View Full Version : Dialer-257
Ok, so I'm getting a lot of messages from my "Virus Scan" (Virus Scan Enterprise 8.0) saying that I had a "Dialer-257". So, I ran Spybot S&D, I ran Ad-Aware and then I repeated (usually 2 scans for each gets the job done). Neither has gotten rid of the problem. The Virus Scan still pops up:scratch: . So, I searched the internet, found this site, and have learned about how helpful a tool HJT is, but i still don't know how to fix the problem...
HJT log:
Logfile of HijackThis v1.99.1
Scan saved at 12:04:36 AM, on 3/23/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Logitech\MediaLife\MediaLifeService.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\MIT\Kerberos\bin\krbcc32s.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\Adam\Desktop\HijackThis.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MediaLifeService] "C:\Program Files\Logitech\MediaLife\MediaLifeService.exe"
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [AdwareAlert] C:\Program Files\AdwareAlert\AdwareAlert.Exe -boot
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: WASTE.lnk = C:\Program Files\WASTE\WASTE.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} (20-20 Technologies Player) - https://bestbuy.mvm.com/bb_ki_ctx/jsp/views/modeldisplay/Core/Player/2020PlayerAX_Win32.cab
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
I don't know what to do, or what to remove. Can someone please help me?
Thanks!
pskelley
2006-03-23, 21:29
Hello and welcome to the forum. Help me out here, these programs must be telling you more than "Dialer-257". One of these program, your AV or one of the others must be telling you the name or pathway of the item? Here is what McAfee has to say: http://vil.mcafeesecurity.com/vil/content/v_132780.htm#MethodOfInfection but nothing is showing in the HJT log. Let's do this:
ewido scan:
Please download Ewido Security Suite (http://www.ewido.net/en/download/) it is a trial version of the program.
Install ewido security suite
Launch ewido, there should be an icon on your desktop double-click it.
The program will now go to the main screen
You will need to update ewido to the latest definition files.
On the left hand side of the main screen click update
Then click on Start Update
The update will start and a progress bar will show the updates being installed.
If you are having problems with the updater, you can use this link to manually update Ewido.
Ewido manual updates (http://www.ewido.net/en/download/updates/)
Once the updates are installed do the following:
Click on scanner
Click on Complete System Scan and the scan will begin.
NOTE: During some scans with ewido it is finding cases of false positives.**
You will need to step through the process of cleaning files one-by-one.
If ewido detects a file you KNOW to be legitimate, select none as the action.
DO NOT select "Perform action on all infections"
If you are unsure of any entry found select none for now.
Once the scan has completed, there will be a button located on the bottom of the screen named Save report
Click Save report.
Save the report .txt file to your desktop.
Now close ewido security suite.
**(Ewido for example has been flagging parts of AVG Anti-Virus, pcAnywhere and the game "Risk")
Post the ewido scan results and any information I requested above. Stay in this same topic.
