WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. Join 93101 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!

Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

HijackThis Log

Started by jvonderh , Jan 15 2006 10:18 PM

Please log in to reply

12 replies to this topic

#1 jvonderh

New Member

New Member
7 posts

Posted 15 January 2006 - 10:18 PM

I found these running processes. If anyone could let me know which ones to get rid of, that would be great.

Running processes:
C:\WINDOXP\System32\smss.exe
C:\WINDOXP\system32\winlogon.exe
C:\WINDOXP\system32\services.exe
C:\WINDOXP\system32\lsass.exe
C:\WINDOXP\system32\svchost.exe
C:\WINDOXP\System32\svchost.exe
C:\WINDOXP\system32\spoolsv.exe
C:\WINDOXP\Explorer.EXE
C:\Program Files\Common Files\WinTools\WToolsS.exe
C:\Program Files\Common Files\WinTools\WToolsA.exe
C:\Program Files\Common Files\WinTools\WSup.exe
C:\WINDOXP\system32\popcorn72.exe
C:\WINDOXP\system32\sysio.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AIM\aim.exe
C:\WINDOXP\syswi.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Jarod\Desktop\cwshredder.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\Jarod\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://supacoopa.dir...net/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://supacoopa.dir...net/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://supacoopa.dir...net/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://supacoopa.dir...net/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://supacoopa.dir...net/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOXP\irhgx.dll/sp.html#77035%resultposition.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOXP\irhgx.dll/sp.html#77035%resultposition.net
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = C:\WINDOXP\system32\msblank.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOXP\irhgx.dll/sp.html#77035%resultposition.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOXP\irhgx.dll/sp.html#77035%resultposition.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOXP\irhgx.dll/sp.html#77035%resultposition.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOXP\irhgx.dll/sp.html#77035%resultposition.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOXP\irhgx.dll/sp.html#77035%resultposition.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {00320615-B6C2-40A6-8F99-F1C52D674FAD} - (no file)
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\ycomp5_5_5_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Class - {0D6D30E3-A730-B784-0E2F-479FA6CBF01F} - C:\WINDOXP\system32\ntya.dll
O2 - BHO: Class - {1DBEE2DC-2B35-97D3-E9F8-D7743E5BB64B} - C:\WINDOXP\system32\ntwb.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Class - {5F193D80-7F30-9ADD-57E6-8D29C88F166B} - C:\WINDOXP\system32\apixz32.dll
O2 - BHO: Class - {788ECDA7-8EC1-22A9-22C0-05E944D1A6BE} - C:\WINDOXP\netgu32.dll
O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll
O2 - BHO: (no name) - {8DA5457F-A8AA-4CCF-A842-70E6FD274094} - C:\PROGRA~1\COMMON~1\WinTools\WToolsT.dll
O2 - BHO: Class - {A987967A-1713-A97B-1188-0AA2FC8DC405} - C:\WINDOXP\cruh.dll
O2 - BHO: Cls - {CF021F40-3E14-23A5-CBA2-717765725760} - C:\WINDOXP\system32\wer5760.dll
O2 - BHO: (no name) - {DF0F77D4-E2A5-4DE4-965E-8EC5F6F5394F} - C:\WINDOXP\system32\fimp.dll (file missing)
O2 - BHO: Class - {EA24CC78-26E8-33A5-38CA-602477E05428} - C:\WINDOXP\appjo32.dll
O2 - BHO: Class - {F8038986-3588-AFEA-3A77-AA008CAC37B0} - C:\WINDOXP\mfcur.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\ycomp5_5_5_0.dll
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O4 - HKLM\..\Run: [WinTools] C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe
O4 - HKLM\..\Run: [ControlPanel] C:\WINDOXP\system32\popcorn72.exe rundll.dll,LoadMouseProfile
O4 - HKLM\..\Run: [sysio.exe] C:\WINDOXP\system32\sysio.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\RunOnce: [WinTools] C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe /boot
O4 - HKLM\..\RunOnce: [Srv32 spool service] C:\WINDOXP\System32\spoolsrv32.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Aous] "C:\Program Files\csnu\sslp.exe" -vt mtx
O4 - HKCU\..\RunOnce: [Srv32 spool service] C:\WINDOXP\System32\spoolsrv32.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)
O16 - DPF: {11010101-1001-1111-1000-110112345678} - ms-its:mhtml:file://c:\nosuch.mht!http://69.31.79.102/...::/wintbl32.exe
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windup...e/bridge-c9.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...nst20040510.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - https://www.gamespyid.com/alaunch.cab
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} (Sinstaller Class) - http://dm.screensave.../sinstaller.cab
O20 - Winlogon Notify: msupdate - C:\WINDOXP\SYSTEM32\msupdate32.dll
O23 - Service: Remote Procedure Call (RPC) Helper ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOXP\syswi.exe
O23 - Service: WinTools for IE service (WinToolsSvc) - Unknown owner - C:\Program Files\Common Files\WinTools\WToolsS.exe

Advertisements

Register to Remove

#2 FZWG

R.I.P My Friend

Validating
569 posts

Posted 21 January 2006 - 09:59 PM

Apologies for the delay in responding.

The workload on this forum is intense, and sometimes it is not possible to respond to every inquiry.

As you suspect, there are malware entries showing on your log. Plenty of them!!

It is best to have the most current log possible, so please run HijackThis again (make sure all windows and browsers are closed), Scan, and post the log using: Add Reply.

However, please post the entire HijackThis log.

The header should look something like:

Logfile of HijackThis v1.99.1
Scan saved at 3:19:51 PM, on 12/29/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

I will be notified when you post a new log, and will be glad to assist you.

"June, 2007 Farethee Well"

#3 jvonderh

New Member

New Member
7 posts

Posted 22 January 2006 - 12:54 PM

Thanks for your help.

Logfile of HijackThis v1.99.1
Scan saved at 12:49:22 PM, on 1/22/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOXP\System32\smss.exe
C:\WINDOXP\system32\winlogon.exe
C:\WINDOXP\system32\services.exe
C:\WINDOXP\system32\lsass.exe
C:\WINDOXP\system32\svchost.exe
C:\WINDOXP\System32\svchost.exe
C:\WINDOXP\system32\spoolsv.exe
C:\WINDOXP\Explorer.EXE
C:\WINDOXP\syswi.exe
C:\Program Files\Common Files\WinTools\WToolsS.exe
C:\Program Files\Common Files\WinTools\WToolsA.exe
C:\Program Files\Common Files\WinTools\WSup.exe
C:\WINDOXP\system32\popcorn72.exe
C:\WINDOXP\system32\sysio.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\DOCUME~1\Jarod\LOCALS~1\Temp\Temporary Directory 2 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://supacoopa.dir...net/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://supacoopa.dir...net/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://supacoopa.dir...net/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://supacoopa.dir...net/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://supacoopa.dir...net/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOXP\irhgx.dll/sp.html#77035%http://bulktom.com/r/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOXP\irhgx.dll/sp.html#77035%http://bulktom.com/r/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = C:\WINDOXP\system32\msblank.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOXP\irhgx.dll/sp.html#77035%http://bulktom.com/r/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOXP\irhgx.dll/sp.html#77035%http://bulktom.com/r/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOXP\irhgx.dll/sp.html#77035%http://bulktom.com/r/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOXP\irhgx.dll/sp.html#77035%http://bulktom.com/r/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOXP\irhgx.dll/sp.html#77035%http://bulktom.com/r/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {00320615-B6C2-40A6-8F99-F1C52D674FAD} - (no file)
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\ycomp5_5_5_0.dll
O2 - BHO: Class - {027C6D53-4E11-868C-B628-02884820713D} - C:\WINDOXP\ipvz.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Class - {0D6D30E3-A730-B784-0E2F-479FA6CBF01F} - C:\WINDOXP\system32\ntya.dll
O2 - BHO: Class - {1DBEE2DC-2B35-97D3-E9F8-D7743E5BB64B} - C:\WINDOXP\system32\ntwb.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Class - {5F193D80-7F30-9ADD-57E6-8D29C88F166B} - C:\WINDOXP\system32\apixz32.dll
O2 - BHO: Class - {788ECDA7-8EC1-22A9-22C0-05E944D1A6BE} - C:\WINDOXP\netgu32.dll
O2 - BHO: Class - {8286B5AF-5BCC-0F01-D1EC-24F8BA68D100} - C:\WINDOXP\apphs.dll
O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll
O2 - BHO: (no name) - {8DA5457F-A8AA-4CCF-A842-70E6FD274094} - C:\PROGRA~1\COMMON~1\WinTools\WToolsT.dll
O2 - BHO: Class - {A0FDD30A-D268-C8DD-A3C3-0E391DD29027} - C:\WINDOXP\crtx32.dll
O2 - BHO: Class - {A987967A-1713-A97B-1188-0AA2FC8DC405} - C:\WINDOXP\cruh.dll
O2 - BHO: Cls - {CF021F40-3E14-23A5-CBA2-717765725760} - C:\WINDOXP\system32\wer5760.dll
O2 - BHO: (no name) - {DF0F77D4-E2A5-4DE4-965E-8EC5F6F5394F} - C:\WINDOXP\system32\fimp.dll (file missing)
O2 - BHO: Class - {EA24CC78-26E8-33A5-38CA-602477E05428} - C:\WINDOXP\appjo32.dll
O2 - BHO: Class - {F8038986-3588-AFEA-3A77-AA008CAC37B0} - C:\WINDOXP\mfcur.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\ycomp5_5_5_0.dll
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O4 - HKLM\..\Run: [WinTools] C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe
O4 - HKLM\..\Run: [ControlPanel] C:\WINDOXP\system32\popcorn72.exe rundll.dll,LoadMouseProfile
O4 - HKLM\..\Run: [sysio.exe] C:\WINDOXP\system32\sysio.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\RunOnce: [WinTools] C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe /boot
O4 - HKLM\..\RunOnce: [Srv32 spool service] C:\WINDOXP\System32\spoolsrv32.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Aous] "C:\Program Files\csnu\sslp.exe" -vt mtx
O4 - HKCU\..\RunOnce: [Srv32 spool service] C:\WINDOXP\System32\spoolsrv32.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)
O16 - DPF: {11010101-1001-1111-1000-110112345678} - ms-its:mhtml:file://c:\nosuch.mht!http://69.31.79.102/...::/wintbl32.exe
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windup...e/bridge-c9.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...nst20040510.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - https://www.gamespyid.com/alaunch.cab
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} (Sinstaller Class) - http://dm.screensave.../sinstaller.cab
O20 - Winlogon Notify: msupdate - C:\WINDOXP\SYSTEM32\msupdate32.dll
O23 - Service: Remote Procedure Call (RPC) Helper ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOXP\syswi.exe
O23 - Service: WinTools for IE service (WinToolsSvc) - Unknown owner - C:\Program Files\Common Files\WinTools\WToolsS.exe

#4 FZWG

R.I.P My Friend

Validating
569 posts

Posted 22 January 2006 - 09:29 PM

jvonderh,

Malware abounds on your HijackThis log.
We need to work in stages.

First, make sure HijackThis is in its own folder.

Create a folder like: C:\Program Files\HijackThis, or, if you want to keep it on the Desktop, right click an empty area, select New>Folder, name the folder HijackThis, and place the HijackThis.exe file in it.

HijackThis makes backups of what is fixed/removed, and needs its own folder to create and keep these secure.

Please copy these instructions to NotePad and save them to the Desktop, or print them,
for later use in Safe Mode. Also, read through once so you have an idea of the procedure.

To remove CoolWebSearch, do the following:

Step 1:
Download AboutBuster: http://www.downloads...AboutBuster.zip
-Unzip it to a folder on the Desktop
-Double click the AboutBuster icon
-Click OK to the Read dialogue
-Click the Update button, and then select: Check for Update
Exit from the program, and do not run AboutBuster yet.

Step 2:
Please create a folder on the Desktop (Right click, select New>Folder)
-Name it: Ewido
-Download Ewido Anti-Malware:
http://www.ewido.net/en/download/
-Press: Download Now
-In the folder where EWIDO is located, double click the EWIDO Setup file
Follow the prompts and reboot when done.
Now, go to Start>All Programs>EWIDO
Select: Security Suite
When the program starts, do an online update for the latest signature files
An Update Successful prompt appears when done
Do not click the Scanner button yet.

Step 3:
Next, download CWShredder:
http://cwshredder.ne.../CWShredder.exe
-Create a folder for it, and save the file there
-Double click on the program icon
-Update and download the latest reference files
Do not run the program yet

Step 4:
Download CleanUp40.exe to the Desktop: (about 3/4 down the page: Primary download site (setup program): CleanUp40.exe)
http://www.stevengou...p/download.html
Do not run this program yet.

Step 5:
Download Killbox:
http://www.downloads...org/KillBox.zip
Place it in a folder on the Desktop.
Extract Pocket KillBox from the zip file
Do not run it yet.

Step 6:
Next, enable the viewing of Hidden Files and Folders as follows:
-At your desktop, go to Start>My Computer
-Select the Tools menu and then Folder Options
-After the new window appears select the View tab
-Select: Display the contents of system folders
-Under the Hidden files and folders section select: Show hidden files and folders
-Remove the checkmark from Hide file extensions for known file types
-Remove the checkmark from Hide protected operating system files (Recommended)
-Press the Apply button
Click OK

For this removal procedure to work, make sure you are off line, keep Internet Explorer closed, and perform all the steps that follow.

Step 7:
Click Start>Run and type in: services.msc
-Click OK
-In the Services window find: Remote Procedure Call (RPC) Helper
-Select/highlight and right click the entry, and choose: Properties
-On the General tab, under Service Status click the Stop button
-Beside: Startup Type, in the drop menu, select: Disabled
-Click Apply, then OK

Caution: There is a service called Remote Procedure Call (RPC), and another called Remote Procedure Call (RPC) Locator. Do not select either of these. They are legitimate services!!

Step 8:
Now, reboot to Safe Mode:
-Restart your computer
-When the machine first starts again, tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu
-Select the option for Safe Mode using the arrow keys
-Press Enter to boot into Safe Mode

Step 9:
Run HijackThis and Scan.
Check box for:

R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://supacoopa.dir...net/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://supacoopa.dir...net/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://supacoopa.dir...net/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://supacoopa.dir...net/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://supacoopa.dir...net/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOXP\irhgx.dll/sp.html#77035%http://bulktom.com/r/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOXP\irhgx.dll/sp.html#77035%http://bulktom.com/r/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = C:\WINDOXP\system32\msblank.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOXP\irhgx.dll/sp.html#77035%http://bulktom.com/r/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOXP\irhgx.dll/sp.html#77035%http://bulktom.com/r/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOXP\irhgx.dll/sp.html#77035%http://bulktom.com/r/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOXP\irhgx.dll/sp.html#77035%http://bulktom.com/r/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOXP\irhgx.dll/sp.html#77035%http://bulktom.com/r/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing

O2 - BHO: (no name) - {00320615-B6C2-40A6-8F99-F1C52D674FAD} - (no file)
O2 - BHO: Class - {027C6D53-4E11-868C-B628-02884820713D} - C:\WINDOXP\ipvz.dll
O2 - BHO: Class - {0D6D30E3-A730-B784-0E2F-479FA6CBF01F} - C:\WINDOXP\system32\ntya.dll
O2 - BHO: Class - {1DBEE2DC-2B35-97D3-E9F8-D7743E5BB64B} - C:\WINDOXP\system32\ntwb.dll
O2 - BHO: Class - {5F193D80-7F30-9ADD-57E6-8D29C88F166B} - C:\WINDOXP\system32\apixz32.dll
O2 - BHO: Class - {788ECDA7-8EC1-22A9-22C0-05E944D1A6BE} - C:\WINDOXP\netgu32.dll
O2 - BHO: Class - {8286B5AF-5BCC-0F01-D1EC-24F8BA68D100} - C:\WINDOXP\apphs.dll
O2 - BHO: Class - {A0FDD30A-D268-C8DD-A3C3-0E391DD29027} - C:\WINDOXP\crtx32.dll
O2 - BHO: Class - {A987967A-1713-A97B-1188-0AA2FC8DC405} - C:\WINDOXP\cruh.dll
O2 - BHO: (no name) - {DF0F77D4-E2A5-4DE4-965E-8EC5F6F5394F} - C:\WINDOXP\system32\fimp.dll (file missing)
O2 - BHO: Class - {EA24CC78-26E8-33A5-38CA-602477E05428} - C:\WINDOXP\appjo32.dll
O2 - BHO: Class - {F8038986-3588-AFEA-3A77-AA008CAC37B0} - C:\WINDOXP\mfcur.dll

O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)

O4 - HKLM\..\Run: [sysio.exe] C:\WINDOXP\system32\sysio.exe
O4 - HKLM\..\RunOnce: [Srv32 spool service] C:\WINDOXP\System32\spoolsrv32.exe
O4 - HKCU\..\RunOnce: [Srv32 spool service] C:\WINDOXP\System32\spoolsrv32.exe

O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)

O16 - DPF: {11010101-1001-1111-1000-110112345678} - ms-its:mhtml:file://c:\nosuch.mht!http://69.31.79.102/...::/wintbl32.exe
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} (Sinstaller Class) - http://dm.screensave.../sinstaller.cab

O23 - Service: Remote Procedure Call (RPC) Helper ( 11Fßä #·ºÄÖ`I) - Unknown owner - C:\WINDOXP\syswi.exe

Now, select: Fix Checked

Step 10:
Back on the Desktop:
-Double click the AboutBuster icon
-Click Start to begin the process
-Click OK on the Buster Report dialogue box to start the scan
AboutBuster scans the computer for malicious files and deletes them.
Save the report (copy and paste into Notepad and save as a .txt file) to post a copy for review.

Step 11:
Double click the CWShredder icon to run the program
-Next, click on the: ‘Fix’ button
Follow the prompts, and press OK

Step 12:
Double-click the Cleanup! icon to run the program
-Click: Options (right side)
-In the Quick SetUp area, move the arrow to: Custom CleanUp!
-Only check the following:
--Empty Recycle Bin
--Delete Prefetch files
--Scan local drives for temporary files
--Cleanup! All Users
Click: OK
Click the CleanUp button and let the program run.
Close the program when done.

Step 13:
Run EWIDO
Click on the Scanner button in the left menu
Next, click on: Complete System Scan
The scan may find malware entries and request action to clean up. Agree.
However, if EWIDO finds something that you know is legitimate (for example, parts of AVG Antivirus, pcAnywhere and the game "Risk" have been flagged), do not check: Perform action with all infections. If you are unsure of an entry, select None as the action for the time being.
Once the scan has completed, click: Save Report
Save the report to the EWIDO folder

Step 14:
Copy all the files below (CTRL+C) and paste (CTRL+V) them to Notepad
(Start > Programs > Accessories > Notepad):

C:\WINDOXP\irhgx.dll
C:\WINDOXP\system32\msblank.html
C:\WINDOXP\system32\sysio.exe
C:\WINDOXP\System32\spoolsrv32.exe
C:\WINDOXP\syswi.exe

Double-click on Killbox.exe to run it.
At the main screen of KillBox, select the option: Delete on Reboot
Open the Notepad file saved earlier and copy the files to the clipboard
(Highlight all (Ctrl+A) and Copy (Ctrl + C).

In Killbox, go to the File menu, and choose: Paste from Clipboard
Then select: All Files (button)
Now, press the button with a red circle and a white X (Delete File button)
KillBox will alert you the files will be deleted on next reboot, click Yes
When asked to Reboot, select Yes

Step 15:
Last, run HijackThis and Scan. Save its log.

