Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 91818 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

WINFIXER 05


  • This topic is locked This topic is locked
10 replies to this topic

#1 T3h Wond3r

T3h Wond3r

    New Member

  • New Member
  • Pip
  • 5 posts

Posted 08 November 2005 - 09:10 AM

I've changed my browser to Mozilla Firefox (originally Internet Explorer), afer having thought that I'd managed to remove Winfixer 05 - yet Winfixer 05 pop-ups keep appearing in Internet Explorer windows, as do other micellanious pop-ups (loans, online cassinos, etc.) :( PC is now slow, crashing, and 'not responding'. I'm somewhat lacking in technical expertise, and would REALLY appreciate any help! Thank you very much!!! :D

Logfile of HijackThis v1.99.1
Scan saved at 14:11:44, on 08/11/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Sophos\Remote Update\cachemgr.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sophos SWEEP for NT\SWNETSUP.EXE
C:\Program Files\Sophos SWEEP for NT\SWEEPSRV.SYS
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0H2.EXE
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Java\j2re1.4.2_10\bin\jusched.exe
C:\WINDOWS\winexec.exe
C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe
C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Sophos SWEEP for NT\ICMON.EXE
C:\Program Files\Sophos\Remote Update\imonitor.exe
C:\Program Files\NETGEAR\WG111 Configuration Utility\WG111.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\system32\cidaemon.exe
C:\DOCUMENTS AND SETTINGS\SANDI\DESKTOP\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
O2 - BHO: (no name) - {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} - C:\WINDOWS\system32\ssqrp.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: MSEvents Object - {FC148228-87E1-4D00-AC06-58DCAA52A4D1} - C:\WINDOWS\system32\jkhhg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [EPSON Stylus Photo R200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0H2.EXE /P30 "EPSON Stylus Photo R200 Series" /O6 "USB001" /M "Stylus Photo R200"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_10\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [_WinMain] C:\WINDOWS\winexec.exe
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [InstantTray] C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe
O4 - HKCU\..\Run: [IW_Drop_Icon] C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe /DropDisc
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: InterCheck Monitor.LNK = C:\Program Files\Sophos SWEEP for NT\ICMON.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Remote Update Monitor.lnk = C:\Program Files\Sophos\Remote Update\imonitor.exe
O4 - Global Startup: Smart Wizard Wireless Settings.lnk = ?
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'xfire_lsp.dll' missing
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop...cpConnCheck.cab
O16 - DPF: {1DA3C4AB-E6B6-47A6-B0F3-1BD81524B51B} (ActiveWorldsDownload Control) - http://www.activewor...ldsDownload.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.co...ad/MsnPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1133171031296
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) -
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefend...bitdefender.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab32846.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zon...ot.cab31267.cab
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://www.sc-server...tivePreQual.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zon...ss.cab31267.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: jkhhg - C:\WINDOWS\system32\jkhhg.dll
O20 - Winlogon Notify: ssqrp - C:\WINDOWS\SYSTEM32\ssqrp.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Sophos Cache Manager (CacheMgr) - SOPHOS Plc - C:\Program Files\Sophos\Remote Update\cachemgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Sophos Anti-Virus Network (SweepNet) - Sophos Plc - C:\Program Files\Sophos SWEEP for NT\SWNETSUP.EXE
O23 - Service: Sophos Anti-Virus (SWEEPSRV.SYS) - Sophos Plc - C:\Program Files\Sophos SWEEP for NT\SWEEPSRV.SYS

Edited by T3h Wond3r, 08 November 2005 - 09:31 AM.

    Advertisements

Register to Remove


#2 Piatan

Piatan

    SuperMember

  • Authentic Member
  • PipPipPipPipPip
  • 1,825 posts

Posted 13 November 2005 - 12:27 PM

Hi T3h Wond3r;

Thanks for sending your information. We are sorry for the delay in responding. The volunteers here are swamped and unfortunately not all logs get answered as quickly as we'd like.

If you still need help with your problem, please run Hijack This again. Scan and copy the log, then post it here, in this topic.
Please use the Post Reply feature, so I will be notified.

Please do not edit your Hijack This log in any way. We need to see the entire logfile, with no revisions.
The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

Want to help others? Join the ClassRoom and learn how.

Posted Image

#3 T3h Wond3r

T3h Wond3r

    New Member

  • New Member
  • Pip
  • 5 posts

Posted 15 November 2005 - 06:39 PM

Thanks alot!

Logfile of HijackThis v1.99.1
Scan saved at 00:36:38, on 16/11/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Sophos\Remote Update\cachemgr.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Sophos SWEEP for NT\SWNETSUP.EXE
C:\Program Files\Sophos SWEEP for NT\SWEEPSRV.SYS
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0H2.EXE
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Java\j2re1.4.2_10\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\winexec.exe
C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Sophos SWEEP for NT\ICMON.EXE
C:\Program Files\Sophos\Remote Update\imonitor.exe
C:\Program Files\NETGEAR\WG111 Configuration Utility\WG111.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Daniel McKenzie\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R3 - Default URLSearchHook is missing
O1 - Hosts: .zdnet.com.com SpySweeperCASS
O1 - Hosts: .zdnet.com.com SpySweeperCASS
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: MSEvents Object - {B313D637-F405-4052-AC37-E2119AB3C8F8} - C:\WINDOWS\system32\mllmn.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [EPSON Stylus Photo R200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0H2.EXE /P30 "EPSON Stylus Photo R200 Series" /O6 "USB001" /M "Stylus Photo R200"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_10\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [_WinMain] C:\WINDOWS\winexec.exe
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: InterCheck Monitor.LNK = C:\Program Files\Sophos SWEEP for NT\ICMON.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Remote Update Monitor.lnk = C:\Program Files\Sophos\Remote Update\imonitor.exe
O4 - Global Startup: Smart Wizard Wireless Settings.lnk = ?
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'xfire_lsp.dll' missing
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop...cpConnCheck.cab
O16 - DPF: {1DA3C4AB-E6B6-47A6-B0F3-1BD81524B51B} (ActiveWorldsDownload Control) - http://www.activewor...ldsDownload.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.co...ad/MsnPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1133171031296
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) -
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefend...bitdefender.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab32846.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zon...ot.cab31267.cab
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://www.sc-server...tivePreQual.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zon...ss.cab31267.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: mllmn - C:\WINDOWS\system32\mllmn.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Sophos Cache Manager (CacheMgr) - SOPHOS Plc - C:\Program Files\Sophos\Remote Update\cachemgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Sophos Anti-Virus Network (SweepNet) - Sophos Plc - C:\Program Files\Sophos SWEEP for NT\SWNETSUP.EXE
O23 - Service: Sophos Anti-Virus (SWEEPSRV.SYS) - Sophos Plc - C:\Program Files\Sophos SWEEP for NT\SWEEPSRV.SYS

#4 Piatan

Piatan

    SuperMember

  • Authentic Member
  • PipPipPipPipPip
  • 1,825 posts

Posted 15 November 2005 - 07:32 PM

Hi T3h Wond3r;

Please print these instructions out for use in Safe Mode, or copy and paste this text into a Notepad file, to place on your desktop and review as you work.

