lolocaust Posted May 26, 2006 Report Share Posted May 26, 2006 Logfile of HijackThis v1.99.1Scan saved at 5:16:08 PM, on 5/26/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exeC:\Program Files\Norton AntiVirus\navapsvc.exeC:\Program Files\Norton AntiVirus\IWP\NPFMntor.exeC:\WINDOWS\Explorer.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Analog Devices\Core\smax4pnp.exeC:\Program Files\Java\j2re1.4.2_03\bin\jusched.exeC:\Program Files\CyberLink\PowerDVD\DVDLauncher.exeC:\Program Files\Real\RealPlayer\RealPlay.exeC:\Program Files\Dell\Media Experience\DMXLauncher.exeC:\WINDOWS\system32\dla\tfswctrl.exeC:\PROGRA~1\MUSICM~1\MUSICM~3\mm_tray.exeC:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exeC:\Updater.exeC:\WINDOWS\system32\454f66a6.exeC:\Program Files\Common Files\Symantec Shared\ccApp.exeC:\Program Files\Digital Line Detect\DLG.exeC:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exeC:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Documents and Settings\Anthony\Desktop\hijackthis\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.comR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.euveeaqbewamveumxxaghiwiw.info/...tWOrqGCCPy.htmlR0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.comF2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\fservice.exeF3 - REG:win.ini: load=C:\WINDOWS\system32\rcnoke\csrss.exeF3 - REG:win.ini: run=C:\WINDOWS\system32\rcnoke\csrss.exeO2 - BHO: (no name) - {00000000-59D4-4008-9058-080011001200} - (no file)O2 - BHO: (no name) - {00000000-C1EC-0345-6EC2-4D0300000000} - (no file)O2 - BHO: (no name) - {00000000-F09C-02B4-6EC2-AD0300000000} - (no file)O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dllO2 - BHO: (no name) - {196B9CB5-4C83-46F7-9B06-9672ECD9D99B} - C:\WINDOWS\SYSTEM32\winbrume.dll (file missing)O2 - BHO: (no name) - {3ceff6cd-6f08-4e4d-bccd-ff7415288c3b} - (no file)O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dllO2 - BHO: C:\DOCUME~1\Anthony\LOCALS~1\Temp\ssc.dll - {60E61928-B0DE-47C0-8EB1-D9C9417647D7} - C:\DOCUME~1\Anthony\LOCALS~1\Temp\ssc.dllO2 - BHO: winapi32.MyBHO - {62E2E094-F989-48C6-B947-6E79DA2294F9} - C:\WINDOWS\system32\winapi32.dll (file missing)O2 - BHO: (no name) - {77701e16-9bfe-4b63-a5b4-7bd156758a37} - (no file)O2 - BHO: (no name) - {7b55bb05-0b4d-44fd-81a6-b136188f5deb} - (no file)O2 - BHO: (no name) - {8333c319-0669-4893-a418-f56d9249fca6} - (no file)O2 - BHO: (no name) - {9c691a33-7dda-4c2f-be4c-c176083f35cf} - (no file)O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dllO2 - BHO: (no name) - {C8F21DFE-B35C-4274-82EC-1E072D09025E} - C:\WINDOWS\SYSTEM32\winbrume.dll (file missing)O2 - BHO: (no name) - {e52dedbb-d168-4bdb-b229-c48160800e81} - (no file)O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)O2 - BHO: (no name) - {ffd2825e-0785-40c5-9a41-518f53a8261f} - (no file)O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dllO4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exeO4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exeO4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYERO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exeO4 - HKLM\..\Run: [updateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /rO4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exeO4 - HKLM\..\Run: [MMTray] C:\PROGRA~1\MUSICM~1\MUSICM~3\mm_tray.exeO4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exeO4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exeO4 - HKLM\..\Run: [iRiver Updater] \Updater.exeO4 - HKLM\..\Run: [454f66a6] C:\WINDOWS\system32\454f66a6.exeO4 - HKLM\..\Run: [iST Service] C:\Program Files\ISTsvc\istsvc.exeO4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /ConsumerO4 - HKLM\..\Run: [Adware.Srv32] C:\WINDOWS\system32\runsrv32.exeO4 - HKLM\..\Run: [Transponder] C:\WINDOWS\system32\susp.exeO4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exeO4 - Global Startup: Digital Line Detect.lnk = ?O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exeO4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exeO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLLO9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dllO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO15 - Trusted Zone: *.coolwebsearch.comO15 - Trusted Zone: *.musicmatch.comO16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cabO16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cabO16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cabO16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cabO16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cabO16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553543256} - http://www.teensburn.com/videos/toolbar.cabO16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{236E5315-EEEB-4576-9F75-B716DA4E7593}: NameServer = 24.226.10.119,24.226.1.93O17 - HKLM\System\CS1\Services\Tcpip\..\{236E5315-EEEB-4576-9F75-B716DA4E7593}: NameServer = 24.226.10.119,24.226.1.93O17 - HKLM\System\CS2\Services\Tcpip\..\{236E5315-EEEB-4576-9F75-B716DA4E7593}: NameServer = 24.226.10.119,24.226.1.93O17 - HKLM\System\CS3\Services\Tcpip\..\{236E5315-EEEB-4576-9F75-B716DA4E7593}: NameServer = 24.226.10.119,24.226.1.93O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dllO23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exeO23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exeO23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeO23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exeO23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeO23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exeO23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exeO23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exeO23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exeO23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeO23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeO23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exeIf you've looked at this, i thank you s0 much Link to post Share on other sites
Matt Posted May 26, 2006 Report Share Posted May 26, 2006 Hello and welcome to Besttechie! I will be assisting you! You have quite a messy log, so I'm going to have you run a scan first.Please follow the instructions provided, you may want to print out these instructions and use them as a reference.Please download ewido anti-malware it is a free version of the program.Install ewido anti-malwareWhen installing, under "Additional Options" uncheck..Install background guardInstall scan via context menu[*]Launch ewido, there should be an icon on your desktop, double-click it.[*]The program will now open to the main screen.[*]When you run ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment.[*]You will need to update ewido to the latest definition files.On the left hand side of the main screen click update.Then click on Start Update.[*]The update will start and a progress bar will show the updates being installed.(the status bar at the bottom will display ("Update successful")If you are having problems with the updater, you can use this link to manually update ewido.ewido manual updatesOnce the updates are installed do the following:Click on scannerClick on Complete System Scan and the scan will begin.You will be prompted to clean the first infection.Select "Perform action on all infections", then proceed.Once the scan has completed, there will be a button located on the bottom of the screen named Save reportClick Save report.Save the report .txt file to your desktop or a location where you can find it easily.Post back with the Ewido report and a new HJT log Link to post Share on other sites
