PDA

View Full Version : professional help please



danger3s
2006-01-22, 23:56
i dont know exactly how this works, but ill give a try.so anyone can help me with the computer?been having popups and sometimes computer turned off by itself then windows notified later after rstart that "u have just recovered from serious error"
help

Logfile of HijackThis v1.99.1
Scan saved at 9:43:02 PM, on 1/22/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Yahoo!\Messenger\YPager.exe
C:\acer\epm\epm-dm.exe
C:\PROGRA~1\LAUNCH~1\LManager.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\acer\eRecovery\Monitor.exe
C:\Program Files\Pixoria\Konfabulator\Konfabulator.exe
C:\Program Files\Pixoria\Konfabulator\Konfabulator.exe
C:\Program Files\Pixoria\Konfabulator\Konfabulator.exe
C:\Program Files\Pixoria\Konfabulator\Konfabulator.exe
C:\Program Files\Pixoria\Konfabulator\Konfabulator.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\user\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com/?.home=ytie
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.yahoo.com/?.home=ytie
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe
O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [eRecoveryService] C:\Windows\System32\Check.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Athan] C:\Program Files\Athan\Athan.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Konfabulator.lnk = C:\Program Files\Pixoria\Konfabulator\Konfabulator.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\YAHOO!\COMMON\yhexbmesuk.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\YAHOO!\COMMON\yhexbmesuk.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - https://scan.safety.live.com/resource/download/scanner/en-us/wlscbase3401.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1129579460828
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: Aluria Security Center Spyware Eliminator Service (ASCService) - Unknown owner - C:\Program Files\Aluria Security Center\ascserv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Sophos Anti-Virus Network (SweepNet) - Unknown owner - C:\Program Files\Sophos SWEEP for NT\SWNETSUP.EXE (file missing)
O23 - Service: Sophos Anti-Virus (SWEEPSRV.SYS) - Unknown owner - C:\Program Files\Sophos SWEEP for NT\SWEEPSRV.SYS (file missing)

:bigthumb:

illukka
2006-01-26, 22:10
hi

can you post a freh hjt log for me

also can you do the following:
Please create a list of programs that can be removed using Add/Remove Programs
Start HiJackThis
Press 'Config'
Press 'Misc Tools'
Press 'Open Uninstall Manager'
Press 'Save List'
Save the log to a convenient location
Copy the log and post its contents in this thread


sorry for the delay and thank you for your patience :)

danger3s
2006-01-27, 03:54
Logfile of HijackThis v1.99.1
Scan saved at 1:49:57 AM, on 1/27/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\acer\epm\epm-dm.exe
C:\PROGRA~1\LAUNCH~1\LManager.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Athan\Athan.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Pixoria\Konfabulator\Konfabulator.exe
C:\Program Files\acer\eRecovery\Monitor.exe
C:\Program Files\Pixoria\Konfabulator\Konfabulator.exe
C:\Program Files\Pixoria\Konfabulator\Konfabulator.exe
C:\Program Files\Pixoria\Konfabulator\Konfabulator.exe
C:\Program Files\Pixoria\Konfabulator\Konfabulator.exe
C:\Program Files\Yahoo!\Messenger\YPager.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\user\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com/?.home=ytie
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.yahoo.com/?.home=ytie
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe
O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [eRecoveryService] C:\Windows\System32\Check.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Athan] C:\Program Files\Athan\Athan.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Konfabulator.lnk = C:\Program Files\Pixoria\Konfabulator\Konfabulator.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\YAHOO!\COMMON\yhexbmesuk.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\YAHOO!\COMMON\yhexbmesuk.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - https://scan.safety.live.com/resource/download/scanner/en-us/wlscbase3401.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1129579460828
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: Aluria Security Center Spyware Eliminator Service (ASCService) - Unknown owner - C:\Program Files\Aluria Security Center\ascserv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Sophos Anti-Virus Network (SweepNet) - Unknown owner - C:\Program Files\Sophos SWEEP for NT\SWNETSUP.EXE (file missing)
O23 - Service: Sophos Anti-Virus (SWEEPSRV.SYS) - Unknown owner - C:\Program Files\Sophos SWEEP for NT\SWEEPSRV.SYS (file missing)







and here is the uninstall list

Acer eManager for Notebook
Acer eNetManagement
Acer ePowerManagement
Acer GridVista
Adobe Download Manager 2.0 (Remove Only)
Adobe Reader 7.0.5
Aluria Security Center
Arcade 3.0
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
AutoCAD Mechanical 2006
Autodesk DWF Viewer
ccCommon
Guitar Pro 4 Demo
HijackThis 1.99.1
Intel(R) PROSet/Wireless Software
Internet Worm Protection
J2SE Runtime Environment 5.0 Update 6
Konfabulator
KTP Ware PS/2-WDM 5.0.1.2
Launch Manager
LiveReg (Symantec Corporation)
LiveUpdate 2.5 (Symantec Corporation)
Macromedia Flash Player
Macromedia Flash Player 8
mCore
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft AntiSpyware
Microsoft Office Professional Edition 2003
mMHouse
Mozilla Firefox (1.5)
mPfMgr
mProSafe
mWlsSafe
Norton AntiVirus 2005
Norton AntiVirus 2005 (Symantec Corporation)
Norton AntiVirus Help
Norton AntiVirus Parent MSI
Norton WMI Update
NTI Backup NOW! 4
NTI CD & DVD-Maker
PowerProducer
RealPlayer
Realtek AC'97 Audio
RecordPad Sound Recorder Uninstall
Registry Mechanic 5.1
Right Click Image Converter
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB912919)
SMSC IrCC V5.1.3600.5 SP2
SoftV90 Data Fax Modem with SmartCP
Sony USB Driver
SPBBC
Spybot - Search & Destroy 1.4
Switch Uninstall
Symantec
Symantec Script Blocking Installer
SymNet
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB910437)
WavePad Uninstall
Winamp (remove only)
Windows Installer 3.1 (KB893803)
Windows Live Safety scanner
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885855
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
WinZip
Yahoo! Anti-Spy
Yahoo! extras
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Mail Quick Select Tool (PhotoMail)
Yahoo! Messenger with BT Communicator
Yahoo! Toolbar

thx for the concern, really need the attention. :bigthumb:

illukka
2006-01-27, 11:04
hi


you have uninstalled sophos antivirus ?
there seems to be some leftovers, and possibly it didnt uninstall properly

lets do a rootkit check:

Download and Save Blacklight (http://www.f-secure.com/blacklight/try.shtml) to your desktop:

Double-click blbeta.exe then accept the agreement, leave [X]scan through Windows Explorer checked, click > scan then > next

You'll see a list of all items found. There will also be a log on your desktop with the name fsbl.xxxxxxx.log (the xxxxxxx stand for numbers).

