NAV let one in

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

tlfmd

Thread Starter
Joined
May 17, 2003
Messages
32
Found a trojan that Norton Internet security Spyware edition 2005 let in yesterday morning, despite settings to protect. Their website instructions apparently do not apply or do not work (4 hours of restarts etc.)
trojan.adclicker
it won't or can't delete (access denied). (1.tmp in temp files)
The flag comes up at the most unfortunate times and when I go to the quarantine, there might be 4 copies..
Hijack this reports:
Logfile of HijackThis v1.99.1
Scan saved at 12:25:26 PM, on 12/31/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\System32\Ati2evxx.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\spoolsv.exe
F:\Program Files\Common Files\Symantec Shared\ccProxy.exe
F:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
F:\WINDOWS\System32\cisvc.exe
F:\Program Files\Norton Internet Security\ISSVC.exe
F:\WINDOWS\system32\drivers\KodakCCS.exe
F:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
F:\WINDOWS\System32\ScsiAccess.EXE
F:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
F:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
F:\WINDOWS\System32\svchost.exe
F:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
F:\WINDOWS\system32\MsPMSPSv.exe
F:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\Ati2evxx.exe
F:\WINDOWS\Explorer.EXE
F:\Program Files\Common Files\Symantec Shared\ccApp.exe
F:\WINDOWS\system32\atiptaxx.exe
F:\Program Files\ATI Technologies\ATI.ACE\cli.exe
F:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
F:\Program Files\QuickTime\qttask.exe
F:\Program Files\Common Files\Real\Update_OB\realsched.exe
F:\Program Files\Microsoft Hardware\Mouse\point32.exe
F:\DOCUME~1\THOMAS~1\LOCALS~1\Temp\482.tmp.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
F:\Program Files\Messenger\msmsgs.exe
F:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
F:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
F:\Program Files\CalCheck.exe
F:\Program Files\PrintKey2000\Printkey2000.exe
F:\Program Files\ATI Technologies\ATI.ACE\cli.exe
F:\WINDOWS\system32\cidaemon.exe
F:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
F:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
F:\Program Files\Spyware Cleaner\SpywareCleaner.exe
F:\Program Files\Internet Explorer\iexplore.exe
F:\Program Files\Common Files\Symantec Shared\AdBlocking\NSMdtr.exe
F:\DOCUME~1\THOMAS~1\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://charter.msn.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://charter.msn.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - F:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - f:\program files\google\googletoolbar3.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - F:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - F:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - F:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - f:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [ccApp] "F:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [PE2CKFNT SE] f:\program files\ChkFont.exe
O4 - HKLM\..\Run: [ATICCC] "F:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [zBrowser Launcher] F:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [LDM] F:\Program Files\Desktop Messenger\8876480\Program\backWeb-8876480.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "F:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [NeroCheck] F:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [482.tmp] F:\DOCUME~1\THOMAS~1\LOCALS~1\Temp\482.tmp.exe
O4 - HKLM\..\Run: [483.tmp] F:\DOCUME~1\THOMAS~1\LOCALS~1\Temp\483.tmp.exe
O4 - HKLM\..\Run: [482.tmp.exe] F:\DOCUME~1\THOMAS~1\LOCALS~1\Temp\482.tmp.exe
O4 - HKLM\..\Run: [483.tmp.exe] F:\DOCUME~1\THOMAS~1\LOCALS~1\Temp\483.tmp.exe
O4 - HKLM\..\Run: [SpySweeper] "F:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [MSMSGS] "F:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Spyware Cleaner] "F:\Program Files\Spyware Cleaner\SpywareCleaner.Exe" /boot
O4 - Global Startup: ATI CATALYST System Tray.lnk = F:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: Kodak EasyShare software.lnk = F:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = F:\Program Files\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Photo Express Calendar Checker SE.lnk = F:\Program Files\CalCheck.exe
O4 - Global Startup: Printkey2000.lnk = F:\Program Files\PrintKey2000\Printkey2000.exe
O8 - Extra context menu item: &Google Search - res://F:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://F:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://F:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://F:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://F:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://F:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2A341AF3-2295-48AC-94D4-38061E68B709} (ICViewerLaunch Control) - https://216.110.212.186/InteleViewer/cviewer_install.cab
O20 - Winlogon Notify: WRNotifier - F:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - F:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - F:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: GearSecurity - GEAR Software - F:\WINDOWS\system32\gearsec.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - F:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - F:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - F:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: SonicWall VPN Client Service (RampartSvc) - SonicWALL, Inc. - C:\Program Files\SonicWALL\SonicWALL Global VPN Client\RampartSvc.exe
O23 - Service: SAVScan - Symantec Corporation - F:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - F:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: ScsiAccess - Unknown owner - F:\WINDOWS\System32\ScsiAccess.EXE
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SpywareCleanerService - Secure Computer, LLC - F:\Program Files\Spyware Cleaner\SCService.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - F:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Symantec Core LC - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
 
Joined
Sep 7, 2004
Messages
49,014
HiJackThis is runing from a temp directory and must be moved to run correctly

Get HiJack This V1.99.1 http://thespykiller.co.uk/files/hijackthis_sfx.exe - double click the DL file and click UNZIP letting it extract to its default folder C:\Program FIles\HiJackThis, run it from there
===========
DownLoad EasyCleaner http://www.majorgeeks.com/download414.html

Use the clear files and Unnecessary files buttons – I do not recommend
using the Duplicates files button
as many dupes are there on purpose.

Not all files will delete – that is normal.

In the unnecessary button I check the top 4 entries
===========
Download the trial version of Ewido Security Suite http://www.ewido.net/en/download/ (W2K/XP Only)
· Install ewido.
· During the installation, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
· Launch ewido
· It will prompt you to update click the OK button and it will go to the main screen
· On the left side of the main screen click update
· Click on Start and let it update.
· DO NOT run a scan yet. You will do that later in safe mode.

