Solved: I appreciate any help you can give me

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

beba

Thread Starter
Joined
Jun 4, 2005
Messages
22
Hello, I am beba(Deb). Mine ( my brother) referred me here. He said that you guys are REALLY good. I'm a computer dummy so I may not get this explained right but I'm gonna try.

i have a pavilian 554e running windows xp. I ran my virus scan last night and when I got up this morning it have found 21 different things. Anyway when it loads nothing is there, everything on my desk top is gone. I can't click on my start key and nothing is in my taskbar. I get a pop up telling me that my rundll thingy failed to load. Then finally my firefox opened all by itself and it has taken me like 2 hours to be able get hijackthis and scan it. Mine said I would need to give that to ya'll. I pulled up task manager and nothing was useing any ucp's(orsomething like that) The only thing was explorer and it was usuing 98 - 99%. I finally ended task on it and now I can type. It keeps opening other pages and I have to hit the back button to get back to finish this. I can't get my taskbar to even pull up now. The only thing on my desktop is my wallpaper. I sure hope somebody can understand what I'm trying to say. lol
I'm not good at this at all. Anyway here is the copy of the scan log from hijack this:

Logfile of HijackThis v1.99.1
Scan saved at 9:46:06 PM, on 7/15/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\IA\command.exe
C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Network Monitor\netmon.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\DOCUMENTS AND SETTINGS\OWNER\DESKTOP\HijackThis-1.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us7.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.findthewebsiteyouneed.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\iftqh.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,saburup.exe
O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: &EyeTideBar - {987D027C-F0EF-40fa-9A1A-C45007F1F36F} - C:\Program Files\Eyetide Media\Eyetide Viewer\Toolbar\ETBar.dll
O3 - Toolbar: Nick Aracde Toolbar - {4E7BD74F-2B8D-469E-9EB4-FE6FA694B13E} - C:\PROGRA~1\NICKAR~1\NICKAR~1.DLL (file missing)
O3 - Toolbar: ToolBar888 - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - C:\Program Files\ToolBar888\MyToolBar.dll
O3 - Toolbar: Search - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\WINDOWS\cfg32s.dll
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\KODAK\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Clear Fields - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComClearFields.html
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Identities Editor - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComEditIdent.html
O8 - Extra context menu item: Logoff - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComLogoff.html
O8 - Extra context menu item: Passcards Editor - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComEditPass.html
O8 - Extra context menu item: Password Generator - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComPasswordGenerator.html
O8 - Extra context menu item: Reset Fields - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComResetFields.html
O8 - Extra context menu item: RoboForm Options - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComOptions.html
O8 - Extra context menu item: RoboForm TaskBar Icon - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComTaskBarIcon.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Safenotes Editor - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComEditNote.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Set Fields - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSetFields.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Options - {320AF880-6646-11D3-ABEE-C5DBF3571F4C} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComOptions.html
O9 - Extra 'Tools' menuitem: RoboForm Options - {320AF880-6646-11D3-ABEE-C5DBF3571F4C} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComOptions.html
O9 - Extra button: Customize - {320AF880-6646-11D3-ABEE-C5DBF3571F4E} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O9 - Extra 'Tools' menuitem: Customize Menu - {320AF880-6646-11D3-ABEE-C5DBF3571F4E} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O9 - Extra button: Generate - {320AF880-6646-11D3-ABEE-C5DBF3571F50} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComPasswordGenerator.html
O9 - Extra 'Tools' menuitem: Password Generator - {320AF880-6646-11D3-ABEE-C5DBF3571F50} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComPasswordGenerator.html
O9 - Extra button: TaskBar - {320AF880-6646-11D3-ABEE-C5DBF3571F51} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComTaskBarIcon.html
O9 - Extra 'Tools' menuitem: RoboForm TaskBar Icon - {320AF880-6646-11D3-ABEE-C5DBF3571F51} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComTaskBarIcon.html
O9 - Extra button: Set Fields - {320AF880-6646-11D3-ABEE-C5DBF3571F52} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSetFields.html
O9 - Extra 'Tools' menuitem: Set Fields - {320AF880-6646-11D3-ABEE-C5DBF3571F52} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSetFields.html
O9 - Extra button: Reset Fields - {320AF880-6646-11D3-ABEE-C5DBF3571F53} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComResetFields.html
O9 - Extra 'Tools' menuitem: Reset Fields - {320AF880-6646-11D3-ABEE-C5DBF3571F53} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComResetFields.html
O9 - Extra button: Clear Fields - {320AF880-6646-11D3-ABEE-C5DBF3571F54} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComClearFields.html
O9 - Extra 'Tools' menuitem: Clear Fields - {320AF880-6646-11D3-ABEE-C5DBF3571F54} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComClearFields.html
O9 - Extra button: Logoff - {320AF880-6646-11D3-ABEE-C5DBF3571F55} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComLogoff.html
O9 - Extra 'Tools' menuitem: Logoff - {320AF880-6646-11D3-ABEE-C5DBF3571F55} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComLogoff.html
O9 - Extra button: Identities - {45DB34C3-955C-11D3-ABEF-444553540000} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComEditIdent.html
O9 - Extra 'Tools' menuitem: Identities Editor - {45DB34C3-955C-11D3-ABEF-444553540000} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComEditIdent.html
O9 - Extra button: Passcards - {45DB34C3-955C-11D3-ABEF-444553540001} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComEditPass.html
O9 - Extra 'Tools' menuitem: Passcards Editor - {45DB34C3-955C-11D3-ABEF-444553540001} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComEditPass.html
O9 - Extra button: Safenotes - {45DB34C3-955C-11D3-ABEF-444553540002} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComEditNote.html
O9 - Extra 'Tools' menuitem: Safenotes Editor - {45DB34C3-955C-11D3-ABEF-444553540002} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComEditNote.html
O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll
O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://install.charter.com/diskless/bin/tgctlcm.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} - http://www.tbcode.com/ist/softwares/v4.0/ysb_regular.cab
O16 - DPF: {8C875948-9C60-4381-9248-0DF180542D53} - http://installs.hotbar.com/installs/hbtools/programs/hbtools.cab
O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} (Yahoo! Photos Easy Upload Tool Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/ydropper/ydropper1_6us.cab
O20 - Winlogon Notify: App Paths - C:\WINDOWS\system32\lv6609jse.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WebCheck - C:\WINDOWS\system32\tpkwks.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\IA\command.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

I would really appreciate if any of you could help me out. like I said I am a computer dummy. Thank you VERY MUCH!

Deb.
 

JSntgRvr

José
Retired Moderator and Malware Specialist
Joined
Jul 1, 2003
Messages
18,552
Hi, beba. :)

Welcome to TSG.

Your computer has multiple infections. There is a lot of work to do.

First, Download LSPFix.exe to a convenient location. Do NOT run this program. This is only to be used if you lose Internet Access after removing NewDotNet.

Lets remove NewDotNet:

Go to Start > Control Panel > Add or Remove Programs and remove the following:

New.Net Applications or New.Net Domains (anything that says New.Net)

If it is not there, go here and follow Procedure 4: NewDotNet Removal Procedure 4.

In the event that you lose Internet access after removing New.Net, please double-click LSPFix.exe that you downloaded earlier. Check the "I know what I'm doing" button. You will see 2 panels. If there is any file listed in the "Remove" panel on the right-side, leave it as is and just click "Finish>>" then reboot your computer and you should now have access to the Internet. If nothing is listed under the "Remove Panel", do NOT do anything - just close the program. You will need to use another computer to come back here for further instructions on what to do.

Download new.netfix.exe by noahdfear. Save the file to your desktop. Double click, then click Start to extract the contents to it's own folder. Open the folder and double click the RunThis.bat file to start the tool. Follow the prompts and post the contents of the new.net.txt file it creates in the folder along with a Hijackthis log.
 

beba

Thread Starter
Joined
Jun 4, 2005
Messages
22
I wnt to add and remove programs and there was nothing with new.net showing. I don't have a floppy disk to do the step 4 yet. I have to get one. I appreciate you being here to help me. Wanted to let you know in case it takes me a little bit to get a floppy to get back to you. Also I needed to ask a question. Can I do this on another user name or in safe mode? Because I can't pull up anything under my user name. I signed in under my sons user profile last night and all his stuff is there but tons of popups.
Thanks for your help and your patients with me.
 

JSntgRvr

José
Retired Moderator and Malware Specialist
Joined
Jul 1, 2003
Messages
18,552
beba said:
I wnt to add and remove programs and there was nothing with new.net showing. I don't have a floppy disk to do the step 4 yet. I have to get one. I appreciate you being here to help me. Wanted to let you know in case it takes me a little bit to get a floppy to get back to you. Also I needed to ask a question. Can I do this on another user name or in safe mode? Because I can't pull up anything under my user name. I signed in under my sons user profile last night and all his stuff is there but tons of popups.
Thanks for your help and your patients with me.
Yes you can run this program on any user's name, as long as the profile has Administrative rights. We need to get rid of New.Net first, as it is the most dangerous infection. You may lose your connection to the Internet.