Please download VundoFix© to your desktop.
  • Double-click VundoFix.exe to extract the files
  • This will create a VundoFix© folder on your desktop.
  • After the files are extracted, please reboot your computer into Safe Mode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight Safe Mode then hit enter.
  • Once in safe mode open the VundoFix© folder and doubleclick on KillVundo.bat
  • You will first be presented with a warning.
    It should look like this

    VundoFix V2.15 by Atri
    By using VundoFix you agree that you are doing so at your own risk
    Press enter to continue....

  • At this point press enter one time.
  • Next you will see:

    Please Type in the filepath as instructed by the forum staff
    and then press enter:



  • At this point please type the following file path (make sure to enter it exactly as below!):
    • C:\WINDOWS\system32\mllmn.dll
  • Press Enter to continue with the fix.
  • Next you will see:

    Please type in the second filepath as instructed by the forum
    staff then press enter:

  • At this point please type the following file path (make sure to enter it exactly as below!):C:\WINDOWS\system32\nmllm.*
    This will be the vundo filename spelled backwards. for example if the vundo dll was vundo.dll you would have the user enter odnuv.*
  • Press Enter to continue with the fix.
  • The fix will run then HijackThis will open, if it does not open automatically please open it manually.
  • In HiJackThis, please place a check next to the following items and click FIX CHECKED:

    R3 - Default URLSearchHook is missing
    O1 - Hosts: .zdnet.com.com SpySweeperCASS
    O1 - Hosts: .zdnet.com.com SpySweeperCASS
    O2 - BHO: MSEvents Object - {B313D637-F405-4052-AC37-E2119AB3C8F8} - C:\WINDOWS\system32\mllmn.dll
    O4 - HKLM\..\Run: [_WinMain] C:\WINDOWS\winexec.exe
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O20 - Winlogon Notify: mllmn - C:\WINDOWS\system32\mllmn.dll

  • After you have fixed these items, close Hijackthis.
  • Press enter to exit the program then manually reboot your computer.
  • Once your machine reboots please continue with the instructions below.
Please set your system to show
all files; please see here if you're unsure how to do this.

Reboot into Safe Mode. see here if you are not sure how to do this.


Using Windows Explorer, locate the following files/folders, and delete them:

C:\WINDOWS\system32\mllmn.dll
C:\WINDOWS\winexec.exe

Then, please reboot and enable hidden files.

Then, please run this online virus scan: ActiveScan

Copy the results of the ActiveScan and paste them here along with a new HiJackThis log and the vundofix.txt file from the vundofix folder into this topic.

To post, please Use the Post Reply feature, so I will be notified.

Note: Do not change anything in the new log. We need to see the entire log, without revisions.
The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

Want to help others? Join the ClassRoom and learn how.

Posted Image

#5 T3h Wond3r

T3h Wond3r

    New Member

  • New Member
  • Pip
  • 5 posts

Posted 16 November 2005 - 08:53 AM

ActiveScan keeps stopping at Explorer.EXE for ages, and doesn't seem to get past it?


Logfile of HijackThis v1.99.1
Scan saved at 14:41:17, on 16/11/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Sophos\Remote Update\cachemgr.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sophos SWEEP for NT\SWNETSUP.EXE
C:\Program Files\Sophos SWEEP for NT\SWEEPSRV.SYS
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0H2.EXE
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Java\j2re1.4.2_10\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Sophos SWEEP for NT\ICMON.EXE
C:\Program Files\Sophos\Remote Update\imonitor.exe
C:\Program Files\NETGEAR\WG111 Configuration Utility\WG111.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Daniel McKenzie\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: MSEvents Object - {B313D637-F405-4052-AC37-E2119AB3C8F8} - C:\WINDOWS\system32\mllmn.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [EPSON Stylus Photo R200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0H2.EXE /P30 "EPSON Stylus Photo R200 Series" /O6 "USB001" /M "Stylus Photo R200"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_10\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [_WinMain] C:\WINDOWS\winexec.exe
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: InterCheck Monitor.LNK = C:\Program Files\Sophos SWEEP for NT\ICMON.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Remote Update Monitor.lnk = C:\Program Files\Sophos\Remote Update\imonitor.exe
O4 - Global Startup: Smart Wizard Wireless Settings.lnk = ?
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'xfire_lsp.dll' missing
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop...cpConnCheck.cab
O16 - DPF: {1DA3C4AB-E6B6-47A6-B0F3-1BD81524B51B} (ActiveWorldsDownload Control) - http://www.activewor...ldsDownload.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.co...ad/MsnPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1133171031296
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) -
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefend...bitdefender.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab32846.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zon...ot.cab31267.cab
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://www.sc-server...tivePreQual.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zon...ss.cab31267.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: mllmn - C:\WINDOWS\system32\mllmn.dll (file missing)
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Sophos Cache Manager (CacheMgr) - SOPHOS Plc - C:\Program Files\Sophos\Remote Update\cachemgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Sophos Anti-Virus Network (SweepNet) - Sophos Plc - C:\Program Files\Sophos SWEEP for NT\SWNETSUP.EXE
O23 - Service: Sophos Anti-Virus (SWEEPSRV.SYS) - Sophos Plc - C:\Program Files\Sophos SWEEP for NT\SWEEPSRV.SYS


VundoFix V2.15 by Atri
--------------------------------------------------------------------------------------

Listing files contained in the vundofix folder.
--------------------------------------------------------------------------------------

killvundo.bat
process.exe
ReadMe.txt
vundo.reg
vundofix.txt

--------------------------------------------------------------------------------------

Filepaths entered
--------------------------------------------------------------------------------------

The filepath entered was C:\WINDOWS\system32\mllmn.dll

The second filepath entered was c:\WINDOWS\system32\nmllm.*

--------------------------------------------------------------------------------------

Log from Process
--------------------------------------------------------------------------------------


Killing PID 172 'smss.exe'

Error, Cannot find a process with an image name of explorer.exe


Killing PID 252 'winlogon.exe'
Killing PID 252 'winlogon.exe'
Error 0x5 : Access is denied.