Restart your computer into safe mode now. Perform the following steps in safe mode:
(Start tapping F8 at the first black screen after power up)

Run Ewido:
· Click on scanner
· Click Complete System Scan and the scan will begin.
· During the scan it will prompt you to clean files, click OK
· When the scan is finished, look at the bottom of the screen and click the Save report button.
· Save the report to your C: Drive
This will take some time to run!
Boot to normal mode
Post that log and a new HiJack log
 

tlfmd

Thread Starter
Joined
May 17, 2003
Messages
32
Hijack this is on my C: drive, my windows/primary drive is F: (where all the temp folders are)
 
Joined
Sep 7, 2004
Messages
49,014
This says its in a temp folder

F:\DOCUME~1\THOMAS~1\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

Do as instructed
 

tlfmd

Thread Starter
Joined
May 17, 2003
Messages
32
"Search" says it is in F:\WINDOWS\prefetch... so where am I wrong?
HIJACKTHIS.EXE-05D466DE.pf
 

tlfmd

Thread Starter
Joined
May 17, 2003
Messages
32
If I look in C:\download updates\utilities\spyware
there it is.. HijackThis.exe

what's going on?
 

tlfmd

Thread Starter
Joined
May 17, 2003
Messages
32
OK, Huh..
maybe this'll help you help me..
...
Logfile of HijackThis v1.99.1
Scan saved at 9:49:53 AM, on 1/2/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\System32\Ati2evxx.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\Program Files\Common Files\Symantec Shared\ccProxy.exe
F:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
F:\WINDOWS\System32\cisvc.exe
F:\Program Files\Norton Internet Security\ISSVC.exe
F:\WINDOWS\system32\drivers\KodakCCS.exe
F:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
F:\WINDOWS\System32\ScsiAccess.EXE
F:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
F:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
F:\WINDOWS\System32\svchost.exe
F:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
F:\WINDOWS\system32\MsPMSPSv.exe
F:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\cidaemon.exe
F:\WINDOWS\system32\Ati2evxx.exe
F:\WINDOWS\Explorer.EXE
F:\Program Files\Common Files\Symantec Shared\ccApp.exe
F:\WINDOWS\system32\atiptaxx.exe
F:\Program Files\ATI Technologies\ATI.ACE\cli.exe
F:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
F:\Program Files\QuickTime\qttask.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
F:\Program Files\Microsoft Hardware\Mouse\point32.exe
F:\Program Files\Messenger\msmsgs.exe
F:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
F:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
F:\Program Files\CalCheck.exe
F:\Program Files\PrintKey2000\Printkey2000.exe
F:\Program Files\ATI Technologies\ATI.ACE\cli.exe
F:\WINDOWS\system32\spoolsv.exe
F:\Program Files\Common Files\Real\Update_OB\realsched.exe
F:\Program Files\Norton Internet Security\Norton AntiVirus\OPScan.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://charter.msn.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://charter.msn.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - F:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - f:\program files\google\googletoolbar3.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - F:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - F:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - F:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - f:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [ccApp] "F:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [PE2CKFNT SE] f:\program files\ChkFont.exe
O4 - HKLM\..\Run: [ATICCC] "F:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [zBrowser Launcher] F:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [LDM] F:\Program Files\Desktop Messenger\8876480\Program\backWeb-8876480.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "F:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [NeroCheck] F:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [482.tmp] F:\DOCUME~1\THOMAS~1\LOCALS~1\Temp\482.tmp.exe
O4 - HKLM\..\Run: [483.tmp] F:\DOCUME~1\THOMAS~1\LOCALS~1\Temp\483.tmp.exe
O4 - HKLM\..\Run: [482.tmp.exe] F:\DOCUME~1\THOMAS~1\LOCALS~1\Temp\482.tmp.exe
O4 - HKLM\..\Run: [483.tmp.exe] F:\DOCUME~1\THOMAS~1\LOCALS~1\Temp\483.tmp.exe
O4 - HKCU\..\Run: [MSMSGS] "F:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Spyware Cleaner] "F:\Program Files\Spyware Cleaner\SpywareCleaner.Exe" /boot
O4 - Global Startup: ATI CATALYST System Tray.lnk = F:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: Kodak EasyShare software.lnk = F:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = F:\Program Files\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Photo Express Calendar Checker SE.lnk = F:\Program Files\CalCheck.exe
O4 - Global Startup: Printkey2000.lnk = F:\Program Files\PrintKey2000\Printkey2000.exe
O8 - Extra context menu item: &Google Search - res://F:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://F:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://F:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://F:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://F:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://F:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2A341AF3-2295-48AC-94D4-38061E68B709} (ICViewerLaunch Control) - https://216.110.212.186/InteleViewer/cviewer_install.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqnbk/downloads/sysinfo.cab
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - F:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - F:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: GearSecurity - GEAR Software - F:\WINDOWS\system32\gearsec.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - F:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - F:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - F:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: SonicWall VPN Client Service (RampartSvc) - SonicWALL, Inc. - C:\Program Files\SonicWALL\SonicWALL Global VPN Client\RampartSvc.exe
O23 - Service: SAVScan - Symantec Corporation - F:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - F:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: ScsiAccess - Unknown owner - F:\WINDOWS\System32\ScsiAccess.EXE
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
 
Joined
Sep 7, 2004
Messages
49,014
You appear to have ignored the rest of post #2 – Run Ewido and Easy Cleaner as requested.