lolocaust Posted June 2, 2006 Author Report Share Posted June 2, 2006 ewido...or something, or other. ... Log--------------------------------------------------------- ewido anti-malware - Scan report--------------------------------------------------------- + Created on: 5:20:00 PM, 6/2/2006 + Report-Checksum: 18331CE1 + Scan result: HKLM\SOFTWARE\Alexa Internet -> Adware.Alexa : Cleaned with backup HKLM\SOFTWARE\Classes\AlxTB.BHO -> Adware.Alexa : Cleaned with backup HKLM\SOFTWARE\Classes\AppID\DailyToolbar.DLL -> Adware.DailyToolbar : Cleaned with backup HKLM\SOFTWARE\Classes\Bridge.brdg -> Adware.BlazeFind : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{E52DEDBB-D168-4BDB-B229-C48160800E81} -> Hijacker.Generic : Cleaned with backup HKLM\SOFTWARE\Classes\DailyToolbar.IEBand -> Adware.DailyToolbar : Cleaned with backup HKLM\SOFTWARE\Classes\DailyToolbar.SysMgr -> Adware.DailyToolbar : Cleaned with backup HKLM\SOFTWARE\Classes\IEToolbar.AffiliateCtl -> Adware.DailyToolbar : Cleaned with backup HKLM\SOFTWARE\Classes\jao.jao -> Adware.BlazeFind : Cleaned with backup HKLM\SOFTWARE\Classes\PopMenu.Menu -> Adware.Alexa : Cleaned with backup HKLM\SOFTWARE\Classes\Popup.PopupKiller -> Adware.Alexa : Cleaned with backup HKLM\SOFTWARE\Classes\TypeLib\{31F9B5A7-5B94-445D-922C-E97BF52F5FD7} -> Adware.SpySheriff : Cleaned with backup HKLM\SOFTWARE\DailyToolbar -> Adware.DailyToolbar : Cleaned with backup HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e52dedbb-d168-4bdb-b229-c48160800e81} -> Hijacker.Generic : Cleaned with backup HKLM\SOFTWARE\NIX Solutions -> Adware.DailyToolbar : Cleaned with backup HKLM\SOFTWARE\NIX Solutions\DailyToolbar -> Adware.DailyToolbar : Cleaned with backup HKLM\SOFTWARE\RespondMiter -> Adware.VX2 : Cleaned with backup HKU\S-1-5-21-3185293709-432767316-2185314009-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C2EEB4FA-B6D6-41B9-9CFA-ABA87F862BCB} -> Adware.Generic : Cleaned with backup HKU\S-1-5-21-3185293709-432767316-2185314009-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C2EEB4FA-B6D6-41B9-9CFA-ABA87F862BCB} -> Adware.Generic : Cleaned with backup HKU\S-1-5-21-3185293709-432767316-2185314009-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E52DEDBB-D168-4BDB-B229-C48160800E81} -> Hijacker.Generic : Cleaned with backup :mozilla.18:C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\c7ljklig.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup :mozilla.21:C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\c7ljklig.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup :mozilla.22:C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\c7ljklig.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup :mozilla.23:C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\c7ljklig.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup :mozilla.24:C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\c7ljklig.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup :mozilla.25:C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\c7ljklig.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup :mozilla.26:C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\c7ljklig.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup :mozilla.27:C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\c7ljklig.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup :mozilla.28:C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\c7ljklig.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup :mozilla.29:C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\c7ljklig.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup :mozilla.36:C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\c7ljklig.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup :mozilla.37:C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\c7ljklig.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup :mozilla.38:C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\c7ljklig.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup :mozilla.46:C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\c7ljklig.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup :mozilla.47:C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\c7ljklig.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup :mozilla.48:C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\c7ljklig.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup :mozilla.49:C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\c7ljklig.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup :mozilla.50:C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\c7ljklig.default\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup :mozilla.51:C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\c7ljklig.default\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup :mozilla.52:C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\c7ljklig.default\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup :mozilla.56:C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\c7ljklig.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup :mozilla.62:C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\c7ljklig.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup :mozilla.63:C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\c7ljklig.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup :mozilla.64:C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\c7ljklig.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup :mozilla.65:C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\c7ljklig.