Please post the following:
The About Buster log from Step 10
The EWIDO report from step 13
A new HijackThis log from step 15

"June, 2007 Farethee Well"

#5 jvonderh

New Member

New Member
7 posts

Posted 23 January 2006 - 10:37 PM

Once again, thank you for your time and help. The Aboutbuster did not offer to save a log, and so I am not able to post that for you. I did run it again, and nothing came up. EWIDO report: (very long!) --------------------------------------------------------- ewido anti-malware - Scan report --------------------------------------------------------- + Created on: 10:17:59 PM, 1/23/2006 + Report-Checksum: 993D915 + Scan result: HKLM\SOFTWARE\180solutions -> Spyware.180Solutions : Cleaned with backup HKLM\SOFTWARE\Altnet -> Spyware.Altnet : Cleaned with backup HKLM\SOFTWARE\Altnet\TopSearch -> Spyware.Altnet : Cleaned with backup HKLM\SOFTWARE\Classes\AppID\adm.EXE -> Spyware.Altnet : Cleaned with backup HKLM\SOFTWARE\Classes\AppID\Altnet Signing Module.EXE -> Spyware.Altnet : Cleaned with backup HKLM\SOFTWARE\Classes\AppID\AtlBrowser.EXE -> Spyware.eZula : Cleaned with backup HKLM\SOFTWARE\Classes\AppID\{0818D423-6247-11D1-ABEE-00D049C10000} -> Spyware.eZula : Cleaned with backup HKLM\SOFTWARE\Classes\AppID\{8B0FEF15-54DC-49F5-8377-8172DE975F75} -> Spyware.Altnet : Cleaned with backup HKLM\SOFTWARE\Classes\AppID\{99A8E2B2-3405-4C0D-9110-131C14CAAF62} -> Spyware.Altnet : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{2C4E6D22-B71F-491F-AAD3-B6972A650D50} -> Spyware.IBIS : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{357A87ED-3E5D-437d-B334-DEB7EB4982A3} -> Trojan.Agent.eo : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{417386C3-8D4A-4611-9B91-E57E89D603AC} -> Spyware.AdDestroyer : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{676575DD-4D46-911D-8037-9B10D6EE8BB5} -> Spyware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{6DF5E318-6994-4A41-85BD-45CCADA616F8} -> Spyware.eZula : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{6E21F428-5617-47F7-AED8-B2E1D8FBA711} -> Spyware.IBIS : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{708BE496-E202-497B-BC31-9CF47E3BF8D6} -> Spyware.IBIS : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} -> Spyware.GameSpyArcade : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{7C559105-9ECF-42b8-B3F7-832E75EDD959} -> Spyware.ISTBar : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{87067F04-DE4C-4688-BC3C-4FCF39D609E7} -> Spyware.WebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{87766247-311C-43B4-8499-3D5FEC94A183} -> Spyware.HuntBar : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{8940E505-72C6-44DE-BE85-1D746780EFBF} -> Spyware.SecondThought : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{8B0FA130-0C3D-4CB1-AEB7-2C29DA5509A3} -> Spyware.IBIS : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{8DA5457F-A8AA-4CCF-A842-70E6FD274094} -> Spyware.HuntBar : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{A8DEB4A5-D9EF-4D21-B4F6-921475004E7D} -> Spyware.IBIS : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{C0EF89EE-EEC7-4535-A041-F1EBF79560A7} -> Spyware.CashBack : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{C91E8926-D4BE-4685-99F4-0D996B96BAC0} -> Spyware.P2PNetworking : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{DC341F1B-EC77-47BE-8F58-96E83861CC5A} -> Spyware.HotBar : Cleaned with backup HKLM\SOFTWARE\Classes\Interface\{10D7DB96-56DC-4617-8EAB-EC506ABE6C7E} -> Spyware.AdDestroyer : Cleaned with backup HKLM\SOFTWARE\Classes\Interface\{234F09FB-FE89-4C6D-9203-31832FC051C3} -> Spyware.IBIS : Cleaned with backup HKLM\SOFTWARE\Classes\Interface\{365B9A54-E613-46E5-9DB1-4F91A9DE80BD} -> Spyware.IBIS : Cleaned with backup HKLM\SOFTWARE\Classes\Interface\{370F6327-41C4-4FA6-A2DF-1BA57EE0FBB9} -> Spyware.eZula : Cleaned with backup HKLM\SOFTWARE\Classes\Interface\{49DB48FF-02B5-4645-B676-94A4DF1AA026} -> Spyware.SecondThought : Cleaned with backup HKLM\SOFTWARE\Classes\Interface\{618BE527-B7F5-417C-BC51-98FDC2D6DE61} -> Spyware.IBIS : Cleaned with backup HKLM\SOFTWARE\Classes\Interface\{66C22569-F05C-4A70-A142-763B337E1002} -> Spyware.IBIS : Cleaned with backup HKLM\SOFTWARE\Classes\Interface\{6CDC3337-01F7-4A79-A4AF-0B19303CC0BE} -> Spyware.AdDestroyer : Cleaned with backup HKLM\SOFTWARE\Classes\Interface\{6E0ED53C-9908-49ED-B055-7CB31B162577} -> Spyware.SecondThought : Cleaned with backup HKLM\SOFTWARE\Classes\Interface\{795398D0-DC2F-4118-A69C-592273BA9C2B} -> Spyware.AdDestroyer : Cleaned with backup HKLM\SOFTWARE\Classes\Interface\{7B8BD940-B1EF-460C-85A2-9ACAAF7F9303} -> Spyware.IBIS : Cleaned with backup HKLM\SOFTWARE\Classes\Interface\{830D3AED-2FA9-454F-B266-D931862BBF34} -> Spyware.SecondThought : Cleaned with backup HKLM\SOFTWARE\Classes\Interface\{8C53BD8E-B12D-4C8F-AD0E-C9DDC39D1273} -> Spyware.SecondThought : Cleaned with backup HKLM\SOFTWARE\Classes\Interface\{99AA88D1-D9D3-410A-BE9E-044F94C183DA} -> Spyware.IBIS : Cleaned with backup HKLM\SOFTWARE\Classes\Interface\{9BCDD51B-4A7B-446C-8452-D32D38004582} -> Spyware.SecondThought : Cleaned with backup HKLM\SOFTWARE\Classes\Interface\{A986F4DB-792E-4571-8974-0BB6E024766F} -> Spyware.SecondThought : Cleaned with backup HKLM\SOFTWARE\Classes\Interface\{B288F21C-A144-4CA2-9B70-8AFA1FAE4B06} -> Spyware.AdDestroyer : Cleaned with backup HKLM\SOFTWARE\Classes\Interface\{BCCAB53D-0895-40C3-A942-A03538CE227A} -> Spyware.SecondThought : Cleaned with backup HKLM\SOFTWARE\Classes\Interface\{C0F88E9E-DCEB-4655-968A-AE508A677C39} -> Spyware.SecondThought : Cleaned with backup HKLM\SOFTWARE\Classes\Interface\{C380566D-F343-42AB-987B-6B38A1A35747} -> Spyware.IBIS : Cleaned with backup HKLM\SOFTWARE\Classes\Interface\{D1951679-1D52-43FC-9585-0737143585F5} -> Spyware.IBIS : Cleaned with backup HKLM\SOFTWARE\Classes\Interface\{D7EAC2D8-2D52-4010-A4AD-DFDF60C1706C} -> Spyware.SecondThought : Cleaned with backup HKLM\SOFTWARE\Classes\Interface\{EFA52460-8822-4191-BA38-FACDD2007910} -> Spyware.eZula : Cleaned with backup HKLM\SOFTWARE\Classes\Interface\{F273D4EA-2025-4410-8408-251A0CD46BE7} -> Spyware.IBIS : Cleaned with backup HKLM\SOFTWARE\Classes\ISTx.Installer -> Spyware.ISTBar : Cleaned with backup HKLM\SOFTWARE\Classes\ISTx.Installer\CLSID -> Spyware.ISTBar : Cleaned with backup HKLM\SOFTWARE\Classes\MediaAccX.Installer -> Spyware.WinAd : Cleaned with backup HKLM\SOFTWARE\Classes\MediaAccX.Installer\CLSID -> Spyware.WinAd : Cleaned with backup HKLM\SOFTWARE\Classes\PopOops2.PopOops -> Spyware.AdDestroyer : Cleaned with backup HKLM\SOFTWARE\Classes\PopOops2.PopOops\Clsid -> Spyware.AdDestroyer : Cleaned with backup HKLM\SOFTWARE\Classes\PROTOCOLS\Name-Space Handler\res -> Spyware.WebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\PROTOCOLS\Name-Space Handler\res\WToolsB.ResProtocol -> Spyware.WebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\SWLAD1.SWLAD -> Spyware.AdDestroyer : Cleaned with backup HKLM\SOFTWARE\Classes\SWLAD1.SWLAD\Clsid -> Spyware.AdDestroyer : Cleaned with backup HKLM\SOFTWARE\Classes\TypeLib\{52CACFDF-9170-46A9-AE2E-E594D324C72A} -> Spyware.CashBack : Cleaned with backup HKLM\SOFTWARE\Classes\TypeLib\{5E594162-60A9-487D-84B8-DBDD716CB862} -> Spyware.VirtualBouncer : Cleaned with backup HKLM\SOFTWARE\Classes\TypeLib\{676F6D1D-C559-42A9-860B-27C1477B7179} -> Spyware.Altnet : Cleaned with backup HKLM\SOFTWARE\Classes\TypeLib\{B23B3ADD-84B1-414A-92B9-0CABE5A781F4} -> Spyware.IBIS : Cleaned with backup HKLM\SOFTWARE\Classes\TypeLib\{BAF13496-8F72-47A1-9CEE-09238EFC75F0} -> Spyware.eZula : Cleaned with backup HKLM\SOFTWARE\Classes\TypeLib\{BFF4F684-677E-44F4-8C74-1D575C950E10} -> Spyware.Altnet : Cleaned with backup HKLM\SOFTWARE\Classes\TypeLib\{D0C29A75-7146-4737-98EE-BC4D7CF44AF9} -> Spyware.AdDestroyer : Cleaned with backup HKLM\SOFTWARE\Classes\TypeLib\{E0D3B292-A0B0-4640-975C-2F882E039F52} -> Spyware.AdDestroyer : Cleaned with backup HKLM\SOFTWARE\Classes\WebCom.WebBar -> Spyware.MediaMotor : Cleaned with backup HKLM\SOFTWARE\Classes\WebCom.WebBar\CLSID -> Spyware.MediaMotor : Cleaned with backup HKLM\SOFTWARE\Classes\WebCom.WebBar\CurVer -> Spyware.MediaMotor : Cleaned with backup HKLM\SOFTWARE\Classes\WebCom.WebBar.1 -> Spyware.MediaMotor : Cleaned with backup HKLM\SOFTWARE\Classes\WEBInstaller.CExecute -> Spyware.CashBack : Cleaned with backup HKLM\SOFTWARE\Classes\WEBInstaller.CExecute\CLSID -> Spyware.CashBack : Cleaned with backup HKLM\SOFTWARE\Classes\WEBInstaller.CExecute\CurVer -> Spyware.CashBack : Cleaned with backup HKLM\SOFTWARE\Classes\WEBInstaller.CExecute.1 -> Spyware.CashBack : Cleaned with backup HKLM\SOFTWARE\Classes\WebP2PInstaller.Installer -> Spyware.P2PNetworking : Cleaned with backup HKLM\SOFTWARE\Classes\WebP2PInstaller.Installer\CLSID -> Spyware.P2PNetworking : Cleaned with backup HKLM\SOFTWARE\Classes\WebP2PInstaller.Installer\CurVer -> Spyware.P2PNetworking : Cleaned with backup HKLM\SOFTWARE\Classes\WebP2PInstaller.Installer.1 -> Spyware.P2PNetworking : Cleaned with backup HKLM\SOFTWARE\Classes\WToolsB.ResProtocol -> Spyware.WebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\WToolsB.ResProtocol\Clsid -> Spyware.WebSearch : Cleaned with backup HKLM\SOFTWARE\eXactUtil -> Spyware.BargainBuddy : Cleaned with backup HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} -> Spyware.GameSpyArcade : Cleaned with backup HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{87766247-311C-43B4-8499-3D5FEC94A183} -> Spyware.HuntBar : Cleaned with backup HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8DA5457F-A8AA-4CCF-A842-70E6FD274094} -> Spyware.HuntBar : Cleaned with backup HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\STO -> Spyware.WebSearch : Cleaned with backup HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinTools -> Spyware.WebSearch : Cleaned with backup HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Yun -> Spyware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Policies\Avenue Media -> Spyware.InternetOptimizer : Cleaned with backup HKLM\SOFTWARE\WinTools -> Spyware.WebSearch : Cleaned with backup HKLM\SOFTWARE\WinTools\kydmzylki -> Spyware.WebSearch : Cleaned with backup HKLM\SOFTWARE\WinTools\nlibjhin -> Spyware.WebSearch : Cleaned with backup HKLM\SOFTWARE\WinTools\nlibx4m -> Spyware.WebSearch : Cleaned with backup HKLM\SYSTEM\CurrentControlSet\Services\WinToolsSvc -> Spyware.WebSearch : Cleaned with backup HKLM\SYSTEM\CurrentControlSet\Services\WinToolsSvc\Enum -> Spyware.WebSearch : Cleaned with backup HKU\S-1-5-21-1214440339-1682526488-1060284298-1003\Software\LocalNRD -> Spyware.BetterInternet : Cleaned with backup HKU\S-1-5-21-1214440339-1682526488-1060284298-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00320615-B6C2-40A6-8F99-F1C52D674FAD} -> Spyware.Transponder : Cleaned with backup HKU\S-1-5-21-1214440339-1682526488-1060284298-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{87766247-311C-43B4-8499-3D5FEC94A183} -> Spyware.HuntBar : Cleaned with backup HKU\S-1-5-21-1214440339-1682526488-1060284298-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8DA5457F-A8AA-4CCF-A842-70E6FD274094} -> Spyware.HuntBar : Cleaned with backup HKU\S-1-5-21-1214440339-1682526488-1060284298-1003\Software\Microsoft\Windows\CurrentVersion\Yun -> Spyware.CoolWebSearch : Cleaned with backup HKU\S-1-5-21-1214440339-1682526488-1060284298-1003\Software\Policies\Avenue Media -> Spyware.InternetOptimizer : Cleaned with backup HKU\S-1-5-21-1214440339-1682526488-1060284298-1003\Software\PowerScan -> Spyware.PowerScan : Cleaned with backup HKU\S-1-5-21-1214440339-1682526488-1060284298-1003\Software\SNO2 -> Adware.SpySheriff : Cleaned with backup HKU\S-1-5-21-1214440339-1682526488-1060284298-1003\Software\WinTools -> Spyware.WebSearch : Cleaned with backup HKU\S-1-5-21-1214440339-1682526488-1060284298-1003\Software\WinTools\URLSearchHooks -> Spyware.WebSearch : Cleaned with backup C:\winstall.exe -> Trojan.Small : Cleaned with backup C:\WINDOWS\Downloaded Program Files\flash.inf -> Adware.BetterInternet : Cleaned with backup C:\WINDOWS\SYSTEM\BDERastDx6_30002.dll -> Adware.BrilliantDigital : Cleaned with backup C:\WINDOWS\SYSTEM\bdeinstall.exe -> Adware.BrilliantDigital : Cleaned with backup C:\WINDOWS\SYSTEM\bde3d_ref2.dll -> Adware.BrilliantDigital : Cleaned with backup C:\WINDOWS\SYSTEM\bdeinsta25.dll -> Adware.BrilliantDigital : Cleaned with backup C:\WINDOWS\SYSTEM\bdeverify.exe -> Adware.BrilliantDigital : Cleaned with backup C:\WINDOWS\SYSTEM\bdeverify.dll -> Adware.BrilliantDigital : Cleaned with backup C:\WINDOWS\SYSTEM\chktrust.exe -> Spyware.BargainBuddy : Cleaned with backup C:\WINDOWS\SYSTEM\BDESac10.dll -> Adware.BrilliantDigital : Cleaned with backup C:\WINDOWS\SYSTEM\bdeload.dll -> Adware.BrilliantDigital : Cleaned with backup C:\WINDOWS\SYSTEM32\prmonuil.exe -> Downloader.Vb.ca : Cleaned with backup C:\WINDOWS\SYSTEM32\racerptt.exe -> Downloader.VB.dx : Cleaned with backup C:\WINDOWS\SYSTEM32\ogmanl.exe -> Downloader.VB.dx : Cleaned with backup C:\WINDOWS\SYSTEM32\TR9DGAAA.exe -> Downloader.Vb.ca : Cleaned with backup C:\WINDOWS\SYSTEM32\sbeziers.exe -> Downloader.VB.dx : Cleaned with backup C:\WINDOWS\SYSTEM32\insockw.exe -> Downloader.Vb.ca : Cleaned with backup C:\WINDOWS\SYSTEM32\bscriptv.exe -> Downloader.Vb.ca : Cleaned with backup C:\WINDOWS\SYSTEM32\olehlpx.exe -> Downloader.VB.dx : Cleaned with backup C:\WINDOWS\SYSTEM32\pxrtmgri.exe -> Downloader.VB.dx : Cleaned with backup C:\WINDOWS\SYSTEM32\exdl.exe -> Adware.eXact : Cleaned with backup C:\WINDOWS\SYSTEM32\dhcpm.exe -> Downloader.VB.dx : Cleaned with backup C:\WINDOWS\SYSTEM32\sxml3m.exe -> Downloader.Vb.ca : Cleaned with backup C:\WINDOWS\SYSTEM32\asrecsti.exe -> Downloader.Vb.ca : Cleaned with backup C:\WINDOWS\SYSTEM32\3dxofd.exe -> Downloader.Vb.ca : Cleaned with backup C:\WINDOWS\SYSTEM32\mdmxfrmu.exe -> Downloader.Vb.ca : Cleaned with backup C:\WINDOWS\SYSTEM32\eaStorm3DS.exe -> Downloader.VB.dx : Cleaned with backup C:\WINDOWS\SYSTEM32\deshared.exe -> Downloader.Vb.ca : Cleaned with backup C:\WINDOWS\SYSTEM32\msystemm.exe -> Trojan.Revop.b : Cleaned with backup C:\WINDOWS\SYSTEM32\tio411n.exe -> Downloader.Vb.ca : Cleaned with backup C:\WINDOWS\SYSTEM32\sfinsth.exe -> Downloader.Vb.ca : Cleaned with backup C:\WINDOWS\SYSTEM32\pxsapi.exe -> Trojan.Revop.b : Cleaned with backup C:\WINDOWS\SYSTEM32\lecnv32o.exe -> Downloader.Vb.ca : Cleaned with backup C:\WINDOWS\SYSTEM32\a.exe -> Logger.Briss.e : Cleaned with backup C:\WINDOWS\SYSTEM32\pvft.exe -> Downloader.PurityScan.i : Cleaned with backup C:\WINDOWS\SYSTEM32\qoam.exe -> Downloader.Vb.ca : Cleaned with backup C:\WINDOWS\SYSTEM32\msbe.dll -> Spyware.BargainBuddy : Cleaned with backup C:\WINDOWS\SYSTEM32\dmc.exe -> Downloader.Vb.ca : Cleaned with backup C:\WINDOWS\SYSTEM32\ecupds.exe -> Downloader.VB.dx : Cleaned with backup C:\WINDOWS\SYSTEM32\msiefr40.dll -> Spyware.Cash : Cleaned with backup C:\WINDOWS\SYSTEM32\nvms.dll -> Spyware.BargainBuddy : Cleaned with backup C:\WINDOWS\SYSTEM32\msbb321.dll -> Spyware.180Solutions : Cleaned with backup C:\WINDOWS\SYSTEM32\bdpl1k.exe -> Downloader.Vb.ca : Cleaned with backup C:\WINDOWS\SYSTEM32\ciman32d.exe -> Downloader.VB.dx : Cleaned with backup C:\WINDOWS\SYSTEM32\bridge.dll -> Logger.Briss.i : Cleaned with backup C:\WINDOWS\SYSTEM32\pnsvrd.exe -> Downloader.Vb.ca : Cleaned with backup C:\WINDOWS\SYSTEM32\dbopue.exe -> Downloader.Agent.ae : Cleaned with backup C:\WINDOWS\SYSTEM32\mscb.dll -> Spyware.BargainBuddy : Cleaned with backup C:\WINDOWS\SYSTEM32\in10b6s.dll -> Adware.eZula : Cleaned with backup C:\WINDOWS\SYSTEM32\SWRT01.dll -> Spyware.VirtualBouncer : Cleaned with backup C:\WINDOWS\SYSTEM32\bbchk.exe -> Spyware.BargainBuddy : Cleaned with backup C:\WINDOWS\SYSTEM32\apuc.dll -> Spyware.BargainBuddy : Cleaned with backup C:\WINDOWS\SYSTEM32\TIICDXXA.exe -> Downloader.VB.dx : Cleaned with backup C:\WINDOWS\SYSTEM32\SWLAD2.dll -> Spyware.VirtualBouncer : Cleaned with backup C:\WINDOWS\SYSTEM32\biC.exe/bi.dll -> Spyware.BiSpy : Error during cleaning C:\WINDOWS\SYSTEM32\biC.exe/biprep.exe -> Trojan.Bispy.B : Error during cleaning C:\WINDOWS\SYSTEM32\biC.exe/bi.dll -> Spyware.BiSpy : Error during cleaning C:\WINDOWS\SYSTEM32\biC.exe/biprep.exe -> Trojan.Bispy.B : Error during cleaning C:\WINDOWS\SYSTEM32\apit.exe -> Downloader.VB.dx : Cleaned with backup C:\WINDOWS\SYSTEM32\mobho.dll -> Spyware.WurldMedia : Cleaned with backup C:\WINDOWS\SYSTEM32\ATPartners.dll -> Downloader.Rameh.c : Cleaned with backup C:\WINDOWS\SYSTEM32\embioso.exe -> Downloader.Vb.ca : Cleaned with backup C:\WINDOWS\SYSTEM32\_1252c.exe -> Trojan.Revop.b : Cleaned with backup C:\WINDOWS\SYSTEM32\mddspk.exe -> Downloader.VB.dx : Cleaned