1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

TrojanDownloader.win32.agent.li????

Discussion in 'Virus & Other Malware Removal' started by talmadge16, Nov 20, 2005.

Thread Status:
Not open for further replies.
Advertisement
  1. talmadge16

    talmadge16 Thread Starter

    Joined:
    Nov 20, 2005
    Messages:
    5
    I dont know how to get rid of it. Ive tried other spyware programs but it keeps coming back. Its in my hkey_local_machine\software\ptssa if that helps.

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Yahoo!\Antivirus\ISafe.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Norton Utilities\NPROTECT.EXE
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\Speed Disk\nopdb.exe
    C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    C:\Program Files\BroadJump\Client Foundation\CFD.exe
    C:\WINDOWS\system32\devldr32.exe
    C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
    C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
    C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
    C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
    C:\PROGRA~1\Yahoo!\YOP\yop.exe
    C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\PROGRA~1\Yahoo!\browser\ycommon.exe
    C:\Program Files\Yahoo!\Messenger\ypager.exe
    C:\program files\steam\steam.exe
    C:\Program Files\AIM\aim.exe
    C:\Program Files\Ventrilo\Ventrilo.exe
    C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-aware.exe
    C:\PROGRA~1\Yahoo!\browser\ybrowser.exe
    C:\PROGRA~1\MOZILL~1\firefox.exe
    C:\Program Files\Hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../sbcydsl/*http://www.yahoo.com/search/ie.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydsl/*http://www.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../sbcydsl/*http://www.yahoo.com/search/ie.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydsl/*http://www.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll
    O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\common\YIeTagBm.dll
    O2 - BHO: BHOmodObj Class - {7F6828CA-9E42-462C-BC60-418C8144012C} - c:\windows\system\bhomod00.dll
    O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
    O3 - Toolbar: (no name) - {46AE04C0-BCFA-4728-90E7-00EB4A8B3863} - (no file)
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
    O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
    O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
    O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
    O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
    O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
    O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
    O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
    O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
    O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
    O8 - Extra context menu item: Download all by Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
    O8 - Extra context menu item: Download by Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
    O8 - Extra context menu item: Download selected by Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
    O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
    O8 - Extra context menu item: Download web site by Free Download Manager - file://C:\Program Files\Free Download Manager\dlpage.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
    O9 - Extra button: SBC Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\WINDOWS\System32\shdocvw.dll
    O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\WINDOWS\System32\shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {192F9A01-8030-48CE-9BC6-B03DE3E613C6} (PeoplePC Web Installer) - http://www.peoplepc.com/ppcos/isp60/download/ppcwebi.cab
    O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} (CInstall Class) - http://www.errorguard.com/installation/Install.cab
    O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1130173210450
    O16 - DPF: {68BCE50A-DC9B-4519-A118-6FDA19DB450D} (Info Class) - http://www.wow-europe.com/signup/en/wowbeta/Si.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1130173172415
    O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab30149.cab
    O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://messenger.zone.msn.com/binary/ZAxRcMgr.cab
    O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
    O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
    O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
    O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
    O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton Utilities\NPROTECT.EXE
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Speed Disk service - Symantec Corporation - C:\Program Files\Speed Disk\nopdb.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
    O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
     
  2. illukka

    illukka

    Joined:
    Jun 4, 2005
    Messages:
    34
    hi

    open hijackthis, press do a system scan only.
    checkmark these:

    O2 - BHO: BHOmodObj Class - {7F6828CA-9E42-462C-BC60-418C8144012C} - c:\windows\system\bhomod00.dll


    then close other programs and explorer windows, until only hijackthis is open on your desktop. '
    and click fix checked

    reboot


    Please download ewido security suite it is a free version of the program.
    1. Install ewido security suite
    2. When installing, under "Additional Options" uncheck..
      • Install background guard
      • Install scan via context menu
    3. Launch ewido, there should be an icon on your desktop, double-click it.
    4. The program will now open to the main screen.
    5. When you run ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment.
    6. You will need to update ewido to the latest definition files.
      • On the left hand side of the main screen click update.
      • Then click on Start Update.
    7. The update will start and a progress bar will show the updates being installed.
      (the status bar at the bottom will display ("Update successful")
    If you are having problems with the updater, you can use this link to manually update ewido.
    ewido manual updates

    Once the updates are installed do the following:
    • Click on scanner
    • Click on Complete System Scan and the scan will begin.
    • You will be prompted to clean the first infection.
    • Select "Perform action on all infections", then proceed.
    • Once the scan has completed, there will be a button located on the bottom of the screen named Save report
    • Click Save report.
    • Save the report .txt file to your desktop or a location where you can find it easily.
    Close ewido security suite.

    post the ewido report and a fresh hijackthis log
     
  3. D_Trojanator

    D_Trojanator

    Joined:
    May 13, 2005
    Messages:
    4,699
  4. talmadge16

    talmadge16 Thread Starter

    Joined:
    Nov 20, 2005
    Messages:
    5
    ---------------------------------------------------------
    ewido security suite - Scan report
    ---------------------------------------------------------

    + Created on: 6:38:58 PM, 11/22/2005
    + Report-Checksum: 54947DF3

    + Scan result:

