1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Solved: I appreciate any help you can give me

Discussion in 'Virus & Other Malware Removal' started by beba, Jul 15, 2006.

Thread Status:
Not open for further replies.
Advertisement
  1. beba

    beba Thread Starter

    Joined:
    Jun 4, 2005
    Messages:
    22
    Hello, I am beba(Deb). Mine ( my brother) referred me here. He said that you guys are REALLY good. I'm a computer dummy so I may not get this explained right but I'm gonna try.

    i have a pavilian 554e running windows xp. I ran my virus scan last night and when I got up this morning it have found 21 different things. Anyway when it loads nothing is there, everything on my desk top is gone. I can't click on my start key and nothing is in my taskbar. I get a pop up telling me that my rundll thingy failed to load. Then finally my firefox opened all by itself and it has taken me like 2 hours to be able get hijackthis and scan it. Mine said I would need to give that to ya'll. I pulled up task manager and nothing was useing any ucp's(orsomething like that) The only thing was explorer and it was usuing 98 - 99%. I finally ended task on it and now I can type. It keeps opening other pages and I have to hit the back button to get back to finish this. I can't get my taskbar to even pull up now. The only thing on my desktop is my wallpaper. I sure hope somebody can understand what I'm trying to say. lol
    I'm not good at this at all. Anyway here is the copy of the scan log from hijack this:

    Logfile of HijackThis v1.99.1
    Scan saved at 9:46:06 PM, on 7/15/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\WINDOWS\IA\command.exe
    C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Network Monitor\netmon.exe
    C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
    C:\DOCUMENTS AND SETTINGS\OWNER\DESKTOP\HijackThis-1.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us7.hpwis.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.findthewebsiteyouneed.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com
    R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll
    F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\iftqh.exe
    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,saburup.exe
    O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
    O3 - Toolbar: &EyeTideBar - {987D027C-F0EF-40fa-9A1A-C45007F1F36F} - C:\Program Files\Eyetide Media\Eyetide Viewer\Toolbar\ETBar.dll
    O3 - Toolbar: Nick Aracde Toolbar - {4E7BD74F-2B8D-469E-9EB4-FE6FA694B13E} - C:\PROGRA~1\NICKAR~1\NICKAR~1.DLL (file missing)
    O3 - Toolbar: ToolBar888 - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - C:\Program Files\ToolBar888\MyToolBar.dll
    O3 - Toolbar: Search - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\WINDOWS\cfg32s.dll
    O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
    O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
    O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
    O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\KODAK\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
    O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: Clear Fields - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComClearFields.html
    O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
    O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O8 - Extra context menu item: Identities Editor - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComEditIdent.html
    O8 - Extra context menu item: Logoff - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComLogoff.html
    O8 - Extra context menu item: Passcards Editor - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComEditPass.html
    O8 - Extra context menu item: Password Generator - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComPasswordGenerator.html
    O8 - Extra context menu item: Reset Fields - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComResetFields.html
    O8 - Extra context menu item: RoboForm Options - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComOptions.html
    O8 - Extra context menu item: RoboForm TaskBar Icon - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComTaskBarIcon.html
    O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O8 - Extra context menu item: Safenotes Editor - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComEditNote.html
    O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O8 - Extra context menu item: Set Fields - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSetFields.html
    O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
    O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O9 - Extra button: Options - {320AF880-6646-11D3-ABEE-C5DBF3571F4C} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComOptions.html
    O9 - Extra 'Tools' menuitem: RoboForm Options - {320AF880-6646-11D3-ABEE-C5DBF3571F4C} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComOptions.html
    O9 - Extra button: Customize - {320AF880-6646-11D3-ABEE-C5DBF3571F4E} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
    O9 - Extra 'Tools' menuitem: Customize Menu - {320AF880-6646-11D3-ABEE-C5DBF3571F4E} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
    O9 - Extra button: Generate - {320AF880-6646-11D3-ABEE-C5DBF3571F50} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComPasswordGenerator.html
    O9 - Extra 'Tools' menuitem: Password Generator - {320AF880-6646-11D3-ABEE-C5DBF3571F50} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComPasswordGenerator.html
    O9 - Extra button: TaskBar - {320AF880-6646-11D3-ABEE-C5DBF3571F51} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComTaskBarIcon.html
    O9 - Extra 'Tools' menuitem: RoboForm TaskBar Icon - {320AF880-6646-11D3-ABEE-C5DBF3571F51} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComTaskBarIcon.html
    O9 - Extra button: Set Fields - {320AF880-6646-11D3-ABEE-C5DBF3571F52} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSetFields.html
    O9 - Extra 'Tools' menuitem: Set Fields - {320AF880-6646-11D3-ABEE-C5DBF3571F52} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSetFields.html
    O9 - Extra button: Reset Fields - {320AF880-6646-11D3-ABEE-C5DBF3571F53} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComResetFields.html
    O9 - Extra 'Tools' menuitem: Reset Fields - {320AF880-6646-11D3-ABEE-C5DBF3571F53} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComResetFields.html
    O9 - Extra button: Clear Fields - {320AF880-6646-11D3-ABEE-C5DBF3571F54} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComClearFields.html
    O9 - Extra 'Tools' menuitem: Clear Fields - {320AF880-6646-11D3-ABEE-C5DBF3571F54} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComClearFields.html
    O9 - Extra button: Logoff - {320AF880-6646-11D3-ABEE-C5DBF3571F55} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComLogoff.html
    O9 - Extra 'Tools' menuitem: Logoff - {320AF880-6646-11D3-ABEE-C5DBF3571F55} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComLogoff.html
    O9 - Extra button: Identities - {45DB34C3-955C-11D3-ABEF-444553540000} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComEditIdent.html
    O9 - Extra 'Tools' menuitem: Identities Editor - {45DB34C3-955C-11D3-ABEF-444553540000} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComEditIdent.html
    O9 - Extra button: Passcards - {45DB34C3-955C-11D3-ABEF-444553540001} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComEditPass.html
    O9 - Extra 'Tools' menuitem: Passcards Editor - {45DB34C3-955C-11D3-ABEF-444553540001} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComEditPass.html
    O9 - Extra button: Safenotes - {45DB34C3-955C-11D3-ABEF-444553540002} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComEditNote.html
    O9 - Extra 'Tools' menuitem: Safenotes Editor - {45DB34C3-955C-11D3-ABEF-444553540002} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComEditNote.html
    O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll
    O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
    O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
    O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Hijacked Internet access by New.Net
    O10 - Hijacked Internet access by New.Net
    O10 - Hijacked Internet access by New.Net
    O10 - Hijacked Internet access by New.Net
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://install.charter.com/diskless/bin/tgctlcm.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} - http://www.tbcode.com/ist/softwares/v4.0/ysb_regular.cab
    O16 - DPF: {8C875948-9C60-4381-9248-0DF180542D53} - http://installs.hotbar.com/installs/hbtools/programs/hbtools.cab
    O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} (Yahoo! Photos Easy Upload Tool Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/ydropper/ydropper1_6us.cab
    O20 - Winlogon Notify: App Paths - C:\WINDOWS\system32\lv6609jse.dll
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O20 - Winlogon Notify: WebCheck - C:\WINDOWS\system32\tpkwks.dll (file missing)
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\IA\command.exe
    O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe
    O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe
    O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

    I would really appreciate if any of you could help me out. like I said I am a computer dummy. Thank you VERY MUCH!

    Deb.
     
  2. JSntgRvr

    JSntgRvr Moderator Malware Specialist

    Joined:
    Jul 1, 2003
    Messages:
    18,552
    First Name:
    José
    Hi, beba. :)

    Welcome to TSG.

    Your computer has multiple infections. There is a lot of work to do.

    First, Download LSPFix.exe to a convenient location. Do NOT run this program. This is only to be used if you lose Internet Access after removing NewDotNet.

    Lets remove NewDotNet:

    Go to Start > Control Panel > Add or Remove Programs and remove the following:

    New.Net Applications or New.Net Domains (anything that says New.Net)

    If it is not there, go here and follow Procedure 4: NewDotNet Removal Procedure 4.

    In the event that you lose Internet access after removing New.Net, please double-click LSPFix.exe that you downloaded earlier. Check the "I know what I'm doing" button. You will see 2 panels. If there is any file listed in the "Remove" panel on the right-side, leave it as is and just click "Finish>>" then reboot your computer and you should now have access to the Internet. If nothing is listed under the "Remove Panel", do NOT do anything - just close the program. You will need to use another computer to come back here for further instructions on what to do.

    Download new.netfix.exe by noahdfear. Save the file to your desktop. Double click, then click Start to extract the contents to it's own folder. Open the folder and double click the RunThis.bat file to start the tool. Follow the prompts and post the contents of the new.net.txt file it creates in the folder along with a Hijackthis log.
     
  3. beba

    beba Thread Starter

    Joined:
    Jun 4, 2005
    Messages:
    22
    I wnt to add and remove programs and there was nothing with new.net showing. I don't have a floppy disk to do the step 4 yet. I have to get one. I appreciate you being here to help me. Wanted to let you know in case it takes me a little bit to get a floppy to get back to you. Also I needed to ask a question. Can I do this on another user name or in safe mode? Because I can't pull up anything under my user name. I signed in under my sons user profile last night and all his stuff is there but tons of popups.
    Thanks for your help and your patients with me.
     
  4. JSntgRvr

    JSntgRvr Moderator Malware Specialist

    Joined:
    Jul 1, 2003
    Messages:
    18,552
    First Name:
    José
    Yes you can run this program on any user's name, as long as the profile has Administrative rights. We need to get rid of New.Net first, as it is the most dangerous infection. You may lose your connection to the Internet.

    Take your time. (y)
     
  5. beba

    beba Thread Starter

    Joined:
    Jun 4, 2005
    Messages:
    22
    Ok. Gosh I hope I did this right. lol
    After I did step 4 it said ...A\NNuninstall.exe only part of a ReadProcessMemory or WriteProcessMemory request was completed.

    The the contents of the new.net.txt file was : new.net regsitry key fix

    by noahdfear ©2006

    checking for new.net key

    new.net key present!

