1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

How do I get rid of Vx2 Malware?

Discussion in 'Virus & Other Malware Removal' started by Breakin'Aces, May 22, 2006.

Thread Status:
Not open for further replies.
Advertisement
  1. Breakin'Aces

    Breakin'Aces Thread Starter

    Joined:
    May 22, 2006
    Messages:
    26
    I'm not the best at this computer stuff, so the easiest way, would be preferred.:eek:

    Here's my problem. I'm running Window's XP, with my browser being Mozilla Firefox. I keep getting the same pop-ups, time and time again.

    I've downloaded and ran the Spybot Search and Destory, as well as Spyware Adaware, programs and each time, the Vx2 comes up saying that "it can't be removed as it's still in use".

    From what I've read, this stuff is hard to get rid of as it duplicates itself upon each reboot.

    I've looked at some links and found that I need "Killbox" "DLL Compare" and "HiJackthis". Thing is, what do I do now?

    CAn any of you give me a step by step procedure, or point me to a link where someone does?

    Thanks in advance, this is really annoying!(n)
     
  2. golferbob

    golferbob

    Joined:
    May 18, 2004
    Messages:
    3,896
  3. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    Post a HiJack log
     
  4. Breakin'Aces

    Breakin'Aces Thread Starter

    Joined:
    May 22, 2006
    Messages:
    26
    Ok, I know, this is going to sound stupid, but I can't find where the "HiJackThis" is...

    I know I downloaded it and even used it... But it's no where on my desktop. :confused:

    I've done a "Search" with no results found.
     
  5. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    Click here to download HJTsetup.exe: http://www.thespykiller.co.uk/files/HJTSetup.exe
    Save HJTsetup.exe to your desktop.

    Double click on the HJTsetup.exe icon on your desktop.
    By default it will install to C:\Program Files\Hijack This.
    Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
    Put a check by Create a desktop icon then click Next again.
    Continue to follow the rest of the prompts from there.
    At the final dialogue box click Finish and it will launch Hijack This.
    Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log.
    Click Save to save the log file and then the log will open in notepad.
    Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
    Come back here to this thread and Paste the log in your next reply.
    DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.
     
  6. Breakin'Aces

    Breakin'Aces Thread Starter

    Joined:
    May 22, 2006
    Messages:
    26
    Ok, thanks. Here's what I got.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    Logfile of HijackThis v1.99.1
    Scan saved at 11:30:06 PM, on 5/22/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    C:\WINDOWS\Explorer.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    C:\Program Files\Dell\Media Experience\PCMService.exe
    C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
    C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\Dell Support\DSAgnt.exe
    C:\PROGRA~1\MODEMO~1\moh.exe
    C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
    C:\Program Files\CallWave\IAM.exe
    C:\Program Files\SurfVidalia Internet\dialer.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Yahoo!\Messenger\YPager.exe
    C:\Program Files\Hijackthis\HijackThis.exe
    C:\Program Files\Messenger\msmsgs.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.surfvidalia.net
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.surfvidalia.net
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr7/*http://www.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com
    F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
    O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
    O4 - HKLM\..\Run: [MMTray] "C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe"
    O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe"
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
    O4 - HKCU\..\Run: [ModemOnHold] C:\PROGRA~1\MODEMO~1\moh.exe
    O4 - Global Startup: Internet Answering Machine.lnk = C:\Program Files\CallWave\IAM.exe
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
    O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
    O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: (no name) - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
    O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://wdownload.weatherbug.com/minibug/tricklers/AWS/MiniBugTransporter.cab?
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
    O16 - DPF: {EB623776-492A-42CA-9571-3AA39F58530B} - http://www.alwaysupdatednews.com/install/aun_0011.exe
    O17 - HKLM\System\CCS\Services\Tcpip\..\{258DBC55-C279-436F-A430-F96A6E229B5E}: NameServer = 205.171.3.65 205.171.2.65
    O17 - HKLM\System\CS1\Services\Tcpip\..\{258DBC55-C279-436F-A430-F96A6E229B5E}: NameServer = 205.171.3.65 205.171.2.65
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
     
  7. dvk01

    dvk01 Derek Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    47,897
    BEFORE BEGINNING, Please read completely through the instructions below and download the files from the links provided. You may want to save or print out these instructions for easier reference.

    First, download Ewido Security Suite.

    Next, download Lavasoft's Ad-Aware and the VX2 Cleaner Plug-in. Install Ad-Aware using the default options, then install vx2cleaner_inst.exe, taking all the defaults there as well.

    Run Ad-Aware, update to the latest definitions, then click on Add-ons in the lefthand column. Select VX2 Cleaner V2.0 and click Run Tool. Click "OK", then, if something is found, click "Clean" as in the directions given. Click "Close", and exit Ad-Aware.

    Reboot your PC and run Ad-Aware again. This time, click on the Start button in Ad-Aware, select "Perform smart system scan" and click Next. Once the scan finishes, click "Next" again. Select all objects found (right click anywhere in the list of found objects and click "Select All Objects"). Click "Next" one more time, then "OK" to confirm the removal.

    You will be prompted to set Ad-Aware to run on reboot, click "OK". Exit Ad-Aware and restart your PC once again.

    When Ad-Aware starts up, click on "Start", then "Next". Follow the steps above if anything is found, or click "Finish", then exit Ad-Aware.

    For a final cleanup, please install and run Ewido.
    • When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
    • When you run ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment.
    • From the main ewido screen, click on update in the left menu, then click the Start update button.
    • After the update finishes (the status bar at the bottom will display "Update successful")
    • Click on the Scanner button in the left menu, then click on Complete System Scan. This scan can take quite a while to run.
    • If ewido finds anything, it will pop up a notification. We have been finding some cases of false positives with the new version of Ewido, so we need to step through the fixes one-by-one. If Ewido finds something that you KNOW is legitimate (for example, parts of AVG Antivirus, pcAnywhere and the game "Risk" have been flagged), select "none" as the action. DO NOT check "Perform action with all infections". If you are unsure of an entry, select "none" for the time being. I'll see that in the log you will post later and let you know if ewido needs to be run again.
    • When the scan finishes, click on "Save Report". This will create a text file. Make sure you know where to find this file again.

    Please finish up by rebooting your system once more, and posting a new HijackThis log and the log from the Ewido scan.
     
  8. Breakin'Aces

    Breakin'Aces Thread Starter

    Joined:
    May 22, 2006
    Messages:
    26
    Ok, I did as you asked and I think we may be getting somewhere. Not a pop-up since I've been online. :D I hope I didn't just jinx myself!

    On the edwido scan, I only clicked "remove" when I saw something that said "tracking cookie", "trojan", or "Adaware". All else I left. I hope I've done right. Here are the logs

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~

    Logfile of HijackThis v1.99.1
    Scan saved at 9:42:00 PM, on 5/23/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\ewido anti-malware\ewidoctrl.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
    C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    C:\Program Files\Dell\Media Experience\PCMService.exe
    C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
    C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe
    C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\Dell Support\DSAgnt.exe
    C:\PROGRA~1\MODEMO~1\moh.exe
    C:\Program Files\CallWave\IAM.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\SurfVidalia Internet\dialer.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.surfvidalia.net
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.surfvidalia.net
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr7/*http://www.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
    O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
    O4 - HKLM\..\Run: [MMTray] "C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe"
    O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe"
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
    O4 - HKCU\..\Run: [ModemOnHold] C:\PROGRA~1\MODEMO~1\moh.exe
    O4 - Global Startup: Internet Answering Machine.lnk = C:\Program Files\CallWave\IAM.exe
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
    O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
    O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: (no name) - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
    O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://wdownload.weatherbug.com/minibug/tricklers/AWS/MiniBugTransporter.cab?
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
    O16 - DPF: {EB623776-492A-42CA-9571-3AA39F58530B} - http://www.alwaysupdatednews.com/install/aun_0011.exe
    O17 - HKLM\System\CCS\Services\Tcpip\..\{258DBC55-C279-436F-A430-F96A6E229B5E}: NameServer = 205.171.3.65 205.171.2.65
    O17 - HKLM\System\CS1\Services\Tcpip\..\{258DBC55-C279-436F-A430-F96A6E229B5E}: NameServer = 205.171.3.65 205.171.2.65
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