    HKLM\SOFTWARE\Classes\BHOmod.BHOmodObj\CLSID\\ -> Dialer.Generic : Cleaned with backup
    HKLM\SOFTWARE\Classes\BHOmod.BHOmodObj.1\CLSID\\ -> Dialer.Generic : Cleaned with backup
    HKLM\SOFTWARE\Classes\CLSID\{205FF73B-CA67-11D5-99DD-444553540006} -> Spyware.CnsMin : Cleaned with backup
    HKLM\SOFTWARE\Classes\CLSID\{205FF73B-CA67-11D5-99DD-444553540006}\TypeLib\\ -> Spyware.CnsMin : Cleaned with backup
    HKLM\SOFTWARE\Classes\Interface\{205FF73A-CA67-11D5-99DD-444553540006} -> Spyware.CnsMin : Cleaned with backup
    HKLM\SOFTWARE\Classes\Interface\{205FF73A-CA67-11D5-99DD-444553540006}\TypeLib\\ -> Spyware.CnsMin : Cleaned with backup
    HKLM\SOFTWARE\Classes\Interface\{9769272F-6F27-441E-B5A7-D784C10CACE6}\TypeLib\\ -> Dialer.Generic : Cleaned with backup
    HKLM\SOFTWARE\Classes\TypeLib\{09CA52B3-703C-4B17-9690-C13F736E3DCD} -> Dialer.Generic : Cleaned with backup
    HKLM\SOFTWARE\Classes\TypeLib\{205FF72E-CA67-11D5-99DD-444553540006} -> Spyware.CnsMin : Cleaned with backup
    HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{205FF73B-CA67-11D5-99DD-444553540006} -> Spyware.CnsMin : Cleaned with backup
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/Install.dll\\.Owner -> Spyware.CnsMin : Cleaned with backup
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/Install.dll\\{205FF73B-CA67-11D5-99DD-444553540006} -> Spyware.CnsMin : Cleaned with backup
    HKU\S-1-5-21-823518204-1682526488-854245398-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7F6828CA-9E42-462C-BC60-418C8144012C} -> Dialer.Generic : Cleaned with backup
    :mozilla.13:C:\Documents and Settings\Mickelle1\Application Data\Mozilla\Firefox\Profiles\fpifyai9.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
    :mozilla.14:C:\Documents and Settings\Mickelle1\Application Data\Mozilla\Firefox\Profiles\fpifyai9.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
    :mozilla.16:C:\Documents and Settings\Mickelle1\Application Data\Mozilla\Firefox\Profiles\fpifyai9.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
    C:\Documents and Settings\Mickelle1\Cookies\[email protected][2].txt -> Spyware.Cookie.247realmedia : Cleaned with backup
    C:\Documents and Settings\Mickelle1\Cookies\[email protected][1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
    C:\Documents and Settings\Mickelle1\Cookies\[email protected][1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
    C:\Documents and Settings\Mickelle1\Cookies\[email protected][1].txt -> Spyware.Cookie.Pointroll : Cleaned with backup
    C:\Documents and Settings\Mickelle1\Cookies\[email protected][2].txt -> Spyware.Cookie.Advertising : Cleaned with backup
    C:\Documents and Settings\Mickelle1\Cookies\[email protected][1].txt -> Spyware.Cookie.Adviva : Cleaned with backup
    C:\Documents and Settings\Mickelle1\Cookies\[email protected][2].txt -> Spyware.Cookie.Falkag : Cleaned with backup
    C:\Documents and Settings\Mickelle1\Cookies\[email protected][2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
    C:\Documents and Settings\Mickelle1\Cookies\[email protected][1].txt -> Spyware.Cookie.Bfast : Cleaned with backup
    C:\Documents and Settings\Mickelle1\Cookies\[email protected][1].txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
    C:\Documents and Settings\Mickelle1\Cookies\[email protected][2].txt -> Spyware.Cookie.Burstnet : Cleaned with backup
    C:\Documents and Settings\Mickelle1\Cookies\[email protected][1].txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
    C:\Documents and Settings\Mickelle1\Cookies\[email protected][1].txt -> Spyware.Cookie.Casinotropez : Cleaned with backup
    C:\Documents and Settings\Mickelle1\Cookies\[email protected][1].txt -> Spyware.Cookie.Centrport : Cleaned with backup
    C:\Documents and Settings\Mickelle1\Cookies\[email protected][2].txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
    C:\Documents and Settings\Mickelle1\Cookies\[email protected][2].txt -> Spyware.Cookie.Hitslink : Cleaned with backup
    C:\Documents and Settings\Mickelle1\Cookies\[email protected][2].txt -> Spyware.Cookie.Ru4 : Cleaned with backup
    C:\Documents and Settings\Mickelle1\Cookies\[email protected][2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
    C:\Documents and Settings\Mickelle1\Cookies\[email protected][1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
    C:\Documents and Settings\Mickelle1\Cookies\[email protected][1].txt -> Spyware.Cookie.Excite : Cleaned with backup
    C:\Documents and Settings\Mickelle1\Cookies\[email protected][2].txt -> Spyware.Cookie.Fastclick : Cleaned with backup
    C:\Documents and Settings\Mickelle1\Cookies\[email protected][1].txt -> Spyware.Cookie.Findwhat : Cleaned with backup
    C:\Documents and Settings\Mickelle1\Cookies\[email protected][2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
    C:\Documents and Settings\Mickelle1\Cookies\[email protected][2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
    C:\Documents and Settings\Mickelle1\Cookies\[email protected][1].txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
    C:\Documents and Settings\Mickelle1\Cookies\[email protected][1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
    C:\Documents and Settings\Mickelle1\Cookies\[email protected][1].txt -> Spyware.Cookie.Overture : Cleaned with backup
    C:\Documents and Settings\Mickelle1\Cookies\[email protected][2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
    C:\Documents and Settings\Mickelle1\Cookies\[email protected][2].txt -> Spyware.Cookie.Qksrv : Cleaned with backup
    C:\Documents and Settings\Mickelle1\Cookies\[email protected][2].txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
    C:\Documents and Settings\Mickelle1\Cookies\[email protected][2].txt -> Spyware.Cookie.Revenue : Cleaned with backup
    C:\Documents and Settings\Mickelle1\Cookies\[email protected][1].txt -> Spyware.Cookie.Advertising : Cleaned with backup
