Thread: Please help me with spyware and pop ups
View Single Post
Join Date: Sep 2004
Posts: 32
Reputation: willis86 is an unknown quantity at this point 
Solved Threads: 0
willis86 willis86 is offline Offline
Light Poster

Re: Please help me with spyware and pop ups

 
0
  #7
Oct 23rd, 2005
Here is the new l2mfix log...

Setting Directory
C:\
C:\
System Rebooted!

Running From:
C:\

killing explorer and rundll32.exe

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 1712 'explorer.exe'

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 1960 'rundll32.exe'

Scanning First Pass. Please Wait!

First Pass Completed

Second Pass Scanning

Second pass Completed!
Backing Up: C:\WINDOWS\system32\agferror.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\cFtsrvps.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\g8040idqe80e0.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mhl_mtf.dll
1 file(s) copied.
deleting: C:\WINDOWS\system32\agferror.dll
Successfully Deleted: C:\WINDOWS\system32\agferror.dll
deleting: C:\WINDOWS\system32\cFtsrvps.dll
Successfully Deleted: C:\WINDOWS\system32\cFtsrvps.dll
deleting: C:\WINDOWS\system32\g8040idqe80e0.dll
Successfully Deleted: C:\WINDOWS\system32\g8040idqe80e0.dll
deleting: C:\WINDOWS\system32\mhl_mtf.dll
Successfully Deleted: C:\WINDOWS\system32\mhl_mtf.dll


Zipping up files for submission:
adding: agferror.dll (188 bytes security) (deflated 5%)
adding: cFtsrvps.dll (188 bytes security) (deflated 5%)
adding: g8040idqe80e0.dll (188 bytes security) (deflated 4%)
adding: mhl_mtf.dll (188 bytes security) (deflated 4%)
adding: fsc.tmp/ (256 bytes security) (stored 0%)
adding: clear.reg (188 bytes security) (deflated 22%)
adding: FSC-DeskUpdate.txt (188 bytes security) (deflated 74%)
adding: lo2.txt (188 bytes security) (deflated 69%)
adding: test.txt (188 bytes security) (deflated 55%)
adding: test2.txt (188 bytes security) (stored 0%)
adding: test3.txt (188 bytes security) (stored 0%)
adding: test5.txt (188 bytes security) (stored 0%)
adding: xfind.txt (188 bytes security) (deflated 49%)

Restoring Registry Permissions:


RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!


Revoking access for predefined group "Administrators"
Inherited ACE can not be revoked here!
Inherited ACE can not be revoked here!


Registry permissions set too:

RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-NI) ALLOW Read BUILTIN\Users
(ID-IO) ALLOW Read BUILTIN\Users
(ID-NI) ALLOW Full access BUILTIN\Administrators
(ID-IO) ALLOW Full access BUILTIN\Administrators
(ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access CREATOR OWNER


Restoring Sedebugprivilege:

Granting SeDebugPrivilege to Administrators ... successful

Restoring Windows Update Certificates.:

deleting local copy: agferror.dll
deleting local copy: cFtsrvps.dll
deleting local copy: g8040idqe80e0.dll
deleting local copy: mhl_mtf.dll

The following Is the Current Export of the Winlogon notify key:
****************************************************************************
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WRNotifier]
"Asynchronous"=dword:00000000
"DllName"="WRLogonNTF.dll"
"Impersonate"=dword:00000001
"Lock"="WRLock"
"StartScreenSaver"="WRStartScreenSaver"
"StartShell"="WRStartShell"
"Startup"="WRStartup"
"StopScreenSaver"="WRStopScreenSaver"
"Unlock"="WRUnlock"
"Shutdown"="WRShutdown"
"Logoff"="WRLogoff"
"Logon"="WRLogon"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wzcnotif]
"DLLName"="wzcdlg.dll"
"Logon"="WZCEventLogon"
"Logoff"="WZCEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000000


The following are the files found:
****************************************************************************
C:\WINDOWS\system32\agferror.dll
C:\WINDOWS\system32\cFtsrvps.dll
C:\WINDOWS\system32\g8040idqe80e0.dll
C:\WINDOWS\system32\mhl_mtf.dll

Registry Entries that were Deleted:
Please verify that the listing looks ok.
If there was something deleted wrongly there are backups in the backreg folder.
****************************************************************************
REGEDIT4

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{9D422014-5E8C-41B4-8A0A-1F361BB02391}"=-
[-HKEY_CLASSES_ROOT\CLSID\{9D422014-5E8C-41B4-8A0A-1F361BB02391}]
REGEDIT4

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"SV1"=""
****************************************************************************
Desktop.ini Contents:
****************************************************************************
****************************************************************************





NEW HJT LOG...

Logfile of HijackThis v1.99.1
Scan saved at 12:30:48, on 23/10/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABSVC.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\DOCUME~1\Willis\LOCALS~1\Temp\Temporary Directory 2 for hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
O2 - BHO: SuperAdBlockerBHO Class - {00000000-6C30-11D8-9363-000AE6309654} - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABBHO.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Super Ad Blocker Toolbar - {B4B3001E-0F56-4E51-8250-BDE11547EC55} - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\sabtb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Tsl2] C:\PROGRA~1\COMMON~1\tsa\tsl2.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SuperAdBlocker] C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SAdBlock.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} - http://www.miniclip.com/supergerball...GameLoader.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1127383312421
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Super Ad Blocker Service (SABSVC) - SuperAdBlocker.com - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABSVC.EXE
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe


PANDA ACTIVE SCAN LOG....


Incident Status Location

Spyware:spyware/dyfuca Reported C:\Documents and Settings\Willis\Local Settings\Temp\cfout.txt
Adware:adware/powerscan Reported Windows Registry
Spyware:Cookie/Atlas DMT Reported C:\Documents and Settings\Willis\Cookies\willis@atdmt[2].txt
Spyware:Cookie/Bluestreak Reported C:\Documents and Settings\Willis\Cookies\willis@bluestreak[1].txt
Spyware:Cookie/Doubleclick Reported C:\Documents and Settings\Willis\Cookies\willis@doubleclick[1].txt
Spyware:Cookie/Hitbox Reported C:\Documents and Settings\Willis\Cookies\willis@hitbox[2].txt
Spyware:Cookie/Serving-sys Reported C:\Documents and Settings\Willis\Cookies\willis@serving-sys[2].txt
Spyware:Cookie/myaffiliateprogramReported C:\Documents and Settings\Willis\Cookies\willis@www.myaffiliateprogram[2].txt
Adware:Adware/Look2Me Reported C:\backup.zip[agferror.dll]
Adware:Adware/Look2Me Reported C:\backup.zip[cFtsrvps.dll]
Adware:Adware/Look2Me Reported C:\backup.zip[g8040idqe80e0.dll]
Adware:Adware/Look2Me Reported C:\backup.zip[mhl_mtf.dll]
Spyware:Cookie/Atlas DMT Reported C:\Documents and Settings\Willis\Cookies\willis@atdmt[2].txt
Spyware:Cookie/Bluestreak Reported C:\Documents and Settings\Willis\Cookies\willis@bluestreak[1].txt
Spyware:Cookie/Doubleclick Reported C:\Documents and Settings\Willis\Cookies\willis@doubleclick[1].txt
Spyware:Cookie/Hitbox Reported C:\Documents and Settings\Willis\Cookies\willis@hitbox[2].txt
Spyware:Cookie/Serving-sys Reported C:\Documents and Settings\Willis\Cookies\willis@serving-sys[2].txt
Spyware:Cookie/myaffiliateprogramReported C:\Documents and Settings\Willis\Cookies\willis@www.myaffiliateprogram[2].txt
Adware:Adware/ISearch Reported C:\Documents and Settings\Willis\Local Settings\Temp\cmdinst.exe
Spyware:Cookie/888 Reported C:\Documents and Settings\Willis\Local Settings\Temp\Cookies\willis@888[1].txt
Spyware:Cookie/YieldManager Reported C:\Documents and Settings\Willis\Local Settings\Temp\Cookies\willis@ad.yieldmanager[2].txt
Spyware:Cookie/Hbmediapro Reported C:\Documents and Settings\Willis\Local Settings\Temp\Cookies\willis@adopt.hbmediapro[2].txt
Spyware:Cookie/Advertising Reported C:\Documents and Settings\Willis\Local Settings\Temp\Cookies\willis@advertising[2].txt
Spyware:Cookie/Apmebf Reported C:\Documents and Settings\Willis\Local Settings\Temp\Cookies\willis@apmebf[2].txt
Spyware:Cookie/Atlas DMT Reported C:\Documents and Settings\Willis\Local Settings\Temp\Cookies\willis@atdmt[2].txt
Spyware:Cookie/Azjmp Reported C:\Documents and Settings\Willis\Local Settings\Temp\Cookies\willis@azjmp[2].txt
Spyware:Cookie/BurstNet Reported C:\Documents and Settings\Willis\Local Settings\Temp\Cookies\willis@burstnet[2].txt
Spyware:Cookie/Doubleclick Reported C:\Documents and Settings\Willis\Local Settings\Temp\Cookies\willis@doubleclick[1].txt
Spyware:Cookie/Hitbox Reported C:\Documents and Settings\Willis\Local Settings\Temp\Cookies\willis@hitbox[2].txt
Spyware:Cookie/Overture Reported C:\Documents and Settings\Willis\Local Settings\Temp\Cookies\willis@perf.overture[1].txt
Spyware:Cookie/Rn11 Reported C:\Documents and Settings\Willis\Local Settings\Temp\Cookies\willis@rn11[2].txt
Spyware:Cookie/Advertising Reported C:\Documents and Settings\Willis\Local Settings\Temp\Cookies\willis@servedby.advertising[1].txt
Spyware:Cookie/Serving-sys Reported C:\Documents and Settings\Willis\Local Settings\Temp\Cookies\willis@serving-sys[2].txt
Spyware:Cookie/Valueclick Reported C:\Documents and Settings\Willis\Local Settings\Temp\Cookies\willis@valueclick[1].txt
Spyware:Cookie/myaffiliateprogramReported C:\Documents and Settings\Willis\Local Settings\Temp\Cookies\willis@www.myaffiliateprogram[1].txt
Spyware:Cookie/Xiti Reported C:\Documents and Settings\Willis\Local Settings\Temp\Cookies\willis@xiti[1].txt
Spyware:Cookie/Adserver Reported C:\Documents and Settings\Willis\Local Settings\Temp\Cookies\willis@z1.adserver[1].txt
Adware:Adware/IST.ISTBar Reported C:\Documents and Settings\Willis\Local Settings\Temp\jfghjhhfgudk.exe
Adware:Adware/Ucmore Reported C:\drsmartload.exe
Adware:Adware/ISearch Reported C:\mte3ndi6odoxng.exe
Adware:Adware/PowerScan Reported C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\Quarantine\Quarantine - 10-18-2005 - 16-21-11.SBU[{0F0B8321-3E70-42F3-8358-6A81FD679DE5}]
Adware:Adware/Ucmore Reported C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\Quarantine\Quarantine - 10-18-2005 - 16-21-11.SBU[{0F571081-2102-415A-B14B-33EE779838F7}]
Adware:Adware/Apropos Reported C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\Quarantine\Quarantine - 10-18-2005 - 16-21-11.SBU[{AAA9576D-1655-4E27-96C8-8AC36B200763}]
Spywarepyware/Dyfuca Reported C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\Quarantine\Quarantine - 10-18-2005 - 16-21-11.SBU[{B8F9FD68-FDE0-4105-A310-AAC3AE5BDDE9}]
Spyware:Cookie/YieldManager Reported C:\WINDOWS\Temp\Cookies\willis@ad.yieldmanager[2].txt
Spyware:Cookie/Hbmediapro Reported C:\WINDOWS\Temp\Cookies\willis@adopt.hbmediapro[2].txt
Reply With Quote