Copy and paste this log in your next reply. Don't choose the rename option yet! I want to see the log first, because legitimate items can also be present there, such as "wbemtest.exe"

danger3s
2006-01-27, 15:44
file is sooooooooooo long
cant attached and copying paste not allowed. can i email to you?
it has 67650000 something characters, and maximum characters is 20000. i have to post like thousand of new reply if i were to separate them.:thud:

illukka
2006-01-27, 17:59
ok you can email it to me as attachment
illukkaATusermaildotcom
replace AT with @ and dot with . ;)

danger3s
2006-01-27, 22:39
i hope the email has got through. sent it just now. :)

illukka
2006-01-27, 23:01
yup
i am downloading it now..( 5 MB log..) :eek:


bad news: you have a rootkit infection :(

good news: its cleanable :D
even better news: a great spyware expert, swandog46, has written an automatic removal tool for it


You may want to print out these instructions for reference, since you will have to restart your computer during the fix.

Please download AproposFix from here:
http://swandog46.geekstogo.com/aproposfix.exe

Save it to your desktop but do NOT run it yet.

Then please reboot your computer in Safe Mode by doing the following:
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
Instead of Windows loading as normal, a menu should appear
Select the first option, to run Windows in Safe Mode.


Once in Safe Mode, please double-click aproposfix.exe and unzip it to the desktop. Open the aproposfix folder on your desktop and run RunThis.bat. Follow the prompts.

When the tool is finished, please reboot back into normal mode, and post a new HijackThis log, along with the entire contents of the log.txt file in the aproposfix folder


good luck :bigthumb:

danger3s
2006-01-27, 23:32
Logfile of HijackThis v1.99.1
Scan saved at 9:29:22 PM, on 1/27/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\acer\epm\epm-dm.exe
C:\PROGRA~1\LAUNCH~1\LManager.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Acer\eManager\anbmServ.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Pixoria\Konfabulator\Konfabulator.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Pixoria\Konfabulator\Konfabulator.exe
C:\Program Files\Pixoria\Konfabulator\Konfabulator.exe
C:\Program Files\Pixoria\Konfabulator\Konfabulator.exe
C:\Program Files\Pixoria\Konfabulator\Konfabulator.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\acer\eRecovery\Monitor.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\user\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com/?.home=ytie
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.yahoo.com/?.home=ytie
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe
O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [eRecoveryService] C:\Windows\System32\Check.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Athan] C:\Program Files\Athan\Athan.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Konfabulator.lnk = C:\Program Files\Pixoria\Konfabulator\Konfabulator.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\YAHOO!\COMMON\yhexbmesuk.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\YAHOO!\COMMON\yhexbmesuk.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - https://scan.safety.live.com/resource/download/scanner/en-us/wlscbase3401.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1129579460828
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: Aluria Security Center Spyware Eliminator Service (ASCService) - Unknown owner - C:\Program Files\Aluria Security Center\ascserv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Sophos Anti-Virus Network (SweepNet) - Unknown owner - C:\Program Files\Sophos SWEEP for NT\SWNETSUP.EXE (file missing)
O23 - Service: Sophos Anti-Virus (SWEEPSRV.SYS) - Unknown owner - C:\Program Files\Sophos SWEEP for NT\SWEEPSRV.SYS (file missing)





along with log


Log of AproposFix v1.1

************

Running from directory:
C:\Documents and Settings\Administrator\Desktop\aproposfix

************



Registry entries found:

[HKEY_LOCAL_MACHINE\Software\CoVWmABEYf83]
@="QO7HPANWXXWXXYXk.zH6OOWXXWmZX2sxny2.XOUOPAIdcX9NERANOX89BI7EKOYOUO"
"Device"="\\\\.\\ASPlass"
"DriverPath"="C:\\WINDOWS\\system32\\drivers\\cdfmbios.sys"
"DriverName"="usblter"
"HideUninstallerName"="C:\\Program Files\\Miclayer\\msikbdpl.exe"
"UninstallerPath"="C:\\WINDOWS\\system32\\oddrv42a.exe"
"UninstallerRegKey"="HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{52E4936F-CB3E-42B4-B9C6-B0128D469E32}"
"UninstallerParams"="/CTUN"
"HDll"="C:\\WINDOWS\\system32\\slbstmib.dll"
"ServerAddress"="adchannel.contextplus.net"
"LegalNote"="http://adchannel.contextplus.net/legal-note/nonbranded.html"
"PartnerId"="CP.IST2"
"InstallationId"="{X8fa68ec-b00f-6f60-44ec-9c8453490e9e}"
"PageFiltering"=dword:00000001
"CrMnTmt"=dword:0036ee80

************

Removing hidden service:
Service usblter removed.

Removing hidden folder:
Deletion of folder Miclayer succeeded!

Deleting files:

Deletion of file C:\WINDOWS\system32\drivers\cdfmbios.sys succeeded!
Deletion of file C:\WINDOWS\system32\msipvacm.exe succeeded!
Deletion of file C:\WINDOWS\system32\slbstmib.dll succeeded!
Deletion of file C:\WINDOWS\system32\oddrv42a.exe succeeded!

Backing up files:
Done!

Removing registry entries:

REGEDIT4

[-HKEY_CURRENT_USER\Software\CoVWmABEYf83]
[-HKEY_LOCAL_MACHINE\Software\CoVWmABEYf83]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{52E4936F-CB3E-42B4-B9C6-B0128D469E32}]

Done!

Finished!





my text: is there anything named Computer Language? they should teach it in school! :P

illukka
2006-01-27, 23:37
hi

great work there :bigthumb:




now lets try to get rid of the sophos entries there:

click start=>run => type into the box services.msc and hit enter

locate the following services:
SweepNe
SWEEPSRV.SYS
once found, doubleclick it, then set its startup type to disabled
do this to both

reboot


Please download ewido security suite (http://www.ewido.net/en/download/) it is a free version of the program.
Install ewido security suite
When installing, under "Additional Options" uncheck..
Install background guard
Install scan via context menu

Launch ewido, there should be an icon on your desktop, double-click it.
The program will now open to the main screen.
When you run ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment.

You will need to update ewido to the latest definition files.
On the left hand side of the main screen click update.
Then click on Start Update.

The update will start and a progress bar will show the updates being installed.
(the status bar at the bottom will display ("Update successful")
If you are having problems with the updater, you can use this link to manually update ewido.
ewido manual updates (http://www.ewido.net/en/download/updates/)

Once the updates are installed do the following:

reboot your computer in SafeMode by doing the following:
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
Instead of Windows loading as normal, a menu should appear
Select the first option, to run Windows in Safe Mode.


then launch ewido:
Click on scanner
Click on Complete System Scan and the scan will begin.
You will be prompted to clean the first infection.
Select "Perform action on all infections", then proceed.
Once the scan has completed, there will be a button located on the bottom of the screen named Save report
Click Save report.
Save the report .txt file to your desktop or a location where you can find it easily.

Close ewido security suite.

reboot back to normal mode, post the ewido report and a log from a fresh hjt scan

danger3s
2006-01-28, 00:36
---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 10:22:24 PM, 1/27/2006
+ Report-Checksum: 6D03A122

+ Scan result:

HKLM\SOFTWARE\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} -> Spyware.MiniBug : Cleaned with backup
HKLM\SOFTWARE\Need2Find -> Spyware.Need2Find : Cleaned with backup
HKLM\SOFTWARE\Need2Find\bar -> Spyware.Need2Find : Cleaned with backup
HKLM\SOFTWARE\Need2Find\bar\Partner -> Spyware.Need2Find : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\Cookies\user@mediaplex[2].txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\Cookies\user@e-2dj6wgkiumczmho.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\Cookies\user@e-2dj6wjkygodpagq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\Cookies\user@spylog[1].txt -> Spyware.Cookie.Spylog : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\Cookies\user@hotlog[1].txt -> Spyware.Cookie.Hotlog : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\Cookies\user@trafficmp[2].txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\Cookies\user@tribalfusion[2].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\Cookies\user@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\Cookies\user@casalemedia[2].txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\Cookies\user@adopt.euroclick[1].txt -> Spyware.Cookie.Euroclick : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\Cookies\user@statcounter[1].txt -> Spyware.Cookie.Statcounter : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\Cookies\user@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\Cookies\user@bs.serving-sys[1].txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\Cookies\user@advertising[1].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\Cookies\user@ads.pointroll[2].txt -> Spyware.Cookie.Pointroll : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\Cookies\user@perf.overture[1].txt -> Spyware.Cookie.Overture : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\Cookies\user@questionmarket[2].txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\Cookies\user@fastclick[2].txt -> Spyware.Cookie.Fastclick : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\Cookies\user@ad.yieldmanager[2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\Cookies\user@serving-sys[1].txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\user\Cookies\user@perf.overture[1].txt -> Spyware.Cookie.Overture : Cleaned with backup
C:\Documents and Settings\user\Cookies\user@a.tribalfusion[1].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\user\Cookies\user@www.smartadserver[1].txt -> Spyware.Cookie.Smartadserver : Cleaned with backup
C:\Documents and Settings\user\Cookies\user@e-2dj6wjl4sncjoep.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\user\Cookies\user@image.masterstats[1].txt -> Spyware.Cookie.Masterstats : Cleaned with backup
C:\Documents and Settings\user\Cookies\user@overture[1].txt -> Spyware.Cookie.Overture : Cleaned with backup
C:\Documents and Settings\user\Cookies\user@paypopup[1].txt -> Spyware.Cookie.Paypopup : Cleaned with backup
C:\Documents and Settings\user\Cookies\user@e-2dj6wfkigodpoco.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\user\Cookies\user@cs.sexcounter[2].txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
C:\Documents and Settings\user\Cookies\user@adbrite[1].txt -> Spyware.Cookie.Adbrite : Cleaned with backup
C:\Documents and Settings\user\Cookies\user@data4.perf.overture[1].txt -> Spyware.Cookie.Overture : Cleaned with backup
C:\Documents and Settings\user\Cookies\user@e-2dj6wjmiahazmfo.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\user\Cookies\user@e-2dj6wfkoqmajigp.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\user\Cookies\user@e-2dj6wfloekdzghq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\user\Cookies\user@e-2dj6wfkyujdpcco.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\user\Cookies\user@e-2dj6wjnysjczgkp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\user\Cookies\user@122.2o7[2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\user\Cookies\user@cz7.clickzs[1].txt -> Spyware.Cookie.Clickzs : Cleaned with backup
C:\Documents and Settings\user\Cookies\user@rotator.adjuggler[1].txt -> Spyware.Cookie.Adjuggler : Cleaned with backup
C:\Documents and Settings\user\Cookies\user@sel.as-eu.falkag[2].txt -> Spyware.Cookie.Falkag : Cleaned with backup
C:\Documents and Settings\user\Cookies\user@ad.yieldmanager[1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\user\Cookies\user@qantasairways.122.2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\user\Cookies\user@www.myaffiliateprogram[2].txt -> Spyware.Cookie.Myaffiliateprogram : Cleaned with backup
C:\Documents and Settings\user\Cookies\user@as-eu.falkag[2].txt -> Spyware.Cookie.Falkag : Cleaned with backup
C:\Documents and Settings\user\Cookies\user@casinotropez[1].txt -> Spyware.Cookie.Casinotropez : Cleaned with backup
C:\Documents and Settings\user\Cookies\user@as1.falkag[2].txt -> Spyware.Cookie.Falkag : Cleaned with backup
C:\Documents and Settings\user\Cookies\user@msnservices.112.2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\user\Cookies\user@fuck-access[1].txt -> Spyware.Cookie.Fuck-access : Cleaned with backup
C:\Documents and Settings\user\Cookies\user@bluestreak[2].txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
C:\Documents and Settings\user\Cookies\user@trafficmp[2].txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\user\Cookies\user@tradedoubler[1].txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
C:\Documents and Settings\user\Cookies\user@stats.adbrite[2].txt -> Spyware.Cookie.Adbrite : Cleaned with backup
C:\Documents and Settings\user\Cookies\user@com[2].txt -> Spyware.Cookie.Com : Cleaned with backup
C:\Documents and Settings\user\Cookies\user@adopt.euroclick[1].txt -> Spyware.Cookie.Euroclick : Cleaned with backup
C:\Documents and Settings\user\Cookies\user@partygaming.122.2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\user\Cookies\user@serving-sys[2].txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\user\Cookies\user@trafic[1].txt -> Spyware.Cookie.Trafic : Cleaned with backup
C:\Documents and Settings\user\Cookies\user@ads.pointroll[2].txt -> Spyware.Cookie.Pointroll : Cleaned with backup
C:\Documents and Settings\user\Cookies\user@ads.addynamix[2].txt -> Spyware.Cookie.Addynamix : Cleaned with backup
C:\Documents and Settings\user\Cookies\user@burstnet[2].txt -> Spyware.Cookie.Burstnet : Cleaned with backup
C:\Documents and Settings\user\Cookies\user@z1.adserver[1].txt -> Spyware.Cookie.Adserver : Cleaned with backup
C:\Documents and Settings\user\Cookies\user@casalemedia[2].txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.16:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\lr1wd4x6.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.17:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\lr1wd4x6.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.19:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\lr1wd4x6.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.20:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\lr1wd4x6.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.21:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\lr1wd4x6.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.22:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\lr1wd4x6.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.23:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\lr1wd4x6.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.24:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\lr1wd4x6.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.25:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\lr1wd4x6.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.26:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\lr1wd4x6.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.27:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\lr1wd4x6.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.28:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\lr1wd4x6.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.29:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\lr1wd4x6.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
-> : Error during cleaning
:mozilla.36:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\lr1wd4x6.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.38:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\lr1wd4x6.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.40:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\lr1wd4x6.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.43:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\lr1wd4x6.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.44:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\lr1wd4x6.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.45:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\lr1wd4x6.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.46:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\lr1wd4x6.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.47:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\lr1wd4x6.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.48:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\lr1wd4x6.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.49:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\lr1wd4x6.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.50:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\lr1wd4x6.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
-> : Error during cleaning
:mozilla.52:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\lr1wd4x6.default\cookies.txt -> Spyware.Cookie.Euroclick : Cleaned with backup
:mozilla.53:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\lr1wd4x6.default\cookies.txt -> Spyware.Cookie.Euroclick : Cleaned with backup
:mozilla.54:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\lr1wd4x6.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.55:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\lr1wd4x6.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.56:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\lr1wd4x6.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.61:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\lr1wd4x6.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.62:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\lr1wd4x6.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.63:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\lr1wd4x6.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.64:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\lr1wd4x6.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.68:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\lr1wd4x6.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
-> : Error during cleaning
:mozilla.73:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\lr1wd4x6.default\cookies.txt -> Spyware.Cookie.247realmedia : Cleaned with backup
:mozilla.82:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\lr1wd4x6.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.83:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\lr1wd4x6.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.96:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\lr1wd4x6.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.97:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\lr1wd4x6.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.98:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\lr1wd4x6.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.99:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\lr1wd4x6.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.100:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\lr1wd4x6.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.101:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\lr1wd4x6.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
-> : Error during cleaning
:mozilla.105:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\lr1wd4x6.default\cookies.txt -> Spyware.Cookie.Adbrite : Cleaned with backup
:mozilla.106:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\lr1wd4x6.default\cookies.txt -> Spyware.Cookie.Adbrite : Cleaned with backup
:mozilla.107:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\lr1wd4x6.default\cookies.txt -> Spyware.Cookie.Adbrite : Cleaned with backup
:mozilla.109:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\lr1wd4x6.default\cookies.txt -> Spyware.Cookie.Addynamix : Cleaned with backup
:mozilla.114:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\lr1wd4x6.default\cookies.txt -> Spyware.Cookie.Adtech : Cleaned with backup
:mozilla.115:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\lr1wd4x6.default\cookies.txt -> Spyware.Cookie.Adtech : Cleaned with backup
:mozilla.142:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\lr1wd4x6.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.157:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\lr1wd4x6.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.174:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\lr1wd4x6.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.175:C:\Documents and Settings\user\Application

