|
| ||
| popups persist despite all efforts, load.html in temp folder... Please help. Using the info in these forums and my own diligence I have gone from 2 trojans, various viruses and spyware/malware to only one problem left. I currently have spybot, adaware and spyware doctor showing up as clean, and yet, this small problem persists. I have run Spybot RegSupreme - clean Ad Aware - clean Spyware Doctor - clean cwshredder - files not found killbox (2 times) - all files not found or killed No Book plvx2cleaner spyware blaster windows xp prefetch clean and control avg 6 virus scan reg supreme Also did a full keyword scan of regedit for every keyword that I could find in the tech forums. Did a full keyword scan of windows explorer for every keyword that I could find as well. In the temp folder 8A56EAB7.tmp DFC5A2B2.tmp Perflib_Perfdata_760.dat Perflib_Perfdata_fec.dat as soon as I open IE, I get load.html and GLB1A2B.exe in the temp folder and the popups start Usually exitexchange popups, occasionally others. Cannot delete the Perflib files and they do not show up when I'm safe booted. Can delete the others and do, but they immediately repopulate as soon as I open IE. Have Hijack This in a permanent folder. HJT log (with everything closed) Logfile of HijackThis v1.99.1 Scan saved at 9:54:59 PM, on 7/7/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\ATI Multimedia\main\ATIDtct.EXE C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE C:\Program Files\Microsoft IntelliType Pro\type32.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\Program Files\Google\Gmail Notifier\gnotify.exe C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe C:\Program Files\Yahoo!\browser\ybrwicon.exe C:\Program Files\2Wire\2PortalMon.exe C:\WINDOWS\SOUNDMAN.EXE D:\Multimedia\HighCriteria\TotalRecorder\TotRecSched.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\system32\rakaam.exe C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe D:\Utility\Panicware\Pop-Up Stopper Free Edition\PSFree.exe C:\PROGRA~1\Yahoo!\browser\ycommon.exe C:\WINDOWS\System32\rundll32.exe C:\Program Files\Spyware Doctor\swdoctor.exe C:\WINDOWS\system32\notepad.exe D:\Utility\hijackthis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://moomessageboard.infopop.cc/eve O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Utility\Adobe\Adobe Reader 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Utility\SPYBOT~3\SDHelper.dll O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\main\ATIDtct.EXE O4 - HKLM\..\Run: [\\NEVERLAND\EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P42 "\\NEVERLAND\EPSON Stylus Photo R300 Series" /O6 "USB001" /M "Stylus Photo R300" O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe" O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe" O4 - HKLM\..\Run: [2wSysTray] C:\Program Files\2Wire\2PortalMon.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [TotalRecorderScheduler] "D:\Multimedia\HighCriteria\TotalRecorder\TotRecSched.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [\NEVERLAND\EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P42 "\\NEVERLAND\EPSON Stylus Photo R300 Series" /O6 "USB001" /M "Stylus Photo R300" O4 - HKLM\..\Run: [KavSvc] C:\WINDOWS\system32\rakaam.exe reg_run O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI Multimedia\main\launchpd.exe" O4 - HKCU\..\Run: [ATI Remote Control] C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "D:\Utility\Panicware\Pop-Up Stopper Free Edition\PSFree.exe" O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: Download All Files by HiDownload - D:\UTILITY\HIDOWN~2\HDGetAll.htm O8 - Extra context menu item: Download by HiDownload - D:\UTILITY\HIDOWN~2\HDGet.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll O9 - Extra button: HiDownload - {F4FBA929-A891-492C-A0F6-5C79CC4F1742} - D:\UTILITY\HIDOWN~2\hidownload.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab O20 - Winlogon Notify: H323TSP - C:\WINDOWS\system32\lfrt.dll O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing) |
| ||
| Re: popups persist despite all efforts, load.html in temp folder... Just as an addition to my information above, I had Ceres, A better internet and pacimedia as well as 2 identified viruses downloader.small.44.bw dropper.agent.6.bu installaps.exe. I include these cause I've been told that they can appear to be gone only to reappear a week later. Thanks in advance for any help. |
| ||
| Re: popups persist despite all efforts, load.html in temp folder... Hi SuziQ, welcome to DaniWeb :D Looks like you've done quite a bit already :) Hopefully we can help you get the rest. Scan with HJT and have it fix the following entry: O20 - Winlogon Notify: H323TSP - C:\WINDOWS\system32\lfrt.dll Close any open windows, other then hijackthis, before hitting Fix checked. Go to C:\WINDOWS\system32 and delete lfrt.dll. Do a search for winadm.exe and delete any instances found. Go to C:\WINDOWS\system32 and locate rakaam.exe, right-click on the file and then click on Properties; give us whatever info you can on it in your next post (company, version, etc.) Follow the instructions in this thread (run at least two of the free online scans): http://www.daniweb.com/techtalkforums/thread27570.html |
| ||
| Re: popups persist despite all efforts, load.html in temp folder... Thanks for the welcome and your reply. :-) Also, just to note, I have pared my prefetch down to the boot, regedit and there's a file there called layout.ini. I am doing the search - didn't find winadm in explorer, but did find it in the registry in the same place I seem to have found a lot of problems...the Search Assistant/ACMru. Today, despite a search I did yesterday, I found not only winadm, but nail and the other two odd named keys associated with nail as well as a neighboring set of keys with the svcproc file. Is something repopulating this search assistant area that we are somehow missing or is this just from the reinfection? The temptation is to just remove the Search Assistant altogether, but I never do that in RegEdit unless I know darn well what it means to do so. For now, I've just deleted the keys. (learning user edit...am I correct in realizing that this is just a list of things I've searched for in windows explorer...cause I now think that's the case.) As for Rakaam, neither my eyes nor my explorer search puppy can find it and I have enabled all "show hidden files" that I know about. I had earlier gone into my msconfig and clicked off fnonbkcm and rakaam and nada from the startup list. They are still disabled and fnonbkcm appears non-loaded, but nada & rakaam seems to have loaded anyway, and yet I cannot find rakaam. There is also one other item there, ieeser.exe, that I do not recognize. I found nada.exeCommon Startup in the C:/Windows/pss location. The properties summary was blank. Also in this folder is boot.ini.backup, system.ini.backup and win.ini.backup. I did not delete it. I found ieeser.exe in the Windows/System32 folder The properties summary was blank. I did not delete it. In doing a reg search, I found no instance of rakaam but I did find fnonbkcm. In the MSConfig file, I found a folder startupreg. In there is a folder for fnonbkcm and in that, it says that there is a command c:\windows\system32\fnonbkcm.exe hkey is HKLM key is software\microsoft\windows\currentversion\run ieeser.exe located in registry under hkey users/software/microsoft/windows\currentversion\run key is YwwRkf5j value data is ieeser.exe again...can't find it any method I know of. Thoughts? Right, so now onto the online scans whilst you see if any of the above is a good key to what's wrong. thanks again... |
