needupdate.com hijack

[mathew]

im having problems with a hijack in IE that refers to needupdate.com. my hijackthis log follows. thank you for providing this help for me.

Logfile of HijackThis v1.99.1
Scan saved at 5:05:15 PM, on 12/25/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvctrl.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\DSentry.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell\AccessDirect\dadapp.exe
C:\WINDOWS\system32\bcmwltry.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Barbara Mathison\Desktop\hijackthis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Barbara Mathison\Application Data\Mozilla\Profiles\default\op9o1g8s.slt\prefs.js)
O2 - BHO: HomepageBHO - {e0103cd4-d1ce-411a-b75b-4fec072867f4} - C:\WINDOWS\system32\hpD3F2.tmp
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll (file missing)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll (file missing)
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [DadApp] C:\Program Files\Dell\AccessDirect\dadapp.exe
O4 - HKLM\..\Run: [bcmwltry] bcmwltry.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [RemoveCpl] RemoveCpl.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [areslite] "C:\Program Files\Ares Lite Edition\AresLite.exe" -h
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: &Search - http://kl.bar.need2find.com/KL/menusearch.html?p=KL
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O18 - Filter: text/html - (no CLSID) - (no file)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (file missing)
O23 - Service: Symantec Network Proxy (ccProxy) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe (file missing)
O23 - Service: Symantec Password Validation (ccPwdSvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (file missing)
O23 - Service: ISSvc (ISSVC) - Unknown owner - C:\Program Files\Norton Internet Security\ISSVC.exe (file missing)
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Unknown owner - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe (file missing)
O23 - Service: SAVScan - Unknown owner - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe (file missing)
O23 - Service: ScriptBlocking Service (SBService) - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe (file missing)
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe (file missing)
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe (file missing)

[pskelley]

Two posters, edited...pskelley

[shelf life]

hi mathew,

we will use ad aware, then ewido while in safe mode:

first if you havent yet-- download/update both:

do a full scan in with ad aware, (do the ewido scan in safe mode)

Ad-Aware FULL SCAN:

http://www.lavasoftusa.com/software/adaware/
Install the program and launch it.

First in the main window look in the bottom right corner and click on Check for updates now then click Connect and download the latest reference files.

From main window :Click Start then under Select a scan Mode check Perform full system scan.
Next deselect Search for negligible risk entries.
Now to scan just click the Next button.

When the scan is finished mark everything for removal and get rid of it.(Right-click the window and choose select all from the drop down menu and click Next)
----------------------------------------------
ewido download/update:
1. Download Ewido and install
Ewido Security Suite. It is a free trial version of the program:

http://www.ewido.net/en/download/

2. Install ewido security suite
3. Launch ewido, there should be an icon on your desktop double-click it.
4. The program will now go to the main screen

You will need to update ewido to the latest definition files.

1. On the left hand side of the main screen click update
2. Then click on Start Update

The update will start and a progress bar will show the updates being installed.
--------------------------------------
after ewido is installed and updated ---->boot into safe mode:
restart computer, tap the f8 key, alist of options will come up, chose the first one: SAFE MODE

Once in SAFE MODE run ewido;

Click on scanner
Click on Complete System Scan and the scan will begin.
Once the scan has completed, there will be a button located on the bottom of the screen named Save report
Click Save report.
Save the report .txt file to your desktop.

close ewido, reboot computer normally, do a full system scan in "normal" mode once more with ad aware.
----------------------------------------
rescan and post a new hjt log and also post the saved ewido log...........shelf life

[mathew]

thank you for helping me with this.

here is my hjt log, my ewido log follows in the next post.



Logfile of HijackThis v1.99.1
Scan saved at 4:21:25 PM, on 12/28/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\mssearchnet.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\DSentry.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell\AccessDirect\dadapp.exe
C:\WINDOWS\system32\bcmwltry.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvctrl.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Barbara Mathison\Desktop\hijackthis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

http://www.dell4me.com/myway
N3 - Netscape 7: user_pref("browser.search.defaultengine",

"engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.s

rc"); (C:\Documents and Settings\Barbara Mathison\Application

Data\Mozilla\Profiles\default\op9o1g8s.slt\prefs.js)
O2 - BHO: HomepageBHO - {e0103cd4-d1ce-411a-b75b-4fec072867f4} -

C:\WINDOWS\system32\hp4FB5.tmp
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program

Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll (file missing)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program

Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll (file missing)
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [DadApp] C:\Program Files\Dell\AccessDirect\dadapp.exe
O4 - HKLM\..\Run: [bcmwltry] bcmwltry.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update

Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"

-osboot
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe

/Consumer
O4 - HKLM\..\Run: [RemoveCpl] RemoveCpl.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search &

Destroy\TeaTimer.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: &Search - http://kl.bar.need2find.com/KL/menusearch.html?p=KL
O8 - Extra context menu item: E&xport to Microsoft Excel -

res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -

C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program

Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -

C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation

Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O18 - Filter: text/html - (no CLSID) - (no file)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. -

C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. -

C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd -

C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common

Files\Symantec Shared\ccEvtMgr.exe (file missing)
O23 - Service: Symantec Network Proxy (ccProxy) - Unknown owner - C:\Program Files\Common

Files\Symantec Shared\ccProxy.exe (file missing)
O23 - Service: Symantec Password Validation (ccPwdSvc) - Unknown owner - C:\Program

Files\Common Files\Symantec Shared\ccPwdSvc.exe (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program

Files\Common Files\Symantec Shared\ccSetMgr.exe (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido

anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido

anti-malware\ewidoguard.exe
O23 - Service: ISSvc (ISSVC) - Unknown owner - C:\Program Files\Norton Internet

Security\ISSVC.exe (file missing)
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Unknown owner - C:\Program

Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe (file missing)
O23 - Service: SAVScan - Unknown owner - C:\Program Files\Norton Internet Security\Norton

AntiVirus\SAVScan.exe (file missing)
O23 - Service: ScriptBlocking Service (SBService) - Unknown owner -

C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe (file missing)
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program

Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Unknown owner - C:\Program Files\Common

Files\Symantec Shared\SPBBC\SPBBCSvc.exe (file missing)
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec

Shared\CCPD-LC\symlcsvc.exe (file missing)

____________________________________-

[mathew]

ewido part 1.


---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 3:45:09 PM, 12/28/2005
+ Report-Checksum: 2CCAC652

+ Scan result:

HKLM\SOFTWARE\Classes\CLSID\{4D1C4E81-A32A-416b-BCDB-33B3EF3617D3} -> Spyware.Need2Find : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{4D1C4E89-A32A-416b-BCDB-33B3EF3617D3} -> Spyware.Need2Find : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{4D1C4E8B-A32A-416b-BCDB-33B3EF3617D3} -> Spyware.Need2Find : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{630D6140-04C5-4db0-B27A-020D766FF09B} -> Spyware.Need2Find : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{4D1C4E8A-A32A-416B-BCDB-33B3EF3617D3} -> Spyware.Need2Find : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{4D1C4E8C-A32A-416B-BCDB-33B3EF3617D3} -> Spyware.Need2Find : Cleaned with backup
HKLM\SOFTWARE\Classes\Need2FindBar.SettingsPlugin -> Spyware.Need2Find : Cleaned with backup
HKLM\SOFTWARE\Classes\Need2FindBar.SettingsPlugin\CLSID -> Spyware.Need2Find : Cleaned with backup
HKLM\SOFTWARE\Classes\Need2FindBar.SettingsPlugin\CurVer -> Spyware.Need2Find : Cleaned with backup
HKLM\SOFTWARE\Classes\Need2FindBar.SettingsPlugin.1 -> Spyware.Need2Find : Cleaned with backup
HKLM\SOFTWARE\Classes\Need2FindBar.ToolbarPlugin -> Spyware.Need2Find : Cleaned with backup
HKLM\SOFTWARE\Classes\Need2FindBar.ToolbarPlugin\CLSID -> Spyware.Need2Find : Cleaned with backup
HKLM\SOFTWARE\Classes\Need2FindBar.ToolbarPlugin\CurVer -> Spyware.Need2Find : Cleaned with backup
HKLM\SOFTWARE\Classes\Need2FindBar.ToolbarPlugin.1 -> Spyware.Need2Find : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Need2FindBar Uninstall -> Spyware.Need2Find : Cleaned with backup
HKLM\SOFTWARE\Need2Find -> Spyware.Need2Find : Cleaned with backup
HKLM\SOFTWARE\Need2Find\bar -> Spyware.Need2Find : Cleaned with backup
HKLM\SOFTWARE\Need2Find\bar\Partner -> Spyware.Need2Find : Cleaned with backup
HKU\S-1-5-21-2836951245-1981800707-3796551901-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4D1C4E81-A32A-416B-BCDB-33B3EF3617D3} -> Spyware.Need2Find : Cleaned with backup
HKU\S-1-5-21-2836951245-1981800707-3796551901-1007\Software\Need2Find -> Spyware.Need2Find : Cleaned with backup
HKU\S-1-5-21-2836951245-1981800707-3796551901-1007\Software\Need2Find\bar -> Spyware.Need2Find : Cleaned with backup
:mozilla.11:C:\Documents and Settings\Barbara Mathison\Application Data\Mozilla\Firefox\Profiles\ysk00pr1.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.16:C:\Documents and Settings\Barbara Mathison\Application Data\Mozilla\Firefox\Profiles\ysk00pr1.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.25:C:\Documents and Settings\Barbara Mathison\Application Data\Mozilla\Firefox\Profiles\ysk00pr1.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.26:C:\Documents and Settings\Barbara Mathison\Application Data\Mozilla\Firefox\Profiles\ysk00pr1.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.27:C:\Documents and Settings\Barbara Mathison\Application Data\Mozilla\Firefox\Profiles\ysk00pr1.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.28:C:\Documents and Settings\Barbara Mathison\Application Data\Mozilla\Firefox\Profiles\ysk00pr1.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.29:C:\Documents and Settings\Barbara Mathison\Application Data\Mozilla\Firefox\Profiles\ysk00pr1.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.30:C:\Documents and Settings\Barbara Mathison\Application Data\Mozilla\Firefox\Profiles\ysk00pr1.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.31:C:\Documents and Settings\Barbara Mathison\Application Data\Mozilla\Firefox\Profiles\ysk00pr1.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.37:C:\Documents and Settings\Barbara Mathison\Application Data\Mozilla\Firefox\Profiles\ysk00pr1.default\cookies.txt -> Spyware.Cookie.Euroclick : Cleaned with backup
:mozilla.38:C:\Documents and Settings\Barbara Mathison\Application Data\Mozilla\Firefox\Profiles\ysk00pr1.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.39:C:\Documents and Settings\Barbara Mathison\Application Data\Mozilla\Firefox\Profiles\ysk00pr1.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.40:C:\Documents and Settings\Barbara Mathison\Application Data\Mozilla\Firefox\Profiles\ysk00pr1.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.41:C:\Documents and Settings\Barbara Mathison\Application Data\Mozilla\Firefox\Profiles\ysk00pr1.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.47:C:\Documents and Settings\Barbara Mathison\Application Data\Mozilla\Firefox\Profiles\ysk00pr1.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.48:C:\Documents and Settings\Barbara Mathison\Application Data\Mozilla\Firefox\Profiles\ysk00pr1.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.49:C:\Documents and Settings\Barbara Mathison\Application Data\Mozilla\Firefox\Profiles\ysk00pr1.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.50:C:\Documents and Settings\Barbara Mathison\Application Data\Mozilla\Firefox\Profiles\ysk00pr1.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.85:C:\Documents and Settings\Barbara Mathison\Application Data\Mozilla\Firefox\Profiles\ysk00pr1.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.88:C:\Documents and Settings\Barbara Mathison\Application Data\Mozilla\Firefox\Profiles\ysk00pr1.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.89:C:\Documents and Settings\Barbara Mathison\Application Data\Mozilla\Firefox\Profiles\ysk00pr1.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.90:C:\Documents and Settings\Barbara Mathison\Application Data\Mozilla\Firefox\Profiles\ysk00pr1.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.91:C:\Documents and Settings\Barbara Mathison\Application Data\Mozilla\Firefox\Profiles\ysk00pr1.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.92:C:\Documents and Settings\Barbara Mathison\Application Data\Mozilla\Firefox\Profiles\ysk00pr1.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.93:C:\Documents and Settings\Barbara Mathison\Application Data\Mozilla\Firefox\Profiles\ysk00pr1.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.97:C:\Documents and Settings\Barbara Mathison\Application Data\Mozilla\Firefox\Profiles\ysk00pr1.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.103:C:\Documents and Settings\Barbara Mathison\Application Data\Mozilla\Firefox\Profiles\ysk00pr1.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.104:C:\Documents and Settings\Barbara Mathison\Application Data\Mozilla\Firefox\Profiles\ysk00pr1.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.133:C:\Documents and Settings\Barbara Mathison\Application Data\Mozilla\Firefox\Profiles\ysk00pr1.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.134:C:\Documents and Settings\Barbara Mathison\Application Data\Mozilla\Firefox\Profiles\ysk00pr1.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.135:C:\Documents and Settings\Barbara Mathison\Application Data\Mozilla\Firefox\Profiles\ysk00pr1.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.136:C:\Documents and Settings\Barbara Mathison\Application Data\Mozilla\Firefox\Profiles\ysk00pr1.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.137:C:\Documents and Settings\Barbara Mathison\Application Data\Mozilla\Firefox\Profiles\ysk00pr1.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.138:C:\Documents and Settings\Barbara Mathison\Application Data\Mozilla\Firefox\Profiles\ysk00pr1.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.139:C:\Documents and Settings\Barbara Mathison\Application Data\Mozilla\Firefox\Profiles\ysk00pr1.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.140:C:\Documents and Settings\Barbara Mathison\Application Data\Mozilla\Firefox\Profiles\ysk00pr1.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.145:C:\Documents and Settings\Barbara Mathison\Application Data\Mozilla\Firefox\Profiles\ysk00pr1.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.146:C:\Documents and Settings\Barbara Mathison\Application Data\Mozilla\Firefox\Profiles\ysk00pr1.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.156:C:\Documents and Settings\Barbara Mathison\Application Data\Mozilla\Firefox\Profiles\ysk00pr1.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.249:C:\Documents and Settings\Barbara Mathison\Application Data\Mozilla\Firefox\Profiles\ysk00pr1.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.254:C:\Documents and Settings\Barbara Mathison\Application Data\Mozilla\Firefox\Profiles\ysk00pr1.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.265:C:\Documents and Settings\Barbara Mathison\Application Data\Mozilla\Firefox\Profiles\ysk00pr1.default\cookies.txt -> Spyware.Cookie.Mysearch : Cleaned with backup
:mozilla.266:C:\Documents and Settings\Barbara Mathison\Application Data\Mozilla\Firefox\Profiles\ysk00pr1.default\cookies.txt -> Spyware.Cookie.Mysearch : Cleaned with backup
:mozilla.297:C:\Documents and Settings\Barbara Mathison\Application Data\Mozilla\Firefox\Profiles\ysk00pr1.default\cookies.txt -> Spyware.Cookie.Paycounter : Cleaned with backup
:mozilla.306:C:\Documents and Settings\Barbara Mathison\Application Data\Mozilla\Firefox\Profiles\ysk00pr1.default\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
:mozilla.307:C:\Documents and Settings\Barbara Mathison\Application Data\Mozilla\Firefox\Profiles\ysk00pr1.default\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
:mozilla.315:C:\Documents and Settings\Barbara Mathison\Application Data\Mozilla\Firefox\Profiles\ysk00pr1.default\cookies.txt -> Spyware.Cookie.Revenue : Cleaned with backup
:mozilla.319:C:\Documents and Settings\Barbara Mathison\Application Data\Mozilla\Firefox\Profiles\ysk00pr1.default\cookies.txt -> Spyware.Cookie.Adjuggler : Cleaned with backup
:mozilla.320:C:\Documents and Settings\Barbara Mathison\Application Data\Mozilla\Firefox\Profiles\ysk00pr1.default\cookies.txt -> Spyware.Cookie.Adjuggler : Cleaned with backup
:mozilla.338:C:\Documents and Settings\Barbara Mathison\Application Data\Mozilla\Firefox\Profiles\ysk00pr1.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.339:C:\Documents and Settings\Barbara Mathison\Application Data\Mozilla\Firefox\Profiles\ysk00pr1.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.340:C:\Documents and Settings\Barbara Mathison\Application Data\Mozilla\Firefox\Profiles\ysk00pr1.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.341:C:\Documents and Settings\Barbara Mathison\Application Data\Mozilla\Firefox\Profiles\ysk00pr1.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.342:C:\Documents and Settings\Barbara Mathison\Application Data\Mozilla\Firefox\Profiles\ysk00pr1.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.354:C:\Documents and Settings\Barbara Mathison\Application Data\Mozilla\Firefox\Profiles\ysk00pr1.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
:mozilla.356:C:\Documents and Settings\Barbara Mathison\Application Data\Mozilla\Firefox\Profiles\ysk00pr1.default\cookies.txt ->

[mathew]

ewido part 2.

Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.361:C:\Documents and Settings\Barbara Mathison\Application Data\Mozilla\Firefox\Profiles\ysk00pr1.default\cookies.txt -> Spyware.Cookie.Valuead : Cleaned with backup
:mozilla.362:C:\Documents and Settings\Barbara Mathison\Application Data\Mozilla\Firefox\Profiles\ysk00pr1.default\cookies.txt -> Spyware.Cookie.Valuead : Cleaned with backup
:mozilla.363:C:\Documents and Settings\Barbara Mathison\Application Data\Mozilla\Firefox\Profiles\ysk00pr1.default\cookies.txt -> Spyware.Cookie.Valuead : Cleaned with backup
:mozilla.364:C:\Documents and Settings\Barbara Mathison\Application Data\Mozilla\Firefox\Profiles\ysk00pr1.default\cookies.txt -> Spyware.Cookie.Valuead : Cleaned with backup
:mozilla.434:C:\Documents and Settings\Barbara Mathison\Application Data\Mozilla\Firefox\Profiles\ysk00pr1.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.435:C:\Documents and Settings\Barbara Mathison\Application Data\Mozilla\Firefox\Profiles\ysk00pr1.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.436:C:\Documents and Settings\Barbara Mathison\Application Data\Mozilla\Firefox\Profiles\ysk00pr1.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.437:C:\Documents and Settings\Barbara Mathison\Application Data\Mozilla\Firefox\Profiles\ysk00pr1.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.442:C:\Documents and Settings\Barbara Mathison\Application Data\Mozilla\Firefox\Profiles\ysk00pr1.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.443:C:\Documents and Settings\Barbara Mathison\Application Data\Mozilla\Firefox\Profiles\ysk00pr1.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.444:C:\Documents and Settings\Barbara Mathison\Application Data\Mozilla\Firefox\Profiles\ysk00pr1.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.445:C:\Documents and Settings\Barbara Mathison\Application Data\Mozilla\Firefox\Profiles\ysk00pr1.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.446:C:\Documents and Settings\Barbara Mathison\Application Data\Mozilla\Firefox\Profiles\ysk00pr1.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.447:C:\Documents and Settings\Barbara Mathison\Application Data\Mozilla\Firefox\Profiles\ysk00pr1.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.452:C:\Documents and Settings\Barbara Mathison\Application Data\Mozilla\Firefox\Profiles\ysk00pr1.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.455:C:\Documents and Settings\Barbara Mathison\Application Data\Mozilla\Firefox\Profiles\ysk00pr1.default\cookies.txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
:mozilla.459:C:\Documents and Settings\Barbara Mathison\Application Data\Mozilla\Firefox\Profiles\ysk00pr1.default\cookies.txt -> Spyware.Cookie.Masterstats : Cleaned with backup
:mozilla.483:C:\Documents and Settings\Barbara Mathison\Application Data\Mozilla\Firefox\Profiles\ysk00pr1.default\cookies.txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup
:mozilla.6:C:\Documents and Settings\Barbara Mathison\Application Data\Mozilla\Profiles\default\op9o1g8s.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.7:C:\Documents and Settings\Barbara Mathison\Application Data\Mozilla\Profiles\default\op9o1g8s.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.8:C:\Documents and Settings\Barbara Mathison\Application Data\Mozilla\Profiles\default\op9o1g8s.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.9:C:\Documents and Settings\Barbara Mathison\Application Data\Mozilla\Profiles\default\op9o1g8s.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.10:C:\Documents and Settings\Barbara Mathison\Application Data\Mozilla\Profiles\default\op9o1g8s.slt\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.11:C:\Documents and Settings\Barbara Mathison\Application Data\Mozilla\Profiles\default\op9o1g8s.slt\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.12:C:\Documents and Settings\Barbara Mathison\Application Data\Mozilla\Profiles\default\op9o1g8s.slt\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.16:C:\Documents and Settings\Barbara Mathison\Application Data\Mozilla\Profiles\default\op9o1g8s.slt\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.22:C:\Documents and Settings\Barbara Mathison\Application Data\Mozilla\Profiles\default\op9o1g8s.slt\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
C:\Documents and Settings\Barbara Mathison\Cookies\barbara mathison@ad.yieldmanager[1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Barbara Mathison\Cookies\barbara mathison@adopt.euroclick[1].txt -> Spyware.Cookie.Euroclick : Cleaned with backup
C:\Documents and Settings\Barbara Mathison\Cookies\barbara mathison@adopt.specificclick[1].txt -> Spyware.Cookie.Specificclick : Cleaned with backup
C:\Documents and Settings\Barbara Mathison\Cookies\barbara mathison@burstnet[1].txt -> Spyware.Cookie.Burstnet : Cleaned with backup
C:\Documents and Settings\Barbara Mathison\Cookies\barbara mathison@com[2].txt -> Spyware.Cookie.Com : Cleaned with backup
C:\Documents and Settings\Barbara Mathison\Cookies\barbara mathison@e-2dj6wfkycgazifp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Barbara Mathison\Cookies\barbara mathison@e-2dj6wfl4ekcpmbo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Barbara Mathison\Cookies\barbara mathison@e-2dj6wjkockd5adq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Barbara Mathison\Cookies\barbara mathison@e-2dj6wjliapd5aho.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Barbara Mathison\Cookies\barbara mathison@e-2dj6wjliwmcjehq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Barbara Mathison\Cookies\barbara mathison@e-2dj6wjliwmd5edp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Barbara Mathison\Cookies\barbara mathison@e-2dj6wjmikgczwap.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Barbara Mathison\Cookies\barbara mathison@e-2dj6wjny-1ndjic.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Barbara Mathison\Cookies\barbara mathison@e-2dj6wjnycmc5ako.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Barbara Mathison\Cookies\barbara mathison@entrepreneur.122.2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Barbara Mathison\Cookies\barbara mathison@image.masterstats[1].txt -> Spyware.Cookie.Masterstats : Cleaned with backup
C:\Documents and Settings\Barbara Mathison\Cookies\barbara mathison@ivwbox[2].txt -> Spyware.Cookie.Ivwbox : Cleaned with backup
C:\Documents and Settings\Barbara Mathison\Cookies\barbara mathison@microsofteup.112.2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Barbara Mathison\Cookies\barbara mathison@msnportal.112.2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Barbara Mathison\Cookies\barbara mathison@mysearch[1].txt -> Spyware.Cookie.Mysearch : Cleaned with backup
C:\Documents and Settings\Barbara Mathison\Cookies\barbara mathison@rotator.adjuggler[1].txt -> Spyware.Cookie.Adjuggler : Cleaned with backup
C:\Documents and Settings\Barbara Mathison\Cookies\barbara mathison@vip.clickzs[2].txt -> Spyware.Cookie.Clickzs : Cleaned with backup
C:\Documents and Settings\Barbara Mathison\Cookies\barbara mathison@yieldmanager[1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Program Files\Need2Find -> Spyware.Need2Find : Cleaned with backup
C:\Program Files\Need2Find\bar -> Spyware.Need2Find : Cleaned with backup
C:\Program Files\Need2Find\bar\1.bin -> Spyware.Need2Find : Cleaned with backup
C:\Program Files\Need2Find\bar\1.bin\N2FFXTBR.JAR -> Spyware.Need2Find : Cleaned with backup
C:\Program Files\Need2Find\bar\1.bin\N2NTSTBR.JAR -> Spyware.Need2Find : Cleaned with backup
C:\Program Files\Need2Find\bar\1.bin\N2PLUGIN.DLL -> Spyware.Need2Find : Cleaned with backup
C:\Program Files\Need2Find\bar\1.bin\NPND2FN.DLL -> Spyware.Need2Find : Cleaned with backup
C:\Program Files\Need2Find\bar\1.bin\PARTNER.DAT -> Spyware.Need2Find : Cleaned with backup
C:\Program Files\Need2Find\bar\Cache -> Spyware.Need2Find : Cleaned with backup
C:\Program Files\Need2Find\bar\Cache\00179BC4 -> Spyware.Need2Find : Cleaned with backup
C:\Program Files\Need2Find\bar\Cache\0078EA14 -> Spyware.Need2Find : Cleaned with backup
C:\Program Files\Need2Find\bar\Cache\files.ini -> Spyware.Need2Find : Cleaned with backup
C:\Program Files\Need2Find\bar\History -> Spyware.Need2Find : Cleaned with backup
C:\Program Files\Need2Find\bar\History\search -> Spyware.Need2Find : Cleaned with backup
C:\Program Files\Need2Find\bar\Settings -> Spyware.Need2Find : Cleaned with backup
C:\Program Files\Need2Find\bar\Settings\prevcfg.htm -> Spyware.Need2Find : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP346\A0275505.DLL -> Spyware.MySearch : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP348\A0276621.tlb -> Downloader.Zlob.de : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP348\A0276632.tlb -> Downloader.Zlob.de : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP348\A0276643.tlb -> Downloader.Zlob.de : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP349\A0276674.tlb -> Downloader.Zlob.de : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP349\A0277675.tlb -> Downloader.Zlob.de : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP349\A0277691.tlb -> Downloader.Zlob.dk : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP349\A0278691.tlb -> Downloader.Zlob.dk : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP349\A0278701.exe -> Downloader.Zlob.dj : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP349\A0279691.tlb -> Downloader.Zlob.dj : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP349\A0280719.tlb -> Downloader.Zlob.dj : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP352\A0284016.exe -> Downloader.Zlob.dk : Cleaned with backup
C:\WINDOWS\SYSTEM32\ld92F8.tmp -> Downloader.Zlob.cy : Cleaned with backup


::Report End

[shelf life]

hi mathew,

ok scan with HJT, put a checkmark beside the items below, close all windows and click fix checked.

O2 - BHO: HomepageBHO - {e0103cd4-d1ce-411a-b75b-4fec072867f4} -

C:\WINDOWS\system32\hp4FB5.tmp
-------------------------------------
look in the C:\WINDOWS\system32 dir and see if you can find--->hp4FB5.tmp if so delete it. if it gives you problems boot into safe mode to delete if
run ewido once more, let me know how its going.

looks like you may have ares running all the time. if you see the icon by the clock then it is. your connected to the network. its not a good idea to keep it running all the time.........shelf life

[mathew]

thank you for your help!
ive banned one of the boys from using the computer, as Ares was being used for porn.

there seems to be a downloader called "zlob" that keeps getting found, sometimes in quick sussession by ewido. more misery
ive been doing my scans in safe mode to clean them out before thay can start up.

my ewido scan got cut into two scan, the first i didnt get a report from, the second i did.

ewido log.
---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 4:12:43 AM, 1/2/2006
+ Report-Checksum: 1FABA89F

+ Scan result:

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP353\A0286067.DLL -> Spyware.MyWebSearch : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP353\A0286068.DLL -> Spyware.MyWebSearch : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP353\A0286080.exe -> Downloader.Zlob.dl : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP354\A0286133.exe -> Downloader.Zlob.bn : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP354\A0286134.exe -> Downloader.Zlob.dl : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP355\A0286186.exe -> Trojan.Agent.il : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP355\A0286187.exe -> Downloader.Zlob.do : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP355\A0288280.exe -> Trojan.Agent.il : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP356\A0290310.exe -> Downloader.Zlob.bu : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP356\A0290337.exe -> Downloader.Zlob.dr : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP356\A0291357.dll -> Downloader.Zlob.dr : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP356\A0291358.dll -> Downloader.Zlob.dr : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP356\A0291359.dll -> Downloader.Zlob.dr : Cleaned with backup
C:\WINDOWS\SYSTEM32\hp25BE.tmp -> Downloader.Zlob.dr : Cleaned with backup
C:\WINDOWS\SYSTEM32\hp55D0.tmp -> Downloader.Zlob.dr : Cleaned with backup
C:\WINDOWS\SYSTEM32\hp7149.tmp -> Downloader.Zlob.dr : Cleaned with backup


::Report End

[shelf life]

hi mathew,

ok lets try this for a fix; first we will download some more apps, install update but dont run them yet--- until we are in safe mode: you might want to copy this to notepad and save somewhere so you can get to it while in safe mode

1)Download smitRem.zip and save the file to your desktop.
Right click on the file and extract it to it's own folder on the desktop. we will use it in safe mode

http://noahdfear.geekstogo.com/click...click.php?id=1
--------------------------------------------
2)Place a shortcut to Panda ActiveScan on your desktop.

http://www.pandasoftware.com/actives..._principal.htm
------------------------------------
3)check ewido for any updates, but dont scan just yet

4)If you have not installed Ad-Aware SE 1.06, download, install and update it but dont run it just yet

Ad-Aware FULL SCAN:

http://www.lavasoftusa.com/software/adaware/
Install the program and launch it.

First in the main window look in the bottom right corner and click on Check for updates now- then click Connect and download the latest reference files. dont run it yet
---------------------------------------------
5) ok now we are ready to go. boot computer into SAFE MODE by tapping the f8 key during restart. chose the first option safe mode. may take couple minutes to get to the safe mode desktop. ok once in safe mode:

Now scan with HJT and place a checkmark next to each of the following items and click 'Fix Checked': (if its there, if not skip this step)

O2 - BHO: HomepageBHO - {e0103cd4-d1ce-411a-b75b-4fec072867f4} -

C:\WINDOWS\system32\hp4FB5.tmp
--------------------------------------------
6)Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen.
Wait for the tool to complete and disk cleanup to finish.

The tool will create a log named smitfiles.txt in the root of your drive, eg; Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.


Open Ad-aware and do a full scan. Remove all it finds.
ad aware:
From main window :Click Start then under Select a scan Mode check Perform full system scan.
Next deselect Search for negligible risk entries.
Now to scan just click the Next button.

When the scan is finished mark everything for removal and get rid of it.(Right-click the window and choose select all from the drop down menu and click Next)

next run ewido:
Click on scanner
Click Complete System Scan and the scan will begin.
During the scan it will prompt you to clean files, click OK
When it asks if you want to clean the first file, put a check in the lower left corner of the box that says "Perform action on all infections" then choose clean and click OK.
When the scan is finished, click the Save report button at the bottom of the screen.
Save the report to your desktop

Close Ewido


Next go to Control Panel click Display > Desktop > Customize Desktop > Website > Uncheck "Security Info" if present.

Reboot computer normally and click the Panda ActiveScan shortcut.

- Once you are on the Panda site click the Scan your PC button
- A new window will open...click the Check Now button
- Enter your Country
- Enter your State/Province
- Enter your e-mail address and click send
- Select either Home User or Company
- Click the big Scan Now button
- If it wants to install an ActiveX component allow it
- It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
- When download is complete, click on Local Disks to start the scan
- When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.
-------------------------------------
ok all done, rescan with hjt and post a new log along with the smitfiles.txt in next reply..........shelf life

[tashi]

Hi mathew, how are things going?