Take your time. (y)
 

beba

Thread Starter
Joined
Jun 4, 2005
Messages
22
Ok. Gosh I hope I did this right. lol
After I did step 4 it said ...A\NNuninstall.exe only part of a ReadProcessMemory or WriteProcessMemory request was completed.

The the contents of the new.net.txt file was : new.net regsitry key fix

by noahdfear ©2006

checking for new.net key

new.net key present!

Running new.net fix!

new.net successfully removed!

and my new Hijackthis log is;

Logfile of HijackThis v1.99.1
Scan saved at 1:22:49 PM, on 7/17/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\IA\command.exe
C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Network Monitor\netmon.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Spyware Nuker\swnxt.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\KODAK\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\Trillian\trillian.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\EYETID~1\EYETID~1\EYETID~1.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\James\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr7/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.freeze.com/start.shtml
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll (file missing)
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\iftqh.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,saburup.exe
O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: &EyeTideBar - {987D027C-F0EF-40fa-9A1A-C45007F1F36F} - C:\Program Files\Eyetide Media\Eyetide Viewer\Toolbar\ETBar.dll
O3 - Toolbar: Nick Aracde Toolbar - {4E7BD74F-2B8D-469E-9EB4-FE6FA694B13E} - C:\PROGRA~1\NICKAR~1\NICKAR~1.DLL (file missing)
O3 - Toolbar: ToolBar888 - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - C:\Program Files\ToolBar888\MyToolBar.dll
O3 - Toolbar: Search - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\WINDOWS\cfg32s.dll (file missing)
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKLM\..\Run: [SWN2] C:\Program Files\Spyware Nuker\swnxt.exe /h
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [WhenUSave] "C:\Program Files\Save\Save.exe"
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Eyetide Launcher.lnk = C:\Program Files\Eyetide Media\Eyetide Viewer\EyetideController.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\KODAK\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Options - {320AF880-6646-11D3-ABEE-C5DBF3571F4C} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComOptions.html
O9 - Extra 'Tools' menuitem: RoboForm Options - {320AF880-6646-11D3-ABEE-C5DBF3571F4C} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComOptions.html
O9 - Extra button: Customize - {320AF880-6646-11D3-ABEE-C5DBF3571F4E} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O9 - Extra 'Tools' menuitem: Customize Menu - {320AF880-6646-11D3-ABEE-C5DBF3571F4E} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O9 - Extra button: Generate - {320AF880-6646-11D3-ABEE-C5DBF3571F50} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComPasswordGenerator.html
O9 - Extra 'Tools' menuitem: Password Generator - {320AF880-6646-11D3-ABEE-C5DBF3571F50} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComPasswordGenerator.html
O9 - Extra button: TaskBar - {320AF880-6646-11D3-ABEE-C5DBF3571F51} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComTaskBarIcon.html
O9 - Extra 'Tools' menuitem: RoboForm TaskBar Icon - {320AF880-6646-11D3-ABEE-C5DBF3571F51} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComTaskBarIcon.html
O9 - Extra button: Set Fields - {320AF880-6646-11D3-ABEE-C5DBF3571F52} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSetFields.html
O9 - Extra 'Tools' menuitem: Set Fields - {320AF880-6646-11D3-ABEE-C5DBF3571F52} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSetFields.html
O9 - Extra button: Reset Fields - {320AF880-6646-11D3-ABEE-C5DBF3571F53} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComResetFields.html
O9 - Extra 'Tools' menuitem: Reset Fields - {320AF880-6646-11D3-ABEE-C5DBF3571F53} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComResetFields.html
O9 - Extra button: Clear Fields - {320AF880-6646-11D3-ABEE-C5DBF3571F54} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComClearFields.html
O9 - Extra 'Tools' menuitem: Clear Fields - {320AF880-6646-11D3-ABEE-C5DBF3571F54} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComClearFields.html
O9 - Extra button: Logoff - {320AF880-6646-11D3-ABEE-C5DBF3571F55} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComLogoff.html
O9 - Extra 'Tools' menuitem: Logoff - {320AF880-6646-11D3-ABEE-C5DBF3571F55} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComLogoff.html
O9 - Extra button: Identities - {45DB34C3-955C-11D3-ABEF-444553540000} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComEditIdent.html
O9 - Extra 'Tools' menuitem: Identities Editor - {45DB34C3-955C-11D3-ABEF-444553540000} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComEditIdent.html
O9 - Extra button: Passcards - {45DB34C3-955C-11D3-ABEF-444553540001} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComEditPass.html
O9 - Extra 'Tools' menuitem: Passcards Editor - {45DB34C3-955C-11D3-ABEF-444553540001} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComEditPass.html
O9 - Extra button: Safenotes - {45DB34C3-955C-11D3-ABEF-444553540002} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComEditNote.html
O9 - Extra 'Tools' menuitem: Safenotes Editor - {45DB34C3-955C-11D3-ABEF-444553540002} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComEditNote.html
O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll (file missing)
O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll (file missing)
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://install.charter.com/diskless/bin/tgctlcm.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} - http://www.tbcode.com/ist/softwares/v4.0/ysb_regular.cab
O16 - DPF: {8C875948-9C60-4381-9248-0DF180542D53} - http://installs.hotbar.com/installs/hbtools/programs/hbtools.cab
O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} (Yahoo! Photos Easy Upload Tool Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/ydropper/ydropper1_6us.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: Installer - C:\WINDOWS\system32\enpul1791.dll
O20 - Winlogon Notify: WebCheck - C:\WINDOWS\system32\tpkwks.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\IA\command.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

If I managed to do this right I'll be waiting for my next adventurous task. LOL

Thanks again for your help and patients
 

JSntgRvr

José
Retired Moderator and Malware Specialist
Joined
Jul 1, 2003
Messages
18,552
Hi, beba :)

Please double-click LSPFix.exe that you downloaded earlier. Check the "I know what I'm doing" button. You will see 2 panels. If there is any file listed in the "Remove" panel on the right-side, leave it as is and just click "Finish>>" then reboot your computer. If nothing is listed under the "Remove Panel", do NOT do anything - just close the program.

Click here to download Look2Me-Destroyer.exe and save it to your desktop.

Close all windows before continuing.

  • Double-click Look2Me-Destroyer.exe to run it.
  • Put a check next to Run this program as a task.
  • You will receive a message saying Look2Me-Destroyer will close and re-open in approximately 10 seconds. Click OK
  • When Look2Me-Destroyer re-opens, click the Scan for L2M button, your desktop icons will disappear, this is normal.
  • Once it's done scanning, click the Remove L2M button.
  • You will receive a Done Scanning message, click OK.
  • When completed, you will receive this message: Done removing infected files! Look2Me-Destroyer will now shutdown your computer, click OK.
  • Your computer will then shutdown.
  • Turn your computer back on.
Please post the contents of C:\Look2Me-Destroyer.txt and a new HiJackThis log.

If Look2Me-Destroyer does not reopen automatically, reboot and try again.

If you receive a message from your firewall about this program accessing the internet please allow it.

If you receive a runtime error '339' please download MSWINSCK.OCX from here and place it in your C:\Windows\System32 Folder.
 

beba

Thread Starter
Joined
Jun 4, 2005
Messages
22
contents of C:\Look2Me-Destroyer.txt


Look2Me-Destroyer V1.0.12

Scanning for infected files.....
Scan started at 7/17/2006 6:03:04 PM

Infected! C:\WINDOWS\system32\dn8601lse.dll
Infected! C:\WINDOWS\system32\tpkwks.dll
Infected! C:\System Volume Information\_restore{6CD01810-EFB9-4AF0-A405-DE07EB8CD51D}\RP477\A0368780.dll
Infected! C:\System Volume Information\_restore{6CD01810-EFB9-4AF0-A405-DE07EB8CD51D}\RP477\A0368789.dll
Infected! C:\System Volume Information\_restore{6CD01810-EFB9-4AF0-A405-DE07EB8CD51D}\RP477\A0368790.dll
Infected! C:\System Volume Information\_restore{6CD01810-EFB9-4AF0-A405-DE07EB8CD51D}\RP477\A0368791.dll
Infected! C:\System Volume Information\_restore{6CD01810-EFB9-4AF0-A405-DE07EB8CD51D}\RP477\A0368792.dll
Infected! C:\System Volume Information\_restore{6CD01810-EFB9-4AF0-A405-DE07EB8CD51D}\RP477\A0368793.dll
Infected! C:\System Volume Information\_restore{6CD01810-EFB9-4AF0-A405-DE07EB8CD51D}\RP477\A0368794.dll
Infected! C:\System Volume Information\_restore{6CD01810-EFB9-4AF0-A405-DE07EB8CD51D}\RP477\A0368795.dll
Infected! C:\System Volume Information\_restore{6CD01810-EFB9-4AF0-A405-DE07EB8CD51D}\RP477\A0368798.dll
Infected! C:\System Volume Information\_restore{6CD01810-EFB9-4AF0-A405-DE07EB8CD51D}\RP477\A0368804.dll
Infected! C:\System Volume Information\_restore{6CD01810-EFB9-4AF0-A405-DE07EB8CD51D}\RP477\A0368810.dll
Infected! C:\System Volume Information\_restore{6CD01810-EFB9-4AF0-A405-DE07EB8CD51D}\RP477\A0368811.dll
Infected! C:\System Volume Information\_restore{6CD01810-EFB9-4AF0-A405-DE07EB8CD51D}\RP477\A0368813.dll
Infected! C:\System Volume Information\_restore{6CD01810-EFB9-4AF0-A405-DE07EB8CD51D}\RP477\A0368814.dll
Infected! C:\System Volume Information\_restore{6CD01810-EFB9-4AF0-A405-DE07EB8CD51D}\RP477\A0368815.dll
Infected! C:\System Volume Information\_restore{6CD01810-EFB9-4AF0-A405-DE07EB8CD51D}\RP477\A0368816.dll
Infected! C:\System Volume Information\_restore{6CD01810-EFB9-4AF0-A405-DE07EB8CD51D}\RP477\A0368822.dll
Infected! C:\System Volume Information\_restore{6CD01810-EFB9-4AF0-A405-DE07EB8CD51D}\RP477\A0368824.dll
Infected! C:\System Volume Information\_restore{6CD01810-EFB9-4AF0-A405-DE07EB8CD51D}\RP477\A0368825.dll
Infected! C:\System Volume Information\_restore{6CD01810-EFB9-4AF0-A405-DE07EB8CD51D}\RP477\A0368838.dll
Infected! C:\System Volume Information\_restore{6CD01810-EFB9-4AF0-A405-DE07EB8CD51D}\RP477\A0368842.dll
Infected! C:\WINDOWS\system32\abmpvcno.dll
Infected! C:\WINDOWS\system32\dn8601lse.dll
Infected! C:\WINDOWS\system32\p4n80e5ueh.dll

