know what it is.

Well. I'm off to finish what you said. Once again, Thank You Very Much.
If there's Anything you want drawn (other then racest, or porn related), just say the word. concider it my Thank You for your help and time. ^_^

-Richard
http://sespider.deviantart.com


=================================
Logfile of HijackThis v1.99.1
Scan saved at 8:43:47 AM, on 2/25/2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HijackThis.exe

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Lexmark_X79-55] C:\WINDOWS\System32\lsasss.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\IGN\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Corel Desktop Application Director 8.LNK = C:\Corel\Suite8\Programs\DAD8.EXE
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\Wtablet\TabUserW.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.3.102.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1002230798640
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1002230783659
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

#12 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:11:35 PM

Posted 25 February 2007 - 09:14 AM

I clicked to remove it just to see what it is, and it only gives the option to uninstall the UNINSTALL.
Thought it was a bit weird. C:\WINDOWS\system32\tsuninst.exe
It's still there because I don't know what it is.


****************************
Ok,uninstall TSA via Add\Remove,then reboot.

Information on [TSA] Adware.TargetSaver:
http://www.symantec.com/security_response/...-121515-0757-99

Once you've uninstalled TSA and rebooted you'll be good to go :thumbsup:
Posted Image
Posted Image

#13 SEspider

SEspider
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Location:Greenville, NC
  • Local time:06:35 PM

Posted 25 February 2007 - 05:07 PM

Once again. Thank You Much! :thumbsup:

As I said in my last post, if you want anything drawn (for free), let me know
Posted Image

#14 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:11:35 PM

Posted 25 February 2007 - 05:37 PM

You're most welcome :thumbsup:

This thread will now be closed.
If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request. If you should have a new issue, please start a new topic. This applies only to the original topic starter.
Everyone else please begin a New Topic.
Posted Image
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users