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup C:\Documents and Settings\Anthony\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\omfg.class-593ebb39-6f940498.class -> Downloader.OpenStream.y : Cleaned with backup C:\Documents and Settings\Anthony\Cookies\anthony@247realmedia[2].txt -> TrackingCookie.247realmedia : Cleaned with backup C:\Documents and Settings\Anthony\Cookies\[email protected][2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup C:\Documents and Settings\Anthony\Cookies\[email protected][1].txt -> TrackingCookie.Clickhype : Cleaned with backup C:\Documents and Settings\Anthony\Cookies\anthony@adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned with backup C:\Documents and Settings\Anthony\Cookies\anthony@adjuggler[1].txt -> TrackingCookie.Adjuggler : Cleaned with backup C:\Documents and Settings\Anthony\Cookies\[email protected][1].txt -> TrackingCookie.Euroclick : Cleaned with backup C:\Documents and Settings\Anthony\Cookies\[email protected][2].txt -> TrackingCookie.Addynamix : Cleaned with backup C:\Documents and Settings\Anthony\Cookies\[email protected][2].txt -> TrackingCookie.Pointroll : Cleaned with backup C:\Documents and Settings\Anthony\Cookies\[email protected][1].txt -> TrackingCookie.Revenue : Cleaned with backup C:\Documents and Settings\Anthony\Cookies\anthony@advertising[2].txt -> TrackingCookie.Advertising : Cleaned with backup C:\Documents and Settings\Anthony\Cookies\[email protected][1].txt -> TrackingCookie.Falkag : Cleaned with backup C:\Documents and Settings\Anthony\Cookies\anthony@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup C:\Documents and Settings\Anthony\Cookies\anthony@bluestreak[1].txt -> TrackingCookie.Bluestreak : Cleaned with backup C:\Documents and Settings\Anthony\Cookies\anthony@burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned with backup C:\Documents and Settings\Anthony\Cookies\anthony@casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned with backup C:\Documents and Settings\Anthony\Cookies\anthony@com[1].txt -> TrackingCookie.Com : Cleaned with backup C:\Documents and Settings\Anthony\Cookies\[email protected][1].txt -> TrackingCookie.Sextracker : Cleaned with backup C:\Documents and Settings\Anthony\Cookies\[email protected][1].txt -> TrackingCookie.Sextracker : Cleaned with backup C:\Documents and Settings\Anthony\Cookies\[email protected][1].txt -> TrackingCookie.Sextracker : Cleaned with backup C:\Documents and Settings\Anthony\Cookies\[email protected][1].txt -> TrackingCookie.Sextracker : Cleaned with backup C:\Documents and Settings\Anthony\Cookies\[email protected][2].txt -> TrackingCookie.Sextracker : Cleaned with backup C:\Documents and Settings\Anthony\Cookies\[email protected][1].txt -> TrackingCookie.Sextracker : Cleaned with backup C:\Documents and Settings\Anthony\Cookies\[email protected][1].txt -> TrackingCookie.Sextracker : Cleaned with backup C:\Documents and Settings\Anthony\Cookies\[email protected][2].txt -> TrackingCookie.Sexcounter : Cleaned with backup C:\Documents and Settings\Anthony\Cookies\[email protected][2].txt -> TrackingCookie.Overture : Cleaned with backup C:\Documents and Settings\Anthony\Cookies\anthony@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup C:\Documents and Settings\Anthony\Cookies\[email protected][1].txt -> TrackingCookie.Ru4 : Cleaned with backup C:\Documents and Settings\Anthony\Cookies\[email protected][2].txt -> TrackingCookie.Hitbox : Cleaned with backup C:\Documents and Settings\Anthony\Cookies\anthony@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned with backup C:\Documents and Settings\Anthony\Cookies\[email protected][2].txt -> TrackingCookie.Starware : Cleaned with backup C:\Documents and Settings\Anthony\Cookies\anthony@hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup C:\Documents and Settings\Anthony\Cookies\anthony@hotlog[1].txt -> TrackingCookie.Hotlog : Cleaned with backup C:\Documents and Settings\Anthony\Cookies\[email protected][1].txt -> TrackingCookie.Masterstats : Cleaned with backup C:\Documents and Settings\Anthony\Cookies\[email protected][1].txt -> TrackingCookie.Fastclick : Cleaned with backup C:\Documents and Settings\Anthony\Cookies\anthony@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned with backup C:\Documents and Settings\Anthony\Cookies\anthony@paycounter[2].txt -> TrackingCookie.Paycounter : Cleaned with backup C:\Documents and Settings\Anthony\Cookies\[email protected][1].txt -> TrackingCookie.Overture : Cleaned with backup C:\Documents and Settings\Anthony\Cookies\[email protected][2].txt -> TrackingCookie.Valuead : Cleaned with backup C:\Documents and Settings\Anthony\Cookies\anthony@qksrv[1].txt -> TrackingCookie.Qksrv : Cleaned with backup C:\Documents and Settings\Anthony\Cookies\anthony@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned with backup C:\Documents and Settings\Anthony\Cookies\anthony@revenue[1].txt -> TrackingCookie.Revenue : Cleaned with backup C:\Documents and Settings\Anthony\Cookies\[email protected][2].txt -> TrackingCookie.Adjuggler : Cleaned with backup C:\Documents and Settings\Anthony\Cookies\[email protected][1].txt -> TrackingCookie.Falkag : Cleaned with backup C:\Documents and Settings\Anthony\Cookies\anthony@serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned with backup C:\Documents and Settings\Anthony\Cookies\anthony@sexlist[1].txt -> TrackingCookie.Sexlist : Cleaned with backup C:\Documents and Settings\Anthony\Cookies\anthony@sextracker[2].txt -> TrackingCookie.Sextracker : Cleaned with backup C:\Documents and Settings\Anthony\Cookies\anthony@spylog[1].txt -> TrackingCookie.Spylog : Cleaned with backup C:\Documents and Settings\Anthony\Cookies\anthony@statcounter[2].txt -> TrackingCookie.Statcounter : Cleaned with backup C:\Documents and Settings\Anthony\Cookies\[email protected][1].txt -> TrackingCookie.Reliablestats : Cleaned with backup C:\Documents and Settings\Anthony\Cookies\anthony@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned with backup C:\Documents and Settings\Anthony\Cookies\anthony@targetnet[2].txt -> TrackingCookie.Targetnet : Cleaned with backup C:\Documents and Settings\Anthony\Cookies\anthony@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned with backup C:\Documents and Settings\Anthony\Cookies\[email protected][1].txt -> TrackingCookie.Starware : Cleaned with backup C:\Documents and Settings\Anthony\Cookies\[email protected][1].txt -> TrackingCookie.Realtracker : Cleaned with backup C:\Documents and Settings\Anthony\Cookies\[email protected][1].txt -> TrackingCookie.Burstbeacon : Cleaned with backup C:\Documents and Settings\Anthony\Cookies\anthony@zedo[2].txt -> TrackingCookie.Zedo : Cleaned with backup C:\Documents and Settings\Anthony\Local Settings\Application Data\Mozilla\Firefox\Profiles\c7ljklig.default\Cache\D536F5E0d01 -> Not-A-Virus.Exploit.HTML.CodeBaseExec : Cleaned with backup C:\Documents and Settings\Anthony\Local Settings\Temp\Cookies\[email protected][1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup C:\Documents and Settings\Anthony\Local Settings\Temp\Cookies\anthony@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup C:\Documents and Settings\Anthony\Local Settings\Temp\Cookies\anthony@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned with backup C:\Documents and Settings\Anthony\Local Settings\Temp\Cookies\anthony@casalemedia[2].txt -> TrackingCookie.Casalemedia : Cleaned with backup C:\Documents and Settings\Anthony\Local Settings\Temp\Cookies\anthony@com[2].txt -> TrackingCookie.Com : Cleaned with backup C:\Documents and Settings\Anthony\Local Settings\Temp\Cookies\anthony@cpvfeed[1].txt -> TrackingCookie.Cpvfeed : Cleaned with backup C:\Documents and Settings\Anthony\Local