Fix these with HJT – mark them, close IE, click fix checked

R3 - Default URLSearchHook is missing

O4 - HKLM\..\Run: [482.tmp] F:\DOCUME~1\THOMAS~1\LOCALS~1\Temp\482.tmp.exe

O4 - HKLM\..\Run: [483.tmp] F:\DOCUME~1\THOMAS~1\LOCALS~1\Temp\483.tmp.exe

O4 - HKLM\..\Run: [482.tmp.exe] F:\DOCUME~1\THOMAS~1\LOCALS~1\Temp\482.tmp.exe

O4 - HKLM\..\Run: [483.tmp.exe] F:\DOCUME~1\THOMAS~1\LOCALS~1\Temp\483.tmp.exe



START – RUN – type in %temp% OK - Edit – Select all – File – Delete

Delete everything in the C:\Windows\Temp folder or C:\WINNT\temp

Empty the recycle bin
Boot and post a new log from normal NOT safe mode

Please give feedback on what worked/didn’t work and the current status of your system
 

tlfmd

Thread Starter
Joined
May 17, 2003
Messages
32
OK>>>
Busy week, and it has been that way..
Done and done

Logfile of HijackThis v1.99.1
Scan saved at 5:46:06 PM, on 1/7/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\System32\Ati2evxx.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\spoolsv.exe
F:\Program Files\Common Files\Symantec Shared\ccProxy.exe
F:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
F:\WINDOWS\System32\cisvc.exe
F:\Program Files\ewido anti-malware\ewidoctrl.exe
F:\Program Files\Norton Internet Security\ISSVC.exe
F:\WINDOWS\system32\drivers\KodakCCS.exe
F:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
F:\WINDOWS\System32\ScsiAccess.EXE
F:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
F:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
F:\WINDOWS\System32\svchost.exe
F:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
F:\WINDOWS\system32\MsPMSPSv.exe
F:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
F:\WINDOWS\system32\Ati2evxx.exe
F:\WINDOWS\Explorer.EXE
F:\WINDOWS\System32\svchost.exe
F:\Program Files\Common Files\Symantec Shared\ccApp.exe
F:\WINDOWS\system32\atiptaxx.exe
F:\Program Files\ATI Technologies\ATI.ACE\cli.exe
F:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
F:\Program Files\QuickTime\qttask.exe
F:\Program Files\Common Files\Real\Update_OB\realsched.exe
F:\Program Files\Microsoft Hardware\Mouse\point32.exe
F:\Program Files\Messenger\msmsgs.exe
F:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
F:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
F:\Program Files\CalCheck.exe
F:\Program Files\PrintKey2000\Printkey2000.exe
F:\WINDOWS\system32\SNDVOL32.EXE
F:\WINDOWS\system32\wuauclt.exe
F:\Program Files\ATI Technologies\ATI.ACE\cli.exe
F:\WINDOWS\system32\cidaemon.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://charter.msn.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://charter.msn.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - F:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - f:\program files\google\googletoolbar3.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - F:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - F:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - F:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - f:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [ccApp] "F:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [PE2CKFNT SE] f:\program files\ChkFont.exe
O4 - HKLM\..\Run: [ATICCC] "F:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [zBrowser Launcher] F:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [LDM] F:\Program Files\Desktop Messenger\8876480\Program\backWeb-8876480.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "F:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [NeroCheck] F:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [482.tmp] F:\DOCUME~1\THOMAS~1\LOCALS~1\Temp\482.tmp.exe
O4 - HKLM\..\Run: [483.tmp] F:\DOCUME~1\THOMAS~1\LOCALS~1\Temp\483.tmp.exe
O4 - HKLM\..\Run: [482.tmp.exe] F:\DOCUME~1\THOMAS~1\LOCALS~1\Temp\482.tmp.exe
O4 - HKLM\..\Run: [483.tmp.exe] F:\DOCUME~1\THOMAS~1\LOCALS~1\Temp\483.tmp.exe
O4 - HKCU\..\Run: [MSMSGS] "F:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Spyware Cleaner] "F:\Program Files\Spyware Cleaner\SpywareCleaner.Exe" /boot
O4 - Global Startup: ATI CATALYST System Tray.lnk = F:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: Kodak EasyShare software.lnk = F:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = F:\Program Files\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Photo Express Calendar Checker SE.lnk = F:\Program Files\CalCheck.exe
O4 - Global Startup: Printkey2000.lnk = F:\Program Files\PrintKey2000\Printkey2000.exe
O8 - Extra context menu item: &Google Search - res://F:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://F:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://F:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://F:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://F:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://F:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2A341AF3-2295-48AC-94D4-38061E68B709} (ICViewerLaunch Control) - https://216.110.212.186/InteleViewer/cviewer_install.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqnbk/downloads/sysinfo.cab
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - F:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - F:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - F:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: GearSecurity - GEAR Software - F:\WINDOWS\system32\gearsec.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - F:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - F:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - F:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: SonicWall VPN Client Service (RampartSvc) - SonicWALL, Inc. - C:\Program Files\SonicWALL\SonicWALL Global VPN Client\RampartSvc.exe
O23 - Service: SAVScan - Symantec Corporation - F:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - F:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: ScsiAccess - Unknown owner - F:\WINDOWS\System32\ScsiAccess.EXE
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

and ewido will folow in note #2
::Report End

I now go back to dele those tmp.exe 's
I'll be back after I also have time to see if the ads come back
 

tlfmd

Thread Starter
Joined
May 17, 2003
Messages
32
---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 5:38:25 PM, 1/7/2006
+ Report-Checksum: 5F66CE69

+ Scan result:

C:\WINDOWS\Cookies\[email protected][1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\WINDOWS\Cookies\[email protected][1].txt -> Spyware.Cookie.Hyperbanner : Cleaned with backup
C:\WINDOWS\Cookies\[email protected][1].txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
C:\WINDOWS\Cookies\[email protected][1].txt -> Spyware.Cookie.Com : Cleaned with backup
C:\WINDOWS\Cookies\[email protected][2].txt -> Spyware.Cookie.Com : Cleaned with backup
C:\WINDOWS\Cookies\[email protected][3].txt -> Spyware.Cookie.Com : Cleaned with backup
C:\WINDOWS\Cookies\[email protected][4].txt -> Spyware.Cookie.Com : Cleaned with backup
C:\WINDOWS\Cookies\[email protected][6].txt -> Spyware.Cookie.Com : Cleaned with backup
C:\WINDOWS\Cookies\[email protected][1].txt -> Spyware.Cookie.Clickzs : Cleaned with backup
C:\WINDOWS\Cookies\[email protected][1].txt -> Spyware.Cookie.Com : Cleaned with backup
C:\WINDOWS\Cookies\[email protected][2].txt -> Spyware.Cookie.Com : Cleaned with backup
C:\WINDOWS\Cookies\[email protected][2].txt -> Spyware.Cookie.Wegcash : Cleaned with backup
C:\WINDOWS\Cookies\[email protected][1].txt -> Spyware.Cookie.Ivwbox : Cleaned with backup
C:\WINDOWS\Cookies\[email protected][2].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
C:\WINDOWS\Cookies\[email protected][1].txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup
C:\WINDOWS\Cookies\[email protected][1].txt -> Spyware.Cookie.Myaffiliateprogram : Cleaned with backup
C:\WINDOWS\Cookies\[email protected][3].txt -> Spyware.Cookie.Myaffiliateprogram : Cleaned with backup
C:\RECYCLED\Dc1.txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\RECYCLED\Dc2.txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\RECYCLED\Dc3.txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\RECYCLED\Dc5.txt -> Spyware.Cookie.Overture : Cleaned with backup
C:\RECYCLED\Dc6.txt -> Spyware.Cookie.Overture : Cleaned with backup
C:\RECYCLED\Dc15.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
C:\RECYCLED\Dc16.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
C:\RECYCLED\Dc17.txt -> Spyware.Cookie.Hotlog : Cleaned with backup
C:\RECYCLED\Dc21.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
F:\Documents and Settings\annamarie\Cookies\[email protected][2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
F:\Documents and Settings\annamarie\Cookies\[email protected][1].txt -> Spyware.Cookie.Advertising : Cleaned with backup
F:\Documents and Settings\annamarie\Cookies\[email protected][2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
F:\Documents and Settings\annamarie\Cookies\[email protected][2].txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
F:\Documents and Settings\annamarie\Cookies\[email protected][1].txt -> Spyware.Cookie.Centrport : Cleaned with backup
F:\Documents and Settings\annamarie\Cookies\[email protected][1].txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
F:\Documents and Settings\annamarie\Cookies\[email protected][2].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
F:\Documents and Settings\annamarie\Cookies\[email protected][2].txt -> Spyware.Cookie.Fastclick : Cleaned with backup
F:\Documents and Settings\annamarie\Cookies\[email protected][2].txt -> Spyware.Cookie.Fastclick : Cleaned with backup
F:\Documents and Settings\annamarie\Cookies\annama[email protected][2].txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
F:\Documents and Settings\barbara\Cookies\[email protected][2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
F:\Documents and Settings\barbara\Cookies\[email protected][2].txt -> Spyware.Cookie.Advertising : Cleaned with backup
F:\Documents and Settings\barbara\Cookies\[email protected][1].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
F:\Documents and Settings\barbara\Cookies\[email protected][2].txt -> Spyware.Cookie.Burstnet : Cleaned with backup
F:\Documents and Settings\barbara\Cookies\[email protected][1].txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
F:\Documents and Settings\barbara\Cookies\[email protected][1].txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
F:\Documents and Settings\barbara\Cookies\[email protected][1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
F:\Documents and Settings\barbara\Cookies\[email protected][1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
F:\Documents and Settings\barbara\Cookies\[email protected][1].txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
F:\Documents and Settings\barbara\Cookies\[email protected][1].txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
F:\Documents and Settings\barbara\Cookies\[email protected][1].txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup
F:\Documents and Settings\barbara\Cookies\[email protected][2].txt -> Spyware.Cookie.Burstnet : Cleaned with backup
F:\Documents and Settings\barbara\Cookies\[email protected][1].txt -> Spyware.Cookie.Adserver : Cleaned with backup
F:\Documents and Settings\caitlin\Cookies\[email protected][2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
F:\Documents and Settings\caitlin\Cookies\[email protected][1].txt -> Spyware.Cookie.Advertising : Cleaned with backup
F:\Documents and Settings\caitlin\Cookies\[email protected][1].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
F:\Documents and Settings\caitlin\Cookies\[email protected][2].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
F:\Documents and Settings\caitlin\Cookies\[email protected][1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
F:\Documents and Settings\caitlin\Cookies\[email protected][1].txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
F:\Documents and Settings\caitlin\Cookies\[email protected][1].txt -> Spyware.Cookie.Advertising : Cleaned with backup
F:\Documents and Settings\marianne\Cookies\[email protected][1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
F:\Documents and Settings\thomas l farney\Cookies\thomas l [email protected][2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
F:\Documents and Settings\thomas l farney\Cookies\thomas l [email protected][2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
F:\Documents and Settings\thomas l farney\Cookies\thomas l [email protected]-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
F:\Documents and Settings\thomas l farney\Cookies\thomas l [email protected][1].txt -> Spyware.Cookie.Clickhype : Cleaned with backup
F:\Documents and Settings\thomas l farney\Cookies\thomas l [email protected][2].txt -> Spyware.Cookie.Specificclick : Cleaned with backup
F:\Documents and Settings\thomas l farney\Cookies\thomas l [email protected][2].txt -> Spyware.Cookie.Pointroll : Cleaned with backup
F:\Documents and Settings\thomas l farney\Cookies\thomas l [email protected][1].txt -> Spyware.Cookie.Burstnet : Cleaned with backup