Attempting to delete infected files...

Attempting to delete: C:\WINDOWS\system32\dn8601lse.dll
C:\WINDOWS\system32\dn8601lse.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{6CD01810-EFB9-4AF0-A405-DE07EB8CD51D}\RP477\A0368780.dll
C:\System Volume Information\_restore{6CD01810-EFB9-4AF0-A405-DE07EB8CD51D}\RP477\A0368780.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{6CD01810-EFB9-4AF0-A405-DE07EB8CD51D}\RP477\A0368789.dll
C:\System Volume Information\_restore{6CD01810-EFB9-4AF0-A405-DE07EB8CD51D}\RP477\A0368789.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{6CD01810-EFB9-4AF0-A405-DE07EB8CD51D}\RP477\A0368790.dll
C:\System Volume Information\_restore{6CD01810-EFB9-4AF0-A405-DE07EB8CD51D}\RP477\A0368790.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{6CD01810-EFB9-4AF0-A405-DE07EB8CD51D}\RP477\A0368791.dll
C:\System Volume Information\_restore{6CD01810-EFB9-4AF0-A405-DE07EB8CD51D}\RP477\A0368791.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{6CD01810-EFB9-4AF0-A405-DE07EB8CD51D}\RP477\A0368792.dll
C:\System Volume Information\_restore{6CD01810-EFB9-4AF0-A405-DE07EB8CD51D}\RP477\A0368792.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{6CD01810-EFB9-4AF0-A405-DE07EB8CD51D}\RP477\A0368793.dll
C:\System Volume Information\_restore{6CD01810-EFB9-4AF0-A405-DE07EB8CD51D}\RP477\A0368793.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{6CD01810-EFB9-4AF0-A405-DE07EB8CD51D}\RP477\A0368794.dll
C:\System Volume Information\_restore{6CD01810-EFB9-4AF0-A405-DE07EB8CD51D}\RP477\A0368794.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{6CD01810-EFB9-4AF0-A405-DE07EB8CD51D}\RP477\A0368795.dll
C:\System Volume Information\_restore{6CD01810-EFB9-4AF0-A405-DE07EB8CD51D}\RP477\A0368795.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{6CD01810-EFB9-4AF0-A405-DE07EB8CD51D}\RP477\A0368798.dll
C:\System Volume Information\_restore{6CD01810-EFB9-4AF0-A405-DE07EB8CD51D}\RP477\A0368798.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{6CD01810-EFB9-4AF0-A405-DE07EB8CD51D}\RP477\A0368804.dll
C:\System Volume Information\_restore{6CD01810-EFB9-4AF0-A405-DE07EB8CD51D}\RP477\A0368804.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{6CD01810-EFB9-4AF0-A405-DE07EB8CD51D}\RP477\A0368810.dll
C:\System Volume Information\_restore{6CD01810-EFB9-4AF0-A405-DE07EB8CD51D}\RP477\A0368810.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{6CD01810-EFB9-4AF0-A405-DE07EB8CD51D}\RP477\A0368811.dll
C:\System Volume Information\_restore{6CD01810-EFB9-4AF0-A405-DE07EB8CD51D}\RP477\A0368811.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{6CD01810-EFB9-4AF0-A405-DE07EB8CD51D}\RP477\A0368813.dll
C:\System Volume Information\_restore{6CD01810-EFB9-4AF0-A405-DE07EB8CD51D}\RP477\A0368813.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{6CD01810-EFB9-4AF0-A405-DE07EB8CD51D}\RP477\A0368814.dll
C:\System Volume Information\_restore{6CD01810-EFB9-4AF0-A405-DE07EB8CD51D}\RP477\A0368814.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{6CD01810-EFB9-4AF0-A405-DE07EB8CD51D}\RP477\A0368815.dll
C:\System Volume Information\_restore{6CD01810-EFB9-4AF0-A405-DE07EB8CD51D}\RP477\A0368815.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{6CD01810-EFB9-4AF0-A405-DE07EB8CD51D}\RP477\A0368816.dll
C:\System Volume Information\_restore{6CD01810-EFB9-4AF0-A405-DE07EB8CD51D}\RP477\A0368816.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{6CD01810-EFB9-4AF0-A405-DE07EB8CD51D}\RP477\A0368822.dll
C:\System Volume Information\_restore{6CD01810-EFB9-4AF0-A405-DE07EB8CD51D}\RP477\A0368822.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{6CD01810-EFB9-4AF0-A405-DE07EB8CD51D}\RP477\A0368824.dll
C:\System Volume Information\_restore{6CD01810-EFB9-4AF0-A405-DE07EB8CD51D}\RP477\A0368824.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{6CD01810-EFB9-4AF0-A405-DE07EB8CD51D}\RP477\A0368825.dll
C:\System Volume Information\_restore{6CD01810-EFB9-4AF0-A405-DE07EB8CD51D}\RP477\A0368825.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{6CD01810-EFB9-4AF0-A405-DE07EB8CD51D}\RP477\A0368838.dll
C:\System Volume Information\_restore{6CD01810-EFB9-4AF0-A405-DE07EB8CD51D}\RP477\A0368838.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{6CD01810-EFB9-4AF0-A405-DE07EB8CD51D}\RP477\A0368842.dll
C:\System Volume Information\_restore{6CD01810-EFB9-4AF0-A405-DE07EB8CD51D}\RP477\A0368842.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\abmpvcno.dll
C:\WINDOWS\system32\abmpvcno.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\dn8601lse.dll
C:\WINDOWS\system32\dn8601lse.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\p4n80e5ueh.dll
C:\WINDOWS\system32\p4n80e5ueh.dll Deleted successfully!

Making registry repairs.

Removing: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\RunOnce
Removing: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WebCheck

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{20A2E2AE-4630-4EEC-889F-E71B33E14730}"
HKCR\Clsid\{20A2E2AE-4630-4EEC-889F-E71B33E14730}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{2969F9FB-6607-4258-9A36-3DC61BF3DA76}"
HKCR\Clsid\{2969F9FB-6607-4258-9A36-3DC61BF3DA76}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{A52A7EA7-F5DE-471C-8D25-5DE960AF73B3}"
HKCR\Clsid\{A52A7EA7-F5DE-471C-8D25-5DE960AF73B3}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{F5E73734-C634-480F-A8EB-9A2BBE692F7E}"
HKCR\Clsid\{F5E73734-C634-480F-A8EB-9A2BBE692F7E}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{38CED7C7-C291-4222-8CD7-C8B1729BD4C9}"
HKCR\Clsid\{38CED7C7-C291-4222-8CD7-C8B1729BD4C9}

Restoring Windows certificates.