Settings\Temp\Cookies\anthony@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned with backup C:\Documents and Settings\Anthony\Local Settings\Temp\Cookies\[email protected][1].txt -> TrackingCookie.Tracking101 : Cleaned with backup C:\Documents and Settings\Anthony\Local Settings\Temp\Cookies\[email protected][1].txt -> TrackingCookie.Fastclick : Cleaned with backup C:\Documents and Settings\Anthony\Local Settings\Temp\Cookies\anthony@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned with backup C:\Documents and Settings\Anthony\Local Settings\Temp\Cookies\anthony@revenue[1].txt -> TrackingCookie.Revenue : Cleaned with backup C:\Documents and Settings\Anthony\Local Settings\Temp\Cookies\[email protected][2].txt -> TrackingCookie.Reliablestats : Cleaned with backup C:\Documents and Settings\Anthony\Local Settings\Temp\Cookies\anthony@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned with backup C:\Documents and Settings\Anthony\Local Settings\Temp\Cookies\[email protected][1].txt -> TrackingCookie.Burstbeacon : Cleaned with backup C:\Documents and Settings\Anthony\Local Settings\Temp\nsq3A.tmp -> Downloader.IstBar : Cleaned with backup C:\Documents and Settings\Anthony\Local Settings\Temp\res117.tmp -> Adware.180Solutions : Cleaned with backup C:\Documents and Settings\Anthony\Local Settings\Temp\ssc.dll -> Downloader.Delf.uy : Cleaned with backup C:\Documents and Settings\Guest\Cookies\guest@2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup C:\Documents and Settings\Guest\Cookies\[email protected][2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup C:\Documents and Settings\Guest\Cookies\[email protected][2].txt -> TrackingCookie.Addynamix : Cleaned with backup C:\Documents and Settings\Guest\Cookies\[email protected][1].txt -> TrackingCookie.Revenue : Cleaned with backup C:\Documents and Settings\Guest\Cookies\guest@advertising[1].txt -> TrackingCookie.Advertising : Cleaned with backup C:\Documents and Settings\Guest\Cookies\[email protected][2].txt -> TrackingCookie.Falkag : Cleaned with backup C:\Documents and Settings\Guest\Cookies\guest@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup C:\Documents and Settings\Guest\Cookies\guest@casalemedia[2].txt -> TrackingCookie.Casalemedia : Cleaned with backup C:\Documents and Settings\Guest\Cookies\guest@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup C:\Documents and Settings\Guest\Cookies\guest@fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned with backup C:\Documents and Settings\Guest\Cookies\guest@linksynergy[1].txt -> TrackingCookie.Linksynergy : Cleaned with backup C:\Documents and Settings\Guest\Cookies\[email protected][2].txt -> TrackingCookie.Fastclick : Cleaned with backup C:\Documents and Settings\Guest\Cookies\[email protected][2].txt -> TrackingCookie.Valuead : Cleaned with backup C:\Documents and Settings\Guest\Cookies\guest@revenue[1].txt -> TrackingCookie.Revenue : Cleaned with backup C:\Documents and Settings\Guest\Cookies\guest@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Cleaned with backup C:\Documents and Settings\Nick\Start Menu\Programs\WhenU -> Adware.SaveNow : Cleaned with backup C:\Documents and Settings\Nick\Start Menu\Programs\WhenU\Learn More About Save!.url -> Adware.SaveNow : Cleaned with backup C:\Documents and Settings\Nick\Start Menu\Programs\WhenU\Learn More About SaveNow.url -> Adware.SaveNow : Cleaned with backup C:\Documents and Settings\Nick\Start Menu\Programs\WhenU\WhenU.com Website.url -> Adware.SaveNow : Cleaned with backup C:\Documents and Settings\Wendy\Cookies\wendy@2o7[2].txt -> TrackingCookie.2o7 : Cleaned with backup C:\Documents and Settings\Wendy\Cookies\[email protected][1].txt -> TrackingCookie.66.220.17.154 : Cleaned with backup C:\Documents and Settings\Wendy\Cookies\[email protected][2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup C:\Documents and Settings\Wendy\Cookies\[email protected][1].txt -> TrackingCookie.Addynamix : Cleaned with backup C:\Documents and Settings\Wendy\Cookies\wendy@advertising[2].txt -> TrackingCookie.Advertising : Cleaned with backup C:\Documents and Settings\Wendy\Cookies\wendy@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup C:\Documents and Settings\Wendy\Cookies\wendy@casalemedia[2].txt -> TrackingCookie.Casalemedia : Cleaned with backup C:\Documents and Settings\Wendy\Cookies\wendy@com[2].txt -> TrackingCookie.Com : Cleaned with backup C:\Documents and Settings\Wendy\Cookies\wendy@cpvfeed[1].txt -> TrackingCookie.Cpvfeed : Cleaned with backup C:\Documents and Settings\Wendy\Cookies\wendy@doubleclick[2].txt -> TrackingCookie.Doubleclick : Cleaned with backup C:\Documents and Settings\Wendy\Cookies\[email protected][1].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\Wendy\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\Wendy\Cookies\[email protected][1].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\Wendy\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\Wendy\Cookies\[email protected][2].txt -> TrackingCookie.Hitbox : Cleaned with backup C:\Documents and Settings\Wendy\Cookies\wendy@fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned with backup C:\Documents and Settings\Wendy\Cookies\wendy@hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup C:\Documents and Settings\Wendy\Cookies\wendy@linksynergy[2].txt -> TrackingCookie.Linksynergy : Cleaned with backup C:\Documents and Settings\Wendy\Cookies\[email protected][2].txt -> TrackingCookie.Fastclick : Cleaned with backup C:\Documents and Settings\Wendy\Cookies\wendy@overture[2].txt -> TrackingCookie.Overture : Cleaned with backup C:\Documents and Settings\Wendy\Cookies\[email protected][2].txt -> TrackingCookie.Wegcash : Cleaned with backup C:\Documents and Settings\Wendy\Cookies\wendy@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned with backup C:\Documents and Settings\Wendy\Cookies\wendy@shopathomeselect[1].txt -> TrackingCookie.Shopathomeselect : Cleaned with backup C:\Documents and Settings\Wendy\Cookies\wendy@statcounter[2].txt -> TrackingCookie.Statcounter : Cleaned with backup C:\Documents and Settings\Wendy\Cookies\[email protected][2].txt -> TrackingCookie.Reliablestats : Cleaned with backup C:\Documents and Settings\Wendy\Cookies\[email protected][2].txt -> TrackingCookie.Webtrendslive : Cleaned with backup C:\Documents and Settings\Wendy\Cookies\wendy@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned with backup C:\Documents and Settings\Wendy\Cookies\[email protected][1].txt -> TrackingCookie.G3x : Cleaned with backup C:\Documents and Settings\Wendy\Cookies\wendy@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Cleaned with backup C:\Documents and Settings\Wendy\Cookies\[email protected][1].txt -> TrackingCookie.Burstbeacon : Cleaned with backup C:\Documents and Settings\Wendy\Cookies\[email protected][2].txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup C:\Documents and Settings\Wendy\Cookies\[email protected][2].txt -> TrackingCookie.Shopathomeselect : Cleaned with backup C:\Documents and Settings\Wendy\Local Settings\Temporary Internet Files\Content.IE5\O1AVQFW1\setup29[1].exe -> Adware.Delf : Cleaned with backup C:\Documents and Settings\Wendy\Local Settings\Temporary Internet Files\Content.IE5\O1AVQFW1\setup31[1].exe -> Adware.Delf : Cleaned with backup C:\Documents and Settings\William\Cookies\william@2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup C:\Documents and Settings\William\Cookies\william@7search[2].txt -> TrackingCookie.7search : Cleaned with backup C:\Documents and Settings\William\Cookies\[email protected][1].txt -> TrackingCookie.Tribalfusion : Cleaned with backup C:\Documents and Settings\William\Cookies\[email protected][2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup C:\Documents and Settings\William\Cookies\[email protected][1].txt -> TrackingCookie.Euroclick : Cleaned with backup C:\Documents and Settings\William\Cookies\[email protected][2].txt -> TrackingCookie.Specificclick : Cleaned with backup C:\Documents and Settings\William\Cookies\[email protected][1].txt -> TrackingCookie.Addynamix : Cleaned with backup C:\Documents and Settings\William\Cookies\william@advertising[1].txt -> TrackingCookie.Advertising : Cleaned with backup C:\Documents and Settings\William\Cookies\william@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup C:\Documents and Settings\William\Cookies\[email protected][1].txt -> TrackingCookie.Enhance : Cleaned with backup C:\Documents and Settings\William\Cookies\[email protected][1].txt -> TrackingCookie.Goclick : Cleaned with backup C:\Documents and Settings\William\Cookies\[email protected][1].txt -> TrackingCookie.Zedo : Cleaned with backup C:\Documents and Settings\William\Cookies\william@casalemedia[2].txt -> TrackingCookie.Casalemedia : Cleaned with backup C:\Documents and Settings\William\Cookies\william@clickbank[1].txt -> TrackingCookie.Clickbank : Cleaned with backup C:\Documents and Settings\William\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup C:\Documents and Settings\William\Cookies\william@com[2].txt -> TrackingCookie.Com : Cleaned with backup C:\Documents and Settings\William\Cookies\william@cpvfeed[1].txt -> TrackingCookie.Cpvfeed : Cleaned with backup C:\Documents and Settings\William\Cookies\[email protected][2].txt -> TrackingCookie.Overture : Cleaned with backup C:\Documents and Settings\William\Cookies\william@doubleclick[2].txt -> TrackingCookie.Doubleclick : Cleaned with backup C:\Documents and Settings\William\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\William\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\William\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\William\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\William\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\William\Cookies\[email protected][1].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\William\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\William\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\William\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\William\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\William\Cookies\[email protected][1].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\William\Cookies\[email protected][1].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\William\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\William\Cookies\[email protected][1].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\William\Cookies\[email protected][1].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\William\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\William\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\William\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\William\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\William\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\William\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\William\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\William\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\William\Cookies\[email protected][1].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\William\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\William\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\William\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\William\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\William\Cookies\[email protected][1].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\William\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\William\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\William\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\William\Cookies\[email protected][2].txt -> TrackingCookie.Hitbox : Cleaned with backup C:\Documents and Settings\William\Cookies\[email protected][2].txt -> TrackingCookie.Hitbox : Cleaned with backup C:\Documents and Settings\William\Cookies\william@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned with backup C:\Documents and Settings\William\Cookies\william@findwhat[1].txt -> TrackingCookie.Findwhat : Cleaned with backup C:\Documents and Settings\William\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup C:\Documents and Settings\William\Cookies\[email protected][2].txt -> TrackingCookie.Wegcash : Cleaned with backup C:\Documents and Settings\William\Cookies\[email protected][2].txt -> TrackingCookie.Starware : Cleaned with backup C:\Documents and Settings\William\Cookies\william@hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup C:\Documents and Settings\William\Cookies\[email protected][1].txt -> TrackingCookie.Masterstats : Cleaned with backup C:\Documents and Settings\William\Cookies\william@linksynergy[1].txt -> TrackingCookie.Linksynergy : Cleaned with backup C:\Documents and Settings\William\Cookies\[email protected][2].txt -> TrackingCookie.Tracking101 : Cleaned with backup C:\Documents and Settings\William\Cookies\[email protected][2].txt -> TrackingCookie.Fastclick : Cleaned with backup C:\Documents and Settings\William\Cookies\william@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned with backup C:\Documents and Settings\William\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup C:\Documents and Settings\William\Cookies\william@overture[1].txt -> TrackingCookie.Overture : Cleaned with backup C:\Documents and Settings\William\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup C:\Documents and Settings\William\Cookies\[email protected][1].txt -> TrackingCookie.Overture : Cleaned with backup C:\Documents and Settings\William\Cookies\[email protected][1].txt -> TrackingCookie.Hitbox : Cleaned with backup C:\Documents and Settings\William\Cookies\[email protected][1].txt -> TrackingCookie.Wegcash : Cleaned with backup C:\Documents and Settings\William\Cookies\william@qksrv[1].txt -> TrackingCookie.Qksrv : Cleaned with backup C:\Documents and Settings\William\Cookies\william@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned with backup C:\Documents and Settings\William\Cookies\william@revenue[2].txt -> TrackingCookie.Revenue : Cleaned with backup C:\Documents and Settings\William\Cookies\[email protected][1].txt -> TrackingCookie.Liveperson : Cleaned with backup C:\Documents and Settings\William\Cookies\william@statcounter[2].txt -> TrackingCookie.Statcounter : Cleaned with backup C:\Documents and Settings\William\Cookies\[email protected][1].txt -> TrackingCookie.Adbrite : Cleaned with backup C:\Documents and Settings\William\Cookies\[email protected][1].txt -> TrackingCookie.Reliablestats : Cleaned with backup C:\Documents and Settings\William\Cookies\[email protected][2].txt -> TrackingCookie.Webtrendslive : Cleaned with backup C:\Documents and Settings\William\Cookies\william@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned with backup C:\Documents and Settings\William\Cookies\william@targetnet[1].txt -> TrackingCookie.Targetnet : Cleaned with backup C:\Documents and Settings\William\Cookies\william@trafficmp[2].txt -> TrackingCookie.Trafficmp : Cleaned with backup C:\Documents and Settings\William\Cookies\william@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned with backup C:\Documents and Settings\William\Cookies\[email protected][1].txt -> TrackingCookie.Starware : Cleaned with backup C:\Documents and Settings\William\Cookies\william@web-stat[2].txt -> TrackingCookie.Web-stat : Cleaned with backup C:\Documents and Settings\William\Cookies\william@webstat[2].txt -> TrackingCookie.Web-stat : Cleaned with backup C:\Documents and Settings\William\Cookies\[email protected][2].txt -> TrackingCookie.Shopathomeselect : Cleaned with backup C:\Documents and Settings\William\Cookies\william@yadro[2].txt -> TrackingCookie.Yadro : Cleaned with backup C:\Documents and Settings\William\Cookies\[email protected][2].txt -> TrackingCookie.Adserver : Cleaned with backup C:\Documents and Settings\William\Cookies\william@zedo[1].txt -> TrackingCookie.Zedo : Cleaned with backup C:\Program Files\Internet Explorer\setup29.exe -> Adware.Delf : Cleaned with backup C:\Program Files\Internet Explorer\setup31.exe -> Adware.Delf : Cleaned with backup C:\Program Files\SurfAccuracy -> Adware.SurfAccuracy : Cleaned with backup C:\Program Files\SurfAccuracy\License.lnk -> Adware.SurfAccuracy : Cleaned with backup C:\Program Files\SurfAccuracy\SAcc.cfg -> Adware.SurfAccuracy : Cleaned with backup C:\Program Files\YourSiteBar -> Adware.YourSiteBar : Cleaned with backup C:\Program Files\YourSiteBar\imagemap_normal.bmp -> Adware.YourSiteBar : Cleaned with backup C:\Program Files\YourSiteBar\imagemap_over.bmp -> Adware.YourSiteBar : Cleaned with backup C:\Program Files\YourSiteBar\version.txt -> Adware.YourSiteBar : Cleaned with backup C:\Program Files\YourSiteBar\yoursitebar.xml -> Adware.YourSiteBar : Cleaned with backup C:\WINDOWS\SYSTEM32\omkmywwz.lvd -> Hijacker.Small.js : Cleaned with backup C:\WINDOWS\SYSTEM32\ssc.dll -> Downloader.Delf.uy : Cleaned with backup C:\WINDOWS\SYSTEM32\yqqgrurs.exe -> Trojan.Small : Cleaned with backup::Report EndHiJackThis LogLogfile of HijackThis v1.99.1Scan saved at 5:28:26 PM, on 6/2/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exeC:\Program Files\Norton AntiVirus\navapsvc.exeC:\Program Files\Norton AntiVirus\IWP\NPFMntor.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exeC:\WINDOWS\Explorer.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Analog Devices\Core\smax4pnp.exeC:\Program Files\Java\j2re1.4.2_03\bin\jusched.exeC:\Program Files\CyberLink\PowerDVD\DVDLauncher.exeC:\Program Files\Real\RealPlayer\RealPlay.exeC:\Program Files\Dell\Media Experience\DMXLauncher.exeC:\WINDOWS\system32\dla\tfswctrl.exeC:\PROGRA~1\MUSICM~1\MUSICM~3\mm_tray.exeC:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exeC:\Updater.exeC:\WINDOWS\system32\454f66a6.exeC:\Program Files\Common Files\Symantec Shared\ccApp.exeC:\Program Files\Digital Line Detect\DLG.exeC:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exeC:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exeC:\Program Files\Windows Media Player\wmplayer.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\MSN Messenger\msnmsgr.exeC:\Program Files\ewido anti-malware\ewidoctrl.exeC:\Program Files\BitComet\BitComet.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Documents and Settings\Anthony\Desktop\hijackthis\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.comR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.euveeaqbewamveumxxaghiwiw.info/...tWOrqGCCPy.htmlR0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.comF2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\fservice.exeF3 - REG:win.ini: load=C:\WINDOWS\system32\rcnoke\csrss.exeF3 - REG:win.ini: run=C:\WINDOWS\system32\rcnoke\csrss.exeO2 - BHO: (no name) - {00000000-59D4-4008-9058-080011001200} - (no file)O2 - BHO: (no name) - {00000000-C1EC-0345-6EC2-4D0300000000} - (no file)O2 - BHO: (no name) - {00000000-F09C-02B4-6EC2-AD0300000000} - (no file)O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dllO2 - BHO: (no name) - {196B9CB5-4C83-46F7-9B06-9672ECD9D99B} - C:\WINDOWS\SYSTEM32\winbrume.dll (file missing)O2 - BHO: (no name) - {3ceff6cd-6f08-4e4d-bccd-ff7415288c3b} - (no file)O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dllO2 - BHO: C:\DOCUME~1\Anthony\LOCALS~1\Temp\ssc.dll - {60E61928-B0DE-47C0-8EB1-D9C9417647D7} - C:\DOCUME~1\Anthony\LOCALS~1\Temp\ssc.dll (file missing)O2 - BHO: winapi32.MyBHO - {62E2E094-F989-48C6-B947-6E79DA2294F9} - C:\WINDOWS\system32\winapi32.dll (file missing)O2 - BHO: (no name) - {77701e16-9bfe-4b63-a5b4-7bd156758a37} - (no file)O2 - BHO: (no name) - {7b55bb05-0b4d-44fd-81a6-b136188f5deb} - (no file)O2 - BHO: (no name) - {8333c319-0669-4893-a418-f56d9249fca6} - (no file)O2 - BHO: (no name) - {9c691a33-7dda-4c2f-be4c-c176083f35cf} - (no file)O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dllO2 - BHO: (no name) - {C8F21DFE-B35C-4274-82EC-1E072D09025E} - C:\WINDOWS\SYSTEM32\winbrume.dll (file missing)O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)O2 - BHO: (no name) - {ffd2825e-0785-40c5-9a41-518f53a8261f} - (no file)O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dllO4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exeO4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exeO4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYERO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exeO4 - HKLM\..\Run: [updateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /rO4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exeO4 - HKLM\..\Run: [MMTray] C:\PROGRA~1\MUSICM~1\MUSICM~3\mm_tray.exeO4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exeO4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exeO4 - HKLM\..\Run: [iRiver Updater] \Updater.exeO4 - HKLM\..\Run: [454f66a6] C:\WINDOWS\system32\454f66a6.exeO4 - HKLM\..\Run: [iST Service] C:\Program Files\ISTsvc\istsvc.exeO4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /ConsumerO4 - HKLM\..\Run: [Adware.Srv32] C:\WINDOWS\system32\runsrv32.exeO4 - HKLM\..\Run: [Transponder] C:\WINDOWS\system32\susp.exeO4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exeO4 - Global Startup: Digital Line Detect.lnk = ?O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exeO4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exeO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLLO9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dllO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO15 - Trusted Zone: *.coolwebsearch.comO15 - Trusted Zone: *.musicmatch.comO16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cabO16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cabO16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cabO16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cabO16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cabO16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553543256} - http://www.teensburn.com/videos/toolbar.cabO16 - DPF: {DECEAAA2-370A-49BB-9362-68C3A58DDC62} (SAIX) - http://static.zangocash.com/cab/Zango/ie/B...9700e8655edd6e9O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{236E5315-EEEB-4576-9F75-B716DA4E7593}: NameServer = 24.226.10.119,24.226.1.93O17 - HKLM\System\CS1\Services\Tcpip\..\{236E5315-EEEB-4576-9F75-B716DA4E7593}: NameServer = 24.226.10.119,24.226.1.93O17 - HKLM\System\CS2\Services\Tcpip\..\{236E5315-EEEB-4576-9F75-B716DA4E7593}: NameServer = 24.226.10.119,24.226.1.93O17 - HKLM\System\CS3\Services\Tcpip\..\{236E5315-EEEB-4576-9F75-B716DA4E7593}: NameServer = 24.226.10.119,24.226.1.93O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dllO23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exeO23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exeO23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeO23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exeO23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeO23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exeO23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exeO23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exeO23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exeO23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exeO23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeO23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeO23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exeend, thank you very much for looking at this! Link to post Share on other sites
lolocaust Posted June 2, 2006 Author Report Share Posted June 2, 2006 Maybe I ought to add that I am lolocaust. Link to post Share on other sites
Matt Posted June 3, 2006 Report Share Posted June 3, 2006 Whew! We still go some mess there!Jotti File Submission:Please go to Jotti's malware scanCopy and paste the following file path into the "File to upload & scan"box on the top of the page:C:\WINDOWS\system32\rcnoke\csrss.exe[*] Click on the submit button[*] Please post the results in your next reply.Updating Java and Clearing CacheGo to Start > Control Panel double-click on the Java Icon (coffee cup) in the Control Panel.It will say "Java Plug-in" under the icon.Please find the update button or tab in the Java Control Panel. Update your Java then reboot.If you are unable to update you can manually update by going here:http://www.java.com/en/download/manual.jsp[*]After the reboot, go back into the Control Panel and double-click the Java Icon.[*]Under Temporary Internet Files, click the Delete Files button.[*]There are three options in the window to clear the cache - Leave ALL 3 CheckedDownloaded AppletsDownloaded ApplicationsOther Files[*]Click OK on Delete Temporary Files WindowNote: This deletes ALL the Downloaded Applications and Applets from the CACHE.[*]Click OK to leave the Java Control Panel.Next, Scan with HJT and place a check next to the following items:R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.euveeaqbewamveumxxaghiwiw.info/...tWOrqGCCPy.htmlF2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\fservice.exeO2 - BHO: (no name) - {00000000-59D4-4008-9058-080011001200} - (no file)O2 - BHO: (no name) - {00000000-C1EC-0345-6EC2-4D0300000000} - (no file)O2 - BHO: (no name) - {00000000-F09C-02B4-6EC2-AD0300000000} - (no file)O2 - BHO: (no name) - {196B9CB5-4C83-46F7-9B06-9672ECD9D99B} - C:\WINDOWS\SYSTEM32\winbrume.dll (file missing)O2 - BHO: (no name) - {3ceff6cd-6f08-4e4d-bccd-ff7415288c3b} - (no file)O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)O2 - BHO: C:\DOCUME~1\Anthony\LOCALS~1\Temp\ssc.dll - {60E61928-B0DE-47C0-8EB1-D9C9417647D7} - C:\DOCUME~1\Anthony\LOCALS~1\Temp\ssc.dll (file missing)O2 - BHO: winapi32.MyBHO - {62E2E094-F989-48C6-B947-6E79DA2294F9} - C:\WINDOWS\system32\winapi32.dll (file missing)O2 - BHO: (no name) - {77701e16-9bfe-4b63-a5b4-7bd156758a37} - (no file)O2 - BHO: (no name) - {7b55bb05-0b4d-44fd-81a6-b136188f5deb} - (no file)O2 - BHO: (no name) - {8333c319-0669-4893-a418-f56d9249fca6} - (no file)O2 - BHO: (no name) - {9c691a33-7dda-4c2f-be4c-c176083f35cf} - (no file)O2 - BHO: (no name) - {C8F21DFE-B35C-4274-82EC-1E072D09025E} - C:\WINDOWS\SYSTEM32\winbrume.dll (file missing)O2 - BHO: (no name) - {ffd2825e-0785-40c5-9a41-518f53a8261f} - (no file)O4 - HKLM\..\Run: [454f66a6] C:\WINDOWS\system32\454f66a6.exeO4 - HKLM\..\Run: [iST Service] C:\Program Files\ISTsvc\istsvc.exeO4 - HKLM\..\Run: [Adware.Srv32] C:\WINDOWS\system32\runsrv32.exeO4 - HKLM\..\Run: [Transponder] C:\WINDOWS\system32\susp.exeO15 - Trusted Zone: *.coolwebsearch.comO16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553543256} - http://www.teensburn.com/videos/toolbar.cabO16 - DPF: {DECEAAA2-370A-49BB-9362-68C3A58DDC62} (SAIX) - http://static.zangocash.com/cab/Zango/ie/B...9700e8655edd6e9Then, make sure all browser windows and other applications are closed, and click the Fix Checked button.Please download the Killbox by Option^Explicit.Note: In the event you already have Killbox, this is a new version that I need you to download. Save it to your desktop. Please double-click Killbox.exe to run it. Select: Delete on Reboot then Click on the All Files button.[*]Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):C:\WINDOWS\system32\fservice.exeC:\WINDOWS\SYSTEM32\winbrume.dllC:\DOCUME~1\Anthony\LOCALS~1\Temp\ssc.dllC:\WINDOWS\SYSTEM32\winbrume.dllC:\Program Files\ISTsvc\istsvc.exeC:\WINDOWS\system32\runsrv32.exeC:\WINDOWS\system32\susp.exe[*] Return to Killbox, go to the File menu, and choose Paste from Clipboard.[*]Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).If your computer does not restart automatically, please restart it manually.If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run Killbox, click here to download and run missingfilesetup.exe. Then try Killbox again.Download CWShredder Here to its own folder.Update CWShredderOpen CWShredder and click I AGREEClick Check For UpdateClose CWShredderBoot into Safe Mode:Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.Now run CWShredder. Click I Agree, then Fix and then Next, let it fix everything it asks about. Find and delete the following folder:C:\Program Files\ISTsvc\Reboot your computer into normal windows.Please go HERE to run Panda's ActiveScanOnce you are on the Panda site click the Scan your PC buttonA new window will open...click the Check Now buttonEnter your CountryEnter your State/ProvinceEnter your e-mail address and click sendSelect either Home User or CompanyClick the big Scan Now buttonIf it wants to install an ActiveX component allow itIt will start downloading the files it requires for the scan (Note: It may take a couple of minutes)When download is complete, click on My Computer to start the scanWhen the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan reportFinally, post back with the Jotti Results, the Panda Active Scan report, and a new HJT log.Matt Link to post Share on other sites
