Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93099 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Empty Device Manager


  • This topic is locked This topic is locked
46 replies to this topic

#1 onejohne

onejohne

    Authentic Member

  • Authentic Member
  • PipPip
  • 29 posts

Posted 25 November 2005 - 12:46 AM

Greetings,

Below is the log from HijackThis; I'm think'n the problem may have something to do with "Kuik", I'm not sure what that is. Any help would be greatly appreciated, this is my sons laptop, that he needs for college.


Logfile of HijackThis v1.99.1
Scan saved at 1:43:23 AM, on 11/25/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\AIM95\aim.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\COMMON~1\kuik\kuikm.exe
C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
C:\PROGRA~1\COMMON~1\kuik\kuika.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Hijackthis\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.myseachexplorer.com/sp2.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.fin...siteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.fin...siteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.fin...siteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ufl.edu/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.fin...siteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ufl.edu/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.fin...siteyouneed.com
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PRONoMgrWired] C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [Dell Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
O4 - HKLM\..\Run: [timessquare] C:\windows\timessquare.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [kuik] C:\PROGRA~1\COMMON~1\kuik\kuikm.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.c...es/MsnInstC.cab
O16 - DPF: {5F05A225-0F66-43DE-89E4-6FFD589C4F01} (OC web Installer) - http://www.aebn.net/...CubeInstall.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1132212088109
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: ShellCompatibility - C:\WINDOWS\system32\p08qlal51dq.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\Um9iZXJ0IEtpdmxlbg\command.exe (file missing)
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

    Advertisements

Register to Remove


#2 little eagle

little eagle

    spyware hawk

  • Visiting Fellow
  • PipPipPipPipPipPip
  • 8,968 posts
  • Interests:spyware

Posted 25 November 2005 - 10:30 AM

Please download and run CWShredder here
Make sure that all browser windows are closed with the exception of Cwshredder and choose FIX.

We have found that some of the CWS infections can be removed better from safe mode, rather than normal mode.
To get to safe mode use the F8 key while booting the machine.
Detailed instructions from here

Then post another log.

#3 onejohne

onejohne

    Authentic Member

  • Authentic Member
  • PipPip
  • 29 posts

Posted 25 November 2005 - 10:45 AM

Little Eagle, I ran the cwshreeder program, nothing found 5 internet pages restored. Would you like me to run hijackthis again? I also wanted to mention device manager is filled properly in safe mode. I really appreciate your help. Fly High Little Eagle!!

#4 little eagle

little eagle

    spyware hawk

  • Visiting Fellow
  • PipPipPipPipPipPip
  • 8,968 posts
  • Interests:spyware

Posted 25 November 2005 - 10:55 AM

Would you like me to run hijackthis again?

Yes please.

Edited by little eagle, 25 November 2005 - 10:55 AM.


#5 onejohne

onejohne

    Authentic Member

  • Authentic Member
  • PipPip
  • 29 posts

Posted 25 November 2005 - 11:00 AM

Logfile of HijackThis v1.99.1
Scan saved at 11:57:47 AM, on 11/25/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\AIM95\aim.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\COMMON~1\kuik\kuikm.exe
C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\PROGRA~1\COMMON~1\kuik\kuika.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Hijackthis\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.myseachexplorer.com/sp2.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ufl.edu/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ufl.edu/
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PRONoMgrWired] C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [Dell Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
O4 - HKLM\..\Run: [timessquare] C:\windows\timessquare.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [kuik] C:\PROGRA~1\COMMON~1\kuik\kuikm.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.c...es/MsnInstC.cab
O16 - DPF: {5F05A225-0F66-43DE-89E4-6FFD589C4F01} (OC web Installer) - http://www.aebn.net/...CubeInstall.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1132212088109
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: Reliability - C:\WINDOWS\system32\jt0807due.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\Um9iZXJ0IEtpdmxlbg\command.exe (file missing)
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

#6 little eagle

little eagle

    spyware hawk

  • Visiting Fellow
  • PipPipPipPipPipPip
  • 8,968 posts
  • Interests:spyware

Posted 25 November 2005 - 11:06 AM

Please set your system to show
all files; please see here if you're unsure how to do this.

Using Windows Explorer, locate the following files/folders

C:\PROGRA~1\COMMON~1\kuik\kuikm.exe


Here are the directions for creating a zip file For Windows XP:
Using Windows Explorer, locate the first file you want to zip.
Right click on the file and select Send To and Compressed (zipped) Folder.
Right click any other files you want to compress and select Copy.
Right click on the compressed folder and select Paste. The copied files will be compressed and pasted in.

Please upload the zip file if you can if you can't then upload the the files without zipping. here

#7 little eagle

little eagle

    spyware hawk

  • Visiting Fellow
  • PipPipPipPipPipPip
  • 8,968 posts
  • Interests:spyware

Posted 25 November 2005 - 11:07 AM

Please set your system to show
all files; please see here if you're unsure how to do this.

Using Windows Explorer, locate the following files/folders

C:\PROGRA~1\COMMON~1\kuik\kuikm.exe


Here are the directions for creating a zip file For Windows XP:
Using Windows Explorer, locate the first file you want to zip.
Right click on the file and select Send To and Compressed (zipped) Folder.
Right click any other files you want to compress and select Copy.
Right click on the compressed folder and select Paste. The copied files will be compressed and pasted in.

Please upload the zip file if you can if you can't then upload the the files without zipping. here

#8 onejohne

onejohne

    Authentic Member

  • Authentic Member
  • PipPip
  • 29 posts

Posted 25 November 2005 - 11:17 AM

Little Eagle, Are you wanting me to send you the kuik.exe file? Or anything that is associated with "kuik"? Thanks again!

#9 little eagle

little eagle

    spyware hawk

  • Visiting Fellow
  • PipPipPipPipPipPip
  • 8,968 posts
  • Interests:spyware

Posted 25 November 2005 - 11:20 AM

You could zip the folder and uplaod it.

#10 onejohne

onejohne

    Authentic Member

  • Authentic Member
  • PipPip
  • 29 posts

Posted 25 November 2005 - 11:29 AM

Little Eagle, I have put all the files/folders I could find associated with "kuik" into a zip file, how do I send it to you? Should I email it? I don't see how to add it here. Thanks!

    Advertisements

Register to Remove


#11 little eagle

little eagle

    spyware hawk

  • Visiting Fellow
  • PipPipPipPipPipPip
  • 8,968 posts
  • Interests:spyware

Posted 25 November 2005 - 01:11 PM

Please upload the zip file Click here

#12 onejohne

onejohne

    Authentic Member

  • Authentic Member
  • PipPip
  • 29 posts

Posted 25 November 2005 - 01:27 PM

Little Eagle, Sorry for not understanding, but I still can't figure out how to send you the zip file. Thanks.

#13 onejohne

onejohne

    Authentic Member

  • Authentic Member
  • PipPip
  • 29 posts

Posted 25 November 2005 - 01:34 PM

Little Eagle,

I may have goofed up, I booted the PC in safe mode then deleted all the files associated with "kuik".

I have just run hijackthis again.

Logfile of HijackThis v1.99.1
Scan saved at 2:31:41 PM, on 11/25/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\AIM95\aim.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Hijackthis\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.myseachexplorer.com/sp2.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ufl.edu/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ufl.edu/
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PRONoMgrWired] C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [Dell Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
O4 - HKLM\..\Run: [timessquare] C:\windows\timessquare.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [kuik] C:\PROGRA~1\COMMON~1\kuik\kuikm.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.c...es/MsnInstC.cab
O16 - DPF: {5F05A225-0F66-43DE-89E4-6FFD589C4F01} (OC web Installer) - http://www.aebn.net/...CubeInstall.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1132212088109
O20 - Winlogon Notify: Dynamic Directory - C:\WINDOWS\system32\en04l1dq1.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\Um9iZXJ0IEtpdmxlbg\command.exe (file missing)
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

#14 little eagle

little eagle

    spyware hawk

  • Visiting Fellow
  • PipPipPipPipPipPip
  • 8,968 posts
  • Interests:spyware

Posted 25 November 2005 - 01:50 PM

Please download Ewido Security Suite it is a trial version of the program.
  • Install ewido security suite
  • Launch ewido, there should be an icon on your desktop double-click it.
  • The program will now go to the main screen
You will need to update ewido to the latest definition files.
  • On the left hand side of the main screen click update
  • Then click on Start Update
The update will start and a progress bar will show the updates being installed.
If you are having problems with the updater, you can use this link to manually update Ewido.
Ewido manual updates

Once the updates are installed do the following:
  • Click on scanner
  • Click on Complete System Scan and the scan will begin.
  • NOTE: During some scans with ewido it is finding cases of false positives.**
    • You will need to step through the process of cleaning files one-by-one.
    • If ewido detects a file you KNOW to be legitimate, select none as the action.
    • DO NOT select "Perform action on all infections"
    • If you are unsure of any entry found select none for now.
  • Once the scan has completed, there will be a button located on the bottom of the screen named Save report
  • Click Save report.
  • Save the report .txt file to your desktop.
Now close ewido security suite.
**(Ewido for example has been flagging parts of AVG Anti-Virus, pcAnywhere and the game "Risk")

#15 onejohne

onejohne

    Authentic Member

  • Authentic Member
  • PipPip
  • 29 posts

Posted 25 November 2005 - 02:36 PM

--------------------------------------------------------- ewido security suite - Scan report --------------------------------------------------------- + Created on: 3:35:09 PM, 11/25/2005 + Report-Checksum: B15E005E + Scan result: HKLM\SOFTWARE\Effective-i -> Spyware.EffectiveBrandToolbar : Cleaned with backup HKLM\SOFTWARE\GIANTCompany\AntiSpyware\CleanerExe\DelRegValues\\1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar -> Spyware.UCmore : Cleaned with backup HKLM\SOFTWARE\GIANTCompany\AntiSpyware\CleanerExe\DelRegValues\\2 HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar -> Spyware.UCmore : Cleaned with backup HKU\S-1-5-21-1762697640-798401308-453216435-1006\Software\Effective-i -> Spyware.EffectiveBrandToolbar : Cleaned with backup HKU\S-1-5-21-1762697640-798401308-453216435-1006\Software\Effective-i\TheSearchAccelerator -> Spyware.EffectiveBrandToolbar : Cleaned with backup HKU\S-1-5-21-1762697640-798401308-453216435-1006\Software\Effective-i\TheSearchAccelerator\IE5 -> Spyware.EffectiveBrandToolbar : Cleaned with backup HKU\S-1-5-21-1762697640-798401308-453216435-1006\Software\Maxthon\Plugin\toolbar\{44BE0690-5429-47f0-85BB-3FFD8020233E} -> Spyware.UCmore : Cleaned with backup HKU\S-1-5-21-1762697640-798401308-453216435-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{44BE0690-5429-47F0-85BB-3FFD8020233E} -> Spyware.UCmore : Cleaned with backup [632] C:\WINDOWS\system32\dlrpsetu.dll -> Spyware.Look2Me : Error during cleaning [2308] C:\WINDOWS\system32\dlrpsetu.dll -> Spyware.Look2Me : Error during cleaning C:\Documents and Settings\Robert Kivlen\Local Settings\Temporary Internet Files\Content.IE5\4H23SHIB\AppWrap[1].exe -> Spyware.Zestyfind : Cleaned with backup C:\Documents and Settings\Robert Kivlen\Local Settings\Temporary Internet Files\Content.IE5\5NZ795KA\drsmartload192a[1].exe -> TrojanDownloader.VB.qr : Cleaned with backup C:\Documents and Settings\Robert Kivlen\Local Settings\Temporary Internet Files\Content.IE5\5NZ795KA\drsmartload[1].exe -> Spyware.SmartLoad : Cleaned with backup C:\Documents and Settings\Robert Kivlen\Local Settings\Temporary Internet Files\Content.IE5\O9I7O9QB\AppWrap[1].exe -> Spyware.AdURL : Cleaned with backup C:\Documents and Settings\Robert Kivlen\Local Settings\Temporary Internet Files\Content.IE5\O9I7O9QB\timessquare[1].exe -> Spyware.Hijacker.StartPage.aw : Cleaned with backup C:\Documents and Settings\Robert Kivlen\Local Settings\Temporary Internet Files\Content.IE5\OJK3GB6P\adtech2005[1].exe -> Trojan.VB.afn : Cleaned with backup C:\Documents and Settings\Robert Kivlen\Local Settings\Temporary Internet Files\Content.IE5\OJK3GB6P\mte3ndi6odoxng[1].exe -> TrojanDownloader.Small.buy : Cleaned with backup C:\Documents and Settings\Robert Kivlen\Local Settings\Temporary Internet Files\Content.IE5\SHA381QB\AppWrap[1].exe -> Spyware.AdURL : Cleaned with backup C:\Documents and Settings\Robert Kivlen\Local Settings\Temporary Internet Files\Content.IE5\SHA381QB\drsmartload_js[1].htm -> TrojanDownloader.IstBar.j : Cleaned with backup C:\Documents and Settings\Robert Kivlen\Local Settings\Temporary Internet Files\Content.IE5\VI8VV1GL\contextplus[1].exe -> Trojan.Crypt.t : Cleaned with backup C:\Documents and Settings\Robert Kivlen\Local Settings\Temporary Internet Files\Content.IE5\YH6V8FM5\ecsiin.stub[1].exe -> TrojanDownloader.Delmed.a : Cleaned with backup C:\Documents and Settings\Robert Kivlen\Local Settings\Temporary Internet Files\Content.IE5\YH6V8FM5\installer[1].exe -> Spyware.Look2Me : Cleaned with backup C:\Program Files\Microsoft AntiSpyware\Quarantine\C44FA2C2-B511-4444-82A3-41A4A9\A8083EF2-A8DC-4003-86C4-643E31 -> Adware.CommAd : Cleaned with backup C:\Program Files\Microsoft AntiSpyware\Quarantine\CD573189-E157-425F-A6AB-915AA9\AE9A106C-E3DF-4578-BE8A-760E24 -> Adware.CommAd : Cleaned with backup C:\WINDOWS\etb\xud_70.dll -> TrojanSpy.Small.dj : Cleaned with backup C:\WINDOWS\icont.exe -> Spyware.AdURL : Cleaned with backup C:\WINDOWS\iconu.exe -> Spyware.Zestyfind : Cleaned with backup C:\WINDOWS\system32\ahlui.dll -> Spyware.Look2Me : Cleaned with backup C:\WINDOWS\system32\ccmpobj.dll -> Spyware.Look2Me : Cleaned with backup C:\WINDOWS\system32\cCpesnpn.dll -> Spyware.Look2Me : Cleaned with backup C:\WINDOWS\system32\cttdll.dll -> Spyware.Look2Me : Cleaned with backup C:\WINDOWS\system32\dsdskres.dll -> Spyware.Look2Me : Cleaned with backup C:\WINDOWS\system32\en40l1hm1.dll -> Spyware.Look2Me : Cleaned with backup C:\WINDOWS\system32\fppu0379e.dll -> Spyware.Look2Me : Cleaned with backup C:\WINDOWS\system32\irpeers.dll -> Spyware.Look2Me : Cleaned with backup C:\WINDOWS\system32\lpcalspl.dll -> Spyware.Look2Me : Cleaned with backup C:\WINDOWS\system32\m0280afued280.dll -> Spyware.Look2Me : Cleaned with backup C:\WINDOWS\system32\mdihnd.dll -> Spyware.Look2Me : Cleaned with backup C:\WINDOWS\system32\mgxml3.dll -> Spyware.Look2Me : Cleaned with backup C:\WINDOWS\system32\mvlsl9371.dll -> Spyware.Look2Me : Cleaned with backup C:\WINDOWS\system32\n02ulaf91d2.dll -> Spyware.Look2Me : Cleaned with backup C:\WINDOWS\system32\n8p40i7qe8.dll -> Spyware.Look2Me : Cleaned with backup C:\WINDOWS\system32\oxexl32.dll -> Spyware.Look2Me : Cleaned with backup C:\WINDOWS\system32\oybcbcp.dll -> Spyware.Look2Me : Cleaned with backup C:\WINDOWS\system32\p68q0gl5e6q.dll -> Spyware.Look2Me : Cleaned with backup C:\WINDOWS\system32\sklgntfy.dll -> Spyware.Look2Me : Cleaned with backup C:\WINDOWS\system32\tycfgwmi.dll -> Spyware.Look2Me : Cleaned with backup C:\WINDOWS\system32\uhrdtea.dll -> Spyware.Look2Me : Cleaned with backup C:\WINDOWS\system32\wywfaxui.dll -> Spyware.Look2Me : Cleaned with backup C:\WINDOWS\Temp\bw2.com -> Spyware.Zestyfind : Cleaned with backup C:\WINDOWS\Temp\Cookies\robert kivlen@ad.yieldmanager[1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup C:\WINDOWS\Temp\Cookies\robert kivlen@ad.yieldmanager[3].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup C:\WINDOWS\Temp\Cookies\robert kivlen@adopt.specificclick[2].txt -> Spyware.Cookie.Specificclick : Cleaned with backup C:\WINDOWS\Temp\Cookies\robert kivlen@ads.addynamix[1].txt -> Spyware.Cookie.Addynamix : Cleaned with backup C:\WINDOWS\Temp\Cookies\robert kivlen@ads.pointroll[1].txt -> Spyware.Cookie.Pointroll : Cleaned with backup C:\WINDOWS\Temp\Cookies\robert kivlen@advertising[1].txt -> Spyware.Cookie.Advertising : Cleaned with backup C:\WINDOWS\Temp\Cookies\robert kivlen@as-us.falkag[1].txt -> Spyware.Cookie.Falkag : Cleaned with backup C:\WINDOWS\Temp\Cookies\robert kivlen@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup C:\WINDOWS\Temp\Cookies\robert kivlen@casalemedia[2].txt -> Spyware.Cookie.Casalemedia : Cleaned with backup C:\WINDOWS\Temp\Cookies\robert kivlen@doubleclick[2].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup C:\WINDOWS\Temp\Cookies\robert kivlen@edge.ru4[1].txt -> Spyware.Cookie.Ru4 : Cleaned with backup C:\WINDOWS\Temp\Cookies\robert kivlen@entrepreneur.122.2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup C:\WINDOWS\Temp\Cookies\robert kivlen@fastclick[1].txt -> Spyware.Cookie.Fastclick : Cleaned with backup C:\WINDOWS\Temp\Cookies\robert kivlen@hypertracker[1].txt -> Spyware.Cookie.Hypertracker : Cleaned with backup C:\WINDOWS\Temp\Cookies\robert kivlen@mediaplex[1].txt -> Spyware.Cookie.Mediaplex : Cleaned with backup C:\WINDOWS\Temp\Cookies\robert kivlen@paypopup[1].txt -> Spyware.Cookie.Paypopup : Cleaned with backup C:\WINDOWS\Temp\Cookies\robert kivlen@perf.overture[1].txt -> Spyware.Cookie.Overture : Cleaned with backup C:\WINDOWS\Temp\Cookies\robert kivlen@questionmarket[1].txt -> Spyware.Cookie.Questionmarket : Cleaned with backup C:\WINDOWS\Temp\Cookies\robert kivlen@servedby.advertising[2].txt -> Spyware.Cookie.Advertising : Cleaned with backup C:\WINDOWS\Temp\Cookies\robert kivlen@serving-sys[1].txt -> Spyware.Cookie.Serving-sys : Cleaned with backup C:\WINDOWS\Temp\Cookies\robert kivlen@targetnet[1].txt -> Spyware.Cookie.Targetnet : Cleaned with backup C:\WINDOWS\Temp\Cookies\robert kivlen@tradedoubler[2].txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup C:\WINDOWS\Temp\Cookies\robert kivlen@trafficmp[2].txt -> Spyware.Cookie.Trafficmp : Cleaned with backup C:\WINDOWS\Temp\Cookies\robert kivlen@valuead[1].txt -> Spyware.Cookie.Valuead : Cleaned with backup C:\WINDOWS\Temp\Cookies\robert kivlen@valueclick[1].txt -> Spyware.Cookie.Valueclick : Cleaned with backup C:\WINDOWS\Temp\Cookies\robert kivlen@yieldmanager[2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup C:\WINDOWS\Temp\Cookies\robert kivlen@z1.adserver[1].txt -> Spyware.Cookie.Adserver : Cleaned with backup ::Report End

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users