| ||
| Re: popups persist despite all efforts, load.html in temp folder... Also to note...I did another hijackthis before the online scans with everything else closed...and redeleted the O20 - Winlogon Notify: H323TSP - C:\WINDOWS\system32\lfrt.dll When I was done, I reran the scan..it's back again. Here's that log... Logfile of HijackThis v1.99.1 Scan saved at 6:56:32 AM, on 7/8/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\ATI Multimedia\main\ATIDtct.EXE C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE C:\Program Files\Microsoft IntelliType Pro\type32.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\Program Files\Google\Gmail Notifier\gnotify.exe C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe C:\Program Files\Yahoo!\browser\ybrwicon.exe C:\Program Files\2Wire\2PortalMon.exe C:\WINDOWS\SOUNDMAN.EXE D:\Multimedia\HighCriteria\TotalRecorder\TotRecSched.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\system32\rakaam.exe C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe D:\Utility\Panicware\Pop-Up Stopper Free Edition\PSFree.exe C:\PROGRA~1\Yahoo!\browser\ycommon.exe C:\WINDOWS\System32\rundll32.exe C:\Program Files\Spyware Doctor\swdoctor.exe D:\Utility\Trillian\trillian.exe C:\WINDOWS\system32\ieeser.exe C:\WINDOWS\system32\iescap.exe C:\Program Files\Aprps\CxtPls.exe D:\Utility\hijackthis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://moomessageboard.infopop.cc/eve O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Utility\Adobe\Adobe Reader 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Utility\SPYBOT~3\SDHelper.dll O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\main\ATIDtct.EXE O4 - HKLM\..\Run: [\\NEVERLAND\EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P42 "\\NEVERLAND\EPSON Stylus Photo R300 Series" /O6 "USB001" /M "Stylus Photo R300" O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe" O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe" O4 - HKLM\..\Run: [2wSysTray] C:\Program Files\2Wire\2PortalMon.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [TotalRecorderScheduler] "D:\Multimedia\HighCriteria\TotalRecorder\TotRecSched.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [\NEVERLAND\EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P42 "\\NEVERLAND\EPSON Stylus Photo R300 Series" /O6 "USB001" /M "Stylus Photo R300" O4 - HKLM\..\Run: [KavSvc] C:\WINDOWS\system32\rakaam.exe reg_run O4 - HKLM\..\Run: [p7Fj3qT] iescap.exe O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI Multimedia\main\launchpd.exe" O4 - HKCU\..\Run: [ATI Remote Control] C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "D:\Utility\Panicware\Pop-Up Stopper Free Edition\PSFree.exe" O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q O4 - HKCU\..\Run: [YwwtRkf5j] ieeser.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: Download All Files by HiDownload - D:\UTILITY\HIDOWN~2\HDGetAll.htm O8 - Extra context menu item: Download by HiDownload - D:\UTILITY\HIDOWN~2\HDGet.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll O9 - Extra button: HiDownload - {F4FBA929-A891-492C-A0F6-5C79CC4F1742} - D:\UTILITY\HIDOWN~2\hidownload.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab O20 - Winlogon Notify: H323TSP - C:\WINDOWS\system32\lfrt.dll O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing) |
| ||
| Re: popups persist despite all efforts, load.html in temp folder... Quote:
Get the Pocket Killbox from here: http://bleepingcomputer.com/files/spyware/KillBox.zip Unzip the file to your desktop, but don't open it yet. Download Ewido Security Suite from here: http://fileforum.betanews.com/detail...e/1098736486/1 Install and update it, and then close the program (don't scan yet). Download Nailfix from here: http://www.noidea.us/easyfile/file.p...50515010747824 Unzip it to your desktop, but do not run it yet. Disconnect from the net and reboot into Safe Mode. Double-click on the Nailfix.cmd that is on your desktop. Your desktop and icons will disappear and reappear, and a window should open and close very quickly -- this is normal. Then run a full system scan with Ewido (note: you will be posting the log from this scan when back in normal mode). Still in Safe Mode, scan with hijackthis and have it fix the following entries (if present): F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe O20 - Winlogon Notify: H323TSP - C:\WINDOWS\system32\lfrt.dll O23 - Service: System Startup Service (SvcProc) - Unknown owner - c:\windows\SvcProc.exe Go to the following locations and delete the highlighted files (if found): C:\WINDOWS\Nail.exe C:\WINDOWS\system32\lfrt.dll C:\windows\SvcProc.exe If any of the files could be located, but not deleted, run the Pocket Killbox and paste the full file path in the box and click on Delete on Reboot. Click on the button with the red circle and an X in the middle; you will get a message saying File will be deleted on next reboot, Process and Reboot now?, Click Yes to reboot (reboot into normal mode). (Note: the 'file path' will be something like C:\WINDOWS\system32\lfrt.dll). Allow your system to reboot normally, empty your Recycle Bin, close any open browser windows, scan with HJT, and post a new log along with the Ewido log and the results of any other scans you ran. |
| ||
| Re: popups persist despite all efforts, load.html in temp folder... Hi, I have seldom felt this futile, to be honest. I did the Ewido scan..took forever but found tons wrong and supposedly fixed them. Did everything step by step you said, rebooted and ran hijack this and everything I had deleted is back. Had to use killbox for C:\WINDOWS\system32\lfrt.dll - obviously that failed as it's back. Incidentally, ran Ewido on that one file...it did not recognize it as a threat. One thing I did notice in safe mode...there were indexes in the temp folder I could not delete and there were these odd files in the temp internet folders inside the temp folders that I couldn't delete. I couldn't copy the names, so I typed one out by hand as an example. No file extension to be seen. C:\Documents and Settings\SuziQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\01KLM5OP\lor_bg=FFFFFF&color_text=000000&color_link=0000FF&color_url=0080000&color_border=336699&ad_type=text_image&u_h=1024&u_w=1280&u_ah=996&u_aw=1280&u_cd=32&u_tz=-420&u_his=98&u_java=true Now then, Ewido --------------------------------------------------------- ewido security suite - Scan report --------------------------------------------------------- + Created on: 11:10:07 PM, 7/8/2005 + Report-Checksum: 4B953B76 + Scan result: HKLM\SOFTWARE\AutoLoader -> Spyware.AproposMedia : Cleaned with backup HKLM\SOFTWARE\AutoLoader\AproposClient -> Spyware.AproposMedia : Cleaned with backup HKLM\SOFTWARE\AutoLoader\p0w11WOVcJPU -> Spyware.AproposMedia : Cleaned with backup HKLM\SOFTWARE\AutoLoader\p0wN1WOVcJPU -> Spyware.AproposMedia : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{016235BE-59D4-4CEB-ADD5-E2378282A1D9} -> Spyware.AproposMedia : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{B5AB638F-D76C-415B-A8F2-F3CEAC502212} -> Spyware.AproposMedia : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{BC333116-6EA1-40A1-9D07-ECB192DB8CEA} -> Spyware.AproposMedia : Cleaned with backup HKLM\SOFTWARE\Classes\Interface\{B548B7D8-3D03-4AED-A6A1-4251FAD00C10} -> Spyware.AproposMedia : Cleaned with backup HKLM\SOFTWARE\Classes\Interface\{B99A727F-0782-4A71-BCC2-6E1E66414904} -> Spyware.AproposMedia : Cleaned with backup HKLM\SOFTWARE\Classes\Interface\{BC333116-6EA1-40A1-9D07-ECB192DB8CEA} -> Spyware.AproposMedia : Cleaned with backup HKLM\SOFTWARE\Envolo -> Spyware.AproposMedia : Cleaned with backup HKLM\SOFTWARE\Envolo\AutoUpdate -> Spyware.AproposMedia : Cleaned with backup HKLM\SOFTWARE\Envolo\AutoUpdate\State -> Spyware.AproposMedia : Cleaned with backup HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AproposClient -> Spyware.AproposMedia : Cleaned with backup HKU\S-1-5-21-1177238915-1085031214-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{016235BE-59D4-4CEB-ADD5-E2378282A1D9} -> Spyware.AproposMedia : Cleaned with backup C:\Documents and Settings\All Users\Start Menu\Programs\Startup\nada.exe -> TrojanDownloader.Qoologic.u : Cleaned with backup :mozilla.6:C:\Documents and Settings\SuziQ\Application Data\Mozilla\Profiles\default\5n3cr88q.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup C:\Documents and Settings\SuziQ\Cookies\suziq@122.2o7[2].txt -> Spyware.Cookie.2o7 : Cleaned with backup C:\Program Files\Aprps\CxtPls.dll -> Heuristic.Win32.Hijacker1 : Cleaned with backup C:\WINDOWS\pss\nada.exeCommon Startup -> TrojanDownloader.Qoologic.u : Cleaned with backup C:\WINDOWS\system32\cKbinet.dll -> Spyware.Look2Me : Cleaned with backup C:\WINDOWS\system32\CldLineExt03.dll -> Spyware.Look2Me : Cleaned with backup C:\WINDOWS\system32\guard.tmp -> Spyware.Look2Me : Cleaned with backup C:\WINDOWS\system32\ieeser.exe -> TrojanDownloader.Agent.ed : Cleaned with backup C:\WINDOWS\system32\iescap.exe -> TrojanDownloader.Apropo.ac : Cleaned with backup C:\WINDOWS\system32\ihetcfg.dll -> Spyware.Look2Me : Cleaned with backup C:\WINDOWS\system32\LDPCD11N.DLL -> Spyware.Look2Me : Cleaned with backup C:\WINDOWS\system32\LJLMA11N.DLL -> Spyware.Look2Me : Cleaned with backup C:\WINDOWS\system32\mhexch35.dll -> Spyware.Look2Me : Cleaned with backup C:\WINDOWS\system32\mvmefilt.dll -> Spyware.Look2Me : Cleaned with backup C:\WINDOWS\system32\ngevent.dll -> Spyware.Look2Me : Cleaned with backup C:\WINDOWS\system32\puquu.dat -> TrojanDownloader.Qoologic.u : Cleaned with backup C:\WINDOWS\system32\rakaam.exe -> TrojanDownloader.Qoologic.u : Cleaned with backup C:\WINDOWS\system32\redit.cpl -> TrojanDownloader.Qoologic.p : Cleaned with backup C:\WINDOWS\system32\rkekkue.dll -> TrojanDownloader.Qoologic.s : Cleaned with backup C:\WINDOWS\system32\supdate.dll -> TrojanDownloader.Qoologic.p : Cleaned with backup C:\WINDOWS\system32\ukrkk.dll -> TrojanDownloader.Qoologic.t : Cleaned with backup C:\WINDOWS\Temp\AutoUpdate0\auto_update_uninstall.exe -> Spyware.AproposMedia : Cleaned with backup C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\IGH3DB3G\AutoUpdaterInstaller[1].exe -> TrojanDownloader.Apropo.g : Cleaned with backup C:\WINDOWS\zhwpvels.exe -> Spyware.BookedSpace : Cleaned with backup D:\C drive backup\Program Files\Messenger Plus! 2\Setup.dat/sponsor.exe -> TrojanDownloader.Swizzor.ag : Cleaned with backup |
| ||
| Re: popups persist despite all efforts, load.html in temp folder... :mozilla.11:D:\C drive backup\Application Data\Mozilla\Profiles\Melodia\uv1gzdnh.slt\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup :mozilla.19:D:\C drive backup\Application Data\Mozilla\Profiles\Melodia\uv1gzdnh.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.29:D:\C drive backup\Application Data\Mozilla\Profiles\Melodia\uv1gzdnh.slt\cookies.txt -> Spyware.Cookie.Clickagents : Cleaned with backup :mozilla.30:D:\C drive backup\Application Data\Mozilla\Profiles\Melodia\uv1gzdnh.slt\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup :mozilla.31:D:\C drive backup\Application Data\Mozilla\Profiles\Melodia\uv1gzdnh.slt\cookies.txt -> Spyware.Cookie.Targetnet : Cleaned with backup :mozilla.55:D:\C drive backup\Application Data\Mozilla\Profiles\Melodia\uv1gzdnh.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.63:D:\C drive backup\Application Data\Mozilla\Profiles\Melodia\uv1gzdnh.slt\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup :mozilla.69:D:\C drive backup\Application Data\Mozilla\Profiles\Melodia\uv1gzdnh.slt\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup :mozilla.78:D:\C drive backup\Application Data\Mozilla\Profiles\Melodia\uv1gzdnh.slt\cookies.txt -> Spyware.Cookie.Bluestreak : Cleaned with backup :mozilla.79:D:\C drive backup\Application Data\Mozilla\Profiles\Melodia\uv1gzdnh.slt\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup :mozilla.80:D:\C drive backup\Application Data\Mozilla\Profiles\Melodia\uv1gzdnh.slt\cookies.txt -> Spyware.Cookie.Qksrv : Cleaned with backup :mozilla.97:D:\C drive backup\Application Data\Mozilla\Profiles\Melodia\uv1gzdnh.slt\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup :mozilla.118:D:\C drive backup\Application Data\Mozilla\Profiles\Melodia\uv1gzdnh.slt\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup :mozilla.123:D:\C drive backup\Application Data\Mozilla\Profiles\Melodia\uv1gzdnh.slt\cookies.txt -> Spyware.Cookie.Bfast : Cleaned with backup :mozilla.124:D:\C drive backup\Application Data\Mozilla\Profiles\Melodia\uv1gzdnh.slt\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup :mozilla.127:D:\C drive backup\Application Data\Mozilla\Profiles\Melodia\uv1gzdnh.slt\cookies.txt -> Spyware.Cookie.Specificpop : Cleaned with backup :mozilla.128:D:\C drive backup\Application Data\Mozilla\Profiles\Melodia\uv1gzdnh.slt\cookies.txt -> Spyware.Cookie.Specificpop : Cleaned with backup :mozilla.141:D:\C drive backup\Application Data\Mozilla\Profiles\Melodia\uv1gzdnh.slt\cookies.txt -> Spyware.Cookie.Addynamix : Cleaned with backup :mozilla.145:D:\C drive backup\Application Data\Mozilla\Profiles\Melodia\uv1gzdnh.slt\cookies.txt -> Spyware.Cookie.Qksrv : Cleaned with backup :mozilla.146:D:\C drive backup\Application Data\Mozilla\Profiles\Melodia\uv1gzdnh.slt\cookies.txt -> Spyware.Cookie.Commission-junction : Cleaned with backup :mozilla.147:D:\C drive backup\Application Data\Mozilla\Profiles\Melodia\uv1gzdnh.slt\cookies.txt -> Spyware.Cookie.Commission-junction : Cleaned with backup :mozilla.15:D:\C drive backup\Application Data\Mozilla\Firefox\Profiles\ym952cmz.default\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup :mozilla.16:D:\C drive backup\Application Data\Mozilla\Firefox\Profiles\ym952cmz.default\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup :mozilla.17:D:\C drive backup\Application Data\Mozilla\Firefox\Profiles\ym952cmz.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup :mozilla.18:D:\C drive backup\Application Data\Mozilla\Firefox\Profiles\ym952cmz.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.19:D:\C drive backup\Application Data\Mozilla\Firefox\Profiles\ym952cmz.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.41:D:\C drive backup\Application Data\Mozilla\Firefox\Profiles\ym952cmz.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup :mozilla.42:D:\C drive backup\Application Data\Mozilla\Firefox\Profiles\ym952cmz.