    C:\Documents and Settings\Mickelle1\Cookies\[email protected][1].txt -> Spyware.Cookie.Liveperson : Cleaned with backup
    C:\Documents and Settings\Mickelle1\Cookies\[email protected][1].txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
    C:\Documents and Settings\Mickelle1\Cookies\[email protected][2].txt -> Spyware.Cookie.Spylog : Cleaned with backup
    C:\Documents and Settings\Mickelle1\Cookies\[email protected][2].txt -> Spyware.Cookie.Statcounter : Cleaned with backup
    C:\Documents and Settings\Mickelle1\Cookies\[email protected][1].txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
    C:\Documents and Settings\Mickelle1\Cookies\[email protected][1].txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
    C:\Documents and Settings\Mickelle1\Cookies\[email protected][2].txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
    C:\Documents and Settings\Mickelle1\Cookies\[email protected][1].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
    C:\Documents and Settings\Mickelle1\Cookies\[email protected][1].txt -> Spyware.Cookie.Valueclick : Cleaned with backup
    C:\Documents and Settings\Mickelle1\Cookies\[email protected][2].txt -> Spyware.Cookie.Valueclick : Cleaned with backup
    C:\Documents and Settings\Mickelle1\Cookies\[email protected][2].txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup
    C:\Documents and Settings\Mickelle1\Cookies\[email protected][2].txt -> Spyware.Cookie.Casinotropez : Cleaned with backup
    C:\Documents and Settings\Mickelle1\Cookies\[email protected][1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
    C:\Documents and Settings\Mickelle1\Cookies\[email protected][1].txt -> Spyware.Cookie.Adserver : Cleaned with backup
    C:\Documents and Settings\Raven\Cookies\[email protected][2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
    C:\Documents and Settings\Raven\Cookies\[email protected][1].txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
    C:\Documents and Settings\Raven\Cookies\[email protected][1].txt -> Spyware.Cookie.Burstnet : Cleaned with backup
    C:\Documents and Settings\Raven\Cookies\[email protected][1].txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
    C:\Documents and Settings\Raven\Cookies\[email protected][1].txt -> Spyware.Cookie.Centrport : Cleaned with backup
    C:\Documents and Settings\Raven\Cookies\[email protected][2].txt -> Spyware.Cookie.Com : Cleaned with backup
    C:\Documents and Settings\Raven\Cookies\[email protected][2].txt -> Spyware.Cookie.Fastclick : Cleaned with backup
    C:\Documents and Settings\Raven\Cookies\[email protected][1].txt -> Spyware.Cookie.Findwhat : Cleaned with backup
    C:\Documents and Settings\Raven\Cookies\[email protected][1].txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
    C:\Documents and Settings\Raven\Cookies\[email protected][1].txt -> Spyware.Cookie.Statcounter : Cleaned with backup
    C:\Documents and Settings\Raven\Cookies\[email protected][1].txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
    C:\Documents and Settings\Raven\Cookies\[email protected][1].txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
    C:\Documents and Settings\Raven\Cookies\[email protected][2].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
    C:\Documents and Settings\Raven\Cookies\[email protected][1].txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup
    C:\Documents and Settings\Raven\Cookies\[email protected][1].txt -> Spyware.Cookie.Burstnet : Cleaned with backup
    C:\Documents and Settings\Raven\Cookies\[email protected][1].txt -> Spyware.Cookie.Adserver : Cleaned with backup
    :mozilla.8:C:\Documents and Settings\Son\Application Data\Mozilla\Firefox\Profiles\imy2ibre.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
    :mozilla.29:C:\Documents and Settings\Son\Application Data\Mozilla\Firefox\Profiles\imy2ibre.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
    :mozilla.30:C:\Documents and Settings\Son\Application Data\Mozilla\Firefox\Profiles\imy2ibre.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
    :mozilla.31:C:\Documents and Settings\Son\Application Data\Mozilla\Firefox\Profiles\imy2ibre.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
    :mozilla.32:C:\Documents and Settings\Son\Application Data\Mozilla\Firefox\Profiles\imy2ibre.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
    :mozilla.47:C:\Documents and Settings\Son\Application Data\Mozilla\Firefox\Profiles\imy2ibre.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
    :mozilla.48:C:\Documents and Settings\Son\Application Data\Mozilla\Firefox\Profiles\imy2ibre.default\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
    :mozilla.49:C:\Documents and Settings\Son\Application Data\Mozilla\Firefox\Profiles\imy2ibre.default\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
    :mozilla.59:C:\Documents and Settings\Son\Application Data\Mozilla\Firefox\Profiles\imy2ibre.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
    :mozilla.60:C:\Documents and Settings\Son\Application Data\Mozilla\Firefox\Profiles\imy2ibre.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
    :mozilla.61:C:\Documents and Settings\Son\Application Data\Mozilla\Firefox\Profiles\imy2ibre.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
    :mozilla.62:C:\Documents and Settings\Son\Application Data\Mozilla\Firefox\Profiles\imy2ibre.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
    :mozilla.63:C:\Documents and Settings\Son\Application Data\Mozilla\Firefox\Profiles\imy2ibre.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
    :mozilla.65:C:\Documents and Settings\Son\Application Data\Mozilla\Firefox\Profiles\imy2ibre.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
    C:\Documents and Settings\Son\Cookies\[email protected][1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
    C:\Documents and Settings\Son\Cookies\[email protected][1].txt -> Spyware.Cookie.Specificclick : Cleaned with backup