    ~~~~~~~~~~~~~~ Ewido Report~~~~~~~~~~~~~~~~


    ---------------------------------------------------------
    ewido anti-malware - Scan report
    ---------------------------------------------------------

    + Created on: 9:34:36 PM, 5/23/2006
    + Report-Checksum: 8F7B28C5

    + Scan result:

    HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins -> Adware.WebRebates : Ignored
    HKU\.DEFAULT\Software\MxTarget -> Adware.BetterInternet : Ignored
    HKU\S-1-5-21-3909151692-2079687942-1319946448-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7FD44536-9DF0-4034-939F-5BD4D98E3187} -> Adware.Generic : Ignored
    HKU\S-1-5-21-3909151692-2079687942-1319946448-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F5DE8ADB-4A69-4E56-96AB-823171C8E9D8} -> Adware.Generic : Ignored
    HKU\S-1-5-21-3909151692-2079687942-1319946448-1007\Software\WinUpdt -> Adware.SecondThought : Ignored
    HKU\S-1-5-18\Software\MxTarget -> Adware.BetterInternet : Ignored
    C:\Documents and Settings\Delton\Local Settings\Temp\randreco.exe -> Adware.BetterInternet : Ignored
    :mozilla.6:C:\Documents and Settings\Delton\Application Data\Mozilla\Firefox\Profiles\wx0g0083.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
    :mozilla.13:C:\Documents and Settings\Delton\Application Data\Mozilla\Firefox\Profiles\wx0g0083.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
    :mozilla.35:C:\Documents and Settings\Delton\Application Data\Mozilla\Firefox\Profiles\wx0g0083.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
    :mozilla.43:C:\Documents and Settings\Delton\Application Data\Mozilla\Firefox\Profiles\wx0g0083.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
    :mozilla.44:C:\Documents and Settings\Delton\Application Data\Mozilla\Firefox\Profiles\wx0g0083.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
    :mozilla.45:C:\Documents and Settings\Delton\Application Data\Mozilla\Firefox\Profiles\wx0g0083.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
    :mozilla.46:C:\Documents and Settings\Delton\Application Data\Mozilla\Firefox\Profiles\wx0g0083.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
    :mozilla.47:C:\Documents and Settings\Delton\Application Data\Mozilla\Firefox\Profiles\wx0g0083.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
    :mozilla.48:C:\Documents and Settings\Delton\Application Data\Mozilla\Firefox\Profiles\wx0g0083.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
    :mozilla.49:C:\Documents and Settings\Delton\Application Data\Mozilla\Firefox\Profiles\wx0g0083.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
    :mozilla.50:C:\Documents and Settings\Delton\Application Data\Mozilla\Firefox\Profiles\wx0g0083.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
    :mozilla.51:C:\Documents and Settings\Delton\Application Data\Mozilla\Firefox\Profiles\wx0g0083.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
    :mozilla.52:C:\Documents and Settings\Delton\Application Data\Mozilla\Firefox\Profiles\wx0g0083.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
    :mozilla.54:C:\Documents and Settings\Delton\Application Data\Mozilla\Firefox\Profiles\wx0g0083.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
    :mozilla.55:C:\Documents and Settings\Delton\Application Data\Mozilla\Firefox\Profiles\wx0g0083.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
    :mozilla.56:C:\Documents and Settings\Delton\Application Data\Mozilla\Firefox\Profiles\wx0g0083.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
    :mozilla.57:C:\Documents and Settings\Delton\Application Data\Mozilla\Firefox\Profiles\wx0g0083.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
    :mozilla.58:C:\Documents and Settings\Delton\Application Data\Mozilla\Firefox\Profiles\wx0g0083.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
    :mozilla.66:C:\Documents and Settings\Delton\Application Data\Mozilla\Firefox\Profiles\wx0g0083.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned with backup