F:\Documents and Settings\thomas l farney\Cookies\thomas l [email protected][1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
F:\Documents and Settings\thomas l farney\Cookies\thomas l [email protected][2].txt -> Spyware.Cookie.Com : Cleaned with backup
F:\Documents and Settings\thomas l farney\Cookies\thomas l [email protected][1].txt -> Spyware.Cookie.Estat : Cleaned with backup
F:\Documents and Settings\thomas l farney\Cookies\thomas l [email protected][1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
F:\Documents and Settings\thomas l farney\Cookies\thomas l [email protected][1].txt -> Spyware.Cookie.Masterstats : Cleaned with backup
F:\Documents and Settings\thomas l farney\Cookies\thomas l [email protected][1].txt -> Spyware.Cookie.Ivwbox : Cleaned with backup
F:\Documents and Settings\thomas l farney\Cookies\thomas l [email protected][1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
F:\Documents and Settings\thomas l farney\Cookies\thomas l [email protected][1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
F:\Documents and Settings\thomas l farney\Cookies\thomas l [email protected][1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
F:\Documents and Settings\thomas l farney\Cookies\thomas l [email protected][2].txt -> Spyware.Cookie.Overture : Cleaned with backup
F:\Documents and Settings\thomas l farney\Cookies\thomas l [email protected][1].txt -> Spyware.Cookie.Paycounter : Cleaned with backup
F:\Documents and Settings\thomas l farney\Cookies\thomas l [email protected][1].txt -> Spyware.Cookie.Overture : Cleaned with backup
F:\Documents and Settings\thomas l farney\Cookies\thomas l [email protected][2].txt -> Spyware.Cookie.Qksrv : Cleaned with backup
F:\Documents and Settings\thomas l farney\Cookies\thomas l [email protected][1].txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
F:\Documents and Settings\thomas l farney\Cookies\thomas l [email protected][1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
F:\Documents and Settings\thomas l farney\Cookies\thomas l [email protected][1].txt -> Spyware.Cookie.Adjuggler : Cleaned with backup
F:\Documents and Settings\thomas l farney\Cookies\thomas l [email protected][1].txt -> Spyware.Cookie.Adjuggler : Cleaned with backup
F:\Documents and Settings\thomas l farney\Cookies\thomas l [email protected][2].txt -> Spyware.Cookie.Liveperson : Cleaned with backup
F:\Documents and Settings\thomas l farney\Cookies\thomas l [email protected][2].txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
F:\Documents and Settings\thomas l farney\Cookies\thomas l [email protected][2].txt -> Spyware.Cookie.Statcounter : Cleaned with backup
F:\Documents and Settings\thomas l farney\Cookies\thomas l [email protected][1].txt -> Spyware.Cookie.Adbrite : Cleaned with backup
F:\Documents and Settings\thomas l farney\Cookies\thomas l [email protected][1].txt -> Spyware.Cookie.Adjuggler : Cleaned with backup
F:\Documents and Settings\thomas l farney\Cookies\thomas l [email protected][1].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
F:\Documents and Settings\thomas l farney\Cookies\thomas l [email protected][1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
F:\Documents and Settings\thomas l farney\Cookies\thomas l [email protected][2].txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup
F:\Documents and Settings\thomas l farney\Cookies\thomas l [email protected][1].txt -> Spyware.Cookie.Adserver : Cleaned with backup
F:\RECYCLER\S-1-5-21-776561741-842925246-1343024091-1003\Df24.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
F:\RECYCLER\S-1-5-21-776561741-842925246-1343024091-1003\Df40.txt -> Spyware.Cookie.Clickzs : Cleaned with backup
F:\RECYCLER\S-1-5-21-776561741-842925246-1343024091-1003\Df41.txt -> Spyware.Cookie.Clickzs : Cleaned with backup
F:\RECYCLER\S-1-5-21-776561741-842925246-1343024091-1003\Df43.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
F:\RECYCLER\S-1-5-21-776561741-842925246-1343024091-1003\Df44.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
F:\RECYCLER\S-1-5-21-776561741-842925246-1343024091-1003\Df45.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
F:\RECYCLER\S-1-5-21-776561741-842925246-1343024091-1003\Df46.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
F:\RECYCLER\S-1-5-21-776561741-842925246-1343024091-1003\Df47.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
F:\RECYCLER\S-1-5-21-776561741-842925246-1343024091-1003\Df48.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
F:\RECYCLER\S-1-5-21-776561741-842925246-1343024091-1003\Df49.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
F:\RECYCLER\S-1-5-21-776561741-842925246-1343024091-1003\Df50.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
F:\RECYCLER\S-1-5-21-776561741-842925246-1343024091-1003\Df51.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
F:\RECYCLER\S-1-5-21-776561741-842925246-1343024091-1003\Df52.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
F:\RECYCLER\S-1-5-21-776561741-842925246-1343024091-1003\Df53.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
F:\RECYCLER\S-1-5-21-776561741-842925246-1343024091-1003\Df54.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
F:\RECYCLER\S-1-5-21-776561741-842925246-1343024091-1003\Df55.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
F:\RECYCLER\S-1-5-21-776561741-842925246-1343024091-1003\Df56.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
F:\RECYCLER\S-1-5-21-776561741-842925246-1343024091-1003\Df57.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
F:\RECYCLER\S-1-5-21-776561741-842925246-1343024091-1003\Df58.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
F:\RECYCLER\S-1-5-21-776561741-842925246-1343024091-1003\Df59.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
F:\RECYCLER\S-1-5-21-776561741-842925246-1343024091-1003\Df60.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
F:\RECYCLER\S-1-5-21-776561741-842925246-1343024091-1003\Df61.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
F:\RECYCLER\S-1-5-21-776561741-842925246-1343024091-1003\Df66.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
F:\RECYCLER\S-1-5-21-776561741-842925246-1343024091-1003\Df7.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
F:\RECYCLER\S-1-5-21-776561741-842925246-1343024091-1003\Df70.tmp -> Trojan.Small.ga : Cleaned with backup
F:\RECYCLER\S-1-5-21-776561741-842925246-1343024091-1003\Df71.tmp -> Not-A-Virus.Hoax.Win32.Renos.al : Cleaned with backup
F:\RECYCLER\S-1-5-21-776561741-842925246-1343024091-1003\Df73.exe -> Trojan.Small.ga : Cleaned with backup
G:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> Spyware.Cookie.Com : Cleaned with backup
G:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
G:\Documents and Settings\tom\Local Settings\Temp\Cookies\[email protected][2].txt -> Spyware.Cookie.Com : Cleaned with backup