danger3s
2006-01-28, 00:37
Data\Mozilla\Firefox\Profiles\lr1wd4x6.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.181:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\lr1wd4x6.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.182:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\lr1wd4x6.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.183:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\lr1wd4x6.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.184:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\lr1wd4x6.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.185:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\lr1wd4x6.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.186:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\lr1wd4x6.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.187:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\lr1wd4x6.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.188:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\lr1wd4x6.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.189:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\lr1wd4x6.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.190:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\lr1wd4x6.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
-> : Error during cleaning
:mozilla.192:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\lr1wd4x6.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.193:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\lr1wd4x6.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.194:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\lr1wd4x6.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.198:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\lr1wd4x6.default\cookies.txt -> Spyware.Cookie.Clickzs : Cleaned with backup
:mozilla.199:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\lr1wd4x6.default\cookies.txt -> Spyware.Cookie.Clickzs : Cleaned with backup
:mozilla.206:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\lr1wd4x6.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.207:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\lr1wd4x6.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.208:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\lr1wd4x6.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.209:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\lr1wd4x6.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.210:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\lr1wd4x6.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.211:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\lr1wd4x6.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.212:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\lr1wd4x6.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.213:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\lr1wd4x6.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.214:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\lr1wd4x6.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.215:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\lr1wd4x6.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.216:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\lr1wd4x6.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.217:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\lr1wd4x6.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.218:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\lr1wd4x6.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.219:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\lr1wd4x6.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.220:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\lr1wd4x6.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.221:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\lr1wd4x6.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.222:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\lr1wd4x6.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.236:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\lr1wd4x6.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.249:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\lr1wd4x6.default\cookies.txt -> Spyware.Cookie.Estat : Cleaned with backup
:mozilla.295:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\lr1wd4x6.default\cookies.txt -> Spyware.Cookie.Hotlog : Cleaned with backup
:mozilla.317:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\lr1wd4x6.default\cookies.txt -> Spyware.Cookie.Masterstats : Cleaned with backup
:mozilla.325:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\lr1wd4x6.default\cookies.txt -> Spyware.Cookie.Sitestat : Cleaned with backup
:mozilla.326:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\lr1wd4x6.default\cookies.txt -> Spyware.Cookie.Sitestat : Cleaned with backup
:mozilla.327:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\lr1wd4x6.default\cookies.txt -> Spyware.Cookie.Sitestat : Cleaned with backup
:mozilla.395:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\lr1wd4x6.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.396:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\lr1wd4x6.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.406:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\lr1wd4x6.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.415:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\lr1wd4x6.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.420:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\lr1wd4x6.default\cookies.txt -> Spyware.Cookie.Qksrv : Cleaned with backup
:mozilla.421:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\lr1wd4x6.default\cookies.txt -> Spyware.Cookie.Qksrv : Cleaned with backup
:mozilla.443:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\lr1wd4x6.default\cookies.txt -> Spyware.Cookie.Adjuggler : Cleaned with backup
:mozilla.450:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\lr1wd4x6.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.464:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\lr1wd4x6.default\cookies.txt -> Spyware.Cookie.Spylog : Cleaned with backup
:mozilla.466:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\lr1wd4x6.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.467:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\lr1wd4x6.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.468:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\lr1wd4x6.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.469:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\lr1wd4x6.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.470:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\lr1wd4x6.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.471:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\lr1wd4x6.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.472:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\lr1wd4x6.default\cookies.txt -> Spyware.Cookie.Adbrite : Cleaned with backup
:mozilla.499:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\lr1wd4x6.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
:mozilla.500:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\lr1wd4x6.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
:mozilla.501:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\lr1wd4x6.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
:mozilla.502:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\lr1wd4x6.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.503:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\lr1wd4x6.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.504:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\lr1wd4x6.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.505:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\lr1wd4x6.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.506:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\lr1wd4x6.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.507:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\lr1wd4x6.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.509:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\lr1wd4x6.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.562:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\lr1wd4x6.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.563:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\lr1wd4x6.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.564:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\lr1wd4x6.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.597:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\lr1wd4x6.default\cookies.txt -> Spyware.Cookie.Myaffiliateprogram : Cleaned with backup
:mozilla.620:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\lr1wd4x6.default\cookies.txt -> Spyware.Cookie.Smartadserver : Cleaned with backup
:mozilla.652:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\lr1wd4x6.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.653:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\lr1wd4x6.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.658:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\lr1wd4x6.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.659:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\lr1wd4x6.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.660:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\lr1wd4x6.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.661:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\lr1wd4x6.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.662:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\lr1wd4x6.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.663:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\lr1wd4x6.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.668:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\lr1wd4x6.default\cookies.txt -> Spyware.Cookie.Sitestat : Cleaned with backup
:mozilla.673:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\lr1wd4x6.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.674:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\lr1wd4x6.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.675:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\lr1wd4x6.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.676:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\lr1wd4x6.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.678:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\lr1wd4x6.default\cookies.txt -> Spyware.Cookie.Onestat : Cleaned with backup
:mozilla.679:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\lr1wd4x6.default\cookies.txt -> Spyware.Cookie.Onestat : Cleaned with backup
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\DIHOMNKB\mm[1].js -> Spyware.Chitika : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@msnservices.112.2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@adbrite[1].txt -> Spyware.Cookie.Adbrite : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@fastclick[1].txt -> Spyware.Cookie.Fastclick : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@adopt.euroclick[1].txt -> Spyware.Cookie.Euroclick : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@advertising[2].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@hitbox[1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@hotlog[1].txt -> Spyware.Cookie.Hotlog : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@ehg-oreilly.hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@mediaplex[1].txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@statcounter[1].txt ->