    :mozilla.71:C:\Documents and Settings\Delton\Application Data\Mozilla\Firefox\Profiles\wx0g0083.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
    :mozilla.72:C:\Documents and Settings\Delton\Application Data\Mozilla\Firefox\Profiles\wx0g0083.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
    :mozilla.73:C:\Documents and Settings\Delton\Application Data\Mozilla\Firefox\Profiles\wx0g0083.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
    :mozilla.89:C:\Documents and Settings\Delton\Application Data\Mozilla\Firefox\Profiles\wx0g0083.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
    :mozilla.90:C:\Documents and Settings\Delton\Application Data\Mozilla\Firefox\Profiles\wx0g0083.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
    :mozilla.91:C:\Documents and Settings\Delton\Application Data\Mozilla\Firefox\Profiles\wx0g0083.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
    :mozilla.98:C:\Documents and Settings\Delton\Application Data\Mozilla\Firefox\Profiles\wx0g0083.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
    :mozilla.99:C:\Documents and Settings\Delton\Application Data\Mozilla\Firefox\Profiles\wx0g0083.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
    :mozilla.100:C:\Documents and Settings\Delton\Application Data\Mozilla\Firefox\Profiles\wx0g0083.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
    :mozilla.101:C:\Documents and Settings\Delton\Application Data\Mozilla\Firefox\Profiles\wx0g0083.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
    :mozilla.102:C:\Documents and Settings\Delton\Application Data\Mozilla\Firefox\Profiles\wx0g0083.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
    :mozilla.103:C:\Documents and Settings\Delton\Application Data\Mozilla\Firefox\Profiles\wx0g0083.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
    :mozilla.104:C:\Documents and Settings\Delton\Application Data\Mozilla\Firefox\Profiles\wx0g0083.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
    :mozilla.105:C:\Documents and Settings\Delton\Application Data\Mozilla\Firefox\Profiles\wx0g0083.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
    :mozilla.108:C:\Documents and Settings\Delton\Application Data\Mozilla\Firefox\Profiles\wx0g0083.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
    :mozilla.114:C:\Documents and Settings\Delton\Application Data\Mozilla\Firefox\Profiles\wx0g0083.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
    :mozilla.115:C:\Documents and Settings\Delton\Application Data\Mozilla\Firefox\Profiles\wx0g0083.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
    :mozilla.116:C:\Documents and Settings\Delton\Application Data\Mozilla\Firefox\Profiles\wx0g0083.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
    :mozilla.133:C:\Documents and Settings\Delton\Application Data\Mozilla\Firefox\Profiles\wx0g0083.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
    :mozilla.134:C:\Documents and Settings\Delton\Application Data\Mozilla\Firefox\Profiles\wx0g0083.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
    :mozilla.137:C:\Documents and Settings\Delton\Application Data\Mozilla\Firefox\Profiles\wx0g0083.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
    :mozilla.138:C:\Documents and Settings\Delton\Application Data\Mozilla\Firefox\Profiles\wx0g0083.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
    :mozilla.160:C:\Documents and Settings\Delton\Application Data\Mozilla\Firefox\Profiles\wx0g0083.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
    :mozilla.161:C:\Documents and Settings\Delton\Application Data\Mozilla\Firefox\Profiles\wx0g0083.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
    :mozilla.162:C:\Documents and Settings\Delton\Application Data\Mozilla\Firefox\Profiles\wx0g0083.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
    C:\Documents and Settings\Delton\Cookies\[email protected][2].txt -> TrackingCookie.2o7 : Cleaned with backup