G:\Documents and Settings\tom\Local Settings\Temp\Cookies\[email protected][1].txt -> Spyware.Cookie.Overture : Cleaned with backup
G:\Documents and Settings\tom\Local Settings\Temp\Cookies\[email protected][2].txt -> Spyware.Cookie.Overture : Cleaned with backup
G:\Documents and Settings\tom\Local Settings\Temp\Cookies\[email protected][2].txt -> Spyware.Cookie.Onestat : Cleaned with backup
G:\Documents and Settings\tom\Local Settings\Temp\Cookies\[email protected][1].txt -> Spyware.Cookie.X10 : Cleaned with backup
G:\Documents and Settings\tom\Local Settings\Temp\Cookies\[email protected][1].txt -> Spyware.Cookie.Statcounter : Cleaned with backup
G:\Documents and Settings\tom\Local Settings\Temp\Cookies\[email protected][1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
G:\Documents and Settings\tom\Cookies\[email protected][1].txt -> Spyware.Cookie.Masterstats : Cleaned with backup
G:\Documents and Settings\tom\Cookies\[email protected][2].txt -> Spyware.Cookie.Pointroll : Cleaned with backup
G:\Documents and Settings\tom\Cookies\[email protected][1].txt -> Spyware.Cookie.Overture : Cleaned with backup
G:\Documents and Settings\tom\Cookies\[email protected][1].txt -> Spyware.Cookie.Ivwbox : Cleaned with backup
G:\Documents and Settings\tom\Cookies\[email protected][1].txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
G:\Documents and Settings\tom\Cookies\[email protected].stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
G:\Documents and Settings\tom\Cookies\[email protected][1].txt -> Spyware.Cookie.Burstnet : Cleaned with backup
G:\Documents and Settings\tom\Cookies\[email protected]2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
G:\Documents and Settings\tom\Cookies\[email protected][1].txt -> Spyware.Cookie.X10 : Cleaned with backup
G:\Documents and Settings\tom\Cookies\[email protected][2].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
G:\Documents and Settings\tom\Cookies\[email protected][2].txt -> Spyware.Cookie.Specificclick : Cleaned with backup
G:\Documents and Settings\tom\Cookies\[email protected][2].txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup
G:\Documents and Settings\tom\Cookies\[email protected][1].txt -> Spyware.Cookie.Myaffiliateprogram : Cleaned with backup
G:\Documents and Settings\tom\Cookies\[email protected][1].txt -> Spyware.Cookie.Estat : Cleaned with backup
G:\Documents and Settings\tom\Cookies\[email protected][2].txt -> Spyware.Cookie.Liveperson : Cleaned with backup
G:\Documents and Settings\tom\Cookies\[email protected][1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
G:\Documents and Settings\tom\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
G:\Documents and Settings\tom\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
G:\Documents and Settings\tom\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
G:\Documents and Settings\tom\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
G:\Documents and Settings\tom\Cookies\[email protected][2].txt -> Spyware.Cookie.Com : Cleaned with backup
G:\Documents and Settings\tom\Cookies\[email protected][1].txt -> Spyware.Cookie.Centrport : Cleaned with backup
G:\Documents and Settings\tom\Cookies\[email protected][1].txt -> Spyware.Cookie.Burstnet : Cleaned with backup
G:\Documents and Settings\tom\Cookies\[email protected][3].txt -> Spyware.Cookie.Com : Cleaned with backup
G:\Documents and Settings\tom\Cookies\[email protected][3].txt -> Spyware.Cookie.2o7 : Cleaned with backup
G:\Documents and Settings\tom\Cookies\[email protected][1].txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup
G:\Documents and Settings\tom\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
G:\Documents and Settings\tom\Cookies\[email protected][2].txt -> Spyware.Cookie.Overture : Cleaned with backup
G:\Documents and Settings\tom\Cookies\[email protected][1].txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
G:\Documents and Settings\tom\Cookies\[email protected][2].txt -> Spyware.Cookie.Qksrv : Cleaned with backup
G:\Documents and Settings\tom\Cookies\[email protected][2].txt -> Spyware.Cookie.Clickzs : Cleaned with backup
G:\Documents and Settings\tom\Cookies\[email protected][2].txt -> Spyware.Cookie.Etracker : Cleaned with backup
G:\Documents and Settings\tom\Cookies\[email protected][1].txt -> Spyware.Cookie.Paycounter : Cleaned with backup
G:\Documents and Settings\tom\Cookies\[email protected][2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
G:\Documents and Settings\tom\Cookies\[email protected][2].txt -> Spyware.Cookie.Clickzs : Cleaned with backup
G:\Documents and Settings\tom\Cookies\[email protected][3].txt -> Spyware.Cookie.Liveperson : Cleaned with backup
G:\Documents and Settings\tom\Cookies\[email protected][1].txt -> Spyware.Cookie.Clickhype : Cleaned with backup
G:\Documents and Settings\tom\Cookies\[email protected][1].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
G:\Documents and Settings\tom\Cookies\[email protected][2].txt -> Spyware.Cookie.Burstnet : Cleaned with backup
G:\Documents and Settings\tom\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
G:\Documents and Settings\tom\Cookies\[email protected][1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
G:\Documents and Settings\tom\Cookies\[email protected][1].txt -> Spyware.Cookie.Addynamix : Cleaned with backup
G:\Documents and Settings\tom\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
G:\Documents and Settings\tom\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
G:\Documents and Settings\tom\Cookies\[email protected][1].txt -> Spyware.Cookie.Specificclick : Cleaned with backup
G:\Documents and Settings\tom\Cookies\[email protected][1].txt -> Spyware.Cookie.Adserver : Cleaned with backup
G:\Documents and Settings\tom\Cookies\[email protected][2].txt -> Spyware.Cookie.Ru4 : Cleaned with backup
G:\Documents and Settings\tom\Cookies\[email protected][1].txt -> Spyware.Cookie.Statcounter : Cleaned with backup
G:\Documents and Settings\tom\Cookies\[email protected][1].txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
G:\Documents and Settings\tom\Cookies\[email protected][2].txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
G:\Documents and Settings\tom\Cookies\[email protected][2].txt -> Spyware.Cookie.Adtech : Cleaned with backup
G:\Documents and Settings\tom\Cookies\[email protected][2].txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
G:\Documents and Settings\tom\Cookies\[email protected][1].txt -> Spyware.Cookie.Xxxcounter : Cleaned with backup
G:\Documents and Settings\tom\Cookies\[email protected][2].txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
G:\Documents and Settings\tom\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
G:\Documents and Settings\tom\Cookies\[email protected][1].txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
G:\Documents and Settings\tom\Cookies\[email protected][1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
G:\Documents and Settings\tom\Cookies\[email protected][2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
G:\Documents and Settings\tom\Cookies\[email protected][2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
G:\Documents and Settings\tom\Cookies\[email protected][2].txt -> Spyware.Cookie.Spylog : Cleaned with backup
G:\Documents and Settings\tom\Cookies\[email protected][2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
G:\Documents and Settings\tom\Cookies\[email protected][1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
G:\Documents and Settings\tom\Cookies\[email protected][2].txt -> Spyware.Cookie.Liveperson : Cleaned with backup
G:\Documents and Settings\marianne\Cookies\[email protected][1].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
H:\WINDOWS\Downloaded Program Files\WebP2PInstaller.dll -> Downloader.WebP2PInstaller : Cleaned with backup
H:\Program Files\ahead\WAV to MP3 Encoder\SAVEIN~1.EXE -> Adware.SaveNow : Cleaned with backup
H:\Program Files\CD to WAV and MP3 Ripper\SaveInstWm.exe -> Adware.SaveNow : Cleaned with backup
H:\Program Files\MyWay\myBar\1.bin\MY2NS.EXE -> Spyware.MyWay : Cleaned with backup
H:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL -> Spyware.MyWay : Cleaned with backup
H:\Program Files\MyWay\myBar\1.bin\MYWAYPLUGINPROXY.CLASS -> Spyware.MyWay : Cleaned with backup
H:\Program Files\MyWay\myBar\1.bin\NPMYWAY.DLL -> Spyware.MyWay : Cleaned with backup
H:\Documents and Settings\tom\Local Settings\Temporary Internet Files\Content.IE5\HPPL3VCF\adm4[1].cab/admdloader.dll -> Spyware.Altnet : Cleaned with backup
H:\Documents and Settings\tom\Local Settings\Temporary Internet Files\Content.IE5\HPPL3VCF\adm4[1].cab/admfdi.dll -> Spyware.Altnet : Cleaned with backup
H:\Documents and Settings\tom\Local Settings\Temporary Internet Files\Content.IE5\TROT9S1L\0006[1].cab/ISTactivex.dll -> Downloader.IstBar.s : Cleaned with backup
H:\Documents and Settings\tom\Local Settings\Temporary Internet Files\Content.IE5\2YM0JB3R\0006[1].cab/ISTactivex.dll -> Downloader.IstBar.ag : Cleaned with backup
H:\Documents and Settings\tom\Local Settings\Temporary Internet Files\Content.IE5\2YM0JB3R\0006[2].cab/ISTactivex.dll -> Downloader.IstBar.ag : Cleaned with backup
H:\Documents and Settings\tom\Local Settings\Temporary Internet Files\Content.IE5\QJYJUX6V\0006[1].cab/ISTactivex.dll -> Downloader.IstBar.p : Cleaned with backup
H:\Documents and Settings\tom\Local Settings\Temporary Internet Files\Content.IE5\QQZRH0B3\freegayanalsexmovies-1[1].htm -> Downloader.Inor.a : Cleaned with backup
H:\Documents and Settings\tom\Local Settings\Temporary Internet Files\Content.IE5\QPWZIPI5\0006[1].cab/ISTactivex.dll -> Downloader.IstBar.ag : Cleaned with backup
H:\Documents and Settings\tom\Local Settings\Temporary Internet Files\Content.IE5\ODCRO3SF\0006[1].cab/ISTactivex.dll -> Downloader.IstBar.s : Cleaned with backup
:mozilla.6:H:\Documents and Settings\tom\Application Data\Mozilla\Profiles\default\ntvh9by9.slt\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.7:H:\Documents and Settings\tom\Application Data\Mozilla\Profiles\default\ntvh9by9.slt\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.8:H:\Documents and Settings\tom\Application Data\Mozilla\Profiles\default\ntvh9by9.slt\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.9:H:\Documents and Settings\tom\Application Data\Mozilla\Profiles\default\ntvh9by9.slt\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.10:H:\Documents and Settings\tom\Application Data\Mozilla\Profiles\default\ntvh9by9.slt\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.11:H:\Documents and Settings\tom\Application Data\Mozilla\Profiles\default\ntvh9by9.slt\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.25:H:\Documents and Settings\tom\Application Data\Mozilla\Profiles\default\ntvh9by9.slt\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.26:H:\Documents and Settings\tom\Application Data\Mozilla\Profiles\default\ntvh9by9.slt\cookies.txt -> Spyware.Cookie.Paycounter : Cleaned with backup
:mozilla.27:H:\Documents and Settings\tom\Application Data\Mozilla\Profiles\default\ntvh9by9.slt\cookies.txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
H:\Recycled\Dh137.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
H:\Recycled\Dh162.txt -> Spyware.Cookie.Com : Cleaned with backup
H:\Recycled\Dh163.txt -> Spyware.Cookie.Com : Cleaned with backup
H:\Recycled\Dh164.txt -> Spyware.Cookie.Com : Cleaned with backup
H:\Recycled\Dh165.txt -> Spyware.Cookie.Com : Cleaned with backup
H:\Recycled\Dh166.txt -> Spyware.Cookie.Com : Cleaned with backup
H:\Recycled\Dh182.txt -> Spyware.Cookie.Clickzs : Cleaned with backup
H:\Recycled\Dh213.txt -> Spyware.Cookie.Com : Cleaned with backup
H:\Recycled\Dh214.txt -> Spyware.Cookie.Com : Cleaned with backup
H:\Recycled\Dh273.txt -> Spyware.Cookie.Wegcash : Cleaned with backup
H:\Recycled\Dh318.txt -> Spyware.Cookie.Hotlog : Cleaned with backup
H:\Recycled\Dh341.txt -> Spyware.Cookie.Ivwbox : Cleaned with backup
H:\Recycled\Dh440.txt -> Spyware.Cookie.Overture : Cleaned with backup
H:\Recycled\Dh453.txt -> Spyware.Cookie.Overture : Cleaned with backup
H:\Recycled\Dh3.txt -> Spyware.Cookie.2o7 : Cleaned with backup
H:\Recycled\Dh16.txt -> Spyware.Cookie.2o7 : Cleaned with backup
H:\Recycled\Dh17.txt -> Spyware.Cookie.2o7 : Cleaned with backup
H:\Recycled\Dh18.txt -> Spyware.Cookie.2o7 : Cleaned with backup
H:\Recycled\Dh53.txt -> Spyware.Cookie.Hyperbanner : Cleaned with backup
H:\Recycled\Dh546.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
H:\Recycled\Dh625.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
H:\Recycled\Dh649.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
H:\Recycled\Dh753.txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup
H:\Recycled\Dh899.txt -> Spyware.Cookie.Myaffiliateprogram : Cleaned with backup
H:\Recycled\Dh900.txt -> Spyware.Cookie.Myaffiliateprogram : Cleaned with backup
H:\Recycled\Dh1045.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
H:\Recycled\Dh1048.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
H:\Recycled\Dh1049.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
H:\Recycled\Dh1052.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
H:\Recycled\Dh1738.dll -> Spyware.Altnet : Cleaned with backup
H:\Recycled\Dh1740.dll -> Adware.Altnet : Cleaned with backup
H:\Recycled\Dh1743\download manager\dman25.dll -> Adware.BrilliantDigital : Cleaned with backup
H:\Recycled\Dh1743\download manager\dman4.dll -> Spyware.Altnet : Cleaned with backup
H:\Recycled\Dh1743\download manager\dman4.exe -> Spyware.Altnet : Cleaned with backup