--------------------------------------------------------------------------------------

C:\WINDOWS\system32\mllmn.dll Deleted sucessfully.
c:\WINDOWS\system32\nmllm.* Deleted sucessfully.

Fixing Registry
--------------------------------------------------------------------------------------





Thanks!

#6 Piatan

Piatan

    SuperMember

  • Authentic Member
  • PipPipPipPipPip
  • 1,825 posts

Posted 16 November 2005 - 01:47 PM

Hi T3h Wond3r;

You may want to copy and paste this text into a Notepad file and place it on your desktop, to review as you work.

Thanks for giving an extra effort on that scan. Sometimes they just will not cooperate. Looks like we need to run some additional programs.

Please download, install, update and scan your system with the free version of Ewido trojan scanner:[list=1]
[*]When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
[*]When you run ewido for the first time, you will get a warning "Database could not be found!". Click OK. We will fix this in a moment.
[*]From the main ewido screen, click on update in the left menu, then click the Start update button.
[*]After the update finishes (the status bar at the bottom will display "Update successful"), click on the Scanner button in the left menu, then click on the Start button. This scan can take quite a while to run, so time to go get a drink and a snack....
[*]If ewido finds anything, it will pop up a notification. You can select "clean" and check the boxes "Perform action with all infections" and "Create encrypted backup" before clicking on OK.
[*]When the scan finishes, click on "Save Report". This will create a text file. Please save this report, to be posted later.

Please go here to download and follow all instructions.
http://www.microsoft...&displaylang=en

Next:
Please set your system to show
all files; please see here if you're unsure how to do this.

Close all windows and browsers, leaving only HijackThis running. Place a check against each of the following:

O2 - BHO: MSEvents Object - {B313D637-F405-4052-AC37-E2119AB3C8F8} - C:\WINDOWS\system32\mllmn.dll (file missing)
O4 - HKLM\..\Run: [_WinMain] C:\WINDOWS\winexec.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O20 - Winlogon Notify: mllmn - C:\WINDOWS\system32\mllmn.dll (file missing)


Click on Fix Checked when finished and exit HijackThis.

Reboot into Safe Mode. see here if you are not sure how to do this.


Using Windows Explorer, locate the following files/folders,shown DARK and delete them, if found:

C:\WINDOWS\system32\mllmn.dll

C:\WINDOWS\winexec.exe
If you were unable to find, or delete any of the files then please follow these additional instructions:

Download Pocket Killbox and unzip it; save it to your Desktop.

Run it, and click the radio button that says Delete a file on reboot. For each of the files you could not delete, paste them one at a time into the full path of file to delete box and click the red circle with a white cross in it.

The program will ask you if you want to reboot; say No each time until the last one has been pasted in whereupon you should answer Yes.

Let the system reboot.

Reboot , enable hidden files and post a fresh Hijack This log in this topic, along with the report from Ewido.

Please Use the Post Reply feature, so I will be notified.
The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

Want to help others? Join the ClassRoom and learn how.

Posted Image

#7 T3h Wond3r

T3h Wond3r

    New Member

  • New Member
  • Pip
  • 5 posts

Posted 18 November 2005 - 03:50 AM

Logfile of HijackThis v1.99.1
Scan saved at 09:47:49, on 18/11/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Sophos\Remote Update\cachemgr.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sophos SWEEP for NT\SWNETSUP.EXE
C:\Program Files\Sophos SWEEP for NT\SWEEPSRV.SYS
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0H2.EXE
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Java\j2re1.4.2_10\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Sophos SWEEP for NT\ICMON.EXE
C:\Program Files\Sophos\Remote Update\imonitor.exe
C:\Program Files\NETGEAR\WG111 Configuration Utility\WG111.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Documents and Settings\Daniel McKenzie\Desktop\HijackThis.exe
C:\WINDOWS\System32\svchost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [EPSON Stylus Photo R200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0H2.EXE /P30 "EPSON Stylus Photo R200 Series" /O6 "USB001" /M "Stylus Photo R200"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_10\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: InterCheck Monitor.LNK = C:\Program Files\Sophos SWEEP for NT\ICMON.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Remote Update Monitor.lnk = C:\Program Files\Sophos\Remote Update\imonitor.exe
O4 - Global Startup: Smart Wizard Wireless Settings.lnk = ?
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'xfire_lsp.dll' missing
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop...cpConnCheck.cab
O16 - DPF: {1DA3C4AB-E6B6-47A6-B0F3-1BD81524B51B} (ActiveWorldsDownload Control) - http://www.activewor...ldsDownload.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.co...ad/MsnPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1133171031296
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefend...bitdefender.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab32846.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zon...ot.cab31267.cab
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://www.sc-server...tivePreQual.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zon...ss.cab31267.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Sophos Cache Manager (CacheMgr) - SOPHOS Plc - C:\Program Files\Sophos\Remote Update\cachemgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Sophos Anti-Virus Network (SweepNet) - Sophos Plc - C:\Program Files\Sophos SWEEP for NT\SWNETSUP.EXE
O23 - Service: Sophos Anti-Virus (SWEEPSRV.SYS) - Sophos Plc - C:\Program Files\Sophos SWEEP for NT\SWEEPSRV.SYS

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 00:37:50, 18/11/2005
+ Report-Checksum: E9E56BA2

+ Scan result:

HKLM\SOFTWARE\Classes\CLSID\{70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} -> Spyware.GameSpyArcade : Cleaned with backup
HKLM\SOFTWARE\Classes\GSDA.GSDACtl\CLSID\\ -> Spyware.GameSpyArcade : Cleaned with backup
HKLM\SOFTWARE\Classes\GSDA.GSDACtl.1\CLSID\\ -> Spyware.GameSpyArcade : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} -> Spyware.GameSpyArcade : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/gsda.dll\\.Owner -> Spyware.GameSpyArcade : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/gsda.dll\\{70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} -> Spyware.GameSpyArcade : Cleaned with backup
C:\cmon.exe -> Trojan.VB.aad : Cleaned with backup
:mozilla.10:C:\Documents and Settings\Daniel McKenzie\Application Data\Mozilla\Firefox\Profiles\dlnf1py1.default\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.27:C:\Documents and Settings\Daniel McKenzie\Application Data\Mozilla\Firefox\Profiles\dlnf1py1.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.28:C:\Documents and Settings\Daniel McKenzie\Application Data\Mozilla\Firefox\Profiles\dlnf1py1.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.29:C:\Documents and Settings\Daniel McKenzie\Application Data\Mozilla\Firefox\Profiles\dlnf1py1.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.41:C:\Documents and Settings\Daniel McKenzie\Application Data\Mozilla\Firefox\Profiles\dlnf1py1.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.42:C:\Documents and Settings\Daniel McKenzie\Application Data\Mozilla\Firefox\Profiles\dlnf1py1.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.43:C:\Documents and Settings\Daniel McKenzie\Application Data\Mozilla\Firefox\Profiles\dlnf1py1.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.44:C:\Documents and Settings\Daniel McKenzie\Application Data\Mozilla\Firefox\Profiles\dlnf1py1.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.45:C:\Documents and Settings\Daniel McKenzie\Application Data\Mozilla\Firefox\Profiles\dlnf1py1.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.46:C:\Documents and Settings\Daniel McKenzie\Application Data\Mozilla\Firefox\Profiles\dlnf1py1.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.47:C:\Documents and Settings\Daniel McKenzie\Application Data\Mozilla\Firefox\Profiles\dlnf1py1.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.48:C:\Documents and Settings\Daniel McKenzie\Application Data\Mozilla\Firefox\Profiles\dlnf1py1.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.49:C:\Documents and Settings\Daniel McKenzie\Application Data\Mozilla\Firefox\Profiles\dlnf1py1.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.50:C:\Documents and Settings\Daniel McKenzie\Application Data\Mozilla\Firefox\Profiles\dlnf1py1.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.51:C:\Documents and Settings\Daniel McKenzie\Application Data\Mozilla\Firefox\Profiles\dlnf1py1.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.52:C:\Documents and Settings\Daniel McKenzie\Application Data\Mozilla\Firefox\Profiles\dlnf1py1.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.53:C:\Documents and Settings\Daniel McKenzie\Application Data\Mozilla\Firefox\Profiles\dlnf1py1.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.59:C:\Documents and Settings\Daniel McKenzie\Application Data\Mozilla\Firefox\Profiles\dlnf1py1.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.64:C:\Documents and Settings\Daniel McKenzie\Application Data\Mozilla\Firefox\Profiles\dlnf1py1.default\cookies.txt -> Spyware.Cookie.247realmedia : Cleaned with backup
:mozilla.67:C:\Documents and Settings\Daniel McKenzie\Application Data\Mozilla\Firefox\Profiles\dlnf1py1.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.68:C:\Documents and Settings\Daniel McKenzie\Application Data\Mozilla\Firefox\Profiles\dlnf1py1.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.69:C:\Documents and Settings\Daniel McKenzie\Application Data\Mozilla\Firefox\Profiles\dlnf1py1.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.70:C:\Documents and Settings\Daniel McKenzie\Application Data\Mozilla\Firefox\Profiles\dlnf1py1.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.79:C:\Documents and Settings\Daniel McKenzie\Application Data\Mozilla\Firefox\Profiles\dlnf1py1.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.85:C:\Documents and Settings\Daniel McKenzie\Application Data\Mozilla\Firefox\Profiles\dlnf1py1.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.86:C:\Documents and Settings\Daniel McKenzie\Application Data\Mozilla\Firefox\Profiles\dlnf1py1.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.87:C:\Documents and Settings\Daniel McKenzie\Application Data\Mozilla\Firefox\Profiles\dlnf1py1.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.88:C:\Documents and Settings\Daniel McKenzie\Application Data\Mozilla\Firefox\Profiles\dlnf1py1.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.90:C:\Documents and Settings\Daniel McKenzie\Application Data\Mozilla\Firefox\Profiles\dlnf1py1.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.91:C:\Documents and Settings\Daniel McKenzie\Application Data\Mozilla\Firefox\Profiles\dlnf1py1.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.95:C:\Documents and Settings\Daniel McKenzie\Application Data\Mozilla\Firefox\Profiles\dlnf1py1.default\cookies.txt -> Spyware.Cookie.Euroclick : Cleaned with backup
:mozilla.96:C:\Documents and Settings\Daniel McKenzie\Application Data\Mozilla\Firefox\Profiles\dlnf1py1.default\cookies.txt -> Spyware.Cookie.Euroclick : Cleaned with backup
:mozilla.97:C:\Documents and Settings\Daniel McKenzie\Application Data\Mozilla\Firefox\Profiles\dlnf1py1.default\cookies.txt -> Spyware.Cookie.Euroclick : Cleaned with backup
:mozilla.99:C:\Documents and Settings\Daniel McKenzie\Application Data\Mozilla\Firefox\Profiles\dlnf1py1.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.100:C:\Documents and Settings\Daniel McKenzie\Application Data\Mozilla\Firefox\Profiles\dlnf1py1.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.112:C:\Documents and Settings\Daniel McKenzie\Application Data\Mozilla\Firefox\Profiles\dlnf1py1.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.115:C:\Documents and Settings\Daniel McKenzie\Application Data\Mozilla\Firefox\Profiles\dlnf1py1.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.116:C:\Documents and Settings\Daniel McKenzie\Application Data\Mozilla\Firefox\Profiles\dlnf1py1.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.118:C:\Documents and Settings\Daniel McKenzie\Application Data\Mozilla\Firefox\Profiles\dlnf1py1.default\cookies.txt -> Spyware.Cookie.Sitestat : Cleaned with backup
:mozilla.119:C:\Documents and Settings\Daniel McKenzie\Application Data\Mozilla\Firefox\Profiles\dlnf1py1.default\cookies.txt -> Spyware.Cookie.Sitestat : Cleaned with backup
:mozilla.123:C:\Documents and Settings\Daniel McKenzie\Application Data\Mozilla\Firefox\Profiles\dlnf1py1.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.124:C:\Documents and Settings\Daniel McKenzie\Application Data\Mozilla\Firefox\Profiles\dlnf1py1.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.125:C:\Documents and Settings\Daniel McKenzie\Application Data\Mozilla\Firefox\Profiles\dlnf1py1.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.126:C:\Documents and Settings\Daniel McKenzie\Application Data\Mozilla\Firefox\Profiles\dlnf1py1.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.127:C:\Documents and Settings\Daniel McKenzie\Application Data\Mozilla\Firefox\Profiles\dlnf1py1.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.128:C:\Documents and Settings\Daniel McKenzie\Application Data\Mozilla\Firefox\Profiles\dlnf1py1.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.129:C:\Documents and Settings\Daniel McKenzie\Application Data\Mozilla\Firefox\Profiles\dlnf1py1.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.130:C:\Documents and Settings\Daniel McKenzie\Application Data\Mozilla\Firefox\Profiles\dlnf1py1.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.131:C:\Documents and Settings\Daniel McKenzie\Application Data\Mozilla\Firefox\Profiles\dlnf1py1.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.132:C:\Documents and Settings\Daniel McKenzie\Application Data\Mozilla\Firefox\Profiles\dlnf1py1.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.133:C:\Documents and Settings\Daniel McKenzie\Application Data\Mozilla\Firefox\Profiles\dlnf1py1.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.134:C:\Documents and Settings\Daniel McKenzie\Application Data\Mozilla\Firefox\Profiles\dlnf1py1.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.135:C:\Documents and Settings\Daniel McKenzie\Application Data\Mozilla\Firefox\Profiles\dlnf1py1.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.136:C:\Documents and Settings\Daniel McKenzie\Application Data\Mozilla\Firefox\Profiles\dlnf1py1.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.137:C:\Documents and Settings\Daniel McKenzie\Application Data\Mozilla\Firefox\Profiles\dlnf1py1.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.138:C:\Documents and Settings\Daniel McKenzie\Application Data\Mozilla\Firefox\Profiles\dlnf1py1.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.139:C:\Documents and Settings\Daniel McKenzie\Application Data\Mozilla\Firefox\Profiles\dlnf1py1.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.140:C:\Documents and Settings\Daniel McKenzie\Application Data\Mozilla\Firefox\Profiles\dlnf1py1.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.141:C:\Documents and Settings\Daniel McKenzie\Application Data\Mozilla\Firefox\Profiles\dlnf1py1.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.142:C:\Documents and Settings\Daniel McKenzie\Application Data\Mozilla\Firefox\Profiles\dlnf1py1.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.143:C:\Documents and Settings\Daniel McKenzie\Application Data\Mozilla\Firefox\Profiles\dlnf1py1.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.144:C:\Documents and Settings\Daniel McKenzie\Application Data\Mozilla\Firefox\Profiles\dlnf1py1.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.145:C:\Documents and Settings\Daniel McKenzie\Application Data\Mozilla\Firefox\Profiles\dlnf1py1.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.146:C:\Documents and Settings\Daniel McKenzie\Application Data\Mozilla\Firefox\Profiles\dlnf1py1.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.147:C:\Documents and Settings\Daniel McKenzie\Application Data\Mozilla\Firefox\Profiles\dlnf1py1.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.148:C:\Documents and Settings\Daniel McKenzie\Application Data\Mozilla\Firefox\Profiles\dlnf1py1.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.149:C:\Documents and Settings\Daniel McKenzie\Application Data\Mozilla\Firefox\Profiles\dlnf1py1.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.150:C:\Documents and Settings\Daniel McKenzie\Application Data\Mozilla\Firefox\Profiles\dlnf1py1.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.151:C:\Documents and Settings\Daniel McKenzie\Application Data\Mozilla\Firefox\Profiles\dlnf1py1.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.177:C:\Documents and Settings\Daniel McKenzie\Application Data\Mozilla\Firefox\Profiles\dlnf1py1.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.178:C:\Documents and Settings\Daniel McKenzie\Application Data\Mozilla\Firefox\Profiles\dlnf1py1.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.179:C:\Documents and Settings\Daniel McKenzie\Application Data\Mozilla\Firefox\Profiles\dlnf1py1.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.180:C:\Documents and Settings\Daniel McKenzie\Application Data\Mozilla\Firefox\Profiles\dlnf1py1.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.181:C:\Documents and Settings\Daniel McKenzie\Application Data\Mozilla\Firefox\Profiles\dlnf1py1.default\cookies.txt -> Spyware.Cookie.Sitestat : Cleaned with backup
:mozilla.182:C:\Documents and Settings\Daniel McKenzie\Application Data\Mozilla\Firefox\Profiles\dlnf1py1.default\cookies.txt -> Spyware.Cookie.Sitestat : Cleaned with backup
:mozilla.186:C:\Documents and Settings\Daniel McKenzie\Application Data\Mozilla\Firefox\Profiles\dlnf1py1.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.217:C:\Documents and Settings\Daniel McKenzie\Application Data\Mozilla\Firefox\Profiles\dlnf1py1.default\cookies.txt -> Spyware.Cookie.Adviva : Cleaned with backup
:mozilla.218:C:\Documents and Settings\Daniel McKenzie\Application Data\Mozilla\Firefox\Profiles\dlnf1py1.default\cookies.txt -> Spyware.Cookie.Adviva : Cleaned with backup
:mozilla.219:C:\Documents and Settings\Daniel McKenzie\Application Data\Mozilla\Firefox\Profiles\dlnf1py1.default\cookies.txt -> Spyware.Cookie.Adviva : Cleaned with backup
:mozilla.221:C:\Documents and Settings\Daniel McKenzie\Application Data\Mozilla\Firefox\Profiles\dlnf1py1.default\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
:mozilla.224:C:\Documents and Settings\Daniel McKenzie\Application Data\Mozilla\Firefox\Profiles\dlnf1py1.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
:mozilla.233:C:\Documents and Settings\Daniel McKenzie\Application Data\Mozilla\Firefox\Profiles\dlnf1py1.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.237:C:\Documents and Settings\Daniel McKenzie\Application Data\Mozilla\Firefox\Profiles\dlnf1py1.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.238:C:\Documents and Settings\Daniel McKenzie\Application Data\Mozilla\Firefox\Profiles\dlnf1py1.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.247:C:\Documents and Settings\Daniel McKenzie\Application Data\Mozilla\Firefox\Profiles\dlnf1py1.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
C:\Documents and Settings\Daniel McKenzie\Cookies\daniel mckenzie@doubleclick[2].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Daniel McKenzie\Cookies\daniel mckenzie@mediaplex[1].txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\Daniel McKenzie\Local Settings\Temporary Internet Files\Content.IE5\S9M7K5UR\mm[2].js -> Spyware.Chitika : Cleaned with backup
:mozilla.6:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\ifepljx1.default\cookies.txt -> Spyware.Cookie.Sitestat : Cleaned with backup
:mozilla.9:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\ifepljx1.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.10:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\ifepljx1.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.11:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\ifepljx1.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.12:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\ifepljx1.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.13:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\ifepljx1.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.14:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\ifepljx1.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.31:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\ifepljx1.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.35:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\ifepljx1.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.36:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\ifepljx1.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.44:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\ifepljx1.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.45:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\ifepljx1.default\cookies.txt -> Spyware.Cookie.Sitestat : Cleaned with backup
:mozilla.46:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\ifepljx1.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.47:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\ifepljx1.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.48:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\ifepljx1.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.49:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\ifepljx1.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.50:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\ifepljx1.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.51:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\ifepljx1.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.52:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\ifepljx1.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.53:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\ifepljx1.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.54:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\ifepljx1.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.55:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\ifepljx1.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.57:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\ifepljx1.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.58:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\ifepljx1.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.62:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\ifepljx1.default\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.63:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\ifepljx1.default\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.65:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\ifepljx1.default\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
:mozilla.82:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\ifepljx1.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Matthew\Cookies\matthew@ad1.clickhype[1].txt -> Spyware.Cookie.Clickhype : Cleaned with backup
C:\Documents and Settings\Matthew\Cookies\matthew@adopt.euroclick[1].txt -> Spyware.Cookie.Euroclick : Cleaned with backup
C:\Documents and Settings\Matthew\Cookies\matthew@com[2].txt -> Spyware.Cookie.Com : Cleaned with backup
C:\Documents and Settings\Matthew\Cookies\matthew@doubleclick[2].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Matthew\Cookies\matthew@e-2dj6wfk4akdjcep.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Matthew\Cookies\matthew@e-2dj6wfk4aocpikp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Matthew\Cookies\matthew@e-2dj6wfk4kjazmao.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Matthew\Cookies\matthew@e-2dj6wfk4oodzeep.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Matthew\Cookies\matthew@e-2dj6wfk4skczalp.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Matthew\Cookies\matthew@e-2dj6wfk4wgazako.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Matthew\Cookies\matthew@e-2dj6wfk4wiczsdo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Matthew\Cookies\matthew@e-2dj6wfkicodzkhp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Matthew\Cookies\matthew@e-2dj6wfkiehazofp.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Matthew\Cookies\matthew@e-2dj6wfkigjdpaeo.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Matthew\Cookies\matthew@e-2dj6wfkigoazakp.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Matthew\Cookies\matthew@e-2dj6wfkigpdzkko.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Matthew\Cookies\matthew@e-2dj6wfkikodzcfo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Matthew\Cookies\matthew@e-2dj6wfkiolcjgco.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Matthew\Cookies\matthew@e-2dj6wfkiqldzobq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Matthew\Cookies\matthew@e-2dj6wfkiwgcjolo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Matthew\Cookies\matthew@e-2dj6wfkiwkdjalo.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Matthew\Cookies\matthew@e-2dj6wfkiwndpgdo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Matthew\Cookies\matthew@e-2dj6wfkogiczmco.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Matthew\Cookies\matthew@e-2dj6wfkogkdzkco.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Matthew\Cookies\matthew@e-2dj6wfkoolazeeo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Matthew\Cookies\matthew@e-2dj6wfkosidjago.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Matthew\Cookies\matthew@e-2dj6wfkosmcjwbp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Matthew\Cookies\matthew@e-2dj6wfkosocpwfp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Matthew\Cookies\matthew@e-2dj6wfkyaodzclp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Matthew\Cookies\matthew@e-2dj6wfkychdpggq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Matthew\Cookies\matthew@e-2dj6wfkycmdpchp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Matthew\Cookies\matthew@e-2dj6wfkyojcjago.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Matthew\Cookies\matthew@e-2dj6wfkysldpabo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Matthew\Cookies\matthew@e-2dj6wfl4ghdpilo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Matthew\Cookies\matthew@e-2dj6wflicjdzado.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Matthew\Cookies\matthew@e-2dj6wfliejcjgdo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Matthew\Cookies\matthew@e-2dj6wflikpd5meo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Matthew\Cookies\matthew@e-2dj6wfliogcpmap.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Matthew\Cookies\matthew@e-2dj6wfliojcjmeo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Matthew\Cookies\matthew@e-2dj6wfliondpseo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Matthew\Cookies\matthew@e-2dj6wfloaiajeap.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Matthew\Cookies\matthew@e-2dj6wflocgajeko.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Matthew\Cookies\matthew@e-2dj6wflocicjedo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Matthew\Cookies\matthew@e-2dj6wflooldpafq.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Matthew\Cookies\matthew@e-2dj6wflougazslp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Matthew\Cookies\matthew@e-2dj6wflouoazwdo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Matthew\Cookies\matthew@e-2dj6wflowmc5gcp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Matthew\Cookies\matthew@e-2dj6wfmiopcjchp.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Matthew\Cookies\matthew@e-2dj6wfmiulajkco.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Matthew\Cookies\matthew@e-2dj6wfmywpcpmfo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Matthew\Cookies\matthew@e-2dj6wgkysgc5wdq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Matthew\Cookies\matthew@e-2dj6wjk4amd5mfp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Matthew\Cookies\matthew@e-2dj6wjk4cgdzsho.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Matthew\Cookies\matthew@e-2dj6wjk4cpdzkho.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Matthew\Cookies\matthew@e-2dj6wjk4ekdziao.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Matthew\Cookies\matthew@e-2dj6wjk4kgdjgkp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Matthew\Cookies\matthew@e-2dj6wjk4olc5alp.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Matthew\Cookies\matthew@e-2dj6wjk4sidzwdp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Matthew\Cookies\matthew@e-2dj6wjk4ugdzwko.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Matthew\Cookies\matthew@e-2dj6wjkocpdzsco.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Matthew\Cookies\matthew@e-2dj6wjkoehc5wkq.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Matthew\Cookies\matthew@e-2dj6wjkyapdjsap.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Matthew\Cookies\matthew@e-2dj6wjkyohdjodp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Matthew\Cookies\matthew@e-2dj6wjkyshcpgep.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Matthew\Cookies\matthew@e-2dj6wjkyuoajccq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Matthew\Cookies\matthew@e-2dj6wjl4ekc5sko.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Matthew\Cookies\matthew@e-2dj6wjl4sgcjolp.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Matthew\Cookies\matthew@e-2dj6wjl4updpghp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Matthew\Cookies\matthew@e-2dj6wjl4widpehp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Matthew\Cookies\matthew@e-2dj6wjliahdzwbp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Matthew\Cookies\matthew@e-2dj6wjliggcjggp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Matthew\Cookies\matthew@e-2dj6wjlikkcpabp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Matthew\Cookies\matthew@e-2dj6wjliqnd5afp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Matthew\Cookies\matthew@e-2dj6wjlislczkbo.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Matthew\Cookies\matthew@e-2dj6wjliwod5kdo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Matthew\Cookies\matthew@e-2dj6wjloglczagp.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Matthew\Cookies\matthew@e-2dj6wjlokmc5aep.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Matthew\Cookies\matthew@e-2dj6wjloqmc5eeq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Matthew\Cookies\matthew@e-2dj6wjloshczskq.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Matthew\Cookies\matthew@e-2dj6wjlosjc5mdo.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Matthew\Cookies\matthew@e-2dj6wjlyejazadq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Matthew\Cookies\matthew@e-2dj6wjlygidjmbp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Matthew\Cookies\matthew@e-2dj6wjlyoodzagp.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Matthew\Cookies\matthew@e-2dj6wjlyqlazshp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Matthew\Cookies\matthew@e-2dj6wjlyslcjcgo.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Matthew\Cookies\matthew@e-2dj6wjlyuldjweo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Matthew\Cookies\matthew@e-2dj6wjlywkczmfq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Matthew\Cookies\matthew@e-2dj6wjmiagaziap.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Matthew\Cookies\matthew@e-2dj6wjmialazsep.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Matthew\Cookies\matthew@e-2dj6wjmiejcjwkp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Matthew\Cookies\matthew@e-2dj6wjmiggcpagp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Matthew\Cookies\matthew@e-2dj6wjmignazefp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Matthew\Cookies\matthew@e-2dj6wjmikgczwap.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Matthew\Cookies\matthew@e-2dj6wjmikpcjido.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Matthew\Cookies\matthew@e-2dj6wjmiogczwdq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Matthew\Cookies\matthew@e-2dj6wjmiomd5iaq.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Matthew\Cookies\matthew@e-2dj6wjmiooc5cfq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Matthew\Cookies\matthew@e-2dj6wjmiqldpmdp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Matthew\Cookies\matthew@e-2dj6wjmiqncjwfq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Matthew\Cookies\matthew@e-2dj6wjmiukdzegp.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Matthew\Cookies\matthew@e-2dj6wjmyaodzwbq.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Matthew\Cookies\matthew@e-2dj6wjmyenazkgq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Matthew\Cookies\matthew@e-2dj6wjmyold5ekp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Matthew\Cookies\matthew@e-2dj6wjmyqlczscp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Matthew\Cookies\matthew@e-2dj6wjmyqmczgho.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Matthew\Cookies\matthew@e-2dj6wjmywicjeeo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Matthew\Cookies\matthew@e-2dj6wjnycgc5wdp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Matthew\Cookies\matthew@e-2dj6wjnyokazklp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Matthew\Cookies\matthew@e-2dj6wjnysicpago.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Matthew\Cookies\matthew@mediaplex[1].txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\Matthew\Cookies\matthew@stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Program Files\filesubmit\dmlastsam01ss.zip\NNEZTA388.exe -> Spyware.NewDotNet : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\gsda.dll -> Dialer.Generic : Cleaned with backup
C:\WINDOWS\system32\awtqq.dll -> TrojanDownloader.Agent.yf : Cleaned with backup
C:\WINDOWS\system32\awtst.dll -> TrojanDownloader.Agent.yf : Cleaned with backup
C:\WINDOWS\system32\awvts.dll -> TrojanDownloader.Agent.yf : Cleaned with backup
C:\WINDOWS\system32\awvvt.dll -> TrojanDownloader.Agent.yf : Cleaned with backup
C:\WINDOWS\system32\awvvw.dll -> TrojanDownloader.Agent.yf : Cleaned with backup
C:\WINDOWS\system32\ddabx.dll -> TrojanDownloader.Agent.yf : Cleaned with backup
C:\WINDOWS\system32\ddccb.dll -> TrojanDownloader.Agent.yf : Cleaned with backup
C:\WINDOWS\system32\ddccy.dll -> TrojanDownloader.Agent.yf : Cleaned with backup
C:\WINDOWS\system32\ddcyw.dll -> TrojanDownloader.Agent.yf : Cleaned with backup
C:\WINDOWS\system32\gebcy.dll -> TrojanDownloader.Agent.yf : Cleaned with backup
C:\WINDOWS\system32\gebyw.dll -> TrojanDownloader.Agent.yf : Cleaned with backup
C:\WINDOWS\system32\gebyy.dll -> TrojanDownloader.Agent.yf : Cleaned with backup
C:\WINDOWS\system32\geebc.dll -> TrojanDownloader.Agent.yf : Cleaned with backup
C:\WINDOWS\system32\geebx.dll -> TrojanDownloader.Agent.yf : Cleaned with backup
C:\WINDOWS\system32\geedc.dll -> TrojanDownloader.Agent.yf : Cleaned with backup
C:\WINDOWS\system32\gogotoolsSILAWO11pi.exe -> Spyware.GogoTools : Cleaned with backup
C:\WINDOWS\system32\in10tvmk37s.dll -> Adware.eZula : Cleaned with backup
C:\WINDOWS\system32\jkhfg.dll -> TrojanDownloader.Agent.yf : Cleaned with backup
C:\WINDOWS\system32\jkhhf.dll -> TrojanDownloader.Agent.yf : Cleaned with backup
C:\WINDOWS\system32\mljgd.dll -> TrojanDownloader.Agent.yf : Cleaned with backup
C:\WINDOWS\system32\mljge.dll -> TrojanDownloader.Agent.yf : Cleaned with backup
C:\WINDOWS\system32\mljgh.dll -> TrojanDownloader.Agent.yf : Cleaned with backup
C:\WINDOWS\system32\mlljg.dll -> TrojanDownloader.Agent.yf : Cleaned with backup
C:\WINDOWS\system32\mllmj.dll -> TrojanDownloader.Agent.yf : Cleaned with backup
C:\WINDOWS\system32\mllmm.dll -> TrojanDownloader.Agent.yf : Cleaned with backup
C:\WINDOWS\system32\pmkhh.dll -> TrojanDownloader.Agent.yf : Cleaned with backup
C:\WINDOWS\system32\pmkhi.dll -> TrojanDownloader.Agent.yf : Cleaned with backup
C:\WINDOWS\system32\pmkji.dll -> TrojanDownloader.Agent.yf : Cleaned with backup
C:\WINDOWS\system32\pmkjj.dll -> TrojanDownloader.Agent.yf : Cleaned with backup
C:\WINDOWS\system32\pmnlk.dll -> TrojanDownloader.Agent.yf : Cleaned with backup
C:\WINDOWS\system32\pmnnk.dll -> TrojanDownloader.Agent.yf : Cleaned with backup
C:\WINDOWS\system32\ssqpn.dll -> TrojanDownloader.Agent.yf : Cleaned with backup
C:\WINDOWS\system32\ssqrp.dll -> TrojanDownloader.Agent.yf : Cleaned with backup
C:\WINDOWS\system32\ssqrs.dll -> TrojanDownloader.Agent.yf : Cleaned with backup
C:\WINDOWS\system32\sstqo.dll -> TrojanDownloader.Agent.yf : Cleaned with backup
C:\WINDOWS\system32\sstqr.dll -> TrojanDownloader.Agent.yf : Cleaned with backup
C:\WINDOWS\system32\ssttt.dll -> TrojanDownloader.Agent.yf : Cleaned with backup
C:\WINDOWS\system32\ssttu.dll -> TrojanDownloader.Agent.yf : Cleaned with backup
C:\WINDOWS\system32\vtsqn.dll -> TrojanDownloader.Agent.yf : Cleaned with backup
C:\WINDOWS\system32\vtsqo.dll -> TrojanDownloader.Agent.yf : Cleaned with backup
C:\WINDOWS\system32\vtsqp.dll -> TrojanDownloader.Agent.yf : Cleaned with backup
C:\WINDOWS\system32\vtsqq.dll -> TrojanDownloader.Agent.yf : Cleaned with backup
C:\WINDOWS\system32\vtsqr.dll -> TrojanDownloader.Agent.yf : Cleaned with backup
C:\WINDOWS\system32\vturo.dll -> TrojanDownloader.Agent.yf : Cleaned with backup
C:\WINDOWS\system32\vturq.dll -> TrojanDownloader.Agent.yf : Cleaned with backup
C:\WINDOWS\system32\vturr.dll -> TrojanDownloader.Agent.yf : Cleaned with backup
C:\WINDOWS\system32\vtutq.dll -> TrojanDownloader.Agent.yf : Cleaned with backup
C:\WINDOWS\system32\vtutr.dll -> TrojanDownloader.Agent.yf : Cleaned with backup
C:\WINDOWS\system32\vtutu.dll -> TrojanDownloader.Agent.yf : Cleaned with backup


::Report End





Thanks alot!!! :D

#8 Piatan

Piatan

    SuperMember

  • Authentic Member
  • PipPipPipPipPip
  • 1,825 posts

Posted 18 November 2005 - 12:43 PM

Hi T3h Wond3r;

Your Hijack This logfile looks to be clean.

One of the best features of Windows XP is the System Restore option, however if Malware infects a computer with this operating system the Malware can be backed up in the System Restore folder. Therefore, clearing the restore points is necessary after a virus removal.

To reset your restore points, please note that you will need to log into your computer with an account which has full administrator access. You will know if the account has administrator access because you will be able to see the System Restore tab. If the tab is missing, you are logged in under a limited account.

(winXP)

1. Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

2. Reboot.

3. Turn ON System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.


Securing a PC normally requires a two step approach. Protection from parasites and removal of parasites that slip through. It is usually much easier to Protect a PC, than to remove the Malware and Internet parasites after they have a secure foothold.

Here are some tips, to reduce the potential for spyware infection in the future, I strongly recommend installing the following applications:
  • Spywareblaster <= SpywareBlaster will prevent spyware from being installed.
  • Spywareguard <= SpywareGuard offers realtime protection from spyware installation attempts.

    Download the new Ad-Aware SE version, and follow the instructions on how to do a full scan: http://forums.spywar...showtopic=11150
    -reboot after using Ad-Aware SE. Also while there get the VX2 plugin and follow the instructions to run it also.
  • How to use Spybot to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Spybot. Similar to Ad-Aware, I strongly recommend both to catch most spyware.
To protect yourself further:
  • IE/Spyad <= IE/Spyad places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.
  • MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your coputer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer
  • Google Toolbar <= Get the free google toolbar to help stop pop up windows.
I also suggest that you delete any files from "temp", "tmp" folders. In Internet Explorer, click on "Tools" => "Internet Options" => "Delete Files" and select the box that says "Delete All Offline Content" and click on "OK" twice. Also, empty the recycle bin by right clicking on it and selecting "Empty Recycle Bin". These steps should be done on a regular basis.

And also see TonyKlein's good advice
So how did I get infected in the first place?

Safe surfing. :wavey:
The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

Want to help others? Join the ClassRoom and learn how.

Posted Image

#9 T3h Wond3r

T3h Wond3r

    New Member

  • New Member
  • Pip
  • 5 posts

Posted 18 November 2005 - 06:58 PM

Thanks so so SO much. What a life saver!!!

#10 Piatan

Piatan

    SuperMember

  • Authentic Member
  • PipPipPipPipPip
  • 1,825 posts

Posted 19 November 2005 - 09:31 AM

You're welcome. Glad we could be of assistance. :D
The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

Want to help others? Join the ClassRoom and learn how.

Posted Image

#11 Piatan

Piatan

    SuperMember

  • Authentic Member
  • PipPipPipPipPip
  • 1,825 posts

Posted 19 November 2005 - 09:32 AM

Glad we could be of assistance. This topic is now closed. If you wish it reopened, please send us an email (Click for address) with a link to your thread.

Do not bother contacting us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.
Make sure you use proper prevention to keep from having problems occur to your computer in the future.

Coyote's Installed programs for prevention:

http://forums.tomcoy...showtopic=31418

The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

Visit the CoyoteStore http://TomCoyote.org/coyotestore.php
The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

Want to help others? Join the ClassRoom and learn how.

Posted Image

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users