with backup C:\WINDOWS\SYSTEM32\BO2809040510.exe -> Spyware.VirtualBouncer : Cleaned with backup C:\WINDOWS\SYSTEM32\WebRebates.exe -> Spyware.WebRebates.g : Cleaned with backup C:\WINDOWS\SYSTEM32\SWLAD1.dll -> Spyware.VirtualBouncer : Cleaned with backup C:\WINDOWS\SYSTEM32\PopOops2.dll -> Spyware.VirtualBouncer : Cleaned with backup C:\WINDOWS\SYSTEM32\PopOops.dll -> Spyware.VirtualBouncer : Cleaned with backup C:\WINDOWS\SYSTEM32\rintuip.exe -> Downloader.VB.dx : Cleaned with backup C:\WINDOWS\SYSTEM32\ukatiClientInstallerT.exe -> Downloader.Vb.ca : Cleaned with backup C:\WINDOWS\SYSTEM32\eyboardk.exe -> Downloader.VB.dx : Cleaned with backup C:\WINDOWS\SYSTEM32\mcm.exe -> Downloader.Vb.ca : Cleaned with backup C:\WINDOWS\SYSTEM32\msbb.exe -> Spyware.180Solutions : Cleaned with backup C:\WINDOWS\SYSTEM32\SHAgentNew.dll -> Spyware.BargainBuddy : Cleaned with backup C:\WINDOWS\SYSTEM32\dvpacka.exe -> Downloader.Vb.ca : Cleaned with backup C:\WINDOWS\SYSTEM32\_1250c.exe -> Downloader.VB.dx : Cleaned with backup C:\WINDOWS\dcr.exe -> Spyware.180Solutions : Cleaned with backup C:\WINDOWS\nem214.dll -> Downloader.Dyfuca.j : Cleaned with backup C:\WINDOWS\actulice.exe -> Trojan.Revop.b : Cleaned with backup C:\WINDOWS\bi.dll -> Trojan.Bispy.A : Cleaned with backup C:\WINDOWS\Belt.exe -> Downloader.Stubby.a : Cleaned with backup C:\WINDOWS\emsw.exe -> Spyware.HelpExpress : Cleaned with backup C:\WINDOWS\BDE\Cache\bdedetect1.dll -> Adware.BrilliantDigital : Cleaned with backup C:\WINDOWS\BDE\bdeplayer2.dll -> Adware.BrilliantDigital : Cleaned with backup C:\WINDOWS\BDE\BDEEngine2.dll -> Adware.BrilliantDigital : Cleaned with backup C:\WINDOWS\BDE\bdeimage.dll -> Adware.BrilliantDigital : Cleaned with backup C:\WINDOWS\BDE\npbdplay2.dll -> Adware.BrilliantDigital : Cleaned with backup C:\WINDOWS\BDE\bdeviewer.exe -> Adware.BrilliantDigital : Cleaned with backup C:\WINDOWS\wsem217.dll -> Downloader.Dyfuca.cn : Cleaned with backup C:\WINDOWS\pup.exe -> Downloader.Vb.ca : Cleaned with backup C:\WINDOWS\UnstSA2.exe -> Dropper.Delf.z : Cleaned with backup C:\WINDOWS\nem216.dll -> Downloader.Dyfuca.bx : Cleaned with backup C:\WINDOWS\bookmarks.exe -> Spyware.Hijacker.Generic : Cleaned with backup C:\WINDOWS\2_0_1browserhelper2.dll -> Spyware.Hijacker.Generic : Cleaned with backup C:\WINDOWS\uptodate.exe -> Downloader.Braidupdate.c : Cleaned with backup C:\WINDOWS\rico.exe -> Downloader.VB.dx : Cleaned with backup C:\WINDOWS\03wu26rd.exe -> Spyware.F1Organizer : Cleaned with backup C:\WINDOWS\wupdt.exe -> Downloader.Intexp : Cleaned with backup C:\WINDOWS\96wu19rd.exe -> Spyware.F1Organizer : Cleaned with backup C:\WINDOWS\biprep.exe -> Trojan.Bispy.B : Cleaned with backup C:\WINDOWS\nem219.dll -> Downloader.Dyfuca : Cleaned with backup C:\WINDOWS\systb.exe/systb.dll -> Spyware.ImiBar : Error during cleaning C:\WINDOWS\polmx2.exe -> Downloader.Agent.ae : Cleaned with backup C:\WINDOWS\systb.dll -> Spyware.ImiBar : Cleaned with backup C:\WINDOWS\bbchk.exe -> Spyware.BargainBuddy : Cleaned with backup C:\WINDOWS\wsem301.dll -> Downloader.Dyfuca.dd : Cleaned with backup C:\WINDOWS\rundll16.exe -> Spyware.BrowserAid : Cleaned with backup C:\WINDOWS\NDNuninstall6_30.exe -> Spyware.NewDotNet : Cleaned with backup C:\Program Files\Common Files\WinTools\WToolsA.exe -> Spyware.Wintools : Cleaned with backup C:\Program Files\Common Files\WinTools\WSup.exe -> Spyware.Wintools : Cleaned with backup C:\Program Files\Common Files\WinTools\WToolsB.dll -> Spyware.Wintol : Cleaned with backup C:\Program Files\Common Files\WinTools\WToolsS.exe -> Downloader.Wintool.f : Cleaned with backup C:\Program Files\Internet Explorer\setup.exe -> Dropper.Bridge : Cleaned with backup C:\Program Files\Altnet -> Adware.Altnet : Cleaned with backup C:\Program Files\Altnet\My Altnet Shares -> Adware.Altnet : Cleaned with backup C:\Program Files\SpySheriff -> Spyware.SpySheriff : Cleaned with backup C:\Program Files\SpySheriff\Uninstall.exe -> Spyware.SpySheriff : Cleaned with backup C:\Program Files\SpySheriff\SpySheriff.exe -> Spyware.SpySheriff : Cleaned with backup C:\Program Files\Yahoo!\YPSR\Quarantine\ppq14.tmp\AdDestroyer.exe -> Adware.VirtualBouncer : Cleaned with backup C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2C.tmp\jvonderh\Download\HXIUL.EXE -> Spyware.HelpExpress : Cleaned with backup C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2C.tmp\jvonderh\Download\HXDL.EXE -> Spyware.HelpExpress : Cleaned with backup C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2C.tmp\jvonderh\Download\CLIENT.CAB/HelpExp.exe -> Spyware.HelpExpress : Cleaned with backup C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2C.tmp\jvonderh\HXIUL.EXE -> Spyware.HelpExpress : Cleaned with backup C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2C.tmp\jvonderh\HXDL.EXE -> Spyware.HelpExpress : Cleaned with backup C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2C.tmp\jvonderh\Client\HelpExp.exe -> Spyware.HelpExpress : Cleaned with backup C:\Program Files\Yahoo!\YPSR\Quarantine\ppq4D.tmp\TvmBho.dll -> Spyware.TotalVelocity : Cleaned with backup C:\Program Files\Yahoo!\YPSR\Quarantine\ppq4D.tmp\TvmCore.dll -> Spyware.TotalVelocity : Cleaned with backup C:\Program Files\Yahoo!\YPSR\Quarantine\ppq4D.tmp\Tvm.exe -> Spyware.TotalVelocity : Cleaned with backup C:\Program Files\Yahoo!\YPSR\Quarantine\ppq63.tmp\optimize.exe -> Downloader.Dyfuca.cy : Cleaned with backup C:\Program Files\Yahoo!\YPSR\Quarantine\ppq6D.tmp\IncFindBHO.dll -> Downloader.Keenval.e : Cleaned with backup C:\Program Files\WinHound -> Adware.WinHound : Cleaned with backup C:\Program Files\WinHound\Trash -> Adware.WinHound : Cleaned with backup C:\Program Files\Web Offer -> Adware.eZula : Cleaned with backup C:\Program Files\Web Offer\UNWISE.EXE -> Adware.eZula : Cleaned with backup C:\Program Files\Web Offer\apev.exe -> Adware.eZula : Cleaned with backup C:\Program Files\Web Offer\wndbannnp.src -> Adware.eZula : Cleaned with backup C:\Program Files\Web Offer\versionp.vrn -> Adware.eZula : Cleaned with backup C:\Program Files\Web Offer\basisp.dst -> Adware.eZula : Cleaned with backup C:\Program Files\Web Offer\basisp.kwd -> Adware.eZula : Cleaned with backup C:\Program Files\Web Offer\basisp.pu -> Adware.eZula : Cleaned with backup C:\Program Files\Web Offer\basisp.rst -> Adware.eZula : Cleaned with backup C:\Program Files\Web Offer\CHPON.dll -> Adware.eZula : Cleaned with backup C:\Program Files\Web Offer\eapbh.dll -> Adware.eZula : Cleaned with backup C:\Program Files\Web Offer\gendis.ez -> Adware.eZula : Cleaned with backup C:\Program Files\Web Offer\wo.exe -> Adware.eZula : Cleaned with backup C:\Program Files\Web Offer\paramp.ez -> Adware.eZula : Cleaned with backup C:\Program Files\Web Offer\rwdsp.rst -> Adware.eZula : Cleaned with backup C:\Program Files\Web Offer\sepng.dll -> Adware.eZula : Cleaned with backup C:\Program Files\Web Offer\upgradep.vrn -> Adware.eZula : Cleaned with backup C:\Program Files\Web Offer\INSTALL.LOG -> Adware.eZula : Cleaned with backup C:\Program Files\Signwarntick\wipe.exe -> Dropper.Small.fl : Cleaned with backup C:\Program Files\Signwarntick\gipbhxio.exe -> Downloader.Swizzor.w : Cleaned with backup C:\Program Files\Signwarntick\abqfsbzv.exe -> Downloader.Swizzor.w : Cleaned with backup C:\Program Files\Signwarntick\qwoobzko.exe -> Downloader.Swizzor.ay : Cleaned with backup C:\Program Files\Signwarntick\spam mix ref eggs.exe -> Spyware.Lop : Cleaned with backup C:\Program Files\Signwarntick\SkipUpThis.exe -> Spyware.Lop : Cleaned with backup C:\Program Files\WebSavingsfromEbates -> Adware.MoneyMaker : Cleaned with backup C:\Program Files\WebSavingsfromEbates\System -> Adware.MoneyMaker : Cleaned with backup C:\Program Files\WebSavingsfromEbates\System\Code -> Adware.MoneyMaker : Cleaned with backup C:\Program Files\WebSavingsfromEbates\System\Code\a.class -> Adware.MoneyMaker : Cleaned with backup C:\Program Files\WebSavingsfromEbates\System\Code\b.class -> Adware.MoneyMaker : Cleaned with backup C:\Program Files\WebSavingsfromEbates\System\Code\ba.class -> Adware.MoneyMaker : Cleaned with backup C:\Program Files\WebSavingsfromEbates\System\Code\bb.class -> Adware.MoneyMaker : Cleaned with backup C:\Program Files\WebSavingsfromEbates\System\Code\bc.class -> Adware.MoneyMaker : Cleaned with backup C:\Program Files\WebSavingsfromEbates\System\Code\bd.class -> Adware.MoneyMaker : Cleaned with backup C:\Program Files\WebSavingsfromEbates\System\Code\be.class -> Adware.MoneyMaker : Cleaned with backup C:\Program Files\WebSavingsfromEbates\System\Code\bf.class -> Adware.MoneyMaker : Cleaned with backup C:\Program Files\WebSavingsfromEbates\System\Code\bg.class -> Adware.MoneyMaker : Cleaned with backup C:\Program Files\WebSavingsfromEbates\System\Code\bh.class -> Adware.MoneyMaker : Cleaned with backup C:\Program Files\WebSavingsfromEbates\System\Code\bi.class -> Adware.MoneyMaker : Cleaned with backup C:\Program Files\WebSavingsfromEbates\System\Code\bj.class -> Adware.MoneyMaker : Cleaned with backup C:\Program Files\WebSavingsfromEbates\System\Code\bk.class -> Adware.MoneyMaker : Cleaned with backup C:\Program Files\WebSavingsfromEbates\System\Code\bl.class -> Adware.MoneyMaker : Cleaned with backup C:\Program Files\WebSavingsfromEbates\System\Code\bm.class -> Adware.MoneyMaker : Cleaned with backup C:\Program Files\WebSavingsfromEbates\System\Code\bn.class -> Adware.MoneyMaker : Cleaned with backup C:\Program Files\WebSavingsfromEbates\System\Code\bo.class -> Adware.MoneyMaker : Cleaned with backup C:\Program Files\WebSavingsfromEbates\System\Code\bp.class -> Adware.MoneyMaker : Cleaned with backup C:\Program Files\WebSavingsfromEbates\System\Code\bq.class -> Adware.MoneyMaker : Cleaned with backup C:\Program Files\WebSavingsfromEbates\System\Code\br.class -> Adware.MoneyMaker : Cleaned with backup C:\Program Files\WebSavingsfromEbates\System\Code\bs.class -> Adware.MoneyMaker : Cleaned with backup C:\Program Files\WebSavingsfromEbates\System\Code\bt.class -> Adware.MoneyMaker : Cleaned with backup C:\Program Files\WebSavingsfromEbates\System\Code\bu.class -> Adware.MoneyMaker : Cleaned with backup C:\Program Files\WebSavingsfromEbates\System\Code\bv.class -> Adware.MoneyMaker : Cleaned with backup C:\Program Files\WebSavingsfromEbates\System\Code\bw.class -> Adware.MoneyMaker : Cleaned with backup C:\Program Files\WebSavingsfromEbates\System\Code\bx.class -> Adware.MoneyMaker : Cleaned with backup C:\Program Files\WebSavingsfromEbates\System\Code\by.class -> Adware.MoneyMaker : Cleaned with backup C:\Program Files\WebSavingsfromEbates\System\Code\bz.class -> Adware.MoneyMaker : Cleaned with backup C:\Program Files\WebSavingsfromEbates\System\Code\c.class -> Adware.MoneyMaker : Cleaned with backup C:\Program Files\WebSavingsfromEbates\System\Code\ca.class -> Adware.MoneyMaker : Cleaned with backup C:\Program Files\WebSavingsfromEbates\System\Code\cb.class -> Adware.MoneyMaker : Cleaned with backup C:\Program Files\WebSavingsfromEbates\System\Code\cc.class -> Adware.MoneyMaker : Cleaned with backup C:\Program Files\WebSavingsfromEbates\System\Code\cd.class -> Adware.MoneyMaker : Cleaned with backup C:\Program Files\WebSavingsfromEbates\System\Code\ce.class -> Adware.MoneyMaker : Cleaned with backup C:\Program Files\WebSavingsfromEbates\System\Code\cf.class -> Adware.MoneyMaker : Cleaned with backup C:\Program Files\WebSavingsfromEbates\System\Code\cg.class -> Adware.MoneyMaker : Cleaned with backup C:\Program Files\WebSavingsfromEbates\System\Code\ch.class -> Adware.MoneyMaker : Cleaned with backup C:\Program Files\WebSavingsfromEbates\System\Code\ci.class -> Adware.MoneyMaker : Cleaned with backup C:\Program Files\WebSavingsfromEbates\System\Code\cj.class -> Adware.MoneyMaker : Cleaned with backup C:\Program Files\WebSavingsfromEbates\System\Code\ck.class -> Adware.MoneyMaker : Cleaned with backup C:\Program Files\WebSavingsfromEbates\System\Code\cl.class -> Adware.MoneyMaker : Cleaned with backup C:\Program Files\WebSavingsfromEbates\System\Code\cm.class -> Adware.MoneyMaker : Cleaned with backup C:\Program Files\WebSavingsfromEbates\System\Code\cn.class -> Adware.MoneyMaker : Cleaned with backup C:\Program Files\WebSavingsfromEbates\System\Code\co.class -> Adware.MoneyMaker : Cleaned with backup C:\Program Files\WebSavingsfromEbates\System\Code\cp.class -> Adware.MoneyMaker : Cleaned with backup C:\Program Files\WebSavingsfromEbates\System\Code\cq.class -> Adware.MoneyMaker : Cleaned with backup C:\Program Files\WebSavingsfromEbates\System\Code\cr.class -> Adware.MoneyMaker : Cleaned with backup C:\Program Files\WebSavingsfromEbates\System\Code\cs.class -> Adware.MoneyMaker : Cleaned with backup C:\Program Files\WebSavingsfromEbates\System\Code\ct.class -> Adware.MoneyMaker : Cleaned with backup C:\Program Files\WebSavingsfromEbates\System\Code\cu.class -> Adware.MoneyMaker : Cleaned with backup C:\Program Files\WebSavingsfromEbates\System\Code\cv.class -> Adware.MoneyMaker : Cleaned with backup C:\Program Files\WebSavingsfromEbates\System\Code\cw.class -> Adware.MoneyMaker : Cleaned with backup C:\Program Files\WebSavingsfromEbates\System\Code\cx.class -> Adware.MoneyMaker : Cleaned with backup C:\Program Files\WebSavingsfromEbates\System\Code\cy.class -> Adware.MoneyMaker : Cleaned with backup C:\Program Files\WebSavingsfromEbates\System\Code\cz.class -> Adware.MoneyMaker : Cleaned with backup C:\Program Files\WebSavingsfromEbates\System\Code\d.class -> Adware.MoneyMaker : Cleaned with backup C:\Program Files\WebSavingsfromEbates\System\Code\da.class -> Adware.MoneyMaker : Cleaned with backup C:\Program Files\WebSavingsfromEbates\System\Code\db.class -> Adware.MoneyMaker : Cleaned with backup C:\Program Files\WebSavingsfromEbates\System\Code\dc.class -> Adware.MoneyMaker : Cleaned with backup C:\Program Files\WebSavingsfromEbates\System\Code\dd.class -> Adware.MoneyMaker : Cleaned with backup C:\Program Files\WebSavingsfromEbates\System\Code\de.class -> Adware.MoneyMaker : Cleaned with backup C:\Program Files\WebSavingsfromEbates\System\Code\df.class -> Adware.MoneyMaker : Cleaned with backup C:\Program Files\WebSavingsfromEbates\System\Code\dg.class -> Adware.MoneyMaker : Cleaned with backup C:\Program Files\WebSavingsfromEbates\System\Code\dh.class -> Adware.MoneyMaker : Cleaned with backup C:\Program Files\WebSavingsfromEbates\System\Code\di.class -> Adware.MoneyMaker : Cleaned with backup C:\Program Files\WebSavingsfromEbates\System\Code\dj.class -> Adware.MoneyMaker : Cleaned with backup C:\Program Files\WebSavingsfromEbates\System\Code\dk.class -> Adware.MoneyMaker : Cleaned with backup C:\Program Files\WebSavingsfromEbates\System\Code\dl.class -> Adware.MoneyMaker : Cleaned with backup C:\Program Files\WebSavingsfromEbates\System\Code\dn.class -> Adware.MoneyMaker : Cleaned with backup C:\Program Files\WebSavingsfromEbates\System\Code\dp.class -> Adware.MoneyMaker : Cleaned with backup C:\Program Files\WebSavingsfromEbates\System\Code\dq.class -> Adware.MoneyMaker : Cleaned with backup C:\Program Files\WebSavingsfromEbates\System\Code\dr.class -> Adware.MoneyMaker : Cleaned with backup C:\Program Files\WebSavingsfromEbates\System\Code\ds.class -> Adware.MoneyMaker : Cleaned with backup C:\Program Files\WebSavingsfromEbates\System\Code\dt.class -> Adware.MoneyMaker : Cleaned with backup C:\Program Files\WebSavingsfromEbates\System\Code\du.class -> Adware.MoneyMaker : Cleaned with backup C:\Program Files\WebSavingsfromEbates\System\Code\dv.class -> Adware.MoneyMaker : Cleaned with backup C:\Program Files\WebSavingsfromEbates\System\Code\dw.class -> Adware.MoneyMaker : Cleaned with backup C:\Program Files\WebSavingsfromEbates\System\Code\dy.class -> Adware.MoneyMaker : Cleaned with backup C:\Program Files\WebSavingsfromEbates\System\Code\dz.class -> Adware.MoneyMaker : Cleaned with backup C:\Program Files\WebSavingsfromEbates\System\Code\e.class -> Adware.MoneyMaker : Cleaned with backup C:\Program Files\WebSavingsfromEbates\System\Code\ea.class -> Adware.MoneyMaker : Cleaned with backup C:\Program Files\WebSavingsfromEbates\System\Code\eb.class -> Adware.MoneyMaker : Cleaned with backup C:\Program Files\WebSavingsfromEbates\System\Code\ec.class -> Adware.MoneyMaker : Cleaned with backup C:\Program Files\WebSavingsfromEbates\System\Code\ed.class -> Adware.MoneyMaker : Cleaned with backup C:\Program Files\WebSavingsfromEbates\System\Code\f.class -> Adware.MoneyMaker : Cleaned with backup C:\Program Files\WebSavingsfromEbates\System\Code\g.class -> Adware.MoneyMaker : Cleaned with backup C:\Program Files\WebSavingsfromEbates\System\Code\h.class -> Adware.MoneyMaker : Cleaned with backup C:\Program Files\WebSavingsfromEbates\System\Code\i.class -> Adware.MoneyMaker : Cleaned with backup C:\Program Files\WebSavingsfromEbates\System\Code\j.class -> Adware.MoneyMaker : Cleaned with backup C:\Program Files\WebSavingsfromEbates\System\Code\k.class -> Adware.MoneyMaker : Cleaned with backup C:\Program Files\WebSavingsfromEbates\System\Code\l.class -> Adware.MoneyMaker : Cleaned with backup C:\Program Files\WebSavingsfromEbates\System\Code\m.class -> Adware.MoneyMaker : Cleaned with backup C:\Program Files\WebSavingsfromEbates\System\Code\Main.class -> Adware.MoneyMaker : Cleaned with backup C:\Program Files\WebSavingsfromEbates\System\Code\n.class -> Adware.MoneyMaker : Cleaned with backup C:\Program Files\WebSavingsfromEbates\System\Code\o.class -> Adware.MoneyMaker : Cleaned with backup C:\Program Files\WebSavingsfromEbates\System\Code\p.class -> Adware.MoneyMaker : Cleaned with backup C:\Program Files\WebSavingsfromEbates\System\Code\q.class -> Adware.MoneyMaker : Cleaned with backup C:\Program Files\WebSavingsfromEbates\System\Code\r.class -> Adware.MoneyMaker : Cleaned with backup C:\Program Files\WebSavingsfromEbates\System\Code\s.class -> Adware.MoneyMaker : Cleaned with backup C:\Program Files\WebSavingsfromEbates\System\Code\t.class -> Adware.MoneyMaker : Cleaned with backup C:\Program Files\WebSavingsfromEbates\System\Code\u.class -> Adware.MoneyMaker : Cleaned with backup C:\Program Files\WebSavingsfromEbates\System\Code\v.class -> Adware.MoneyMaker : Cleaned with backup C:\Program Files\WebSavingsfromEbates\System\Code\w.class -> Adware.MoneyMaker : Cleaned with backup C:\Program Files\WebSavingsfromEbates\System\Code\x.class -> Adware.MoneyMaker : Cleaned with backup C:\Program Files\WebSavingsfromEbates\System\Code\y.class -> Adware.MoneyMaker : Cleaned with backup C:\Program Files\WebSavingsfromEbates\System\System -> Adware.MoneyMaker : Cleaned with backup C:\Program Files\WebSavingsfromEbates\System\System\browsers.dls -> Adware.MoneyMaker : Cleaned with backup C:\Program Files\WebSavingsfromEbates\System\System\loader.dls -> Adware.MoneyMaker : Cleaned with backup C:\Program Files\WebSavingsfromEbates\System\System\personality.dls -> Adware.MoneyMaker : Cleaned with backup C:\Program Files\WebSavingsfromEbates\System\System\shopping.dls -> Adware.MoneyMaker : Cleaned with backup C:\Program Files\WebSavingsfromEbates\System\System\system.dls -> Adware.MoneyMaker : Cleaned with backup C:\Program Files\WebSavingsfromEbates\System\Html -> Adware.MoneyMaker : Cleaned with backup C:\Program Files\WebSavingsfromEbates\System\Html\ebateswebsavings_confirmredir0.htm -> Adware.MoneyMaker : Cleaned with backup C:\Program Files\WebSavingsfromEbates\System\Html\ebateswebsavings_preferences0.htm -> Adware.MoneyMaker : Cleaned with backup C:\Program Files\WebSavingsfromEbates\System\Html\ebateswebsavings_script0.htm -> Adware.MoneyMaker : Cleaned with backup C:\Program Files\WebSavingsfromEbates\System\Html\topmoxie_conflicts2.htm -> Adware.MoneyMaker : Cleaned with backup C:\Program Files\WebSavingsfromEbates\System\Html\topmoxie_proxy.htm -> Adware.MoneyMaker : Cleaned with backup C:\Program Files\WebSavingsfromEbates\System\Html\couponsandoffers_script0.htm -> Adware.MoneyMaker : Cleaned with backup C:\Program Files\WebSavingsfromEbates\System\Html\couponsandoffers_preferences2.htm -> Adware.MoneyMaker : Cleaned with backup C:\Program Files\WebSavingsfromEbates\System\Html\couponsandoffers_offer3.htm -> Adware.MoneyMaker : Cleaned with backup C:\Program Files\WebSavingsfromEbates\System\Html\couponsandoffers_agreement2.htm -> Adware.MoneyMaker : Cleaned with backup C:\Program Files\WebSavingsfromEbates\System\Html\couponsandoffers_about2.htm -> Adware.MoneyMaker : Cleaned with backup C:\Program Files\WebSavingsfromEbates\System\Images -> Adware.MoneyMaker : Cleaned with backup C:\Program Files\WebSavingsfromEbates\System\Images\ebateswebsavings_button_submit.gif -> Adware.MoneyMaker : Cleaned with backup C:\Program Files\WebSavingsfromEbates\System\Images\ebateswebsavings_ebates.gif -> Adware.MoneyMaker : Cleaned with backup C:\Program Files\WebSavingsfromEbates\System\Images\p.gif -> Adware.MoneyMaker : Cleaned with backup C:\Program Files\WebSavingsfromEbates\System\Temp -> Adware.MoneyMaker : Cleaned with backup C:\Program Files\WebSavingsfromEbates\System\Temp\dump.txt -> Adware.MoneyMaker : Cleaned with backup C:\Program Files\WebSavingsfromEbates\System\Temp\run.txt -> Adware.MoneyMaker : Cleaned with backup C:\Program Files\WebSavingsfromEbates\System\Temp\ebateswebsavings_script0.htm -> Adware.MoneyMaker : Cleaned with backup C:\Program Files\WebSavingsfromEbates\System\Temp\ebateswebsavings_script0_wo.htm -> Adware.MoneyMaker : Cleaned with backup C:\Program Files\WebSavingsfromEbates\System\Temp\ebateswebsavings_preferences0.htm -> Adware.MoneyMaker : Cleaned with backup C:\Program Files\WebSavingsfromEbates\System\Temp\ebateswebsavings_preferences0_wo.htm -> Adware.MoneyMaker : Cleaned with backup C:\Program Files\WebSavingsfromEbates\System\Temp\ebateswebsavings_confirmredir0.htm -> Adware.MoneyMaker : Cleaned with backup C:\Program Files\WebSavingsfromEbates\System\Temp\ebateswebsavings_confirmredir0_wo.htm -> Adware.MoneyMaker : Cleaned with backup C:\Program Files\WebSavingsfromEbates\System\MTemp -> Adware.MoneyMaker : Cleaned with backup C:\Program Files\WebSavingsfromEbates\System\MTemp\logfile.txt -> Adware.MoneyMaker : Cleaned with backup C:\Program Files\WebSavingsfromEbates\System\MTemp\lock.txt -> Adware.MoneyMaker : Cleaned with backup C:\Program Files\WebSavingsfromEbates\Applications -> Adware.MoneyMaker : Cleaned with backup C:\Program Files\WebSavingsfromEbates\Applications\ebateswebsavingsdr1.dls -> Adware.MoneyMaker : Cleaned with backup C:\Program Files\WebSavingsfromEbates\Applications\ebatesdatamerchCust.dls -> Adware.MoneyMaker : Cleaned with backup C:\Program Files\WebSavingsfromEbates\Applications\cmpck.dls -> Adware.MoneyMaker : Cleaned with backup C:\Program Files\WebSavingsfromEbates\WebSavings_README.txt -> Adware.MoneyMaker : Cleaned with backup C:\Program Files\WebSavingsfromEbates\WebSavingsfromEbates.exe -> Adware.MoneyMaker : Cleaned with backup C:\Program Files\WebSavingsfromEbates\WebSavingsfromEbates.inf -> Adware.MoneyMaker : Cleaned with backup C:\Program Files\WebSavingsfromEbates\ApplicationData -> Adware.MoneyMaker : Cleaned with backup C:\Program Files\WebSavingsfromEbates\ApplicationData\jvonderh -> Adware.MoneyMaker : Cleaned with backup C:\Program Files\WebSavingsfromEbates\ApplicationData\jvonderh\ebateswebsavingsdr1data.dls -> Adware.MoneyMaker : Cleaned with backup C:\Program Files\WebSavingsfromEbates\ApplicationData\jvonderh\dataexcludeebateswebsavingsdr1saved.dls -> Adware.MoneyMaker : Cleaned with backup C:\Program Files\WebSavingsfromEbates\ApplicationData\systemdata.dls -> Adware.MoneyMaker : Cleaned with backup C:\Program Files\WebSavingsfromEbates\ApplicationData\systemdata1.dls -> Adware.MoneyMaker : Cleaned with backup C:\Program Files\WebSavingsfromEbates\ApplicationData\updates.dls -> Adware.MoneyMaker : Cleaned with backup C:\Program Files\WebSavingsfromEbates\ApplicationData\merchants.dls -> Adware.MoneyMaker : Cleaned with backup C:\Program Files\WebSavingsfromEbates\ApplicationData\Administrator -> Adware.MoneyMaker : Cleaned with backup C:\Program Files\WebSavingsfromEbates\ApplicationData\Administrator\ebateswebsavingsdr1data.dls -> Adware.MoneyMaker : Cleaned with backup C:\Program Files\WebSavingsfromEbates\ApplicationData\Administrator\dataexcludeebateswebsavingsdr1saved.dls -> Adware.MoneyMaker : Cleaned with backup C:\Program Files\WebSavingsfromEbates\WebSavingsfromEbates1.exe -> Adware.MoneyMaker : Cleaned with backup C:\Program Files\NaviSearch -> Adware.BargainBuddy : Cleaned with backup C:\Program Files\NaviSearch\bin -> Adware.BargainBuddy : Cleaned with backup C:\Program Files\NaviSearch\bin\nls.exe -> Adware.BargainBuddy : Cleaned with backup C:\Program Files\NaviSearch\Uninstall.exe -> Adware.BargainBuddy : Cleaned with backup C:\Program Files\NaviSearch\ad.dat -> Adware.BargainBuddy : Cleaned with backup C:\kindlist.exe -> Downloader.Swizzor.ct : Cleaned with backup C:\updaterInstall_112.exe -> Downloader.Keenval : Cleaned with backup C:\Documents and Settings\Jarod\Local Settings\Temp\Cookies\jarod@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup C:\Documents and Settings\Jarod\Local Settings\Temp\Cookies\jarod@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup C:\Documents and Settings\Jarod\Local Settings\Temp\Cookies\jarod@advertising[2].txt -> Spyware.Cookie.Advertising : Cleaned with backup C:\Documents and Settings\Jarod\Desktop\Hijackthis\backups\backup-20060123-203003-472.dll -> Downloader.Agent.bc : Cleaned with backup C:\Documents and Settings\Jarod\Desktop\Hijackthis\backups\backup-20060123-203003-446.dll -> Downloader.Agent.bc : Cleaned with backup C:\Documents and Settings\Jarod\Desktop\Hijackthis\backups\backup-20060123-203003-553.dll -> Downloader.Agent.bc : Cleaned with backup C:\Documents and Settings\Jarod\Desktop\Hijackthis\backups\backup-20060123-203003-150.dll -> Downloader.Agent.bc : Cleaned with backup C:\Documents and Settings\Jarod\Desktop\Hijackthis\backups\backup-20060123-203003-624.dll -> Downloader.Agent.bc : Cleaned with backup C:\Documents and Settings\Jarod\Desktop\Hijackthis\backups\backup-20060123-203003-408.dll -> Downloader.Agent.bc : Cleaned with backup C:\Documents and Settings\Jarod\Desktop\Hijackthis\backups\backup-20060123-203003-849.dll -> Downloader.Agent.bc : Cleaned with backup C:\Documents and Settings\Jarod\Desktop\Hijackthis\backups\backup-20060123-203003-537.dll -> Downloader.Agent.bc : Cleaned with backup C:\Documents and Settings\Jarod\Desktop\Hijackthis\backups\backup-20060123-203003-358.dll -> Downloader.Agent.bc : Cleaned with backup C:\Documents and Settings\Jarod\Desktop\Hijackthis\backups\backup-20060123-203003-980.dll -> Downloader.Agent.bc : Cleaned with backup C:\Documents and Settings\Jarod\Cookies\jarod@advertising[2].txt -> Spyware.Cookie.Advertising : Cleaned with backup C:\Documents and Settings\Jarod\Cookies\jarod@atdmt[1].txt -> Spyware.Cookie.Atdmt : Cleaned with backup :mozilla.12:C:\Documents and Settings\Jarod\Application Data\Mozilla\Firefox\Profiles\default.nzx\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup :mozilla.13:C:\Documents and Settings\Jarod\Application Data\Mozilla\Firefox\Profiles\default.nzx\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup :mozilla.16:C:\Documents and Settings\Jarod\Application Data\Mozilla\Firefox\Profiles\default.nzx\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup :mozilla.17:C:\Documents and Settings\Jarod\Application Data\Mozilla\Firefox\Profiles\default.nzx\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup :mozilla.18:C:\Documents and Settings\Jarod\Application Data\Mozilla\Firefox\Profiles\default.nzx\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup :mozilla.19:C:\Documents and Settings\Jarod\Application Data\Mozilla\Firefox\Profiles\default.nzx\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup :mozilla.20:C:\Documents and Settings\Jarod\Application Data\Mozilla\Firefox\Profiles\default.nzx\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup :mozilla.21:C:\Documents and Settings\Jarod\Application Data\Mozilla\Firefox\Profiles\default.nzx\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup :mozilla.22:C:\Documents and Settings\Jarod\Application Data\Mozilla\Firefox\Profiles\default.nzx\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup :mozilla.23:C:\Documents and Settings\Jarod\Application Data\Mozilla\Firefox\Profiles\default.nzx\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup :mozilla.24:C:\Documents and Settings\Jarod\Application Data\Mozilla\Firefox\Profiles\default.nzx\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup :mozilla.27:C:\Documents and Settings\Jarod\Application Data\Mozilla\Firefox\Profiles\default.nzx\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup :mozilla.28:C:\Documents and Settings\Jarod\Application Data\Mozilla\Firefox\Profiles\default.nzx\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup :mozilla.29:C:\Documents and Settings\Jarod\Application Data\Mozilla\Firefox\Profiles\default.nzx\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup :mozilla.30:C:\Documents and Settings\Jarod\Application Data\Mozilla\Firefox\Profiles\default.nzx\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup :mozilla.31:C:\Documents and Settings\Jarod\Application Data\Mozilla\Firefox\Profiles\default.nzx\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup :mozilla.32:C:\Documents and Settings\Jarod\Application Data\Mozilla\Firefox\Profiles\default.nzx\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup :mozilla.33:C:\Documents and Settings\Jarod\Application Data\Mozilla\Firefox\Profiles\default.nzx\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup :mozilla.34:C:\Documents and Settings\Jarod\Application Data\Mozilla\Firefox\Profiles\default.nzx\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup :mozilla.35:C:\Documents and Settings\Jarod\Application Data\Mozilla\Firefox\Profiles\default.nzx\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup :mozilla.36:C:\Documents and Settings\Jarod\Application Data\Mozilla\Firefox\Profiles\default.nzx\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup :mozilla.37:C:\Documents and Settings\Jarod\Application Data\Mozilla\Firefox\Profiles\default.nzx\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup :mozilla.38:C:\Documents and Settings\Jarod\Application Data\Mozilla\Firefox\Profiles\default.nzx\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup :mozilla.39:C:\Documents and Settings\Jarod\Application Data\Mozilla\Firefox\Profiles\default.nzx\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup :mozilla.40:C:\Documents and Settings\Jarod\Application Data\Mozilla\Firefox\Profiles\default.nzx\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.41:C:\Documents and Settings\Jarod\Application Data\Mozilla\Firefox\Profiles\default.nzx\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.42:C:\Documents and Settings\Jarod\Application Data\Mozilla\Firefox\Profiles\default.nzx\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.43:C:\Documents and Settings\Jarod\Application Data\Mozilla\Firefox\Profiles\default.nzx\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.44:C:\Documents and Settings\Jarod\Application Data\Mozilla\Firefox\Profiles\default.nzx\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.45:C:\Documents and Settings\Jarod\Application Data\Mozilla\Firefox\Profiles\default.nzx\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.46:C:\Documents and Settings\Jarod\Application Data\Mozilla\Firefox\Profiles\default.nzx\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.47:C:\Documents and Settings\Jarod\Application Data\Mozilla\Firefox\Profiles\default.nzx\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.48:C:\Documents and Settings\Jarod\Application Data\Mozilla\Firefox\Profiles\default.nzx\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.49:C:\Documents and Settings\Jarod\Application Data\Mozilla\Firefox\Profiles\default.nzx\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.50:C:\Documents and Settings\Jarod\Application Data\Mozilla\Firefox\Profiles\default.nzx\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.51:C:\Documents and Settings\Jarod\Application Data\Mozilla\Firefox\Profiles\default.nzx\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.52:C:\Documents and Settings\Jarod\Application Data\Mozilla\Firefox\Profiles\default.nzx\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.53:C:\Documents and Settings\Jarod\Application Data\Mozilla\Firefox\Profiles\default.nzx\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.54:C:\Documents and Settings\Jarod\Application Data\Mozilla\Firefox\Profiles\default.nzx\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.55:C:\Documents and Settings\Jarod\Application Data\Mozilla\Firefox\Profiles\default.nzx\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.56:C:\Documents and Settings\Jarod\Application Data\Mozilla\Firefox\Profiles\default.nzx\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.57:C:\Documents and Settings\Jarod\Application Data\Mozilla\Firefox\Profiles\default.nzx\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.58:C:\Documents and Settings\Jarod\Application Data\Mozilla\Firefox\Profiles\default.nzx\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.59:C:\Documents and Settings\Jarod\

#6 jvonderh

New Member

New Member
7 posts

Posted 23 January 2006 - 10:41 PM

Apparently it would not all fit on one posting: (continued)

:mozilla.59:C:\Documents and Settings\Jarod\Application Data\Mozilla\Firefox\Profiles\default.nzx\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.79:C:\Documents and Settings\Jarod\Application Data\Mozilla\Firefox\Profiles\default.nzx\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.80:C:\Documents and Settings\Jarod\Application Data\Mozilla\Firefox\Profiles\default.nzx\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.81:C:\Documents and Settings\Jarod\Application Data\Mozilla\Firefox\Profiles\default.nzx\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.93:C:\Documents and Settings\Jarod\Application Data\Mozilla\Firefox\Profiles\default.nzx\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.94:C:\Documents and Settings\Jarod\Application Data\Mozilla\Firefox\Profiles\default.nzx\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.95:C:\Documents and Settings\Jarod\Application Data\Mozilla\Firefox\Profiles\default.nzx\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.96:C:\Documents and Settings\Jarod\Application Data\Mozilla\Firefox\Profiles\default.nzx\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.97:C:\Documents and Settings\Jarod\Application Data\Mozilla\Firefox\Profiles\default.nzx\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.98:C:\Documents and Settings\Jarod\Application Data\Mozilla\Firefox\Profiles\default.nzx\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.99:C:\Documents and Settings\Jarod\Application Data\Mozilla\Firefox\Profiles\default.nzx\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.100:C:\Documents and Settings\Jarod\Application Data\Mozilla\Firefox\Profiles\default.nzx\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.101:C:\Documents and Settings\Jarod\Application Data\Mozilla\Firefox\Profiles\default.nzx\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.102:C:\Documents and Settings\Jarod\Application Data\Mozilla\Firefox\Profiles\default.nzx\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.103:C:\Documents and Settings\Jarod\Application Data\Mozilla\Firefox\Profiles\default.nzx\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.104:C:\Documents and Settings\Jarod\Application Data\Mozilla\Firefox\Profiles\default.nzx\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.105:C:\Documents and Settings\Jarod\Application Data\Mozilla\Firefox\Profiles\default.nzx\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.106:C:\Documents and Settings\Jarod\Application Data\Mozilla\Firefox\Profiles\default.nzx\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.107:C:\Documents and Settings\Jarod\Application Data\Mozilla\Firefox\Profiles\default.nzx\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.108:C:\Documents and Settings\Jarod\Application Data\Mozilla\Firefox\Profiles\default.nzx\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.109:C:\Documents and Settings\Jarod\Application Data\Mozilla\Firefox\Profiles\default.nzx\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.110:C:\Documents and Settings\Jarod\Application Data\Mozilla\Firefox\Profiles\default.nzx\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.111:C:\Documents and Settings\Jarod\Application Data\Mozilla\Firefox\Profiles\default.nzx\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.112:C:\Documents and Settings\Jarod\Application Data\Mozilla\Firefox\Profiles\default.nzx\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.113:C:\Documents and Settings\Jarod\Application Data\Mozilla\Firefox\Profiles\default.nzx\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.114:C:\Documents and Settings\Jarod\Application Data\Mozilla\Firefox\Profiles\default.nzx\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.116:C:\Documents and Settings\Jarod\Application Data\Mozilla\Firefox\Profiles\default.nzx\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.118:C:\Documents and Settings\Jarod\Application Data\Mozilla\Firefox\Profiles\default.nzx\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.119:C:\Documents and Settings\Jarod\Application Data\Mozilla\Firefox\Profiles\default.nzx\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.120:C:\Documents and Settings\Jarod\Application Data\Mozilla\Firefox\Profiles\default.nzx\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.121:C:\Documents and Settings\Jarod\Application Data\Mozilla\Firefox\Profiles\default.nzx\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.134:C:\Documents and Settings\Jarod\Application Data\Mozilla\Firefox\Profiles\default.nzx\cookies.txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
:mozilla.146:C:\Documents and Settings\Jarod\Application Data\Mozilla\Firefox\Profiles\default.nzx\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.147:C:\Documents and Settings\Jarod\Application Data\Mozilla\Firefox\Profiles\default.nzx\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.148:C:\Documents and Settings\Jarod\Application Data\Mozilla\Firefox\Profiles\default.nzx\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.151:C:\Documents and Settings\Jarod\Application Data\Mozilla\Firefox\Profiles\default.nzx\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.152:C:\Documents and Settings\Jarod\Application Data\Mozilla\Firefox\Profiles\default.nzx\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.153:C:\Documents and Settings\Jarod\Application Data\Mozilla\Firefox\Profiles\default.nzx\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.154:C:\Documents and Settings\Jarod\Application Data\Mozilla\Firefox\Profiles\default.nzx\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.155:C:\Documents and Settings\Jarod\Application Data\Mozilla\Firefox\Profiles\default.nzx\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.156:C:\Documents and Settings\Jarod\Application Data\Mozilla\Firefox\Profiles\default.nzx\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.158:C:\Documents and Settings\Jarod\Application Data\Mozilla\Firefox\Profiles\default.nzx\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.159:C:\Documents and Settings\Jarod\Application Data\Mozilla\Firefox\Profiles\default.nzx\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.218:C:\Documents and Settings\Jarod\Application Data\Mozilla\Firefox\Profiles\default.nzx\cookies.txt -> Spyware.Cookie.Bfast : Cleaned with backup
:mozilla.229:C:\Documents and Settings\Jarod\Application Data\Mozilla\Firefox\Profiles\default.nzx\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.232:C:\Documents and Settings\Jarod\Application Data\Mozilla\Firefox\Profiles\default.nzx\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.233:C:\Documents and Settings\Jarod\Application Data\Mozilla\Firefox\Profiles\default.nzx\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.239:C:\Documents and Settings\Jarod\Application Data\Mozilla\Firefox\Profiles\default.nzx\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.240:C:\Documents and Settings\Jarod\Application Data\Mozilla\Firefox\Profiles\default.nzx\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.241:C:\Documents and Settings\Jarod\Application Data\Mozilla\Firefox\Profiles\default.nzx\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.257:C:\Documents and Settings\Jarod\Application Data\Mozilla\Firefox\Profiles\default.nzx\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.258:C:\Documents and Settings\Jarod\Application Data\Mozilla\Firefox\Profiles\default.nzx\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.259:C:\Documents and Settings\Jarod\Application Data\Mozilla\Firefox\Profiles\default.nzx\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.260:C:\Documents and Settings\Jarod\Application Data\Mozilla\Firefox\Profiles\default.nzx\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.261:C:\Documents and Settings\Jarod\Application Data\Mozilla\Firefox\Profiles\default.nzx\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.262:C:\Documents and Settings\Jarod\Application Data\Mozilla\Firefox\Profiles\default.nzx\cookies.txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
:mozilla.263:C:\Documents and Settings\Jarod\Application Data\Mozilla\Firefox\Profiles\default.nzx\cookies.txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
:mozilla.264:C:\Documents and Settings\Jarod\Application Data\Mozilla\Firefox\Profiles\default.nzx\cookies.txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
:mozilla.30:C:\Documents and Settings\Jarod\Application Data\Mozilla\Firefox\Profiles\Default User\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.31:C:\Documents and Settings\Jarod\Application Data\Mozilla\Firefox\Profiles\Default User\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.32:C:\Documents and Settings\Jarod\Application Data\Mozilla\Firefox\Profiles\Default User\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.38:C:\Documents and Settings\Jarod\Application Data\Mozilla\Firefox\Profiles\Default User\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.39:C:\Documents and Settings\Jarod\Application Data\Mozilla\Firefox\Profiles\Default User\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.40:C:\Documents and Settings\Jarod\Application Data\Mozilla\Firefox\Profiles\Default User\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.41:C:\Documents and Settings\Jarod\Application Data\Mozilla\Firefox\Profiles\Default User\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.46:C:\Documents and Settings\Jarod\Application Data\Mozilla\Firefox\Profiles\Default User\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.47:C:\Documents and Settings\Jarod\Application Data\Mozilla\Firefox\Profiles\Default User\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.48:C:\Documents and Settings\Jarod\Application Data\Mozilla\Firefox\Profiles\Default User\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.49:C:\Documents and Settings\Jarod\Application Data\Mozilla\Firefox\Profiles\Default User\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.50:C:\Documents and Settings\Jarod\Application Data\Mozilla\Firefox\Profiles\Default User\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.56:C:\Documents and Settings\Jarod\Application Data\Mozilla\Firefox\Profiles\Default User\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.57:C:\Documents and Settings\Jarod\Application Data\Mozilla\Firefox\Profiles\Default User\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
:mozilla.85:C:\Documents and Settings\Jarod\Application Data\Mozilla\Firefox\Profiles\Default User\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.86:C:\Documents and Settings\Jarod\Application Data\Mozilla\Firefox\Profiles\Default User\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.87:C:\Documents and Settings\Jarod\Application Data\Mozilla\Firefox\Profiles\Default User\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.88:C:\Documents and Settings\Jarod\Application Data\Mozilla\Firefox\Profiles\Default User\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.89:C:\Documents and Settings\Jarod\Application Data\Mozilla\Firefox\Profiles\Default User\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.90:C:\Documents and Settings\Jarod\Application Data\Mozilla\Firefox\Profiles\Default User\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.91:C:\Documents and Settings\Jarod\Application Data\Mozilla\Firefox\Profiles\Default User\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.92:C:\Documents and Settings\Jarod\Application Data\Mozilla\Firefox\Profiles\Default User\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.93:C:\Documents and Settings\Jarod\Application Data\Mozilla\Firefox\Profiles\Default User\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.94:C:\Documents and Settings\Jarod\Application Data\Mozilla\Firefox\Profiles\Default User\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.95:C:\Documents and Settings\Jarod\Application Data\Mozilla\Firefox\Profiles\Default User\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.96:C:\Documents and Settings\Jarod\Application Data\Mozilla\Firefox\Profiles\Default User\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.97:C:\Documents and Settings\Jarod\Application Data\Mozilla\Firefox\Profiles\Default User\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.98:C:\Documents and Settings\Jarod\Application Data\Mozilla\Firefox\Profiles\Default User\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.99:C:\Documents and Settings\Jarod\Application Data\Mozilla\Firefox\Profiles\Default User\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.100:C:\Documents and Settings\Jarod\Application Data\Mozilla\Firefox\Profiles\Default User\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.101:C:\Documents and Settings\Jarod\Application Data\Mozilla\Firefox\Profiles\Default User\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.103:C:\Documents and Settings\Jarod\Application Data\Mozilla\Firefox\Profiles\Default User\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.104:C:\Documents and Settings\Jarod\Application Data\Mozilla\Firefox\Profiles\Default User\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.105:C:\Documents and Settings\Jarod\Application Data\Mozilla\Firefox\Profiles\Default User\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.107:C:\Documents and Settings\Jarod\Application Data\Mozilla\Firefox\Profiles\Default User\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.108:C:\Documents and Settings\Jarod\Application Data\Mozilla\Firefox\Profiles\Default User\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.109:C:\Documents and Settings\Jarod\Application Data\Mozilla\Firefox\Profiles\Default User\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.110:C:\Documents and Settings\Jarod\Application Data\Mozilla\Firefox\Profiles\Default User\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.111:C:\Documents and Settings\Jarod\Application Data\Mozilla\Firefox\Profiles\Default User\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.112:C:\Documents and Settings\Jarod\Application Data\Mozilla\Firefox\Profiles\Default User\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.113:C:\Documents and Settings\Jarod\Application Data\Mozilla\Firefox\Profiles\Default User\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.114:C:\Documents and Settings\Jarod\Application Data\Mozilla\Firefox\Profiles\Default User\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.115:C:\Documents and Settings\Jarod\Application Data\Mozilla\Firefox\Profiles\Default User\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.116:C:\Documents and Settings\Jarod\Application Data\Mozilla\Firefox\Profiles\Default User\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.117:C:\Documents and Settings\Jarod\Application Data\Mozilla\Firefox\Profiles\Default User\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.139:C:\Documents and Settings\Jarod\Application Data\Mozilla\Firefox\Profiles\Default User\cookies.txt -> Spyware.Cookie.Coremetrics : Cleaned with backup
:mozilla.143:C:\Documents and Settings\Jarod\Application Data\Mozilla\Firefox\Profiles\Default User\cookies.txt -> Spyware.Cookie.Addynamix : Cleaned with backup
:mozilla.145:C:\Documents and Settings\Jarod\Application Data\Mozilla\Firefox\Profiles\Default User\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.146:C:\Documents and Settings\Jarod\Application Data\Mozilla\Firefox\Profiles\Default User\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.148:C:\Documents and Settings\Jarod\Application Data\Mozilla\Firefox\Profiles\Default User\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.149:C:\Documents and Settings\Jarod\Application Data\Mozilla\Firefox\Profiles\Default User\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.150:C:\Documents and Settings\Jarod\Application Data\Mozilla\Firefox\Profiles\Default User\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.151:C:\Documents and Settings\Jarod\Application Data\Mozilla\Firefox\Profiles\Default User\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.152:C:\Documents and Settings\Jarod\Application Data\Mozilla\Firefox\Profiles\Default User\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.153:C:\Documents and Settings\Jarod\Application Data\Mozilla\Firefox\Profiles\Default User\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.156:C:\Documents and Settings\Jarod\Application Data\Mozilla\Firefox\Profiles\Default User\cookies.txt -> Spyware.Cookie.Bfast : Cleaned with backup
:mozilla.162:C:\Documents and Settings\Jarod\Application Data\Mozilla\Firefox\Profiles\Default User\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.163:C:\Documents and Settings\Jarod\Application Data\Mozilla\Firefox\Profiles\Default User\cookies.txt -> Spyware.Cookie.Qksrv : Cleaned with backup
:mozilla.164:C:\Documents and Settings\Jarod\Application Data\Mozilla\Firefox\Profiles\Default User\cookies.txt -> Spyware.Cookie.Qksrv : Cleaned with backup
:mozilla.177:C:\Documents and Settings\Jarod\Application Data\Mozilla\Firefox\Profiles\Default User\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.183:C:\Documents and Settings\Jarod\Application Data\Mozilla\Firefox\Profiles\Default User\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.184:C:\Documents and Settings\Jarod\Application Data\Mozilla\Firefox\Profiles\Default User\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.187:C:\Documents and Settings\Jarod\Application Data\Mozilla\Firefox\Profiles\Default User\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.188:C:\Documents and Settings\Jarod\Application Data\Mozilla\Firefox\Profiles\Default User\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.201:C:\Documents and Settings\Jarod\Application Data\Mozilla\Firefox\Profiles\Default User\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.205:C:\Documents and Settings\Jarod\Application Data\Mozilla\Firefox\Profiles\Default User\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.214:C:\Documents and Settings\Jarod\Application Data\Mozilla\Firefox\Profiles\Default User\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.220:C:\Documents and Settings\Jarod\Application Data\Mozilla\Firefox\Profiles\Default User\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.221:C:\Documents and Settings\Jarod\Application Data\Mozilla\Firefox\Profiles\Default User\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.225:C:\Documents and Settings\Jarod\Application Data\Mozilla\Firefox\Profiles\Default User\cookies.txt -> Spyware.Cookie.Onestat : Cleaned with backup
:mozilla.226:C:\Documents and Settings\Jarod\Application Data\Mozilla\Firefox\Profiles\Default User\cookies.txt -> Spyware.Cookie.Onestat : Cleaned with backup
:mozilla.10:C:\Documents and Settings\Jarod\Application Data\Mozilla\Profiles\default\jn9tzonm.slt\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.12:C:\Documents and Settings\Jarod\Application Data\Mozilla\Profiles\default\jn9tzonm.slt\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.17:C:\Documents and Settings\Jarod\Application Data\Mozilla\Profiles\default\jn9tzonm.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.18:C:\Documents and Settings\Jarod\Application Data\Mozilla\Profiles\default\jn9tzonm.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.19:C:\Documents and Settings\Jarod\Application Data\Mozilla\Profiles\default\jn9tzonm.slt\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.20:C:\Documents and Settings\Jarod\Application Data\Mozilla\Profiles\default\jn9tzonm.slt\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.21:C:\Documents and Settings\Jarod\Application Data\Mozilla\Profiles\default\jn9tzonm.slt\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.22:C:\Documents and Settings\Jarod\Application Data\Mozilla\Profiles\default\jn9tzonm.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.23:C:\Documents and Settings\Jarod\Application Data\Mozilla\Profiles\default\jn9tzonm.slt\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.24:C:\Documents and Settings\Jarod\Application Data\Mozilla\Profiles\default\jn9tzonm.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.25:C:\Documents and Settings\Jarod\Application Data\Mozilla\Profiles\default\jn9tzonm.slt\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
:mozilla.26:C:\Documents and Settings\Jarod\Application Data\Mozilla\Profiles\default\jn9tzonm.slt\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\Jarod\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\BlackBox.class-51482cd5-7cb7dc3a.class -> Trojan.ClassLoader.c : Cleaned with backup
C:\Documents and Settings\Jarod\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\Dummy.class-321c0313-4859496f.class -> Trojan.ClassLoader.Dummy.d : Cleaned with backup
C:\Documents and Settings\Jarod\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\VerifierBug.class-5f18e8e9-1620b2b1.class -> Trojan.Byteverify : Cleaned with backup
C:\Documents and Settings\Jarod\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\BlackBox.class-4076fba6-15727135.class -> Trojan.ClassLoader.c : Cleaned with backup
C:\Documents and Settings\Jarod\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\Dummy.class-2a813648-7d99bb79.class -> Trojan.ClassLoader.Dummy.d : Cleaned with backup
C:\Documents and Settings\Jarod\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\VerifierBug.class-3d9b269e-67dc37f7.class -> Trojan.Byteverify : Cleaned with backup
C:\Documents and Settings\Jarod\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\BlackBox.class-6c6d9966-29ebd3bd.class -> Trojan.Java.ClassLoader.f : Cleaned with backup
C:\Documents and Settings\Jarod\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\Dummy.class-50ce8e10-52208a90.class -> Trojan.ClassLoader.Dummy.d : Cleaned with backup
C:\Documents and Settings\Jarod\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\VerifierBug.class-37171b66-1ba16be1.class -> Trojan.Byteverify : Cleaned with backup
C:\Documents and Settings\Jarod\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\BlackBox.class-6b73bdc9-47dc29e0.class -> Trojan.Java.ClassLoader.f : Cleaned with backup
C:\Documents and Settings\Jarod\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\Dummy.class-b527c8d-39ff464d.class -> Trojan.ClassLoader.Dummy.d : Cleaned with backup
C:\Documents and Settings\Jarod\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\VerifierBug.class-22db7823-48ccc64c.class -> Trojan.Byteverify : Cleaned with backup
C:\Documents and Settings\Jarod\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\Counter.class-6a63ebcb-4d824cdb.class -> Trojan.Femad : Cleaned with backup
C:\Documents and Settings\Jarod\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\BlackBox.class-3547ef9-64fee4ea.class -> Trojan.ClassLoader.c : Cleaned with backup
C:\Documents and Settings\Jarod\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\Dummy.class-7a27028f-23b6a2af.class -> Trojan.ClassLoader.Dummy.d : Cleaned with backup
C:\Documents and Settings\Jarod\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\VerifierBug.class-1170765-373d961f.class -> Trojan.Byteverify : Cleaned with backup
C:\Documents and Settings\Jarod\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\Gummy.class-1b556e7a-3cc26f83.class -> Trojan.Java.Femad : Cleaned with backup
C:\Documents and Settings\Jarod\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\BlackBox.class-73b5bf49-72cf3c93.class -> Trojan.ClassLoader.c : Cleaned with backup
C:\Documents and Settings\Jarod\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\Dummy.class-67883689-6e01caf4.class -> Trojan.ClassLoader.Dummy.d : Cleaned with backup
C:\Documents and Settings\Jarod\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\VerifierBug.class-1413d39f-57f3994a.class -> Trojan.Byteverify : Cleaned with backup
C:\Documents and Settings\Jarod\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\BlackBox.class-1b82546-3f4b5194.class -> Trojan.ClassLoader.c : Cleaned with backup
C:\Documents and Settings\Jarod\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\Dummy.class-41eed9ac-6123cf32.class -> Trojan.ClassLoader.Dummy.d : Cleaned with backup
C:\Documents and Settings\Jarod\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\VerifierBug.class-5d2e5082-2ef7494a.class -> Trojan.Byteverify : Cleaned with backup
C:\Documents and Settings\Jarod\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\VerifierBug.class-c45e28d-498f4797.class -> Trojan.Java.Femad : Cleaned with backup
C:\Documents and Settings\Jarod\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\BlackBox.class-682b5945-7eda5ed5.class -> Trojan.ClassLoader.c : Cleaned with backup
C:\Documents and Settings\Jarod\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\Dummy.class-68163b6d-271e19e3.class -> Trojan.ClassLoader.Dummy.d : Cleaned with backup
C:\Documents and Settings\Jarod\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\VerifierBug.class-7b08a183-2bbc4497.class -> Trojan.Byteverify : Cleaned with backup
C:\System Volume Information\_restore{A097682F-EE0B-4F99-90A5-FF1D8319296E}\RP333\A0046095.exe -> Spyware.Wintools : Cleaned with backup
C:\System Volume Information\_restore{A097682F-EE0B-4F99-90A5-FF1D8319296E}\RP333\A0046096.exe -> Spyware.Wintools : Cleaned with backup
C:\System Volume Information\_restore{A097682F-EE0B-4F99-90A5-FF1D8319296E}\RP333\A0046101.exe -> Spyware.Wintools : Cleaned with backup
C:\System Volume Information\_restore{A097682F-EE0B-4F99-90A5-FF1D8319296E}\RP333\A0046102.dll -> Downloader.Agent.abe : Cleaned with backup
C:\System Volume Information\_restore{A097682F-EE0B-4F99-90A5-FF1D8319296E}\RP333\A0046106.exe -> Spyware.Wintools : Cleaned with backup
C:\System Volume Information\_restore{A097682F-EE0B-4F99-90A5-FF1D8319296E}\RP333\A0046107.exe -> Spyware.FindSpy : Cleaned with backup
C:\System Volume Information\_restore{A097682F-EE0B-4F99-90A5-FF1D8319296E}\RP333\A0046108.exe -> Downloader.Small.bgv : Cleaned with backup
C:\System Volume Information\_restore{A097682F-EE0B-4F99-90A5-FF1D8319296E}\RP333\A0046109.EXE -> Downloader.Agent.td : Cleaned with backup
C:\System Volume Information\_restore{A097682F-EE0B-4F99-90A5-FF1D8319296E}\RP333\A0047124.dll -> Downloader.Agent.bc : Cleaned with backup
C:\System Volume Information\_restore{A097682F-EE0B-4F99-90A5-FF1D8319296E}\RP333\A0047125.dll -> Downloader.Agent.bc : Cleaned with backup
C:\System Volume Information\_restore{A097682F-EE0B-4F99-90A5-FF1D8319296E}\RP333\A0047126.dll -> Downloader.Agent.bc : Cleaned with backup
C:\System Volume Information\_restore{A097682F-EE0B-4F99-90A5-FF1D8319296E}\RP333\A0047127.dll -> Downloader.Agent.bc : Cleaned with backup
C:\System Volume Information\_restore{A097682F-EE0B-4F99-90A5-FF1D8319296E}\RP333\A0047128.dll -> Downloader.Agent.bc : Cleaned with backup
C:\System Volume Information\_restore{A097682F-EE0B-4F99-90A5-FF1D8319296E}\RP333\A0047129.dll -> Downloader.Agent.bc : Cleaned with backup
C:\System Volume Information\_restore{A097682F-EE0B-4F99-90A5-FF1D8319296E}\RP333\A0047130.dll -> Downloader.Agent.bc : Cleaned with backup
C:\System Volume Information\_restore{A097682F-EE0B-4F99-90A5-FF1D8319296E}\RP333\A0047131.dll -> Downloader.Agent.bc : Cleaned with backup
C:\System Volume Information\_restore{A097682F-EE0B-4F99-90A5-FF1D8319296E}\RP333\A0047132.dll -> Downloader.Agent.bc : Cleaned with backup
C:\System Volume Information\_restore{A097682F-EE0B-4F99-90A5-FF1D8319296E}\RP333\A0047133.dll -> Downloader.Agent.bc : Cleaned with backup
C:\System Volume Information\_restore{A097682F-EE0B-4F99-90A5-FF1D8319296E}\RP333\A0047134.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{A097682F-EE0B-4F99-90A5-FF1D8319296E}\RP333\A0047135.dll -> Hijacker.Small : Cleaned with backup
C:\System Volume Information\_restore{A097682F-EE0B-4F99-90A5-FF1D8319296E}\RP333\A0047136.dll -> Hijacker.Small : Cleaned with backup
C:\System Volume Information\_restore{A097682F-EE0B-4F99-90A5-FF1D8319296E}\RP333\A0047137.dll -> Hijacker.Small : Cleaned with backup
C:\System Volume Information\_restore{A097682F-EE0B-4F99-90A5-FF1D8319296E}\RP333\A0047138.dll -> Hijacker.Small : Cleaned with backup
C:\System Volume Information\_restore{A097682F-EE0B-4F99-90A5-FF1D8319296E}\RP333\A0047139.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{A097682F-EE0B-4F99-90A5-FF1D8319296E}\RP333\A0047140.dll -> Hijacker.Small : Cleaned with backup
C:\System Volume Information\_restore{A097682F-EE0B-4F99-90A5-FF1D8319296E}\RP333\A0047141.dll -> Hijacker.Small : Cleaned with backup
C:\System Volume Information\_restore{A097682F-EE0B-4F99-90A5-FF1D8319296E}\RP333\A0047142.dll -> Hijacker.Small : Cleaned with backup
C:\System Volume Information\_restore{A097682F-EE0B-4F99-90A5-FF1D8319296E}\RP333\A0047143.dll -> Hijacker.Small : Cleaned with backup
C:\System Volume Information\_restore{A097682F-EE0B-4F99-90A5-FF1D8319296E}\RP333\A0047144.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{A097682F-EE0B-4F99-90A5-FF1D8319296E}\RP333\A0047145.dll -> Hijacker.Small : Cleaned with backup
C:\System Volume Information\_restore{A097682F-EE0B-4F99-90A5-FF1D8319296E}\RP333\A0047146.dll -> Hijacker.Small : Cleaned with backup
C:\System Volume Information\_restore{A097682F-EE0B-4F99-90A5-FF1D8319296E}\RP333\A0047147.dll -> Hijacker.Small : Cleaned with backup
C:\System Volume Information\_restore{A097682F-EE0B-4F99-90A5-FF1D8319296E}\RP333\A0047148.dll -> Hijacker.Small : Cleaned with backup
C:\System Volume Information\_restore{A097682F-EE0B-4F99-90A5-FF1D8319296E}\RP333\A0047149.dll -> Hijacker.Small : Cleaned with backup
C:\System Volume Information\_restore{A097682F-EE0B-4F99-90A5-FF1D8319296E}\RP333\A0047150.dll -> Hijacker.Small : Cleaned with backup
C:\System Volume Information\_restore{A097682F-EE0B-4F99-90A5-FF1D8319296E}\RP333\A0047151.exe -> Downloader.Agent.td : Cleaned with backup
C:\System Volume Information\_restore{A097682F-EE0B-4F99-90A5-FF1D8319296E}\RP333\A0047152.exe -> Downloader.Agent.td : Cleaned with backup
C:\System Volume Information\_restore{A097682F-EE0B-4F99-90A5-FF1D8319296E}\RP333\A0047153.exe -> Downloader.Agent.td : Cleaned with backup
C:\System Volume Information\_restore{A097682F-EE0B-4F99-90A5-FF1D8319296E}\RP333\A0047154.exe -> Downloader.Agent.td : Cleaned with backup
C:\System Volume Information\_restore{A097682F-EE0B-4F99-90A5-FF1D8319296E}\RP333\A0047155.exe -> Downloader.Agent.td : Cleaned with backup
C:\System Volume Information\_restore{A097682F-EE0B-4F99-90A5-FF1D8319296E}\RP333\A0047156.exe -> Downloader.Agent.td : Cleaned with backup
C:\System Volume Information\_restore{A097682F-EE0B-4F99-90A5-FF1D8319296E}\RP333\A0047157.dll -> Hijacker.Small : Cleaned with backup
C:\System Volume Information\_restore{A097682F-EE0B-4F99-90A5-FF1D8319296E}\RP333\A0047158.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{A097682F-EE0B-4F99-90A5-FF1D8319296E}\RP333\A0047159.exe -> Downloader.Agent.td : Cleaned with backup
C:\System Volume Information\_restore{A097682F-EE0B-4F99-90A5-FF1D8319296E}\RP333\A0047160.exe -> Downloader.Agent.td : Cleaned with backup
C:\System Volume Information\_restore{A097682F-EE0B-4F99-90A5-FF1D8319296E}\RP333\A0047161.exe -> Downloader.Agent.td : Cleaned with backup
C:\System Volume Information\_restore{A097682F-EE0B-4F99-90A5-FF1D8319296E}\RP333\A0047162.exe -> Downloader.Agent.td : Cleaned with backup
C:\System Volume Information\_restore{A097682F-EE0B-4F99-90A5-FF1D8319296E}\RP333\A0047163.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{A097682F-EE0B-4F99-90A5-FF1D8319296E}\RP333\A0047165.dll -> Hijacker.Small : Cleaned with backup
C:\System Volume Information\_restore{A097682F-EE0B-4F99-90A5-FF1D8319296E}\RP333\A0047166.dll -> Hijacker.Small : Cleaned with backup
C:\System Volume Information\_restore{A097682F-EE0B-4F99-90A5-FF1D8319296E}\RP333\A0047167.exe -> Downloader.Agent.td : Cleaned with backup
C:\System Volume Information\_restore{A097682F-EE0B-4F99-90A5-FF1D8319296E}\RP333\A0047169.exe -> Downloader.Agent.td : Cleaned with backup
C:\System Volume Information\_restore{A097682F-EE0B-4F99-90A5-FF1D8319296E}\RP333\A0047170.exe -> Downloader.Agent.td : Cleaned with backup
C:\System Volume Information\_restore{A097682F-EE0B-4F99-90A5-FF1D8319296E}\RP333\A0047171.exe -> Downloader.Agent.td : Cleaned with backup
C:\System Volume Information\_restore{A097682F-EE0B-4F99-90A5-FF1D8319296E}\RP333\A0047172.exe -> Downloader.Agent.td : Cleaned with backup
C:\System Volume Information\_restore{A097682F-EE0B-4F99-90A5-FF1D8319296E}\RP333\A0047173.exe -> Downloader.Agent.td : Cleaned with backup
C:\System Volume Information\_restore{A097682F-EE0B-4F99-90A5-FF1D8319296E}\RP333\A0047174.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{A097682F-EE0B-4F99-90A5-FF1D8319296E}\RP333\A0047175.dll -> Hijacker.Small : Cleaned with backup
C:\System Volume Information\_restore{A097682F-EE0B-4F99-90A5-FF1D8319296E}\RP333\A0047176.dll -> Hijacker.Small : Cleaned with backup
C:\System Volume Information\_restore{A097682F-EE0B-4F99-90A5-FF1D8319296E}\RP333\A0047177.dll -> Downloader.Agent.td : Cleaned with backup
C:\System Volume Information\_restore{A097682F-EE0B-4F99-90A5-FF1D8319296E}\RP333\A0047178.dll -> Hijacker.Small : Cleaned with backup
C:\WINDOXP\system32\winupd.exe -> Dropper.Small.ig : Cleaned with backup
C:\WINDOXP\system32\ADV.dll -> Spyware.Tubby : Cleaned with backup
C:\WINDOXP\system32\newdevin.exe -> Spyware.BookedSpace.c : Cleaned with backup
C:\WINDOXP\system32\06wu29rd.exe -> Spyware.F1Organizer : Cleaned with backup
C:\WINDOXP\system32\ldr962.dll -> Downloader.Small.cat : Cleaned with backup
C:\WINDOXP\system32\ldr48.dll -> Downloader.Small.cat : Cleaned with backup
C:\WINDOXP\system32\run483.exe -> Downloader.Small.cat : Cleaned with backup
C:\WINDOXP\system32\ldr376.dll -> Downloader.Small.cat : Cleaned with backup
C:\WINDOXP\system32\upd463.exe -> Downloader.Small.bgv : Cleaned with backup
C:\WINDOXP\system32\upd34.exe -> Dropper.Agent.ii : Cleaned with backup
C:\WINDOXP\system32\in10b6s.dll -> Dropper.Mudrop.m : Cleaned with backup
C:\WINDOXP\system32\upd482.exe -> Downloader.Agent.zx : Cleaned with backup
C:\WINDOXP\system32\oleext.dll -> Trojan.Small.ev : Cleaned with backup
C:\WINDOXP\system32\upd629.exe -> Downloader.Small.bgv : Cleaned with backup
C:\WINDOXP\system32\mspostsp.exe -> Trojan.Inject.i : Cleaned with backup
C:\WINDOXP\system32\ll.exe -> Proxy.Lager.f : Cleaned with backup
C:\WINDOXP\system32\upd302.exe -> Dropper.Agent.ii : Cleaned with backup
C:\WINDOXP\system32\upd459.exe -> Downloader.Agent.zx : Cleaned with backup
C:\WINDOXP\system32\upd315.exe -> Downloader.Agent.zx : Cleaned with backup
C:\WINDOXP\system32\srpcsrv32.dll -> Downloader.Adload.g : Cleaned with backup
C:\WINDOXP\system32\sywsvcs.exe -> Proxy.Lager.f : Cleaned with backup
C:\WINDOXP\system32\Nmojhn32.exe -> Backdoor.Padodor.ax : Cleaned with backup
C:\WINDOXP\system32\666.exe -> Downloader.Small : Cleaned with backup
C:\WINDOXP\system32\upd768.exe -> Downloader.Small.bgv : Cleaned with backup
C:\WINDOXP\system32\upd956.exe -> Downloader.Small.bpz : Cleaned with backup
C:\WINDOXP\system32\sdfdil.exe -> Trojan.Dialer.ay : Cleaned with backup
C:\WINDOXP\system32\dial32.exe -> Trojan.Dialer.ay : Cleaned with backup
C:\WINDOXP\system32\upd355.exe -> Downloader.Small.bpz : Cleaned with backup
C:\WINDOXP\system32\upd86.exe -> Downloader.Small.bpz : Cleaned with backup
C:\WINDOXP\system32\Lcaejljd.dll -> Backdoor.Padodor : Cleaned with backup
C:\WINDOXP\system32\winctrl64.exe -> Downloader.Small.awa : Cleaned with backup
C:\WINDOXP\system32\SplWbr.dll -> Dropper.Mudrop.m : Cleaned with backup
C:\WINDOXP\system32\ezPopStub.exe -> Adware.eZula : Cleaned with backup
C:\WINDOXP\system32\bbchk.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\WINDOXP\system32\k404SearchSetup_MS14.exe -> Spyware.404Search : Cleaned with backup
C:\WINDOXP\system32\winctrl16.exe -> Downloader.Small : Cleaned with backup
C:\WINDOXP\system32\dun.exe -> Spyware.DealHelper : Cleaned with backup
C:\WINDOXP\system32\Royzar.exe -> Spyware.DealHelper : Cleaned with backup
C:\WINDOXP\system32\HookPopup.dll -> Spyware.DealHelper : Cleaned with backup
C:\WINDOXP\systb.exe/systb.dll -> Spyware.ImiBar : Error during cleaning
C:\WINDOXP\Downloaded Program Files\WebP2PInstaller.dll -> Downloader.WebP2PInstaller : Cleaned with backup
C:\WINDOXP\Downloaded Program Files\gsda.dll -> Dialer.Generic : Cleaned with backup
C:\WINDOXP\bsx32 -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOXP\bsx32\OPPR3.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOXP\bsx32\XTFL2.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOXP\bsx32\ADVC5.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOXP\bsx32\FINC5.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOXP\bsx32\ADVCTX2.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOXP\bsx32\ADBN3.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOXP\bsx32\TMP3.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOXP\bsx32\INK1.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOXP\bsx32\ASIR21184.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOXP\bsx32\ASIPF1965.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOXP\bsx32\SPZ3.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOXP\bsx32\BID1.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOXP\bsx32\BingoRoom1.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOXP\bsx32\MOVS2.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOXP\bsx32\CASH2.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOXP\bsx32\HERBS1.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOXP\bsx32\ADTMI1.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOXP\bsx32\CARD2.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOXP\bsx32\EML1.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOXP\bsx32\ASIS24110.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOXP\bsx32\ASIS31590.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOXP\bsx32\TRVL6.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOXP\bsx32\HOGAR3.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOXP\bsx32\HEBE3.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOXP\bsx32\FINC3.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOXP\bsx32\UTONE2.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOXP\bsx32\EECH1.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOXP\bsx32\MORT4.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOXP\bsx32\FMND1.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOXP\bsx32\ASIRE20082.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOXP\bsx32\FLWR1.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOXP\bsx32\DATE4.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOXP\bsx32\FAST1.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOXP\bsx32\JOBS4.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOXP\bsx32\CARS3.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOXP\bsx32\ASIT26116.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOXP\bsx32\AUTOS2.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOXP\bsx32\ASIW11211.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOXP\bsx32\ASIWS3.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOXP\bsx32\VENUE1.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOXP\bsx32\NEWS2.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOXP\bsx32\SHOP2.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOXP\bsx32\TECH2.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOXP\bsx32\ASIOT25456.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOXP\bsx32\ASIOG19375.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOXP\bsx32\ASIM9740.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOXP\bsx32\ASILS29399.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOXP\bsx32\ASIL18549.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOXP\bsx32\ASII21469.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOXP\bsx32\ASIH7853.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOXP\bsx32\ASIH21180.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOXP\bsx32\ASIGT10102.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOXP\bsx32\ASIG21943.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOXP\bsx32\ASIFWH29233.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOXP\bsx32\ASIF4502.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOXP\bsx32\ASIFA15376.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOXP\bsx32\ASIF29819.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOXP\bsx32\ASIE17070.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOXP\bsx32\ASID12180.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOXP\bsx32\ASIC29667.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOXP\bsx32\ASIB9894.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOXP\bsx32\ASIT17011.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOXP\bsx32\ASIM4381.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOXP\bsx32\WWW3.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOXP\woinstall.exe -> Adware.eZula : Cleaned with backup
C:\WINDOXP\wsem301.dll -> Downloader.Dyfuca.dd : Cleaned with backup
C:\WINDOXP\localNRD.dll -> Spyware.BiSpy : Cleaned with backup
C:\WINDOXP\preInsln.exe -> Spyware.BiSpy : Cleaned with backup
C:\WINDOXP\bbchk.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\WINDOXP\multimpp.dll -> Spyware.BiSpy : Cleaned with backup
C:\WINDOXP\preInMPP.exe -> Spyware.BiSpy : Cleaned with backup
C:\WINDOXP\desktop.html -> Hijacker.Generic : Cleaned with backup

::Report End

Here is the new Hijackthis log:

Logfile of HijackThis v1.99.1
Scan saved at 10:27:33 PM, on 1/23/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOXP\System32\smss.exe
C:\WINDOXP\system32\winlogon.exe
C:\WINDOXP\system32\services.exe
C:\WINDOXP\system32\lsass.exe
C:\WINDOXP\system32\svchost.exe
C:\WINDOXP\System32\svchost.exe
C:\WINDOXP\Explorer.EXE
C:\WINDOXP\system32\spoolsv.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOXP\system32\wuauclt.exe
C:\Documents and Settings\Jarod\Desktop\Hijackthis\HijackThis.exe

O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\ycomp5_5_5_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Cls - {CF021F40-3E14-23A5-CBA2-717765725760} - C:\WINDOXP\system32\wer5760.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\ycomp5_5_5_0.dll
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Aous] "C:\Program Files\csnu\sslp.exe" -vt mtx
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windup...e/bridge-c9.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...nst20040510.cab
O20 - Winlogon Notify: msupdate - msupdate32.dll (file missing)
O21 - SSODL: Internet Explorer - {F28A40D7-AD0E-034A-C651-5F0ED76232E6} - C:\WINDOXP\system32\Lcaejljd.dll (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe

#7 FZWG

R.I.P My Friend

Validating
569 posts

Posted 24 January 2006 - 02:53 PM

Much better!!

Run HijackThis once again, and Scan
Check box for:

O2 - BHO: Cls - {CF021F40-3E14-23A5-CBA2-717765725760} - C:\WINDOXP\system32\wer5760.dll

O4 - HKCU\..\Run: [Aous] "C:\Program Files\csnu\sslp.exe" -vt mtx

O20 - Winlogon Notify: msupdate - msupdate32.dll (file missing)

O21 - SSODL: Internet Explorer - {F28A40D7-AD0E-034A-C651-5F0ED76232E6} - C:\WINDOXP\system32\Lcaejljd.dll (file missing)

Select: Fix Checked

Reboot to Safe Mode.

Search for and remove the following folder (bold):
C:\Program Files\csnu

Copy all the files below (CTRL+C) and paste (CTRL+V) them to Notepad
(Start > Programs > Accessories > Notepad):

C:\WINDOXP\system32\wer5760.dll
C:\WINDOXP\system32\Lcaejljd.dll
C:\WINDOWS\SYSTEM32\biC.exe/bi dll
C:\WINDOWS\SYSTEM32\biC.exe/biprep.exe
C:\WINDOWS\systb.exe/systb.dll

Double-click on Killbox.exe to run it.
At the main screen of KillBox, select the option: Delete on Reboot
Open the Notepad file saved earlier and copy the files to the clipboard
(Highlight all (Ctrl+A) and Copy (Ctrl+C).

In Killbox, go to the File menu, and choose: Paste from Clipboard
Then select: All Files (button)
Now, press the button with a red circle and a white X (Delete File button)
KillBox will alert you the files will be deleted on next reboot, click Yes
When asked to Reboot, select Yes

Run a Panda online ActiveScan
http://www.pandasoft.../activescan.htm

On the top right go to: Free Use ActiveScan
Select: Free online virus scan

In the prompt that appears: Panda ActiveScan, select the green button: Check Now! At no cost.

Follow the prompts, provide the required info, select: Scan Now!
Allow the ActiveX download.

Select a device to scan: Local Disks

Next, select: See Report
Then select, Save Report and save to a location where you can find the report.

Last, run HijackThis and Scan.

Please provide the ActiveScan report and a new HijackThis log in your response.

"June, 2007 Farethee Well"

#8 jvonderh

New Member

New Member
7 posts

Posted 24 January 2006 - 10:13 PM

ActiveScan report: Incident Status Location Adware:Adware/BuddyLinks Not disinfected C:\WINDOWS\Application Data\eshe.exe Adware:Adware/PurityScan Not disinfected C:\WINDOWS\SYSTEM32\ncdtyn.dll Adware:Adware/eZula Not disinfected C:\WINDOWS\SYSTEM32\ezstub.exe Adware:Adware/Exact.SearchBar Not disinfected C:\WINDOWS\SYSTEM32\exul.exe Adware:Adware/Transponder Not disinfected C:\WINDOWS\SYSTEM32\biC.exe Adware:Adware/KeenValue Not disinfected C:\WINDOWS\SYSTEM32\setup_incred_8.exe Adware:Adware/WurldMedia Not disinfected C:\WINDOWS\SYSTEM32\mostat.exe Adware:Adware/ShoppingCommunity Not disinfected C:\WINDOWS\SYSTEM32\moconfig.exe Adware:Adware/nCase Not disinfected C:\WINDOWS\SYSTEM32\SplWbr.dll Adware:Adware/Lop Not disinfected C:\WINDOWS\All Users\Application Data\Bone Grim User Inter\Armyknob.exe Adware:Adware/WinTools Not disinfected C:\WINDOWS\Key2.txt Spyware:Spyware/BetterInet Not disinfected C:\WINDOWS\inf\biini.inf Adware:Adware/SAHAgent Not disinfected C:\WINDOWS\inf\payload.inf Spyware:Spyware/BetterInet Not disinfected C:\WINDOWS\inf\bi.inf Adware:Adware/SAHAgent Not disinfected C:\WINDOWS\inf\biC.inf Adware:Adware/Transponder Not disinfected C:\WINDOWS\inf\polmx2.inf Adware:Adware/Imibar Not disinfected C:\WINDOWS\systb.exe Adware:Adware/BrowserAid Not disinfected C:\WINDOWS\rundll16.dll Adware:Adware/Lop Not disinfected C:\Program Files\MailNewLite\Gram Wave.exe Adware:Adware/Gator Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\20040907081259900.zip[CMEIIAPI.dll] Adware:Adware/Gator Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\20040907081259900.zip[CMESys.exe] Adware:Adware/Gator Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\20040907081259900.zip[GAppMgr.dll] Adware:Adware/Gator Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\20040907081259900.zip[GController.dll] Adware:Adware/Gator Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\20040907081259900.zip[GDwldEng.dll] Adware:Adware/Gator Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\20040907081259900.zip[GMTProxy.dll] Adware:Adware/Gator Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\20040907081259900.zip[GObjs.dll] Adware:Adware/Gator Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\20040907081259900.zip[GStore.dll] Adware:Adware/Gator Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\20040907081259900.zip[GStoreServer.dll] Adware:Adware/Gator Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\20040907081259900.zip[Gtools.dll] Adware:Adware/Gator Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\20040907081259900.zip[EGGCEngine.dll] Adware:Adware/Gator Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\20040907081259900.zip[egIEEngine.dll] Adware:Adware/Gator Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\20040907081259900.zip[EGNSEngine.dll] Adware:Adware/Gator Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\20040907081259900.zip[GatorRes.dll] Adware:Adware/Gator Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\20040907081259900.zip[GatorStubSetup.exe] Adware:Adware/Gator Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\20040907081259900.zip[GMT.exe] Adware:Adware/Gator Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\20040907081259900.zip[GIocl.dll] Adware:Adware/Gator Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\20040907081259900.zip[GIoclClient.dll] Adware:Adware/Gator Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\20040907081259900.zip[CMEIIAPI.to_be_deleted] Adware:Adware/Gator Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\20040907081308613.zip[EGIEProcess.dll] Adware:Adware/Gator Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\20040907081308613.zip[GUninstaller.exe] Adware:Adware/Gator Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\20040907081308613.zip[fsg_4104.exe] Adware:Adware/Gator Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\20040907081308613.zip[egIEEngine.to_be_deleted] Adware:Adware/Gator Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\20040907081308613.zip[EGNSEngine.to_be_deleted] Adware:Adware/Gator Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\20040907081308613.zip[EGGCEngine.to_be_deleted] Adware:Adware/Gator Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\20040907081308613.zip[GatorRes.to_be_deleted] Adware:Adware/KeenValue Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\20040907081308613.zip[Setup_PerfectNav.exe] Adware:Adware/WinActive Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\20040905225135733.zip[unbzip2s.dll] Adware:Adware/WinActive Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\20040905225135733.zip[winactive.exe] Spyware:Spyware/Altnet Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\20040907081325096.zip[adm.exe] Spyware:Spyware/Altnet Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\20040907081325096.zip[adm4.dll] Spyware:Spyware/Altnet Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\20040907081325096.zip[admdloader.dll] Spyware:Spyware/Altnet Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\20040907081325096.zip[asm.exe] Spyware:Spyware/Altnet Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\20040907081325096.zip[asmps.dll] Spyware:Spyware/Altnet Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\20040907081325096.zip[admdloader.to_be_deleted] Spyware:Spyware/Altnet Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\20040907081325096.zip[adm4.to_be_deleted] Spyware:Spyware/Altnet Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\20040907081325096.zip[asm.to_be_deleted] Spyware:Spyware/Altnet Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\20040907081325096.zip[asmps.to_be_deleted] Spyware:Spyware/Altnet Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\20040907081325096.zip[sysdetect.dll] Adware:Adware/KeenValue Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\20040907081332096.zip[PerfectNav150c.dll] Adware:Adware/KeenValue Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\20040907081332096.zip[rvupdmgr.exe] Adware:Adware/KeenValue Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\20040907081332096.zip[simgr.exe] Adware:Adware/KeenValue Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\20040907081332096.zip[updmgr.exe] Adware:Adware/KeenValue Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\20040907081332096.zip[PerfectNav150c.to_be_deleted] Adware:Adware/KeenValue Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\20040907081332096.zip[PerfectNav150c.to_be_deleted_x] Spyware:Spyware/BetterInet Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\20040907081332096.zip[data2.dat] Adware:Adware/KeenValue Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\20040907081332096.zip[updmgr.to_be_deleted] Adware:Adware/KeenValue Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\20040907081332096.zip[PerfectNav150c.to_be_deleted] Adware:Adware/KeenValue Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\20040907081336473.zip[PerfectNav150c.to_be_deleted] Adware:Adware/KeenValue Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\20040907081336473.zip[PerfectNav150c.to_be_deleted_x] Adware:Adware/KeenValue Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\20040907081336473.zip[updmgr.to_be_deleted_x] Adware:Adware/KeenValue Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\20040907081336473.zip[PerfectNav150c.to_be_deleted] Adware:Adware/KeenValue Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\20040907081337875.zip[PerfectNav150c.to_be_deleted] Adware:Adware/KeenValue Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\20040907081337875.zip[PerfectNav150c.to_be_deleted_x] Adware:Adware/KeenValue Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\20040907081337875.zip[PerfectNav150c.to_be_deleted] Adware:Adware/KeenValue Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\20040907081338806.zip[PerfectNav150c.to_be_deleted] Adware:Adware/KeenValue Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\20040907081338806.zip[PerfectNav150c.to_be_deleted_x] Adware:Adware/KeenValue Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\20040907081338806.zip[PerfectNav150c.to_be_deleted] Adware:Adware/KeenValue Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\20040907101635238.zip[PerfectNav150c.to_be_deleted] Adware:Adware/Gator Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\20040908082648897.zip[CMEIIAPI.dll] Adware:Adware/Gator Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\20040908082648897.zip[CMESys.exe] Adware:Adware/Gator Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\20040908082648897.zip[GAppMgr.dll] Adware:Adware/Gator Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\20040908082648897.zip[GController.dll] Adware:Adware/Gator Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\20040908082648897.zip[GDwldEng.dll] Adware:Adware/Gator Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\20040908082648897.zip[GMTProxy.dll] Adware:Adware/Gator Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\20040908082648897.zip[GObjs.dll] Adware:Adware/Gator Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\20040908082648897.zip[GStore.dll] Adware:Adware/Gator Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\20040908082648897.zip[GStoreServer.dll] Adware:Adware/Gator Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\20040908082648897.zip[Gtools.dll] Adware:Adware/Gator Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\20040908082648897.zip[EGGCEngine.dll] Adware:Adware/Gator Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\20040908082648897.zip[egIEEngine.dll] Adware:Adware/Gator Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\20040908082648897.zip[EGNSEngine.dll] Adware:Adware/Gator Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\20040908082648897.zip[GatorRes.dll] Adware:Adware/Gator Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\20040908082648897.zip[GatorStubSetup.exe] Adware:Adware/Gator Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\20040908082648897.zip[GMT.exe] Adware:Adware/Gator Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\20040908082648897.zip[GIocl.dll] Adware:Adware/Gator Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\20040908082648897.zip[GIoclClient.dll] Adware:Adware/Gator Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\20040908082648897.zip[CMEIIAPI.to_be_deleted] Adware:Adware/Gator Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\20040908082708475.zip[EGIEProcess.dll] Adware:Adware/Gator Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\20040908082708475.zip[GUninstaller.exe] Adware:Adware/Gator Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\20040908082708475.zip[EGNSEngine.to_be_deleted] Adware:Adware/Gator Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\20040908082708475.zip[EGGCEngine.to_be_deleted] Adware:Adware/Gator Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\20040908082708475.zip[GatorRes.to_be_deleted] Adware:Adware/Gator Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\20040908082708475.zip[GMT.to_be_deleted] Spyware:Spyware/New.net Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\20040905225142884.zip[newdotnet6_30.dll] Spyware:Spyware/New.net Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\20040905225142884.zip[uninstall6_30.exe] Adware:Adware/IPInsight Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\20040905225144226.zip[alchem.exe] Adware:Adware/Twain-Tech Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\20040905225144927.zip[preInsMt.exe] Adware:Adware/KeenValue Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\20040905225146068.zip[delupdat.exe] Adware:Adware/KeenValue Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\20040905225146068.zip[sui.exe] Adware:Adware/KeenValue Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\20040905225146068.zip[wupdater.exe] Spyware:Spyware/BetterInet Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\20040905225146068.zip[data1.dat] Spyware:Spyware/BetterInet Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\20040905225146068.zip[data2.dat] Spyware:Spyware/BetterInet Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\20040905225146068.zip[data1Attempt.dat] Potentially unwanted tool:Application/SpyFighter Not disinfected C:\Program Files\SpyFighterPro\SpyFighter.exe Adware:Adware/Lop Not disinfected C:\Program Files\Signwarntick\kindlist.exe Adware:Adware/Lop Not disinfected C:\Program Files\Signwarntick\HopeAboutAtom.exe Adware:Adware/Lop Not disinfected C:\Program Files\Signwarntick\klfjzohz.exe Adware:Adware/Lop Not disinfected C:\Program Files\Signwarntick\sfiryjkt.exe Adware:Adware/Lop Not disinfected C:\Program Files\Signwarntick\dyzzdhod.exe Adware:Adware/Lop Not disinfected C:\Program Files\Signwarntick\Ballcashbyte.exe Adware:Adware/Lop Not disinfected C:\Program Files\Signwarntick\hhcepjpa.exe Adware:Adware/TopMoxie Not disinfected C:\Program Files\couponsandoffers\couponsandoffers1.exe Adware:Adware/BHO Not disinfected C:\!KillBox\wer5760.dll Adware:adware/searchaid Not disinfected C:\Documents and Settings\Jarod\Favorites\Search the web.url Adware:Adware/BHO Not disinfected C:\Documents and Settings\Jarod\Desktop\Hijackthis\backups\backup-20060124-200024-812.dll Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Jarod\Cookies\jarod@atdmt[1].txt Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Jarod\Cookies\jarod@doubleclick[1].txt Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Jarod\Cookies\jarod@advertising[2].txt Adware:adware/tvmedia Not disinfected C:\Documents and Settings\Jarod\Application Data\tvmknwrd.dll Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Jarod\Application Data\Mozilla\Firefox\Profiles\Default User\cookies.txt[] Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Jarod\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-440ad255-40c85974.zip[Mein.class] Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Jarod\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-440ad255-40c85974.zip[ProbeLoader.class] Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Jarod\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-440ad255-40c85974.zip[Dummy.class] Virus:Trojan Horse Disinfected C:\Documents and Settings\Jarod\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-440ad255-40c85974.zip[Beyond.class] Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Jarod\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-144d4f03-2a8ccfcf.zip[BlackBox.class] Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Jarod\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-144d4f03-2a8ccfcf.zip[VB.class] Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Jarod\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-144d4f03-2a8ccfcf.zip[Dummy.class] Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Jarod\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-144d4f03-2a8ccfcf.zip[Beyond.class] Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Jarod\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-15d4ee4e-1f46d35c.zip[BlackBox.class] Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Jarod\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-15d4ee4e-1f46d35c.zip[VB.class] Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Jarod\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-15d4ee4e-1f46d35c.zip[Dummy.class] Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Jarod\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-15d4ee4e-1f46d35c.zip[Beyond.class] Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Jarod\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-1910af14-27aeaf68.zip[GetAccess.class] Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Jarod\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-1910af14-27aeaf68.zip[InsecureClassLoader.class] Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Jarod\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-1910af14-27aeaf68.zip[Dummy.class] Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Jarod\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-1910af14-27aeaf68.zip[Installer.class] Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Jarod\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-5ff69fe9-3fd8dd7d.zip[GetAccess.class] Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Jarod\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-5ff69fe9-3fd8dd7d.zip[InsecureClassLoader.class] Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Jarod\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-5ff69fe9-3fd8dd7d.zip[Dummy.class] Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Jarod\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-5ff69fe9-3fd8dd7d.zip[Installer.class] Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Jarod\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-1910af16-794e0dee.zip[GetAccess.class] Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Jarod\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-1910af16-794e0dee.zip[InsecureClassLoader.class] Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Jarod\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-1910af16-794e0dee.zip[Dummy.class] Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Jarod\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-1910af16-794e0dee.zip[Installer.class] Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Jarod\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-4cb101cf-6a9aaf6c.zip[Dummy.class] Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Jarod\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-4cb101cf-6a9aaf6c.zip[GetAccess.class] Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Jarod\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-4cb101cf-6a9aaf6c.zip[InsecureClassLoader.class] Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Jarod\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-4cb101cf-6a9aaf6c.zip[Installer.class] Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Jarod\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\1.jar-146cfe50-43c8e9fa.zip[Counter.class] Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Jarod\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\1.jar-146cfe50-43c8e9fa.zip[Dummy.class] Virus:Trj/Shinwow.C Disinfected C:\Documents and Settings\Jarod\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\1.jar-146cfe50-43c8e9fa.zip[Matrix.class] Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Jarod\Application Data\Sun\Java\D

#9 jvonderh

New Member

New Member
7 posts

Posted 24 January 2006 - 10:15 PM

ActiveScan Continued:

Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Jarod\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-2fdafaa7-40e78d6b.zip[InsecureClassLoader.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Jarod\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-2fdafaa7-40e78d6b.zip[Dummy.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Jarod\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-2fdafaa7-40e78d6b.zip[Installer.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Jarod\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv405.jar-2f7ec746-636232ed.zip[Matrix.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Jarod\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv405.jar-2f7ec746-636232ed.zip[Counter.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Jarod\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv405.jar-2f7ec746-636232ed.zip[Dummy.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Jarod\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv405.jar-2f7ec746-636232ed.zip[Parser.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Jarod\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-2fa9f21f-6d29d915.zip[GetAccess.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Jarod\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-2fa9f21f-6d29d915.zip[InsecureClassLoader.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Jarod\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-2fa9f21f-6d29d915.zip[Dummy.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Jarod\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-2fa9f21f-6d29d915.zip[Installer.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Jarod\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-6699b1e6-63a7aae8.zip[BlackBox.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Jarod\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-6699b1e6-63a7aae8.zip[VerifierBug.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Jarod\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-6699b1e6-63a7aae8.zip[Dummy.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Jarod\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-6699b1e6-63a7aae8.zip[Beyond.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Jarod\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\msjld.jar-5fa973e1-79413d5f.zip[GetAccess.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Jarod\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\msjld.jar-5fa973e1-79413d5f.zip[InsecureClassLoader.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Jarod\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\msjld.jar-5fa973e1-79413d5f.zip[Dummy.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Jarod\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\msjld.jar-5fa973e1-79413d5f.zip[Installer.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Jarod\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-26acfdd0-704ebc08.zip[GetAccess.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Jarod\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-26acfdd0-704ebc08.zip[InsecureClassLoader.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Jarod\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-26acfdd0-704ebc08.zip[Dummy.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Jarod\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-26acfdd0-704ebc08.zip[Installer.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Jarod\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\counter.jpg-3e6935fe-46f445bb.zip[Counter.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Jarod\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\counter.jpg-3e6935fe-46f445bb.zip[Gummy.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Jarod\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\counter.jpg-3e6935fe-46f445bb.zip[VerifierBug.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Jarod\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\counter.jpg-3e6935fe-46f445bb.zip[Worker.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Jarod\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\counter.jpg-3e6935fe-46f445bb.zip[Xeyond.class]
Virus:Trj/Downloader.BDE Disinfected C:\Documents and Settings\Jarod\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\counter.jpg-3e6935fe-46f445bb.zip[web.exe]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Jarod\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-54980b39-3397e776.zip[GetAccess.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Jarod\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-54980b39-3397e776.zip[InsecureClassLoader.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Jarod\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-54980b39-3397e776.zip[Dummy.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Jarod\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-54980b39-3397e776.zip[Installer.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Jarod\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-4dd78ab8-208beabc.zip[GetAccess.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Jarod\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-4dd78ab8-208beabc.zip[InsecureClassLoader.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Jarod\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-4dd78ab8-208beabc.zip[Dummy.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Jarod\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-4dd78ab8-208beabc.zip[Installer.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Jarod\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ar.jar-6a28554b-6d3d1eef.zip[BlackBox.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Jarod\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ar.jar-6a28554b-6d3d1eef.zip[VerifierBug.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Jarod\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ar.jar-6a28554b-6d3d1eef.zip[Dummy.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Jarod\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ar.jar-6a28554b-6d3d1eef.zip[Beyond.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Jarod\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\counter.jpg-32a07f2a-64df5a82.zip[Counter.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Jarod\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\counter.jpg-32a07f2a-64df5a82.zip[Gummy.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Jarod\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\counter.jpg-32a07f2a-64df5a82.zip[VerifierBug.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Jarod\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\counter.jpg-32a07f2a-64df5a82.zip[Worker.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Jarod\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\counter.jpg-32a07f2a-64df5a82.zip[Xeyond.class]
Virus:Trj/Downloader.CHD Disinfected C:\Documents and Settings\Jarod\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\counter.jpg-32a07f2a-64df5a82.zip[web.exe]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Jarod\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count3.jar-78d6a057-52e9c1c1.zip[Dummy.class]
Virus:Trj/ClassLoader.W Disinfected C:\Documents and Settings\Jarod\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count3.jar-78d6a057-52e9c1c1.zip[VerifierBug.class]
Adware:Adware/CWS.Searchmeup Not disinfected C:\Documents and Settings\Jarod\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-5d45dd39-38593cff.zip[GetAccess.class]
Adware:Adware/CWS.Searchmeup Not disinfected C:\Documents and Settings\Jarod\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-5d45dd39-38593cff.zip[Installer.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Jarod\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-5d45dd39-38593cff.zip[NewSecurityClassLoader.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Jarod\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-5d45dd39-38593cff.zip[NewURLClassLoader.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Jarod\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv441.jar-6cf96188-597c1e8e.zip[Matrix.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Jarod\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv441.jar-6cf96188-597c1e8e.zip[Counter.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Jarod\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv441.jar-6cf96188-597c1e8e.zip[Dummy.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Jarod\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv441.jar-6cf96188-597c1e8e.zip[Parser.class]
Adware:adware/keenvalue Not disinfected C:\WINDOXP\system32\drivers\etc\hosts.bho
Adware:Adware/PurityScan Not disinfected C:\WINDOXP\system32\Shex.exe
Adware:Adware/KeenValue Not disinfected C:\WINDOXP\system32\setup_incred_8.exe
Adware:Adware/Transponder Not disinfected C:\WINDOXP\system32\polall1m.exe
Adware:adware/virtualbouncer Not disinfected C:\WINDOXP\system32\INNERADINSTALL.LOG
Adware:Adware/P2PNetworking Not disinfected C:\WINDOXP\system32\P2P Networking v126.cpl
Adware:adware/wupd Not disinfected C:\WINDOXP\system32\ide21201.vxd
Adware:Adware/LocalNRD Not disinfected C:\WINDOXP\inf\localNrd.inf
Adware:Adware/Twain-Tech Not disinfected C:\WINDOXP\inf\twaintec.inf
Adware:adware/twain-tech Not disinfected C:\WINDOXP\inf\multimpp.inf
Adware:Adware/Imibar Not disinfected C:\WINDOXP\systb.exe
Adware:adware/ieplugin Not disinfected C:\WINDOXP\kwv2.dat
Adware:Adware/SAHAgent Not disinfected C:\WINDOXP\Downloaded Program Files\setup4002b.ini
Adware:adware/dealhelper Not disinfected C:\WINDOXP\dhkw1.bin

HijackThis log:

Logfile of HijackThis v1.99.1
Scan saved at 10:05:55 PM, on 1/24/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOXP\System32\smss.exe
C:\WINDOXP\system32\winlogon.exe
C:\WINDOXP\system32\services.exe
C:\WINDOXP\system32\lsass.exe
C:\WINDOXP\system32\svchost.exe
C:\WINDOXP\System32\svchost.exe
C:\WINDOXP\Explorer.EXE
C:\WINDOXP\system32\spoolsv.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Documents and Settings\Jarod\Desktop\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.iub.edu/
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\ycomp5_5_5_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\ycomp5_5_5_0.dll
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windup...e/bridge-c9.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...nst20040510.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe

#10 FZWG

R.I.P My Friend

Validating
569 posts

Posted 25 January 2006 - 06:08 PM

The log looks good. Just one entry to remove.

Run HijackThis once again, Scan
Check box for:

O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windup...e/bridge-c9.cab

Select: Fix Checked

Need to clean up a bundle of stuff…

Once again double-click the Cleanup! program (downloaded earlier) icon to run the program
-Click: Options (right side)
-In the Quick SetUp area, move the arrow to: Custom CleanUp!
-Check the following:
--Delete Cookies
--Empty Recycle Bin
--Delete Prefetch files
--Scan local drives for temporary files
--Cleanup! All Users
Click: OK
Click the CleanUp button and let the program run.
Close the program when done.

Reboot.

Download AdAware SE from the following link:
http://www.majorgeek...ownload506.html
-Use the: Check for Updates Now option and download the latest reference files
-Use the Start button, and on the next window, select: Perform Full System Scan
-Uncheck: Search for negligible risk entries
-Press Next, and let Ad-aware scan the hard drive
-When finished, right-click the window with the entries, choose: Select All from the menu, and click Next.
-Once AdAware has removed the entries, close the program
Restart the computer

Now, lets put Spybot Search and Destroy to work.
Download the program from here:
http://www.majorgeek...wnload2471.html
-After installing the program, click on: Search for Updates
-Next, make sure all windows and browsers are closed, and select: Check for
Problems
-Have Spybot remove all the items in RED by clicking on the button labeled: Fix Selected Problems
Reboot after Spybot is done

There is a Yahoo! Anti-Spy feature in the Yahoo! Toolbar.

If the system is working properly, go to C:\Program Files\Yahoo!\YPSR\Quarantine, and remove the files in Quarantine.

Run another Panda online ActiveScan
http://www.pandasoft.../activescan.htm

Select: See Report
Then select, Save Report and save to a location where you can find the report. .

Please provide the ActiveScan report and a new HijackThis log in your response.

We’ll see what the ActiveScan shows, and then clean up whatever remains there.

Last, but not least, you need to install an AntiVirus program!!

There are free programs you can download:

Grisoft’s AVG Anti-virus Free Edition: http://free.grisoft.com/freeweb.php

avast! 4 Home: http://www.avast.com...ast_4_home.html

AntiVir Personal Edition: http://www.free-av.com/

Also, a FireWall would be helpful:
Zone Alarm has a free version:
http://www.zonelabs.....jsp?lid=nav_za

Two other good choices are:
Sygate http://smb.sygate.co...cts/spf_pro.htm
Kerio http://www.kerio.com/us/kpf_home.html

"June, 2007 Farethee Well"

#11 jvonderh

New Member

New Member
7 posts

Posted 25 January 2006 - 11:14 PM

Incident Status Location

Adware:Adware/eZula Not disinfected C:\WINDOWS\SYSTEM32\ezstub.exe
Adware:Adware/Exact.SearchBar Not disinfected C:\WINDOWS\SYSTEM32\exul.exe
Adware:Adware/ShoppingCommunity Not disinfected C:\WINDOWS\SYSTEM32\moconfig.exe
Adware:Adware/nCase Not disinfected C:\WINDOWS\SYSTEM32\SplWbr.dll
Adware:Adware/Lop Not disinfected C:\WINDOWS\All Users\Application Data\Bone Grim User Inter\Armyknob.exe
Spyware:Spyware/BetterInet Not disinfected C:\WINDOWS\inf\biini.inf
Adware:Adware/SAHAgent Not disinfected C:\WINDOWS\inf\payload.inf
Spyware:Spyware/BetterInet Not disinfected C:\WINDOWS\inf\bi.inf
Adware:Adware/SAHAgent Not disinfected C:\WINDOWS\inf\biC.inf
Adware:Adware/Transponder Not disinfected C:\WINDOWS\inf\polmx2.inf
Spyware:Spyware/New.net Not disinfected C:\RECYCLED\Dc21.zip[newdotnet6_30.dll]
Spyware:Spyware/New.net Not disinfected C:\RECYCLED\Dc21.zip[uninstall6_30.exe]
Adware:Adware/Gator Not disinfected C:\RECYCLED\Dc32.zip[EGIEProcess.dll]
Adware:Adware/Gator Not disinfected C:\RECYCLED\Dc32.zip[GUninstaller.exe]
Adware:Adware/Gator Not disinfected C:\RECYCLED\Dc32.zip[EGNSEngine.to_be_deleted]
Adware:Adware/Gator Not disinfected C:\RECYCLED\Dc32.zip[EGGCEngine.to_be_deleted]
Adware:Adware/Gator Not disinfected C:\RECYCLED\Dc32.zip[GatorRes.to_be_deleted]
Adware:Adware/Gator Not disinfected C:\RECYCLED\Dc32.zip[GMT.to_be_deleted]
Adware:Adware/Lop Not disinfected C:\Program Files\MailNewLite\Gram Wave.exe
Adware:Adware/Lop Not disinfected C:\Program Files\Signwarntick\kindlist.exe
Adware:Adware/Lop Not disinfected C:\Program Files\Signwarntick\klfjzohz.exe
Adware:Adware/Lop Not disinfected C:\Program Files\Signwarntick\sfiryjkt.exe
Adware:Adware/Lop Not disinfected C:\Program Files\Signwarntick\dyzzdhod.exe
Adware:Adware/Lop Not disinfected C:\Program Files\Signwarntick\Ballcashbyte.exe
Adware:Adware/Lop Not disinfected C:\Program Files\Signwarntick\hhcepjpa.exe
Adware:Adware/BHO Not disinfected C:\!KillBox\wer5760.dll
Adware:Adware/BHO Not disinfected C:\Documents and Settings\Jarod\Desktop\Hijackthis\backups\backup-20060124-200024-812.dll
Adware:adware/tvmedia Not disinfected C:\Documents and Settings\Jarod\Application Data\tvmknwrd.dll
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Jarod\Application Data\Mozilla\Firefox\Profiles\default.nzx\cookies.txt[]
Spyware:Cookie/2o7.net Not disinfected C:\Documents and Settings\Jarod\Application Data\Mozilla\Firefox\Profiles\Default User\cookies.txt[]
Adware:Adware/CWS.Searchmeup Not disinfected C:\Documents and Settings\Jarod\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-5d45dd39-38593cff.zip[GetAccess.class]
Adware:Adware/CWS.Searchmeup Not disinfected C:\Documents and Settings\Jarod\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-5d45dd39-38593cff.zip[Installer.class]
Adware:adware/virtualbouncer Not disinfected C:\WINDOXP\system32\INNERADINSTALL.LOG
Adware:Adware/P2PNetworking Not disinfected C:\WINDOXP\system32\P2P Networking v126.cpl
Adware:adware/twain-tech Not disinfected C:\WINDOXP\inf\multimpp.inf
Adware:Adware/SAHAgent Not disinfected C:\WINDOXP\Downloaded Program Files\setup4002b.ini
Adware:adware/dealhelper Not disinfected C:\WINDOXP\dhdom1.bin

Logfile of HijackThis v1.99.1
Scan saved at 11:09:17 PM, on 1/25/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOXP\System32\smss.exe
C:\WINDOXP\system32\winlogon.exe
C:\WINDOXP\system32\services.exe
C:\WINDOXP\system32\lsass.exe
C:\WINDOXP\system32\svchost.exe
C:\WINDOXP\System32\svchost.exe
C:\WINDOXP\Explorer.EXE
C:\WINDOXP\system32\spoolsv.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\WINDOXP\system32\wscntfy.exe
C:\WINDOXP\system32\sol.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Documents and Settings\Jarod\Desktop\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.iub.edu/
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\ycomp5_5_5_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\ycomp5_5_5_0.dll
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...nst20040510.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe

#12 FZWG

R.I.P My Friend

Validating
569 posts

Posted 27 January 2006 - 10:03 PM

Don’t see any malware on the log, however, >>>you need to install an AntiVirus program!!<<<

Some final cleanup for the ActiveScan entries:

Reboot to Safe Mode.
-Restart your computer
-When the machine first starts again, tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu
-Select the option for Safe Mode using the arrow keys
-Press Enter to boot into Safe Mode

Search for and remove the following folders (bold):
C:\Program Files\MailNewLite
C:\WINDOWS\All Users\Application Data\Bone Grim User Inter
C:\Program Files\Signwarntick

Search for and remove the following files (bold):
C:\WINDOWS\SYSTEM32\ezstub.exe
C:\WINDOWS\SYSTEM32\exul.exe
C:\WINDOWS\SYSTEM32\moconfig.exe
C:\WINDOWS\SYSTEM32\SplWbr.dll
C:\WINDOWS\inf\biini.inf
C:\WINDOWS\inf\payload.inf
C:\WINDOWS\inf\bi.inf
C:\WINDOWS\inf\biC.inf
C:\WINDOWS\inf\polmx2.inf
C:\Documents and Settings\Jarod\Application Data\tvmknwrd.dll
C:\WINDOXP\system32\INNERADINSTALL.LOG
C:\WINDOXP\system32\P2P Networking v126.cpl
C:\WINDOXP\inf\multimpp.inf
C:\WINDOXP\Downloaded Program Files\setup4002b.ini
C:\WINDOXP\dhdom1.bin

Clear the Java Cache:
Go to Start > Control Panel > double-click: Java Plug-in
Select the Cache tab
Click: Clear

Empty the Recycle Bin

Reboot

If you are not having malware problems, you are good to go!

Make sure the viewing of Hidden Files and Folders enabled earlier, is back to its normal settings.
Go back to it and use: Restore Default

Some suggestions to remain malware free:
Tony Klein’s article 'How Did I Get Infected In The First Place'
http://www.wildersse...ead.php?t=27971
Take a look at what the article has to offer and select the programs that suit your needs.

Also, the following are excellent programs that you may want to run on a regular basis:

Microsoft AntiSpyware:
http://www.microsoft...re/default.mspx

AdAware SE:
http://www.majorgeek...ownload506.html

Spybot Search and Destroy:
http://www.majorgeek...wnload2471.html

Thank you for your patience, and performing the procedures requested.
If you have any questions or comments, post back. Otherwise...

Good luck!!

"June, 2007 Farethee Well"

#13 FZWG

R.I.P My Friend

Validating
569 posts

Posted 20 April 2006 - 08:46 PM

Solved

"June, 2007 Farethee Well"

Body Background

skin color theme