    Running new.net fix!

    new.net successfully removed!

    and my new Hijackthis log is;

    Logfile of HijackThis v1.99.1
    Scan saved at 1:22:49 PM, on 7/17/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\WINDOWS\IA\command.exe
    C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Network Monitor\netmon.exe
    C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Spyware Nuker\swnxt.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\KODAK\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
    C:\Program Files\Trillian\trillian.exe
    C:\PROGRA~1\INCRED~1\bin\IMApp.exe
    C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
    C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\PROGRA~1\EYETID~1\EYETID~1\EYETID~1.EXE
    C:\WINDOWS\explorer.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Documents and Settings\James\Desktop\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr7/*http://www.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.freeze.com/start.shtml
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll (file missing)
    F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\iftqh.exe
    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,saburup.exe
    O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
    O3 - Toolbar: &EyeTideBar - {987D027C-F0EF-40fa-9A1A-C45007F1F36F} - C:\Program Files\Eyetide Media\Eyetide Viewer\Toolbar\ETBar.dll
    O3 - Toolbar: Nick Aracde Toolbar - {4E7BD74F-2B8D-469E-9EB4-FE6FA694B13E} - C:\PROGRA~1\NICKAR~1\NICKAR~1.DLL (file missing)
    O3 - Toolbar: ToolBar888 - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - C:\Program Files\ToolBar888\MyToolBar.dll
    O3 - Toolbar: Search - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\WINDOWS\cfg32s.dll (file missing)
    O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
    O4 - HKLM\..\Run: [SWN2] C:\Program Files\Spyware Nuker\swnxt.exe /h
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
    O4 - HKCU\..\Run: [WhenUSave] "C:\Program Files\Save\Save.exe"
    O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - Startup: Eyetide Launcher.lnk = C:\Program Files\Eyetide Media\Eyetide Viewer\EyetideController.exe
    O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\KODAK\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
    O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O9 - Extra button: Options - {320AF880-6646-11D3-ABEE-C5DBF3571F4C} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComOptions.html
    O9 - Extra 'Tools' menuitem: RoboForm Options - {320AF880-6646-11D3-ABEE-C5DBF3571F4C} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComOptions.html
    O9 - Extra button: Customize - {320AF880-6646-11D3-ABEE-C5DBF3571F4E} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
    O9 - Extra 'Tools' menuitem: Customize Menu - {320AF880-6646-11D3-ABEE-C5DBF3571F4E} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
    O9 - Extra button: Generate - {320AF880-6646-11D3-ABEE-C5DBF3571F50} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComPasswordGenerator.html
    O9 - Extra 'Tools' menuitem: Password Generator - {320AF880-6646-11D3-ABEE-C5DBF3571F50} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComPasswordGenerator.html
    O9 - Extra button: TaskBar - {320AF880-6646-11D3-ABEE-C5DBF3571F51} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComTaskBarIcon.html
    O9 - Extra 'Tools' menuitem: RoboForm TaskBar Icon - {320AF880-6646-11D3-ABEE-C5DBF3571F51} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComTaskBarIcon.html
    O9 - Extra button: Set Fields - {320AF880-6646-11D3-ABEE-C5DBF3571F52} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSetFields.html
    O9 - Extra 'Tools' menuitem: Set Fields - {320AF880-6646-11D3-ABEE-C5DBF3571F52} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSetFields.html
    O9 - Extra button: Reset Fields - {320AF880-6646-11D3-ABEE-C5DBF3571F53} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComResetFields.html
    O9 - Extra 'Tools' menuitem: Reset Fields - {320AF880-6646-11D3-ABEE-C5DBF3571F53} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComResetFields.html
    O9 - Extra button: Clear Fields - {320AF880-6646-11D3-ABEE-C5DBF3571F54} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComClearFields.html
    O9 - Extra 'Tools' menuitem: Clear Fields - {320AF880-6646-11D3-ABEE-C5DBF3571F54} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComClearFields.html
    O9 - Extra button: Logoff - {320AF880-6646-11D3-ABEE-C5DBF3571F55} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComLogoff.html
    O9 - Extra 'Tools' menuitem: Logoff - {320AF880-6646-11D3-ABEE-C5DBF3571F55} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComLogoff.html
    O9 - Extra button: Identities - {45DB34C3-955C-11D3-ABEF-444553540000} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComEditIdent.html
    O9 - Extra 'Tools' menuitem: Identities Editor - {45DB34C3-955C-11D3-ABEF-444553540000} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComEditIdent.html
    O9 - Extra button: Passcards - {45DB34C3-955C-11D3-ABEF-444553540001} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComEditPass.html
    O9 - Extra 'Tools' menuitem: Passcards Editor - {45DB34C3-955C-11D3-ABEF-444553540001} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComEditPass.html
    O9 - Extra button: Safenotes - {45DB34C3-955C-11D3-ABEF-444553540002} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComEditNote.html
    O9 - Extra 'Tools' menuitem: Safenotes Editor - {45DB34C3-955C-11D3-ABEF-444553540002} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComEditNote.html
    O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll (file missing)
    O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll (file missing)
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
    O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
    O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Hijacked Internet access by New.Net
    O10 - Hijacked Internet access by New.Net
    O10 - Hijacked Internet access by New.Net
    O10 - Hijacked Internet access by New.Net
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://install.charter.com/diskless/bin/tgctlcm.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} - http://www.tbcode.com/ist/softwares/v4.0/ysb_regular.cab
    O16 - DPF: {8C875948-9C60-4381-9248-0DF180542D53} - http://installs.hotbar.com/installs/hbtools/programs/hbtools.cab
    O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} (Yahoo! Photos Easy Upload Tool Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/ydropper/ydropper1_6us.cab
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O20 - Winlogon Notify: Installer - C:\WINDOWS\system32\enpul1791.dll
    O20 - Winlogon Notify: WebCheck - C:\WINDOWS\system32\tpkwks.dll (file missing)
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\IA\command.exe
    O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe
    O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe
    O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

    If I managed to do this right I'll be waiting for my next adventurous task. LOL

    Thanks again for your help and patients
     
  6. JSntgRvr

    JSntgRvr Moderator Malware Specialist

    Joined:
    Jul 1, 2003
    Messages:
    18,552
    First Name:
    José
    Hi, beba :)

    Please double-click LSPFix.exe that you downloaded earlier. Check the "I know what I'm doing" button. You will see 2 panels. If there is any file listed in the "Remove" panel on the right-side, leave it as is and just click "Finish>>" then reboot your computer. If nothing is listed under the "Remove Panel", do NOT do anything - just close the program.

    Click here to download Look2Me-Destroyer.exe and save it to your desktop.

    Close all windows before continuing.

    • Double-click Look2Me-Destroyer.exe to run it.
    • Put a check next to Run this program as a task.
    • You will receive a message saying Look2Me-Destroyer will close and re-open in approximately 10 seconds. Click OK
    • When Look2Me-Destroyer re-opens, click the Scan for L2M button, your desktop icons will disappear, this is normal.
    • Once it's done scanning, click the Remove L2M button.
    • You will receive a Done Scanning message, click OK.
    • When completed, you will receive this message: Done removing infected files! Look2Me-Destroyer will now shutdown your computer, click OK.
    • Your computer will then shutdown.
    • Turn your computer back on.
    Please post the contents of C:\Look2Me-Destroyer.txt and a new HiJackThis log.

    If Look2Me-Destroyer does not reopen automatically, reboot and try again.

    If you receive a message from your firewall about this program accessing the internet please allow it.

    If you receive a runtime error '339' please download MSWINSCK.OCX from here and place it in your C:\Windows\System32 Folder.
     
  7. beba

    beba Thread Starter

    Joined:
    Jun 4, 2005
    Messages:
    22
    contents of C:\Look2Me-Destroyer.txt


    Look2Me-Destroyer V1.0.12

    Scanning for infected files.....
    Scan started at 7/17/2006 6:03:04 PM

    Infected! C:\WINDOWS\system32\dn8601lse.dll
    Infected! C:\WINDOWS\system32\tpkwks.dll
    Infected! C:\System Volume Information\_restore{6CD01810-EFB9-4AF0-A405-DE07EB8CD51D}\RP477\A0368780.dll
    Infected! C:\System Volume Information\_restore{6CD01810-EFB9-4AF0-A405-DE07EB8CD51D}\RP477\A0368789.dll
    Infected! C:\System Volume Information\_restore{6CD01810-EFB9-4AF0-A405-DE07EB8CD51D}\RP477\A0368790.dll
    Infected! C:\System Volume Information\_restore{6CD01810-EFB9-4AF0-A405-DE07EB8CD51D}\RP477\A0368791.dll
    Infected! C:\System Volume Information\_restore{6CD01810-EFB9-4AF0-A405-DE07EB8CD51D}\RP477\A0368792.dll
    Infected! C:\System Volume Information\_restore{6CD01810-EFB9-4AF0-A405-DE07EB8CD51D}\RP477\A0368793.dll
    Infected! C:\System Volume Information\_restore{6CD01810-EFB9-4AF0-A405-DE07EB8CD51D}\RP477\A0368794.dll
    Infected! C:\System Volume Information\_restore{6CD01810-EFB9-4AF0-A405-DE07EB8CD51D}\RP477\A0368795.dll
    Infected! C:\System Volume Information\_restore{6CD01810-EFB9-4AF0-A405-DE07EB8CD51D}\RP477\A0368798.dll
    Infected! C:\System Volume Information\_restore{6CD01810-EFB9-4AF0-A405-DE07EB8CD51D}\RP477\A0368804.dll
    Infected! C:\System Volume Information\_restore{6CD01810-EFB9-4AF0-A405-DE07EB8CD51D}\RP477\A0368810.dll
    Infected! C:\System Volume Information\_restore{6CD01810-EFB9-4AF0-A405-DE07EB8CD51D}\RP477\A0368811.dll
    Infected! C:\System Volume Information\_restore{6CD01810-EFB9-4AF0-A405-DE07EB8CD51D}\RP477\A0368813.dll
    Infected! C:\System Volume Information\_restore{6CD01810-EFB9-4AF0-A405-DE07EB8CD51D}\RP477\A0368814.dll
    Infected! C:\System Volume Information\_restore{6CD01810-EFB9-4AF0-A405-DE07EB8CD51D}\RP477\A0368815.dll
    Infected! C:\System Volume Information\_restore{6CD01810-EFB9-4AF0-A405-DE07EB8CD51D}\RP477\A0368816.dll
    Infected! C:\System Volume Information\_restore{6CD01810-EFB9-4AF0-A405-DE07EB8CD51D}\RP477\A0368822.dll
    Infected! C:\System Volume Information\_restore{6CD01810-EFB9-4AF0-A405-DE07EB8CD51D}\RP477\A0368824.dll
    Infected! C:\System Volume Information\_restore{6CD01810-EFB9-4AF0-A405-DE07EB8CD51D}\RP477\A0368825.dll
    Infected! C:\System Volume Information\_restore{6CD01810-EFB9-4AF0-A405-DE07EB8CD51D}\RP477\A0368838.dll
    Infected! C:\System Volume Information\_restore{6CD01810-EFB9-4AF0-A405-DE07EB8CD51D}\RP477\A0368842.dll
    Infected! C:\WINDOWS\system32\abmpvcno.dll
    Infected! C:\WINDOWS\system32\dn8601lse.dll
    Infected! C:\WINDOWS\system32\p4n80e5ueh.dll

    Attempting to delete infected files...

    Attempting to delete: C:\WINDOWS\system32\dn8601lse.dll
    C:\WINDOWS\system32\dn8601lse.dll Deleted successfully!

    Attempting to delete: C:\System Volume Information\_restore{6CD01810-EFB9-4AF0-A405-DE07EB8CD51D}\RP477\A0368780.dll
    C:\System Volume Information\_restore{6CD01810-EFB9-4AF0-A405-DE07EB8CD51D}\RP477\A0368780.dll Deleted successfully!

    Attempting to delete: C:\System Volume Information\_restore{6CD01810-EFB9-4AF0-A405-DE07EB8CD51D}\RP477\A0368789.dll
    C:\System Volume Information\_restore{6CD01810-EFB9-4AF0-A405-DE07EB8CD51D}\RP477\A0368789.dll Deleted successfully!

    Attempting to delete: C:\System Volume Information\_restore{6CD01810-EFB9-4AF0-A405-DE07EB8CD51D}\RP477\A0368790.dll
    C:\System Volume Information\_restore{6CD01810-EFB9-4AF0-A405-DE07EB8CD51D}\RP477\A0368790.dll Deleted successfully!

    Attempting to delete: C:\System Volume Information\_restore{6CD01810-EFB9-4AF0-A405-DE07EB8CD51D}\RP477\A0368791.dll
    C:\System Volume Information\_restore{6CD01810-EFB9-4AF0-A405-DE07EB8CD51D}\RP477\A0368791.dll Deleted successfully!

    Attempting to delete: C:\System Volume Information\_restore{6CD01810-EFB9-4AF0-A405-DE07EB8CD51D}\RP477\A0368792.dll
    C:\System Volume Information\_restore{6CD01810-EFB9-4AF0-A405-DE07EB8CD51D}\RP477\A0368792.dll Deleted successfully!

    Attempting to delete: C:\System Volume Information\_restore{6CD01810-EFB9-4AF0-A405-DE07EB8CD51D}\RP477\A0368793.dll
    C:\System Volume Information\_restore{6CD01810-EFB9-4AF0-A405-DE07EB8CD51D}\RP477\A0368793.dll Deleted successfully!

    Attempting to delete: C:\System Volume Information\_restore{6CD01810-EFB9-4AF0-A405-DE07EB8CD51D}\RP477\A0368794.dll
    C:\System Volume Information\_restore{6CD01810-EFB9-4AF0-A405-DE07EB8CD51D}\RP477\A0368794.dll Deleted successfully!

    Attempting to delete: C:\System Volume Information\_restore{6CD01810-EFB9-4AF0-A405-DE07EB8CD51D}\RP477\A0368795.dll
    C:\System Volume Information\_restore{6CD01810-EFB9-4AF0-A405-DE07EB8CD51D}\RP477\A0368795.dll Deleted successfully!

    Attempting to delete: C:\System Volume Information\_restore{6CD01810-EFB9-4AF0-A405-DE07EB8CD51D}\RP477\A0368798.dll
    C:\System Volume Information\_restore{6CD01810-EFB9-4AF0-A405-DE07EB8CD51D}\RP477\A0368798.dll Deleted successfully!

    Attempting to delete: C:\System Volume Information\_restore{6CD01810-EFB9-4AF0-A405-DE07EB8CD51D}\RP477\A0368804.dll
    C:\System Volume Information\_restore{6CD01810-EFB9-4AF0-A405-DE07EB8CD51D}\RP477\A0368804.dll Deleted successfully!

    Attempting to delete: C:\System Volume Information\_restore{6CD01810-EFB9-4AF0-A405-DE07EB8CD51D}\RP477\A0368810.dll
    C:\System Volume Information\_restore{6CD01810-EFB9-4AF0-A405-DE07EB8CD51D}\RP477\A0368810.dll Deleted successfully!

    Attempting to delete: C:\System Volume Information\_restore{6CD01810-EFB9-4AF0-A405-DE07EB8CD51D}\RP477\A0368811.dll
    C:\System Volume Information\_restore{6CD01810-EFB9-4AF0-A405-DE07EB8CD51D}\RP477\A0368811.dll Deleted successfully!

    Attempting to delete: C:\System Volume Information\_restore{6CD01810-EFB9-4AF0-A405-DE07EB8CD51D}\RP477\A0368813.dll
    C:\System Volume Information\_restore{6CD01810-EFB9-4AF0-A405-DE07EB8CD51D}\RP477\A0368813.dll Deleted successfully!

    Attempting to delete: C:\System Volume Information\_restore{6CD01810-EFB9-4AF0-A405-DE07EB8CD51D}\RP477\A0368814.dll
    C:\System Volume Information\_restore{6CD01810-EFB9-4AF0-A405-DE07EB8CD51D}\RP477\A0368814.dll Deleted successfully!

    Attempting to delete: C:\System Volume Information\_restore{6CD01810-EFB9-4AF0-A405-DE07EB8CD51D}\RP477\A0368815.dll
    C:\System Volume Information\_restore{6CD01810-EFB9-4AF0-A405-DE07EB8CD51D}\RP477\A0368815.dll Deleted successfully!

    Attempting to delete: C:\System Volume Information\_restore{6CD01810-EFB9-4AF0-A405-DE07EB8CD51D}\RP477\A0368816.dll
    C:\System Volume Information\_restore{6CD01810-EFB9-4AF0-A405-DE07EB8CD51D}\RP477\A0368816.dll Deleted successfully!

    Attempting to delete: C:\System Volume Information\_restore{6CD01810-EFB9-4AF0-A405-DE07EB8CD51D}\RP477\A0368822.dll
    C:\System Volume Information\_restore{6CD01810-EFB9-4AF0-A405-DE07EB8CD51D}\RP477\A0368822.dll Deleted successfully!

    Attempting to delete: C:\System Volume Information\_restore{6CD01810-EFB9-4AF0-A405-DE07EB8CD51D}\RP477\A0368824.dll
    C:\System Volume Information\_restore{6CD01810-EFB9-4AF0-A405-DE07EB8CD51D}\RP477\A0368824.dll Deleted successfully!

    Attempting to delete: C:\System Volume Information\_restore{6CD01810-EFB9-4AF0-A405-DE07EB8CD51D}\RP477\A0368825.dll
    C:\System Volume Information\_restore{6CD01810-EFB9-4AF0-A405-DE07EB8CD51D}\RP477\A0368825.dll Deleted successfully!

    Attempting to delete: C:\System Volume Information\_restore{6CD01810-EFB9-4AF0-A405-DE07EB8CD51D}\RP477\A0368838.dll
    C:\System Volume Information\_restore{6CD01810-EFB9-4AF0-A405-DE07EB8CD51D}\RP477\A0368838.dll Deleted successfully!

    Attempting to delete: C:\System Volume Information\_restore{6CD01810-EFB9-4AF0-A405-DE07EB8CD51D}\RP477\A0368842.dll
    C:\System Volume Information\_restore{6CD01810-EFB9-4AF0-A405-DE07EB8CD51D}\RP477\A0368842.dll Deleted successfully!

    Attempting to delete: C:\WINDOWS\system32\abmpvcno.dll
    C:\WINDOWS\system32\abmpvcno.dll Deleted successfully!

    Attempting to delete: C:\WINDOWS\system32\dn8601lse.dll
    C:\WINDOWS\system32\dn8601lse.dll Deleted successfully!

    Attempting to delete: C:\WINDOWS\system32\p4n80e5ueh.dll
    C:\WINDOWS\system32\p4n80e5ueh.dll Deleted successfully!

    Making registry repairs.

    Removing: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\RunOnce
    Removing: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WebCheck

    Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{20A2E2AE-4630-4EEC-889F-E71B33E14730}"
    HKCR\Clsid\{20A2E2AE-4630-4EEC-889F-E71B33E14730}

    Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{2969F9FB-6607-4258-9A36-3DC61BF3DA76}"
    HKCR\Clsid\{2969F9FB-6607-4258-9A36-3DC61BF3DA76}

    Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{A52A7EA7-F5DE-471C-8D25-5DE960AF73B3}"
    HKCR\Clsid\{A52A7EA7-F5DE-471C-8D25-5DE960AF73B3}

    Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{F5E73734-C634-480F-A8EB-9A2BBE692F7E}"
    HKCR\Clsid\{F5E73734-C634-480F-A8EB-9A2BBE692F7E}

    Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{38CED7C7-C291-4222-8CD7-C8B1729BD4C9}"
    HKCR\Clsid\{38CED7C7-C291-4222-8CD7-C8B1729BD4C9}

    Restoring Windows certificates.

    Replaced hosts file with default windows hosts file


    Restoring SeDebugPrivilege for Administrators - Succeeded

    new HiJackThis log

    Logfile of HijackThis v1.99.1
    Scan saved at 6:22:39 PM, on 7/17/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\WINDOWS\IA\command.exe
    C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Network Monitor\netmon.exe
    C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\system32\wdfmgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\KODAK\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Documents and Settings\James\Desktop\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr7/*http://www.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.freeze.com/start.shtml
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll (file missing)
    F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\iftqh.exe
    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,saburup.exe
    O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
    O3 - Toolbar: &EyeTideBar - {987D027C-F0EF-40fa-9A1A-C45007F1F36F} - C:\Program Files\Eyetide Media\Eyetide Viewer\Toolbar\ETBar.dll
    O3 - Toolbar: Nick Aracde Toolbar - {4E7BD74F-2B8D-469E-9EB4-FE6FA694B13E} - C:\PROGRA~1\NICKAR~1\NICKAR~1.DLL (file missing)
    O3 - Toolbar: ToolBar888 - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - C:\Program Files\ToolBar888\MyToolBar.dll
    O3 - Toolbar: Search - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\WINDOWS\cfg32s.dll (file missing)
    O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
    O4 - HKLM\..\Run: [SWN2] C:\Program Files\Spyware Nuker\swnxt.exe /h
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
    O4 - HKCU\..\Run: [WhenUSave] "C:\Program Files\Save\Save.exe"
    O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - Startup: Eyetide Launcher.lnk = C:\Program Files\Eyetide Media\Eyetide Viewer\EyetideController.exe
    O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\KODAK\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
    O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O9 - Extra button: Options - {320AF880-6646-11D3-ABEE-C5DBF3571F4C} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComOptions.html
    O9 - Extra 'Tools' menuitem: RoboForm Options - {320AF880-6646-11D3-ABEE-C5DBF3571F4C} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComOptions.html
    O9 - Extra button: Customize - {320AF880-6646-11D3-ABEE-C5DBF3571F4E} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
    O9 - Extra 'Tools' menuitem: Customize Menu - {320AF880-6646-11D3-ABEE-C5DBF3571F4E} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
    O9 - Extra button: Generate - {320AF880-6646-11D3-ABEE-C5DBF3571F50} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComPasswordGenerator.html
    O9 - Extra 'Tools' menuitem: Password Generator - {320AF880-6646-11D3-ABEE-C5DBF3571F50} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComPasswordGenerator.html
    O9 - Extra button: TaskBar - {320AF880-6646-11D3-ABEE-C5DBF3571F51} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComTaskBarIcon.html
    O9 - Extra 'Tools' menuitem: RoboForm TaskBar Icon - {320AF880-6646-11D3-ABEE-C5DBF3571F51} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComTaskBarIcon.html
    O9 - Extra button: Set Fields - {320AF880-6646-11D3-ABEE-C5DBF3571F52} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSetFields.html
    O9 - Extra 'Tools' menuitem: Set Fields - {320AF880-6646-11D3-ABEE-C5DBF3571F52} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSetFields.html
    O9 - Extra button: Reset Fields - {320AF880-6646-11D3-ABEE-C5DBF3571F53} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComResetFields.html
    O9 - Extra 'Tools' menuitem: Reset Fields - {320AF880-6646-11D3-ABEE-C5DBF3571F53} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComResetFields.html
    O9 - Extra button: Clear Fields - {320AF880-6646-11D3-ABEE-C5DBF3571F54} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComClearFields.html
    O9 - Extra 'Tools' menuitem: Clear Fields - {320AF880-6646-11D3-ABEE-C5DBF3571F54} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComClearFields.html
    O9 - Extra button: Logoff - {320AF880-6646-11D3-ABEE-C5DBF3571F55} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComLogoff.html
    O9 - Extra 'Tools' menuitem: Logoff - {320AF880-6646-11D3-ABEE-C5DBF3571F55} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComLogoff.html
    O9 - Extra button: Identities - {45DB34C3-955C-11D3-ABEF-444553540000} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComEditIdent.html
    O9 - Extra 'Tools' menuitem: Identities Editor - {45DB34C3-955C-11D3-ABEF-444553540000} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComEditIdent.html
    O9 - Extra button: Passcards - {45DB34C3-955C-11D3-ABEF-444553540001} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComEditPass.html
    O9 - Extra 'Tools' menuitem: Passcards Editor - {45DB34C3-955C-11D3-ABEF-444553540001} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComEditPass.html
    O9 - Extra button: Safenotes - {45DB34C3-955C-11D3-ABEF-444553540002} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComEditNote.html
    O9 - Extra 'Tools' menuitem: Safenotes Editor - {45DB34C3-955C-11D3-ABEF-444553540002} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComEditNote.html
    O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll (file missing)
    O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll (file missing)
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
    O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
    O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Hijacked Internet access by New.Net
    O10 - Hijacked Internet access by New.Net
    O10 - Hijacked Internet access by New.Net
    O10 - Hijacked Internet access by New.Net
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://install.charter.com/diskless/bin/tgctlcm.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} - http://www.tbcode.com/ist/softwares/v4.0/ysb_regular.cab
    O16 - DPF: {8C875948-9C60-4381-9248-0DF180542D53} - http://installs.hotbar.com/installs/hbtools/programs/hbtools.cab
    O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} (Yahoo! Photos Easy Upload Tool Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/ydropper/ydropper1_6us.cab
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\IA\command.exe
    O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe
    O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe
    O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
     
  8. JSntgRvr

    JSntgRvr Moderator Malware Specialist

    Joined:
    Jul 1, 2003
    Messages:
    18,552
    First Name:
    José
    Hi, beba :)

    Please read this post completely, it may make it easier for you if you copy and paste this post to a new text document or print it for reference later.

    This will likely be a few step process in removing the malware that has infected your system. I encourage you to stick with it and follow my directions as closely as possible so as to avoid complicating the problem further.

    Download Brute Force Uninstaller to your desktop.
    • Right click the file on your Desktop, and choose Extract All.
    • Click Next.
    • In the box to choose where to extract the files to:
    • Click Browse.
    • Click on the + sign next to My Computer
    • Click on Local Disk (C: ) or whatever your primary drive is.
    • Click Make New Folder
    • Type in BFU
    • Click Next, and uncheck the Show Extracted Files box and then click Finish.
    Download sidekickFix.bat (rightclick on that link and choose save as)
    • Place sidekickFix.bat in your C:\BFU - folder. (Important!)
    Download qoofix.bat (rightclick on this link and choose save as)
    • Place qoofix.bat in your C:BFU - folder. (Important!)
    • Close all browsers and explorer folders.
      • Navigate to the C:\BFU folder
      • Double-click on sidekickFix.bat
      • Click Yes and follow the prompts, when prompted to restart the PC please do so.
      • Navigate back to the C:\BFU folder
      • Doubleclick qooFix.bat, Close all browsers and explorer folders.
      • Choose option 1 (Qoolfix autofix) and follow the prompts.
      • Please be patient, it will take about five minutes.
    • After the PC has restarted please continue with the following.
    Download CWShredder here to its own folder.

    Update CWShredder

    * Open CWShredder and click I AGREE
    * Click Check For Update
    * Close CWShredder

    Please download ATF Cleaner by Atribune.
    This program is for XP and Windows 2000 only

    • Double-click ATF-Cleaner.exe to run the program.
      Under Main choose: Select All
      Click the Empty Selected button.
    If you use Firefox browser
    • Click Firefox at the top and choose: Select All
      Click the Empty Selected button.
      NOTE: If you would like to keep your saved passwords, please click No at the prompt.
    If you use Opera browser
    • Click Opera at the top and choose: Select All
      Click the Empty Selected button.
      NOTE: If you would like to keep your saved passwords, please click No at the prompt.
    Click Exit on the Main menu to close the program.
    For Technical Support, double-click the e-mail address located at the bottom of each menu.

    Please download ewido anti-spyware from HERE and save that file to your desktop. This is a 30 day trial of the program
    1. Once you have downloaded ewido anti-spyware, locate the icon on the desktop and double-click it to launch the set up program.
    2. Once the setup is complete you will need run ewido and update the definition files.
    3. On the main screen select the icon "Update" then select the "Update now" link.
    4. Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
    5. Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
    6. Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
    7. Under "Reports"
    8. Select "Automatically generate report after every scan"
    9. Un-Select "Only if threats were found"
    10. DO NOT run a scan yet. You will do that later in safe mode.

    Now copy these instructions to notepad and save them to your desktop. You will need them to refer to in safe mode.

    Boot into Safe Mode:

    Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

    Perform the following steps in safe mode:

    Run the CWShredder. Click I Agree, then Fix and then Next, let it fix everything it asks about.

    Close the Shredder.

    • Lauch Ewido-anti-spyware by double-clicking the icon on your desktop.
    • Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
    • ewido will now begin the scanning process, be patient this may take a little time.
      Once the scan is complete do the following:
    • If you have any infections you will prompted, then select "Apply all actions"
    • Next select the "Reports" icon at the top.
    • Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
    • Close ewido.

    Note: DO NOT USE the computer while Ewido is scanning. If Explorer or the Control Panel are opened some malware types will reinfect your system or will not be cleaned properly.

    Restart back into Windows normally now.

    Please go HERE to run Panda's ActiveScan
    • Once you are on the Panda site click the Scan your PC button
    • A new window will open...click the Check Now button
    • Enter your Country
    • Enter your State/Province
    • Enter your e-mail address and click send
    • Select either Home User or Company
    • Click the big Scan Now button
    • If it wants to install an ActiveX component allow it
    • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
    • When download is complete, click on My Computer to start the scan
    • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.
    Post a fresh Hijackthis log along with the Ewido and ActiveScan reports.
     
  9. beba

    beba Thread Starter

    Joined:
    Jun 4, 2005
    Messages:
    22
    I got down to the qoofix.bat part and it said the page is not found anymore. What should I do now?
    Sorry for the trouble
     
  10. rsmine

    rsmine

    Joined:
    Jun 4, 2005
    Messages:
    23
    I don't know why you had a problem with it beba, I just grabbed it without incident.
    Check you email.
     
  11. JSntgRvr

    JSntgRvr Moderator Malware Specialist

    Joined:
    Jul 1, 2003
    Messages:
    18,552
    First Name:
    José
    Hi, beba :)

    Please skip that part and continue with the rest.
     
  12. beba

    beba Thread Starter

    Joined:
    Jun 4, 2005
    Messages:
    22
    Ok it said my post was too long, lol. So I'm gonna have to post in a few parts parts. Here is part 1


    Ewido Scan:

    ---------------------------------------------------------
    ewido anti-spyware - Scan Report
    ---------------------------------------------------------

    + Created at: 2:19:21 PM 7/18/2006

    + Scan result:



    C:\WINDOWS\Downloaded Program Files\ClientAX.dll -> Adware.180Solutions : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\CLSID\{56F1D444-11BF-4879-A12B-79CF0177F038} -> Adware.180Solutions : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\ClientAX.ClientInstaller -> Adware.180Solutions : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\ClientAX.ClientInstaller.1 -> Adware.180Solutions : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\ClientAX.ClientInstaller\CLSID -> Adware.180Solutions : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\ClientAX.ClientInstaller\CurVer -> Adware.180Solutions : Cleaned with backup (quarantined).
    HKU\S-1-5-21-3896645678-1163315259-4202585301-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{56F1D444-11BF-4879-A12B-79CF0177F038} -> Adware.180Solutions : Cleaned with backup (quarantined).
    HKU\S-1-5-21-3896645678-1163315259-4202585301-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1ADBCCE8-CF84-441E-9B38-AFC7A19C06A4} -> Adware.ActivShopper : Cleaned with backup (quarantined).
    HKU\S-1-5-21-3896645678-1163315259-4202585301-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3D782BB3-F2A5-11D3-BF4C-000000000000} -> Adware.ActivShopper : Cleaned with backup (quarantined).
    C:\Documents and Settings\Administrator.BEBAS.001\Local Settings\Temporary Internet Files\Content.IE5\CZW1034F\AppWrap[1].exe -> Adware.AdURL : Cleaned with backup (quarantined).
    C:\Documents and Settings\Administrator.BEBAS.001\Local Settings\Temporary Internet Files\Content.IE5\U705QNIP\AppWrap[1].exe -> Adware.AdURL : Cleaned with backup (quarantined).
    C:\WINDOWS\icont.exe -> Adware.AdURL : Cleaned with backup (quarantined).
    C:\Program Files\TBONBin -> Adware.BetterInternet : Cleaned with backup (quarantined).
    C:\Program Files\TBONBin\TBONUnst.htm -> Adware.BetterInternet : Cleaned with backup (quarantined).
    C:\Program Files\SpongeBob SquarePants Krabby Quest\bfgt_silent_en.exe/nickarcade.dll -> Adware.BHO : Cleaned with backup (quarantined).
    C:\WINDOWS\cfg32.exe -> Adware.BookedSpace : Cleaned with backup (quarantined).
    C:\WINDOWS\cfg32a.exe -> Adware.BookedSpace : Cleaned with backup (quarantined).
    C:\WINDOWS\cfg32o.dll -> Adware.BookedSpace : Cleaned with backup (quarantined).
    C:\stub_sca3.exe -> Adware.BookedSpace : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\AppID\BookedSpace.DLL -> Adware.BookedSpace : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\BookedSpace.Extension -> Adware.BookedSpace : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\BookedSpace.Extension.5 -> Adware.BookedSpace : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\BookedSpace.Extension\CLSID -> Adware.BookedSpace : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\BookedSpace.Extension\CurVer -> Adware.BookedSpace : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\AdCache -> Adware.Cydoor : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\AdCache\B_329_0_0_106800.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\AdCache\B_329_0_0_107400.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\AdCache\B_329_1_0_449200.gif -> Adware.Cydoor : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\AdCache\B_329_1_0_454300.gif -> Adware.Cydoor : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\AdCache\B_329_2_0_106800.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\AdCache\B_329_2_0_107400.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\AdCache\B_329_3_0_106800.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\AdCache\B_329_3_0_107400.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\kxkc31e3.dll -> Adware.IEHelper : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Kapabout -> Adware.InternetOptimizer : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\AMeOpt -> Adware.InternetOptimizer : Cleaned with backup (quarantined).
    HKU\S-1-5-21-3896645678-1163315259-4202585301-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{85A77577-A8CA-41B7-AA1E-DDAD4C0B12B1} -> Adware.LinkMaker : Cleaned with backup (quarantined).
    C:\NNSCAA638.EXE -> Adware.NewDotNet : Cleaned with backup (quarantined).
    C:\Program Files\NewDotNet -> Adware.NewDotNet : Cleaned with backup (quarantined).
    C:\Program Files\filesubmit\423.zip\NNWDAC638.EXE -> Adware.NewDotNet : Cleaned with backup (quarantined).
    C:\Program Files\filesubmit\dearnhardt03.zip\NNWDAC638.EXE -> Adware.NewDotNet : Cleaned with backup (quarantined).
    C:\WINDOWS\NDNuninstall6_38.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
    C:\WINDOWS\NDNuninstall6_90.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
    C:\WINDOWS\NDNuninstall6_98.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\KBBar.KBBarBand -> Adware.PowerStrip : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\KBBar.KBBarBand.1 -> Adware.PowerStrip : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\KBBar.KBBarBand\CLSID -> Adware.PowerStrip : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\KBBar.KBBarBand\CurVer -> Adware.PowerStrip : Cleaned with backup (quarantined).
    C:\Documents and Settings\James\Start Menu\Programs\WhenU -> Adware.SaveNow : Cleaned with backup (quarantined).
    C:\Documents and Settings\James\Start Menu\Programs\WhenU\Learn More About WhenU Save.url -> Adware.SaveNow : Cleaned with backup (quarantined).
    C:\Documents and Settings\James\Start Menu\Programs\WhenU\Learn More About WhenU SaveNow.url -> Adware.SaveNow : Cleaned with backup (quarantined).
    C:\Documents and Settings\James\Start Menu\Programs\WhenU\Uninstall.lnk -> Adware.SaveNow : Cleaned with backup (quarantined).
    C:\Documents and Settings\James\Start Menu\Programs\WhenU\WhenU Help Desk.lnk -> Adware.SaveNow : Cleaned with backup (quarantined).
    C:\Documents and Settings\James\Start Menu\Programs\WhenU\WhenU.com Website.url -> Adware.SaveNow : Cleaned with backup (quarantined).
    C:\Documents and Settings\Owner\Start Menu\Programs\WhenU -> Adware.SaveNow : Cleaned with backup (quarantined).
    C:\Documents and Settings\Owner\Start Menu\Programs\WhenU\Learn More About WhenU Save.url -> Adware.SaveNow : Cleaned with backup (quarantined).
    C:\Documents and Settings\Owner\Start Menu\Programs\WhenU\Learn More About WhenU SaveNow.url -> Adware.SaveNow : Cleaned with backup (quarantined).
    C:\Documents and Settings\Owner\Start Menu\Programs\WhenU\Uninstall.lnk -> Adware.SaveNow : Cleaned with backup (quarantined).
    C:\Documents and Settings\Owner\Start Menu\Programs\WhenU\WhenU Help Desk.lnk -> Adware.SaveNow : Cleaned with backup (quarantined).
    C:\Documents and Settings\Owner\Start Menu\Programs\WhenU\WhenU.com Website.url -> Adware.SaveNow : Cleaned with backup (quarantined).
    C:\Program Files\Eyetide Media\Eyetide Viewer\VVSNInst.exe -> Adware.SaveNow : Cleaned with backup (quarantined).
    C:\Program Files\filesubmit\dearnhardt03.zip\SetupInst.exe -> Adware.SaveNow : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\WUSN.1 -> Adware.SaveNow : Cleaned with backup (quarantined).
    C:\Program Files\ToolBar888\MyToolBar.dll -> Adware.Softomate : Cleaned with backup (quarantined).
    C:\Program Files\SurfAccuracy -> Adware.SurfAccuracy : Cleaned with backup (quarantined).
    C:\Program Files\SurfSideKick 3 -> Adware.SurfSide : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Surf SideKick -> Adware.SurfSide : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\SurfSideKick3 -> Adware.SurfSide : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\SurfSideKick3\Internet Explorer -> Adware.SurfSide : Cleaned with backup (quarantined).
    HKU\S-1-5-21-3896645678-1163315259-4202585301-1006\Software\SurfSideKick3 -> Adware.SurfSide : Cleaned with backup (quarantined).
    HKU\S-1-5-21-3896645678-1163315259-4202585301-1006\Software\SurfSideKick3\Internet Explorer -> Adware.SurfSide : Cleaned with backup (quarantined).
    C:\Program Files\Mozilla Firefox\plugins\npclntax.dll -> Adware.Zango : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\ClientAX.RequiredComponent -> Adware.Zango : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\ClientAX.RequiredComponent.1 -> Adware.Zango : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\ClientAX.RequiredComponent\CLSID -> Adware.Zango : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\ClientAX.RequiredComponent\CurVer -> Adware.Zango : Cleaned with backup (quarantined).
    C:\Program Files\Common Files\Microsoft Shared\Web Components\vupdman32.exe -> Backdoor.Agent.abc : Cleaned with backup (quarantined).
    C:\Documents and Settings\Owner\My Documents\Files\Photoshop plug ins\212 Adobe Photoshop Plugins\212 Adobe Photoshop Plugins.part45.rar/212 Adobe Photoshop Plugins\Auto FX AutoFX Studio Bundle Pro 2.0\CRACK\autofx studio.exe -> Backdoor.Theef.111 : Cleaned with backup (quarantined).
    C:\Documents and Settings\Owner\My Documents\Files\Photoshop plug ins\212 Adobe Photoshop Plugins\212 Adobe Photoshop Plugins.part45.rar/212 Adobe Photoshop Plugins\Auto FX AutoFX Studio Bundle Pro 2.0\CRACK\autofxplug patch.exe -> Backdoor.Theef.111 : Cleaned with backup (quarantined).
    C:\Documents and Settings\Owner\My Documents\Files\Photoshop plug ins\234 Photoshop Plug-ins\234 Photoshop plugins.part042.rar/234 Photoshop plugins\Panopticum All in 1 One Pack\Panopticum Alpha Strip v1.1\Panopticum AlphaStrip V1.1 Full-Crack.exe -> Backdoor.Theef.111 : Cleaned with backup (quarantined).
    C:\nwnmad_5.exe -> Downloader.Adload.ca : Cleaned with backup (quarantined).
    C:\wd7gi8nnew.exe -> Downloader.Agent.ala : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\w19557a3.dll -> Downloader.Small : Cleaned with backup (quarantined).
    C:\ac3_0003.exe -> Downloader.Small.cyh : Cleaned with backup (quarantined).
    C:\626_101new.exe -> Dropper.Agent.mu : Cleaned with backup (quarantined).
    C:\Documents and Settings\Owner\Desktop\AiRoboForm-Portable.exe -> Dropper.Delf.yb : Cleaned with backup (quarantined).
    C:\Documents and Settings\Owner\Desktop\airoboform-portable.rar/AiRoboForm-Portable.exe -> Dropper.Delf.yb : Cleaned with backup (quarantined).
    C:\WINDOWS\v1201.exe -> Hijacker.Small : Cleaned with backup (quarantined).
    C:\dfndrad_5.exe -> Hijacker.VB.nh : Cleaned with backup (quarantined).
    :mozilla.10:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\rg9ubz1f.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    :mozilla.11:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\rg9ubz1f.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    :mozilla.12:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\rg9ubz1f.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    :mozilla.13:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\rg9ubz1f.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    :mozilla.14:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\rg9ubz1f.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    :mozilla.15:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\rg9ubz1f.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    :mozilla.16:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\rg9ubz1f.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    :mozilla.96:C:\Documents and Settings\Administrator.BEBAS.001\Application Data\Mozilla\Firefox\Profiles\2ecje6ak.default\cookies.txt -> TrackingCookie.7search : Cleaned with backup (quarantined).
    :mozilla.97:C:\Documents and Settings\Administrator.BEBAS.001\Application Data\Mozilla\Firefox\Profiles\2ecje6ak.default\cookies.txt -> TrackingCookie.7search : Cleaned with backup (quarantined).
    :mozilla.133:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\rg9ubz1f.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned with backup (quarantined).
    :mozilla.134:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\rg9ubz1f.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned with backup (quarantined).
    :mozilla.135:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\rg9ubz1f.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned with backup (quarantined).
    :mozilla.136:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\rg9ubz1f.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned with backup (quarantined).
    :mozilla.137:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\rg9ubz1f.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned with backup (quarantined).
    :mozilla.138:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\rg9ubz1f.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned with backup (quarantined).
    :mozilla.139:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\rg9ubz1f.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned with backup (quarantined).
    :mozilla.140:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\rg9ubz1f.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned with backup (quarantined).
    :mozilla.141:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\rg9ubz1f.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned with backup (quarantined).
    :mozilla.142:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\rg9ubz1f.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned with backup (quarantined).
    :mozilla.143:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\rg9ubz1f.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned with backup (quarantined).
    :mozilla.144:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\rg9ubz1f.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned with backup (quarantined).
    :mozilla.260:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\14xyiw8r.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).
    :mozilla.774:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\14xyiw8r.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).
    C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).
    :mozilla.77:C:\Documents and Settings\Administrator.BEBAS.001\Application Data\Mozilla\Firefox\Profiles\2ecje6ak.default\cookies.txt -> TrackingCookie.Addynamix : Cleaned with backup (quarantined).
    :mozilla.662:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\14xyiw8r.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned with backup (quarantined).
    :mozilla.663:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\14xyiw8r.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned with backup (quarantined).
    :mozilla.18:C:\Documents and Settings\Administrator.BEBAS.001\Application Data\Mozilla\Firefox\Profiles\2ecje6ak.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
    :mozilla.19:C:\Documents and Settings\Administrator.BEBAS.001\Application Data\Mozilla\Firefox\Profiles\2ecje6ak.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
    :mozilla.475:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\14xyiw8r.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
    :mozilla.476:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\14xyiw8r.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
    :mozilla.477:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\14xyiw8r.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
    :mozilla.478:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\14xyiw8r.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
    :mozilla.479:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\14xyiw8r.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
    :mozilla.480:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\14xyiw8r.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
    :mozilla.122:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\rg9ubz1f.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup (quarantined).
    :mozilla.124:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\rg9ubz1f.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup (quarantined).
    :mozilla.11:C:\Documents and Settings\Administrator.BEBAS.001\Application Data\Mozilla\Firefox\Profiles\2ecje6ak.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
    :mozilla.58:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\rg9ubz1f.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
    :mozilla.59:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\rg9ubz1f.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
    :mozilla.60:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\rg9ubz1f.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
    :mozilla.61:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\rg9ubz1f.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
    :mozilla.20:C:\Documents and Settings\LocalService\Application Data\Mozilla\Firefox\Profiles\ovwauf08.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
    :mozilla.68:C:\Documents and Settings\Administrator.BEBAS.001\Application Data\Mozilla\Firefox\Profiles\2ecje6ak.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
    :mozilla.95:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\rg9ubz1f.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
    :mozilla.119:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\rg9ubz1f.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned with backup (quarantined).
    :mozilla.123:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\rg9ubz1f.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup (quarantined).
    :mozilla.461:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\14xyiw8r.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned with backup (quarantined).
    C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> TrackingCookie.Burstbeacon : Cleaned with backup (quarantined).
    :mozilla.118:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\rg9ubz1f.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
    :mozilla.121:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\rg9ubz1f.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
    :mozilla.18:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\rg9ubz1f.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
    :mozilla.192:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\14xyiw8r.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
    :mozilla.193:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\14xyiw8r.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
    :mozilla.194:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\14xyiw8r.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
    :mozilla.195:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\14xyiw8r.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
    :mozilla.196:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\14xyiw8r.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
    :mozilla.197:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\14xyiw8r.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
    :mozilla.198:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\14xyiw8r.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
    :mozilla.199:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\14xyiw8r.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
    :mozilla.38:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\rg9ubz1f.default\cookies.txt -> TrackingCookie.Clickbank : Cleaned with backup (quarantined).
    :mozilla.62:C:\Documents and Settings\Administrator.BEBAS.001\Application Data\Mozilla\Firefox\Profiles\2ecje6ak.default\cookies.txt -> TrackingCookie.Clickbank : Cleaned with backup (quarantined).
    :mozilla.664:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\14xyiw8r.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup (quarantined).
    :mozilla.151:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\rg9ubz1f.default\cookies.txt -> TrackingCookie.Coremetrics : Cleaned with backup (quarantined).
    :mozilla.120:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\14xyiw8r.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned with backup (quarantined).
    :mozilla.121:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\14xyiw8r.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned with backup (quarantined).
    :mozilla.122:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\14xyiw8r.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned with backup (quarantined).
    :mozilla.123:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\14xyiw8r.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned with backup (quarantined).
    :mozilla.37:C:\Documents and Settings\Administrator.BEBAS.001\Application Data\Mozilla\Firefox\Profiles\2ecje6ak.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned with backup (quarantined).
    C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> TrackingCookie.Cpvfeed : Cleaned with backup (quarantined).
    :mozilla.73:C:\Documents and Settings\Administrator.BEBAS.001\Application Data\Mozilla\Firefox\Profiles\2ecje6ak.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
    :mozilla.93:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\rg9ubz1f.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
    :mozilla.211:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\rg9ubz1f.default\cookies.txt -> TrackingCookie.Enhance : Cleaned with backup (quarantined).
    C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> TrackingCookie.Euroclick : Cleaned with backup (quarantined).
    :mozilla.131:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\14xyiw8r.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
    :mozilla.132:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\14xyiw8r.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
    :mozilla.133:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\14xyiw8r.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
    :mozilla.136:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\14xyiw8r.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
    :mozilla.137:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\14xyiw8r.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
    :mozilla.139:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\14xyiw8r.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
    :mozilla.21:C:\Documents and Settings\LocalService\Application Data\Mozilla\Firefox\Profiles\ovwauf08.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
    :mozilla.22:C:\Documents and Settings\LocalService\Application Data\Mozilla\Firefox\Profiles\ovwauf08.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
    :mozilla.23:C:\Documents and Settings\LocalService\Application Data\Mozilla\Firefox\Profiles\ovwauf08.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
     