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup :mozilla.43:D:\C drive backup\Application Data\Mozilla\Firefox\Profiles\ym952cmz.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup :mozilla.44:D:\C drive backup\Application Data\Mozilla\Firefox\Profiles\ym952cmz.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup :mozilla.45:D:\C drive backup\Application Data\Mozilla\Firefox\Profiles\ym952cmz.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup :mozilla.46:D:\C drive backup\Application Data\Mozilla\Firefox\Profiles\ym952cmz.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup :mozilla.47:D:\C drive backup\Application Data\Mozilla\Firefox\Profiles\ym952cmz.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup :mozilla.48:D:\C drive backup\Application Data\Mozilla\Firefox\Profiles\ym952cmz.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup :mozilla.49:D:\C drive backup\Application Data\Mozilla\Firefox\Profiles\ym952cmz.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup :mozilla.50:D:\C drive backup\Application Data\Mozilla\Firefox\Profiles\ym952cmz.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup :mozilla.51:D:\C drive backup\Application Data\Mozilla\Firefox\Profiles\ym952cmz.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup :mozilla.52:D:\C drive backup\Application Data\Mozilla\Firefox\Profiles\ym952cmz.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup :mozilla.53:D:\C drive backup\Application Data\Mozilla\Firefox\Profiles\ym952cmz.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup :mozilla.162:D:\C drive backup\Application Data\Mozilla\Firefox\Profiles\ym952cmz.default\cookies.txt -> Spyware.Cookie.Smartadserver : Cleaned with backup :mozilla.163:D:\C drive backup\Application Data\Mozilla\Firefox\Profiles\ym952cmz.default\cookies.txt -> Spyware.Cookie.Smartadserver : Cleaned with backup :mozilla.164:D:\C drive backup\Application Data\Mozilla\Firefox\Profiles\ym952cmz.default\cookies.txt -> Spyware.Cookie.Smartadserver : Cleaned with backup :mozilla.328:D:\C drive backup\Application Data\Mozilla\Firefox\Profiles\ym952cmz.default\cookies.txt -> Spyware.Cookie.Internetfuel : Cleaned with backup :mozilla.329:D:\C drive backup\Application Data\Mozilla\Firefox\Profiles\ym952cmz.default\cookies.txt -> Spyware.Cookie.Internetfuel : Cleaned with backup :mozilla.330:D:\C drive backup\Application Data\Mozilla\Firefox\Profiles\ym952cmz.default\cookies.txt -> Spyware.Cookie.Internetfuel : Cleaned with backup :mozilla.331:D:\C drive backup\Application Data\Mozilla\Firefox\Profiles\ym952cmz.default\cookies.txt -> Spyware.Cookie.Internetfuel : Cleaned with backup :mozilla.332:D:\C drive backup\Application Data\Mozilla\Firefox\Profiles\ym952cmz.default\cookies.txt -> Spyware.Cookie.Internetfuel : Cleaned with backup :mozilla.336:D:\C drive backup\Application Data\Mozilla\Firefox\Profiles\ym952cmz.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup :mozilla.337:D:\C drive backup\Application Data\Mozilla\Firefox\Profiles\ym952cmz.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup :mozilla.338:D:\C drive backup\Application Data\Mozilla\Firefox\Profiles\ym952cmz.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup :mozilla.339:D:\C drive backup\Application Data\Mozilla\Firefox\Profiles\ym952cmz.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup :mozilla.340:D:\C drive backup\Application Data\Mozilla\Firefox\Profiles\ym952cmz.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup :mozilla.341:D:\C drive backup\Application Data\Mozilla\Firefox\Profiles\ym952cmz.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup :mozilla.342:D:\C drive backup\Application Data\Mozilla\Firefox\Profiles\ym952cmz.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup :mozilla.343:D:\C drive backup\Application Data\Mozilla\Firefox\Profiles\ym952cmz.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup :mozilla.344:D:\C drive backup\Application Data\Mozilla\Firefox\Profiles\ym952cmz.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup :mozilla.345:D:\C drive backup\Application Data\Mozilla\Firefox\Profiles\ym952cmz.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup :mozilla.346:D:\C drive backup\Application Data\Mozilla\Firefox\Profiles\ym952cmz.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup :mozilla.347:D:\C drive backup\Application Data\Mozilla\Firefox\Profiles\ym952cmz.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup :mozilla.348:D:\C drive backup\Application Data\Mozilla\Firefox\Profiles\ym952cmz.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup :mozilla.349:D:\C drive backup\Application Data\Mozilla\Firefox\Profiles\ym952cmz.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup :mozilla.350:D:\C drive backup\Application Data\Mozilla\Firefox\Profiles\ym952cmz.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup :mozilla.351:D:\C drive backup\Application Data\Mozilla\Firefox\Profiles\ym952cmz.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup :mozilla.366:D:\C drive backup\Application Data\Mozilla\Firefox\Profiles\ym952cmz.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup :mozilla.367:D:\C drive backup\Application Data\Mozilla\Firefox\Profiles\ym952cmz.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup :mozilla.368:D:\C drive backup\Application Data\Mozilla\Firefox\Profiles\ym952cmz.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup :mozilla.369:D:\C drive backup\Application Data\Mozilla\Firefox\Profiles\ym952cmz.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup :mozilla.370:D:\C drive backup\Application Data\Mozilla\Firefox\Profiles\ym952cmz.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup :mozilla.384:D:\C drive backup\Application Data\Mozilla\Firefox\Profiles\ym952cmz.default\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup :mozilla.385:D:\C drive backup\Application Data\Mozilla\Firefox\Profiles\ym952cmz.default\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup :mozilla.494:D:\C drive backup\Application Data\Mozilla\Firefox\Profiles\ym952cmz.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup :mozilla.495:D:\C drive backup\Application Data\Mozilla\Firefox\Profiles\ym952cmz.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup :mozilla.564:D:\C drive backup\Application Data\Mozilla\Firefox\Profiles\ym952cmz.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup :mozilla.565:D:\C drive backup\Application Data\Mozilla\Firefox\Profiles\ym952cmz.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup :mozilla.591:D:\C drive backup\Application Data\Mozilla\Firefox\Profiles\ym952cmz.default\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup :mozilla.629:D:\C drive backup\Application Data\Mozilla\Firefox\Profiles\ym952cmz.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup :mozilla.631:D:\C drive backup\Application Data\Mozilla\Firefox\Profiles\ym952cmz.default\cookies.txt -> Spyware.Cookie.Targetnet : Cleaned with backup :mozilla.657:D:\C drive backup\Application Data\Mozilla\Firefox\Profiles\ym952cmz.default\cookies.txt -> Spyware.Cookie.Weborama : Cleaned with backup :mozilla.658:D:\C drive backup\Application Data\Mozilla\Firefox\Profiles\ym952cmz.default\cookies.txt -> Spyware.Cookie.Weborama : Cleaned with backup :mozilla.666:D:\C drive backup\Application Data\Mozilla\Firefox\Profiles\ym952cmz.default\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup :mozilla.700:D:\C drive backup\Application Data\Mozilla\Firefox\Profiles\ym952cmz.