    C:\Documents and Settings\Delton\Cookies\delton@abetterinternet[2].txt -> TrackingCookie.Abetterinternet : Cleaned with backup
    C:\Documents and Settings\Delton\Cookies\[email protected][1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
    C:\Documents and Settings\Delton\Cookies\[email protected][1].txt -> TrackingCookie.Euroclick : Cleaned with backup
    C:\Documents and Settings\Delton\Cookies\delton@bestoffersnetworks[1].txt -> TrackingCookie.Bestoffersnetworks : Cleaned with backup
    C:\Documents and Settings\Delton\Cookies\delton@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned with backup
    C:\Documents and Settings\Delton\Cookies\[email protected][2].txt -> TrackingCookie.Goclick : Cleaned with backup
    C:\Documents and Settings\Delton\Cookies\delton@cliks[1].txt -> TrackingCookie.Cliks : Cleaned with backup
    C:\Documents and Settings\Delton\Cookies\delton@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned with backup
    C:\Documents and Settings\Delton\Cookies\[email protected][1].txt -> TrackingCookie.Overture : Cleaned with backup
    C:\Documents and Settings\Delton\Cookies\delton@epilot[1].txt -> TrackingCookie.Epilot : Cleaned with backup
    C:\Documents and Settings\Delton\Cookies\[email protected][2].txt -> TrackingCookie.Starware : Cleaned with backup
    C:\Documents and Settings\Delton\Cookies\[email protected][2].txt -> TrackingCookie.Tracking101 : Cleaned with backup
    C:\Documents and Settings\Delton\Cookies\[email protected][1].txt -> TrackingCookie.Mx-targeting : Cleaned with backup
    C:\Documents and Settings\Delton\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup
    C:\Documents and Settings\Delton\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup
    C:\Documents and Settings\Delton\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup
    C:\Documents and Settings\Delton\Cookies\[email protected][1].txt -> TrackingCookie.Adjuggler : Cleaned with backup
    C:\Documents and Settings\Delton\Cookies\[email protected][2].txt -> TrackingCookie.Liveperson : Cleaned with backup
    C:\Documents and Settings\Delton\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup
    C:\Documents and Settings\Delton\Cookies\[email protected][2].txt -> TrackingCookie.Reliablestats : Cleaned with backup
    C:\Documents and Settings\Delton\Cookies\[email protected][2].txt -> TrackingCookie.Burstbeacon : Cleaned with backup
    C:\Documents and Settings\Delton\Cookies\[email protected][1].txt -> TrackingCookie.Starware : Cleaned with backup
    C:\Documents and Settings\Delton\Cookies\delton@yadro[1].txt -> TrackingCookie.Yadro : Cleaned with backup
    :mozilla.9:C:\Documents and Settings\Jamie\Application Data\Mozilla\Firefox\Profiles\iht8a62d.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
    :mozilla.10:C:\Documents and Settings\Jamie\Application Data\Mozilla\Firefox\Profiles\iht8a62d.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
    :mozilla.11:C:\Documents and Settings\Jamie\Application Data\Mozilla\Firefox\Profiles\iht8a62d.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
    :mozilla.12:C:\Documents and Settings\Jamie\Application Data\Mozilla\Firefox\Profiles\iht8a62d.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
    :mozilla.32:C:\Documents and Settings\Jamie\Application Data\Mozilla\Firefox\Profiles\iht8a62d.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
    :mozilla.40:C:\Documents and Settings\Jamie\Application Data\Mozilla\Firefox\Profiles\iht8a62d.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
    :mozilla.41:C:\Documents and Settings\Jamie\Application Data\Mozilla\Firefox\Profiles\iht8a62d.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
    :mozilla.42:C:\Documents and Settings\Jamie\Application Data\Mozilla\Firefox\Profiles\iht8a62d.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
    :mozilla.43:C:\Documents and Settings\Jamie\Application Data\Mozilla\Firefox\Profiles\iht8a62d.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