danger3s
2006-01-28, 00:37
Spyware.Cookie.Statcounter : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@ad.yieldmanager[2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@com[2].txt -> Spyware.Cookie.Com : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@tribalfusion[2].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@spylog[1].txt -> Spyware.Cookie.Spylog : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@microsofteup.112.2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@casalemedia[1].txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.12:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ucish3nn.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.13:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ucish3nn.default\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.14:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ucish3nn.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\mer safe\Cookies\mer safe@rotator.adjuggler[1].txt -> Spyware.Cookie.Adjuggler : Cleaned with backup
C:\Documents and Settings\mer safe\Cookies\mer safe@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\mer safe\Cookies\mer safe@tradedoubler[2].txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
C:\Documents and Settings\mer safe\Cookies\mer safe@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\mer safe\Cookies\mer safe@trafficmp[1].txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\mer safe\Cookies\mer safe@statse.webtrendslive[1].txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
C:\Documents and Settings\mer safe\Cookies\mer safe@adopt.euroclick[1].txt -> Spyware.Cookie.Euroclick : Cleaned with backup
C:\Documents and Settings\mer safe\Cookies\mer safe@247realmedia[1].txt -> Spyware.Cookie.247realmedia : Cleaned with backup
C:\Documents and Settings\mer safe\Cookies\mer safe@as1.falkag[2].txt -> Spyware.Cookie.Falkag : Cleaned with backup
C:\Documents and Settings\mer safe\Cookies\mer safe@perf.overture[1].txt -> Spyware.Cookie.Overture : Cleaned with backup
C:\Documents and Settings\mer safe\Cookies\mer safe@partygaming.122.2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\mer safe\Cookies\mer safe@z1.adserver[1].txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.12:C:\Documents and Settings\mer safe\Application Data\Mozilla\Firefox\Profiles\r0h64pm8.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.21:C:\Documents and Settings\mer safe\Application Data\Mozilla\Firefox\Profiles\r0h64pm8.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.25:C:\Documents and Settings\mer safe\Application Data\Mozilla\Firefox\Profiles\r0h64pm8.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.26:C:\Documents and Settings\mer safe\Application Data\Mozilla\Firefox\Profiles\r0h64pm8.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.28:C:\Documents and Settings\mer safe\Application Data\Mozilla\Firefox\Profiles\r0h64pm8.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.29:C:\Documents and Settings\mer safe\Application Data\Mozilla\Firefox\Profiles\r0h64pm8.default\cookies.txt ->
Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.30:C:\Documents and Settings\mer safe\Application Data\Mozilla\Firefox\Profiles\r0h64pm8.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.31:C:\Documents and Settings\mer safe\Application Data\Mozilla\Firefox\Profiles\r0h64pm8.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.35:C:\Documents and Settings\mer safe\Application Data\Mozilla\Firefox\Profiles\r0h64pm8.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.36:C:\Documents and Settings\mer safe\Application Data\Mozilla\Firefox\Profiles\r0h64pm8.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.37:C:\Documents and Settings\mer safe\Application Data\Mozilla\Firefox\Profiles\r0h64pm8.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.38:C:\Documents and Settings\mer safe\Application Data\Mozilla\Firefox\Profiles\r0h64pm8.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.40:C:\Documents and Settings\mer safe\Application Data\Mozilla\Firefox\Profiles\r0h64pm8.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.41:C:\Documents and Settings\mer safe\Application Data\Mozilla\Firefox\Profiles\r0h64pm8.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.42:C:\Documents and Settings\mer safe\Application Data\Mozilla\Firefox\Profiles\r0h64pm8.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.43:C:\Documents and Settings\mer safe\Application Data\Mozilla\Firefox\Profiles\r0h64pm8.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.52:C:\Documents and Settings\mer safe\Application Data\Mozilla\Firefox\Profiles\r0h64pm8.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.53:C:\Documents and Settings\mer safe\Application Data\Mozilla\Firefox\Profiles\r0h64pm8.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.54:C:\Documents and Settings\mer safe\Application Data\Mozilla\Firefox\Profiles\r0h64pm8.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.55:C:\Documents and Settings\mer safe\Application Data\Mozilla\Firefox\Profiles\r0h64pm8.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.56:C:\Documents and Settings\mer safe\Application Data\Mozilla\Firefox\Profiles\r0h64pm8.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.61:C:\Documents and Settings\mer safe\Application Data\Mozilla\Firefox\Profiles\r0h64pm8.default\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq14.tmp -> Spyware.Cookie.247realmedia : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq15.tmp -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq16.tmp -> Spyware.Cookie.Adtech : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq17.tmp -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq18.tmp -> Spyware.Cookie.Adviva : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq19.tmp -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1A.tmp -> Spyware.Cookie.Bluestreak : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1B.tmp -> Spyware.Cookie.Casalemedia : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1C.tmp -> Spyware.Cookie.Centrport : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1E.tmp -> Spyware.Cookie.Com : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1F.tmp -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq20.tmp -> Spyware.Cookie.Fastclick : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq21.tmp -> Spyware.Cookie.Mediaplex : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq22.tmp -> Spyware.Cookie.Questionmarket : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq24.tmp -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq25.tmp -> Spyware.Cookie.Serving-sys : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq26.tmp -> Spyware.Cookie.Sextracker : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq27.tmp -> Spyware.Cookie.Tradedoubler : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq28.tmp -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq29.tmp -> Spyware.Cookie.Tribalfusion : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq3A.tmp -> Spyware.Cookie.Revenue : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq3B.tmp -> Spyware.Cookie.Tradedoubler : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq5.tmp -> Spyware.Cookie.Casalemedia : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq6.tmp -> Spyware.Cookie.Questionmarket : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq7.tmp -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq8.tmp -> Spyware.Cookie.Serving-sys : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqA.tmp -> Spyware.Cookie.Fastclick : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqB.tmp -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqC.tmp -> Spyware.Cookie.Sextracker : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqD.tmp -> Spyware.Cookie.Sextracker : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqE.tmp -> Spyware.Cookie.Sextracker : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq13.tmp -> Spyware.Cookie.Webtrendslive : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqF.tmp -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq10.tmp -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq11.tmp -> Spyware.Cookie.Bluestreak : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2C.tmp -> Spyware.Cookie.Centrport : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2D.tmp -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq37B.tmp -> Spyware.Cookie.Adtech : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq37C.tmp -> Spyware.Cookie.Valueclick : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq23E.tmp -> Spyware.Cookie.7search : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq240.tmp -> Spyware.Cookie.Adviva : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq241.tmp -> Spyware.Cookie.Falkag : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq243.tmp -> Spyware.Cookie.Ru4 : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq244.tmp -> Spyware.Cookie.Findwhat : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq245.tmp -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq247.tmp -> Spyware.Cookie.Paycounter : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq248.tmp -> Spyware.Cookie.Revenue : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq24A.tmp -> Spyware.Cookie.Sextracker : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq24B.tmp -> Spyware.Cookie.Spylog : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq24C.tmp -> Spyware.Cookie.Webtrendslive : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2F.tmp -> Spyware.Cookie.Bridgetrack : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq34.tmp -> Spyware.Cookie.Bridgetrack : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq3C7.tmp -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq3C8.tmp -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq3C9.tmp -> Spyware.Cookie.Mediaplex : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq3CA.tmp -> Spyware.Cookie.Sextracker : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq38.tmp -> Spyware.Cookie.Burstnet : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq3C.tmp -> Spyware.Cookie.Ru4 : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq3D.tmp -> Spyware.Cookie.Falkag : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq3E.tmp -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq69.tmp -> Spyware.Cookie.Sextracker : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq6A.tmp -> Spyware.Cookie.Tribalfusion : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq44A.tmp -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq44C.tmp -> Spyware.Cookie.Xxxtoolbar : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq450.tmp -> Spyware.Cookie.Sextracker : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq454.tmp -> Spyware.Cookie.Sextracker : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq4C5.tmp -> Spyware.Cookie.Falkag : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq40.tmp -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq41.tmp -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq42.tmp -> Spyware.Cookie.Bfast : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq45.tmp -> Spyware.Cookie.Commission-junction : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq47.tmp -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq49.tmp -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq4A.tmp -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq4B.tmp -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq4C.tmp -> Spyware.Cookie.Mediaplex : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq4D.tmp -> Spyware.Cookie.Qksrv : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq4E.tmp -> Spyware.Cookie.Questionmarket : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq50.tmp -> Spyware.Cookie.Serving-sys : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq51.tmp -> Spyware.Cookie.Statcounter : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq52.tmp -> Spyware.Cookie.Tribalfusion : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq53.tmp -> Spyware.Cookie.Valueclick : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq54.tmp -> Spyware.Cookie.Valueclick : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq55.tmp -> Spyware.Cookie.Valueclick : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq57.tmp -> Spyware.Cookie.Bfast : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq58.tmp -> Spyware.Cookie.Burstnet : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq5C.tmp -> Spyware.Cookie.Qksrv : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq5D.tmp -> Spyware.Cookie.Adserver : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq3C0.tmp -> Spyware.Cookie.Statcounter : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqE3.tmp -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq5F.tmp -> Spyware.Cookie.Spylog : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq60.tmp -> Spyware.Cookie.Onestat : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq61.tmp -> Spyware.Cookie.Targetnet : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq62.tmp -> Spyware.Cookie.Serving-sys : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq72.tmp -> Spyware.Cookie.Serving-sys : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqCD.tmp -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq4AD.tmp -> Spyware.Cookie.Coremetrics : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq4AE.tmp -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2.tmp -> Spyware.Cookie.Hitslink : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq3.tmp -> Spyware.Cookie.Paycounter : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq4.tmp -> Spyware.Cookie.Realtracker : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq64.tmp -> Spyware.Cookie.Targetnet : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq65.tmp -> Spyware.Cookie.Goldenpalace : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq66.tmp -> Spyware.Cookie.Pro-market : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq67.tmp -> Spyware.Cookie.Sextracker : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq68.tmp -> Spyware.Cookie.Sextracker : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq6F.tmp -> Spyware.Cookie.Hotlog : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq74.tmp -> Spyware.Cookie.Falkag : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq78.tmp -> Spyware.Cookie.Hotlog : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq7A.tmp -> Spyware.Cookie.Xxxcounter : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq7D.tmp -> Spyware.Cookie.Adserver : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\171FF12E-37BD-4D12-9CFE-5AEDB9\1C36E16A-141A-4746-B73B-066B4F -> Adware.SurfAccuracy : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\910B89D5-FB46-4176-A859-2F21C1\D78C1E50-0435-4C21-808D-AFDC8F -> Spyware.PowerScan : Cleaned with backup
C:\System Volume Information\_restore{5E68835F-0FE7-47EF-A5AA-04BFBAABE3E5}\RP2\A0000006.dll -> Adware.Winfixer : Cleaned with backup


::Report End

danger3s
2006-01-28, 00:38
Logfile of HijackThis v1.99.1
Scan saved at 10:29:03 PM, on 1/27/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\acer\epm\epm-dm.exe
C:\PROGRA~1\LAUNCH~1\LManager.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Athan\Athan.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\acer\eRecovery\Monitor.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Pixoria\Konfabulator\Konfabulator.exe
C:\Program Files\Pixoria\Konfabulator\Konfabulator.exe
C:\Program Files\Pixoria\Konfabulator\Konfabulator.exe
C:\Program Files\Pixoria\Konfabulator\Konfabulator.exe
C:\Program Files\Pixoria\Konfabulator\Konfabulator.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\user\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com/?.home=ytie
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.yahoo.com/?.home=ytie
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe
O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [eRecoveryService] C:\Windows\System32\Check.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Athan] C:\Program Files\Athan\Athan.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Konfabulator.lnk = C:\Program Files\Pixoria\Konfabulator\Konfabulator.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\YAHOO!\COMMON\yhexbmesuk.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\YAHOO!\COMMON\yhexbmesuk.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - https://scan.safety.live.com/resource/download/scanner/en-us/wlscbase3401.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1129579460828
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: Aluria Security Center Spyware Eliminator Service (ASCService) - Unknown owner - C:\Program Files\Aluria Security Center\ascserv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

danger3s
2006-01-28, 01:15
i have also posted the ewido log to your e-mail, just in case if the ewido log not so clear here.

illukka
2006-01-28, 09:32
hi

thanks
looks good by the way :bigthumb:


log looks clean, ewido cleaned a whole lot
are you still having problems?
errors? popups? is your anti virus finding things?

about your av, is it fully functional and up to date ?

danger3s
2006-01-28, 14:01
comp is good. less popup best to say, cos sometimes still got it out of nowhere. avg not working anymore, try to find the program files, but doesnt exist anymore:P anyhow, it's major change to comp speed and internet. what's next?

illukka
2006-01-28, 14:53
hi
does a scan with blacklight produce any results ?