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup :mozilla.760:D:\C drive backup\Application Data\Mozilla\Firefox\Profiles\ym952cmz.default\cookies.txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup :mozilla.795:D:\C drive backup\Application Data\Mozilla\Firefox\Profiles\ym952cmz.default\cookies.txt -> Spyware.Cookie.Sexlist : Cleaned with backup :mozilla.796:D:\C drive backup\Application Data\Mozilla\Firefox\Profiles\ym952cmz.default\cookies.txt -> Spyware.Cookie.Sexlist : Cleaned with backup :mozilla.813:D:\C drive backup\Application Data\Mozilla\Firefox\Profiles\ym952cmz.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup :mozilla.847:D:\C drive backup\Application Data\Mozilla\Firefox\Profiles\ym952cmz.default\cookies.txt -> Spyware.Cookie.Gator : Cleaned with backup :mozilla.848:D:\C drive backup\Application Data\Mozilla\Firefox\Profiles\ym952cmz.default\cookies.txt -> Spyware.Cookie.Gator : Cleaned with backup D:\C drive backup\Cookies\elves@2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup D:\C drive backup\Cookies\elves@adopt.specificclick[1].txt -> Spyware.Cookie.Specificclick : Cleaned with backup D:\C drive backup\Cookies\elves@ivwbox[2].txt -> Spyware.Cookie.Ivwbox : Cleaned with backup D:\C drive backup\Cookies\elves@serving-sys[1].txt -> Spyware.Cookie.Serving-sys : Cleaned with backup D:\C drive backup\Cookies\elves@trafficmp[2].txt -> Spyware.Cookie.Trafficmp : Cleaned with backup D:\Utility\Netscape\Netscape\Plugins\npwthost.dll -> Spyware.WildTangent : Cleaned with backup G:\~to be sorted\My Download Files\download files\Matt's Server\CAKEWALK8.0\deleteme\DXMEDIA.EXE/actmovie.exe -> Worm.Finaldo.a : Cleaned with backup :mozilla.10:G:\~to be sorted\desktop backup 4_21_05\Application Data\Mozilla\Profiles\Melodia\uv1gzdnh.slt\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup :mozilla.18:G:\~to be sorted\desktop backup 4_21_05\Application Data\Mozilla\Profiles\Melodia\uv1gzdnh.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.28:G:\~to be sorted\desktop backup 4_21_05\Application Data\Mozilla\Profiles\Melodia\uv1gzdnh.slt\cookies.txt -> Spyware.Cookie.Clickagents : Cleaned with backup :mozilla.29:G:\~to be sorted\desktop backup 4_21_05\Application Data\Mozilla\Profiles\Melodia\uv1gzdnh.slt\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup :mozilla.30:G:\~to be sorted\desktop backup 4_21_05\Application Data\Mozilla\Profiles\Melodia\uv1gzdnh.slt\cookies.txt -> Spyware.Cookie.Targetnet : Cleaned with backup :mozilla.53:G:\~to be sorted\desktop backup 4_21_05\Application Data\Mozilla\Profiles\Melodia\uv1gzdnh.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.61:G:\~to be sorted\desktop backup 4_21_05\Application Data\Mozilla\Profiles\Melodia\uv1gzdnh.slt\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup :mozilla.67:G:\~to be sorted\desktop backup 4_21_05\Application Data\Mozilla\Profiles\Melodia\uv1gzdnh.slt\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup :mozilla.76:G:\~to be sorted\desktop backup 4_21_05\Application Data\Mozilla\Profiles\Melodia\uv1gzdnh.slt\cookies.txt -> Spyware.Cookie.Bluestreak : Cleaned with backup :mozilla.77:G:\~to be sorted\desktop backup 4_21_05\Application Data\Mozilla\Profiles\Melodia\uv1gzdnh.slt\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup :mozilla.78:G:\~to be sorted\desktop backup 4_21_05\Application Data\Mozilla\Profiles\Melodia\uv1gzdnh.slt\cookies.txt -> Spyware.Cookie.Qksrv : Cleaned with backup :mozilla.95:G:\~to be sorted\desktop backup 4_21_05\Application Data\Mozilla\Profiles\Melodia\uv1gzdnh.slt\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup :mozilla.116:G:\~to be sorted\desktop backup 4_21_05\Application Data\Mozilla\Profiles\Melodia\uv1gzdnh.slt\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup :mozilla.121:G:\~to be sorted\desktop backup 4_21_05\Application Data\Mozilla\Profiles\Melodia\uv1gzdnh.slt\cookies.txt -> Spyware.Cookie.Bfast : Cleaned with backup :mozilla.122:G:\~to be sorted\desktop backup 4_21_05\Application Data\Mozilla\Profiles\Melodia\uv1gzdnh.slt\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup :mozilla.125:G:\~to be sorted\desktop backup 4_21_05\Application Data\Mozilla\Profiles\Melodia\uv1gzdnh.slt\cookies.txt -> Spyware.Cookie.Specificpop : Cleaned with backup :mozilla.126:G:\~to be sorted\desktop backup 4_21_05\Application Data\Mozilla\Profiles\Melodia\uv1gzdnh.slt\cookies.txt -> Spyware.Cookie.Specificpop : Cleaned with backup :mozilla.139:G:\~to be sorted\desktop backup 4_21_05\Application Data\Mozilla\Profiles\Melodia\uv1gzdnh.slt\cookies.txt -> Spyware.Cookie.Addynamix : Cleaned with backup :mozilla.143:G:\~to be sorted\desktop backup 4_21_05\Application Data\Mozilla\Profiles\Melodia\uv1gzdnh.slt\cookies.txt -> Spyware.Cookie.Qksrv : Cleaned with backup :mozilla.144:G:\~to be sorted\desktop backup 4_21_05\Application Data\Mozilla\Profiles\Melodia\uv1gzdnh.slt\cookies.txt -> Spyware.Cookie.Commission-junction : Cleaned with backup :mozilla.145:G:\~to be sorted\desktop backup 4_21_05\Application Data\Mozilla\Profiles\Melodia\uv1gzdnh.slt\cookies.txt -> Spyware.Cookie.Commission-junction : Cleaned with backup :mozilla.17:G:\~to be sorted\desktop backup 4_21_05\Application Data\Mozilla\Firefox\Profiles\ym952cmz.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup :mozilla.18:G:\~to be sorted\desktop backup 4_21_05\Application Data\Mozilla\Firefox\Profiles\ym952cmz.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup :mozilla.19:G:\~to be sorted\desktop backup 4_21_05\Application Data\Mozilla\Firefox\Profiles\ym952cmz.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup :mozilla.21:G:\~to be sorted\desktop backup 4_21_05\Application Data\Mozilla\Firefox\Profiles\ym952cmz.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup :mozilla.22:G:\~to be sorted\desktop backup 4_21_05\Application Data\Mozilla\Firefox\Profiles\ym952cmz.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup :mozilla.26:G:\~to be sorted\desktop backup 4_21_05\Application Data\Mozilla\Firefox\Profiles\ym952cmz.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup :mozilla.27:G:\~to be sorted\desktop backup 4_21_05\Application Data\Mozilla\Firefox\Profiles\ym952cmz.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup :mozilla.29:G:\~to be sorted\desktop backup 4_21_05\Application Data\Mozilla\Firefox\Profiles\ym952cmz.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup :mozilla.30:G:\~to be sorted\desktop backup 4_21_05\Application Data\Mozilla\Firefox\Profiles\ym952cmz.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup :mozilla.31:G:\~to be sorted\desktop backup 4_21_05\Application Data\Mozilla\Firefox\Profiles\ym952cmz.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup :mozilla.34:G:\~to be sorted\desktop backup 4_21_05\Application Data\Mozilla\Firefox\Profiles\ym952cmz.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup :mozilla.35:G:\~to be sorted\desktop backup 4_21_05\Application Data\Mozilla\Firefox\Profiles\ym952cmz.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup :mozilla.36:G:\~to be sorted\desktop backup 4_21_05\Application Data\Mozilla\Firefox\Profiles\ym952cmz.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup :mozilla.37:G:\~to be sorted\desktop backup 4_21_05\Application Data\Mozilla\Firefox\Profiles\ym952cmz.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup :mozilla.38:G:\~to be sorted\desktop backup 4_21_05\Application Data\Mozilla\Firefox\Profiles\ym952cmz.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup :mozilla.39:G:\~to be sorted\desktop backup 4_21_05\Application Data\Mozilla\Firefox\Profiles\ym952cmz.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup :mozilla.40:G:\~to be sorted\desktop backup 4_21_05\Application Data\Mozilla\Firefox\Profiles\ym952cmz.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup :mozilla.41:G:\~to be sorted\desktop backup 4_21_05\Application Data\Mozilla\Firefox\Profiles\ym952cmz.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup :mozilla.42:G:\~to be sorted\desktop backup 4_21_05\Application Data\Mozilla\Firefox\Profiles\ym952cmz.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup :mozilla.43:G:\~to be sorted\desktop backup 4_21_05\Application Data\Mozilla\Firefox\Profiles\ym952cmz.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup :mozilla.44:G:\~to be sorted\desktop backup 4_21_05\Application Data\Mozilla\Firefox\Profiles\ym952cmz.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup :mozilla.45:G:\~to be sorted\desktop backup 4_21_05\Application Data\Mozilla\Firefox\Profiles\ym952cmz.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup :mozilla.46:G:\~to be sorted\desktop backup 4_21_05\Application Data\Mozilla\Firefox\Profiles\ym952cmz.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup :mozilla.48:G:\~to be sorted\desktop backup 4_21_05\Application Data\Mozilla\Firefox\Profiles\ym952cmz.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup :mozilla.54:G:\~to be sorted\desktop backup 4_21_05\Application Data\Mozilla\Firefox\Profiles\ym952cmz.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup :mozilla.63:G:\~to be sorted\desktop backup 4_21_05\Application Data\Mozilla\Firefox\Profiles\ym952cmz.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.64:G:\~to be sorted\desktop backup 4_21_05\Application Data\Mozilla\Firefox\Profiles\ym952cmz.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.65:G:\~to be sorted\desktop backup 4_21_05\Application Data\Mozilla\Firefox\Profiles\ym952cmz.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.66:G:\~to be sorted\desktop backup 4_21_05\Application Data\Mozilla\Firefox\Profiles\ym952cmz.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.67:G:\~to be sorted\desktop backup 4_21_05\Application Data\Mozilla\Firefox\Profiles\ym952cmz.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.68:G:\~to be sorted\desktop backup 4_21_05\Application Data\Mozilla\Firefox\Profiles\ym952cmz.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.69:G:\~to be sorted\desktop backup 4_21_05\Application Data\Mozilla\Firefox\Profiles\ym952cmz.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.70:G:\~to be sorted\desktop backup 4_21_05\Application Data\Mozilla\Firefox\Profiles\ym952cmz.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.71:G:\~to be sorted\desktop backup 4_21_05\Application Data\Mozilla\Firefox\Profiles\ym952cmz.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.72:G:\~to be sorted\desktop backup 4_21_05\Application Data\Mozilla\Firefox\Profiles\ym952cmz.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.73:G:\~to be sorted\desktop backup 4_21_05\Application Data\Mozilla\Firefox\Profiles\ym952cmz.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.74:G:\~to be sorted\desktop backup 4_21_05\Application Data\Mozilla\Firefox\Profiles\ym952cmz.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.75:G:\~to be sorted\desktop backup 4_21_05\Application Data\Mozilla\Firefox\Profiles\ym952cmz.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.76:G:\~to be sorted\desktop backup 4_21_05\Application Data\Mozilla\Firefox\Profiles\ym952cmz.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.78:G:\~to be sorted\desktop backup 4_21_05\Application Data\Mozilla\Firefox\Profiles\ym952cmz.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.79:G:\~to be sorted\desktop backup 4_21_05\Application Data\Mozilla\Firefox\Profiles\ym952cmz.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.80:G:\~to be sorted\desktop backup 4_21_05\Application Data\Mozilla\Firefox\Profiles\ym952cmz.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.82:G:\~to be sorted\desktop backup 4_21_05\Application Data\Mozilla\Firefox\Profiles\ym952cmz.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup :mozilla.83:G:\~to be sorted\desktop backup 4_21_05\Application Data\Mozilla\Firefox\Profiles\ym952cmz.default\cookies.txt -> Spyware.Cookie.Targetnet : Cleaned with backup :mozilla.84:G:\~to be sorted\desktop backup 4_21_05\Application Data\Mozilla\Firefox\Profiles\ym952cmz.default\cookies.txt -> Spyware.Cookie.Targetnet : Cleaned with backup :mozilla.85:G:\~to be sorted\desktop backup 4_21_05\Application Data\Mozilla\Firefox\Profiles\ym952cmz.default\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup :mozilla.119:G:\~to be sorted\desktop backup 4_21_05\Application Data\Mozilla\Firefox\Profiles\ym952cmz.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup :mozilla.120:G:\~to be sorted\desktop backup 4_21_05\Application Data\Mozilla\Firefox\Profiles\ym952cmz.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup :mozilla.121:G:\~to be sorted\desktop backup 4_21_05\Application Data\Mozilla\Firefox\Profiles\ym952cmz.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup :mozilla.128:G:\~to be sorted\desktop backup 4_21_05\Application Data\Mozilla\Firefox\Profiles\ym952cmz.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup :mozilla.129:G:\~to be sorted\desktop backup 4_21_05\Application Data\Mozilla\Firefox\Profiles\ym952cmz.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup :mozilla.130:G:\~to be sorted\desktop backup 4_21_05\Application Data\Mozilla\Firefox\Profiles\ym952cmz.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup :mozilla.131:G:\~to be sorted\desktop backup 4_21_05\Application Data\Mozilla\Firefox\Profiles\ym952cmz.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup :mozilla.132:G:\~to be sorted\desktop backup 4_21_05\Application Data\Mozilla\Firefox\Profiles\ym952cmz.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup :mozilla.133:G:\~to be sorted\desktop backup 4_21_05\Application Data\Mozilla\Firefox\Profiles\ym952cmz.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup :mozilla.136:G:\~to be sorted\desktop backup 4_21_05\Application Data\Mozilla\Firefox\Profiles\ym952cmz.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup :mozilla.137:G:\~to be sorted\desktop backup 4_21_05\Application Data\Mozilla\Firefox\Profiles\ym952cmz.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup :mozilla.138:G:\~to be sorted\desktop backup 4_21_05\Application Data\Mozilla\Firefox\Profiles\ym952cmz.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup :mozilla.152:G:\~to be sorted\desktop backup 4_21_05\Application Data\Mozilla\Firefox\Profiles\ym952cmz.default\cookies.txt -> Spyware.Cookie.Bluestreak : Cleaned with backup :mozilla.158:G:\~to be sorted\desktop backup 4_21_05\Application Data\Mozilla\Firefox\Profiles\ym952cmz.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup :mozilla.160:G:\~to be sorted\desktop backup 4_21_05\Application Data\Mozilla\Firefox\Profiles\ym952cmz.default\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup :mozilla.161:G:\~to be sorted\desktop backup 4_21_05\Application Data\Mozilla\Firefox\Profiles\ym952cmz.default\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup :mozilla.277:G:\~to be sorted\desktop backup 4_21_05\Application Data\Mozilla\Firefox\Profiles\ym952cmz.default\cookies.txt -> Spyware.Cookie.Smartadserver : Cleaned with backup :mozilla.278:G:\~to be sorted\desktop backup 4_21_05\Application Data\Mozilla\Firefox\Profiles\ym952cmz.default\cookies.txt -> Spyware.Cookie.Smartadserver : Cleaned with backup :mozilla.279:G:\~to be sorted\desktop backup 4_21_05\Application Data\Mozilla\Firefox\Profiles\ym952cmz.default\cookies.txt -> Spyware.Cookie.Smartadserver : Cleaned with backup :mozilla.422:G:\~to be sorted\desktop backup 4_21_05\Application Data\Mozilla\Firefox\Profiles\ym952cmz.default\cookies.txt -> Spyware.Cookie.Internetfuel : Cleaned with backup :mozilla.423:G:\~to be sorted\desktop backup 4_21_05\Application Data\Mozilla\Firefox\Profiles\ym952cmz.default\cookies.txt -> Spyware.Cookie.Internetfuel : Cleaned with backup :mozilla.424:G:\~to be sorted\desktop backup 4_21_05\Application Data\Mozilla\Firefox\Profiles\ym952cmz.default\cookies.txt -> Spyware.Cookie.Internetfuel : Cleaned with backup :mozilla.425:G:\~to be sorted\desktop backup 4_21_05\Application Data\Mozilla\Firefox\Profiles\ym952cmz.default\cookies.txt -> Spyware.Cookie.Internetfuel : Cleaned with backup :mozilla.426:G:\~to be sorted\desktop backup 4_21_05\Application Data\Mozilla\Firefox\Profiles\ym952cmz.default\cookies.txt -> Spyware.Cookie.Internetfuel : Cleaned with backup :mozilla.430:G:\~to be sorted\desktop backup 4_21_05\Application Data\Mozilla\Firefox\Profiles\ym952cmz.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup :mozilla.431:G:\~to be sorted\desktop backup 4_21_05\Application Data\Mozilla\Firefox\Profiles\ym952cmz.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup :mozilla.432:G:\~to be sorted\desktop backup 4_21_05\Application Data\Mozilla\Firefox\Profiles\ym952cmz.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup :mozilla.433:G:\~to be sorted\desktop backup 4_21_05\Application Data\Mozilla\Firefox\Profiles\ym952cmz.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup :mozilla.434:G:\~to be sorted\desktop backup 4_21_05\Application Data\Mozilla\Firefox\Profiles\ym952cmz.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup :mozilla.435:G:\~to be sorted\desktop backup 4_21_05\Application Data\Mozilla\Firefox\Profiles\ym952cmz.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup :mozilla.436:G:\~to be sorted\desktop backup 4_21_05\Application Data\Mozilla\Firefox\Profiles\ym952cmz.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup :mozilla.437:G:\~to be sorted\desktop backup 4_21_05\Application Data\Mozilla\Firefox\Profiles\ym952cmz.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup :mozilla.438:G:\~to be sorted\desktop backup 4_21_05\Application Data\Mozilla\Firefox\Profiles\ym952cmz.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup :mozilla.439:G:\~to be sorted\desktop backup 4_21_05\Application Data\Mozilla\Firefox\Profiles\ym952cmz.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup :mozilla.440:G:\~to be sorted\desktop backup 4_21_05\Application Data\Mozilla\Firefox\Profiles\ym952cmz.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup :mozilla.441:G:\~to be sorted\desktop backup 4_21_05\Application Data\Mozilla\Firefox\Profiles\ym952cmz.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup :mozilla.442:G:\~to be sorted\desktop backup 4_21_05\Application Data\Mozilla\Firefox\Profiles\ym952cmz.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup :mozilla.443:G:\~to be sorted\desktop backup 4_21_05\Application Data\Mozilla\Firefox\Profiles\ym952cmz.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup :mozilla.444:G:\~to be sorted\desktop backup 4_21_05\Application Data\Mozilla\Firefox\Profiles\ym952cmz.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup :mozilla.445:G:\~to be sorted\desktop backup 4_21_05\Application Data\Mozilla\Firefox\Profiles\ym952cmz.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup :mozilla.471:G:\~to be sorted\desktop backup 4_21_05\Application Data\Mozilla\Firefox\Profiles\ym952cmz.default\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup :mozilla.472:G:\~to be sorted\desktop backup 4_21_05\Application Data\Mozilla\Firefox\Profiles\ym952cmz.default\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup :mozilla.563:G:\~to be sorted\desktop backup 4_21_05\Application Data\Mozilla\Firefox\Profiles\ym952cmz.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup :mozilla.564:G:\~to be sorted\desktop backup 4_21_05\Application Data\Mozilla\Firefox\Profiles\ym952cmz.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup :mozilla.630:G:\~to be sorted\desktop backup 4_21_05\Application Data\Mozilla\Firefox\Profiles\ym952cmz.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup :mozilla.631:G:\~to be sorted\desktop backup 4_21_05\Application Data\Mozilla\Firefox\Profiles\ym952cmz.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup :mozilla.656:G:\~to be sorted\desktop backup 4_21_05\Application Data\Mozilla\Firefox\Profiles\ym952cmz.default\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup :mozilla.716:G:\~to be sorted\desktop backup 4_21_05\Application Data\Mozilla\Firefox\Profiles\ym952cmz.default\cookies.txt -> Spyware.Cookie.Weborama : Cleaned with backup :mozilla.717:G:\~to be sorted\desktop backup 4_21_05\Application Data\Mozilla\Firefox\Profiles\ym952cmz.default\cookies.txt -> Spyware.Cookie.Weborama : Cleaned with backup :mozilla.725:G:\~to be sorted\desktop backup 4_21_05\Application Data\Mozilla\Firefox\Profiles\ym952cmz.default\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup :mozilla.753:G:\~to be sorted\desktop backup 4_21_05\Application Data\Mozilla\Firefox\Profiles\ym952cmz.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup :mozilla.813:G:\~to be sorted\desktop backup 4_21_05\Application Data\Mozilla\Firefox\Profiles\ym952cmz.default\cookies.txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup :mozilla.844:G:\~to be sorted\desktop backup 4_21_05\Application Data\Mozilla\Firefox\Profiles\ym952cmz.default\cookies.txt -> Spyware.Cookie.Sexlist : Cleaned with backup :mozilla.845:G:\~to be sorted\desktop backup 4_21_05\Application Data\Mozilla\Firefox\Profiles\ym952cmz.default\cookies.txt -> Spyware.Cookie.Sexlist : Cleaned with backup G:\~to be sorted\My Documents old\Fan Fiction\our stories\bits in progress\figwit_fan.tripod[1].txt -> Trojan.WindowBomb.a : Cleaned with backup G:\~to be sorted\My Documents old\my c drive backup\A Beginner's Guide to Firefox_files\Cookies\elves@serving-sys[1].txt -> Spyware.Cookie.Serving-sys : Cleaned with backup G:\~to be sorted\My Documents old\my c drive backup\Cookies\elves@2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup G:\~to be sorted\My Documents old\my c drive backup\Cookies\elves@adopt.specificclick[1].txt -> Spyware.Cookie.Specificclick : Cleaned with backup G:\~to be sorted\My Documents old\my c drive backup\Cookies\elves@edge.ru4[1].txt -> Spyware.Cookie.Ru4 : Cleaned with backup G:\~to be sorted\My Documents old\my c drive backup\Cookies\elves@ivwbox[2].txt -> Spyware.Cookie.Ivwbox : Cleaned with backup G:\~to be sorted\My Documents old\my c drive backup\Cookies\elves@serving-sys[1].txt -> Spyware.Cookie.Serving-sys : Cleaned with backup ::Report End |
| ||
| Re: popups persist despite all efforts, load.html in temp folder... after Ewido and before HJT cleans Logfile of HijackThis v1.99.1 Scan saved at 11:12:13 PM, on 7/8/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\WINDOWS\explorer.exe D:\Utility\hijackthis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://moomessageboard.infopop.cc/eve O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Utility\Adobe\Adobe Reader 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Utility\SPYBOT~3\SDHelper.dll O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\main\ATIDtct.EXE O4 - HKLM\..\Run: [\\NEVERLAND\EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P42 "\\NEVERLAND\EPSON Stylus Photo R300 Series" /O6 "USB001" /M "Stylus Photo R300" O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe" O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe" O4 - HKLM\..\Run: [2wSysTray] C:\Program Files\2Wire\2PortalMon.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [TotalRecorderScheduler] "D:\Multimedia\HighCriteria\TotalRecorder\TotRecSched.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [\NEVERLAND\EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P42 "\\NEVERLAND\EPSON Stylus Photo R300 Series" /O6 "USB001" /M "Stylus Photo R300" O4 - HKLM\..\Run: [KavSvc] C:\WINDOWS\system32\rakaam.exe reg_run O4 - HKLM\..\Run: [p7Fj3qT] iescap.exe O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI Multimedia\main\launchpd.exe" O4 - HKCU\..\Run: [ATI Remote Control] C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "D:\Utility\Panicware\Pop-Up Stopper Free Edition\PSFree.exe" O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q O4 - HKCU\..\Run: [YwwtRkf5j] ieeser.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: Download All Files by HiDownload - D:\UTILITY\HIDOWN~2\HDGetAll.htm O8 - Extra context menu item: Download by HiDownload - D:\UTILITY\HIDOWN~2\HDGet.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll O9 - Extra button: HiDownload - {F4FBA929-A891-492C-A0F6-5C79CC4F1742} - D:\UTILITY\HIDOWN~2\hidownload.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab O20 - Winlogon Notify: ThemeManager - C:\WINDOWS\system32\lfrt.dll O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: ewido security suite control - ewido networks - D:\Utility\ewido\security suite\ewidoctrl.exe O23 - Service: ewido security suite guard - ewido networks - D:\Utility\ewido\security suite\ewidoguard.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing) after safe mode cleaning and normal reboot... Logfile of HijackThis v1.99.1 Scan saved at 12:37:18 AM, on 7/9/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\ATI Multimedia\main\ATIDtct.EXE C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE C:\Program Files\Microsoft IntelliType Pro\type32.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\Program Files\Google\Gmail Notifier\gnotify.exe C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe C:\Program Files\Yahoo!\browser\ybrwicon.exe C:\Program Files\2Wire\2PortalMon.exe C:\WINDOWS\SOUNDMAN.EXE D:\Multimedia\HighCriteria\TotalRecorder\TotRecSched.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe D:\Utility\ewido\security suite\ewidoctrl.exe C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe D:\Utility\Panicware\Pop-Up Stopper Free Edition\PSFree.exe C:\Program Files\Spyware Doctor\swdoctor.exe D:\Utility\ewido\security suite\ewidoguard.exe C:\PROGRA~1\Yahoo!\browser\ycommon.exe C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\WINDOWS\system32\wuauclt.exe D:\Utility\hijackthis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://moomessageboard.infopop.cc/eve O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Utility\Adobe\Adobe Reader 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Utility\SPYBOT~3\SDHelper.dll O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\main\ATIDtct.EXE O4 - HKLM\..\Run: [\\NEVERLAND\EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P42 "\\NEVERLAND\EPSON Stylus Photo R300 Series" /O6 "USB001" /M "Stylus Photo R300" O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe" O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe" O4 - HKLM\..\Run: [2wSysTray] C:\Program Files\2Wire\2PortalMon.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [TotalRecorderScheduler] "D:\Multimedia\HighCriteria\TotalRecorder\TotRecSched.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [\NEVERLAND\EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P42 "\\NEVERLAND\EPSON Stylus Photo R300 Series" /O6 "USB001" /M "Stylus Photo R300" O4 - HKLM\..\Run: [p7Fj3qT] iescap.exe O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI Multimedia\main\launchpd.exe" O4 - HKCU\..\Run: [ATI Remote Control] C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "D:\Utility\Panicware\Pop-Up Stopper Free Edition\PSFree.exe" O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: Download All Files by HiDownload - D:\UTILITY\HIDOWN~2\HDGetAll.htm O8 - Extra context menu item: Download by HiDownload - D:\UTILITY\HIDOWN~2\HDGet.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll O9 - Extra button: HiDownload - {F4FBA929-A891-492C-A0F6-5C79CC4F1742} - D:\UTILITY\HIDOWN~2\hidownload.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab O20 - Winlogon Notify: Telephony - C:\WINDOWS\system32\lfrt.dll O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: ewido security suite control - ewido networks - D:\Utility\ewido\security suite\ewidoctrl.exe O23 - Service: ewido security suite guard - ewido networks - D:\Utility\ewido\security suite\ewidoguard.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing) I am at a loss, I sure hope this seems more like progress to you than it does to me. Am going to start one of hte online scans and go to sleep. Thanks for all your efforts. Suzi |
| ||
| Re: popups persist despite all efforts, load.html in temp folder... Ewido does take awhile to scan (3 hrs on my system; luckily it hasn't found anything on mine yet). It looks like a lot of what it found on your system was infected backups. That text in your temp folder is some programming language, but since I'm not a programmer, I don't know what it is, why it's in your temp folder, or why you can't delete it, but you can try using the Killbox on it. The indexes are okay, they're supposed to be there. Download, install, update, and run about:Buster -- http://www.majorgeeks.com/download4289.html Download, install, and update CWShredder 2.15 --http://www.intermute.com/products/cwshredder.html. Run it, and press Fix (not scan). Close any open windows, other then CWS, before hitting the Fix button. Then see if C:\WINDOWS\system32\lfrt.dll, still exists. If it does, right-click on it, go to Properties, and give us whatever info you can on it. Then have it scanned here: http://virusscan.jotti.org/ A SilentRunners log may help also -- Download and run Silent Runners.vbs -- http://www.silentrunners.org/. Post the information from the log it generates in your next reply along with a fresh HJT log and the results of the file scan. |
| All times are GMT -4. The time now is 8:31 am. |
Forum system based on vBulletin Copyright ©2000 - 2009, Jelsoft Enterprises Ltd.
©2003 - 2009 DaniWeb® LLC