lolocaust Posted June 9, 2006 Author Report Share Posted June 9, 2006 Jotti told me this..."The file you uploaded is 0 bytes. It is very likely a firewall or a piece of malware is prohibiting you from uploading this file"My activescan will be an attachment.My HJT log is also an attachment.Activescan.txthijackthislog1.txt Link to post Share on other sites
Matt Posted June 11, 2006 Report Share Posted June 11, 2006 Let's Continue.Please scan with HJT and place a check next to the following items:O2 - BHO: (no name) - {3ceff6cd-6f08-4e4d-bccd-ff7415288c3b} - (no file)O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)Then, make sure all browser windows and other applications are closed, and click the Fix Checked button. Please double-click Killbox.exe to run it. Select: Delete on Reboot then Click on the All Files button.[*]Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):c:\windows\system32\a.exe c:\windows\system32\alxres.dll c:\windows\system32\bridge.dll c:\windows\system32\dailytoolbar.dll c:\windows\system32\exuc32.tmp c:\windows\system32\tcpservice2.exe c:\windows\system32\txfdb32.dll c:\windows\system32\ustart.exe c:\program files\internet explorer\winbrume.dat c:\windows\BTGrab.dll c:\windows\dlmax.dll c:\windows\susp.exe c:\windows\system32\SahImages C:\Documents and Settings\Anthony\Local Settings\Temp\st.exe[*] Return to Killbox, go to the File menu, and choose Paste from Clipboard.[*]Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).If your computer does not restart automatically, please restart it manually.If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run Killbox, click here to download and run missingfilesetup.exe. Then try Killbox again.Please download ATF Cleaner by Atribune.This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.Under Main choose: Select AllClick the Empty Selected button.If you use Firefox browserClick Firefox at the top and choose: Select AllClick the Empty Selected button.NOTE: If you would like to keep your saved passwords, please click No at the prompt.If you use Opera browserClick Opera at the top and choose: Select AllClick the Empty Selected button.NOTE: If you would like to keep your saved passwords, please click No at the prompt.Click Exit on the Main menu to close the program.For Technical Support, double-click the e-mail address located at the bottom of each menu.Please do an online scan with Kaspersky WebScannerClick on Kaspersky Online ScannerYou will be promted to install an ActiveX component from Kaspersky, Click Yes.The program will launch and then begin downloading the latest definition files:Once the files have been downloaded click on NEXTNow click on Scan SettingsIn the scan settings make that the following are selected:Scan using the following Anti-Virus database:Extended (if available otherwise Standard)Scan Options:Scan ArchivesScan Mail Bases[*]Click OK[*]Now under select a target to scan:Select My Computer[*]This will program will start and scan your system.[*]The scan will take a while so be patient and let it run.[*]Once the scan is complete it will display if your system has been infected.Now click on the Save as Text button:[*]Save the file to your desktop.[*]Copy and paste that information in your next post.So, reply back with the results from the Kaspersky Scan and a new HJT log.Matt Link to post Share on other sites
lolocaust Posted June 22, 2006 Author Report Share Posted June 22, 2006 HijackThis is here, but the kapersky online scan did not work as planned... It gave me a policy/statement to accpet and i did, but clicking the accept button didn't do anything.hijackthislog21.txt Link to post Share on other sites
Matt Posted June 22, 2006 Report Share Posted June 22, 2006 Are you still experiencing issues?Please run the F-Secure Online ScannerNote: This Scanner is for Internet Explorer Only!Follow the Instruction Here for installation.Accept the License Agreement.Once the ActiveX installs,Click Full System ScanOnce the download completes,the scan will begin automatically.The scan will take some time to finish,so please be patient.When the scan completes, click the Automatic cleaning (recommended) button.Click the Show Report button and Copy&Paste the entire report in your next reply. Link to post Share on other sites
lolocaust Posted June 24, 2006 Author Report Share Posted June 24, 2006 Lately I've been using firefox, thank you for all the help Matt. Link to post Share on other sites
Matt Posted June 24, 2006 Report Share Posted June 24, 2006 Congrats! Your computer is clean! How is your system running?The following is a list of tools and utilities that I like to suggest to people. This list is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again.Firefox- Internet Explorer is not the most secure and best browser. There are safer and better alternatives available. I recommend Firefox, however Opera is good as well.Spybot Search & Destroy - Uber powerful tool which can search and annhilate nasties that make it onto your system. Now with an Immunize section that will help prevent future infections.AdAware - Another very powerful tool which searches and kills nasties that infect your system. AdAware and Spybot Search & Destroy compliment each other very well.SpywareBlaster - Great prevention tool to keep malware from installing on your system.SpywareGuard - Works as a Spyware "Shield" to protect your computer from getting malware in the first place.IE-SpyAd - puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.ATF Cleaner - Cleans temporary files from web browsers, and much more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.Google Toolbar - Free google toolbar that allows you to use the powerful Google search engine from the bar, but also blocks pop up windows.To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein and this guide on safer computing. Link to post Share on other sites
Matt Posted June 26, 2006 Report Share Posted June 26, 2006 Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread. Everyone else please begin a New Topic. Link to post Share on other sites
Recommended Posts