illukka
2006-01-28, 18:57
hi

ive been in contact with the developer of aproposfix about this problem

we would need the backups.zip that aproposfix makes into the folder wher its extracted and run
(C:\aproposfix\aproposfix\backups\backups.zip)
also the files service.reg and fix.reg are needed ( in the same folder ) C:\aproposfix\aproposfix\backups

how large are those files?
could you possibly email these files

danger3s
2006-01-28, 22:02
hi

blacklight return no result. do u think i should reinstall avg? i look forward protecting my computer so that i dont have to go through this all over again. the aproposfix backup files already sent to your e-mail.
anyway, lotsa thanks

illukka
2006-01-28, 22:31
hi

a reinstall of avg might be worth trying, if you can succesfully do it


so far i havent received anything.. my mail provider(usermail ) always blocks messages with suspicious attachments, such as executables unless encrypted

if you get a bounce, or virus/suspicious attachment warning from the mail you sent go to
http://www.thespykiller.co.uk/forum/index.php?board=1.0
to upload the files there

press new topic, put a link to here into the message, then attach the files to your message ( just browse to the files, press attach)
then hit the post button

anyway thanks in advance

also thanks for your patience :bigthumb:

danger3s
2006-01-28, 22:43
did as you said. patience is my best friend :bigthumb:

illukka
2006-01-28, 23:14
thanks

i will have them delivered
we will get back to you as soon as we can figure out what was wrong

illukka
2006-01-29, 01:18
try to find the program files, but doesnt exist anymore

can you explain this more specifically?

did this happen right after running the aproposfix, or was it there before?
hijackthis log shows processe running from program files, so it exists

the files you sent show that all the right files were deleted, all the rootkit reg entries were fixed etc. nothing else.

open a command prompt ( click start> run >type cmd and hit enter

highlight the text below in a box, and press ctrl+c to copy it to the clipboard


cd %programfiles%
dir /s * >> %systemdrive%\log.txt
notepad %systemdrive%\log.txt

go back to the command prompt window, right click it, select paste and hit enter

wait until it finishes
post the resulting text file c:\log.txt here

danger3s
2006-01-29, 03:05
hi

whoops. so sorry for sending u the wrong information. the AVG was in the Grisoft folder, and that's in the program file folder. reinstalled it just now, everything works fine.
sent the log file to ur email by the way(it's bigger than 39.1 KB).
thank u so much for ur concern

danger3s
2006-01-29, 03:19
hi

1 more thing. this software named Registry Mechanic, have u ever used/know anything about it? is it safe to use for normal user like me,or maybe it needs experienced/advanced user?
thx

illukka
2006-01-29, 11:04
lets out a huge sigh of relief
glad its sorted out
when installing multiple antivirus programs make sure that only one of those is running real time protection

registry mechanic is IMO a good program, just make sure that it has backups for items it cleans from the registry, so that you can restore it if problems occur


Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
Disable and Enable System Restore. - If you are using Windows ME or XP then you should disable and re-enable system restore to make sure there are no infected files found in a restore point.

You can find instructions on how to enable and reenable system restore here:

Managing Windows Millenium System Restore (http://www.bleepingcomputer.com/forums/tutorial63.html)

or

Windows XP System Restore Guide (http://www.bleepingcomputer.com/forums/tutorial56.html)

Reenable system restore with instructions from tutorial above


Make your Internet Explorer more secure - This can be done by following these simple instructions:
From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.

Change the Download signed ActiveX controls to Prompt

Change the Download unsigned ActiveX controls to Disable

Change the Initialize and script ActiveX controls not marked as safe to Disable

Change the Installation of desktop items to Prompt

Change the Launching programs and files in an IFRAME to Prompt

Change the Navigate sub-frames across different domains to Prompt

When all these settings have been made, click on the OK button.

If it prompts you as to whether or not you want to save the settings, press the Yes button.

Next press the Apply button and then the OK to exit the Internet Properties page.

Use an AntiVirus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.

See this link for a listing of some online & their stand-alone antivirus programs:

Virus, Spyware, and Malware Protection and Removal Resources (http://www.bleepingcomputer.com/forums/topict405.html)


Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.


Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

For a tutorial on Firewalls and a listing of some available ones see the link below:

Understanding and Using Firewalls (http://www.bleepingcomputer.com/forums/tutorial60.html)


Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com (http://www.windowsupdate.com) regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.


Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an antivirus software.

A tutorial on installing & using this product can be found here:

Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers (http://www.bleepingcomputer.com/forums/tutorial43.html)


Install Ad-Aware - Install and download Ad-Aware. ou should also scan your computer with program on a regular basis just as you would an antivirus software in conjunction with Spybot.

A tutorial on installing & using this product can be found here:

Using Ad-aware to remove Spyware, Malware, & Hijackers from Your Computer (http://www.bleepingcomputer.com/forums/tutorial48.html)


Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

A tutorial on installing & using this product can be found here:

Using SpywareBlaster to protect your computer from Spyware and Malware (http://www.bleepingcomputer.com/forums/tutorial49.html)


Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.

here are some additional utilities that will enhance your safety

IE/Spyad (https://netfiles.uiuc.edu/ehowes/www/resource.htm) <= IE/Spyad places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.
MVPS Hosts file (http://mvps.org/winhelp2002/hosts.htm) <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your coputer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer
Google Toolbar (http://toolbar.google.com/) <= Get the free google toolbar to help stop pop up windows.
Winpatrol (http://www.winpatrol.com/) <= Download and install the free version of Winpatrol. a tutorial for this product is located here:
Using Winpatrol to protect your computer from malicious software (http://www.winpatrol.com/features.html)

i also suggest getting an alternative browser, such as firefox or opera

cheers

danger3s
2006-01-30, 05:34
ive read some of the forums about protecting the com on main page. ive created restore points n did all the instructions/suggestion given. n that's after my comp is fully functional n cleaned. should i create a another new restore point anyway?
i feel very safe while surfing the internet now. not any single popup got through my screen. thank you so much. i shall recommend this website to my friends. is that okay?

illukka
2006-01-30, 09:14
ive read some of the forums about protecting the com on main page. ive created restore points n did all the instructions/suggestion given. n that's after my comp is fully functional n cleaned. should i create a another new restore point anyway?

hi

once system restore is re-enabled create a new restore point right away



i feel very safe while surfing the internet now. not any single popup got through my screen. thank you so much. i shall recommend this website to my friends. is that okay?

good to hear that :)

we like to be recommended :beerbeerb

tashi
2006-02-05, 19:30
As the problem appears to be resolved this topic will be archived.
If you need it re-opened please send me a pm.

Glad we could help. Thank you illukka. :)