Replaced hosts file with default windows hosts file


Restoring SeDebugPrivilege for Administrators - Succeeded

new HiJackThis log

Logfile of HijackThis v1.99.1
Scan saved at 6:22:39 PM, on 7/17/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\IA\command.exe
C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Network Monitor\netmon.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\KODAK\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\James\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr7/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.freeze.com/start.shtml
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll (file missing)
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\iftqh.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,saburup.exe
O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: &EyeTideBar - {987D027C-F0EF-40fa-9A1A-C45007F1F36F} - C:\Program Files\Eyetide Media\Eyetide Viewer\Toolbar\ETBar.dll
O3 - Toolbar: Nick Aracde Toolbar - {4E7BD74F-2B8D-469E-9EB4-FE6FA694B13E} - C:\PROGRA~1\NICKAR~1\NICKAR~1.DLL (file missing)
O3 - Toolbar: ToolBar888 - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - C:\Program Files\ToolBar888\MyToolBar.dll
O3 - Toolbar: Search - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\WINDOWS\cfg32s.dll (file missing)
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKLM\..\Run: [SWN2] C:\Program Files\Spyware Nuker\swnxt.exe /h
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [WhenUSave] "C:\Program Files\Save\Save.exe"
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Eyetide Launcher.lnk = C:\Program Files\Eyetide Media\Eyetide Viewer\EyetideController.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\KODAK\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Options - {320AF880-6646-11D3-ABEE-C5DBF3571F4C} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComOptions.html
O9 - Extra 'Tools' menuitem: RoboForm Options - {320AF880-6646-11D3-ABEE-C5DBF3571F4C} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComOptions.html
O9 - Extra button: Customize - {320AF880-6646-11D3-ABEE-C5DBF3571F4E} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O9 - Extra 'Tools' menuitem: Customize Menu - {320AF880-6646-11D3-ABEE-C5DBF3571F4E} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O9 - Extra button: Generate - {320AF880-6646-11D3-ABEE-C5DBF3571F50} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComPasswordGenerator.html
O9 - Extra 'Tools' menuitem: Password Generator - {320AF880-6646-11D3-ABEE-C5DBF3571F50} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComPasswordGenerator.html
O9 - Extra button: TaskBar - {320AF880-6646-11D3-ABEE-C5DBF3571F51} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComTaskBarIcon.html
O9 - Extra 'Tools' menuitem: RoboForm TaskBar Icon - {320AF880-6646-11D3-ABEE-C5DBF3571F51} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComTaskBarIcon.html
O9 - Extra button: Set Fields - {320AF880-6646-11D3-ABEE-C5DBF3571F52} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSetFields.html
O9 - Extra 'Tools' menuitem: Set Fields - {320AF880-6646-11D3-ABEE-C5DBF3571F52} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSetFields.html
O9 - Extra button: Reset Fields - {320AF880-6646-11D3-ABEE-C5DBF3571F53} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComResetFields.html
O9 - Extra 'Tools' menuitem: Reset Fields - {320AF880-6646-11D3-ABEE-C5DBF3571F53} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComResetFields.html
O9 - Extra button: Clear Fields - {320AF880-6646-11D3-ABEE-C5DBF3571F54} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComClearFields.html
O9 - Extra 'Tools' menuitem: Clear Fields - {320AF880-6646-11D3-ABEE-C5DBF3571F54} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComClearFields.html
O9 - Extra button: Logoff - {320AF880-6646-11D3-ABEE-C5DBF3571F55} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComLogoff.html
O9 - Extra 'Tools' menuitem: Logoff - {320AF880-6646-11D3-ABEE-C5DBF3571F55} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComLogoff.html
O9 - Extra button: Identities - {45DB34C3-955C-11D3-ABEF-444553540000} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComEditIdent.html
O9 - Extra 'Tools' menuitem: Identities Editor - {45DB34C3-955C-11D3-ABEF-444553540000} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComEditIdent.html
O9 - Extra button: Passcards - {45DB34C3-955C-11D3-ABEF-444553540001} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComEditPass.html
O9 - Extra 'Tools' menuitem: Passcards Editor - {45DB34C3-955C-11D3-ABEF-444553540001} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComEditPass.html
O9 - Extra button: Safenotes - {45DB34C3-955C-11D3-ABEF-444553540002} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComEditNote.html
O9 - Extra 'Tools' menuitem: Safenotes Editor - {45DB34C3-955C-11D3-ABEF-444553540002} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComEditNote.html
O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll (file missing)
O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll (file missing)
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://install.charter.com/diskless/bin/tgctlcm.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} - http://www.tbcode.com/ist/softwares/v4.0/ysb_regular.cab
O16 - DPF: {8C875948-9C60-4381-9248-0DF180542D53} - http://installs.hotbar.com/installs/hbtools/programs/hbtools.cab
O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} (Yahoo! Photos Easy Upload Tool Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/ydropper/ydropper1_6us.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\IA\command.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
 

JSntgRvr

José
Retired Moderator and Malware Specialist
Joined
Jul 1, 2003
Messages
18,552
Hi, beba :)

Please read this post completely, it may make it easier for you if you copy and paste this post to a new text document or print it for reference later.

This will likely be a few step process in removing the malware that has infected your system. I encourage you to stick with it and follow my directions as closely as possible so as to avoid complicating the problem further.

Download Brute Force Uninstaller to your desktop.
  • Right click the file on your Desktop, and choose Extract All.
  • Click Next.
  • In the box to choose where to extract the files to:
  • Click Browse.
  • Click on the + sign next to My Computer
  • Click on Local Disk (C: ) or whatever your primary drive is.
  • Click Make New Folder
  • Type in BFU
  • Click Next, and uncheck the Show Extracted Files box and then click Finish.
Download sidekickFix.bat (rightclick on that link and choose save as)
  • Place sidekickFix.bat in your C:\BFU - folder. (Important!)
Download qoofix.bat (rightclick on this link and choose save as)
  • Place qoofix.bat in your C:BFU - folder. (Important!)
  • Close all browsers and explorer folders.
    • Navigate to the C:\BFU folder
    • Double-click on sidekickFix.bat
    • Click Yes and follow the prompts, when prompted to restart the PC please do so.
    • Navigate back to the C:\BFU folder
    • Doubleclick qooFix.bat, Close all browsers and explorer folders.
    • Choose option 1 (Qoolfix autofix) and follow the prompts.
    • Please be patient, it will take about five minutes.
  • After the PC has restarted please continue with the following.
Download CWShredder here to its own folder.

Update CWShredder

* Open CWShredder and click I AGREE
* Click Check For Update
* Close CWShredder

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 only

  • Double-click ATF-Cleaner.exe to run the program.
    Under Main choose: Select All
    Click the Empty Selected button.
If you use Firefox browser
  • Click Firefox at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser
  • Click Opera at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

Please download ewido anti-spyware from HERE and save that file to your desktop. This is a 30 day trial of the program
  1. Once you have downloaded ewido anti-spyware, locate the icon on the desktop and double-click it to launch the set up program.
  2. Once the setup is complete you will need run ewido and update the definition files.
  3. On the main screen select the icon "Update" then select the "Update now" link.
  4. Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
  5. Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  6. Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
  7. Under "Reports"
  8. Select "Automatically generate report after every scan"
  9. Un-Select "Only if threats were found"
  10. DO NOT run a scan yet. You will do that later in safe mode.

Now copy these instructions to notepad and save them to your desktop. You will need them to refer to in safe mode.

Boot into Safe Mode:

Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

Perform the following steps in safe mode:

Run the CWShredder. Click I Agree, then Fix and then Next, let it fix everything it asks about.

Close the Shredder.

  • Lauch Ewido-anti-spyware by double-clicking the icon on your desktop.
  • Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
  • ewido will now begin the scanning process, be patient this may take a little time.
    Once the scan is complete do the following:
  • If you have any infections you will prompted, then select "Apply all actions"
  • Next select the "Reports" icon at the top.
  • Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
  • Close ewido.

Note: DO NOT USE the computer while Ewido is scanning. If Explorer or the Control Panel are opened some malware types will reinfect your system or will not be cleaned properly.

Restart back into Windows normally now.

Please go HERE to run Panda's ActiveScan
  • Once you are on the Panda site click the Scan your PC button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When download is complete, click on My Computer to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.
Post a fresh Hijackthis log along with the Ewido and ActiveScan reports.
 

beba

Thread Starter
Joined
Jun 4, 2005
Messages
22
I got down to the qoofix.bat part and it said the page is not found anymore. What should I do now?
Sorry for the trouble
 
Joined
Jun 4, 2005
Messages
23
I don't know why you had a problem with it beba, I just grabbed it without incident.
Check you email.
 

JSntgRvr

José
Retired Moderator and Malware Specialist
Joined
Jul 1, 2003
Messages
18,552
beba said:
I got down to the qoofix.bat part and it said the page is not found anymore. What should I do now?
Sorry for the trouble
Hi, beba :)

Please skip that part and continue with the rest.
 

beba

Thread Starter
Joined
Jun 4, 2005
Messages
22
Ok it said my post was too long, lol. So I'm gonna have to post in a few parts parts. Here is part 1


Ewido Scan:

---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 2:19:21 PM 7/18/2006

+ Scan result:



C:\WINDOWS\Downloaded Program Files\ClientAX.dll -> Adware.180Solutions : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{56F1D444-11BF-4879-A12B-79CF0177F038} -> Adware.180Solutions : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\ClientAX.ClientInstaller -> Adware.180Solutions : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\ClientAX.ClientInstaller.1 -> Adware.180Solutions : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\ClientAX.ClientInstaller\CLSID -> Adware.180Solutions : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\ClientAX.ClientInstaller\CurVer -> Adware.180Solutions : Cleaned with backup (quarantined).
HKU\S-1-5-21-3896645678-1163315259-4202585301-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{56F1D444-11BF-4879-A12B-79CF0177F038} -> Adware.180Solutions : Cleaned with backup (quarantined).
HKU\S-1-5-21-3896645678-1163315259-4202585301-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1ADBCCE8-CF84-441E-9B38-AFC7A19C06A4} -> Adware.ActivShopper : Cleaned with backup (quarantined).
HKU\S-1-5-21-3896645678-1163315259-4202585301-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3D782BB3-F2A5-11D3-BF4C-000000000000} -> Adware.ActivShopper : Cleaned with backup (quarantined).
C:\Documents and Settings\Administrator.BEBAS.001\Local Settings\Temporary Internet Files\Content.IE5\CZW1034F\AppWrap[1].exe -> Adware.AdURL : Cleaned with backup (quarantined).
C:\Documents and Settings\Administrator.BEBAS.001\Local Settings\Temporary Internet Files\Content.IE5\U705QNIP\AppWrap[1].exe -> Adware.AdURL : Cleaned with backup (quarantined).
C:\WINDOWS\icont.exe -> Adware.AdURL : Cleaned with backup (quarantined).
C:\Program Files\TBONBin -> Adware.BetterInternet : Cleaned with backup (quarantined).
C:\Program Files\TBONBin\TBONUnst.htm -> Adware.BetterInternet : Cleaned with backup (quarantined).
C:\Program Files\SpongeBob SquarePants Krabby Quest\bfgt_silent_en.exe/nickarcade.dll -> Adware.BHO : Cleaned with backup (quarantined).
C:\WINDOWS\cfg32.exe -> Adware.BookedSpace : Cleaned with backup (quarantined).
C:\WINDOWS\cfg32a.exe -> Adware.BookedSpace : Cleaned with backup (quarantined).
C:\WINDOWS\cfg32o.dll -> Adware.BookedSpace : Cleaned with backup (quarantined).
C:\stub_sca3.exe -> Adware.BookedSpace : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\AppID\BookedSpace.DLL -> Adware.BookedSpace : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\BookedSpace.Extension -> Adware.BookedSpace : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\BookedSpace.Extension.5 -> Adware.BookedSpace : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\BookedSpace.Extension\CLSID -> Adware.BookedSpace : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\BookedSpace.Extension\CurVer -> Adware.BookedSpace : Cleaned with backup (quarantined).
C:\WINDOWS\system32\AdCache -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\system32\AdCache\B_329_0_0_106800.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\system32\AdCache\B_329_0_0_107400.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\system32\AdCache\B_329_1_0_449200.gif -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\system32\AdCache\B_329_1_0_454300.gif -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\system32\AdCache\B_329_2_0_106800.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\system32\AdCache\B_329_2_0_107400.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\system32\AdCache\B_329_3_0_106800.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\system32\AdCache\B_329_3_0_107400.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\system32\kxkc31e3.dll -> Adware.IEHelper : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Kapabout -> Adware.InternetOptimizer : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\AMeOpt -> Adware.InternetOptimizer : Cleaned with backup (quarantined).
HKU\S-1-5-21-3896645678-1163315259-4202585301-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{85A77577-A8CA-41B7-AA1E-DDAD4C0B12B1} -> Adware.LinkMaker : Cleaned with backup (quarantined).
C:\NNSCAA638.EXE -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\Program Files\NewDotNet -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\Program Files\filesubmit\423.zip\NNWDAC638.EXE -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\Program Files\filesubmit\dearnhardt03.zip\NNWDAC638.EXE -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\WINDOWS\NDNuninstall6_38.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\WINDOWS\NDNuninstall6_90.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\WINDOWS\NDNuninstall6_98.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\KBBar.KBBarBand -> Adware.PowerStrip : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\KBBar.KBBarBand.1 -> Adware.PowerStrip : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\KBBar.KBBarBand\CLSID -> Adware.PowerStrip : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\KBBar.KBBarBand\CurVer -> Adware.PowerStrip : Cleaned with backup (quarantined).
C:\Documents and Settings\James\Start Menu\Programs\WhenU -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\Documents and Settings\James\Start Menu\Programs\WhenU\Learn More About WhenU Save.url -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\Documents and Settings\James\Start Menu\Programs\WhenU\Learn More About WhenU SaveNow.url -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\Documents and Settings\James\Start Menu\Programs\WhenU\Uninstall.lnk -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\Documents and Settings\James\Start Menu\Programs\WhenU\WhenU Help Desk.lnk -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\Documents and Settings\James\Start Menu\Programs\WhenU\WhenU.com Website.url -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Start Menu\Programs\WhenU -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Start Menu\Programs\WhenU\Learn More About WhenU Save.url -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Start Menu\Programs\WhenU\Learn More About WhenU SaveNow.url -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Start Menu\Programs\WhenU\Uninstall.lnk -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Start Menu\Programs\WhenU\WhenU Help Desk.lnk -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Start Menu\Programs\WhenU\WhenU.com Website.url -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\Program Files\Eyetide Media\Eyetide Viewer\VVSNInst.exe -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\Program Files\filesubmit\dearnhardt03.zip\SetupInst.exe -> Adware.SaveNow : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\WUSN.1 -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\Program Files\ToolBar888\MyToolBar.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\Program Files\SurfAccuracy -> Adware.SurfAccuracy : Cleaned with backup (quarantined).
C:\Program Files\SurfSideKick 3 -> Adware.SurfSide : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Surf SideKick -> Adware.SurfSide : Cleaned with backup (quarantined).
HKLM\SOFTWARE\SurfSideKick3 -> Adware.SurfSide : Cleaned with backup (quarantined).
HKLM\SOFTWARE\SurfSideKick3\Internet Explorer -> Adware.SurfSide : Cleaned with backup (quarantined).
HKU\S-1-5-21-3896645678-1163315259-4202585301-1006\Software\SurfSideKick3 -> Adware.SurfSide : Cleaned with backup (quarantined).
HKU\S-1-5-21-3896645678-1163315259-4202585301-1006\Software\SurfSideKick3\Internet Explorer -> Adware.SurfSide : Cleaned with backup (quarantined).
C:\Program Files\Mozilla Firefox\plugins\npclntax.dll -> Adware.Zango : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\ClientAX.RequiredComponent -> Adware.Zango : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\ClientAX.RequiredComponent.1 -> Adware.Zango : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\ClientAX.RequiredComponent\CLSID -> Adware.Zango : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\ClientAX.RequiredComponent\CurVer -> Adware.Zango : Cleaned with backup (quarantined).
C:\Program Files\Common Files\Microsoft Shared\Web Components\vupdman32.exe -> Backdoor.Agent.abc : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\My Documents\Files\Photoshop plug ins\212 Adobe Photoshop Plugins\212 Adobe Photoshop Plugins.part45.rar/212 Adobe Photoshop Plugins\Auto FX AutoFX Studio Bundle Pro 2.0\CRACK\autofx studio.exe -> Backdoor.Theef.111 : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\My Documents\Files\Photoshop plug ins\212 Adobe Photoshop Plugins\212 Adobe Photoshop Plugins.part45.rar/212 Adobe Photoshop Plugins\Auto FX AutoFX Studio Bundle Pro 2.0\CRACK\autofxplug patch.exe -> Backdoor.Theef.111 : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\My Documents\Files\Photoshop plug ins\234 Photoshop Plug-ins\234 Photoshop plugins.part042.rar/234 Photoshop plugins\Panopticum All in 1 One Pack\Panopticum Alpha Strip v1.1\Panopticum AlphaStrip V1.1 Full-Crack.exe -> Backdoor.Theef.111 : Cleaned with backup (quarantined).
C:\nwnmad_5.exe -> Downloader.Adload.ca : Cleaned with backup (quarantined).
C:\wd7gi8nnew.exe -> Downloader.Agent.ala : Cleaned with backup (quarantined).
C:\WINDOWS\system32\w19557a3.dll -> Downloader.Small : Cleaned with backup (quarantined).
C:\ac3_0003.exe -> Downloader.Small.cyh : Cleaned with backup (quarantined).
C:\626_101new.exe -> Dropper.Agent.mu : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Desktop\AiRoboForm-Portable.exe -> Dropper.Delf.yb : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Desktop\airoboform-portable.rar/AiRoboForm-Portable.exe -> Dropper.Delf.yb : Cleaned with backup (quarantined).
C:\WINDOWS\v1201.exe -> Hijacker.Small : Cleaned with backup (quarantined).
C:\dfndrad_5.exe -> Hijacker.VB.nh : Cleaned with backup (quarantined).
:mozilla.10:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\rg9ubz1f.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.11:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\rg9ubz1f.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.12:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\rg9ubz1f.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.13:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\rg9ubz1f.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.14:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\rg9ubz1f.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.15:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\rg9ubz1f.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.16:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\rg9ubz1f.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.96:C:\Documents and Settings\Administrator.BEBAS.001\Application Data\Mozilla\Firefox\Profiles\2ecje6ak.default\cookies.txt -> TrackingCookie.7search : Cleaned with backup (quarantined).
:mozilla.97:C:\Documents and Settings\Administrator.BEBAS.001\Application Data\Mozilla\Firefox\Profiles\2ecje6ak.default\cookies.txt -> TrackingCookie.7search : Cleaned with backup (quarantined).
:mozilla.133:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\rg9ubz1f.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned with backup (quarantined).
:mozilla.134:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\rg9ubz1f.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned with backup (quarantined).
:mozilla.135:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\rg9ubz1f.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned with backup (quarantined).
:mozilla.136:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\rg9ubz1f.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned with backup (quarantined).
:mozilla.137:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\rg9ubz1f.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned with backup (quarantined).
:mozilla.138:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\rg9ubz1f.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned with backup (quarantined).
:mozilla.139:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\rg9ubz1f.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned with backup (quarantined).
:mozilla.140:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\rg9ubz1f.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned with backup (quarantined).
:mozilla.141:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\rg9ubz1f.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned with backup (quarantined).
:mozilla.142:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\rg9ubz1f.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned with backup (quarantined).
:mozilla.143:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\rg9ubz1f.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned with backup (quarantined).
:mozilla.144:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\rg9ubz1f.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned with backup (quarantined).
:mozilla.260:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\14xyiw8r.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).
:mozilla.774:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\14xyiw8r.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).
:mozilla.77:C:\Documents and Settings\Administrator.BEBAS.001\Application Data\Mozilla\Firefox\Profiles\2ecje6ak.default\cookies.txt -> TrackingCookie.Addynamix : Cleaned with backup (quarantined).
:mozilla.662:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\14xyiw8r.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned with backup (quarantined).
:mozilla.663:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\14xyiw8r.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned with backup (quarantined).
:mozilla.18:C:\Documents and Settings\Administrator.BEBAS.001\Application Data\Mozilla\Firefox\Profiles\2ecje6ak.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.19:C:\Documents and Settings\Administrator.BEBAS.001\Application Data\Mozilla\Firefox\Profiles\2ecje6ak.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.475:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\14xyiw8r.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.476:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\14xyiw8r.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.477:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\14xyiw8r.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.478:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\14xyiw8r.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.479:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\14xyiw8r.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.480:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\14xyiw8r.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.122:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\rg9ubz1f.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup (quarantined).
:mozilla.124:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\rg9ubz1f.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup (quarantined).
:mozilla.11:C:\Documents and Settings\Administrator.BEBAS.001\Application Data\Mozilla\Firefox\Profiles\2ecje6ak.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.58:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\rg9ubz1f.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.59:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\rg9ubz1f.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.60:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\rg9ubz1f.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.61:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\rg9ubz1f.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.20:C:\Documents and Settings\LocalService\Application Data\Mozilla\Firefox\Profiles\ovwauf08.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
:mozilla.68:C:\Documents and Settings\Administrator.BEBAS.001\Application Data\Mozilla\Firefox\Profiles\2ecje6ak.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
:mozilla.95:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\rg9ubz1f.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
:mozilla.119:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\rg9ubz1f.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned with backup (quarantined).
:mozilla.123:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\rg9ubz1f.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup (quarantined).
:mozilla.461:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\14xyiw8r.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> TrackingCookie.Burstbeacon : Cleaned with backup (quarantined).
:mozilla.118:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\rg9ubz1f.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
:mozilla.121:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\rg9ubz1f.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
:mozilla.18:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\rg9ubz1f.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.192:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\14xyiw8r.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.193:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\14xyiw8r.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.194:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\14xyiw8r.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.195:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\14xyiw8r.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.196:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\14xyiw8r.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.197:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\14xyiw8r.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.198:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\14xyiw8r.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.199:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\14xyiw8r.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.38:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\rg9ubz1f.default\cookies.txt -> TrackingCookie.Clickbank : Cleaned with backup (quarantined).
:mozilla.62:C:\Documents and Settings\Administrator.BEBAS.001\Application Data\Mozilla\Firefox\Profiles\2ecje6ak.default\cookies.txt -> TrackingCookie.Clickbank : Cleaned with backup (quarantined).
:mozilla.664:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\14xyiw8r.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup (quarantined).
:mozilla.151:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\rg9ubz1f.default\cookies.txt -> TrackingCookie.Coremetrics : Cleaned with backup (quarantined).
:mozilla.120:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\14xyiw8r.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned with backup (quarantined).
:mozilla.121:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\14xyiw8r.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned with backup (quarantined).
:mozilla.122:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\14xyiw8r.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned with backup (quarantined).
:mozilla.123:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\14xyiw8r.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned with backup (quarantined).
:mozilla.37:C:\Documents and Settings\Administrator.BEBAS.001\Application Data\Mozilla\Firefox\Profiles\2ecje6ak.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> TrackingCookie.Cpvfeed : Cleaned with backup (quarantined).
:mozilla.73:C:\Documents and Settings\Administrator.BEBAS.001\Application Data\Mozilla\Firefox\Profiles\2ecje6ak.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
:mozilla.93:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\rg9ubz1f.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
:mozilla.211:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\rg9ubz1f.default\cookies.txt -> TrackingCookie.Enhance : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> TrackingCookie.Euroclick : Cleaned with backup (quarantined).
:mozilla.131:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\14xyiw8r.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.132:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\14xyiw8r.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.133:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\14xyiw8r.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.136:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\14xyiw8r.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.137:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\14xyiw8r.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.139:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\14xyiw8r.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.21:C:\Documents and Settings\LocalService\Application Data\Mozilla\Firefox\Profiles\ovwauf08.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.22:C:\Documents and Settings\LocalService\Application Data\Mozilla\Firefox\Profiles\ovwauf08.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.23:C:\Documents and Settings\LocalService\Application Data\Mozilla\Firefox\Profiles\ovwauf08.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
 

beba

Thread Starter
Joined
Jun 4, 2005
Messages
22
Part 2 still the ewido report:

:mozilla.543:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\14xyiw8r.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.544:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\14xyiw8r.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.545:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\14xyiw8r.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.546:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\14xyiw8r.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.547:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\14xyiw8r.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.54:C:\Documents and Settings\Administrator.BEBAS.001\Application Data\Mozilla\Firefox\Profiles\2ecje6ak.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.55:C:\Documents and Settings\Administrator.BEBAS.001\Application Data\Mozilla\Firefox\Profiles\2ecje6ak.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.56:C:\Documents and Settings\Administrator.BEBAS.001\Application Data\Mozilla\Firefox\Profiles\2ecje6ak.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.57:C:\Documents and Settings\Administrator.BEBAS.001\Application Data\Mozilla\Firefox\Profiles\2ecje6ak.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.58:C:\Documents and Settings\Administrator.BEBAS.001\Application Data\Mozilla\Firefox\Profiles\2ecje6ak.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.59:C:\Documents and Settings\Administrator.BEBAS.001\Application Data\Mozilla\Firefox\Profiles\2ecje6ak.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.60:C:\Documents and Settings\Administrator.BEBAS.001\Application Data\Mozilla\Firefox\Profiles\2ecje6ak.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.61:C:\Documents and Settings\Administrator.BEBAS.001\Application Data\Mozilla\Firefox\Profiles\2ecje6ak.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.167:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\rg9ubz1f.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
:mozilla.161:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\rg9ubz1f.default\cookies.txt -> TrackingCookie.Findwhat : Cleaned with backup (quarantined).
:mozilla.253:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\14xyiw8r.default\cookies.txt -> TrackingCookie.Goclick : Cleaned with backup (quarantined).
:mozilla.254:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\14xyiw8r.default\cookies.txt -> TrackingCookie.Goclick : Cleaned with backup (quarantined).
:mozilla.7:C:\Documents and Settings\LocalService\Application Data\Mozilla\Firefox\Profiles\ovwauf08.default\cookies.txt -> TrackingCookie.Goclick : Cleaned with backup (quarantined).
:mozilla.8:C:\Documents and Settings\LocalService\Application Data\Mozilla\Firefox\Profiles\ovwauf08.default\cookies.txt -> TrackingCookie.Goclick : Cleaned with backup (quarantined).
:mozilla.100:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\rg9ubz1f.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.208:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\rg9ubz1f.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.99:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\rg9ubz1f.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.42:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\rg9ubz1f.default\cookies.txt -> TrackingCookie.Komtrack : Cleaned with backup (quarantined).
:mozilla.43:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\rg9ubz1f.default\cookies.txt -> TrackingCookie.Komtrack : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt -> TrackingCookie.Komtrack : Cleaned with backup (quarantined).
:mozilla.187:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\rg9ubz1f.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).
:mozilla.188:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\rg9ubz1f.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).
:mozilla.227:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\14xyiw8r.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).
:mozilla.228:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\14xyiw8r.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).
:mozilla.229:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\14xyiw8r.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).
:mozilla.25:C:\Documents and Settings\Administrator.BEBAS.001\Application Data\Mozilla\Firefox\Profiles\2ecje6ak.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).
:mozilla.26:C:\Documents and Settings\Administrator.BEBAS.001\Application Data\Mozilla\Firefox\Profiles\2ecje6ak.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).
:mozilla.27:C:\Documents and Settings\Administrator.BEBAS.001\Application Data\Mozilla\Firefox\Profiles\2ecje6ak.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).
:mozilla.28:C:\Documents and Settings\Administrator.BEBAS.001\Application Data\Mozilla\Firefox\Profiles\2ecje6ak.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).
:mozilla.158:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\rg9ubz1f.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup (quarantined).
:mozilla.101:C:\Documents and Settings\Administrator.BEBAS.001\Application Data\Mozilla\Firefox\Profiles\2ecje6ak.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
:mozilla.154:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\rg9ubz1f.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
:mozilla.169:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\rg9ubz1f.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
:mozilla.170:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\rg9ubz1f.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
:mozilla.171:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\rg9ubz1f.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
:mozilla.172:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\rg9ubz1f.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
:mozilla.156:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\rg9ubz1f.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned with backup (quarantined).
:mozilla.157:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\rg9ubz1f.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned with backup (quarantined).
:mozilla.126:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\rg9ubz1f.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> TrackingCookie.Realcastmedia : Cleaned with backup (quarantined).
:mozilla.165:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\rg9ubz1f.default\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup (quarantined).
:mozilla.409:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\14xyiw8r.default\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup (quarantined).
:mozilla.410:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\14xyiw8r.default\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup (quarantined).
:mozilla.411:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\14xyiw8r.default\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup (quarantined).
:mozilla.412:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\14xyiw8r.default\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup (quarantined).
:mozilla.413:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\14xyiw8r.default\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup (quarantined).
:mozilla.29:C:\Documents and Settings\Administrator.BEBAS.001\Application Data\Mozilla\Firefox\Profiles\2ecje6ak.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup (quarantined).
:mozilla.30:C:\Documents and Settings\Administrator.BEBAS.001\Application Data\Mozilla\Firefox\Profiles\2ecje6ak.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup (quarantined).
:mozilla.31:C:\Documents and Settings\Administrator.BEBAS.001\Application Data\Mozilla\Firefox\Profiles\2ecje6ak.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> TrackingCookie.Searchingbooth : Cleaned with backup (quarantined).
:mozilla.590:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\14xyiw8r.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.592:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\14xyiw8r.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.593:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\14xyiw8r.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.594:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\14xyiw8r.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.595:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\14xyiw8r.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.625:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\14xyiw8r.default\cookies.txt -> TrackingCookie.Starware : Cleaned with backup (quarantined).
:mozilla.626:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\14xyiw8r.default\cookies.txt -> TrackingCookie.Starware : Cleaned with backup (quarantined).
:mozilla.627:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\14xyiw8r.default\cookies.txt -> TrackingCookie.Starware : Cleaned with backup (quarantined).
:mozilla.628:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\14xyiw8r.default\cookies.txt -> TrackingCookie.Starware : Cleaned with backup (quarantined).
:mozilla.100:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\14xyiw8r.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.101:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\14xyiw8r.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.102:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\14xyiw8r.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.103:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\14xyiw8r.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.104:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\14xyiw8r.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.105:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\14xyiw8r.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.106:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\14xyiw8r.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.50:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\14xyiw8r.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.51:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\14xyiw8r.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.52:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\14xyiw8r.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.53:C:\Documents and Settings\Administrator.BEBAS.001\Application Data\Mozilla\Firefox\Profiles\2ecje6ak.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.53:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\14xyiw8r.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.54:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\14xyiw8r.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.55:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\14xyiw8r.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.56:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\14xyiw8r.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.57:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\14xyiw8r.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.58:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\14xyiw8r.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.59:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\14xyiw8r.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.60:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\14xyiw8r.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.61:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\14xyiw8r.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.62:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\14xyiw8r.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.63:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\14xyiw8r.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.64:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\14xyiw8r.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.64:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\rg9ubz1f.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.65:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\14xyiw8r.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.66:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\14xyiw8r.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.67:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\14xyiw8r.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.68:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\14xyiw8r.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.69:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\14xyiw8r.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.70:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\14xyiw8r.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.72:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\14xyiw8r.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.73:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\14xyiw8r.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.74:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\14xyiw8r.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.75:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\14xyiw8r.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.76:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\14xyiw8r.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.77:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\14xyiw8r.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.78:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\14xyiw8r.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.79:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\14xyiw8r.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.80:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\14xyiw8r.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.81:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\14xyiw8r.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.88:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\14xyiw8r.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.89:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\14xyiw8r.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.90:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\14xyiw8r.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.91:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\14xyiw8r.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.92:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\14xyiw8r.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.93:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\14xyiw8r.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.94:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\14xyiw8r.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.95:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\14xyiw8r.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.96:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\14xyiw8r.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.97:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\14xyiw8r.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.98:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\14xyiw8r.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.99:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\14xyiw8r.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.220:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\14xyiw8r.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
:mozilla.221:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\14xyiw8r.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
:mozilla.222:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\14xyiw8r.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
:mozilla.223:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\14xyiw8r.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
:mozilla.224:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\14xyiw8r.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
:mozilla.470:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\14xyiw8r.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
:mozilla.54:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\rg9ubz1f.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
:mozilla.55:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\rg9ubz1f.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
:mozilla.89:C:\Documents and Settings\Administrator.BEBAS.001\Application Data\Mozilla\Firefox\Profiles\2ecje6ak.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
:mozilla.90:C:\Documents and Settings\Administrator.BEBAS.001\Application Data\Mozilla\Firefox\Profiles\2ecje6ak.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
:mozilla.91:C:\Documents and Settings\Administrator.BEBAS.001\Application Data\Mozilla\Firefox\Profiles\2ecje6ak.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
:mozilla.92:C:\Documents and Settings\Administrator.BEBAS.001\Application Data\Mozilla\Firefox\Profiles\2ecje6ak.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
:mozilla.93:C:\Documents and Settings\Administrator.BEBAS.001\Application Data\Mozilla\Firefox\Profiles\2ecje6ak.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
:mozilla.79:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\rg9ubz1f.default\cookies.txt -> TrackingCookie.Targetnet : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> TrackingCookie.Top-banners : Cleaned with backup (quarantined).
:mozilla.16:C:\Documents and Settings\LocalService\Application Data\Mozilla\Firefox\Profiles\ovwauf08.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.17:C:\Documents and Settings\LocalService\Application Data\Mozilla\Firefox\Profiles\ovwauf08.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.18:C:\Documents and Settings\LocalService\Application Data\Mozilla\Firefox\Profiles\ovwauf08.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.19:C:\Documents and Settings\LocalService\Application Data\Mozilla\Firefox\Profiles\ovwauf08.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.24:C:\Documents and Settings\LocalService\Application Data\Mozilla\Firefox\Profiles\ovwauf08.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.25:C:\Documents and Settings\LocalService\Application Data\Mozilla\Firefox\Profiles\ovwauf08.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.26:C:\Documents and Settings\LocalService\Application Data\Mozilla\Firefox\Profiles\ovwauf08.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.27:C:\Documents and Settings\LocalService\Application Data\Mozilla\Firefox\Profiles\ovwauf08.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.45:C:\Documents and Settings\Administrator.BEBAS.001\Application Data\Mozilla\Firefox\Profiles\2ecje6ak.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.46:C:\Documents and Settings\Administrator.BEBAS.001\Application Data\Mozilla\Firefox\Profiles\2ecje6ak.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.47:C:\Documents and Settings\Administrator.BEBAS.001\Application Data\Mozilla\Firefox\Profiles\2ecje6ak.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.48:C:\Documents and Settings\Administrator.BEBAS.001\Application Data\Mozilla\Firefox\Profiles\2ecje6ak.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.49:C:\Documents and Settings\Administrator.BEBAS.001\Application Data\Mozilla\Firefox\Profiles\2ecje6ak.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.50:C:\Documents and Settings\Administrator.BEBAS.001\Application Data\Mozilla\Firefox\Profiles\2ecje6ak.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.51:C:\Documents and Settings\Administrator.BEBAS.001\Application Data\Mozilla\Firefox\Profiles\2ecje6ak.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.52:C:\Documents and Settings\Administrator.BEBAS.001\Application Data\Mozilla\Firefox\Profiles\2ecje6ak.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.69:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\rg9ubz1f.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
:mozilla.107:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\14xyiw8r.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.108:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\14xyiw8r.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.109:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\14xyiw8r.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.10:C:\Documents and Settings\Administrator.BEBAS.001\Application Data\Mozilla\Firefox\Profiles\2ecje6ak.default\cookies.txt ->
 

beba

Thread Starter
Joined
Jun 4, 2005
Messages
22
part 3 still the Ewido Report:

TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.110:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\14xyiw8r.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.111:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\14xyiw8r.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.112:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\14xyiw8r.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.113:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\14xyiw8r.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.114:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\14xyiw8r.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.115:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\14xyiw8r.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.116:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\14xyiw8r.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.117:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\14xyiw8r.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.118:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\14xyiw8r.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.119:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\14xyiw8r.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.13:C:\Documents and Settings\Administrator.BEBAS.001\Application Data\Mozilla\Firefox\Profiles\2ecje6ak.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.14:C:\Documents and Settings\Administrator.BEBAS.001\Application Data\Mozilla\Firefox\Profiles\2ecje6ak.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.15:C:\Documents and Settings\Administrator.BEBAS.001\Application Data\Mozilla\Firefox\Profiles\2ecje6ak.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.16:C:\Documents and Settings\Administrator.BEBAS.001\Application Data\Mozilla\Firefox\Profiles\2ecje6ak.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.17:C:\Documents and Settings\Administrator.BEBAS.001\Application Data\Mozilla\Firefox\Profiles\2ecje6ak.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.20:C:\Documents and Settings\Administrator.BEBAS.001\Application Data\Mozilla\Firefox\Profiles\2ecje6ak.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.28:C:\Documents and Settings\LocalService\Application Data\Mozilla\Firefox\Profiles\ovwauf08.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.72:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\rg9ubz1f.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\Documents and Settings\Administrator.BEBAS.001\Cookies\[email protected][1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.200:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\14xyiw8r.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
:mozilla.201:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\14xyiw8r.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
:mozilla.203:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\14xyiw8r.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
:mozilla.204:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\14xyiw8r.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
:mozilla.32:C:\Documents and Settings\Administrator.BEBAS.001\Application Data\Mozilla\Firefox\Profiles\2ecje6ak.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
:mozilla.33:C:\Documents and Settings\Administrator.BEBAS.001\Application Data\Mozilla\Firefox\Profiles\2ecje6ak.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
:mozilla.34:C:\Documents and Settings\Administrator.BEBAS.001\Application Data\Mozilla\Firefox\Profiles\2ecje6ak.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
:mozilla.35:C:\Documents and Settings\Administrator.BEBAS.001\Application Data\Mozilla\Firefox\Profiles\2ecje6ak.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
:mozilla.36:C:\Documents and Settings\Administrator.BEBAS.001\Application Data\Mozilla\Firefox\Profiles\2ecje6ak.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
:mozilla.86:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\rg9ubz1f.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
:mozilla.87:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\rg9ubz1f.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\My Documents\set up files\dnm31.zip/Trillian Pro v3.1 Build 121 Final Package (2005-02-25)/Trillian Pro v3 Generic Patch -SND/patch.exe -> Trojan.Agent.jh : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\My Documents\set up files\incredimail set up\05.05.e-Lunatic.info.Incredimail.Generic.Crack.zip/crack.exe -> Trojan.Agent.jh : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\My Documents\set up files\incredimail set up\crack.exe -> Trojan.Agent.jh : Cleaned with backup (quarantined).
C:\Program Files\Trillian\patch.exe -> Trojan.Agent.jh : Cleaned with backup (quarantined).
C:\Program Files\Common Files\{744584CC-0681-1033-1216-020409020001}\Update.exe -> Trojan.Starter.65 : Cleaned with backup (quarantined).
 

beba

Thread Starter
Joined
Jun 4, 2005
Messages
22
part 4 ActiveScan Report:


ActiveScan report:


Incident Status Location

Adware:adware/commad Not disinfected c:\windows\system32\atmtd.dll
Spyware:spyware/surfsidekick Not disinfected C:\Documents and Settings\James\Local Settings\Temporary Internet Files\Ssk.log
Adware:adware/dollarrevenue Not disinfected c:\windows\drsmartload2.dat
Potentially unwanted tool:application/funweb Not disinfected c:\program files\FunWebProducts
Potentially unwanted tool:application/mywebsearch Not disinfected c:\program files\MyWebSearch
Adware:adware/maxifiles Not disinfected c:\program files\ToolBar888
Potentially unwanted tool:application/zango Not disinfected c:\documents and settings\all users\start menu\programs\Zango
Spyware:spyware/new.net Not disinfected Windows Registry
Adware:adware/powerscan Not disinfected Windows Registry
Adware:adware/surfaccuracy Not disinfected Windows Registry
Adware:adware/sqwire Not disinfected Windows Registry
Adware:adware/bookedspace Not disinfected Windows Registry
Adware:adware/powerstrip Not disinfected Windows Registry
Adware:adware/savenow Not disinfected Windows Registry
Adware:adware/sidesearch Not disinfected Windows Registry
Adware:adware/activshopper Not disinfected Windows Registry
Adware:adware/stiebar Not disinfected Windows Registry
Adware:adware/ist.istbar Not disinfected Windows Registry
Adware:adware/ncase Not disinfected Windows Registry
Adware:adware/gator Not disinfected Windows Registry
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Administrator.BEBAS.001\Cookies\[email protected][2].txt
Spyware:Cookie/Banner Not disinfected C:\Documents and Settings\Administrator.BEBAS.001\Cookies\[email protected][1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Administrator.BEBAS.001\Cookies\[email protected][1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Administrator.BEBAS.001\Cookies\[email protected][2].txt
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Administrator.BEBAS.001\Cookies\[email protected][1].txt








HiJackThis Log:

Logfile of HijackThis v1.99.1
Scan saved at 2:54:06 PM, on 7/18/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\KODAK\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\James\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr7/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll (file missing)
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\iftqh.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,saburup.exe
O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: &EyeTideBar - {987D027C-F0EF-40fa-9A1A-C45007F1F36F} - C:\Program Files\Eyetide Media\Eyetide Viewer\Toolbar\ETBar.dll
O3 - Toolbar: Nick Aracde Toolbar - {4E7BD74F-2B8D-469E-9EB4-FE6FA694B13E} - C:\PROGRA~1\NICKAR~1\NICKAR~1.DLL (file missing)
O3 - Toolbar: ToolBar888 - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - C:\Program Files\ToolBar888\MyToolBar.dll (file missing)
O3 - Toolbar: Search - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\WINDOWS\cfg32s.dll (file missing)
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [WhenUSave] "C:\Program Files\Save\Save.exe"
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Eyetide Launcher.lnk = C:\Program Files\Eyetide Media\Eyetide Viewer\EyetideController.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\KODAK\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Options - {320AF880-6646-11D3-ABEE-C5DBF3571F4C} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComOptions.html
O9 - Extra 'Tools' menuitem: RoboForm Options - {320AF880-6646-11D3-ABEE-C5DBF3571F4C} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComOptions.html
O9 - Extra button: Customize - {320AF880-6646-11D3-ABEE-C5DBF3571F4E} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O9 - Extra 'Tools' menuitem: Customize Menu - {320AF880-6646-11D3-ABEE-C5DBF3571F4E} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O9 - Extra button: Generate - {320AF880-6646-11D3-ABEE-C5DBF3571F50} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComPasswordGenerator.html
O9 - Extra 'Tools' menuitem: Password Generator - {320AF880-6646-11D3-ABEE-C5DBF3571F50} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComPasswordGenerator.html
O9 - Extra button: TaskBar - {320AF880-6646-11D3-ABEE-C5DBF3571F51} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComTaskBarIcon.html
O9 - Extra 'Tools' menuitem: RoboForm TaskBar Icon - {320AF880-6646-11D3-ABEE-C5DBF3571F51} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComTaskBarIcon.html
O9 - Extra button: Set Fields - {320AF880-6646-11D3-ABEE-C5DBF3571F52} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSetFields.html
O9 - Extra 'Tools' menuitem: Set Fields - {320AF880-6646-11D3-ABEE-C5DBF3571F52} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSetFields.html
O9 - Extra button: Reset Fields - {320AF880-6646-11D3-ABEE-C5DBF3571F53} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComResetFields.html
O9 - Extra 'Tools' menuitem: Reset Fields - {320AF880-6646-11D3-ABEE-C5DBF3571F53} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComResetFields.html
O9 - Extra button: Clear Fields - {320AF880-6646-11D3-ABEE-C5DBF3571F54} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComClearFields.html
O9 - Extra 'Tools' menuitem: Clear Fields - {320AF880-6646-11D3-ABEE-C5DBF3571F54} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComClearFields.html
O9 - Extra button: Logoff - {320AF880-6646-11D3-ABEE-C5DBF3571F55} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComLogoff.html
O9 - Extra 'Tools' menuitem: Logoff - {320AF880-6646-11D3-ABEE-C5DBF3571F55} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComLogoff.html
O9 - Extra button: Identities - {45DB34C3-955C-11D3-ABEF-444553540000} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComEditIdent.html
O9 - Extra 'Tools' menuitem: Identities Editor - {45DB34C3-955C-11D3-ABEF-444553540000} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComEditIdent.html
O9 - Extra button: Passcards - {45DB34C3-955C-11D3-ABEF-444553540001} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComEditPass.html
O9 - Extra 'Tools' menuitem: Passcards Editor - {45DB34C3-955C-11D3-ABEF-444553540001} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComEditPass.html
O9 - Extra button: Safenotes - {45DB34C3-955C-11D3-ABEF-444553540002} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComEditNote.html
O9 - Extra 'Tools' menuitem: Safenotes Editor - {45DB34C3-955C-11D3-ABEF-444553540002} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComEditNote.html
O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll (file missing)
O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll (file missing)
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://install.charter.com/diskless/bin/tgctlcm.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} - http://www.tbcode.com/ist/softwares/v4.0/ysb_regular.cab
O16 - DPF: {8C875948-9C60-4381-9248-0DF180542D53} - http://installs.hotbar.com/installs/hbtools/programs/hbtools.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} (Yahoo! Photos Easy Upload Tool Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/ydropper/ydropper1_6us.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\IA\command.exe (file missing)
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe


Thanks again JSntgRvr. And thanks little brother(Rsmine) for trying to help too.This thing must be full of bad stuff. But it is working. :) I have my desktop icons back on my user desktop. I'll be checking back for the next step.
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top