WE'RE SURE THAT YOU'LL LOVE US!
Hey there! 
Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. 
Join 93101 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.
Try What the Tech -- It's free!
removal of popup(virus?)
Started by
paulelie
, Jan 03 2006 02:40 PM
-
This topic is locked
18 replies to this topic
#1
paulelie
-
- Authentic Member
-
- 19 posts
New Member
Posted 03 January 2006 - 02:40 PM
Register to Remove
#2
Siggyx
-
- Authentic Member
-
- 6,776 posts
SuperHelper
Posted 03 January 2006 - 04:49 PM
Step # 1
Please download and run CWShredder. Make sure that all browser windows are closed with the exception of Cwshredder and choose FIX.
http://www.majorgeek...7fd6b3ff02edc90
REBOOT
Step #2
Please download and run Spybot 1.4 & AdAware SE Then follow the instructions in the link below to run.
Spybot & Adaware Tutorial
REBOOT
Step # 3
Then do 2 virus scans here >>>
Trend Micro
Panda
Reboot and post a new HiJackThis log.
Please download and run CWShredder. Make sure that all browser windows are closed with the exception of Cwshredder and choose FIX.
http://www.majorgeek...7fd6b3ff02edc90
REBOOT
Step #2
Please download and run Spybot 1.4 & AdAware SE Then follow the instructions in the link below to run.
Spybot & Adaware Tutorial
REBOOT
Step # 3
Then do 2 virus scans here >>>
Trend Micro
Panda
Reboot and post a new HiJackThis log.
#3
paulelie
-
- Authentic Member
-
- 19 posts
New Member
Posted 03 January 2006 - 07:39 PM
Logfile of HijackThis v1.99.1
Scan saved at 5:34:36 PM, on 1/3/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
E:\WINNT\System32\smss.exe
E:\WINNT\system32\winlogon.exe
E:\WINNT\system32\services.exe
E:\WINNT\system32\lsass.exe
E:\WINNT\system32\svchost.exe
E:\WINNT\system32\spoolsv.exe
E:\WINNT\System32\svchost.exe
E:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
E:\WINNT\system32\regsvc.exe
E:\WINNT\system32\MSTask.exe
E:\WINNT\System32\sgidmsvc.exe
E:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
E:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
E:\WINNT\System32\WBEM\WinMgmt.exe
E:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
E:\WINNT\Explorer.EXE
E:\WINNT\system32\winPE.exe
E:\WINNT\system32\SGITray.exe
E:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
E:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe
E:\WINNT\system32\autowckx.exe
E:\Program Files\Mozilla Firefox\firefox.exe
E:\WINNT\System32\svchost.exe
E:\Documents and Settings\paul elie\Desktop\hijackthis\HijackThis.exe
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - E:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Microsoft Windows Autowckx] autowckx.exe
O4 - HKLM\..\Run: [ms ownage] winPE.exe
O4 - HKLM\..\Run: [SGITRAY] SGITray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] E:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [pccguide.exe] "E:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe"
O4 - HKLM\..\RunServices: [Microsoft Windows Autowckx] autowckx.exe
O4 - HKLM\..\RunServices: [ms ownage] winPE.exe
O4 - HKCU\..\Run: [Microsoft Windows Autowckx] autowckx.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - E:\WINNT\System32\dmadmin.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - E:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: SGI Digital Media Service (sgidmsvc) - Silicon Graphics Inc. - E:\WINNT\System32\sgidmsvc.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - E:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - E:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - E:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
#4
paulelie
-
- Authentic Member
-
- 19 posts
New Member
Posted 03 January 2006 - 07:56 PM
i did run the hijack but it runs so fast compare to the first time i am wondering if it just copy the log and replace the date! the trend micro found winpe and could not remove it
question what about norton is it trash?
#5
Siggyx
-
- Authentic Member
-
- 6,776 posts
SuperHelper
Posted 03 January 2006 - 08:26 PM
You have a fairly bad worm/keylogger. You need to change any and all passwords once we are doen.
See here >>>> http://www.sophos.co...w32rbotajl.html
Scan with hijackthis and put a check beside these lines and choose FIX
O4 - HKLM\..\Run: [Microsoft Windows Autowckx] autowckx.exe
O4 - HKLM\..\Run: [ms ownage] winPE.exe
O4 - HKLM\..\RunServices: [Microsoft Windows Autowckx] autowckx.exe
O4 - HKLM\..\RunServices: [ms ownage] winPE.exe
O4 - HKCU\..\Run: [Microsoft Windows Autowckx] autowckx.exe
Then reboot to safe mode (tap f8 while bios loads)
look for and delete these files if present
E:\WINNT\system32\winPE.exe
E:\WINNT\system32\autowckx.exe
Reboot
Please do an online scan with Kaspersky Online Scanner
You will be promted to install an ActiveX component from Kaspersky, Click Yes.
See here >>>> http://www.sophos.co...w32rbotajl.html
Scan with hijackthis and put a check beside these lines and choose FIX
O4 - HKLM\..\Run: [Microsoft Windows Autowckx] autowckx.exe
O4 - HKLM\..\Run: [ms ownage] winPE.exe
O4 - HKLM\..\RunServices: [Microsoft Windows Autowckx] autowckx.exe
O4 - HKLM\..\RunServices: [ms ownage] winPE.exe
O4 - HKCU\..\Run: [Microsoft Windows Autowckx] autowckx.exe
Then reboot to safe mode (tap f8 while bios loads)
look for and delete these files if present
E:\WINNT\system32\winPE.exe
E:\WINNT\system32\autowckx.exe
Reboot
Please do an online scan with Kaspersky Online Scanner
You will be promted to install an ActiveX component from Kaspersky, Click Yes.
- The program will launch and then start to download the latest definition files.
- Once the scanner is installed and the definitions downloaded, click Next.
- Now click on Scan Settings
- In the scan settings make that the following are selected:
- Scan using the following Anti-Virus database:
- Extended (If available otherwise Standard)
- Scan Options:
- Scan Archives
- Scan Mail Bases
- Scan using the following Anti-Virus database:
- Click OK
- Now under select a target to scan select My Computer
- The scan will take a while so be patient and let it run. Once the scan is complete it will display if your system has been infected.
- Now click on the Save as Text button:
- Save the file to your desktop.
- Copy and paste that information in your next post as well as a new hijackthis log please.
#6
paulelie
-
- Authentic Member
-
- 19 posts
New Member
Posted 04 January 2006 - 02:05 AM
[color=#00CCCC]i donwload the trial kapersky and he did find one more recent the rest were in quarantine with norton
i am more seriously now thinlking of migrating my computer needs to the new beOS!
this virus business is a pain....
and i dont want to spend anymoney on it!
so it makes it more painfull!
as i write another popup just came up [/color]
[b]what should i do with them...answer ok or close the window?
Logfile of HijackThis v1.99.1
Scan saved at 11:52:31 PM, on 1/3/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
E:\WINNT\System32\smss.exe
E:\WINNT\system32\winlogon.exe
E:\WINNT\system32\services.exe
E:\WINNT\system32\lsass.exe
E:\WINNT\system32\svchost.exe
E:\WINNT\system32\spoolsv.exe
E:\WINNT\System32\svchost.exe
E:\WINNT\system32\regsvc.exe
E:\WINNT\system32\MSTask.exe
E:\WINNT\System32\sgidmsvc.exe
E:\WINNT\System32\WBEM\WinMgmt.exe
E:\WINNT\Explorer.EXE
E:\WINNT\system32\SGITray.exe
E:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
D:\PROGRA~1\KASPER~1\KASPER~1\KASPER~3\OESpamTest.ExE
D:\Program Files\Kaspersky Lab\Kaspersky Security Suite\Kaspersky Anti-Hacker\KAVPF.exe
E:\Documents and Settings\paul elie\Desktop\hijackthis\HijackThis.exe
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - E:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SGITRAY] SGITray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] E:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [ccApp] "E:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [KAVPersonal50] "d:\Program Files\Kaspersky Lab\Kaspersky Security Suite\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKLM\..\Run: [OESpamTest] d:\PROGRA~1\KASPER~1\KASPER~1\KASPER~3\OESpamTest.ExE
O4 - Global Startup: Kaspersky Anti-Hacker.lnk = D:\Program Files\Kaspersky Lab\Kaspersky Security Suite\Kaspersky Anti-Hacker\KAVPF.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - E:\WINNT\System32\dmadmin.exe
O23 - Service: kavsvc - Kaspersky Lab - d:\Program Files\Kaspersky Lab\Kaspersky Security Suite\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: SGI Digital Media Service (sgidmsvc) - Silicon Graphics Inc. - E:\WINNT\System32\sgidmsvc.exe
i am more seriously now thinlking of migrating my computer needs to the new beOS!
this virus business is a pain....
and i dont want to spend anymoney on it!
so it makes it more painfull!
as i write another popup just came up [/color]
[b]what should i do with them...answer ok or close the window?
Logfile of HijackThis v1.99.1
Scan saved at 11:52:31 PM, on 1/3/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
E:\WINNT\System32\smss.exe
E:\WINNT\system32\winlogon.exe
E:\WINNT\system32\services.exe
E:\WINNT\system32\lsass.exe
E:\WINNT\system32\svchost.exe
E:\WINNT\system32\spoolsv.exe
E:\WINNT\System32\svchost.exe
E:\WINNT\system32\regsvc.exe
E:\WINNT\system32\MSTask.exe
E:\WINNT\System32\sgidmsvc.exe
E:\WINNT\System32\WBEM\WinMgmt.exe
E:\WINNT\Explorer.EXE
E:\WINNT\system32\SGITray.exe
E:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
D:\PROGRA~1\KASPER~1\KASPER~1\KASPER~3\OESpamTest.ExE
D:\Program Files\Kaspersky Lab\Kaspersky Security Suite\Kaspersky Anti-Hacker\KAVPF.exe
E:\Documents and Settings\paul elie\Desktop\hijackthis\HijackThis.exe
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - E:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SGITRAY] SGITray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] E:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [ccApp] "E:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [KAVPersonal50] "d:\Program Files\Kaspersky Lab\Kaspersky Security Suite\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKLM\..\Run: [OESpamTest] d:\PROGRA~1\KASPER~1\KASPER~1\KASPER~3\OESpamTest.ExE
O4 - Global Startup: Kaspersky Anti-Hacker.lnk = D:\Program Files\Kaspersky Lab\Kaspersky Security Suite\Kaspersky Anti-Hacker\KAVPF.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - E:\WINNT\System32\dmadmin.exe
O23 - Service: kavsvc - Kaspersky Lab - d:\Program Files\Kaspersky Lab\Kaspersky Security Suite\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: SGI Digital Media Service (sgidmsvc) - Silicon Graphics Inc. - E:\WINNT\System32\sgidmsvc.exe
#7
Siggyx
-
- Authentic Member
-
- 6,776 posts
SuperHelper
Posted 04 January 2006 - 07:49 PM
Download Asqaured from the link below. Update it and then scan your system allowing it to remove what it finds.
A Asquared >>>> http://www.emsisoft....tware/download/
Next
Download MicroWorld virus scan here >>> Micro World http://www.mwti.net/...e_utilities.asp
To run the virus scan make sure you click the following
memory, registry, startup folders, system folders, services, drive (all drives will be added) then click on scan clean. When the scan is complete hilight all the files in the LOWER box. Then ctrl + c and paste them into the thread ctrl + v.
I warn you the scan will take a long time to run and will not fix anything just identifies bad files.
A Asquared >>>> http://www.emsisoft....tware/download/
Next
Download MicroWorld virus scan here >>> Micro World http://www.mwti.net/...e_utilities.asp
To run the virus scan make sure you click the following
memory, registry, startup folders, system folders, services, drive (all drives will be added) then click on scan clean. When the scan is complete hilight all the files in the LOWER box. Then ctrl + c and paste them into the thread ctrl + v.
I warn you the scan will take a long time to run and will not fix anything just identifies bad files.
#8
paulelie
-
- Authentic Member
-
- 19 posts
New Member
Posted 04 January 2006 - 09:52 PM
i would like tos how my aprication, but right now i am very poor....but i do have paintings! feel free to take one if you want to use it ...i willsend you a larger resolution...
www.paulelie.com
#9
Siggyx
-
- Authentic Member
-
- 6,776 posts
SuperHelper
Posted 04 January 2006 - 09:54 PM
I am happy to help people that have compter problems for free. Money is not an issue so please do not worry about it. My reward is helping others.
#10
paulelie
-
- Authentic Member
-
- 19 posts
New Member
Posted 04 January 2006 - 09:59 PM
thank you anyway.....
Register to Remove
#11
paulelie
-
- Authentic Member
-
- 19 posts
New Member
Posted 05 January 2006 - 11:22 AM
i think it is going to be a long story ...
the computer seems to have stop the scan a reboot by itself overnight...so i resat the scan after i clear the log and sofar i got this:
i wuill paste it in section as sson as i can catch it!
Object "redv Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "redv Spyware/Adware" found in File System! Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "d:\Program Files\Kaspersky Lab\Kaspersky Security Suite\Kaspersky Anti-Spam Personal\CFData\main0000.arc". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "d:\Program Files\Kaspersky Lab\Kaspersky Security Suite\Kaspersky Anti-Spam Personal\CFData\main0000.cat". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "d:\Program Files\Kaspersky Lab\Kaspersky Security Suite\Kaspersky Anti-Spam Personal\CFData\main0000.dat". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "d:\Program Files\Kaspersky Lab\Kaspersky Security Suite\Kaspersky Anti-Spam Personal\CFData\main0000.dcs". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "d:\Program Files\Kaspersky Lab\Kaspersky Security Suite\Kaspersky Anti-Spam Personal\CFData\main0000.gsg". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "d:\Program Files\Kaspersky Lab\Kaspersky Security Suite\Kaspersky Anti-Spam Personal\CFData\main0000.idn". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "d:\Program Files\Kaspersky Lab\Kaspersky Security Suite\Kaspersky Anti-Spam Personal\CFData\main0000.idx". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "d:\Program Files\Kaspersky Lab\Kaspersky Security Suite\Kaspersky Anti-Spam Personal\CFData\main0000.key". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "d:\Program Files\Kaspersky Lab\Kaspersky Security Suite\Kaspersky Anti-Spam Personal\CFData\main0000.mde". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "d:\Program Files\Kaspersky Lab\Kaspersky Security Suite\Kaspersky Anti-Spam Personal\CFData\main0000.men". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "d:\Program Files\Kaspersky Lab\Kaspersky Security Suite\Kaspersky Anti-Spam Personal\CFData\main0000.mes". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "d:\Program Files\Kaspersky Lab\Kaspersky Security Suite\Kaspersky Anti-Spam Personal\CFData\main0000.mfr". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "d:\Program Files\Kaspersky Lab\Kaspersky Security Suite\Kaspersky Anti-Spam Personal\CFData\main0000.mph". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "d:\Program Files\Kaspersky Lab\Kaspersky Security Suite\Kaspersky Anti-Spam Personal\CFData\main0000.mru". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "d:\Program Files\Kaspersky Lab\Kaspersky Security Suite\Kaspersky Anti-Spam Personal\CFData\main0000.ldb". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "d:\Program Files\Kaspersky Lab\Kaspersky Security Suite\Kaspersky Anti-Spam Personal\CFData\main0000.pdb". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".dws". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".properties". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".ste". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{EA8C73AA-3D75-44C9-87A2-8E945FC5FEE6}". Action Taken: No Action Taken.
Entry "HKCR\.pot" refers to invalid object "Powerpoint.Template". Action Taken: No Action Taken.
Entry "HKCR\.ppt" refers to invalid object "Powerpoint.Show.7". Action Taken: No Action Taken.
#12
paulelie
-
- Authentic Member
-
- 19 posts
New Member
Posted 05 January 2006 - 02:31 PM
that's what i got at the second scan
Object "redv Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "redv Spyware/Adware" found in File System! Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "d:\Program Files\Kaspersky Lab\Kaspersky Security Suite\Kaspersky Anti-Spam Personal\CFData\main0000.arc". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "d:\Program Files\Kaspersky Lab\Kaspersky Security Suite\Kaspersky Anti-Spam Personal\CFData\main0000.cat". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "d:\Program Files\Kaspersky Lab\Kaspersky Security Suite\Kaspersky Anti-Spam Personal\CFData\main0000.dat". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "d:\Program Files\Kaspersky Lab\Kaspersky Security Suite\Kaspersky Anti-Spam Personal\CFData\main0000.dcs". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "d:\Program Files\Kaspersky Lab\Kaspersky Security Suite\Kaspersky Anti-Spam Personal\CFData\main0000.gsg". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "d:\Program Files\Kaspersky Lab\Kaspersky Security Suite\Kaspersky Anti-Spam Personal\CFData\main0000.idn". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "d:\Program Files\Kaspersky Lab\Kaspersky Security Suite\Kaspersky Anti-Spam Personal\CFData\main0000.idx". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "d:\Program Files\Kaspersky Lab\Kaspersky Security Suite\Kaspersky Anti-Spam Personal\CFData\main0000.key". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "d:\Program Files\Kaspersky Lab\Kaspersky Security Suite\Kaspersky Anti-Spam Personal\CFData\main0000.mde". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "d:\Program Files\Kaspersky Lab\Kaspersky Security Suite\Kaspersky Anti-Spam Personal\CFData\main0000.men". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "d:\Program Files\Kaspersky Lab\Kaspersky Security Suite\Kaspersky Anti-Spam Personal\CFData\main0000.mes". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "d:\Program Files\Kaspersky Lab\Kaspersky Security Suite\Kaspersky Anti-Spam Personal\CFData\main0000.mfr". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "d:\Program Files\Kaspersky Lab\Kaspersky Security Suite\Kaspersky Anti-Spam Personal\CFData\main0000.mph". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "d:\Program Files\Kaspersky Lab\Kaspersky Security Suite\Kaspersky Anti-Spam Personal\CFData\main0000.mru". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "d:\Program Files\Kaspersky Lab\Kaspersky Security Suite\Kaspersky Anti-Spam Personal\CFData\main0000.ldb". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "d:\Program Files\Kaspersky Lab\Kaspersky Security Suite\Kaspersky Anti-Spam Personal\CFData\main0000.pdb". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".dws". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".properties". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".ste". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{EA8C73AA-3D75-44C9-87A2-8E945FC5FEE6}". Action Taken: No Action Taken.
Entry "HKCR\.pot" refers to invalid object "Powerpoint.Template". Action Taken: No Action Taken.
Entry "HKCR\.ppt" refers to invalid object "Powerpoint.Show.7". Action Taken: No Action Taken.
it be that is the same thing that i posted early? it like the same thing
#13
Siggyx
-
- Authentic Member
-
- 6,776 posts
SuperHelper
Posted 05 January 2006 - 07:12 PM
Please download the trial version of Ewido Security Suite here:
http://www.ewido.net/en/download/
Install it, and update the definitions to the newest files.
Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.
Then please run Ewido, and run a full scan. Save the logfile from the scan.
Restart your computer in normal mode and please post a new HijackThis log, as well as the log from the Ewido scan.
http://www.ewido.net/en/download/
Install it, and update the definitions to the newest files.
Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.
Then please run Ewido, and run a full scan. Save the logfile from the scan.
Restart your computer in normal mode and please post a new HijackThis log, as well as the log from the Ewido scan.
#14
paulelie
-
- Authentic Member
-
- 19 posts
New Member
Posted 06 January 2006 - 10:32 AM
hijack log
Logfile of HijackThis v1.99.1
Scan saved at 8:28:54 AM, on 1/6/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
E:\WINNT\System32\smss.exe
E:\WINNT\system32\csrss.exe
E:\WINNT\system32\winlogon.exe
E:\WINNT\system32\services.exe
E:\WINNT\system32\lsass.exe
E:\WINNT\system32\svchost.exe
E:\WINNT\system32\spoolsv.exe
E:\WINNT\System32\svchost.exe
E:\Program Files\ewido anti-malware\ewidoctrl.exe
E:\Program Files\ewido anti-malware\ewidoguard.exe
E:\WINNT\system32\regsvc.exe
E:\WINNT\system32\MSTask.exe
E:\WINNT\System32\sgidmsvc.exe
E:\WINNT\System32\WBEM\WinMgmt.exe
E:\WINNT\Explorer.EXE
E:\WINNT\system32\SGITray.exe
E:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
D:\PROGRA~1\KASPER~1\KASPER~1\KASPER~3\OESpamTest.ExE
E:\Program Files\QuickTime\qttask.exe
E:\Program Files\a-squared\a2guard.exe
D:\Program Files\Kaspersky Lab\Kaspersky Security Suite\Kaspersky Anti-Hacker\KAVPF.exe
E:\Program Files\OpenOffice.org 2.0\program\soffice.exe
E:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
E:\Program Files\Mozilla Firefox\firefox.exe
E:\Documents and Settings\paul elie\Desktop\hijackthis\HijackThis.exe
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - E:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SGITRAY] SGITray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] E:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [ccApp] "E:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [KAVPersonal50] "d:\Program Files\Kaspersky Lab\Kaspersky Security Suite\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKLM\..\Run: [OESpamTest] d:\PROGRA~1\KASPER~1\KASPER~1\KASPER~3\OESpamTest.ExE
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Task Catcher] E:\PROGRA~1\BILLPS~1\TASKCA~1\tasktrap.exe
O4 - HKCU\..\Run: [a-squared] "E:\Program Files\a-squared\a2guard.exe"
O4 - Startup: OpenOffice.org 2.0.lnk = E:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: Kaspersky Anti-Hacker.lnk = D:\Program Files\Kaspersky Lab\Kaspersky Security Suite\Kaspersky Anti-Hacker\KAVPF.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - E:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - E:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - E:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: kavsvc - Kaspersky Lab - d:\Program Files\Kaspersky Lab\Kaspersky Security Suite\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - E:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: SGI Digital Media Service (sgidmsvc) - Silicon Graphics Inc. - E:\WINNT\System32\sgidmsvc.exe
Logfile of HijackThis v1.99.1
Scan saved at 8:28:54 AM, on 1/6/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
E:\WINNT\System32\smss.exe
E:\WINNT\system32\csrss.exe
E:\WINNT\system32\winlogon.exe
E:\WINNT\system32\services.exe
E:\WINNT\system32\lsass.exe
E:\WINNT\system32\svchost.exe
E:\WINNT\system32\spoolsv.exe
E:\WINNT\System32\svchost.exe
E:\Program Files\ewido anti-malware\ewidoctrl.exe
E:\Program Files\ewido anti-malware\ewidoguard.exe
E:\WINNT\system32\regsvc.exe
E:\WINNT\system32\MSTask.exe
E:\WINNT\System32\sgidmsvc.exe
E:\WINNT\System32\WBEM\WinMgmt.exe
E:\WINNT\Explorer.EXE
E:\WINNT\system32\SGITray.exe
E:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
D:\PROGRA~1\KASPER~1\KASPER~1\KASPER~3\OESpamTest.ExE
E:\Program Files\QuickTime\qttask.exe
E:\Program Files\a-squared\a2guard.exe
D:\Program Files\Kaspersky Lab\Kaspersky Security Suite\Kaspersky Anti-Hacker\KAVPF.exe
E:\Program Files\OpenOffice.org 2.0\program\soffice.exe
E:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
E:\Program Files\Mozilla Firefox\firefox.exe
E:\Documents and Settings\paul elie\Desktop\hijackthis\HijackThis.exe
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - E:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SGITRAY] SGITray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] E:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [ccApp] "E:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [KAVPersonal50] "d:\Program Files\Kaspersky Lab\Kaspersky Security Suite\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKLM\..\Run: [OESpamTest] d:\PROGRA~1\KASPER~1\KASPER~1\KASPER~3\OESpamTest.ExE
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Task Catcher] E:\PROGRA~1\BILLPS~1\TASKCA~1\tasktrap.exe
O4 - HKCU\..\Run: [a-squared] "E:\Program Files\a-squared\a2guard.exe"
O4 - Startup: OpenOffice.org 2.0.lnk = E:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: Kaspersky Anti-Hacker.lnk = D:\Program Files\Kaspersky Lab\Kaspersky Security Suite\Kaspersky Anti-Hacker\KAVPF.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - E:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - E:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - E:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: kavsvc - Kaspersky Lab - d:\Program Files\Kaspersky Lab\Kaspersky Security Suite\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - E:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: SGI Digital Media Service (sgidmsvc) - Silicon Graphics Inc. - E:\WINNT\System32\sgidmsvc.exe
#15
paulelie
-
- Authentic Member
-
- 19 posts
New Member
Posted 06 January 2006 - 10:34 AM
ewido anti-malware - Scan report
---------------------------------------------------------
+ Created on: 8:20:04 AM, 1/6/2006
+ Report-Checksum: DB577D2D
+ Scan result:
E:\Documents and Settings\paul\Cookies\paul@ad.yieldmanager[2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
E:\Documents and Settings\paul\Cookies\paul@com[2].txt -> Spyware.Cookie.Com : Cleaned with backup
E:\Documents and Settings\paul\Cookies\paul@data3.perf.overture[2].txt -> Spyware.Cookie.Overture : Cleaned with backup
E:\Documents and Settings\paul\Cookies\paul@e-2dj6wfk4omc5gap.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
E:\Documents and Settings\paul\Cookies\paul@e-2dj6wfkisjc5ofp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
E:\Documents and Settings\paul\Cookies\paul@e-2dj6wfmykpczkap.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
E:\Documents and Settings\paul\Cookies\paul@e-2dj6wjkyglcpalo.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
E:\Documents and Settings\paul\Cookies\paul@e-2dj6wjkyopczsco.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
E:\Documents and Settings\paul\Cookies\paul@e-2dj6wjlooodjehp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
E:\Documents and Settings\paul\Cookies\paul@e-2dj6wjnyopcpefp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
E:\Documents and Settings\paul\Cookies\paul@hypertracker[1].txt -> Spyware.Cookie.Hypertracker : Cleaned with backup
E:\Documents and Settings\paul\Cookies\paul@mads.com[1].txt -> Spyware.Cookie.Com : Cleaned with backup
E:\Documents and Settings\paul\Cookies\paul@microsofteup.112.2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
E:\Documents and Settings\paul\Cookies\paul@www.burstbeacon[1].txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup
:mozilla.26:E:\Documents and Settings\paul elie\Application Data\Mozilla\Firefox\Profiles\uziq8nkn.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.34:E:\Documents and Settings\paul elie\Application Data\Mozilla\Firefox\Profiles\uziq8nkn.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.37:E:\Documents and Settings\paul elie\Application Data\Mozilla\Firefox\Profiles\uziq8nkn.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.38:E:\Documents and Settings\paul elie\Application Data\Mozilla\Firefox\Profiles\uziq8nkn.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.39:E:\Documents and Settings\paul elie\Application Data\Mozilla\Firefox\Profiles\uziq8nkn.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.40:E:\Documents and Settings\paul elie\Application Data\Mozilla\Firefox\Profiles\uziq8nkn.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.43:E:\Documents and Settings\paul elie\Application Data\Mozilla\Firefox\Profiles\uziq8nkn.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.44:E:\Documents and Settings\paul elie\Application Data\Mozilla\Firefox\Profiles\uziq8nkn.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.66:E:\Documents and Settings\paul elie\Application Data\Mozilla\Firefox\Profiles\uziq8nkn.default\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.85:E:\Documents and Settings\paul elie\Application Data\Mozilla\Firefox\Profiles\uziq8nkn.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.86:E:\Documents and Settings\paul elie\Application Data\Mozilla\Firefox\Profiles\uziq8nkn.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.88:E:\Documents and Settings\paul elie\Application Data\Mozilla\Firefox\Profiles\uziq8nkn.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.89:E:\Documents and Settings\paul elie\Application Data\Mozilla\Firefox\Profiles\uziq8nkn.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.108:E:\Documents and Settings\paul elie\Application Data\Mozilla\Firefox\Profiles\uziq8nkn.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.110:E:\Documents and Settings\paul elie\Application Data\Mozilla\Firefox\Profiles\uziq8nkn.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.111:E:\Documents and Settings\paul elie\Application Data\Mozilla\Firefox\Profiles\uziq8nkn.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.112:E:\Documents and Settings\paul elie\Application Data\Mozilla\Firefox\Profiles\uziq8nkn.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.118:E:\Documents and Settings\paul elie\Application Data\Mozilla\Firefox\Profiles\uziq8nkn.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.124:E:\Documents and Settings\paul elie\Application Data\Mozilla\Firefox\Profiles\uziq8nkn.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.125:E:\Documents and Settings\paul elie\Application Data\Mozilla\Firefox\Profiles\uziq8nkn.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
E:\Documents and Settings\paul elie\Cookies\paul elie@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
E:\Documents and Settings\paul elie\Cookies\paul elie@com[1].txt -> Spyware.Cookie.Com : Cleaned with backup
E:\Documents and Settings\paul elie\Cookies\paul elie@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
E:\Documents and Settings\paul elie\Cookies\paul elie@msn-cnet.com[1].txt -> Spyware.Cookie.Com : Cleaned with backup
E:\Documents and Settings\paul elie\Cookies\paul elie@msnportal.112.2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
::Report End
1 user(s) are reading this topic
0 members, 1 guests, 0 anonymous users