  13. beba

    beba Thread Starter

    Joined:
    Jun 4, 2005
    Messages:
    22
    Part 2 still the ewido report:

    :mozilla.543:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\14xyiw8r.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
    :mozilla.544:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\14xyiw8r.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
    :mozilla.545:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\14xyiw8r.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
    :mozilla.546:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\14xyiw8r.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
    :mozilla.547:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\14xyiw8r.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
    :mozilla.54:C:\Documents and Settings\Administrator.BEBAS.001\Application Data\Mozilla\Firefox\Profiles\2ecje6ak.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
    :mozilla.55:C:\Documents and Settings\Administrator.BEBAS.001\Application Data\Mozilla\Firefox\Profiles\2ecje6ak.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
    :mozilla.56:C:\Documents and Settings\Administrator.BEBAS.001\Application Data\Mozilla\Firefox\Profiles\2ecje6ak.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
    :mozilla.57:C:\Documents and Settings\Administrator.BEBAS.001\Application Data\Mozilla\Firefox\Profiles\2ecje6ak.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
    :mozilla.58:C:\Documents and Settings\Administrator.BEBAS.001\Application Data\Mozilla\Firefox\Profiles\2ecje6ak.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
    :mozilla.59:C:\Documents and Settings\Administrator.BEBAS.001\Application Data\Mozilla\Firefox\Profiles\2ecje6ak.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
    :mozilla.60:C:\Documents and Settings\Administrator.BEBAS.001\Application Data\Mozilla\Firefox\Profiles\2ecje6ak.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
    :mozilla.61:C:\Documents and Settings\Administrator.BEBAS.001\Application Data\Mozilla\Firefox\Profiles\2ecje6ak.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
    :mozilla.167:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\rg9ubz1f.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
    :mozilla.161:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\rg9ubz1f.default\cookies.txt -> TrackingCookie.Findwhat : Cleaned with backup (quarantined).
    :mozilla.253:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\14xyiw8r.default\cookies.txt -> TrackingCookie.Goclick : Cleaned with backup (quarantined).
    :mozilla.254:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\14xyiw8r.default\cookies.txt -> TrackingCookie.Goclick : Cleaned with backup (quarantined).
    :mozilla.7:C:\Documents and Settings\LocalService\Application Data\Mozilla\Firefox\Profiles\ovwauf08.default\cookies.txt -> TrackingCookie.Goclick : Cleaned with backup (quarantined).
    :mozilla.8:C:\Documents and Settings\LocalService\Application Data\Mozilla\Firefox\Profiles\ovwauf08.default\cookies.txt -> TrackingCookie.Goclick : Cleaned with backup (quarantined).
    :mozilla.100:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\rg9ubz1f.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
    :mozilla.208:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\rg9ubz1f.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
    :mozilla.99:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\rg9ubz1f.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
    :mozilla.42:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\rg9ubz1f.default\cookies.txt -> TrackingCookie.Komtrack : Cleaned with backup (quarantined).
    :mozilla.43:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\rg9ubz1f.default\cookies.txt -> TrackingCookie.Komtrack : Cleaned with backup (quarantined).
    C:\Documents and Settings\Owner\Cookies\[email protected][2].txt -> TrackingCookie.Komtrack : Cleaned with backup (quarantined).
    :mozilla.187:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\rg9ubz1f.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).
    :mozilla.188:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\rg9ubz1f.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).
    :mozilla.227:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\14xyiw8r.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).
    :mozilla.228:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\14xyiw8r.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).
    :mozilla.229:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\14xyiw8r.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).
    :mozilla.25:C:\Documents and Settings\Administrator.BEBAS.001\Application Data\Mozilla\Firefox\Profiles\2ecje6ak.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).
    :mozilla.26:C:\Documents and Settings\Administrator.BEBAS.001\Application Data\Mozilla\Firefox\Profiles\2ecje6ak.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).
    :mozilla.27:C:\Documents and Settings\Administrator.BEBAS.001\Application Data\Mozilla\Firefox\Profiles\2ecje6ak.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).
    :mozilla.28:C:\Documents and Settings\Administrator.BEBAS.001\Application Data\Mozilla\Firefox\Profiles\2ecje6ak.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).
    :mozilla.158:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\rg9ubz1f.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup (quarantined).
    :mozilla.101:C:\Documents and Settings\Administrator.BEBAS.001\Application Data\Mozilla\Firefox\Profiles\2ecje6ak.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
    :mozilla.154:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\rg9ubz1f.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
    :mozilla.169:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\rg9ubz1f.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
    :mozilla.170:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\rg9ubz1f.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
    :mozilla.171:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\rg9ubz1f.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
    :mozilla.172:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\rg9ubz1f.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
    :mozilla.156:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\rg9ubz1f.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned with backup (quarantined).
    :mozilla.157:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\rg9ubz1f.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned with backup (quarantined).
    :mozilla.126:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\rg9ubz1f.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
    C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> TrackingCookie.Realcastmedia : Cleaned with backup (quarantined).
    :mozilla.165:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\rg9ubz1f.default\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup (quarantined).
    :mozilla.409:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\14xyiw8r.default\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup (quarantined).
    :mozilla.410:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\14xyiw8r.default\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup (quarantined).
    :mozilla.411:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\14xyiw8r.default\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup (quarantined).
    :mozilla.412:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\14xyiw8r.default\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup (quarantined).
    :mozilla.413:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\14xyiw8r.default\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup (quarantined).
    :mozilla.29:C:\Documents and Settings\Administrator.BEBAS.001\Application Data\Mozilla\Firefox\Profiles\2ecje6ak.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup (quarantined).
    :mozilla.30:C:\Documents and Settings\Administrator.BEBAS.001\Application Data\Mozilla\Firefox\Profiles\2ecje6ak.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup (quarantined).
    :mozilla.31:C:\Documents and Settings\Administrator.BEBAS.001\Application Data\Mozilla\Firefox\Profiles\2ecje6ak.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup (quarantined).
    C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> TrackingCookie.Searchingbooth : Cleaned with backup (quarantined).
    :mozilla.590:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\14xyiw8r.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
    :mozilla.592:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\14xyiw8r.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
    :mozilla.593:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\14xyiw8r.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
    :mozilla.594:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\14xyiw8r.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
    :mozilla.595:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\14xyiw8r.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
    :mozilla.625:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\14xyiw8r.default\cookies.txt -> TrackingCookie.Starware : Cleaned with backup (quarantined).
    :mozilla.626:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\14xyiw8r.default\cookies.txt -> TrackingCookie.Starware : Cleaned with backup (quarantined).
    :mozilla.627:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\14xyiw8r.default\cookies.txt -> TrackingCookie.Starware : Cleaned with backup (quarantined).
    :mozilla.628:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\14xyiw8r.default\cookies.txt -> TrackingCookie.Starware : Cleaned with backup (quarantined).
    :mozilla.100:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\14xyiw8r.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
    :mozilla.101:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\14xyiw8r.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
    :mozilla.102:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\14xyiw8r.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
    :mozilla.103:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\14xyiw8r.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
    :mozilla.104:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\14xyiw8r.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
    :mozilla.105:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\14xyiw8r.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
    :mozilla.106:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\14xyiw8r.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
    :mozilla.50:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\14xyiw8r.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
    :mozilla.51:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\14xyiw8r.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
    :mozilla.52:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\14xyiw8r.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
    :mozilla.53:C:\Documents and Settings\Administrator.BEBAS.001\Application Data\Mozilla\Firefox\Profiles\2ecje6ak.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
    :mozilla.53:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\14xyiw8r.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
    :mozilla.54:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\14xyiw8r.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
    :mozilla.55:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\14xyiw8r.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
    :mozilla.56:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\14xyiw8r.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
    :mozilla.57:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\14xyiw8r.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
    :mozilla.58:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\14xyiw8r.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
    :mozilla.59:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\14xyiw8r.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
    :mozilla.60:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\14xyiw8r.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
    :mozilla.61:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\14xyiw8r.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
    :mozilla.62:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\14xyiw8r.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
    :mozilla.63:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\14xyiw8r.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
    :mozilla.64:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\14xyiw8r.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
    :mozilla.64:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\rg9ubz1f.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
    :mozilla.65:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\14xyiw8r.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
    :mozilla.66:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\14xyiw8r.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
    :mozilla.67:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\14xyiw8r.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
    :mozilla.68:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\14xyiw8r.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
    :mozilla.69:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\14xyiw8r.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
    :mozilla.70:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\14xyiw8r.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
    :mozilla.72:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\14xyiw8r.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
    :mozilla.73:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\14xyiw8r.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
    :mozilla.74:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\14xyiw8r.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
    :mozilla.75:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\14xyiw8r.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
    :mozilla.76:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\14xyiw8r.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
    :mozilla.77:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\14xyiw8r.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
    :mozilla.78:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\14xyiw8r.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
    :mozilla.79:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\14xyiw8r.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
    :mozilla.80:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\14xyiw8r.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
    :mozilla.81:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\14xyiw8r.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
    :mozilla.88:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\14xyiw8r.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
    :mozilla.89:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\14xyiw8r.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
    :mozilla.90:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\14xyiw8r.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
    :mozilla.91:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\14xyiw8r.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
    :mozilla.92:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\14xyiw8r.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
    :mozilla.93:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\14xyiw8r.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
    :mozilla.94:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\14xyiw8r.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
    :mozilla.95:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\14xyiw8r.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
    :mozilla.96:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\14xyiw8r.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
    :mozilla.97:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\14xyiw8r.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
    :mozilla.98:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\14xyiw8r.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
    :mozilla.99:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\14xyiw8r.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
    :mozilla.220:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\14xyiw8r.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
    :mozilla.221:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\14xyiw8r.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
    :mozilla.222:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\14xyiw8r.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
    :mozilla.223:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\14xyiw8r.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
    :mozilla.224:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\14xyiw8r.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
    :mozilla.470:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\14xyiw8r.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
    :mozilla.54:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\rg9ubz1f.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
    :mozilla.55:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\rg9ubz1f.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
    :mozilla.89:C:\Documents and Settings\Administrator.BEBAS.001\Application Data\Mozilla\Firefox\Profiles\2ecje6ak.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
    :mozilla.90:C:\Documents and Settings\Administrator.BEBAS.001\Application Data\Mozilla\Firefox\Profiles\2ecje6ak.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
    :mozilla.91:C:\Documents and Settings\Administrator.BEBAS.001\Application Data\Mozilla\Firefox\Profiles\2ecje6ak.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
    :mozilla.92:C:\Documents and Settings\Administrator.BEBAS.001\Application Data\Mozilla\Firefox\Profiles\2ecje6ak.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
    :mozilla.93:C:\Documents and Settings\Administrator.BEBAS.001\Application Data\Mozilla\Firefox\Profiles\2ecje6ak.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
    C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
    C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
    :mozilla.79:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\rg9ubz1f.default\cookies.txt -> TrackingCookie.Targetnet : Cleaned with backup (quarantined).
    C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> TrackingCookie.Top-banners : Cleaned with backup (quarantined).
    :mozilla.16:C:\Documents and Settings\LocalService\Application Data\Mozilla\Firefox\Profiles\ovwauf08.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
    :mozilla.17:C:\Documents and Settings\LocalService\Application Data\Mozilla\Firefox\Profiles\ovwauf08.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
    :mozilla.18:C:\Documents and Settings\LocalService\Application Data\Mozilla\Firefox\Profiles\ovwauf08.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
    :mozilla.19:C:\Documents and Settings\LocalService\Application Data\Mozilla\Firefox\Profiles\ovwauf08.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
    :mozilla.24:C:\Documents and Settings\LocalService\Application Data\Mozilla\Firefox\Profiles\ovwauf08.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
    :mozilla.25:C:\Documents and Settings\LocalService\Application Data\Mozilla\Firefox\Profiles\ovwauf08.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
    :mozilla.26:C:\Documents and Settings\LocalService\Application Data\Mozilla\Firefox\Profiles\ovwauf08.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
    :mozilla.27:C:\Documents and Settings\LocalService\Application Data\Mozilla\Firefox\Profiles\ovwauf08.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
    :mozilla.45:C:\Documents and Settings\Administrator.BEBAS.001\Application Data\Mozilla\Firefox\Profiles\2ecje6ak.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
    :mozilla.46:C:\Documents and Settings\Administrator.BEBAS.001\Application Data\Mozilla\Firefox\Profiles\2ecje6ak.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
    :mozilla.47:C:\Documents and Settings\Administrator.BEBAS.001\Application Data\Mozilla\Firefox\Profiles\2ecje6ak.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
    :mozilla.48:C:\Documents and Settings\Administrator.BEBAS.001\Application Data\Mozilla\Firefox\Profiles\2ecje6ak.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
    :mozilla.49:C:\Documents and Settings\Administrator.BEBAS.001\Application Data\Mozilla\Firefox\Profiles\2ecje6ak.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
    :mozilla.50:C:\Documents and Settings\Administrator.BEBAS.001\Application Data\Mozilla\Firefox\Profiles\2ecje6ak.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
    :mozilla.51:C:\Documents and Settings\Administrator.BEBAS.001\Application Data\Mozilla\Firefox\Profiles\2ecje6ak.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
    :mozilla.52:C:\Documents and Settings\Administrator.BEBAS.001\Application Data\Mozilla\Firefox\Profiles\2ecje6ak.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
    :mozilla.69:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\rg9ubz1f.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
    :mozilla.107:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\14xyiw8r.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
    :mozilla.108:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\14xyiw8r.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
    :mozilla.109:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\14xyiw8r.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
    :mozilla.10:C:\Documents and Settings\Administrator.BEBAS.001\Application Data\Mozilla\Firefox\Profiles\2ecje6ak.default\cookies.txt ->
     
  14. beba

    beba Thread Starter

    Joined:
    Jun 4, 2005
    Messages:
    22
    part 3 still the Ewido Report:

    TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
    :mozilla.110:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\14xyiw8r.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
    :mozilla.111:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\14xyiw8r.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
    :mozilla.112:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\14xyiw8r.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
    :mozilla.113:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\14xyiw8r.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
    :mozilla.114:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\14xyiw8r.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
    :mozilla.115:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\14xyiw8r.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
    :mozilla.116:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\14xyiw8r.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
    :mozilla.117:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\14xyiw8r.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
    :mozilla.118:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\14xyiw8r.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
    :mozilla.119:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\14xyiw8r.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
    :mozilla.13:C:\Documents and Settings\Administrator.BEBAS.001\Application Data\Mozilla\Firefox\Profiles\2ecje6ak.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
    :mozilla.14:C:\Documents and Settings\Administrator.BEBAS.001\Application Data\Mozilla\Firefox\Profiles\2ecje6ak.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
    :mozilla.15:C:\Documents and Settings\Administrator.BEBAS.001\Application Data\Mozilla\Firefox\Profiles\2ecje6ak.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
    :mozilla.16:C:\Documents and Settings\Administrator.BEBAS.001\Application Data\Mozilla\Firefox\Profiles\2ecje6ak.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
    :mozilla.17:C:\Documents and Settings\Administrator.BEBAS.001\Application Data\Mozilla\Firefox\Profiles\2ecje6ak.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
    :mozilla.20:C:\Documents and Settings\Administrator.BEBAS.001\Application Data\Mozilla\Firefox\Profiles\2ecje6ak.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
    :mozilla.28:C:\Documents and Settings\LocalService\Application Data\Mozilla\Firefox\Profiles\ovwauf08.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
    :mozilla.72:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\rg9ubz1f.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
    C:\Documents and Settings\Administrator.BEBAS.001\Cookies\[email protected][1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
    C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
    C:\Documents and Settings\Owner\Cookies\[email protected][2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
    :mozilla.200:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\14xyiw8r.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
    :mozilla.201:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\14xyiw8r.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
    :mozilla.203:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\14xyiw8r.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
    :mozilla.204:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\14xyiw8r.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
    :mozilla.32:C:\Documents and Settings\Administrator.BEBAS.001\Application Data\Mozilla\Firefox\Profiles\2ecje6ak.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
    :mozilla.33:C:\Documents and Settings\Administrator.BEBAS.001\Application Data\Mozilla\Firefox\Profiles\2ecje6ak.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
    :mozilla.34:C:\Documents and Settings\Administrator.BEBAS.001\Application Data\Mozilla\Firefox\Profiles\2ecje6ak.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
    :mozilla.35:C:\Documents and Settings\Administrator.BEBAS.001\Application Data\Mozilla\Firefox\Profiles\2ecje6ak.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
    :mozilla.36:C:\Documents and Settings\Administrator.BEBAS.001\Application Data\Mozilla\Firefox\Profiles\2ecje6ak.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
    :mozilla.86:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\rg9ubz1f.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
    :mozilla.87:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\rg9ubz1f.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
    C:\Documents and Settings\Owner\My Documents\set up files\dnm31.zip/Trillian Pro v3.1 Build 121 Final Package (2005-02-25)/Trillian Pro v3 Generic Patch -SND/patch.exe -> Trojan.Agent.jh : Cleaned with backup (quarantined).
    C:\Documents and Settings\Owner\My Documents\set up files\incredimail set up\05.05.e-Lunatic.info.Incredimail.Generic.Crack.zip/crack.exe -> Trojan.Agent.jh : Cleaned with backup (quarantined).
    C:\Documents and Settings\Owner\My Documents\set up files\incredimail set up\crack.exe -> Trojan.Agent.jh : Cleaned with backup (quarantined).
    C:\Program Files\Trillian\patch.exe -> Trojan.Agent.jh : Cleaned with backup (quarantined).
    C:\Program Files\Common Files\{744584CC-0681-1033-1216-020409020001}\Update.exe -> Trojan.Starter.65 : Cleaned with backup (quarantined).
     
  15. beba

    beba Thread Starter

    Joined:
    Jun 4, 2005
    Messages:
    22
    part 4 ActiveScan Report:


    ActiveScan report:


    Incident Status Location

    Adware:adware/commad Not disinfected c:\windows\system32\atmtd.dll
    Spyware:spyware/surfsidekick Not disinfected C:\Documents and Settings\James\Local Settings\Temporary Internet Files\Ssk.log
    Adware:adware/dollarrevenue Not disinfected c:\windows\drsmartload2.dat
    Potentially unwanted tool:application/funweb Not disinfected c:\program files\FunWebProducts
    Potentially unwanted tool:application/mywebsearch Not disinfected c:\program files\MyWebSearch
    Adware:adware/maxifiles Not disinfected c:\program files\ToolBar888
    Potentially unwanted tool:application/zango Not disinfected c:\documents and settings\all users\start menu\programs\Zango
    Spyware:spyware/new.net Not disinfected Windows Registry
    Adware:adware/powerscan Not disinfected Windows Registry
    Adware:adware/surfaccuracy Not disinfected Windows Registry
    Adware:adware/sqwire Not disinfected Windows Registry
    Adware:adware/bookedspace Not disinfected Windows Registry
    Adware:adware/powerstrip Not disinfected Windows Registry
    Adware:adware/savenow Not disinfected Windows Registry
    Adware:adware/sidesearch Not disinfected Windows Registry
    Adware:adware/activshopper Not disinfected Windows Registry
    Adware:adware/stiebar Not disinfected Windows Registry
    Adware:adware/ist.istbar Not disinfected Windows Registry
    Adware:adware/ncase Not disinfected Windows Registry
    Adware:adware/gator Not disinfected Windows Registry
    Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Administrator.BEBAS.001\Cookies\[email protected][2].txt
    Spyware:Cookie/Banner Not disinfected C:\Documents and Settings\Administrator.BEBAS.001\Cookies\[email protected][1].txt
    Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Administrator.BEBAS.001\Cookies\[email protected][1].txt
    Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Administrator.BEBAS.001\Cookies\[email protected][2].txt
    Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Administrator.BEBAS.001\Cookies\[email protected][1].txt








    HiJackThis Log:

    Logfile of HijackThis v1.99.1
    Scan saved at 2:54:06 PM, on 7/18/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe
    C:\Program Files\ewido anti-spyware 4.0\guard.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\ewido anti-spyware 4.0\ewido.exe
    C:\Program Files\KODAK\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Documents and Settings\James\Desktop\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr7/*http://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll (file missing)
    F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\iftqh.exe
    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,saburup.exe
    O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
    O3 - Toolbar: &EyeTideBar - {987D027C-F0EF-40fa-9A1A-C45007F1F36F} - C:\Program Files\Eyetide Media\Eyetide Viewer\Toolbar\ETBar.dll
    O3 - Toolbar: Nick Aracde Toolbar - {4E7BD74F-2B8D-469E-9EB4-FE6FA694B13E} - C:\PROGRA~1\NICKAR~1\NICKAR~1.DLL (file missing)
    O3 - Toolbar: ToolBar888 - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - C:\Program Files\ToolBar888\MyToolBar.dll (file missing)
    O3 - Toolbar: Search - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\WINDOWS\cfg32s.dll (file missing)
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
    O4 - HKCU\..\Run: [WhenUSave] "C:\Program Files\Save\Save.exe"
    O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - Startup: Eyetide Launcher.lnk = C:\Program Files\Eyetide Media\Eyetide Viewer\EyetideController.exe
    O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\KODAK\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
    O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O9 - Extra button: Options - {320AF880-6646-11D3-ABEE-C5DBF3571F4C} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComOptions.html
    O9 - Extra 'Tools' menuitem: RoboForm Options - {320AF880-6646-11D3-ABEE-C5DBF3571F4C} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComOptions.html
    O9 - Extra button: Customize - {320AF880-6646-11D3-ABEE-C5DBF3571F4E} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
    O9 - Extra 'Tools' menuitem: Customize Menu - {320AF880-6646-11D3-ABEE-C5DBF3571F4E} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
    O9 - Extra button: Generate - {320AF880-6646-11D3-ABEE-C5DBF3571F50} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComPasswordGenerator.html
    O9 - Extra 'Tools' menuitem: Password Generator - {320AF880-6646-11D3-ABEE-C5DBF3571F50} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComPasswordGenerator.html
    O9 - Extra button: TaskBar - {320AF880-6646-11D3-ABEE-C5DBF3571F51} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComTaskBarIcon.html
    O9 - Extra 'Tools' menuitem: RoboForm TaskBar Icon - {320AF880-6646-11D3-ABEE-C5DBF3571F51} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComTaskBarIcon.html
    O9 - Extra button: Set Fields - {320AF880-6646-11D3-ABEE-C5DBF3571F52} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSetFields.html
    O9 - Extra 'Tools' menuitem: Set Fields - {320AF880-6646-11D3-ABEE-C5DBF3571F52} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSetFields.html
    O9 - Extra button: Reset Fields - {320AF880-6646-11D3-ABEE-C5DBF3571F53} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComResetFields.html
    O9 - Extra 'Tools' menuitem: Reset Fields - {320AF880-6646-11D3-ABEE-C5DBF3571F53} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComResetFields.html
    O9 - Extra button: Clear Fields - {320AF880-6646-11D3-ABEE-C5DBF3571F54} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComClearFields.html
    O9 - Extra 'Tools' menuitem: Clear Fields - {320AF880-6646-11D3-ABEE-C5DBF3571F54} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComClearFields.html
    O9 - Extra button: Logoff - {320AF880-6646-11D3-ABEE-C5DBF3571F55} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComLogoff.html
    O9 - Extra 'Tools' menuitem: Logoff - {320AF880-6646-11D3-ABEE-C5DBF3571F55} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComLogoff.html
    O9 - Extra button: Identities - {45DB34C3-955C-11D3-ABEF-444553540000} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComEditIdent.html
    O9 - Extra 'Tools' menuitem: Identities Editor - {45DB34C3-955C-11D3-ABEF-444553540000} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComEditIdent.html
    O9 - Extra button: Passcards - {45DB34C3-955C-11D3-ABEF-444553540001} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComEditPass.html
    O9 - Extra 'Tools' menuitem: Passcards Editor - {45DB34C3-955C-11D3-ABEF-444553540001} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComEditPass.html
    O9 - Extra button: Safenotes - {45DB34C3-955C-11D3-ABEF-444553540002} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComEditNote.html
    O9 - Extra 'Tools' menuitem: Safenotes Editor - {45DB34C3-955C-11D3-ABEF-444553540002} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComEditNote.html
    O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll (file missing)
    O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll (file missing)
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
    O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
    O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://install.charter.com/diskless/bin/tgctlcm.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} - http://www.tbcode.com/ist/softwares/v4.0/ysb_regular.cab
    O16 - DPF: {8C875948-9C60-4381-9248-0DF180542D53} - http://installs.hotbar.com/installs/hbtools/programs/hbtools.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} (Yahoo! Photos Easy Upload Tool Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/ydropper/ydropper1_6us.cab
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\IA\command.exe (file missing)
    O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
    O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe


    Thanks again JSntgRvr. And thanks little brother(Rsmine) for trying to help too.This thing must be full of bad stuff. But it is working. :) I have my desktop icons back on my user desktop. I'll be checking back for the next step.
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/483549

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice