Tom's Guide | Tom's Hardware | Tom's Games

Computing.Net > Forums > Security and Virus > can't get rid of h91746.exe

Computer Problems? Computing.Net has over 1,000,000 posts about all things technology related! Over 90% answered within 24 hours! Click here to start participating now! Also, be sure to check out the New User Guide.

can't get rid of h91746.exe

Reply to Message Icon

Name: thedreamer
Date: April 12, 2006 at 22:09:46 Pacific
OS: xp pro
CPU/Ram: 512
Product: dell inspiron 2650
Comment:

file h91746.exe keeps coming back no matter how many times i delete it, a ms dos prompt pops up and there is another saying it has encountered an illegal instruction or something. can someone help me get rid of it?



Sponsored Link
Ads by Google

Response Number 1
Name: DSE
Date: April 13, 2006 at 00:15:02 Pacific
Reply:

You seem to be infected with Crystalys Media adware or its variant. Try going through these steps.


0

Response Number 2
Name: jabuck
Date: April 13, 2006 at 04:01:56 Pacific
Reply:

Please post a Hijack This log so that the files associated with the virus/spyware/hijacker can be identified. You can download Hijack This at this link http://www.tomcoyote.org/hjt/ then place it into a folder of it's on, such as C:\HJT, so that back up copies can be made and not clutter your desktop or other folders and the backup copies of deleted items can be easily located if needed.

Once saved double click HijackThis.exe, and press "Scan". When the scan is finished, the "Scan" button will change into a "Save Log" button.
Press that, save the log, Ctrl-A to Select All, and copy its contents into the text editor at this forum.

Do not fix anything yet unless you know what you are doing. This is a powerful tool that can crash the computer if used improperly.


0

Response Number 3
Name: thedreamer
Date: April 13, 2006 at 04:29:55 Pacific
Reply:

here is the hijack this log

Logfile of HijackThis v1.99.1
Scan saved at 6:28:10 AM, on 4/13/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
C:\JRun4\servers\cfusion\cfusion-ear\cfusion-war\WEB-INF\cfusion\db\slserver54\bin\swagent.exe
C:\JRun4\servers\cfusion\cfusion-ear\cfusion-war\WEB-INF\cfusion\db\slserver54\bin\swstrtr.exe
C:\JRun4\servers\cfusion\cfusion-ear\cfusion-war\WEB-INF\cfusion\db\slserver54\bin\swsoc.exe
C:\JRun4\verity\k2\_nti40\bin\k2admin.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\JRun4\bin\jrunsvc.exe
C:\JRun4\bin\jrunsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.exe
C:\JRun4\bin\jrun.exe
C:\JRun4\bin\jrun.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAFA.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\SunProtectionServer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\DOCUME~1\Daniel\LOCALS~1\Temp\bwgo0004cc90.exe
C:\Program Files\Belkin\Belkin 802.11g Wireless Card Configuration Utility\utility.exe
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunThreatEngine.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\TEMP\win4B0.tmp.exe
C:\WINDOWS\system32\ntvdm.exe
C:\DOCUME~1\Daniel\LOCALS~1\Temp\Temporary Directory 2 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydsl/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydsl/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = dynhost.inetcam.com;register.inetcam.com;localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [EPSON Stylus CX7800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAFA.exe /P26 "EPSON Stylus CX7800 Series" /O6 "USB001" /M "Stylus CX7800"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [Adobe Version Cue CS2] "C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SunServer] C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Lhuazmz] C:\Program Files\?racle\nslookup.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Belkin 802.11g Wireless Card Utility.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger Agent.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: SBC Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O18 - Protocol: bw+0 - {CB84185F-D163-4F54-BDDB-15256C364BB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {CB84185F-D163-4F54-BDDB-15256C364BB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {CB84185F-D163-4F54-BDDB-15256C364BB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {CB84185F-D163-4F54-BDDB-15256C364BB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {CB84185F-D163-4F54-BDDB-15256C364BB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {CB84185F-D163-4F54-BDDB-15256C364BB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {CB84185F-D163-4F54-BDDB-15256C364BB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {CB84185F-D163-4F54-BDDB-15256C364BB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {CB84185F-D163-4F54-BDDB-15256C364BB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {CB84185F-D163-4F54-BDDB-15256C364BB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {CB84185F-D163-4F54-BDDB-15256C364BB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {CB84185F-D163-4F54-BDDB-15256C364BB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {CB84185F-D163-4F54-BDDB-15256C364BB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {CB84185F-D163-4F54-BDDB-15256C364BB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {CB84185F-D163-4F54-BDDB-15256C364BB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {CB84185F-D163-4F54-BDDB-15256C364BB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {CB84185F-D163-4F54-BDDB-15256C364BB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {CB84185F-D163-4F54-BDDB-15256C364BB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {CB84185F-D163-4F54-BDDB-15256C364BB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {CB84185F-D163-4F54-BDDB-15256C364BB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {CB84185F-D163-4F54-BDDB-15256C364BB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {CB84185F-D163-4F54-BDDB-15256C364BB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {CB84185F-D163-4F54-BDDB-15256C364BB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {CB84185F-D163-4F54-BDDB-15256C364BB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {CB84185F-D163-4F54-BDDB-15256C364BB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {CB84185F-D163-4F54-BDDB-15256C364BB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {CB84185F-D163-4F54-BDDB-15256C364BB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {CB84185F-D163-4F54-BDDB-15256C364BB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {CB84185F-D163-4F54-BDDB-15256C364BB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {CB84185F-D163-4F54-BDDB-15256C364BB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {CB84185F-D163-4F54-BDDB-15256C364BB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {CB84185F-D163-4F54-BDDB-15256C364BB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {CB84185F-D163-4F54-BDDB-15256C364BB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {CB84185F-D163-4F54-BDDB-15256C364BB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {CB84185F-D163-4F54-BDDB-15256C364BB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {CB84185F-D163-4F54-BDDB-15256C364BB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {CB84185F-D163-4F54-BDDB-15256C364BB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {CB84185F-D163-4F54-BDDB-15256C364BB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {CB84185F-D163-4F54-BDDB-15256C364BB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {CB84185F-D163-4F54-BDDB-15256C364BB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {CB84185F-D163-4F54-BDDB-15256C364BB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {CB84185F-D163-4F54-BDDB-15256C364BB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {CB84185F-D163-4F54-BDDB-15256C364BB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {CB84185F-D163-4F54-BDDB-15256C364BB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {CB84185F-D163-4F54-BDDB-15256C364BB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {CB84185F-D163-4F54-BDDB-15256C364BB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {CB84185F-D163-4F54-BDDB-15256C364BB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {CB84185F-D163-4F54-BDDB-15256C364BB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {CB84185F-D163-4F54-BDDB-15256C364BB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {CB84185F-D163-4F54-BDDB-15256C364BB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {CB84185F-D163-4F54-BDDB-15256C364BB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {CB84185F-D163-4F54-BDDB-15256C364BB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {CB84185F-D163-4F54-BDDB-15256C364BB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {CB84185F-D163-4F54-BDDB-15256C364BB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {CB84185F-D163-4F54-BDDB-15256C364BB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {CB84185F-D163-4F54-BDDB-15256C364BB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {CB84185F-D163-4F54-BDDB-15256C364BB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {CB84185F-D163-4F54-BDDB-15256C364BB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {CB84185F-D163-4F54-BDDB-15256C364BB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {CB84185F-D163-4F54-BDDB-15256C364BB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {CB84185F-D163-4F54-BDDB-15256C364BB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {CB84185F-D163-4F54-BDDB-15256C364BB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {CB84185F-D163-4F54-BDDB-15256C364BB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {CB84185F-D163-4F54-BDDB-15256C364BB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {CB84185F-D163-4F54-BDDB-15256C364BB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {CB84185F-D163-4F54-BDDB-15256C364BB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {CB84185F-D163-4F54-BDDB-15256C364BB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {CB84185F-D163-4F54-BDDB-15256C364BB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {CB84185F-D163-4F54-BDDB-15256C364BB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {CB84185F-D163-4F54-BDDB-15256C364BB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {CB84185F-D163-4F54-BDDB-15256C364BB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {CB84185F-D163-4F54-BDDB-15256C364BB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {CB84185F-D163-4F54-BDDB-15256C364BB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {CB84185F-D163-4F54-BDDB-15256C364BB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {CB84185F-D163-4F54-BDDB-15256C364BB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {CB84185F-D163-4F54-BDDB-15256C364BB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: offline-8876480 - {CB84185F-D163-4F54-BDDB-15256C364BB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: winjvd32 - C:\WINDOWS\SYSTEM32\winjvd32.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Unknown owner - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe" -win32service (file missing)
O23 - Service: ColdFusion MX 7 ODBC Agent - Unknown owner - C:\JRun4\servers\cfusion\cfusion-ear\cfusion-war\WEB-INF\cfusion\db\slserver54\bin\swagent.exe
O23 - Service: ColdFusion MX 7 ODBC Server - Unknown owner - C:\JRun4\servers\cfusion\cfusion-ear\cfusion-war\WEB-INF\cfusion\db\slserver54\bin\swstrtr.exe
O23 - Service: ColdFusion MX 7 Search Server - Unknown owner - C:\JRun4\verity\k2\_nti40\bin\k2admin.exe" -cfg "C:\JRun4\verity\k2\common\verity.cfg" -ntstart 1 (file missing)
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia JRun Admin Server - Macromedia Inc. - C:\JRun4\bin\jrunsvc.exe
O23 - Service: Macromedia JRun CFusion Server - Macromedia Inc. - C:\JRun4\bin\jrunsvc.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.exe



0

Response Number 4
Name: jabuck
Date: April 13, 2006 at 16:27:48 Pacific
Reply:

Please download ATF-Cleaner to your desktop from this link
http://www.atribune.org/content/view/19/2/ We will need it later in safe mode

Download killbox to your desktop from this link Killbox We will need it later in safe mode

Download Ewido Security Suite then set it up this way Ewido Setup Instructions We will need this later in safe mode

Run this free online scan from Kaspersky http://kaspersky.com/kos/english/kavwebscan.html
Click Accept
When the updates are finished downloading, click Next, Scan Settings
Under Scan using the following antivirus database:, select extended
Make sure the Scan Archives and Scan Mail Bases options are selected as well. Click OK
Click My Computer and wait for the scan to finish
Click Save Report As. Under Save as type:, select Text file. Save this log to your Desktop and post a copy of it here.

Next follow these directions to reboot into safe mode Safe Mode

Set up the computer to view hidden files by going to start>control panel>folder options>view tab>tick the circle beside "show hidden files and folders" and untick the box beside "hide extensions of known file types" and "hide protected system operating files">apply>ok.

Navigate to C:\Program Files\?racle to get the real name of the folder. The ? mark can be any character but the rest out the folder name will be as it is. Posts its name anong with the Kaspersky log.



0

Response Number 5
Name: thedreamer
Date: April 13, 2006 at 19:58:21 Pacific
Reply:

here is the copy of the report

---------------------
KASPERSKY ON-LINE SCANNER REPORT
Thursday, April 13, 2006 9:54:43 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.78.0
Kaspersky Anti-Virus database last update: 13/04/2006
Kaspersky Anti-Virus database records: 188036
---------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
F:\
G:\
H:\

Scan Statistics:
Total number of scanned objects: 103269
Number of viruses found: 23
Number of infected objects: 261
Number of suspicious objects: 0
Duration of the scan process: 02:56:40

Infected Object Name / Virus Name / Last Action
C:\data Infected: Trojan-Downloader.Win32.IstBar.nh skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\01DC0000.VBN Infected: Trojan-Downloader.Win32.IstBar.nj skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07540000.VBN/Anarchist Cookbook-Special Limited Edition-Full-New-2005.exe/data.rar/setup.bat Infected: Trojan.BAT.Zapchast skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07540000.VBN/Anarchist Cookbook-Special Limited Edition-Full-New-2005.exe/data.rar/csrss.exe Infected: not-a-virus:Server-FTP.Win32.Serv-U.gen skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07540000.VBN/Anarchist Cookbook-Special Limited Edition-Full-New-2005.exe/data.rar/services.exe Infected: Backdoor.Win32.Iroffer.14b2 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07540000.VBN/Anarchist Cookbook-Special Limited Edition-Full-New-2005.exe/data.rar/ntauth.dll Infected: Backdoor.IRC.Zapchast skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07540000.VBN/Anarchist Cookbook-Special Limited Edition-Full-New-2005.exe/data.rar Infected: Backdoor.IRC.Zapchast skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07540000.VBN/Anarchist Cookbook-Special Limited Edition-Full-New-2005.exe Infected: Backdoor.IRC.Zapchast skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07540000.VBN ZIP: infected - 6 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07540000.VBN CryptZ: infected - 6 skipped
C:\Documents and Settings\Daniel\Application Data\ŠppPatch\cmd.exe Infected: Trojan-Downloader.Win32.PurityScan.w skipped
C:\Documents and Settings\Daniel\Local Settings\Temp\cli37B.tmp Infected: Trojan.Win32.Agent.qt skipped
C:\Documents and Settings\Daniel\Local Settings\Temp\gbikjbmc.exe Infected: Trojan.Win32.Dialer.ay skipped
C:\Documents and Settings\Daniel\Local Settings\Temp\win37E.tmp.exe Infected: Trojan.Win32.Dialer.oy skipped
C:\Documents and Settings\Daniel\Local Settings\Temp\win385.tmp.exe Infected: Trojan.Win32.Dialer.oy skipped
C:\Documents and Settings\Daniel\Local Settings\Temp\win38B.tmp.exe/data0002/data0006 Infected: Trojan-Dropper.Win32.VB.kk skipped
C:\Documents and Settings\Daniel\Local Settings\Temp\win38B.tmp.exe/data0002 Infected: Trojan-Dropper.Win32.VB.kk skipped
C:\Documents and Settings\Daniel\Local Settings\Temp\win38B.tmp.exe NSIS: infected - 2 skipped
C:\Documents and Settings\Daniel\Local Settings\Temporary Internet Files\Content.IE5\KDERSLEJ\srviti[1].exe Infected: Trojan.Win32.Dialer.oy skipped
C:\Documents and Settings\Daniel\Local Settings\Temporary Internet Files\Content.IE5\MJGRHMVE\rdgUS2404[1].exe Infected: Trojan-Downloader.Win32.Small.ayl skipped
C:\Documents and Settings\Daniel\Local Settings\Temporary Internet Files\Content.IE5\O9A3CD2J\mypics[1].exe Infected: Backdoor.Win32.IRCBot.ct skipped
C:\Documents and Settings\Daniel\My Documents\Downloads\anubis handbook.zip/YSB_toolBar.exe/stream Infected: Trojan-Downloader.Win32.IstBar.no skipped
C:\Documents and Settings\Daniel\My Documents\Downloads\anubis handbook.zip/YSB_toolBar.exe Infected: Trojan-Downloader.Win32.IstBar.no skipped
C:\Documents and Settings\Daniel\My Documents\Downloads\anubis handbook.zip ZIP: infected - 2 skipped
C:\Documents and Settings\Daniel\My Documents\XoftSpy421_168.exe/data0013 Infected: not-a-virus:RiskTool.Win32.PsKill.n skipped
C:\Documents and Settings\Daniel\My Documents\XoftSpy421_168.exe NSIS: infected - 1 skipped
C:\Program Files\BitTorrent\uninstall.exe/stream/data0002 Infected: not-a-virus:RiskTool.Win32.PsKill.n skipped
C:\Program Files\BitTorrent\uninstall.exe/stream Infected: not-a-virus:RiskTool.Win32.PsKill.n skipped
C:\Program Files\BitTorrent\uninstall.exe NSIS: infected - 2 skipped
C:\Program Files\XoftSpy\uninstall.exe/data0003 Infected: not-a-virus:RiskTool.Win32.PsKill.n skipped
C:\Program Files\XoftSpy\uninstall.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{8B9A8944-DC99-42AB-814C-E54676D2415D}\RP108\A0025274.exe/data0045 Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
C:\System Volume Information\_restore{8B9A8944-DC99-42AB-814C-E54676D2415D}\RP108\A0025274.exe/data0046 Infected: not-a-virus:AdWare.Win32.Lop.ai skipped
C:\System Volume Information\_restore{8B9A8944-DC99-42AB-814C-E54676D2415D}\RP108\A0025274.exe NSIS: infected - 2 skipped
C:\System Volume Information\_restore{8B9A8944-DC99-42AB-814C-E54676D2415D}\RP108\A0025315.exe/data0003 Infected: HackTool.Win32.VB.ao skipped
C:\System Volume Information\_restore{8B9A8944-DC99-42AB-814C-E54676D2415D}\RP108\A0025315.exe Inno: infected - 1 skipped
C:\System Volume Information\_restore{8B9A8944-DC99-42AB-814C-E54676D2415D}\RP108\A0025347.exe Infected: Trojan-Dropper.Win32.VB.kk skipped
C:\System Volume Information\_restore{8B9A8944-DC99-42AB-814C-E54676D2415D}\RP115\A0025539.exe Infected: Trojan-Downloader.Win32.Zlob.le skipped
C:\System Volume Information\_restore{8B9A8944-DC99-42AB-814C-E54676D2415D}\RP94\A0023684.exe Infected: HackTool.Win32.CrackSearch.a skipped
C:\WINDOWS\mtuninst.exe Infected: not-a-virus:AdWare.Win32.MediaTickets.u skipped
C:\WINDOWS\system32\oins.exe Infected: Trojan-Downloader.Win32.PurityScan.bt skipped
C:\WINDOWS\system32\winjvd32.dll Infected: Trojan.Win32.Agent.qt skipped
C:\WINDOWS\Temp\abalpcmd.exe Infected: Trojan.Win32.Dialer.ay skipped
C:\WINDOWS\Temp\adljfefd.exe Infected: Trojan.Win32.Dialer.ay skipped
C:\WINDOWS\Temp\admdbbgd.exe Infected: Trojan.Win32.Dialer.ay skipped
C:\WINDOWS\Temp\afennlid.exe Infected: Trojan.Win32.Dialer.ay skipped
C:\WINDOWS\Temp\afjjniad.exe Infected: Trojan.Win32.Dialer.ay skipped
C:\WINDOWS\Temp\afpnpnpd.exe Infected: Trojan.Win32.Dialer.ay skipped
C:\WINDOWS\Temp\agbplnjd.exe Infected: Trojan.Win32.Dialer.ay skipped
C:\WINDOWS\Temp\agikccid.exe Infected: Trojan.Win32.Dialer.ay skipped
C:\WINDOWS\Temp\ahhmkopd.exe Infected: Trojan.Win32.Dialer.ay skipped
C:\WINDOWS\Temp\alhlbapd.exe Infected: Trojan.Win32.Dialer.ay skipped
C:\WINDOWS\Temp\ancmgcjd.exe Infected: Trojan.Win32.Dialer.ay skipped
C:\WINDOWS\Temp\aoffejnd.exe Infected: Trojan.Win32.Dialer.ay skipped
C:\WINDOWS\Temp\aofkpmed.exe Infected: Trojan.Win32.Dialer.ay skipped
C:\WINDOWS\Temp\bahbpdid.exe Infected: Trojan.Win32.Dialer.ay skipped
C:\WINDOWS\Temp\bbglhamd.exe Infected: Trojan.Win32.Dialer.ay skipped
C:\WINDOWS\Temp\bbgnllld.exe Infected: Trojan.Win32.Dialer.ay skipped
C:\WINDOWS\Temp\bbkhgdhd.exe Infected: Trojan.Win32.Dialer.ay skipped
C:\WINDOWS\Temp\bdbfjmid.exe Infected: Trojan.Win32.Dialer.ay skipped
C:\WINDOWS\Temp\bdembjid.exe Infected: Trojan.Win32.Dialer.ay skipped
C:\WINDOWS\Temp\bgaepjld.exe Infected: Trojan.Win32.Dialer.ay skipped
C:\WINDOWS\Temp\bgheookd.exe Infected: Trojan.Win32.Dialer.ay skipped
C:\WINDOWS\Temp\bgikniid.exe Infected: Trojan.Win32.Dialer.ay skipped
C:\WINDOWS\Temp\bhbcmdnd.exe Infected: Trojan.Win32.Dialer.ay skipped
C:\WINDOWS\Temp\bhjecnfd.exe Infected: Trojan.Win32.Dialer.ay skipped
C:\WINDOWS\Temp\bjdibbnd.exe Infected: Trojan.Win32.Dialer.ay skipped
C:\WINDOWS\Temp\bkajeced.exe Infected: Trojan.Win32.Dialer.ay skipped
C:\WINDOWS\Temp\bkmiccld.exe Infected: Trojan.Win32.Dialer.ay skipped
C:\WINDOWS\Temp\bmkcflfd.exe Infected: Trojan.Win32.Dialer.ay skipped
C:\WINDOWS\Temp\bohlggad.exe Infected: Trojan.Win32.Dialer.ay skipped
C:\WINDOWS\Temp\bomcjbpd.exe Infected: Trojan.Win32.Dialer.ay skipped
C:\WINDOWS\Temp\bpgalnid.exe Infected: Trojan.Win32.Dialer.ay skipped
C:\WINDOWS\Temp\cbbhgaid.exe Infected: Trojan.Win32.Dialer.ay skipped
C:\WINDOWS\Temp\ccnjmljd.exe Infected: Trojan.Win32.Dialer.ay skipped
C:\WINDOWS\Temp\ceggmdgd.exe Infected: Trojan.Win32.Dialer.ay skipped
C:\WINDOWS\Temp\cfbcjfjd.exe Infected: Trojan.Win32.Dialer.ay skipped
C:\WINDOWS\Temp\cfejjjmd.exe Infected: Trojan.Win32.Dialer.ay skipped
C:\WINDOWS\Temp\cgmckgid.exe Infected: Trojan.Win32.Dialer.ay skipped
C:\WINDOWS\Temp\chnmojpd.exe Infected: Trojan.Win32.Dialer.ay skipped
C:\WINDOWS\Temp\ciclghnd.exe Infected: Trojan.Win32.Dialer.ay skipped
C:\WINDOWS\Temp\cieeiged.exe Infected: Trojan.Win32.Dialer.ay skipped
C:\WINDOWS\Temp\cjdjkhed.exe Infected: Trojan.Win32.Dialer.ay skipped
C:\WINDOWS\Temp\cjglgnad.exe Infected: Trojan.Win32.Dialer.ay skipped
C:\WINDOWS\Temp\cjkmabid.exe Infected: Trojan.Win32.Dialer.ay skipped
C:\WINDOWS\Temp\cjodfppd.exe Infected: Trojan.Win32.Dialer.ay skipped
C:\WINDOWS\Temp\ckklalnd.exe Infected: Trojan.Win32.Dialer.ay skipped
C:\WINDOWS\Temp\claolgjd.exe Infected: Trojan.Win32.Dialer.ay skipped
C:\WINDOWS\Temp\cllbnejd.exe Infected: Trojan.Win32.Dialer.ay skipped
C:\WINDOWS\Temp\cninfjhd.exe Infected: Trojan.Win32.Dialer.ay skipped
C:\WINDOWS\Temp\cobccpld.exe Infected: Trojan.Win32.Dialer.ay skipped
C:\WINDOWS\Temp\dalddlmd.exe Infected: Trojan.Win32.Dialer.ay skipped
C:\WINDOWS\Temp\dcgfkfid.exe Infected: Trojan.Win32.Dialer.ay skipped
C:\WINDOWS\Temp\dcpaalhd.exe Infected: Trojan.Win32.Dialer.ay skipped
C:\WINDOWS\Temp\ddfjefpd.exe Infected: Trojan.Win32.Dialer.ay skipped
C:\WINDOWS\Temp\dgbpaild.exe Infected: Trojan.Win32.Dialer.ay skipped
C:\WINDOWS\Temp\dglmiikd.exe Infected: Trojan.Win32.Dialer.ay skipped
C:\WINDOWS\Temp\dhdhpghd.exe Infected: Trojan.Win32.Dialer.ay skipped
C:\WINDOWS\Temp\dhgcebmd.exe Infected: Trojan.Win32.Dialer.ay skipped
C:\WINDOWS\Temp\didipknd.exe Infected: Trojan.Win32.Dialer.ay skipped
C:\WINDOWS\Temp\djdlljid.exe Infected: Trojan.Win32.Dialer.ay skipped
C:\WINDOWS\Temp\dkobmcpd.exe Infected: Trojan.Win32.Dialer.ay skipped
C:\WINDOWS\Temp\dmbahlkd.exe Infected: Trojan.Win32.Dialer.ay skipped
C:\WINDOWS\Temp\dnapnled.exe Infected: Trojan.Win32.Dialer.ay skipped
C:\WINDOWS\Temp\dpnegpid.exe Infected: Trojan.Win32.Dialer.ay skipped
C:\WINDOWS\Temp\eaahohkd.exe Infected: Trojan.Win32.Dialer.ay skipped
C:\WINDOWS\Temp\eclhphpd.exe Infected: Trojan.Win32.Dialer.ay skipped
C:\WINDOWS\Temp\ehgjfbnd.exe Infected: Trojan.Win32.Dialer.ay skipped
C:\WINDOWS\Temp\ekmcjood.exe Infected: Trojan.Win32.Dialer.ay skipped
C:\WINDOWS\Temp\ekmhmdid.exe Infected: Trojan.Win32.Dialer.ay skipped
C:\WINDOWS\Temp\elllfnld.exe Infected: Trojan.Win32.Dialer.ay skipped
C:\WINDOWS\Temp\elodopfd.exe Infected: Trojan.Win32.Dialer.ay skipped
C:\WINDOWS\Temp\emmhlcod.exe Infected: Trojan.Win32.Dialer.ay skipped
C:\WINDOWS\Temp\enkcjlgd.exe Infected: Trojan.Win32.Dialer.ay skipped
C:\WINDOWS\Temp\ennbhmfd.exe Infected: Trojan.Win32.Dialer.ay skipped
C:\WINDOWS\Temp\fapminod.exe Infected: Trojan.Win32.Dialer.ay skipped
C:\WINDOWS\Temp\fclonnkd.exe Infected: Trojan.Win32.Dialer.ay skipped
C:\WINDOWS\Temp\ffcfjbkd.exe Infected: Trojan.Win32.Dialer.ay skipped
C:\WINDOWS\Temp\ffkobaod.exe Infected: Trojan.Win32.Dialer.ay skipped
C:\WINDOWS\Temp\fgijhjjd.exe Infected: Trojan.Win32.Dialer.ay skipped
C:\WINDOWS\Temp\fihjkkpd.exe Infected: Trojan.Win32.Dialer.ay skipped
C:\WINDOWS\Temp\fipldepd.exe Infected: Trojan.Win32.Dialer.ay skipped
C:\WINDOWS\Temp\fjnagffd.exe Infected: Trojan.Win32.Dialer.ay skipped
C:\WINDOWS\Temp\fkagaold.exe Infected: Trojan.Win32.Dialer.ay skipped
C:\WINDOWS\Temp\fmlhckid.exe Infected: Trojan.Win32.Dialer.ay skipped
C:\WINDOWS\Temp\fokaljfd.exe Infected: Trojan.Win32.Dialer.ay skipped
C:\WINDOWS\Temp\foppnmid.exe Infected: Trojan.Win32.Dialer.ay skipped
C:\WINDOWS\Temp\fpebkkad.exe Infected: Trojan.Win32.Dialer.ay skipped
C:\WINDOWS\Temp\gacilpod.exe Infected: Trojan.Win32.Dialer.ay skipped
C:\WINDOWS\Temp\gbbfehpd.exe Infected: Trojan.Win32.Dialer.ay skipped
C:\WINDOWS\Temp\gbcifogd.exe Infected: Trojan.Win32.Dialer.ay skipped
C:\WINDOWS\Temp\gcadkdpd.exe Infected: Trojan.Win32.Dialer.ay skipped
C:\WINDOWS\Temp\gcfjeaod.exe Infected: Trojan.Win32.Dialer.ay skipped
C:\WINDOWS\Temp\gcoichmd.exe Infected: Trojan.Win32.Dialer.ay skipped
C:\WINDOWS\Temp\gdbeijad.exe Infected: Trojan.Win32.Dialer.ay skipped
C:\WINDOWS\Temp\gdgionhd.exe Infected: Trojan.Win32.Dialer.ay skipped
C:\WINDOWS\Temp\gfhoaeed.exe Infected: Trojan.Win32.Dialer.ay skipped
C:\WINDOWS\Temp\ggcpjahd.exe Infected: Trojan.Win32.Dialer.ay skipped
C:\WINDOWS\Temp\ghhalnmd.exe Infected: Trojan.Win32.Dialer.ay skipped
C:\WINDOWS\Temp\ghklkphd.exe Infected: Trojan.Win32.Dialer.ay skipped
C:\WINDOWS\Temp\giplkmmd.exe Infected: Trojan.Win32.Dialer.ay skipped
C:\WINDOWS\Temp\gkloaipd.exe Infected: Trojan.Win32.Dialer.ay skipped
C:\WINDOWS\Temp\glfbejmd.exe Infected: Trojan.Win32.Dialer.ay skipped
C:\WINDOWS\Temp\gljjblpd.exe Infected: Trojan.Win32.Dialer.ay skipped
C:\WINDOWS\Temp\gobhgimd.exe Infected: Trojan.Win32.Dialer.ay skipped
C:\WINDOWS\Temp\hblhbgpd.exe Infected: Trojan.Win32.Dialer.ay skipped
C:\WINDOWS\Temp\hbllmind.exe Infected: Trojan.Win32.Dialer.ay skipped
C:\WINDOWS\Temp\hccdchnd.exe Infected: Trojan.Win32.Dialer.ay skipped
C:\WINDOWS\Temp\hdnamond.exe Infected: Trojan.Win32.Dialer.ay skipped
C:\WINDOWS\Temp\hfmojeid.exe Infected: Trojan.Win32.Dialer.ay skipped
C:\WINDOWS\Temp\hgegbbod.exe Infected: Trojan.Win32.Dialer.ay skipped
C:\WINDOWS\Temp\hhnjnofd.exe Infected: Trojan.Win32.Dialer.ay skipped
C:\WINDOWS\Temp\hkieddmd.exe Infected: Trojan.Win32.Dialer.ay skipped
C:\WINDOWS\Temp\hkpjfgld.exe Infected: Trojan.Win32.Dialer.ay skipped
C:\WINDOWS\Temp\hlghcpod.exe Infected: Trojan.Win32.Dialer.ay skipped
C:\WINDOWS\Temp\hljcbmnd.exe Infected: Trojan.Win32.Dialer.ay skipped
C:\WINDOWS\Temp\hmpjnfed.exe Infected: Trojan.Win32.Dialer.ay skipped
C:\WINDOWS\Temp\hojmoeid.exe Infected: Trojan.Win32.Dialer.ay skipped
C:\WINDOWS\Temp\hpiocpnd.exe Infected: Trojan.Win32.Dialer.ay skipped
C:\WINDOWS\Temp\iaoodapd.exe Infected: Trojan.Win32.Dialer.ay skipped
C:\WINDOWS\Temp\ibfdbemd.exe Infected: Trojan.Win32.Dialer.ay skipped
C:\WINDOWS\Temp\icgbjjnd.exe Infected: Trojan.Win32.Dialer.ay skipped
C:\WINDOWS\Temp\ieimaehd.exe Infected: Trojan.Win32.Dialer.ay skipped
C:\WINDOWS\Temp\iejmjbmd.exe Infected: Trojan.Win32.Dialer.ay skipped
C:\WINDOWS\Temp\iemcppad.exe Infected: Trojan.Win32.Dialer.ay skipped
C:\WINDOWS\Temp\ifcokmnd.exe Infected: Trojan.Win32.Dialer.ay skipped
C:\WINDOWS\Temp\ifflchfd.exe Infected: Trojan.Win32.Dialer.ay skipped
C:\WINDOWS\Temp\iiaflfmd.exe Infected: Trojan.Win32.Dialer.ay skipped
C:\WINDOWS\Temp\ijehipkd.exe Infected: Trojan.Win32.Dialer.ay skipped
C:\WINDOWS\Temp\ijggbend.exe Infected: Trojan.Win32.Dialer.ay skipped
C:\WINDOWS\Temp\ikahnpmd.exe Infected: Trojan.Win32.Dialer.ay skipped
C:\WINDOWS\Temp\ilglbhid.exe Infected: Trojan.Win32.Dialer.ay skipped
C:\WINDOWS\Temp\imjmkfgd.exe Infected: Trojan.Win32.Dialer.ay skipped
C:\WINDOWS\Temp\incackjd.exe Infected: Trojan.Win32.Dialer.ay skipped
C:\WINDOWS\Temp\incfkbhd.exe Infected: Trojan.Win32.Dialer.ay skipped
C:\WINDOWS\Temp\iooicfhd.exe Infected: Trojan.Win32.Dialer.ay skipped
C:\WINDOWS\Temp\jcadjfid.exe Infected: Trojan.Win32.Dialer.ay skipped
C:\WINDOWS\Temp\jdjoegnd.exe Infected: Trojan.Win32.Dialer.ay skipped
C:\WINDOWS\Temp\jedimakd.exe Infected: Trojan.Win32.Dialer.ay skipped
C:\WINDOWS\Temp\jemdikod.exe Infected: Trojan.Win32.Dialer.ay skipped
C:\WINDOWS\Temp\jfbflnnd.exe Infected: Trojan.Win32.Dialer.ay skipped
C:\WINDOWS\Temp\jibkkjkd.exe Infected: Trojan.Win32.Dialer.ay skipped
C:\WINDOWS\Temp\jihniaed.exe Infected: Trojan.Win32.Dialer.ay skipped
C:\WINDOWS\Temp\jmbpbeod.exe Infected: Trojan.Win32.Dialer.ay skipped
C:\WINDOWS\Temp\jollgigd.exe Infected: Trojan.Win32.Dialer.ay skipped
C:\WINDOWS\Temp\jomamjod.exe Infected: Trojan.Win32.Dialer.ay skipped
C:\WINDOWS\Temp\jpffpnod.exe Infected: Trojan.Win32.Dialer.ay skipped
C:\WINDOWS\Temp\kdlmdhad.exe Infected: Trojan.Win32.Dialer.ay skipped
C:\WINDOWS\Temp\kealadjd.exe Infected: Trojan.Win32.Dialer.ay skipped
C:\WINDOWS\Temp\kfeeglid.exe Infected: Trojan.Win32.Dialer.ay skipped
C:\WINDOWS\Temp\khgkgmod.exe Infected: Trojan.Win32.Dialer.ay skipped
C:\WINDOWS\Temp\khjknfod.exe Infected: Trojan.Win32.Dialer.ay skipped
C:\WINDOWS\Temp\kjcmnpmd.exe Infected: Trojan.Win32.Dialer.ay skipped
C:\WINDOWS\Temp\knibkend.exe Infected: Trojan.Win32.Dialer.ay skipped
C:\WINDOWS\Temp\knjipbod.exe Infected: Trojan.Win32.Dialer.ay skipped
C:\WINDOWS\Temp\kojgjmjd.exe Infected: Trojan.Win32.Dialer.ay skipped
C:\WINDOWS\Temp\laiihiod.exe Infected: Trojan.Win32.Dialer.ay skipped
C:\WINDOWS\Temp\lbgblhhd.exe Infected: Trojan.Win32.Dialer.ay skipped
C:\WINDOWS\Temp\lcbjbfkd.exe Infected: Trojan.Win32.Dialer.ay skipped
C:\WINDOWS\Temp\lcjnagfd.exe Infected: Trojan.Win32.Dialer.ay skipped
C:\WINDOWS\Temp\lecfgmpd.exe Infected: Trojan.Win32.Dialer.ay skipped
C:\WINDOWS\Temp\lejlhkhd.exe Infected: Trojan.Win32.Dialer.ay skipped
C:\WINDOWS\Temp\lfbjfpid.exe Infected: Trojan.Win32.Dialer.ay skipped
C:\WINDOWS\Temp\ljepfpjd.exe Infected: Trojan.Win32.Dialer.ay skipped
C:\WINDOWS\Temp\ljfoemad.exe Infected: Trojan.Win32.Dialer.ay skipped
C:\WINDOWS\Temp\ljmnpkmd.exe Infected: Trojan.Win32.Dialer.ay skipped
C:\WINDOWS\Temp\lkgffdkd.exe Infected: Trojan.Win32.Dialer.ay skipped
C:\WINDOWS\Temp\llbcoegd.exe Infected: Trojan.Win32.Dialer.ay skipped
C:\WINDOWS\Temp\lldfccnd.exe Infected: Trojan.Win32.Dialer.ay skipped
C:\WINDOWS\Temp\lllhcgkd.exe Infected: Trojan.Win32.Dialer.ay skipped
C:\WINDOWS\Temp\lnnbebjd.exe Infected: Trojan.Win32.Dialer.ay skipped
C:\WINDOWS\Temp\lnpapfpd.exe Infected: Trojan.Win32.Dialer.ay skipped
C:\WINDOWS\Temp\lnpiifnd.exe Infected: Trojan.Win32.Dialer.ay skipped
C:\WINDOWS\Temp\lpldmnpd.exe Infected: Trojan.Win32.Dialer.ay skipped
C:\WINDOWS\Temp\lppacbpd.exe Infected: Trojan.Win32.Dialer.ay skipped
C:\WINDOWS\Temp\mafflohd.exe Infected: Trojan.Win32.Dialer.ay skipped
C:\WINDOWS\Temp\mgpiabld.exe Infected: Trojan.Win32.Dialer.ay skipped
C:\WINDOWS\Temp\mhelfijd.exe Infected: Trojan.Win32.Dialer.ay skipped
C:\WINDOWS\Temp\miknlmgd.exe Infected: Trojan.Win32.Dialer.ay skipped
C:\WINDOWS\Temp\mlmadmkd.exe Infected: Trojan.Win32.Dialer.ay skipped
C:\WINDOWS\Temp\mlnjljpd.exe Infected: Trojan.Win32.Dialer.ay skipped
C:\WINDOWS\Temp\mmconpmd.exe Infected: Trojan.Win32.Dialer.ay skipped
C:\WINDOWS\Temp\mnahpdld.exe Infected: Trojan.Win32.Dialer.ay skipped
C:\WINDOWS\Temp\mnfngald.exe Infected: Trojan.Win32.Dialer.ay skipped
C:\WINDOWS\Temp\mofmjipd.exe Infected: Trojan.Win32.Dialer.ay skipped
C:\WINDOWS\Temp\ncheined.exe Infected: Trojan.Win32.Dialer.ay skipped
C:\WINDOWS\Temp\ndffnoad.exe Infected: Trojan.Win32.Dialer.ay skipped
C:\WINDOWS\Temp\ndielgod.exe Infected: Trojan.Win32.Dialer.ay skipped
C:\WINDOWS\Temp\neacmgmd.exe Infected: Trojan.Win32.Dialer.ay skipped
C:\WINDOWS\Temp\nehnhhld.exe Infected: Trojan.Win32.Dialer.ay skipped
C:\WINDOWS\Temp\nelhdjgd.exe Infected: Trojan.Win32.Dialer.ay skipped
C:\WINDOWS\Temp\ngidpcnd.exe Infected: Trojan.Win32.Dialer.ay skipped
C:\WINDOWS\Temp\nkapfpmd.exe Infected: Trojan.Win32.Dialer.ay skipped
C:\WINDOWS\Temp\nlgcbked.exe Infected: Trojan.Win32.Dialer.ay skipped
C:\WINDOWS\Temp\oanlbpgd.exe Infected: Trojan.Win32.Dialer.ay skipped
C:\WINDOWS\Temp\obbdmmhd.exe Infected: Trojan.Win32.Dialer.ay skipped
C:\WINDOWS\Temp\ociiehgd.exe Infected: Trojan.Win32.Dialer.ay skipped
C:\WINDOWS\Temp\ojecnkgd.exe Infected: Trojan.Win32.Dialer.ay skipped
C:\WINDOWS\Temp\ojhmhekd.exe Infected: Trojan.Win32.Dialer.ay skipped
C:\WINDOWS\Temp\olhfnafd.exe Infected: Trojan.Win32.Dialer.ay skipped
C:\WINDOWS\Temp\olohbded.exe Infected: Trojan.Win32.Dialer.ay skipped
C:\WINDOWS\Temp\omnojcfd.exe Infected: Trojan.Win32.Dialer.ay skipped
C:\WINDOWS\Temp\onhlejed.exe Infected: Trojan.Win32.Dialer.ay skipped
C:\WINDOWS\Temp\pbapjnid.exe Infected: Trojan.Win32.Dialer.ay skipped
C:\WINDOWS\Temp\pgbkdcgd.exe Infected: Trojan.Win32.Dialer.ay skipped
C:\WINDOWS\Temp\phkgcmpd.exe Infected: Trojan.Win32.Dialer.ay skipped
C:\WINDOWS\Temp\phmhjkld.exe Infected: Trojan.Win32.Dialer.ay skipped
C:\WINDOWS\Temp\piaikemd.exe Infected: Trojan.Win32.Dialer.ay skipped
C:\WINDOWS\Temp\piaofdpd.exe Infected: Trojan.Win32.Dialer.ay skipped
C:\WINDOWS\Temp\pilgjifd.exe Infected: Trojan.Win32.Dialer.ay skipped
C:\WINDOWS\Temp\pmhgpbfd.exe Infected: Trojan.Win32.Dialer.ay skipped
C:\WINDOWS\Temp\win1095.tmp.exe Infected: Trojan.Win32.Dialer.oy skipped
C:\WINDOWS\Temp\win1281.tmp.exe Infected: Trojan.Win32.Dialer.oy skipped
C:\WINDOWS\Temp\win1F14.tmp.exe Infected: Trojan.Win32.Dialer.oy skipped
C:\WINDOWS\Temp\win1F1B.tmp.exe Infected: Trojan.Win32.Dialer.oy skipped
C:\WINDOWS\Temp\win286.tmp.exe Infected: Trojan-Downloader.Win32.IstBar.ff skipped
C:\WINDOWS\Temp\win2A1.tmp.exe Infected: Trojan.Win32.Dialer.oy skipped
C:\WINDOWS\Temp\win2B.tmp.exe Infected: Trojan.Win32.Dialer.oy skipped
C:\WINDOWS\Temp\win4B0.tmp.exe Infected: Trojan.Win32.Dialer.oy skipped
C:\WINDOWS\Temp\win4BF.tmp.exe Infected: Trojan.Win32.Dialer.oy skipped
C:\WINDOWS\Temp\win897.tmp.exe Infected: Trojan.Win32.Dialer.oy skipped

Scan process completed.


i also looked for the folder and i didn't see one that contained oracle in the file name


0

Related Posts

See More



Response Number 6
Name: jabuck
Date: April 13, 2006 at 20:39:52 Pacific
Reply:

Reboot into safe mode, run HT again, close allwindows and browsers except HT, place a check to the left of the following items and press "fix checked":

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydsl/*http://www.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydsl/*http://www.yahoo.com

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com

O4 - HKCU\..\Run: [Lhuazmz] C:\Program Files\?racle\nslookup.exe

All the 018"s but the last one

O20 - Winlogon Notify: winjvd32 - C:\WINDOWS\SYSTEM32\winjvd32.dll

O23 - Service: Adobe Version Cue CS2 - Unknown owner - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe" -win32service (file missing)

O23 - Service: ColdFusion MX 7 Search Server - Unknown owner - C:\JRun4\verity\k2\_nti40\bin\k2admin.exe" -cfg "C:\JRun4\verity\k2\common\verity.cfg" -ntstart 1 (file missing)

Start Killbox place a tick next to [x]Delete on reboot "Press the ALL Files button"
Copy this whole list into the windows clipboard, all the bolded file paths below. Copy the following list of files to clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

C:\WINDOWS\SYSTEM32\winjvd32.dll

C:\WINDOWS\mtuninst.exe

C:\WINDOWS\system32\oins.exe

Next in Killbox go to File > Paste from clipboard
"Click on the All Files button."
Next click on the button that has the red circle with the white X in the middle.
It will ask for confimation to delete the files on next reboot and ask you if you want to reboot now.
Click Yes and let the computer reboot.

RunATF Cleaner from safe mode. Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

Run Ewido from safe mode. When the scan has completed, Ewido will create a report.txt file. Click the "Save Report" button on the bottom of the screen and save the log to your desktop.

Please reboot into normal mode and post the ewido log.

Post a new HT log.



0

Response Number 7
Name: thedreamer
Date: April 13, 2006 at 23:22:14 Pacific
Reply:

here is the ewido log


ewido anti-malware - Scan report


+ Created on: 12:41:47 AM, 4/14/2006
+ Report-Checksum: 9CF1902

+ Scan result:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MediaTickets -> Adware.PurityScan : Cleaned with backup
C:\!KillBox\mtuninst.exe -> Adware.MediaTickets : Cleaned with backup
C:\!KillBox\oins.exe -> Downloader.PurityScan.bt : Cleaned with backup
C:\!KillBox\winjvd32.dll -> Trojan.Agent.qt : Cleaned with backup
C:\data -> Downloader.IstBar.nh : Cleaned with backup
:mozilla.17:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\sy6rvf2k.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.18:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\sy6rvf2k.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.19:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\sy6rvf2k.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.20:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\sy6rvf2k.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.21:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\sy6rvf2k.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.22:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\sy6rvf2k.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.23:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\sy6rvf2k.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.24:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\sy6rvf2k.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.25:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\sy6rvf2k.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.26:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\sy6rvf2k.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.27:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\sy6rvf2k.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.28:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\sy6rvf2k.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.29:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\sy6rvf2k.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.31:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\sy6rvf2k.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.50:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\sy6rvf2k.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned with backup
:mozilla.51:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\sy6rvf2k.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned with backup
:mozilla.52:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\sy6rvf2k.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned with backup
:mozilla.53:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\sy6rvf2k.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned with backup
:mozilla.56:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\sy6rvf2k.default\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup
:mozilla.57:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\sy6rvf2k.default\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup
:mozilla.58:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\sy6rvf2k.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.62:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\sy6rvf2k.default\cookies.txt -> TrackingCookie.Sextracker : Cleaned with backup
:mozilla.63:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\sy6rvf2k.default\cookies.txt -> TrackingCookie.Sextracker : Cleaned with backup
:mozilla.89:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\sy6rvf2k.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.90:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\sy6rvf2k.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.91:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\sy6rvf2k.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.102:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\sy6rvf2k.default\cookies.txt -> TrackingCookie.Hotlog : Cleaned with backup
:mozilla.103:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\sy6rvf2k.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.104:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\sy6rvf2k.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.105:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\sy6rvf2k.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.106:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\sy6rvf2k.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.107:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\sy6rvf2k.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.108:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\sy6rvf2k.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.109:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\sy6rvf2k.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.110:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\sy6rvf2k.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.111:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\sy6rvf2k.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.112:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\sy6rvf2k.default\cookies.txt -> TrackingCookie.Spylog : Cleaned with backup
:mozilla.113:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\sy6rvf2k.default\cookies.txt -> TrackingCookie.Yadro : Cleaned with backup
:mozilla.114:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\sy6rvf2k.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup
:mozilla.115:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\sy6rvf2k.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.116:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\sy6rvf2k.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.117:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\sy6rvf2k.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.123:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\sy6rvf2k.default\cookies.txt -> TrackingCookie.Clickbank : Cleaned with backup
:mozilla.126:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\sy6rvf2k.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.128:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\sy6rvf2k.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.129:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\sy6rvf2k.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.139:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\sy6rvf2k.default\cookies.txt -> TrackingCookie.Clickhype : Cleaned with backup
:mozilla.161:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\sy6rvf2k.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup
:mozilla.174:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\sy6rvf2k.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.175:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\sy6rvf2k.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.176:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\sy6rvf2k.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.177:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\sy6rvf2k.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.178:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\sy6rvf2k.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.179:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\sy6rvf2k.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.194:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\sy6rvf2k.default\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup
:mozilla.195:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\sy6rvf2k.default\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup
:mozilla.196:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\sy6rvf2k.default\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup
:mozilla.197:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\sy6rvf2k.default\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup
:mozilla.198:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\sy6rvf2k.default\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup
:mozilla.199:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\sy6rvf2k.default\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup
:mozilla.200:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\sy6rvf2k.default\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup
:mozilla.201:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\sy6rvf2k.default\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup
:mozilla.202:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\sy6rvf2k.default\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup
:mozilla.203:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\sy6rvf2k.default\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup
:mozilla.204:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\sy6rvf2k.default\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup
:mozilla.224:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\sy6rvf2k.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.225:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\sy6rvf2k.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.226:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\sy6rvf2k.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.228:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\sy6rvf2k.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.229:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\sy6rvf2k.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.230:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\sy6rvf2k.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.231:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\sy6rvf2k.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.232:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\sy6rvf2k.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.233:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\sy6rvf2k.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.234:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\sy6rvf2k.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.235:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\sy6rvf2k.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.236:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\sy6rvf2k.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.237:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\sy6rvf2k.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.242:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\sy6rvf2k.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned with backup
:mozilla.246:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\sy6rvf2k.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.247:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\sy6rvf2k.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.248:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\sy6rvf2k.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.249:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\sy6rvf2k.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.250:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\sy6rvf2k.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.251:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\sy6rvf2k.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.252:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\sy6rvf2k.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.253:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\sy6rvf2k.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup
:mozilla.260:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\sy6rvf2k.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.261:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\sy6rvf2k.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.262:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\sy6rvf2k.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.263:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\sy6rvf2k.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.264:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\sy6rvf2k.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.265:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\sy6rvf2k.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.266:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\sy6rvf2k.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.267:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\sy6rvf2k.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.268:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\sy6rvf2k.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.272:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\sy6rvf2k.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.282:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\sy6rvf2k.default\cookies.txt -> TrackingCookie.Masterstats : Cleaned with backup
:mozilla.287:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\sy6rvf2k.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.288:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\sy6rvf2k.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.289:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\sy6rvf2k.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.290:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\sy6rvf2k.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.291:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\sy6rvf2k.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.292:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\sy6rvf2k.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.293:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\sy6rvf2k.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.294:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\sy6rvf2k.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.295:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\sy6rvf2k.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.301:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\sy6rvf2k.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.307:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\sy6rvf2k.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.308:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\sy6rvf2k.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.310:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\sy6rvf2k.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.311:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\sy6rvf2k.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.312:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\sy6rvf2k.default\cookies.txt -> TrackingCookie.Hypertracker : Cleaned with backup
:mozilla.330:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\sy6rvf2k.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.331:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\sy6rvf2k.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.340:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\sy6rvf2k.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.341:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\sy6rvf2k.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.342:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\sy6rvf2k.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.343:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\sy6rvf2k.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.344:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\sy6rvf2k.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.345:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\sy6rvf2k.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.346:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\sy6rvf2k.default\cookies.txt -> TrackingCookie.Paycounter : Cleaned with backup
:mozilla.349:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\sy6rvf2k.default\cookies.txt -> TrackingCookie.Kmpads : Cleaned with backup
:mozilla.350:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\sy6rvf2k.default\cookies.txt -> TrackingCookie.Kmpads : Cleaned with backup
:mozilla.356:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\sy6rvf2k.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.357:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\sy6rvf2k.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.358:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\sy6rvf2k.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.359:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\sy6rvf2k.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.360:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\sy6rvf2k.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.361:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\sy6rvf2k.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.365:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\sy6rvf2k.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup
:mozilla.374:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\sy6rvf2k.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup
:mozilla.375:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\sy6rvf2k.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup
:mozilla.376:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\sy6rvf2k.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup
:mozilla.377:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\sy6rvf2k.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup
:mozilla.381:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\sy6rvf2k.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup
:mozilla.382:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\sy6rvf2k.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup
:mozilla.383:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\sy6rvf2k.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup
:mozilla.405:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\sy6rvf2k.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.420:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\sy6rvf2k.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.422:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\sy6rvf2k.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.423:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\sy6rvf2k.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.425:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\sy6rvf2k.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.430:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\sy6rvf2k.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.431:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\sy6rvf2k.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.434:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\sy6rvf2k.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.436:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\sy6rvf2k.default\cookies.txt -> TrackingCookie.Cqcounter : Cleaned with backup
:mozilla.459:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\sy6rvf2k.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.467:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\sy6rvf2k.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.468:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\sy6rvf2k.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.469:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\sy6rvf2k.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.470:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\sy6rvf2k.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.471:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\sy6rvf2k.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.490:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\sy6rvf2k.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.491:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\sy6rvf2k.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.492:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\sy6rvf2k.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.493:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\sy6rvf2k.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.494:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\sy6rvf2k.default\cookies.txt -> TrackingCookie.Targetnet : Cleaned with backup
:mozilla.498:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\sy6rvf2k.default\cookies.txt -> TrackingCookie.Realtracker : Cleaned with backup
:mozilla.499:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\sy6rvf2k.default\cookies.txt -> TrackingCookie.Realtracker : Cleaned with backup
:mozilla.505:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\sy6rvf2k.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.506:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\sy6rvf2k.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.507:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\sy6rvf2k.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.508:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\sy6rvf2k.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.509:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\sy6rvf2k.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.510:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\sy6rvf2k.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.511:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\sy6rvf2k.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.512:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\sy6rvf2k.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.514:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\sy6rvf2k.default\cookies.txt -> TrackingCookie.Komtrack : Cleaned with backup
:mozilla.515:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\sy6rvf2k.default\cookies.txt -> TrackingCookie.Komtrack : Cleaned with backup
:mozilla.546:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\sy6rvf2k.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.547:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\sy6rvf2k.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.548:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\sy6rvf2k.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.549:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\sy6rvf2k.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.550:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\sy6rvf2k.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.551:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\sy6rvf2k.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.552:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\sy6rvf2k.default\cookies.txt -> TrackingCookie.Goldenpalace : Cleaned with backup
:mozilla.569:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\sy6rvf2k.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.570:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\sy6rvf2k.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.571:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\sy6rvf2k.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.572:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\sy6rvf2k.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.573:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\sy6rvf2k.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.586:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\sy6rvf2k.default\cookies.txt -> TrackingCookie.Enhance : Cleaned with backup
:mozilla.588:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\sy6rvf2k.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\Daniel\Application Data\ŠppPatch\cmd.exe -> Downloader.PurityScan.w : Cleaned with backup
C:\Documents and Settings\Daniel\Local Settings\Temp\win37E.tmp.exe -> Trojan.Dialer.oy : Cleaned with backup
C:\Documents and Settings\Daniel\Local Settings\Temp\win385.tmp.exe -> Trojan.Dialer.oy : Cleaned with backup
C:\Documents and Settings\Daniel\Local Settings\Temporary Internet Files\Content.IE5\O9A3CD2J\mypics[1].exe -> Backdoor.IRCBot.ct : Cleaned with backup
C:\WINDOWS\Temp\iaoodapd.exe -> Trojan.Dialer.ay : Cleaned with backup
C:\WINDOWS\Temp\ibfdbemd.exe -> Trojan.Dialer.ay : Cleaned with backup
C:\WINDOWS\Temp\icgbjjnd.exe -> Trojan.Dialer.ay : Cleaned with backup
C:\WINDOWS\Temp\ieimaehd.exe -> Trojan.Dialer.ay : Cleaned with backup
C:\WINDOWS\Temp\iejmjbmd.exe -> Trojan.Dialer.ay : Cleaned with backup
C:\WINDOWS\Temp\iemcppad.exe -> Trojan.Dialer.ay : Cleaned with backup
C:\WINDOWS\Temp\ifcokmnd.exe -> Trojan.Dialer.ay : Cleaned with backup
C:\WINDOWS\Temp\ifflchfd.exe -> Trojan.Dialer.ay : Cleaned with backup
C:\WINDOWS\Temp\iiaflfmd.exe -> Trojan.Dialer.ay : Cleaned with backup
C:\WINDOWS\Temp\ijehipkd.exe -> Trojan.Dialer.ay : Cleaned with backup
C:\WINDOWS\Temp\ijggbend.exe -> Trojan.Dialer.ay : Cleaned with backup
C:\WINDOWS\Temp\ikahnpmd.exe -> Trojan.Dialer.ay : Cleaned with backup
C:\WINDOWS\Temp\ilglbhid.exe -> Trojan.Dialer.ay : Cleaned with backup
C:\WINDOWS\Temp\imjmkfgd.exe -> Trojan.Dialer.ay : Cleaned with backup
C:\WINDOWS\Temp\incackjd.exe -> Trojan.Dialer.ay : Cleaned with backup
C:\WINDOWS\Temp\incfkbhd.exe -> Trojan.Dialer.ay : Cleaned with backup
C:\WINDOWS\Temp\iooicfhd.exe -> Trojan.Dialer.ay : Cleaned with backup
C:\WINDOWS\Temp\jcadjfid.exe -> Trojan.Dialer.ay : Cleaned with backup
C:\WINDOWS\Temp\jdjoegnd.exe -> Trojan.Dialer.ay : Cleaned with backup
C:\WINDOWS\Temp\jedimakd.exe -> Trojan.Dialer.ay : Cleaned with backup
C:\WINDOWS\Temp\jemdikod.exe -> Trojan.Dialer.ay : Cleaned with backup
C:\WINDOWS\Temp\jfbflnnd.exe -> Trojan.Dialer.ay : Cleaned with backup
C:\WINDOWS\Temp\jibkkjkd.exe -> Trojan.Dialer.ay : Cleaned with backup
C:\WINDOWS\Temp\jihniaed.exe -> Trojan.Dialer.ay : Cleaned with backup
C:\WINDOWS\Temp\jmbpbeod.exe -> Trojan.Dialer.ay : Cleaned with backup
C:\WINDOWS\Temp\jollgigd.exe -> Trojan.Dialer.ay : Cleaned with backup
C:\WINDOWS\Temp\jomamjod.exe -> Trojan.Dialer.ay : Cleaned with backup
C:\WINDOWS\Temp\jpffpnod.exe -> Trojan.Dialer.ay : Cleaned with backup
C:\WINDOWS\Temp\kdlmdhad.exe -> Trojan.Dialer.ay : Cleaned with backup
C:\WINDOWS\Temp\kealadjd.exe -> Trojan.Dialer.ay : Cleaned with backup
C:\WINDOWS\Temp\kfeeglid.exe -> Trojan.Dialer.ay : Cleaned with backup
C:\WINDOWS\Temp\khgkgmod.exe -> Trojan.Dialer.ay : Cleaned with backup
C:\WINDOWS\Temp\khjknfod.exe -> Trojan.Dialer.ay : Cleaned with backup
C:\WINDOWS\Temp\kjcmnpmd.exe -> Trojan.Dialer.ay : Cleaned with backup
C:\WINDOWS\Temp\knibkend.exe -> Trojan.Dialer.ay : Cleaned with backup
C:\WINDOWS\Temp\knjipbod.exe -> Trojan.Dialer.ay : Cleaned with backup
C:\WINDOWS\Temp\kojgjmjd.exe -> Trojan.Dialer.ay : Cleaned with backup
C:\WINDOWS\Temp\laiihiod.exe -> Trojan.Dialer.ay : Cleaned with backup
C:\WINDOWS\Temp\lbgblhhd.exe -> Trojan.Dialer.ay : Cleaned with backup
C:\WINDOWS\Temp\lcbjbfkd.exe -> Trojan.Dialer.ay : Cleaned with backup
C:\WINDOWS\Temp\lcjnagfd.exe -> Trojan.Dialer.ay : Cleaned with backup
C:\WINDOWS\Temp\lecfgmpd.exe -> Trojan.Dialer.ay : Cleaned with backup
C:\WINDOWS\Temp\lejlhkhd.exe -> Trojan.Dialer.ay : Cleaned with backup
C:\WINDOWS\Temp\lfbjfpid.exe -> Trojan.Dialer.ay : Cleaned with backup
C:\WINDOWS\Temp\ljepfpjd.exe -> Trojan.Dialer.ay : Cleaned with backup
C:\WINDOWS\Temp\ljfoemad.exe -> Trojan.Dialer.ay : Cleaned with backup
C:\WINDOWS\Temp\ljmnpkmd.exe -> Trojan.Dialer.ay : Cleaned with backup
C:\WINDOWS\Temp\lkgffdkd.exe -> Trojan.Dialer.ay : Cleaned with backup
C:\WINDOWS\Temp\llbcoegd.exe -> Trojan.Dialer.ay : Cleaned with backup
C:\WINDOWS\Temp\lldfccnd.exe -> Trojan.Dialer.ay : Cleaned with backup
C:\WINDOWS\Temp\lllhcgkd.exe -> Trojan.Dialer.ay : Cleaned with backup
C:\WINDOWS\Temp\lnnbebjd.exe -> Trojan.Dialer.ay : Cleaned with backup
C:\WINDOWS\Temp\lnpapfpd.exe -> Trojan.Dialer.ay : Cleaned with backup
C:\WINDOWS\Temp\lnpiifnd.exe -> Trojan.Dialer.ay : Cleaned with backup
C:\WINDOWS\Temp\lpldmnpd.exe -> Trojan.Dialer.ay : Cleaned with backup
C:\WINDOWS\Temp\lppacbpd.exe -> Trojan.Dialer.ay : Cleaned with backup
C:\WINDOWS\Temp\mafflohd.exe -> Trojan.Dialer.ay : Cleaned with backup
C:\WINDOWS\Temp\mgpiabld.exe -> Trojan.Dialer.ay : Cleaned with backup
C:\WINDOWS\Temp\mhelfijd.exe -> Trojan.Dialer.ay : Cleaned with backup
C:\WINDOWS\Temp\miknlmgd.exe -> Trojan.Dialer.ay : Cleaned with backup
C:\WINDOWS\Temp\mlmadmkd.exe -> Trojan.Dialer.ay : Cleaned with backup
C:\WINDOWS\Temp\mlnjljpd.exe -> Trojan.Dialer.ay : Cleaned with backup
C:\WINDOWS\Temp\mmconpmd.exe -> Trojan.Dialer.ay : Cleaned with backup
C:\WINDOWS\Temp\mnahpdld.exe -> Trojan.Dialer.ay : Cleaned with backup
C:\WINDOWS\Temp\mnfngald.exe -> Trojan.Dialer.ay : Cleaned with backup
C:\WINDOWS\Temp\mofmjipd.exe -> Trojan.Dialer.ay : Cleaned with backup
C:\WINDOWS\Temp\ncheined.exe -> Trojan.Dialer.ay : Cleaned with backup
C:\WINDOWS\Temp\ndffnoad.exe -> Trojan.Dialer.ay : Cleaned with backup
C:\WINDOWS\Temp\ndielgod.exe -> Trojan.Dialer.ay : Cleaned with backup
C:\WINDOWS\Temp\neacmgmd.exe -> Trojan.Dialer.ay : Cleaned with backup
C:\WINDOWS\Temp\nehnhhld.exe -> Trojan.Dialer.ay : Cleaned with backup
C:\WINDOWS\Temp\nelhdjgd.exe -> Trojan.Dialer.ay : Cleaned with backup
C:\WINDOWS\Temp\ngidpcnd.exe -> Trojan.Dialer.ay : Cleaned with backup
C:\WINDOWS\Temp\nkapfpmd.exe -> Trojan.Dialer.ay : Cleaned with backup
C:\WINDOWS\Temp\nlgcbked.exe -> Trojan.Dialer.ay : Cleaned with backup
C:\WINDOWS\Temp\nmlkbbid.exe -> Trojan.Dialer.ay : Cleaned with backup
C:\WINDOWS\Temp\oanlbpgd.exe -> Trojan.Dialer.ay : Cleaned with backup
C:\WINDOWS\Temp\obbdmmhd.exe -> Trojan.Dialer.ay : Cleaned with backup
C:\WINDOWS\Temp\ociiehgd.exe -> Trojan.Dialer.ay : Cleaned with backup
C:\WINDOWS\Temp\ojecnkgd.exe -> Trojan.Dialer.ay : Cleaned with backup
C:\WINDOWS\Temp\ojhmhekd.exe -> Trojan.Dialer.ay : Cleaned with backup
C:\WINDOWS\Temp\olhfnafd.exe -> Trojan.Dialer.ay : Cleaned with backup
C:\WINDOWS\Temp\olohbded.exe -> Trojan.Dialer.ay : Cleaned with backup
C:\WINDOWS\Temp\omnojcfd.exe -> Trojan.Dialer.ay : Cleaned with backup
C:\WINDOWS\Temp\onhlejed.exe -> Trojan.Dialer.ay : Cleaned with backup
C:\WINDOWS\Temp\pbapjnid.exe -> Trojan.Dialer.ay : Cleaned with backup
C:\WINDOWS\Temp\pgbkdcgd.exe -> Trojan.Dialer.ay : Cleaned with backup
C:\WINDOWS\Temp\phkgcmpd.exe -> Trojan.Dialer.ay : Cleaned with backup
C:\WINDOWS\Temp\phmhjkld.exe -> Trojan.Dialer.ay : Cleaned with backup
C:\WINDOWS\Temp\piaikemd.exe -> Trojan.Dialer.ay : Cleaned with backup
C:\WINDOWS\Temp\piaofdpd.exe -> Trojan.Dialer.ay : Cleaned with backup
C:\WINDOWS\Temp\pilgjifd.exe -> Trojan.Dialer.ay : Cleaned with backup
C:\WINDOWS\Temp\pmhgpbfd.exe -> Trojan.Dialer.ay : Cleaned with backup
C:\WINDOWS\Temp\win1095.tmp.exe -> Trojan.Dialer.oy : Cleaned with backup
C:\WINDOWS\Temp\win1281.tmp.exe -> Trojan.Dialer.oy : Cleaned with backup
C:\WINDOWS\Temp\win1F14.tmp.exe -> Trojan.Dialer.oy : Cleaned with backup
C:\WINDOWS\Temp\win1F1B.tmp.exe -> Trojan.Dialer.oy : Cleaned with backup
C:\WINDOWS\Temp\win286.tmp.exe -> Downloader.IstBar.eq : Cleaned with backup
C:\WINDOWS\Temp\win2A1.tmp.exe -> Trojan.Dialer.oy : Cleaned with backup
C:\WINDOWS\Temp\win2B.tmp.exe -> Trojan.Dialer.oy : Cleaned with backup
C:\WINDOWS\Temp\win4B0.tmp.exe -> Trojan.Dialer.oy : Cleaned with backup
C:\WINDOWS\Temp\win4BF.tmp.exe -> Trojan.Dialer.oy : Cleaned with backup
C:\WINDOWS\Temp\win897.tmp.exe -> Trojan.Dialer.oy : Cleaned with backup


::Report End

and here is the new HT log

Logfile of HijackThis v1.99.1
Scan saved at 1:21:36 AM, on 4/14/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\JRun4\servers\cfusion\cfusion-ear\cfusion-war\WEB-INF\cfusion\db\slserver54\bin\swagent.exe
C:\JRun4\servers\cfusion\cfusion-ear\cfusion-war\WEB-INF\cfusion\db\slserver54\bin\swstrtr.exe
C:\JRun4\servers\cfusion\cfusion-ear\cfusion-war\WEB-INF\cfusion\db\slserver54\bin\swsoc.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\JRun4\bin\jrunsvc.exe
C:\JRun4\bin\jrunsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.exe
C:\JRun4\bin\jrun.exe
C:\JRun4\bin\jrun.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunThreatEngine.exe
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\SunProtectionServer.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAFA.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\DOCUME~1\Daniel\LOCALS~1\Temp\bwgo000d1530.exe
C:\Program Files\MSN Messenger\MsnMsgr.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\acrobat_sl.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Belkin\Belkin 802.11g Wireless Card Configuration Utility\utility.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\DOCUME~1\Daniel\LOCALS~1\Temp\Temporary Directory 5 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydsl/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = dynhost.inetcam.com;register.inetcam.com;localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [EPSON Stylus CX7800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAFA.exe /P26 "EPSON Stylus CX7800 Series" /O6 "USB001" /M "Stylus CX7800"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [Adobe Version Cue CS2] "C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SunServer] C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Belkin 802.11g Wireless Card Utility.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger Agent.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: SBC Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O18 - Protocol: offline-8876480 - {CB84185F-D163-4F54-BDDB-15256C364BB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: winjvd32 - winjvd32.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ColdFusion MX 7 ODBC Agent - Unknown owner - C:\JRun4\servers\cfusion\cfusion-ear\cfusion-war\WEB-INF\cfusion\db\slserver54\bin\swagent.exe
O23 - Service: ColdFusion MX 7 ODBC Server - Unknown owner - C:\JRun4\servers\cfusion\cfusion-ear\cfusion-war\WEB-INF\cfusion\db\slserver54\bin\swstrtr.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia JRun Admin Server - Macromedia Inc. - C:\JRun4\bin\jrunsvc.exe
O23 - Service: Macromedia JRun CFusion Server - Macromedia Inc. - C:\JRun4\bin\jrunsvc.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.exe


0

Response Number 8
Name: jabuck
Date: April 14, 2006 at 03:46:13 Pacific
Reply:

Run Killbox again and delete this item:

C:\DOCUME~1\Daniel\LOCALS~1\Temp\bwgo000d1530.exe

Run hat in normal mode after running killbox and remove these items:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html

O20 - Winlogon Notify: winjvd32 - winjvd32.dll (file missing)

Post a new HT log




0

Response Number 9
Name: thedreamer
Date: April 14, 2006 at 08:14:15 Pacific
Reply:

i ran killbox and deleted the file. i did not find
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html

but i did find
O20 - Winlogon Notify: winjvd32 - winjvd32.dll (file missing)

and removed it
here is the new ht log

Logfile of HijackThis v1.99.1
Scan saved at 10:13:13 AM, on 4/14/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\JRun4\servers\cfusion\cfusion-ear\cfusion-war\WEB-INF\cfusion\db\slserver54\bin\swagent.exe
C:\JRun4\servers\cfusion\cfusion-ear\cfusion-war\WEB-INF\cfusion\db\slserver54\bin\swstrtr.exe
C:\JRun4\servers\cfusion\cfusion-ear\cfusion-war\WEB-INF\cfusion\db\slserver54\bin\swsoc.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\JRun4\bin\jrunsvc.exe
C:\JRun4\bin\jrunsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.exe
C:\JRun4\bin\jrun.exe
C:\JRun4\bin\jrun.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunThreatEngine.exe
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\SunProtectionServer.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAFA.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\MSN Messenger\MsnMsgr.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Belkin\Belkin 802.11g Wireless Card Configuration Utility\utility.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\DOCUME~1\Daniel\LOCALS~1\Temp\Temporary Directory 7 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydsl/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = dynhost.inetcam.com;register.inetcam.com;localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [EPSON Stylus CX7800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAFA.exe /P26 "EPSON Stylus CX7800 Series" /O6 "USB001" /M "Stylus CX7800"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [Adobe Version Cue CS2] "C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SunServer] C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Belkin 802.11g Wireless Card Utility.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger Agent.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: SBC Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O18 - Protocol: offline-8876480 - {CB84185F-D163-4F54-BDDB-15256C364BB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ColdFusion MX 7 ODBC Agent - Unknown owner - C:\JRun4\servers\cfusion\cfusion-ear\cfusion-war\WEB-INF\cfusion\db\slserver54\bin\swagent.exe
O23 - Service: ColdFusion MX 7 ODBC Server - Unknown owner - C:\JRun4\servers\cfusion\cfusion-ear\cfusion-war\WEB-INF\cfusion\db\slserver54\bin\swstrtr.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia JRun Admin Server - Macromedia Inc. - C:\JRun4\bin\jrunsvc.exe
O23 - Service: Macromedia JRun CFusion Server - Macromedia Inc. - C:\JRun4\bin\jrunsvc.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.exe


0

Sponsored Link
Ads by Google
Reply to Message Icon



Post Locked

This post is quite old and has been locked from receiving new replies. Please create a new posting instead.


Go to Security and Virus Forum Home


Sponsored links
Ads by Google


Results for: can't get rid of h91746.exe
Can't get rid of winupgro.exe www.computing.net/answers/security/cant-get-rid-of-winupgroexe/24143.html

Can't get rid of RUN entry/Service www.computing.net/answers/security/cant-get-rid-of-run-entryservice/17409.html

Can't get rid of cws.searchx www.computing.net/answers/security/cant-get-rid-of-cwssearchx/12067.html