Thanks...pskelley
Safer Networking Forums
---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------
+ Created on: 11:05:47 PM, 3/23/2006
+ Report-Checksum: AE24CCF6
+ Scan result:
:mozilla.10:C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\eo8l9f61.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.11:C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\eo8l9f61.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.16:C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\eo8l9f61.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.32:C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\eo8l9f61.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.33:C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\eo8l9f61.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.34:C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\eo8l9f61.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.35:C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\eo8l9f61.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.36:C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\eo8l9f61.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.37:C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\eo8l9f61.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.38:C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\eo8l9f61.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.39:C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\eo8l9f61.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.40:C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\eo8l9f61.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.41:C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\eo8l9f61.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.42:C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\eo8l9f61.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.43:C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\eo8l9f61.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.44:C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\eo8l9f61.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.54:C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\eo8l9f61.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.55:C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\eo8l9f61.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.56:C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\eo8l9f61.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.57:C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\eo8l9f61.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.58:C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\eo8l9f61.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.60:C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\eo8l9f61.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.64:C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\eo8l9f61.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.86:C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\eo8l9f61.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.87:C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\eo8l9f61.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.96:C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\eo8l9f61.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.97:C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\eo8l9f61.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.98:C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\eo8l9f61.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.99:C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\eo8l9f61.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.100:C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\eo8l9f61.default\cookies.txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup
:mozilla.101:C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\eo8l9f61.default\cookies.txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup
:mozilla.106:C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\eo8l9f61.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.107:C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\eo8l9f61.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.108:C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\eo8l9f61.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.109:C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\eo8l9f61.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.110:C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\eo8l9f61.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.111:C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\eo8l9f61.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.116:C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\eo8l9f61.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.117:C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\eo8l9f61.default\cookies.txt -> TrackingCookie.Clickbank : Cleaned with backup
:mozilla.118:C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\eo8l9f61.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.119:C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\eo8l9f61.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.120:C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\eo8l9f61.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.121:C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\eo8l9f61.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.122:C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\eo8l9f61.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.123:C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\eo8l9f61.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.124:C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\eo8l9f61.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.125:C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\eo8l9f61.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.126:C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\eo8l9f61.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.127:C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\eo8l9f61.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.128:C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\eo8l9f61.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.129:C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\eo8l9f61.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.130:C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\eo8l9f61.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.131:C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\eo8l9f61.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.132:C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\eo8l9f61.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.133:C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\eo8l9f61.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.134:C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\eo8l9f61.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.135:C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\eo8l9f61.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.136:C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\eo8l9f61.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.137:C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\eo8l9f61.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.138:C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\eo8l9f61.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.142:C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\eo8l9f61.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.143:C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\eo8l9f61.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.158:C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\eo8l9f61.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.159:C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\eo8l9f61.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.160:C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\eo8l9f61.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.161:C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\eo8l9f61.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.162:C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\eo8l9f61.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.163:C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\eo8l9f61.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.164:C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\eo8l9f61.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.165:C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\eo8l9f61.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.167:C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\eo8l9f61.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.169:C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\eo8l9f61.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.171:C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\eo8l9f61.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup
:mozilla.172:C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\eo8l9f61.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup
:mozilla.173:C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\eo8l9f61.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup
:mozilla.174:C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\eo8l9f61.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup
:mozilla.175:C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\eo8l9f61.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup
:mozilla.176:C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\eo8l9f61.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup
:mozilla.177:C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\eo8l9f61.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup
:mozilla.178:C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\eo8l9f61.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup
:mozilla.179:C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\eo8l9f61.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.180:C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\eo8l9f61.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.181:C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\eo8l9f61.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.186:C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\eo8l9f61.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.187:C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\eo8l9f61.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.188:C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\eo8l9f61.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.189:C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\eo8l9f61.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.190:C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\eo8l9f61.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.191:C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\eo8l9f61.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.192:C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\eo8l9f61.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.193:C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\eo8l9f61.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned with backup
:mozilla.194:C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\eo8l9f61.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned with backup
:mozilla.218:C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\eo8l9f61.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.219:C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\eo8l9f61.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.220:C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\eo8l9f61.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.221:C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\eo8l9f61.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.225:C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\eo8l9f61.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.226:C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\eo8l9f61.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.227:C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\eo8l9f61.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.228:C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\eo8l9f61.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.242:C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\eo8l9f61.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.243:C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\eo8l9f61.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.244:C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\eo8l9f61.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.245:C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\eo8l9f61.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.266:C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\eo8l9f61.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.273:C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\eo8l9f61.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.274:C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\eo8l9f61.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.275:C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\eo8l9f61.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.276:C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\eo8l9f61.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.277:C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\eo8l9f61.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.278:C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\eo8l9f61.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.280:C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\eo8l9f61.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.289:C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\eo8l9f61.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.290:C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\eo8l9f61.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.298:C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\eo8l9f61.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.299:C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\eo8l9f61.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.300:C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\eo8l9f61.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.301:C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\eo8l9f61.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.302:C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\eo8l9f61.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.303:C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\eo8l9f61.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.314:C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\eo8l9f61.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.315:C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\eo8l9f61.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.316:C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\eo8l9f61.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.317:C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\eo8l9f61.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.318:C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\eo8l9f61.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.327:C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\eo8l9f61.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.363:C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\eo8l9f61.default\cookies.txt -> TrackingCookie.Hypertracker : Cleaned with backup
:mozilla.389:C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\eo8l9f61.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.429:C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\eo8l9f61.default\cookies.txt -> TrackingCookie.Pro-market : Cleaned with backup
:mozilla.445:C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\eo8l9f61.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.446:C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\eo8l9f61.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.447:C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\eo8l9f61.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.448:C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\eo8l9f61.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.449:C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\eo8l9f61.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.455:C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\eo8l9f61.default\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup
:mozilla.463:C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\eo8l9f61.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.464:C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\eo8l9f61.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.465:C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\eo8l9f61.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.466:C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\eo8l9f61.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.485:C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\eo8l9f61.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.486:C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\eo8l9f61.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.487:C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\eo8l9f61.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.493:C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\eo8l9f61.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup
:mozilla.494:C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\eo8l9f61.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.495:C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\eo8l9f61.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.496:C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\eo8l9f61.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.497:C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\eo8l9f61.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.498:C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\eo8l9f61.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.499:C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\eo8l9f61.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.500:C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\eo8l9f61.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.501:C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\eo8l9f61.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.519:C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\eo8l9f61.default\cookies.txt -> TrackingCookie.Yadro : Cleaned with backup
:mozilla.551:C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\eo8l9f61.default\cookies.txt -> TrackingCookie.Masterstats : Cleaned with backup
:mozilla.553:C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\eo8l9f61.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.554:C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\eo8l9f61.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.555:C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\eo8l9f61.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.556:C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\eo8l9f61.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.561:C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\eo8l9f61.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.577:C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\eo8l9f61.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned with backup
:mozilla.592:C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\eo8l9f61.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.593:C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\eo8l9f61.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.594:C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\eo8l9f61.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
C:\Documents and Settings\Adam\Local Settings\Temporary Internet Files\Content.IE5\1S5QQCYB\gdnUS2218[1].exe -> Downloader.Small.ayl : Cleaned with backup
C:\quarantine\acepjjmd.exe.Vir -> Trojan.Dialer.ay : Error during cleaning
C:\quarantine\aefceomd.exe.Vir -> Trojan.Dialer.ay : Error during cleaning
C:\quarantine\aoikolod.exe.Vir -> Trojan.Dialer.ay : Error during cleaning
C:\quarantine\bhnkabjd.exe.Vir -> Trojan.Dialer.ay : Error during cleaning
C:\quarantine\cajjfknd.exe.Vir -> Trojan.Dialer.ay : Error during cleaning
C:\quarantine\ccbgliod.exe.Vir -> Trojan.Dialer.ay : Error during cleaning
C:\quarantine\cghlmind.exe.Vir -> Trojan.Dialer.ay : Error during cleaning
C:\quarantine\chajaimd.exe.Vir -> Trojan.Dialer.ay : Error during cleaning
C:\quarantine\cmpcjpnd.exe.Vir -> Trojan.Dialer.ay : Error during cleaning
C:\quarantine\dfiaclkd.exe.Vir -> Trojan.Dialer.ay : Error during cleaning
C:\quarantine\dgdmpmmd.exe.Vir -> Trojan.Dialer.ay : Error during cleaning
C:\quarantine\dmoagbmd.exe.Vir -> Trojan.Dialer.ay : Error during cleaning
C:\quarantine\eaaolmnd.exe.Vir -> Trojan.Dialer.ay : Error during cleaning
C:\quarantine\ehpnglmd.exe.Vir -> Trojan.Dialer.ay : Error during cleaning
C:\quarantine\ekhpmood.exe.Vir -> Trojan.Dialer.ay : Error during cleaning
C:\quarantine\eldfghnd.exe.Vir -> Trojan.Dialer.ay : Error during cleaning
C:\quarantine\fheaaend.exe.Vir -> Trojan.Dialer.ay : Error during cleaning
C:\quarantine\gchfaokd.exe.Vir -> Trojan.Dialer.ay : Error during cleaning
C:\quarantine\gighpcmd.exe.Vir -> Trojan.Dialer.ay : Error during cleaning
C:\quarantine\gmonhhkd.exe.Vir -> Trojan.Dialer.ay : Error during cleaning
C:\quarantine\hfcpgejd.exe.Vir -> Trojan.Dialer.ay : Error during cleaning
C:\quarantine\hjfhnpmd.exe.Vir -> Trojan.Dialer.ay : Error during cleaning
C:\quarantine\hliijcjd.exe.Vir -> Trojan.Dialer.ay : Error during cleaning
C:\quarantine\iedjhnod.exe.Vir -> Trojan.Dialer.ay : Error during cleaning
C:\quarantine\iffdmikd.exe.Vir -> Trojan.Dialer.ay : Error during cleaning
C:\quarantine\ihamaond.exe.Vir -> Trojan.Dialer.ay : Error during cleaning
C:\quarantine\ijekkfod.exe.Vir -> Trojan.Dialer.ay : Error during cleaning
C:\quarantine\ikpgjfnd.exe.Vir -> Trojan.Dialer.ay : Error during cleaning
C:\quarantine\imfcfkkd.exe.Vir -> Trojan.Dialer.ay : Error during cleaning
C:\quarantine\innklgmd.exe.Vir -> Trojan.Dialer.ay : Error during cleaning
C:\quarantine\ioknfand.exe.Vir -> Trojan.Dialer.ay : Error during cleaning
C:\quarantine\jbeeakod.exe.Vir -> Trojan.Dialer.ay : Error during cleaning
C:\quarantine\jjamofkd.exe.Vir -> Trojan.Dialer.ay : Error during cleaning
C:\quarantine\jjkekpkd.exe.Vir -> Trojan.Dialer.ay : Error during cleaning
C:\quarantine\kiilcfmd.exe.Vir -> Trojan.Dialer.ay : Error during cleaning
C:\quarantine\kmnpclnd.exe.Vir -> Trojan.Dialer.ay : Error during cleaning
C:\quarantine\oabclcnd.exe.Vir -> Trojan.Dialer.ay : Error during cleaning
C:\quarantine\ogjfeemd.exe.Vir -> Trojan.Dialer.ay : Error during cleaning
C:\quarantine\ohbhchod.exe.Vir -> Trojan.Dialer.ay : Error during cleaning
C:\quarantine\ojndcbnd.exe.Vir -> Trojan.Dialer.ay : Error during cleaning
C:\quarantine\pemglmkd.exe.Vir -> Trojan.Dialer.ay : Error during cleaning
C:\RECYCLER\S-1-5-21-790525478-329068152-682003330-1003\Dc100.Vir -> Trojan.Dialer.ay : Error during cleaning
C:\RECYCLER\S-1-5-21-790525478-329068152-682003330-1003\Dc101.Vir -> Trojan.Dialer.ay : Error during cleaning
C:\RECYCLER\S-1-5-21-790525478-329068152-682003330-1003\Dc85.Vir -> Trojan.Dialer.ay : Error during cleaning
C:\RECYCLER\S-1-5-21-790525478-329068152-682003330-1003\Dc86.Vir -> Trojan.Dialer.ay : Error during cleaning
C:\RECYCLER\S-1-5-21-790525478-329068152-682003330-1003\Dc87.Vir -> Trojan.Dialer.ay : Error during cleaning
C:\RECYCLER\S-1-5-21-790525478-329068152-682003330-1003\Dc88.Vir -> Trojan.Dialer.ay : Error during cleaning
C:\RECYCLER\S-1-5-21-790525478-329068152-682003330-1003\Dc89.Vir -> Trojan.Dialer.ay : Error during cleaning
C:\RECYCLER\S-1-5-21-790525478-329068152-682003330-1003\Dc90.Vir -> Trojan.Dialer.ay : Error during cleaning
C:\RECYCLER\S-1-5-21-790525478-329068152-682003330-1003\Dc92.Vir -> Trojan.Dialer.ay : Error during cleaning
C:\RECYCLER\S-1-5-21-790525478-329068152-682003330-1003\Dc93.Vir -> Trojan.Dialer.ay : Error during cleaning
C:\RECYCLER\S-1-5-21-790525478-329068152-682003330-1003\Dc94.Vir -> Trojan.Dialer.ay : Error during cleaning
C:\RECYCLER\S-1-5-21-790525478-329068152-682003330-1003\Dc95.Vir -> Trojan.Dialer.ay : Error during cleaning
C:\RECYCLER\S-1-5-21-790525478-329068152-682003330-1003\Dc99.Vir -> Trojan.Dialer.ay : Error during cleaning
C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\KXMN0DAV\gdnUS2218[1].exe -> Downloader.Small.ayl : Cleaned with backup
::Report End
So, I cleaned Quarantine and Recycle out....