    :mozilla.44:C:\Documents and Settings\Jamie\Application Data\Mozilla\Firefox\Profiles\iht8a62d.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
    :mozilla.45:C:\Documents and Settings\Jamie\Application Data\Mozilla\Firefox\Profiles\iht8a62d.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
    :mozilla.48:C:\Documents and Settings\Jamie\Application Data\Mozilla\Firefox\Profiles\iht8a62d.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
    :mozilla.50:C:\Documents and Settings\Jamie\Application Data\Mozilla\Firefox\Profiles\iht8a62d.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
    :mozilla.51:C:\Documents and Settings\Jamie\Application Data\Mozilla\Firefox\Profiles\iht8a62d.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
    :mozilla.60:C:\Documents and Settings\Jamie\Application Data\Mozilla\Firefox\Profiles\iht8a62d.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
    :mozilla.61:C:\Documents and Settings\Jamie\Application Data\Mozilla\Firefox\Profiles\iht8a62d.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
    :mozilla.62:C:\Documents and Settings\Jamie\Application Data\Mozilla\Firefox\Profiles\iht8a62d.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
    :mozilla.73:C:\Documents and Settings\Jamie\Application Data\Mozilla\Firefox\Profiles\iht8a62d.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
    :mozilla.76:C:\Documents and Settings\Jamie\Application Data\Mozilla\Firefox\Profiles\iht8a62d.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
    :mozilla.92:C:\Documents and Settings\Jamie\Application Data\Mozilla\Firefox\Profiles\iht8a62d.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
    :mozilla.93:C:\Documents and Settings\Jamie\Application Data\Mozilla\Firefox\Profiles\iht8a62d.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
    :mozilla.110:C:\Documents and Settings\Jamie\Application Data\Mozilla\Firefox\Profiles\iht8a62d.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned with backup
    :mozilla.111:C:\Documents and Settings\Jamie\Application Data\Mozilla\Firefox\Profiles\iht8a62d.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned with backup
    C:\Documents and Settings\Jamie\Cookies\jamie@abetterinternet[2].txt -> TrackingCookie.Abetterinternet : Cleaned with backup
    C:\Documents and Settings\Jamie\Cookies\[email protected][1].txt -> TrackingCookie.Euroclick : Cleaned with backup
    C:\Documents and Settings\Jamie\Cookies\jamie@bestoffersnetworks[1].txt -> TrackingCookie.Bestoffersnetworks : Cleaned with backup
    C:\Documents and Settings\Jamie\Cookies\jamie@cliks[2].txt -> TrackingCookie.Cliks : Cleaned with backup
    C:\Documents and Settings\Jamie\Cookies\[email protected][2].txt -> TrackingCookie.Mx-targeting : Cleaned with backup
    C:\Documents and Settings\Jamie\Cookies\[email protected]2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Program Files\TBONAS\TBONcomp.dll -> Adware.ActivShopper : Cleaned with backup
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP518\A0044093.dll -> Adware.ActivShopper : Cleaned with backup
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP520\A0044157.exe -> Adware.BetterInternet : Cleaned with backup
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP520\A0044158.exe -> Trojan.Stervis.h : Cleaned with backup
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP520\A0044159.dll -> Trojan.Agent.iw : Cleaned with backup
    C:\WINDOWS\bdzjhrfbpb.exe -> Adware.BetterInternet : Cleaned with backup
    C:\WINDOWS\Golden Palace Casino PT setup.exe -> Adware.Casino : Cleaned with backup


    ::Report End
     
  9. dvk01

    dvk01 Derek Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    47,897
    I would run ewido again and let it fix the registry entries it found
     
  10. Breakin'Aces

    Breakin'Aces Thread Starter

    Joined:
    May 22, 2006
    Messages:
    26
    Thanks. Other than that, does everything else look ok? And where does this stuff come from? Downloads, or just surfing?
     
  11. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/469385