I promise I'll learn more adroit ways of posting
 

tlfmd

Thread Starter
Joined
May 17, 2003
Messages
32
will have to explore, see if it's gone..
seems they screwed up my paypal, so hang on a bit while I work through that one

Logfile of HijackThis v1.99.1
Scan saved at 10:38:58 AM, on 1/8/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\System32\Ati2evxx.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\spoolsv.exe
F:\WINDOWS\system32\Ati2evxx.exe
F:\WINDOWS\Explorer.EXE
F:\Program Files\Common Files\Symantec Shared\ccApp.exe
F:\WINDOWS\system32\atiptaxx.exe
F:\Program Files\ATI Technologies\ATI.ACE\cli.exe
F:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
F:\Program Files\QuickTime\qttask.exe
F:\Program Files\Common Files\Real\Update_OB\realsched.exe
F:\Program Files\Microsoft Hardware\Mouse\point32.exe
F:\Program Files\Messenger\msmsgs.exe
F:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
F:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
F:\Program Files\CalCheck.exe
F:\Program Files\PrintKey2000\Printkey2000.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
F:\Program Files\Common Files\Symantec Shared\ccProxy.exe
F:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
F:\WINDOWS\System32\cisvc.exe
F:\Program Files\ewido anti-malware\ewidoctrl.exe
F:\Program Files\Norton Internet Security\ISSVC.exe
F:\WINDOWS\system32\drivers\KodakCCS.exe
F:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
F:\WINDOWS\System32\ScsiAccess.EXE
F:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
F:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
F:\WINDOWS\System32\svchost.exe
F:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
F:\WINDOWS\system32\MsPMSPSv.exe
F:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
F:\WINDOWS\System32\wbem\wmiapsrv.exe
F:\WINDOWS\System32\svchost.exe
F:\Program Files\ATI Technologies\ATI.ACE\cli.exe
F:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://charter.msn.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://charter.msn.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - F:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - f:\program files\google\googletoolbar3.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - F:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - F:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - F:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - f:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [ccApp] "F:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [PE2CKFNT SE] f:\program files\ChkFont.exe
O4 - HKLM\..\Run: [ATICCC] "F:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [zBrowser Launcher] F:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [LDM] F:\Program Files\Desktop Messenger\8876480\Program\backWeb-8876480.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "F:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [NeroCheck] F:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [MSMSGS] "F:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Spyware Cleaner] "F:\Program Files\Spyware Cleaner\SpywareCleaner.Exe" /boot
O4 - Global Startup: ATI CATALYST System Tray.lnk = F:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: Kodak EasyShare software.lnk = F:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = F:\Program Files\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Photo Express Calendar Checker SE.lnk = F:\Program Files\CalCheck.exe
O4 - Global Startup: Printkey2000.lnk = F:\Program Files\PrintKey2000\Printkey2000.exe
O8 - Extra context menu item: &Google Search - res://F:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://F:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://F:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://F:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://F:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://F:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2A341AF3-2295-48AC-94D4-38061E68B709} (ICViewerLaunch Control) - https://216.110.212.186/InteleViewer/cviewer_install.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqnbk/downloads/sysinfo.cab
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - F:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - F:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - F:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: GearSecurity - GEAR Software - F:\WINDOWS\system32\gearsec.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - F:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - F:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - F:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: SonicWall VPN Client Service (RampartSvc) - SonicWALL, Inc. - C:\Program Files\SonicWALL\SonicWALL Global VPN Client\RampartSvc.exe
O23 - Service: SAVScan - Symantec Corporation - F:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - F:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: ScsiAccess - Unknown owner - F:\WINDOWS\System32\ScsiAccess.EXE
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Top