Ok, so I'm not really smart... I got rid of 99% of those problems. (cleaned IE cookies... I don't think Mozilla removes them, Cleaned the quarantine folder, and then emptied the recycling bin).
Now my log looks like this:
---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------
+ Created on: 11:43:43 PM, 3/23/2006
+ Report-Checksum: 325C7428
+ Scan result:
C:\Documents and Settings\Adam\Local Settings\Temporary Internet Files\Content.IE5\1S5QQCYB\gdnUS2218[1].exe -> Downloader.Small.ayl : Cleaned with backup
::Report End
pskelley
2006-03-24, 15:16
Hello Adam, and don't sell yourself short, I think you are pretty sharp. Most folks would have sat and waited for me to tell then to empty Quarantine and the Recycle Bin:bigthumb:
A look at the ewido scan results tells me the dialer your antivirus program was seeing was probably the one in quarantine. It is showing no other dialer and ewido is very good at finding dialers. I should also say here that the Firefox cookies can be controlled if you wish:
http://privacy.getnetwise.org/browsing/tools/firefox1/ffdisablecookies
http://www.mozilla.org/projects/security/pki/psm/help_21/using_priv_help.html
Since the HJT log was clean, here is some great information from Tony Klein, Texruss, ChrisRLG and Grinler to help you stay clean and safe online:
http://boards.cexx.org/viewtopic.php?t=957
http://russelltexas.com/malware/allclear.htm
http://forum.malwareremoval.com/viewtopic.php?t=14
http://www.bleepingcomputer.com/forums/topict2520.html
http://cybercoyote.org/security/not-admin.shtml
If you don't have a good cleaner, use this one with these instuctions:
Download CCleaner from this link: http://www.ccleaner.com/ Review the instructions http://www.ccleaner.com/help/tour1.asp
Run CCleaner, Windows & Applications when you run the registry cleaner (Issues) you will be prompted to backup before you can remove stuff, make sure you do.
System Restore does not know the good files from the bad. In case bad stuff has gotten into your System Restore files, follow the instructions in this link to get clean System Restore files. Turn it off, reboot then turn it back on:
http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001111912274039?Open&src=sec_doc_nam
If we can help with anything else, let us know...Safe surfing.
Thanks...pskelley
Safer Networking Forums
http://www.spybot.info/en/donate/index.html
If you are reading this information...thank a teacher,
If you are reading it in English...thank a soldier.
Ok, so I agree that it looks clean, but my AV still pops up saying something about "Dialer-257". Last time i checked and it says it finds the viruses in C:/Windows/Temp. I cleaned Temp out, but i'm sure that the virus will still pop back up. I'm up to 25 dialers since 2 this morning. It's getting crazy and i'm getting annoyed with it. Any more ideas??
Here's info from the AV:
Name: cmdpeaod.exe; In Folder: C:\Windows\Temp; Source: None; Detected As: Dialer-257; Detection Type: Dialer; Status: Moved(Clean Failed); Application: gdnUS2218.exe
I plan on googling the application name and seeing if i come up with anything, but just for giggles, here's the rest:
Current HJT:
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Logitech\MediaLife\MediaLifeService.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Trillian\trillian.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\WASTE\WASTE.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\Adam\Desktop\HijackThis.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MediaLifeService] "C:\Program Files\Logitech\MediaLife\MediaLifeService.exe"
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [AdwareAlert] C:\Program Files\AdwareAlert\AdwareAlert.Exe -boot
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: WASTE.lnk = C:\Program Files\WASTE\WASTE.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {06C0FDC4-64D8-4AE1-5198-4554054C548C} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} (20-20 Technologies Player) - https://bestbuy.mvm.com/bb_ki_ctx/jsp/views/modeldisplay/Core/Player/2020PlayerAX_Win32.cab
O16 - DPF: {42A5F095-21F0-4038-B50E-6FD22554BDA4} - http://85.255.113.214/1/gdnUS2218.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
and the Ewido log looks like this still:
---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------
+ Created on: 11:19:06 AM, 3/24/2006
+ Report-Checksum: 325C7428
+ Scan result:
C:\Documents and Settings\Adam\Local Settings\Temporary Internet Files\Content.IE5\1S5QQCYB\gdnUS2218[1].exe -> Downloader.Small.ayl : Cleaned with backup
::Report End
pskelley
2006-03-24, 20:03
That is not a complete HJT log. Let's take a look with Kaspersky, follow these directions:
Please do an online scan with Kaspersky Online Scanner
http://www.kaspersky.com/virusscanner
Click on Kaspersky Online Scanner
You will be promted to install an ActiveX component from Kaspersky, Click Yes.
The program will launch and then start to download the latest definition files.
Once the scanner is installed and the definitions downloaded, click Next.
Now click on Scan Settings
In the scan settings make sure that the following are selected:
Scan using the following Anti-Virus database:
Extended (If available otherwise Standard)
Scan Options:
Scan Archives
Scan Mail Bases
Click OK
Now under select a target to scan select My Computer
The scan will take a while so be patient and let it run. Once the scan is complete it will display if your system has been infected.
Now click on the Save as Text button:
Save the file to your desktop.
Copy and paste that information in your next post.
Thanks
-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Friday, March 24, 2006 6:06:01 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.78.0
Kaspersky Anti-Virus database last update: 24/03/2006
Kaspersky Anti-Virus database records: 172756
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
Scan Statistics:
Total number of scanned objects: 43647
Number of viruses found: 6
Number of infected objects: 16
Number of suspicious objects: 3
Duration of the scan process: 01:01:20
Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\Adam\Local Settings\Temporary Internet Files\Content.IE5\9UQXUXCI\gdnUS2218[1].exe Infected: Trojan-Downloader.Win32.Small.ayl skipped
C:\quarantine\fhhcgdpd.exe.Vir Infected: Trojan.Win32.Dialer.ay skipped
C:\quarantine\hafdloid.exe.Vir Infected: Trojan.Win32.Dialer.ay skipped
C:\quarantine\kebmaapd.exe.Vir Infected: Trojan.Win32.Dialer.ay skipped
C:\quarantine\meflmopd.exe.Vir Infected: Trojan.Win32.Dialer.ay skipped
C:\quarantine\ohhmjbpd.exe.Vir Infected: Trojan.Win32.Dialer.ay skipped
C:\System Volume Information\_restore{76950F3C-047C-4136-BB48-EEBF61CB9FC3}\RP59\A0004518.exe Suspicious: Type_Win32 skipped
C:\System Volume Information\_restore{76950F3C-047C-4136-BB48-EEBF61CB9FC3}\RP59\A0004519.exe/Keymaker.exe Suspicious: Type_Win32 skipped
C:\System Volume Information\_restore{76950F3C-047C-4136-BB48-EEBF61CB9FC3}\RP59\A0004519.exe/run.exe Infected: Trojan-Downloader.Win32.Small.ckj skipped
C:\System Volume Information\_restore{76950F3C-047C-4136-BB48-EEBF61CB9FC3}\RP59\A0004519.exe ZIP: infected - 1, suspicious - 1 skipped
C:\System Volume Information\_restore{76950F3C-047C-4136-BB48-EEBF61CB9FC3}\RP59\A0004522.exe/Keymaker.exe Suspicious: Type_Win32 skipped
C:\System Volume Information\_restore{76950F3C-047C-4136-BB48-EEBF61CB9FC3}\RP59\A0004522.exe/run.exe Infected: Trojan-Downloader.Win32.Small.ckj skipped
C:\System Volume Information\_restore{76950F3C-047C-4136-BB48-EEBF61CB9FC3}\RP59\A0004522.exe ZIP: infected - 1, suspicious - 1 skipped
C:\System Volume Information\_restore{76950F3C-047C-4136-BB48-EEBF61CB9FC3}\RP76\A0005170.exe/data0007 Infected: Trojan-Clicker.Win32.Agent.gy skipped
C:\System Volume Information\_restore{76950F3C-047C-4136-BB48-EEBF61CB9FC3}\RP76\A0005170.exe/data0008 Infected: Trojan-Downloader.Win32.Zlob.ja skipped
C:\System Volume Information\_restore{76950F3C-047C-4136-BB48-EEBF61CB9FC3}\RP76\A0005170.exe NSIS: infected - 2 skipped
C:\System Volume Information\_restore{76950F3C-047C-4136-BB48-EEBF61CB9FC3}\RP76\A0005170.exe UPX: infected - 2 skipped
C:\WINDOWS\system32\dfrgsrv.exe Infected: Trojan-Downloader.Win32.Zlob.ja skipped
C:\WINDOWS\system32\ld6B9A.tmp Infected: Trojan-Downloader.Win32.Zlob.ja skipped
Scan process completed.
pskelley
2006-03-25, 01:06
Thanks for returning that information, I am looking at the results now. Make sure you have all files and folders enabled: http://www.xtra.co.nz/help/0,,4155-1916458,00.html when you start you will need to do this in safe mode:
http://www.bleepingcomputer.com/tutorials/tutorial61.html First the items that are in quarantine need to be removed. These are not running and you should have no problem deleting them:
C:\quarantine\fhhcgdpd.exe.Vir Infected: Trojan.Win32.Dialer.ay skipped
C:\quarantine\hafdloid.exe.Vir Infected: Trojan.Win32.Dialer.ay skipped
C:\quarantine\kebmaapd.exe.Vir Infected: Trojan.Win32.Dialer.ay skipped
C:\quarantine\meflmopd.exe.Vir Infected: Trojan.Win32.Dialer.ay skipped
C:\quarantine\ohhmjbpd.exe.Vir Infected: Trojan.Win32.Dialer.ay skipped
This is probably something Network Associates creates to store quarantine when it needs it. You can leave the folder, just delete everything in it: C:\quarantine\ <<< delete the contents
These are the items that need to be deleted:
C:\Documents and Settings\Adam\Local Settings\Temporary Internet Files\Content.IE5\9UQXUXCI\gdnUS2218[1].exe Infected: Trojan-Downloader.Win32.Small.ayl skipped
This one is in the Temporary Internet Files folder, navigate there and delete everything in that folder. Make sure you see this go >> 9UQXUXCI\gdnUS2218[1].exe
C:\WINDOWS\system32\dfrgsrv.exe Infected: Trojan-Downloader.Win32.Zlob.ja skipped
C:\WINDOWS\system32\ld6B9A.tmp Infected: Trojan-Downloader.Win32.Zlob.ja skipped
These need to be deleted also. Navigate there and delete the files highlited in red.
Empty the recycle bin and restart the computer to Normal Mode. then follow these directions:
System Restore does not know the good files from the bad. In case bad stuff has gotten into your System Restore files, follow the instructions in this link to get clean System Restore files. Turn it off, reboot then turn it back on:
http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001111912274039?Open&src=sec_doc_nam
Run another Kaspersky scan and it should be clean, post it for me.
Thanks...Phil
This topic is closed due to lack of a response to helper.
If you need it re-opened please send me a pm and provide a link to the thread.
Thank you pskelley.