    C:\Documents and Settings\Son\Cookies\[email protected][1].txt -> Spyware.Cookie.Pointroll : Cleaned with backup
    C:\Documents and Settings\Son\Cookies\[email protected][1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
    C:\Documents and Settings\Son\Cookies\[email protected][1].txt -> Spyware.Cookie.Com : Cleaned with backup
    C:\Documents and Settings\Son\Cookies\[email protected][1].txt -> Spyware.Cookie.Masterstats : Cleaned with backup
    C:\Documents and Settings\Son\Cookies\[email protected][1].txt -> Spyware.Cookie.Com : Cleaned with backup
    C:\Documents and Settings\Son\Cookies\[email protected][2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
    C:\Documents and Settings\Son\Cookies\[email protected][2].txt -> Spyware.Cookie.Com : Cleaned with backup
    C:\Documents and Settings\Son\Cookies\[email protected][1].txt -> Spyware.Cookie.Overture : Cleaned with backup
    C:\Documents and Settings\Son\Cookies\[email protected][1].txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
    :mozilla.12:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Avitronone\uh2o2zts.slt\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
    :mozilla.13:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Avitronone\uh2o2zts.slt\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
    :mozilla.15:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Avitronone\uh2o2zts.slt\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
    :mozilla.17:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Avitronone\uh2o2zts.slt\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
    :mozilla.22:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Avitronone\uh2o2zts.slt\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
    :mozilla.24:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Avitronone\uh2o2zts.slt\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
    :mozilla.27:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Avitronone\uh2o2zts.slt\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
    :mozilla.30:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Avitronone\uh2o2zts.slt\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
    :mozilla.31:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Avitronone\uh2o2zts.slt\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
    :mozilla.33:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Avitronone\uh2o2zts.slt\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
    :mozilla.39:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Avitronone\uh2o2zts.slt\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
    :mozilla.47:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Avitronone\uh2o2zts.slt\cookies.txt -> Spyware.Cookie.Qksrv : Cleaned with backup
    :mozilla.48:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Avitronone\uh2o2zts.slt\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
    :mozilla.49:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Avitronone\uh2o2zts.slt\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
    :mozilla.53:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Avitronone\uh2o2zts.slt\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
    :mozilla.58:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Avitronone\uh2o2zts.slt\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
    :mozilla.62:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Avitronone\uh2o2zts.slt\cookies.txt -> Spyware.Cookie.Euniverseads : Cleaned with backup
    :mozilla.63:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Avitronone\uh2o2zts.slt\cookies.txt -> Spyware.Cookie.Euniverseads : Cleaned with backup
    :mozilla.70:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Avitronone\uh2o2zts.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
    :mozilla.72:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Avitronone\uh2o2zts.slt\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
    :mozilla.76:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Avitronone\uh2o2zts.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
    :mozilla.78:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Avitronone\uh2o2zts.slt\cookies.txt -> Spyware.Cookie.Revenue : Cleaned with backup
    :mozilla.82:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Avitronone\uh2o2zts.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
    :mozilla.83:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Avitronone\uh2o2zts.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
    :mozilla.84:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Avitronone\uh2o2zts.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
    :mozilla.88:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Avitronone\uh2o2zts.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
    :mozilla.93:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Avitronone\uh2o2zts.slt\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
    :mozilla.97:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Avitronone\uh2o2zts.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
    :mozilla.98:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Avitronone\uh2o2zts.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
    :mozilla.105:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Avitronone\uh2o2zts.slt\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
    :mozilla.107:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Avitronone\uh2o2zts.slt\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
    :mozilla.111:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Avitronone\uh2o2zts.slt\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
    :mozilla.10:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\AvitronUber\pvdgi7uu.slt\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
    :mozilla.11:C:\Program Files\CompuServe
     
  5. talmadge16

    talmadge16 Thread Starter

    Joined:
    Nov 20, 2005
    Messages:
    5
    7.0\gecko\usr\Profiles\AvitronUber\pvdgi7uu.slt\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
    :mozilla.12:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\AvitronUber\pvdgi7uu.slt\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
    :mozilla.15:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\AvitronUber\pvdgi7uu.slt\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
    :mozilla.16:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\AvitronUber\pvdgi7uu.slt\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
    :mozilla.28:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\AvitronUber\pvdgi7uu.slt\cookies.txt -> Spyware.Cookie.Qksrv : Cleaned with backup
    :mozilla.6:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Desprial\ol6wv527.slt\cookies.txt -> Spyware.Cookie.Sexlist : Cleaned with backup
    :mozilla.7:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Desprial\ol6wv527.slt\cookies.txt -> Spyware.Cookie.Paycounter : Cleaned with backup
    :mozilla.8:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Desprial\ol6wv527.slt\cookies.txt -> Spyware.Cookie.Sextracker : Cleaned with backup
    :mozilla.9:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Desprial\ol6wv527.slt\cookies.txt -> Spyware.Cookie.Sextracker : Cleaned with backup
    :mozilla.10:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Desprial\ol6wv527.slt\cookies.txt -> Spyware.Cookie.Sexlist : Cleaned with backup
    :mozilla.6:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Jimmy123410\mblk28v2.slt\cookies.txt -> Spyware.Cookie.Sextracker : Cleaned with backup
    :mozilla.7:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Jimmy123410\mblk28v2.slt\cookies.txt -> Spyware.Cookie.Sextracker : Cleaned with backup
    :mozilla.8:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Jimmy123410\mblk28v2.slt\cookies.txt -> Spyware.Cookie.Sexlist : Cleaned with backup
    :mozilla.6:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\OMindf\2gm36liq.slt\cookies.txt -> Spyware.Cookie.Revenue : Cleaned with backup
    :mozilla.7:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\OMindf\2gm36liq.slt\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
    :mozilla.8:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\OMindf\2gm36liq.slt\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
    :mozilla.9:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\OMindf\2gm36liq.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
    :mozilla.10:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\OMindf\2gm36liq.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
    :mozilla.11:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\OMindf\2gm36liq.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
    :mozilla.12:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\OMindf\2gm36liq.slt\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
    :mozilla.13:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\OMindf\2gm36liq.slt\cookies.txt -> Spyware.Cookie.Gator : Cleaned with backup
    :mozilla.14:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\OMindf\2gm36liq.slt\cookies.txt -> Spyware.Cookie.Sextracker : Cleaned with backup
    :mozilla.15:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\OMindf\2gm36liq.slt\cookies.txt -> Spyware.Cookie.Sextracker : Cleaned with backup
    :mozilla.16:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\OMindf\2gm36liq.slt\cookies.txt -> Spyware.Cookie.Sextracker : Cleaned with backup
    :mozilla.17:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\OMindf\2gm36liq.slt\cookies.txt -> Spyware.Cookie.Sextracker : Cleaned with backup
    :mozilla.18:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\OMindf\2gm36liq.slt\cookies.txt -> Spyware.Cookie.Sextracker : Cleaned with backup
    :mozilla.19:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\OMindf\2gm36liq.slt\cookies.txt -> Spyware.Cookie.Sextracker : Cleaned with backup
    :mozilla.21:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\OMindf\2gm36liq.slt\cookies.txt -> Spyware.Cookie.Paycounter : Cleaned with backup
    :mozilla.23:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\OMindf\2gm36liq.slt\cookies.txt -> Spyware.Cookie.Sexlist : Cleaned with backup
    :mozilla.24:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\OMindf\2gm36liq.slt\cookies.txt -> Spyware.Cookie.Sextracker : Cleaned with backup
    :mozilla.25:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\OMindf\2gm36liq.slt\cookies.txt -> Spyware.Cookie.Sextracker : Cleaned with backup
    :mozilla.26:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\OMindf\2gm36liq.slt\cookies.txt -> Spyware.Cookie.Sexlist : Cleaned with backup
    :mozilla.28:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\OMindf\2gm36liq.slt\cookies.txt -> Spyware.Cookie.Sexlist : Cleaned with backup
    :mozilla.30:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\OMindf\2gm36liq.slt\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
    :mozilla.34:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\OMindf\2gm36liq.slt\cookies.txt -> Spyware.Cookie.Sextracker : Cleaned with backup
    :mozilla.35:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\OMindf\2gm36liq.slt\cookies.txt -> Spyware.Cookie.Sextracker : Cleaned with backup
    :mozilla.36:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\OMindf\2gm36liq.slt\cookies.txt -> Spyware.Cookie.Sextracker : Cleaned with backup
    :mozilla.37:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\OMindf\2gm36liq.slt\cookies.txt -> Spyware.Cookie.Sextracker : Cleaned with backup
    :mozilla.38:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\OMindf\2gm36liq.slt\cookies.txt -> Spyware.Cookie.Sextracker : Cleaned with backup
    :mozilla.39:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\OMindf\2gm36liq.slt\cookies.txt -> Spyware.Cookie.Sextracker : Cleaned with backup
    :mozilla.40:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\OMindf\2gm36liq.slt\cookies.txt -> Spyware.Cookie.Sexlist : Cleaned with backup
    :mozilla.6:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Thuaaa424130845\c0b4sa5v.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
    :mozilla.9:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Thuaaa424130845\c0b4sa5v.slt\cookies.txt -> Spyware.Cookie.Paycounter : Cleaned with backup
    :mozilla.10:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Thuaaa424130845\c0b4sa5v.slt\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
    :mozilla.11:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Thuaaa424130845\c0b4sa5v.slt\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
    :mozilla.12:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Thuaaa424130845\c0b4sa5v.slt\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
    :mozilla.13:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Thuaaa424130845\c0b4sa5v.slt\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
    :mozilla.14:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Thuaaa424130845\c0b4sa5v.slt\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
    :mozilla.17:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Thuaaa424130845\c0b4sa5v.slt\cookies.txt -> Spyware.Cookie.Porngraph : Cleaned with backup
    :mozilla.23:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Thuaaa424130845\c0b4sa5v.slt\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
    :mozilla.28:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Thuaaa424130845\c0b4sa5v.slt\cookies.txt -> Spyware.Cookie.Sexlist : Cleaned with backup
    :mozilla.32:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Thuaaa424130845\c0b4sa5v.slt\cookies.txt -> Spyware.Cookie.Sexlist : Cleaned with backup
    :mozilla.36:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Thuaaa424130845\c0b4sa5v.slt\cookies.txt -> Spyware.Cookie.Xxxtoolbar : Cleaned with backup
    :mozilla.37:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Thuaaa424130845\c0b4sa5v.slt\cookies.txt -> Spyware.Cookie.Xxxtoolbar : Cleaned with backup
    :mozilla.38:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Thuaaa424130845\c0b4sa5v.slt\cookies.txt -> Spyware.Cookie.Xxxtoolbar : Cleaned with backup
    :mozilla.46:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Thuaaa424130845\c0b4sa5v.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
    :mozilla.48:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Thuaaa424130845\c0b4sa5v.slt\cookies.txt -> Spyware.Cookie.Sexlist : Cleaned with backup
    :mozilla.49:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Thuaaa424130845\c0b4sa5v.slt\cookies.txt -> Spyware.Cookie.Porngraph : Cleaned with backup
    :mozilla.50:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Thuaaa424130845\c0b4sa5v.slt\cookies.txt -> Spyware.Cookie.Sexlist : Cleaned with backup
    :mozilla.51:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Thuaaa424130845\c0b4sa5v.slt\cookies.txt -> Spyware.Cookie.Clickzs : Cleaned with backup
    :mozilla.53:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Thuaaa424130845\c0b4sa5v.slt\cookies.txt -> Spyware.Cookie.Porngraph : Cleaned with backup
    :mozilla.54:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Thuaaa424130845\c0b4sa5v.slt\cookies.txt -> Spyware.Cookie.Sexlist : Cleaned with backup
    :mozilla.66:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Thuaaa424130845\c0b4sa5v.slt\cookies.txt -> Spyware.Cookie.Sextracker : Cleaned with backup
    :mozilla.67:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Thuaaa424130845\c0b4sa5v.slt\cookies.txt -> Spyware.Cookie.Sextracker : Cleaned with backup
    :mozilla.6:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Tmickellet\shpnap0x.slt\cookies.txt -> Spyware.Cookie.Sexlist : Cleaned with backup
    :mozilla.18:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Tmickellet\shpnap0x.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
    :mozilla.19:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Tmickellet\shpnap0x.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
    :mozilla.23:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Tmickellet\shpnap0x.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
    :mozilla.24:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Tmickellet\shpnap0x.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
    :mozilla.25:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Tmickellet\shpnap0x.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
    :mozilla.26:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Tmickellet\shpnap0x.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
    :mozilla.32:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Tmickellet\shpnap0x.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
    :mozilla.37:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Tmickellet\shpnap0x.slt\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
    :mozilla.43:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Tmickellet\shpnap0x.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
    :mozilla.44:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Tmickellet\shpnap0x.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
    :mozilla.45:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Tmickellet\shpnap0x.slt\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
    :mozilla.50:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Tmickellet\shpnap0x.slt\cookies.txt -> Spyware.Cookie.Addynamix : Cleaned with backup
    :mozilla.51:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Tmickellet\shpnap0x.slt\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
    :mozilla.53:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Tmickellet\shpnap0x.slt\cookies.txt -> Spyware.Cookie.Adition : Cleaned with backup
    :mozilla.54:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Tmickellet\shpnap0x.slt\cookies.txt -> Spyware.Cookie.Adition : Cleaned with backup
    :mozilla.59:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Tmickellet\shpnap0x.slt\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
    :mozilla.64:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Tmickellet\shpnap0x.slt\cookies.txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
    :mozilla.66:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Tmickellet\shpnap0x.slt\cookies.txt -> Spyware.Cookie.Enliven : Cleaned with backup
    :mozilla.67:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Tmickellet\shpnap0x.slt\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
    :mozilla.70:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Tmickellet\shpnap0x.slt\cookies.txt -> Spyware.Cookie.Bfast : Cleaned with backup
    :mozilla.73:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Tmickellet\shpnap0x.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
    :mozilla.74:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Tmickellet\shpnap0x.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
    :mozilla.77:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Tmickellet\shpnap0x.slt\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
    :mozilla.78:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Tmickellet\shpnap0x.slt\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
    :mozilla.79:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Tmickellet\shpnap0x.slt\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
    :mozilla.81:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Tmickellet\shpnap0x.slt\cookies.txt -> Spyware.Cookie.Revenue : Cleaned with backup
    :mozilla.88:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Tmickellet\shpnap0x.slt\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
    :mozilla.89:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Tmickellet\shpnap0x.slt\cookies.txt -> Spyware.Cookie.Qksrv : Cleaned with backup
    :mozilla.90:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Tmickellet\shpnap0x.slt\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
    :mozilla.91:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Tmickellet\shpnap0x.slt\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
    :mozilla.93:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Tmickellet\shpnap0x.slt\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
    :mozilla.99:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Tmickellet\shpnap0x.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
    :mozilla.100:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Tmickellet\shpnap0x.slt\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
    :mozilla.121:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Tmickellet\shpnap0x.slt\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
    :mozilla.122:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Tmickellet\shpnap0x.slt\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
    :mozilla.130:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Tmickellet\shpnap0x.slt\cookies.txt -> Spyware.Cookie.Clickzs : Cleaned with backup
    :mozilla.131:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Tmickellet\shpnap0x.slt\cookies.txt -> Spyware.Cookie.Clickzs : Cleaned with backup
    :mozilla.133:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Tmickellet\shpnap0x.slt\cookies.txt -> Spyware.Cookie.Sexlist : Cleaned with backup
    :mozilla.134:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Tmickellet\shpnap0x.slt\cookies.txt -> Spyware.Cookie.Sexlist : Cleaned with backup
    :mozilla.135:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Tmickellet\shpnap0x.slt\cookies.txt -> Spyware.Cookie.Sexlist : Cleaned with backup
    :mozilla.136:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Tmickellet\shpnap0x.slt\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
    :mozilla.140:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Tmickellet\shpnap0x.slt\cookies.txt -> Spyware.Cookie.Sexlist : Cleaned with backup
    :mozilla.142:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Tmickellet\shpnap0x.slt\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
    :mozilla.145:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Tmickellet\shpnap0x.slt\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
    :mozilla.158:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Tmickellet\shpnap0x.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
    :mozilla.159:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Tmickellet\shpnap0x.slt\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
    :mozilla.162:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Tmickellet\shpnap0x.slt\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
    :mozilla.163:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Tmickellet\shpnap0x.slt\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
    :mozilla.164:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Tmickellet\shpnap0x.slt\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
    :mozilla.165:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Tmickellet\shpnap0x.slt\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
    :mozilla.166:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Tmickellet\shpnap0x.slt\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
    :mozilla.10:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Uberto99\db851zou.slt\cookies.txt -> Spyware.Cookie.Paycounter : Cleaned with backup
    :mozilla.12:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Uberto99\db851zou.slt\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
    :mozilla.13:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Uberto99\db851zou.slt\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
    :mozilla.14:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Uberto99\db851zou.slt\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
    :mozilla.19:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Uberto99\db851zou.slt\cookies.txt -> Spyware.Cookie.Sexlist : Cleaned with backup
    :mozilla.20:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Uberto99\db851zou.slt\cookies.txt -> Spyware.Cookie.Sexlist : Cleaned with backup
    :mozilla.21:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Uberto99\db851zou.slt\cookies.txt -> Spyware.Cookie.Sexlist : Cleaned with backup
    :mozilla.22:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Uberto99\db851zou.slt\cookies.txt -> Spyware.Cookie.Sexlist : Cleaned with backup
    :mozilla.6:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Zcb8\1h513chx.slt\cookies.txt -> Spyware.Cookie.Internetfuel : Cleaned with backup
    :mozilla.7:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Zcb8\1h513chx.slt\cookies.txt -> Spyware.Cookie.Internetfuel : Cleaned with backup
    :mozilla.11:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Zcb8\1h513chx.slt\cookies.txt -> Spyware.Cookie.Sexlist : Cleaned with backup
    :mozilla.15:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Zcb8\1h513chx.slt\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
    :mozilla.17:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Zcb8\1h513chx.slt\cookies.txt -> Spyware.Cookie.Sexlist : Cleaned with backup
    :mozilla.18:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Zcb8\1h513chx.slt\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
    :mozilla.19:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Zcb8\1h513chx.slt\cookies.txt -> Spyware.Cookie.Internetfuel : Cleaned with backup
    :mozilla.20:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Zcb8\1h513chx.slt\cookies.txt -> Spyware.Cookie.Sexlist : Cleaned with backup
    :mozilla.21:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Zcb8\1h513chx.slt\cookies.txt -> Spyware.Cookie.Internetfuel : Cleaned with backup
    :mozilla.22:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Zcb8\1h513chx.slt\cookies.txt -> Spyware.Cookie.Internetfuel : Cleaned with backup
    :mozilla.23:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Zcb8\1h513chx.slt\cookies.txt -> Spyware.Cookie.Sextracker : Cleaned with backup
    :mozilla.24:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Zcb8\1h513chx.slt\cookies.txt -> Spyware.Cookie.Sextracker : Cleaned with backup
    :mozilla.26:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Zcb8\1h513chx.slt\cookies.txt -> Spyware.Cookie.Paycounter : Cleaned with backup
    :mozilla.27:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Zcb8\1h513chx.slt\cookies.txt -> Spyware.Cookie.Revenue : Cleaned with backup
    :mozilla.28:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Zcb8\1h513chx.slt\cookies.txt -> Spyware.Cookie.Gator : Cleaned with backup
    :mozilla.29:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Zcb8\1h513chx.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
    :mozilla.30:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Zcb8\1h513chx.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
    C:\Program Files\Hijackthis\backups\backup-20051122-165121-559.dll -> TrojanDownloader.Agent.mk : Cleaned with backup
    C:\Program Files\Yahoo!\YPSR\Quarantine\ppq11.tmp -> Spyware.Cookie.Ru4 : Cleaned with backup
    C:\Program Files\Yahoo!\YPSR\Quarantine\ppq12.tmp -> Spyware.Cookie.Falkag : Cleaned with backup
    C:\Program Files\Yahoo!\YPSR\Quarantine\ppq14.tmp -> Spyware.Cookie.Qksrv : Cleaned with backup
    C:\Program Files\Yahoo!\YPSR\Quarantine\ppq16.tmp -> Spyware.Cookie.Revenue : Cleaned with backup
    C:\Program Files\Yahoo!\YPSR\Quarantine\ppq17.tmp -> Spyware.Cookie.Tradedoubler : Cleaned with backup
    C:\Program Files\Yahoo!\YPSR\Quarantine\ppq19.tmp -> Spyware.Cookie.Trafficmp : Cleaned with backup
    C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1A.tmp -> Spyware.Cookie.Tribalfusion : Cleaned with backup
    C:\Program Files\Yahoo!\YPSR\Quarantine\ppq24.tmp -> Spyware.Cookie.2o7 : Cleaned with backup
    C:\Program Files\Yahoo!\YPSR\Quarantine\ppq25.tmp -> Spyware.Cookie.Bluestreak : Cleaned with backup
    C:\Program Files\Yahoo!\YPSR\Quarantine\ppq26.tmp -> Spyware.Cookie.Casalemedia : Cleaned with backup
    C:\Program Files\Yahoo!\YPSR\Quarantine\ppq27.tmp -> Spyware.Cookie.Com : Cleaned with backup
    C:\Program Files\Yahoo!\YPSR\Quarantine\ppq28.tmp -> Spyware.Cookie.Fastclick : Cleaned with backup
    C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2A.tmp -> Spyware.Cookie.Onestat : Cleaned with backup
    C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2B.tmp -> Spyware.Cookie.Trafficmp : Cleaned with backup
    C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2C.tmp -> Spyware.Cookie.Tribalfusion : Cleaned with backup
    C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2D.tmp -> Spyware.Cookie.Adserver : Cleaned with backup
    C:\Program Files\Yahoo!\YPSR\Quarantine\ppq4C.tmp -> Spyware.Cookie.Centrport : Cleaned with backup
    C:\Program Files\Yahoo!\YPSR\Quarantine\ppq4D.tmp -> Spyware.Cookie.Questionmarket : Cleaned with backup
    C:\Program Files\Yahoo!\YPSR\Quarantine\ppq4E.tmp -> Spyware.Cookie.Serving-sys : Cleaned with backup
    C:\Program Files\Yahoo!\YPSR\Quarantine\ppqB.tmp -> Spyware.Cookie.247realmedia : Cleaned with backup
    C:\Program Files\Yahoo!\YPSR\Quarantine\ppqC.tmp -> Spyware.Cookie.2o7 : Cleaned with backup
    C:\Program Files\Yahoo!\YPSR\Quarantine\ppqE.tmp -> Spyware.Cookie.Casalemedia : Cleaned with backup
    C:\Program Files\Yahoo!\YPSR\Quarantine\ppqF.tmp -> Spyware.Cookie.Bridgetrack : Cleaned with backup
    C:\WINDOWS\system\BHOmod.dll -> TrojanDownloader.Agent.li : Cleaned with backup




    I did not know how much **** was on my computer, I have a brother and a friend who go on my account regularly, with my sister in chat rooms so I dunno wtf happen here.
     
  6. talmadge16

    talmadge16 Thread Starter

    Joined:
    Nov 20, 2005
    Messages:
    5
    Logfile of HijackThis v1.99.1
    Scan saved at 6:49:03 PM, on 11/22/2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Yahoo!\Antivirus\ISafe.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Norton Utilities\NPROTECT.EXE
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\Speed Disk\nopdb.exe
    C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    C:\Program Files\BroadJump\Client Foundation\CFD.exe
    C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
    C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
    C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
    C:\WINDOWS\system32\devldr32.exe
    C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
    C:\PROGRA~1\Yahoo!\browser\ycommon.exe
    C:\PROGRA~1\Yahoo!\YOP\yop.exe
    C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\program files\steam\steam.exe
    C:\Program Files\AIM\aim.exe
    C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
    C:\Program Files\ewido\security suite\ewidoguard.exe
    C:\Program Files\ewido\security suite\ewidoctrl.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../sbcydsl/*http://www.yahoo.com/search/ie.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydsl/*http://www.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../sbcydsl/*http://www.yahoo.com/search/ie.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydsl/*http://www.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll
    O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\common\YIeTagBm.dll
    O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
    O3 - Toolbar: (no name) - {46AE04C0-BCFA-4728-90E7-00EB4A8B3863} - (no file)
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
    O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
    O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
    O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
    O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
    O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
    O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
    O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
    O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
    O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
    O8 - Extra context menu item: Download all by Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
    O8 - Extra context menu item: Download by Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
    O8 - Extra context menu item: Download selected by Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
    O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
    O8 - Extra context menu item: Download web site by Free Download Manager - file://C:\Program Files\Free Download Manager\dlpage.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
    O9 - Extra button: SBC Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\WINDOWS\System32\shdocvw.dll
    O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\WINDOWS\System32\shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {192F9A01-8030-48CE-9BC6-B03DE3E613C6} (PeoplePC Web Installer) - http://www.peoplepc.com/ppcos/isp60/download/ppcwebi.cab
    O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1130173210450
    O16 - DPF: {68BCE50A-DC9B-4519-A118-6FDA19DB450D} (Info Class) - http://www.wow-europe.com/signup/en/wowbeta/Si.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1130173172415
    O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab30149.cab
    O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://messenger.zone.msn.com/binary/ZAxRcMgr.cab
    O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
    O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
    O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
    O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
    O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
    O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton Utilities\NPROTECT.EXE
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Speed Disk service - Symantec Corporation - C:\Program Files\Speed Disk\nopdb.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
    O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
     
  7. talmadge16

    talmadge16 Thread Starter

    Joined:
    Nov 20, 2005
    Messages:
    5
    Wow 3 pages I think this is prolly the most anyone has seen rofl. :eek:
     
  8. illukka

    illukka

    Joined:
    Jun 4, 2005
    Messages:
    34
    hi

    hmm ive had people send me over 3mb logs of ewido, yours is not that bad ;)

    edit:

    open hijackthis, press do a system scan only, put checkmarks next to the following lines:


    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../search/ie.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cus...//www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/cus...//www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../search/ie.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cus...//www.yahoo.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cus...//www.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    O3 - Toolbar: (no name) - {46AE04C0-BCFA-4728-90E7-00EB4A8B3863} - (no file)
    O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe


    then close all other programs, until only hjt is running, and click fix checked

    reboot

    post a final log
     
  9. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Similar Threads - TrojanDownloader win32 agent
  1. Sumfeg
    Replies:
    0
    Views:
    963
  2. dreamy.dancer
    Replies:
    6
    Views:
    2,027
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/418272

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice