 |  |  |  |  |  |  |  |
Aurora popups and Drpmon.dll trouble
Thread Solved |
I have some problems with Aurora and Drpmon.dll, and I can't seem to remove it with ad-aware. Here is my Hijack This log:
Logfile of HijackThis v1.99.1
Scan saved at 12:26:37 PM, on 7/5/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\System32\gearsec.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
c:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\AIM\aim.exe
c:\windows\system32\ckosdl.exe
C:\Program Files\America Online 9.0a\waol.exe
C:\Program Files\America Online 9.0a\shellmon.exe
C:\Program Files\Common Files\Aol\aoltpspd.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Common Files\Real\Update_OB\rnathchk.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Owner\Desktop\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...rio&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TY...rio&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...rio&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TY...rio&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TY...rio&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://ie.redirect.hp.com/svs/rdr?TY...rio&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,First Home Page = C:\Program Files\AOL Toolbar\welcome.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: (no name) - {4A25D449-2BAA-4426-A992-D18CA70CF5A9} - C:\WINDOWS\system32\en5orbf.dll (file missing)
O2 - BHO: (no name) - {A3FDD654-A057-4971-9844-4ED8E67DBBB8} - (no file)
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O4 - HKLM\..\Run: [J5dNw] C:\WINDOWS\lujpwaa.exe
O4 - HKLM\..\Run: [p2pnetwork] p2pnetwork.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [rwkofy] c:\windows\system32\ckosdl.exe
O4 - HKLM\..\RunServices: [p2pnetwork] p2pnetwork.exe
O4 - HKCU\..\Run: [UWICKCD] F:\AUTORUN\UWICK.EXE F:\AUTORUN
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\RunServices: [p2pnetwork] p2pnetwork.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} - file://c:\counter.cab
O16 - DPF: {771A1334-6B08-4A6B-AEDC-CF994BA2CEBE} (Installer Class) - http://download.35mb.com/images/dlapplet.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{20CFFE22-5FF2-4C86-A1C3-6BD71C686420}: NameServer = 205.188.146.145
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Gear Security Service (GEARSecurity) - GEAR Software - C:\WINDOWS\System32\gearsec.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
I really appreciate any help I get. Thanks in advance =)
Logfile of HijackThis v1.99.1
Scan saved at 12:26:37 PM, on 7/5/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\System32\gearsec.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
c:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\AIM\aim.exe
c:\windows\system32\ckosdl.exe
C:\Program Files\America Online 9.0a\waol.exe
C:\Program Files\America Online 9.0a\shellmon.exe
C:\Program Files\Common Files\Aol\aoltpspd.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Common Files\Real\Update_OB\rnathchk.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Owner\Desktop\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...rio&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TY...rio&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...rio&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TY...rio&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TY...rio&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://ie.redirect.hp.com/svs/rdr?TY...rio&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,First Home Page = C:\Program Files\AOL Toolbar\welcome.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: (no name) - {4A25D449-2BAA-4426-A992-D18CA70CF5A9} - C:\WINDOWS\system32\en5orbf.dll (file missing)
O2 - BHO: (no name) - {A3FDD654-A057-4971-9844-4ED8E67DBBB8} - (no file)
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O4 - HKLM\..\Run: [J5dNw] C:\WINDOWS\lujpwaa.exe
O4 - HKLM\..\Run: [p2pnetwork] p2pnetwork.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [rwkofy] c:\windows\system32\ckosdl.exe
O4 - HKLM\..\RunServices: [p2pnetwork] p2pnetwork.exe
O4 - HKCU\..\Run: [UWICKCD] F:\AUTORUN\UWICK.EXE F:\AUTORUN
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\RunServices: [p2pnetwork] p2pnetwork.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} - file://c:\counter.cab
O16 - DPF: {771A1334-6B08-4A6B-AEDC-CF994BA2CEBE} (Installer Class) - http://download.35mb.com/images/dlapplet.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{20CFFE22-5FF2-4C86-A1C3-6BD71C686420}: NameServer = 205.188.146.145
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Gear Security Service (GEARSecurity) - GEAR Software - C:\WINDOWS\System32\gearsec.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
I really appreciate any help I get. Thanks in advance =)
The Aurora popups are popping up every time I touch the computer! I know that a lot of people have this problem and I've looked for the solution, but my HJT log is somewhat different from theirs. I truly beg for help!
Everyone's HJT logs will be different, because the contents and configurations of everyone's computers are different.
There is a standard Aurora fix though, which we can expand on to fit your particular system:
You will need to disconnect from the Internet for most of the cleaning procedures, so you should print out the following instructions or save them into a text file using Notepad.
1. Open the Services utility in your Administrative Tools control panel.
- In the list of services, locate the service named "System Startup Service" or "SvcProc" and double-click on it.
- In the General tab of the Properties window that opens, click the Stop button.
- Once the service is stopped, choose Disabled in the "Startup Type" drop-down menu and then click OK. Close the Services utility after that.
2. Download the trial version of Ewido Security Suite here:
http://www.ewido.net/en/download/
Install it, and update the definitions to the newest files. Do NOT run a scan yet.
3. Download Nailfix from here:
http://www.noidea.us/easyfile/file.p...50515010747824
Unzip it to the desktop but please do NOT run it yet.
4. Next, reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.
For additional help in booting into Safe Mode, see the following site:
http://www.pchell.com/support/safemode.shtml
5. Once in Safe Mode:
- Double-click on Nailfix.cmd. Your desktop and icons will disappear and reappear, and a window should open and close very quickly --- this is normal.
- Then run Ewido, and run a full scan. Save the logfile from the scan.
- Next run HijackThis, click Scan, and put a check in the box to the left of the following entries:
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: (no name) - {4A25D449-2BAA-4426-A992-D18CA70CF5A9} - C:\WINDOWS\system32\en5orbf.dll (file missing)
O2 - BHO: (no name) - {A3FDD654-A057-4971-9844-4ED8E67DBBB8} - (no file)
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O4 - HKLM\..\Run: [J5dNw] C:\WINDOWS\lujpwaa.exe
O4 - HKLM\..\Run: [p2pnetwork] p2pnetwork.exe
O4 - HKLM\..\Run: [rwkofy] c:\windows\system32\ckosdl.exe
O4 - HKLM\..\RunServices: [p2pnetwork] p2pnetwork.exe
O4 - HKCU\..\RunServices: [p2pnetwork] p2pnetwork.exe
O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} - file://c:\counter.cab
O16 - DPF: {771A1334-6B08-4A6B-AEDC-CF994BA2CEBE} (Installer Class) - http://download.35mb.com/images/dlapplet.cab
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe
- Close all open windows except for HijackThis and click Fix Checked.
- Once HJT finishes the fix, click on the "Config" button in the lower right corner of HijackThis' main window.
- In the next window click on the "Misc Tools" button at the top then click the "Delete an NT service" button. Type the following in the box and click OK:
svcproc
6. While still in Safe Mode:
- Open Windows Explorer, and in the Folder Options->View settings under the Tools menu, select "show hidden files and folders", and uncheck "Hide protected operating system files" and "Hide extentions for known file types".
- Locate and delete the following files (ewido may have deleted some of these already):
C:\WINDOWS\system32\en5orbf.dll
C:\WINDOWS\lujpwaa.exe
p2pnetwork.exe
c:\windows\system32\ckosdl.exe
c:\counter.cab
C:\WINDOWS\svcproc.exe
- For every user account listed under C:\Documents and Settings, delete the entire contents of these folders (but not the folders themselves):
Important: One of the normal steps in eliminating malicious programs is to entirely delete the contents of all Temp folders. Given that, if any data that you care about is living in those Temp folders, you need to move it to a safe location now, or it will be erased along with everything else!
1. Cookies
2. Local Settings\Temp
3. Local Settings\History
4. Local Settings\Temporary Internet Files
- Delete the entire content of your C:\Windows\Temp folder.
- Delete the entire content of your C:\Windows\Prefetch folder.
Note- If you get any messages concerning the deletion of system files such as desktop.ini or index.dat, just choose to delete those files; they'll be automatically regenerated by Windows if needed. Windows will allow you to delete the versions of those files which exist in sub-folders within the main Temp/Temorary folders, but might not let you delete the versions of those files that exist in the main Temp folders themselves; this is normal and OK.
- Empty your Recycle Bin.
7. Reboot normally and run HijackThis again. Post the new HJT log, as well as the scan log that ewido gave you.
There is a standard Aurora fix though, which we can expand on to fit your particular system:
You will need to disconnect from the Internet for most of the cleaning procedures, so you should print out the following instructions or save them into a text file using Notepad.
1. Open the Services utility in your Administrative Tools control panel.
- In the list of services, locate the service named "System Startup Service" or "SvcProc" and double-click on it.
- In the General tab of the Properties window that opens, click the Stop button.
- Once the service is stopped, choose Disabled in the "Startup Type" drop-down menu and then click OK. Close the Services utility after that.
2. Download the trial version of Ewido Security Suite here:
http://www.ewido.net/en/download/
Install it, and update the definitions to the newest files. Do NOT run a scan yet.
3. Download Nailfix from here:
http://www.noidea.us/easyfile/file.p...50515010747824
Unzip it to the desktop but please do NOT run it yet.
4. Next, reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.
For additional help in booting into Safe Mode, see the following site:
http://www.pchell.com/support/safemode.shtml
5. Once in Safe Mode:
- Double-click on Nailfix.cmd. Your desktop and icons will disappear and reappear, and a window should open and close very quickly --- this is normal.
- Then run Ewido, and run a full scan. Save the logfile from the scan.
- Next run HijackThis, click Scan, and put a check in the box to the left of the following entries:
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: (no name) - {4A25D449-2BAA-4426-A992-D18CA70CF5A9} - C:\WINDOWS\system32\en5orbf.dll (file missing)
O2 - BHO: (no name) - {A3FDD654-A057-4971-9844-4ED8E67DBBB8} - (no file)
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O4 - HKLM\..\Run: [J5dNw] C:\WINDOWS\lujpwaa.exe
O4 - HKLM\..\Run: [p2pnetwork] p2pnetwork.exe
O4 - HKLM\..\Run: [rwkofy] c:\windows\system32\ckosdl.exe
O4 - HKLM\..\RunServices: [p2pnetwork] p2pnetwork.exe
O4 - HKCU\..\RunServices: [p2pnetwork] p2pnetwork.exe
O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} - file://c:\counter.cab
O16 - DPF: {771A1334-6B08-4A6B-AEDC-CF994BA2CEBE} (Installer Class) - http://download.35mb.com/images/dlapplet.cab
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe
- Close all open windows except for HijackThis and click Fix Checked.
- Once HJT finishes the fix, click on the "Config" button in the lower right corner of HijackThis' main window.
- In the next window click on the "Misc Tools" button at the top then click the "Delete an NT service" button. Type the following in the box and click OK:
svcproc
6. While still in Safe Mode:
- Open Windows Explorer, and in the Folder Options->View settings under the Tools menu, select "show hidden files and folders", and uncheck "Hide protected operating system files" and "Hide extentions for known file types".
- Locate and delete the following files (ewido may have deleted some of these already):
C:\WINDOWS\system32\en5orbf.dll
C:\WINDOWS\lujpwaa.exe
p2pnetwork.exe
c:\windows\system32\ckosdl.exe
c:\counter.cab
C:\WINDOWS\svcproc.exe
- For every user account listed under C:\Documents and Settings, delete the entire contents of these folders (but not the folders themselves):
Important: One of the normal steps in eliminating malicious programs is to entirely delete the contents of all Temp folders. Given that, if any data that you care about is living in those Temp folders, you need to move it to a safe location now, or it will be erased along with everything else!
1. Cookies
2. Local Settings\Temp
3. Local Settings\History
4. Local Settings\Temporary Internet Files
- Delete the entire content of your C:\Windows\Temp folder.
- Delete the entire content of your C:\Windows\Prefetch folder.
Note- If you get any messages concerning the deletion of system files such as desktop.ini or index.dat, just choose to delete those files; they'll be automatically regenerated by Windows if needed. Windows will allow you to delete the versions of those files which exist in sub-folders within the main Temp/Temorary folders, but might not let you delete the versions of those files that exist in the main Temp folders themselves; this is normal and OK.
- Empty your Recycle Bin.
7. Reboot normally and run HijackThis again. Post the new HJT log, as well as the scan log that ewido gave you.
"May the Wombat of Happiness snuffle through your underbrush."
- Ancient Aborigine blessing
Please do not contact me by email or PM for help. We're all volunteers here, and only have so much free time to dedicate to our efforts.
However, if I've been working on a thread with you already, and seem to have "forgotten" your thread, please do send me a message. I try not to let things slip through the cracks, but it does happen sometimes.
- Ancient Aborigine blessing
Please do not contact me by email or PM for help. We're all volunteers here, and only have so much free time to dedicate to our efforts.
However, if I've been working on a thread with you already, and seem to have "forgotten" your thread, please do send me a message. I try not to let things slip through the cracks, but it does happen sometimes.
Thanks for the help! The popups seem to be gone now! Thank you so much 
New HJT log and ewido:
Logfile of HijackThis v1.99.1
Scan saved at 9:32:50 PM, on 7/6/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\gearsec.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
c:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Real\Update_OB\rnathchk.exe
C:\PROGRA~1\AIM\aim.exe
C:\Documents and Settings\Owner\Desktop\hijackthis\HijackThis.exe
C:\WINDOWS\System32\wuauclt.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...rio&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TY...rio&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...rio&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TY...rio&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TY...rio&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://ie.redirect.hp.com/svs/rdr?TY...rio&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,First Home Page = C:\Program Files\AOL Toolbar\welcome.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Win Server Updt] C:\WINDOWS\wupdt.exe
O4 - HKLM\..\Run: [qmvpymw] c:\windows\system32\yjasshe.exe
O4 - HKCU\..\Run: [UWICKCD] F:\AUTORUN\UWICK.EXE F:\AUTORUN
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Gear Security Service (GEARSecurity) - GEAR Software - C:\WINDOWS\System32\gearsec.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------
+ Created on: 9:04:36 PM, 7/6/2005
+ Report-Checksum: 37FD2E3
+ Scan result:
HKLM\SOFTWARE\Classes\ANSMTP.MassSender -> Spyware.007Spy : Cleaned with backup
HKLM\SOFTWARE\Classes\ANSMTP.MassSender\CLSID -> Spyware.007Spy : Cleaned with backup
HKLM\SOFTWARE\Classes\ANSMTP.MassSender\CurVer -> Spyware.007Spy : Cleaned with backup
HKLM\SOFTWARE\Classes\ANSMTP.OBJ -> Spyware.007Spy : Cleaned with backup
HKLM\SOFTWARE\Classes\ANSMTP.OBJ\CLSID -> Spyware.007Spy : Cleaned with backup
HKLM\SOFTWARE\Classes\ANSMTP.OBJ\CurVer -> Spyware.007Spy : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{01F44A8A-8C97-4325-A378-76E68DC4AB2E} -> Spyware.IEPlugin : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} -> Spyware.MiniBug : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{771A1334-6B08-4a6b-AEDC-CF994BA2CEBE} -> Spyware.YourSiteBar : Cleaned with backup
HKLM\SOFTWARE\Classes\IMIToolbar.BottomFrame -> Spyware.IEPlugin : Cleaned with backup
HKLM\SOFTWARE\Classes\IMIToolbar.BottomFrame\CLSID -> Spyware.IEPlugin : Cleaned with backup
HKLM\SOFTWARE\Classes\IMIToolbar.BottomFrame\CurVer -> Spyware.IEPlugin : Cleaned with backup
HKLM\SOFTWARE\Classes\IMIToolbar.LeftFrame -> Spyware.IEPlugin : Cleaned with backup
HKLM\SOFTWARE\Classes\IMIToolbar.LeftFrame\CLSID -> Spyware.IEPlugin : Cleaned with backup
HKLM\SOFTWARE\Classes\IMIToolbar.LeftFrame\CurVer -> Spyware.IEPlugin : Cleaned with backup
HKLM\SOFTWARE\Classes\IMIToolbar.PopupBrowser -> Spyware.IEPlugin : Cleaned with backup
HKLM\SOFTWARE\Classes\IMIToolbar.PopupBrowser\CLSID -> Spyware.IEPlugin : Cleaned with backup
HKLM\SOFTWARE\Classes\IMIToolbar.PopupBrowser\CurVer -> Spyware.IEPlugin : Cleaned with backup
HKLM\SOFTWARE\Classes\IMIToolbar.PopupWindow -> Spyware.IEPlugin : Cleaned with backup
HKLM\SOFTWARE\Classes\IMIToolbar.PopupWindow\CLSID -> Spyware.IEPlugin : Cleaned with backup
HKLM\SOFTWARE\Classes\IMIToolbar.PopupWindow\CurVer -> Spyware.IEPlugin : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{339D8AFF-0B42-4260-AD82-78CE605A9543} -> Spyware.SideFind : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{A36A5936-CFD9-4B41-86BD-319A1931887F} -> Spyware.SideFind : Cleaned with backup
HKLM\SOFTWARE\Classes\PROTOCOLS\Name-Space Handler\res -> Spyware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\Wbho.Band -> Spyware.IEPlugin : Cleaned with backup
HKLM\SOFTWARE\Classes\Wbho.Band\CLSID -> Spyware.IEPlugin : Cleaned with backup
HKLM\SOFTWARE\Classes\Wbho.Band\CurVer -> Spyware.IEPlugin : Cleaned with backup
HKLM\SOFTWARE\Classes\YSBactivex.Installer -> Spyware.YourSiteBar : Cleaned with backup
HKLM\SOFTWARE\Classes\YSBactivex.Installer\CLSID -> Spyware.YourSiteBar : Cleaned with backup
HKLM\SOFTWARE\Classes\YSBactivex.Installer\CurVer -> Spyware.YourSiteBar : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{771A1334-6B08-4A6B-AEDC-CF994BA2CEBE} -> Spyware.YourSiteBar : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{01F44A8A-8C97-4325-A378-76E68DC4AB2E} -> Spyware.IEPlugin : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3FDD654-A057-4971-9844-4ED8E67DBBB8} -> Spyware.ISTBar : Cleaned with backup
HKU\S-1-5-21-3093650616-4081877627-3238620564-1003\Software\intexp -> Spyware.IEPlugin : Cleaned with backup
HKU\S-1-5-21-3093650616-4081877627-3238620564-1003\Software\Microsoft\Internet Explorer\Explorer Bars\{8CBA1B49-8144-4721-A7B1-64C578C9EED7} -> Spyware.SideFind : Cleaned with backup
HKU\S-1-5-21-3093650616-4081877627-3238620564-1003\Software\PowerScan -> Spyware.PowerScan : Cleaned with backup
C:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\OptClean.exe -> Heuristic.Win32.Hijacker1 : Cleaned with backup
C:\Documents and Settings\Chih-Pin\Cookies\chih-pin@www.xxxtoolbar[1].txt -> Spyware.Cookie.Xxxtoolbar : Cleaned with backup
C:\Documents and Settings\Chih-Pin\Local Settings\Temp\bb.exe -> TrojanDownloader.Adload.a : Cleaned with backup
C:\Documents and Settings\Chih-Pin\Local Settings\Temp\iinstall.exe -> TrojanDownloader.IstBar : Cleaned with backup
C:\Documents and Settings\Chih-Pin\Local Settings\Temp\sidefind.exe -> TrojanDownloader.IstBar.jm : Cleaned with backup
C:\Documents and Settings\Chih-Pin\Local Settings\Temp\ypf.sys -> Trojan.Delf.cf : Cleaned with backup
C:\Documents and Settings\Chih-Pin\Local Settings\Temp\zqzl7.sys -> Trojan.Delf.cf : Cleaned with backup
C:\Documents and Settings\Chih-Pin\Local Settings\Temporary Internet Files\Content.IE5\03WZAHS7\sidefind13[1].dll -> Spyware.SideFind : Cleaned with backup
C:\Documents and Settings\Chih-Pin\Local Settings\Temporary Internet Files\Content.IE5\0PIH6V2J\optimize[1].exe -> TrojanDownloader.Dyfuca : Cleaned with backup
C:\Documents and Settings\Chih-Pin\Local Settings\Temporary Internet Files\Content.IE5\2T8RWB6N\bb[1].exe -> Spyware.BargainBuddy.l : Cleaned with backup
C:\Documents and Settings\Chih-Pin\Local Settings\Temporary Internet Files\Content.IE5\2T8RWB6N\bb[2].exe -> TrojanDownloader.Adload.a : Cleaned with backup
C:\Documents and Settings\Chih-Pin\Local Settings\Temporary Internet Files\Content.IE5\2T8RWB6N\istsvc[1].exe -> TrojanDownloader.IstBar : Cleaned with backup
C:\Documents and Settings\Chih-Pin\Local Settings\Temporary Internet Files\Content.IE5\ENUJCVOD\nem220[1].dll -> TrojanDownloader.Dyfuca : Cleaned with backup
C:\Documents and Settings\Chih-Pin\Local Settings\Temporary Internet Files\Content.IE5\ENUJCVOD\sidefind[1].exe -> TrojanDownloader.IstBar.jm : Cleaned with backup
C:\Documents and Settings\Chih-Pin\Local Settings\Temporary Internet Files\Content.IE5\ENUJCVOD\xxxzzz[1].exe/rebates.exe -> Spyware.WinAD : Cleaned with backup
C:\Documents and Settings\Chih-Pin\Local Settings\Temporary Internet Files\Content.IE5\ENUJCVOD\xxxzzz[1].exe/toolbar.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Documents and Settings\Chih-Pin\Local Settings\Temporary Internet Files\Content.IE5\ENUJCVOD\xxxzzz[1].exe/rebates.exe -> Spyware.WinAD : Cleaned with backup
C:\Documents and Settings\Chih-Pin\Local Settings\Temporary Internet Files\Content.IE5\ENUJCVOD\xxxzzz[1].exe/toolbar.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Documents and Settings\Chih-Pin\xxxzzz.exe/rebates.exe -> Spyware.WinAD : Cleaned with backup
C:\Documents and Settings\Chih-Pin\xxxzzz.exe/toolbar.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Documents and Settings\Chih-Pin\xxxzzz.exe/rebates.exe -> Spyware.WinAD : Cleaned with backup
C:\Documents and Settings\Chih-Pin\xxxzzz.exe/toolbar.exe -> Trojan.Crypt.e : Cleaned with backup
:mozilla.13:C:\Documents and Settings\Christine\Application Data\Mozilla\Firefox\Profiles\4s97xyzv.default\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.17:C:\Documents and Settings\Christine\Application Data\Mozilla\Firefox\Profiles\4s97xyzv.default\cookies.txt -> Spyware.Cookie.Euniverseads : Cleaned with backup
:mozilla.18:C:\Documents and Settings\Christine\Application Data\Mozilla\Firefox\Profiles\4s97xyzv.default\cookies.txt -> Spyware.Cookie.Euniverseads : Cleaned with backup
:mozilla.21:C:\Documents and Settings\Christine\Application Data\Mozilla\Firefox\Profiles\4s97xyzv.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.23:C:\Documents and Settings\Christine\Application Data\Mozilla\Firefox\Profiles\4s97xyzv.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.24:C:\Documents and Settings\Christine\Application Data\Mozilla\Firefox\Profiles\4s97xyzv.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Christine\Cookies\christine@2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Christine\Cookies\christine@adopt.specificclick[2].txt -> Spyware.Cookie.Specificclick : Cleaned with backup
C:\Documents and Settings\Christine\Cookies\christine@advertising[1].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Christine\Cookies\christine@atdmt[1].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Christine\Cookies\christine@doubleclick[2].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Christine\Cookies\christine@questionmarket[2].txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\Christine\Cookies\christine@servedby.advertising[1].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Christine\Cookies\christine@trafficmp[2].txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\Christine\Cookies\christine@tribalfusion[1].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\Christine\Cookies\christine@z1.adserver[1].txt -> Spyware.Cookie.Adserver : Cleaned with backup
C:\Documents and Settings\Christine\Local Settings\Temp\50.tmp\thnall1ac.exe -> Adware.BetterInternet : Cleaned with backup
C:\Documents and Settings\Christine\Local Settings\Temp\71blz.sys -> Trojan.Delf.cf : Cleaned with backup
C:\Documents and Settings\Christine\Local Settings\Temp\bb.exe -> TrojanDownloader.Adload.a : Cleaned with backup
C:\Documents and Settings\Christine\Local Settings\Temp\crp.sys -> Trojan.Delf.cf : Cleaned with backup
C:\Documents and Settings\Christine\Local Settings\Temp\fWWY1vQ.exe -> TrojanDownloader.IstBar.jj : Cleaned with backup
C:\Documents and Settings\Christine\Local Settings\Temp\jfgudk.exe -> TrojanDownloader.IstBar.ju : Cleaned with backup
C:\Documents and Settings\Christine\Local Settings\Temp\liqp7c25q_.dll -> Adware.SAHA : Cleaned with backup
C:\Documents and Settings\Christine\Local Settings\Temp\setup4021.cab/liqp7c25q_.dll -> Adware.SAHA : Cleaned with backup
C:\Documents and Settings\Christine\Local Settings\Temp\sidefind.exe -> TrojanDownloader.IstBar.jd : Cleaned with backup
C:\Documents and Settings\Christine\Local Settings\Temp\uninstall.exe -> TrojanDownloader.IstBar.gi : Cleaned with backup
C:\Documents and Settings\Christine\Local Settings\Temp\ypf.sys -> Trojan.Delf.cf : Cleaned with backup
C:\Documents and Settings\Christine\Local Settings\Temp\zqzl7.sys -> Trojan.Delf.cf : Cleaned with backup
C:\Documents and Settings\Christine\Local Settings\Temporary Internet Files\Content.IE5\0YQ6VZ0Y\bb[1].exe -> TrojanDownloader.Adload.a : Cleaned with backup
C:\Documents and Settings\Christine\Local Settings\Temporary Internet Files\Content.IE5\0YQ6VZ0Y\istsvc[1].exe -> TrojanDownloader.IstBar : Cleaned with backup
C:\Documents and Settings\Christine\Local Settings\Temporary Internet Files\Content.IE5\0YQ6VZ0Y\power_remove[1].exe -> TrojanDownloader.IstBar.gi : Cleaned with backup
C:\Documents and Settings\Christine\Local Settings\Temporary Internet Files\Content.IE5\0YQ6VZ0Y\vice[1].exe/rebates.exe -> Spyware.WinAD : Cleaned with backup
C:\Documents and Settings\Christine\Local Settings\Temporary Internet Files\Content.IE5\0YQ6VZ0Y\vice[1].exe/toolbar.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Documents and Settings\Christine\Local Settings\Temporary Internet Files\Content.IE5\3ABF1ERG\optimize[1].exe -> TrojanDownloader.Dyfuca : Cleaned with backup
C:\Documents and Settings\Christine\Local Settings\Temporary Internet Files\Content.IE5\3ABF1ERG\powerscan[1].exe -> Spyware.PowerScan : Cleaned with backup
C:\Documents and Settings\Christine\Local Settings\Temporary Internet Files\Content.IE5\B6P5UYB9\xxxzzz[1].exe/rebates.exe -> Spyware.WinAD : Cleaned with backup
C:\Documents and Settings\Christine\Local Settings\Temporary Internet Files\Content.IE5\B6P5UYB9\xxxzzz[1].exe/toolbar.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Documents and Settings\Christine\Local Settings\Temporary Internet Files\Content.IE5\B6P5UYB9\xxxzzz[1].exe/rebates.exe -> Spyware.WinAD : Cleaned with backup
C:\Documents and Settings\Christine\Local Settings\Temporary Internet Files\Content.IE5\B6P5UYB9\xxxzzz[1].exe/toolbar.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Documents and Settings\Christine\Local Settings\Temporary Internet Files\Content.IE5\B6P5UYB9\xxxzzz[2].exe/rebates.exe -> Spyware.WinAD : Cleaned with backup
C:\Documents and Settings\Christine\Local Settings\Temporary Internet Files\Content.IE5\B6P5UYB9\xxxzzz[2].exe/toolbar.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Documents and Settings\Christine\Local Settings\Temporary Internet Files\Content.IE5\B6P5UYB9\xxxzzz[2].exe/rebates.exe -> Spyware.WinAD : Cleaned with backup
C:\Documents and Settings\Christine\Local Settings\Temporary Internet Files\Content.IE5\B6P5UYB9\xxxzzz[2].exe/toolbar.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Documents and Settings\Christine\Local Settings\Temporary Internet Files\Content.IE5\D8FMWOYT\istdownload[2].exe -> TrojanDownloader.IstBar.ju : Cleaned with backup
C:\Documents and Settings\Christine\Local Settings\Temporary Internet Files\Content.IE5\D8FMWOYT\sidefind13[1].dll -> Spyware.SideFind : Cleaned with backup
C:\Documents and Settings\Christine\Local Settings\Temporary Internet Files\Content.IE5\D8FMWOYT\sidefind[1].exe -> TrojanDownloader.IstBar.jd : Cleaned with backup
C:\Documents and Settings\Christine\rebates.exe/rebates.exe -> Spyware.WinAD : Cleaned with backup
C:\Documents and Settings\Christine\rebates.exe/toolbar.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Documents and Settings\Christine\xxxzzz.exe/rebates.exe -> Spyware.WinAD : Cleaned with backup
C:\Documents and Settings\Christine\xxxzzz.exe/toolbar.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Documents and Settings\Christine\xxxzzz.exe/rebates.exe -> Spyware.WinAD : Cleaned with backup
C:\Documents and Settings\Christine\xxxzzz.exe/toolbar.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Documents and Settings\Mei-Ling\Cookies\mei-ling@2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Mei-Ling\Cookies\mei-ling@adopt.specificclick[2].txt -> Spyware.Cookie.Specificclick : Cleaned with backup
C:\Documents and Settings\Mei-Ling\Cookies\mei-ling@ads.pointroll[2].txt -> Spyware.Cookie.Pointroll : Cleaned with backup
C:\Documents and Settings\Mei-Ling\Cookies\mei-ling@advertising[1].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Mei-Ling\Cookies\mei-ling@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Mei-Ling\Cookies\mei-ling@bfast[1].txt -> Spyware.Cookie.Bfast : Cleaned with backup
C:\Documents and Settings\Mei-Ling\Cookies\mei-ling@citi.bridgetrack[1].txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
C:\Documents and Settings\Mei-Ling\Cookies\mei-ling@data.coremetrics[1].txt -> Spyware.Cookie.Coremetrics : Cleaned with backup
C:\Documents and Settings\Mei-Ling\Cookies\mei-ling@doubleclick[2].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Mei-Ling\Cookies\mei-ling@fastclick[2].txt -> Spyware.Cookie.Fastclick : Cleaned with backup
C:\Documents and Settings\Mei-Ling\Cookies\mei-ling@paycounter[1].txt -> Spyware.Cookie.Paycounter : Cleaned with backup
C:\Documents and Settings\Mei-Ling\Cookies\mei-ling@questionmarket[1].txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\Mei-Ling\Cookies\mei-ling@servedby.advertising[2].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Mei-Ling\Cookies\mei-ling@sexlist[1].txt -> Spyware.Cookie.Sexlist : Cleaned with backup
C:\Documents and Settings\Mei-Ling\Cookies\mei-ling@trafficmp[2].txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\Mei-Ling\Local Settings\Temp\jfgudk.exe -> TrojanDownloader.IstBar.ju : Cleaned with backup
C:\Documents and Settings\Mei-Ling\Local Settings\Temp\ypf.sys -> Trojan.Delf.cf : Cleaned with backup
C:\Documents and Settings\Mei-Ling\Local Settings\Temp\zqzl7.sys -> Trojan.Delf.cf : Cleaned with backup
C:\Documents and Settings\Mei-Ling\Local Settings\Temporary Internet Files\Content.IE5\3F1BRX0W\ncase_new[1].exe -> Spyware.180Solutions : Cleaned with backup
C:\Documents and Settings\Mei-Ling\Local Settings\Temporary Internet Files\Content.IE5\3F1BRX0W\tb3[1].cab/toolbar.dll -> Spyware.WebSearch : Cleaned with backup
C:\Documents and Settings\Mei-Ling\Local Settings\Temporary Internet Files\Content.IE5\3F1BRX0W\WinTS[1].cab/WToolsS.exe -> TrojanDownloader.Wintool.f : Cleaned with backup
C:\Documents and Settings\Mei-Ling\Local Settings\Temporary Internet Files\Content.IE5\E9RCDO3Y\power_remove[1].exe -> TrojanDownloader.IstBar.gi : Cleaned with backup
C:\Documents and Settings\Mei-Ling\Local Settings\Temporary Internet Files\Content.IE5\E9RCDO3Y\Toolbar3[1].cab/IExploreSkins.exe -> Spyware.WebSearch : Cleaned with backup
C:\Documents and Settings\Mei-Ling\Local Settings\Temporary Internet Files\Content.IE5\E9RCDO3Y\Toolbar3[1].cab/TBPS.exe -> Spyware.WebSearch : Cleaned with backup
C:\Documents and Settings\Mei-Ling\Local Settings\Temporary Internet Files\Content.IE5\E9RCDO3Y\Toolbar3[1].cab/common.dll -> Spyware.WebSearch : Cleaned with backup
C:\Documents and Settings\Mei-Ling\Local Settings\Temporary Internet Files\Content.IE5\E9RCDO3Y\Toolbar3[1].cab/radio.exe -> Spyware.WebSearch : Cleaned with backup
C:\Documents and Settings\Mei-Ling\Local Settings\Temporary Internet Files\Content.IE5\E9RCDO3Y\Toolbar3[1].cab/toolbar.dll -> Spyware.WebSearch : Cleaned with backup
C:\Documents and Settings\Mei-Ling\Local Settings\Temporary Internet Files\Content.IE5\GRV3YW9D\istdownload[1].exe -> TrojanDownloader.IstBar.ju : Cleaned with backup
C:\Documents and Settings\Mei-Ling\Local Settings\Temporary Internet Files\Content.IE5\GRV3YW9D\istsvc[1].exe -> TrojanDownloader.IstBar : Cleaned with backup
C:\Documents and Settings\Mei-Ling\Local Settings\Temporary Internet Files\Content.IE5\GRV3YW9D\powerscan[1].exe -> Spyware.PowerScan : Cleaned with backup
C:\Documents and Settings\Mei-Ling\Local Settings\Temporary Internet Files\Content.IE5\GRV3YW9D\TBPSSvc[1].cab/TBPSSvc.exe -> Spyware.WebSearch : Cleaned with backup
C:\Documents and Settings\Mei-Ling\Local Settings\Temporary Internet Files\Content.IE5\GRV3YW9D\xxxzzz[1].exe/rebates.exe -> Spyware.WinAD : Cleaned with backup
C:\Documents and Settings\Mei-Ling\Local Settings\Temporary Internet Files\Content.IE5\GRV3YW9D\xxxzzz[1].exe/toolbar.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Documents and Settings\Mei-Ling\Local Settings\Temporary Internet Files\Content.IE5\GRV3YW9D\xxxzzz[1].exe/rebates.exe -> Spyware.WinAD : Cleaned with backup
C:\Documents and Settings\Mei-Ling\Local Settings\Temporary Internet Files\Content.IE5\GRV3YW9D\xxxzzz[1].exe/toolbar.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Documents and Settings\Mei-Ling\xxxzzz.exe/rebates.exe -> Spyware.WinAD : Cleaned with backup
C:\Documents and Settings\Mei-Ling\xxxzzz.exe/toolbar.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Documents and Settings\Mei-Ling\xxxzzz.exe/rebates.exe -> Spyware.WinAD : Cleaned with backup
C:\Documents and Settings\Mei-Ling\xxxzzz.exe/toolbar.exe -> Trojan.Crypt.e : Cleaned with backup
:mozilla.18:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\k8ecodrr.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.19:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\k8ecodrr.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.40:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\k8ecodrr.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.43:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\k8ecodrr.default\cookies.txt -> Spyware.Cookie.Adtech : Cleaned with backup
:mozilla.44:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\k8ecodrr.default\cookies.txt -> Spyware.Cookie.Adtech : Cleaned with backup
:mozilla.58:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\k8ecodrr.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.59:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\k8ecodrr.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.60:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\k8ecodrr.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.61:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\k8ecodrr.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.71:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\k8ecodrr.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.72:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\k8ecodrr.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.73:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\k8ecodrr.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.74:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\k8ecodrr.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.75:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\k8ecodrr.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.76:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\k8ecodrr.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.95:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\k8ecodrr.default\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.96:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\k8ecodrr.default\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.107:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\k8ecodrr.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.109:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\k8ecodrr.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.110:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\k8ecodrr.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.111:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\k8ecodrr.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.112:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\k8ecodrr.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.113:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\k8ecodrr.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.114:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\k8ecodrr.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.115:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\k8ecodrr.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.116:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\k8ecodrr.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.117:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\k8ecodrr.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.118:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\k8ecodrr.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.119:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\k8ecodrr.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.120:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\k8ecodrr.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.121:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\k8ecodrr.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.122:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\k8ecodrr.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.123:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\k8ecodrr.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.124:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\k8ecodrr.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.125:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\k8ecodrr.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.126:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\k8ecodrr.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.157:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\k8ecodrr.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.158:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\k8ecodrr.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.187:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\k8ecodrr.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.188:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\k8ecodrr.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.200:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\k8ecodrr.default\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.222:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\k8ecodrr.default\cookies.txt -> Spyware.Cookie.Targetnet : Cleaned with backup
:mozilla.224:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\k8ecodrr.default\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@247realmedia[1].txt -> Spyware.Cookie.247realmedia : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@adopt.specificclick[2].txt -> Spyware.Cookie.Specificclick : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@adorigin[1].txt -> Spyware.Cookie.Adorigin : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@ads.addynamix[1].txt -> Spyware.Cookie.Addynamix : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@ads.euniverseads[2].txt -> Spyware.Cookie.Euniverseads : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@ads.pointroll[2].txt -> Spyware.Cookie.Pointroll : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@advertising[2].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@centrport[1].txt -> Spyware.Cookie.Centrport : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@citi.bridgetrack[2].txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@clickagents[2].txt -> Spyware.Cookie.Clickagents : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@edge.ru4[2].txt -> Spyware.Cookie.Ru4 : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@ehg-comcast.hitbox[1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@fastclick[1].txt -> Spyware.Cookie.Fastclick : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@mediaplex[1].txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@questionmarket[1].txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@servedby.advertising[2].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@targetnet[1].txt -> Spyware.Cookie.Targetnet : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@tradedoubler[2].txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@trafficmp[1].txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@tribalfusion[1].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@valueclick[1].txt -> Spyware.Cookie.Valueclick : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@z1.adserver[1].txt -> Spyware.Cookie.Adserver : Cleaned with backup
C:\Documents and Settings\Owner\iexplorer.exe -> Worm.Dod.a : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\AolCoach.cab/.\Data\player\aolnysev.exe -> Heuristic.Win32.Hijacker1 : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\atiupdate.exe -> TrojanDownloader.Delf.ep : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\bb.exe -> TrojanDownloader.Adload.a : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\D2696\abiuninst.exe -> Adware.BetterInternet : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\dealhelper.exe -> TrojanDownloader.Agent.hw : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\fWWY1vQ.exe -> TrojanDownloader.IstBar.ju : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\GKC\aurareco.exe -> Adware.BetterInternet : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\hvr.sys -> Trojan.Kolweb.b : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\iinstall.exe -> Heuristic.Win32.Hijacker1 : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\jfgudk.exe -> TrojanDownloader.IstBar.ju : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\sidefind.exe -> TrojanDownloader.IstBar.jm : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\uninstall.exe -> TrojanDownloader.IstBar.gi : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\whenu.exe -> Adware.SaveNow : Cleaned with backup
C:\Documents and Settings\Owner\xxxzzz.exe/rebates.exe -> Spyware.WinAD : Cleaned with backup
C:\Documents and Settings\Owner\xxxzzz.exe/toolbar.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Documents and Settings\Owner\xxxzzz.exe/rebates.exe -> Spyware.WinAD : Cleaned with backup
C:\Documents and Settings\Owner\xxxzzz.exe/toolbar.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll -> Spyware.Wheaterbug : Cleaned with backup
C:\Program Files\C2Media\Setup.exe -> Spyware.Lop : Cleaned with backup
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe -> Heuristic.Win32.Dialer : Cleaned with backup
C:\Program Files\Common Files\aolback\Comps\coach\aolcinst.exe/data\player\aolnysev.exe -> Heuristic.Win32.Hijacker1 : Cleaned with backup
C:\Program Files\Common Files\aolshare\Coach\en_en\player\AOLNySEV.exe -> Heuristic.Win32.Hijacker1 : Cleaned with backup
C:\Program Files\Common Files\rfmk\rfmka.exe -> TrojanDownloader.TSUpdate.l : Cleaned with backup
C:\Program Files\Common Files\rfmk\rfmkl.exe -> TrojanDownloader.TSUpdate.j : Cleaned with backup
C:\Program Files\Common Files\rfmk\rfmkm.exe -> TrojanDownloader.TSUpdate.k : Cleaned with backup
C:\Program Files\Common Files\rfmk\rfmkp.exe -> Spyware.Xupiter : Cleaned with backup
C:\Program Files\Online Services\AOL90US\comps\coach\aolcinst.exe/.\Data\player\aolnysev.exe -> Heuristic.Win32.Hijacker1 : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\YSBactivex.dll -> TrojanDownloader.IstBar.fy : Cleaned with backup
C:\WINDOWS\hvr.sys -> Trojan.Kolweb.b : Cleaned with backup
C:\WINDOWS\lzzarcy.exe -> Adware.BetterInternet : Cleaned with backup
C:\WINDOWS\systb.dll -> Spyware.ImiBar : Cleaned with backup
C:\WINDOWS\system32\1r77a97b.dll -> Adware.SAHA : Cleaned with backup
C:\WINDOWS\system32\8b8kpqpd.exe -> Adware.SAHA : Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\ENUJCVOD\bobby[1].exe -> TrojanDownloader.Small.sg : Cleaned with backup
C:\WINDOWS\system32\File.zip/Corrupt.scr -> Worm.Dod.a : Cleaned with backup
C:\WINDOWS\system32\fo0ky.exe -> Trojan.Kolweb.b : Cleaned with backup
C:\WINDOWS\system32\Fzuqpa.exe -> Spyware.DealHelper : Cleaned with backup
C:\WINDOWS\system32\hvr.sys -> Trojan.Kolweb.b : Cleaned with backup
C:\WINDOWS\system32\iviresizepx.exe -> TrojanDownloader.Small.us : Cleaned with backup
C:\WINDOWS\system32\llaqb6sk.exe -> Adware.SAHA : Cleaned with backup
C:\WINDOWS\system32\mirindaspf.exe -> Trojan.Kolweb.b : Cleaned with backup
C:\WINDOWS\system32\msxct.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\WINDOWS\system32\rebates.exe/WEBREB~1.EXE -> Spyware.WinAD : Cleaned with backup
C:\WINDOWS\system32\uqvnc2ga.dll -> Adware.SAHA : Cleaned with backup
C:\WINDOWS\system32\webrebates.exe/rebates.exe -> Spyware.WinAD : Cleaned with backup
C:\WINDOWS\system32\webrebates.exe/toolbar.exe -> Trojan.Crypt.e : Cleaned with backup
C:\WINDOWS\system32\yjasshe.exe -> Trojan.Agent.cp : Cleaned with backup
C:\WINDOWS\tattldozhm.exe -> Adware.BetterInternet : Cleaned with backup
C:\WINDOWS\tdtb.exe -> Trojan.Imiserv.c : Cleaned with backup
C:\WINDOWS\wt\wtvh.dll -> Spyware.WildTangent : Cleaned with backup
C:\WINDOWS\wupdt.exe -> TrojanDownloader.Intexp.c : Cleaned with backup
::Report End
New HJT log and ewido:
Logfile of HijackThis v1.99.1
Scan saved at 9:32:50 PM, on 7/6/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\gearsec.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
c:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Real\Update_OB\rnathchk.exe
C:\PROGRA~1\AIM\aim.exe
C:\Documents and Settings\Owner\Desktop\hijackthis\HijackThis.exe
C:\WINDOWS\System32\wuauclt.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...rio&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TY...rio&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...rio&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TY...rio&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TY...rio&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://ie.redirect.hp.com/svs/rdr?TY...rio&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,First Home Page = C:\Program Files\AOL Toolbar\welcome.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Win Server Updt] C:\WINDOWS\wupdt.exe
O4 - HKLM\..\Run: [qmvpymw] c:\windows\system32\yjasshe.exe
O4 - HKCU\..\Run: [UWICKCD] F:\AUTORUN\UWICK.EXE F:\AUTORUN
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Gear Security Service (GEARSecurity) - GEAR Software - C:\WINDOWS\System32\gearsec.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------
+ Created on: 9:04:36 PM, 7/6/2005
+ Report-Checksum: 37FD2E3
+ Scan result:
HKLM\SOFTWARE\Classes\ANSMTP.MassSender -> Spyware.007Spy : Cleaned with backup
HKLM\SOFTWARE\Classes\ANSMTP.MassSender\CLSID -> Spyware.007Spy : Cleaned with backup
HKLM\SOFTWARE\Classes\ANSMTP.MassSender\CurVer -> Spyware.007Spy : Cleaned with backup
HKLM\SOFTWARE\Classes\ANSMTP.OBJ -> Spyware.007Spy : Cleaned with backup
HKLM\SOFTWARE\Classes\ANSMTP.OBJ\CLSID -> Spyware.007Spy : Cleaned with backup
HKLM\SOFTWARE\Classes\ANSMTP.OBJ\CurVer -> Spyware.007Spy : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{01F44A8A-8C97-4325-A378-76E68DC4AB2E} -> Spyware.IEPlugin : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} -> Spyware.MiniBug : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{771A1334-6B08-4a6b-AEDC-CF994BA2CEBE} -> Spyware.YourSiteBar : Cleaned with backup
HKLM\SOFTWARE\Classes\IMIToolbar.BottomFrame -> Spyware.IEPlugin : Cleaned with backup
HKLM\SOFTWARE\Classes\IMIToolbar.BottomFrame\CLSID -> Spyware.IEPlugin : Cleaned with backup
HKLM\SOFTWARE\Classes\IMIToolbar.BottomFrame\CurVer -> Spyware.IEPlugin : Cleaned with backup
HKLM\SOFTWARE\Classes\IMIToolbar.LeftFrame -> Spyware.IEPlugin : Cleaned with backup
HKLM\SOFTWARE\Classes\IMIToolbar.LeftFrame\CLSID -> Spyware.IEPlugin : Cleaned with backup
HKLM\SOFTWARE\Classes\IMIToolbar.LeftFrame\CurVer -> Spyware.IEPlugin : Cleaned with backup
HKLM\SOFTWARE\Classes\IMIToolbar.PopupBrowser -> Spyware.IEPlugin : Cleaned with backup
HKLM\SOFTWARE\Classes\IMIToolbar.PopupBrowser\CLSID -> Spyware.IEPlugin : Cleaned with backup
HKLM\SOFTWARE\Classes\IMIToolbar.PopupBrowser\CurVer -> Spyware.IEPlugin : Cleaned with backup
HKLM\SOFTWARE\Classes\IMIToolbar.PopupWindow -> Spyware.IEPlugin : Cleaned with backup
HKLM\SOFTWARE\Classes\IMIToolbar.PopupWindow\CLSID -> Spyware.IEPlugin : Cleaned with backup
HKLM\SOFTWARE\Classes\IMIToolbar.PopupWindow\CurVer -> Spyware.IEPlugin : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{339D8AFF-0B42-4260-AD82-78CE605A9543} -> Spyware.SideFind : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{A36A5936-CFD9-4B41-86BD-319A1931887F} -> Spyware.SideFind : Cleaned with backup
HKLM\SOFTWARE\Classes\PROTOCOLS\Name-Space Handler\res -> Spyware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\Wbho.Band -> Spyware.IEPlugin : Cleaned with backup
HKLM\SOFTWARE\Classes\Wbho.Band\CLSID -> Spyware.IEPlugin : Cleaned with backup
HKLM\SOFTWARE\Classes\Wbho.Band\CurVer -> Spyware.IEPlugin : Cleaned with backup
HKLM\SOFTWARE\Classes\YSBactivex.Installer -> Spyware.YourSiteBar : Cleaned with backup
HKLM\SOFTWARE\Classes\YSBactivex.Installer\CLSID -> Spyware.YourSiteBar : Cleaned with backup
HKLM\SOFTWARE\Classes\YSBactivex.Installer\CurVer -> Spyware.YourSiteBar : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{771A1334-6B08-4A6B-AEDC-CF994BA2CEBE} -> Spyware.YourSiteBar : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{01F44A8A-8C97-4325-A378-76E68DC4AB2E} -> Spyware.IEPlugin : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3FDD654-A057-4971-9844-4ED8E67DBBB8} -> Spyware.ISTBar : Cleaned with backup
HKU\S-1-5-21-3093650616-4081877627-3238620564-1003\Software\intexp -> Spyware.IEPlugin : Cleaned with backup
HKU\S-1-5-21-3093650616-4081877627-3238620564-1003\Software\Microsoft\Internet Explorer\Explorer Bars\{8CBA1B49-8144-4721-A7B1-64C578C9EED7} -> Spyware.SideFind : Cleaned with backup
HKU\S-1-5-21-3093650616-4081877627-3238620564-1003\Software\PowerScan -> Spyware.PowerScan : Cleaned with backup
C:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\OptClean.exe -> Heuristic.Win32.Hijacker1 : Cleaned with backup
C:\Documents and Settings\Chih-Pin\Cookies\chih-pin@www.xxxtoolbar[1].txt -> Spyware.Cookie.Xxxtoolbar : Cleaned with backup
C:\Documents and Settings\Chih-Pin\Local Settings\Temp\bb.exe -> TrojanDownloader.Adload.a : Cleaned with backup
C:\Documents and Settings\Chih-Pin\Local Settings\Temp\iinstall.exe -> TrojanDownloader.IstBar : Cleaned with backup
C:\Documents and Settings\Chih-Pin\Local Settings\Temp\sidefind.exe -> TrojanDownloader.IstBar.jm : Cleaned with backup
C:\Documents and Settings\Chih-Pin\Local Settings\Temp\ypf.sys -> Trojan.Delf.cf : Cleaned with backup
C:\Documents and Settings\Chih-Pin\Local Settings\Temp\zqzl7.sys -> Trojan.Delf.cf : Cleaned with backup
C:\Documents and Settings\Chih-Pin\Local Settings\Temporary Internet Files\Content.IE5\03WZAHS7\sidefind13[1].dll -> Spyware.SideFind : Cleaned with backup
C:\Documents and Settings\Chih-Pin\Local Settings\Temporary Internet Files\Content.IE5\0PIH6V2J\optimize[1].exe -> TrojanDownloader.Dyfuca : Cleaned with backup
C:\Documents and Settings\Chih-Pin\Local Settings\Temporary Internet Files\Content.IE5\2T8RWB6N\bb[1].exe -> Spyware.BargainBuddy.l : Cleaned with backup
C:\Documents and Settings\Chih-Pin\Local Settings\Temporary Internet Files\Content.IE5\2T8RWB6N\bb[2].exe -> TrojanDownloader.Adload.a : Cleaned with backup
C:\Documents and Settings\Chih-Pin\Local Settings\Temporary Internet Files\Content.IE5\2T8RWB6N\istsvc[1].exe -> TrojanDownloader.IstBar : Cleaned with backup
C:\Documents and Settings\Chih-Pin\Local Settings\Temporary Internet Files\Content.IE5\ENUJCVOD\nem220[1].dll -> TrojanDownloader.Dyfuca : Cleaned with backup
C:\Documents and Settings\Chih-Pin\Local Settings\Temporary Internet Files\Content.IE5\ENUJCVOD\sidefind[1].exe -> TrojanDownloader.IstBar.jm : Cleaned with backup
C:\Documents and Settings\Chih-Pin\Local Settings\Temporary Internet Files\Content.IE5\ENUJCVOD\xxxzzz[1].exe/rebates.exe -> Spyware.WinAD : Cleaned with backup
C:\Documents and Settings\Chih-Pin\Local Settings\Temporary Internet Files\Content.IE5\ENUJCVOD\xxxzzz[1].exe/toolbar.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Documents and Settings\Chih-Pin\Local Settings\Temporary Internet Files\Content.IE5\ENUJCVOD\xxxzzz[1].exe/rebates.exe -> Spyware.WinAD : Cleaned with backup
C:\Documents and Settings\Chih-Pin\Local Settings\Temporary Internet Files\Content.IE5\ENUJCVOD\xxxzzz[1].exe/toolbar.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Documents and Settings\Chih-Pin\xxxzzz.exe/rebates.exe -> Spyware.WinAD : Cleaned with backup
C:\Documents and Settings\Chih-Pin\xxxzzz.exe/toolbar.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Documents and Settings\Chih-Pin\xxxzzz.exe/rebates.exe -> Spyware.WinAD : Cleaned with backup
C:\Documents and Settings\Chih-Pin\xxxzzz.exe/toolbar.exe -> Trojan.Crypt.e : Cleaned with backup
:mozilla.13:C:\Documents and Settings\Christine\Application Data\Mozilla\Firefox\Profiles\4s97xyzv.default\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.17:C:\Documents and Settings\Christine\Application Data\Mozilla\Firefox\Profiles\4s97xyzv.default\cookies.txt -> Spyware.Cookie.Euniverseads : Cleaned with backup
:mozilla.18:C:\Documents and Settings\Christine\Application Data\Mozilla\Firefox\Profiles\4s97xyzv.default\cookies.txt -> Spyware.Cookie.Euniverseads : Cleaned with backup
:mozilla.21:C:\Documents and Settings\Christine\Application Data\Mozilla\Firefox\Profiles\4s97xyzv.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.23:C:\Documents and Settings\Christine\Application Data\Mozilla\Firefox\Profiles\4s97xyzv.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.24:C:\Documents and Settings\Christine\Application Data\Mozilla\Firefox\Profiles\4s97xyzv.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Christine\Cookies\christine@2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Christine\Cookies\christine@adopt.specificclick[2].txt -> Spyware.Cookie.Specificclick : Cleaned with backup
C:\Documents and Settings\Christine\Cookies\christine@advertising[1].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Christine\Cookies\christine@atdmt[1].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Christine\Cookies\christine@doubleclick[2].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Christine\Cookies\christine@questionmarket[2].txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\Christine\Cookies\christine@servedby.advertising[1].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Christine\Cookies\christine@trafficmp[2].txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\Christine\Cookies\christine@tribalfusion[1].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\Christine\Cookies\christine@z1.adserver[1].txt -> Spyware.Cookie.Adserver : Cleaned with backup
C:\Documents and Settings\Christine\Local Settings\Temp\50.tmp\thnall1ac.exe -> Adware.BetterInternet : Cleaned with backup
C:\Documents and Settings\Christine\Local Settings\Temp\71blz.sys -> Trojan.Delf.cf : Cleaned with backup
C:\Documents and Settings\Christine\Local Settings\Temp\bb.exe -> TrojanDownloader.Adload.a : Cleaned with backup
C:\Documents and Settings\Christine\Local Settings\Temp\crp.sys -> Trojan.Delf.cf : Cleaned with backup
C:\Documents and Settings\Christine\Local Settings\Temp\fWWY1vQ.exe -> TrojanDownloader.IstBar.jj : Cleaned with backup
C:\Documents and Settings\Christine\Local Settings\Temp\jfgudk.exe -> TrojanDownloader.IstBar.ju : Cleaned with backup
C:\Documents and Settings\Christine\Local Settings\Temp\liqp7c25q_.dll -> Adware.SAHA : Cleaned with backup
C:\Documents and Settings\Christine\Local Settings\Temp\setup4021.cab/liqp7c25q_.dll -> Adware.SAHA : Cleaned with backup
C:\Documents and Settings\Christine\Local Settings\Temp\sidefind.exe -> TrojanDownloader.IstBar.jd : Cleaned with backup
C:\Documents and Settings\Christine\Local Settings\Temp\uninstall.exe -> TrojanDownloader.IstBar.gi : Cleaned with backup
C:\Documents and Settings\Christine\Local Settings\Temp\ypf.sys -> Trojan.Delf.cf : Cleaned with backup
C:\Documents and Settings\Christine\Local Settings\Temp\zqzl7.sys -> Trojan.Delf.cf : Cleaned with backup
C:\Documents and Settings\Christine\Local Settings\Temporary Internet Files\Content.IE5\0YQ6VZ0Y\bb[1].exe -> TrojanDownloader.Adload.a : Cleaned with backup
C:\Documents and Settings\Christine\Local Settings\Temporary Internet Files\Content.IE5\0YQ6VZ0Y\istsvc[1].exe -> TrojanDownloader.IstBar : Cleaned with backup
C:\Documents and Settings\Christine\Local Settings\Temporary Internet Files\Content.IE5\0YQ6VZ0Y\power_remove[1].exe -> TrojanDownloader.IstBar.gi : Cleaned with backup
C:\Documents and Settings\Christine\Local Settings\Temporary Internet Files\Content.IE5\0YQ6VZ0Y\vice[1].exe/rebates.exe -> Spyware.WinAD : Cleaned with backup
C:\Documents and Settings\Christine\Local Settings\Temporary Internet Files\Content.IE5\0YQ6VZ0Y\vice[1].exe/toolbar.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Documents and Settings\Christine\Local Settings\Temporary Internet Files\Content.IE5\3ABF1ERG\optimize[1].exe -> TrojanDownloader.Dyfuca : Cleaned with backup
C:\Documents and Settings\Christine\Local Settings\Temporary Internet Files\Content.IE5\3ABF1ERG\powerscan[1].exe -> Spyware.PowerScan : Cleaned with backup
C:\Documents and Settings\Christine\Local Settings\Temporary Internet Files\Content.IE5\B6P5UYB9\xxxzzz[1].exe/rebates.exe -> Spyware.WinAD : Cleaned with backup
C:\Documents and Settings\Christine\Local Settings\Temporary Internet Files\Content.IE5\B6P5UYB9\xxxzzz[1].exe/toolbar.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Documents and Settings\Christine\Local Settings\Temporary Internet Files\Content.IE5\B6P5UYB9\xxxzzz[1].exe/rebates.exe -> Spyware.WinAD : Cleaned with backup
C:\Documents and Settings\Christine\Local Settings\Temporary Internet Files\Content.IE5\B6P5UYB9\xxxzzz[1].exe/toolbar.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Documents and Settings\Christine\Local Settings\Temporary Internet Files\Content.IE5\B6P5UYB9\xxxzzz[2].exe/rebates.exe -> Spyware.WinAD : Cleaned with backup
C:\Documents and Settings\Christine\Local Settings\Temporary Internet Files\Content.IE5\B6P5UYB9\xxxzzz[2].exe/toolbar.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Documents and Settings\Christine\Local Settings\Temporary Internet Files\Content.IE5\B6P5UYB9\xxxzzz[2].exe/rebates.exe -> Spyware.WinAD : Cleaned with backup
C:\Documents and Settings\Christine\Local Settings\Temporary Internet Files\Content.IE5\B6P5UYB9\xxxzzz[2].exe/toolbar.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Documents and Settings\Christine\Local Settings\Temporary Internet Files\Content.IE5\D8FMWOYT\istdownload[2].exe -> TrojanDownloader.IstBar.ju : Cleaned with backup
C:\Documents and Settings\Christine\Local Settings\Temporary Internet Files\Content.IE5\D8FMWOYT\sidefind13[1].dll -> Spyware.SideFind : Cleaned with backup
C:\Documents and Settings\Christine\Local Settings\Temporary Internet Files\Content.IE5\D8FMWOYT\sidefind[1].exe -> TrojanDownloader.IstBar.jd : Cleaned with backup
C:\Documents and Settings\Christine\rebates.exe/rebates.exe -> Spyware.WinAD : Cleaned with backup
C:\Documents and Settings\Christine\rebates.exe/toolbar.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Documents and Settings\Christine\xxxzzz.exe/rebates.exe -> Spyware.WinAD : Cleaned with backup
C:\Documents and Settings\Christine\xxxzzz.exe/toolbar.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Documents and Settings\Christine\xxxzzz.exe/rebates.exe -> Spyware.WinAD : Cleaned with backup
C:\Documents and Settings\Christine\xxxzzz.exe/toolbar.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Documents and Settings\Mei-Ling\Cookies\mei-ling@2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Mei-Ling\Cookies\mei-ling@adopt.specificclick[2].txt -> Spyware.Cookie.Specificclick : Cleaned with backup
C:\Documents and Settings\Mei-Ling\Cookies\mei-ling@ads.pointroll[2].txt -> Spyware.Cookie.Pointroll : Cleaned with backup
C:\Documents and Settings\Mei-Ling\Cookies\mei-ling@advertising[1].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Mei-Ling\Cookies\mei-ling@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Mei-Ling\Cookies\mei-ling@bfast[1].txt -> Spyware.Cookie.Bfast : Cleaned with backup
C:\Documents and Settings\Mei-Ling\Cookies\mei-ling@citi.bridgetrack[1].txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
C:\Documents and Settings\Mei-Ling\Cookies\mei-ling@data.coremetrics[1].txt -> Spyware.Cookie.Coremetrics : Cleaned with backup
C:\Documents and Settings\Mei-Ling\Cookies\mei-ling@doubleclick[2].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Mei-Ling\Cookies\mei-ling@fastclick[2].txt -> Spyware.Cookie.Fastclick : Cleaned with backup
C:\Documents and Settings\Mei-Ling\Cookies\mei-ling@paycounter[1].txt -> Spyware.Cookie.Paycounter : Cleaned with backup
C:\Documents and Settings\Mei-Ling\Cookies\mei-ling@questionmarket[1].txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\Mei-Ling\Cookies\mei-ling@servedby.advertising[2].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Mei-Ling\Cookies\mei-ling@sexlist[1].txt -> Spyware.Cookie.Sexlist : Cleaned with backup
C:\Documents and Settings\Mei-Ling\Cookies\mei-ling@trafficmp[2].txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\Mei-Ling\Local Settings\Temp\jfgudk.exe -> TrojanDownloader.IstBar.ju : Cleaned with backup
C:\Documents and Settings\Mei-Ling\Local Settings\Temp\ypf.sys -> Trojan.Delf.cf : Cleaned with backup
C:\Documents and Settings\Mei-Ling\Local Settings\Temp\zqzl7.sys -> Trojan.Delf.cf : Cleaned with backup
C:\Documents and Settings\Mei-Ling\Local Settings\Temporary Internet Files\Content.IE5\3F1BRX0W\ncase_new[1].exe -> Spyware.180Solutions : Cleaned with backup
C:\Documents and Settings\Mei-Ling\Local Settings\Temporary Internet Files\Content.IE5\3F1BRX0W\tb3[1].cab/toolbar.dll -> Spyware.WebSearch : Cleaned with backup
C:\Documents and Settings\Mei-Ling\Local Settings\Temporary Internet Files\Content.IE5\3F1BRX0W\WinTS[1].cab/WToolsS.exe -> TrojanDownloader.Wintool.f : Cleaned with backup
C:\Documents and Settings\Mei-Ling\Local Settings\Temporary Internet Files\Content.IE5\E9RCDO3Y\power_remove[1].exe -> TrojanDownloader.IstBar.gi : Cleaned with backup
C:\Documents and Settings\Mei-Ling\Local Settings\Temporary Internet Files\Content.IE5\E9RCDO3Y\Toolbar3[1].cab/IExploreSkins.exe -> Spyware.WebSearch : Cleaned with backup
C:\Documents and Settings\Mei-Ling\Local Settings\Temporary Internet Files\Content.IE5\E9RCDO3Y\Toolbar3[1].cab/TBPS.exe -> Spyware.WebSearch : Cleaned with backup
C:\Documents and Settings\Mei-Ling\Local Settings\Temporary Internet Files\Content.IE5\E9RCDO3Y\Toolbar3[1].cab/common.dll -> Spyware.WebSearch : Cleaned with backup
C:\Documents and Settings\Mei-Ling\Local Settings\Temporary Internet Files\Content.IE5\E9RCDO3Y\Toolbar3[1].cab/radio.exe -> Spyware.WebSearch : Cleaned with backup
C:\Documents and Settings\Mei-Ling\Local Settings\Temporary Internet Files\Content.IE5\E9RCDO3Y\Toolbar3[1].cab/toolbar.dll -> Spyware.WebSearch : Cleaned with backup
C:\Documents and Settings\Mei-Ling\Local Settings\Temporary Internet Files\Content.IE5\GRV3YW9D\istdownload[1].exe -> TrojanDownloader.IstBar.ju : Cleaned with backup
C:\Documents and Settings\Mei-Ling\Local Settings\Temporary Internet Files\Content.IE5\GRV3YW9D\istsvc[1].exe -> TrojanDownloader.IstBar : Cleaned with backup
C:\Documents and Settings\Mei-Ling\Local Settings\Temporary Internet Files\Content.IE5\GRV3YW9D\powerscan[1].exe -> Spyware.PowerScan : Cleaned with backup
C:\Documents and Settings\Mei-Ling\Local Settings\Temporary Internet Files\Content.IE5\GRV3YW9D\TBPSSvc[1].cab/TBPSSvc.exe -> Spyware.WebSearch : Cleaned with backup
C:\Documents and Settings\Mei-Ling\Local Settings\Temporary Internet Files\Content.IE5\GRV3YW9D\xxxzzz[1].exe/rebates.exe -> Spyware.WinAD : Cleaned with backup
C:\Documents and Settings\Mei-Ling\Local Settings\Temporary Internet Files\Content.IE5\GRV3YW9D\xxxzzz[1].exe/toolbar.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Documents and Settings\Mei-Ling\Local Settings\Temporary Internet Files\Content.IE5\GRV3YW9D\xxxzzz[1].exe/rebates.exe -> Spyware.WinAD : Cleaned with backup
C:\Documents and Settings\Mei-Ling\Local Settings\Temporary Internet Files\Content.IE5\GRV3YW9D\xxxzzz[1].exe/toolbar.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Documents and Settings\Mei-Ling\xxxzzz.exe/rebates.exe -> Spyware.WinAD : Cleaned with backup
C:\Documents and Settings\Mei-Ling\xxxzzz.exe/toolbar.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Documents and Settings\Mei-Ling\xxxzzz.exe/rebates.exe -> Spyware.WinAD : Cleaned with backup
C:\Documents and Settings\Mei-Ling\xxxzzz.exe/toolbar.exe -> Trojan.Crypt.e : Cleaned with backup
:mozilla.18:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\k8ecodrr.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.19:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\k8ecodrr.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.40:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\k8ecodrr.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.43:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\k8ecodrr.default\cookies.txt -> Spyware.Cookie.Adtech : Cleaned with backup
:mozilla.44:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\k8ecodrr.default\cookies.txt -> Spyware.Cookie.Adtech : Cleaned with backup
:mozilla.58:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\k8ecodrr.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.59:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\k8ecodrr.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.60:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\k8ecodrr.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.61:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\k8ecodrr.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.71:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\k8ecodrr.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.72:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\k8ecodrr.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.73:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\k8ecodrr.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.74:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\k8ecodrr.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.75:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\k8ecodrr.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.76:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\k8ecodrr.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.95:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\k8ecodrr.default\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.96:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\k8ecodrr.default\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.107:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\k8ecodrr.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.109:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\k8ecodrr.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.110:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\k8ecodrr.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.111:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\k8ecodrr.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.112:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\k8ecodrr.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.113:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\k8ecodrr.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.114:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\k8ecodrr.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.115:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\k8ecodrr.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.116:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\k8ecodrr.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.117:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\k8ecodrr.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.118:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\k8ecodrr.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.119:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\k8ecodrr.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.120:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\k8ecodrr.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.121:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\k8ecodrr.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.122:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\k8ecodrr.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.123:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\k8ecodrr.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.124:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\k8ecodrr.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.125:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\k8ecodrr.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.126:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\k8ecodrr.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.157:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\k8ecodrr.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.158:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\k8ecodrr.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.187:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\k8ecodrr.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.188:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\k8ecodrr.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.200:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\k8ecodrr.default\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.222:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\k8ecodrr.default\cookies.txt -> Spyware.Cookie.Targetnet : Cleaned with backup
:mozilla.224:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\k8ecodrr.default\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@247realmedia[1].txt -> Spyware.Cookie.247realmedia : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@adopt.specificclick[2].txt -> Spyware.Cookie.Specificclick : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@adorigin[1].txt -> Spyware.Cookie.Adorigin : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@ads.addynamix[1].txt -> Spyware.Cookie.Addynamix : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@ads.euniverseads[2].txt -> Spyware.Cookie.Euniverseads : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@ads.pointroll[2].txt -> Spyware.Cookie.Pointroll : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@advertising[2].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@centrport[1].txt -> Spyware.Cookie.Centrport : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@citi.bridgetrack[2].txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@clickagents[2].txt -> Spyware.Cookie.Clickagents : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@edge.ru4[2].txt -> Spyware.Cookie.Ru4 : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@ehg-comcast.hitbox[1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@fastclick[1].txt -> Spyware.Cookie.Fastclick : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@mediaplex[1].txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@questionmarket[1].txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@servedby.advertising[2].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@targetnet[1].txt -> Spyware.Cookie.Targetnet : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@tradedoubler[2].txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@trafficmp[1].txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@tribalfusion[1].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@valueclick[1].txt -> Spyware.Cookie.Valueclick : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@z1.adserver[1].txt -> Spyware.Cookie.Adserver : Cleaned with backup
C:\Documents and Settings\Owner\iexplorer.exe -> Worm.Dod.a : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\AolCoach.cab/.\Data\player\aolnysev.exe -> Heuristic.Win32.Hijacker1 : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\atiupdate.exe -> TrojanDownloader.Delf.ep : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\bb.exe -> TrojanDownloader.Adload.a : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\D2696\abiuninst.exe -> Adware.BetterInternet : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\dealhelper.exe -> TrojanDownloader.Agent.hw : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\fWWY1vQ.exe -> TrojanDownloader.IstBar.ju : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\GKC\aurareco.exe -> Adware.BetterInternet : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\hvr.sys -> Trojan.Kolweb.b : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\iinstall.exe -> Heuristic.Win32.Hijacker1 : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\jfgudk.exe -> TrojanDownloader.IstBar.ju : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\sidefind.exe -> TrojanDownloader.IstBar.jm : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\uninstall.exe -> TrojanDownloader.IstBar.gi : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\whenu.exe -> Adware.SaveNow : Cleaned with backup
C:\Documents and Settings\Owner\xxxzzz.exe/rebates.exe -> Spyware.WinAD : Cleaned with backup
C:\Documents and Settings\Owner\xxxzzz.exe/toolbar.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Documents and Settings\Owner\xxxzzz.exe/rebates.exe -> Spyware.WinAD : Cleaned with backup
C:\Documents and Settings\Owner\xxxzzz.exe/toolbar.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll -> Spyware.Wheaterbug : Cleaned with backup
C:\Program Files\C2Media\Setup.exe -> Spyware.Lop : Cleaned with backup
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe -> Heuristic.Win32.Dialer : Cleaned with backup
C:\Program Files\Common Files\aolback\Comps\coach\aolcinst.exe/data\player\aolnysev.exe -> Heuristic.Win32.Hijacker1 : Cleaned with backup
C:\Program Files\Common Files\aolshare\Coach\en_en\player\AOLNySEV.exe -> Heuristic.Win32.Hijacker1 : Cleaned with backup
C:\Program Files\Common Files\rfmk\rfmka.exe -> TrojanDownloader.TSUpdate.l : Cleaned with backup
C:\Program Files\Common Files\rfmk\rfmkl.exe -> TrojanDownloader.TSUpdate.j : Cleaned with backup
C:\Program Files\Common Files\rfmk\rfmkm.exe -> TrojanDownloader.TSUpdate.k : Cleaned with backup
C:\Program Files\Common Files\rfmk\rfmkp.exe -> Spyware.Xupiter : Cleaned with backup
C:\Program Files\Online Services\AOL90US\comps\coach\aolcinst.exe/.\Data\player\aolnysev.exe -> Heuristic.Win32.Hijacker1 : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\YSBactivex.dll -> TrojanDownloader.IstBar.fy : Cleaned with backup
C:\WINDOWS\hvr.sys -> Trojan.Kolweb.b : Cleaned with backup
C:\WINDOWS\lzzarcy.exe -> Adware.BetterInternet : Cleaned with backup
C:\WINDOWS\systb.dll -> Spyware.ImiBar : Cleaned with backup
C:\WINDOWS\system32\1r77a97b.dll -> Adware.SAHA : Cleaned with backup
C:\WINDOWS\system32\8b8kpqpd.exe -> Adware.SAHA : Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\ENUJCVOD\bobby[1].exe -> TrojanDownloader.Small.sg : Cleaned with backup
C:\WINDOWS\system32\File.zip/Corrupt.scr -> Worm.Dod.a : Cleaned with backup
C:\WINDOWS\system32\fo0ky.exe -> Trojan.Kolweb.b : Cleaned with backup
C:\WINDOWS\system32\Fzuqpa.exe -> Spyware.DealHelper : Cleaned with backup
C:\WINDOWS\system32\hvr.sys -> Trojan.Kolweb.b : Cleaned with backup
C:\WINDOWS\system32\iviresizepx.exe -> TrojanDownloader.Small.us : Cleaned with backup
C:\WINDOWS\system32\llaqb6sk.exe -> Adware.SAHA : Cleaned with backup
C:\WINDOWS\system32\mirindaspf.exe -> Trojan.Kolweb.b : Cleaned with backup
C:\WINDOWS\system32\msxct.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\WINDOWS\system32\rebates.exe/WEBREB~1.EXE -> Spyware.WinAD : Cleaned with backup
C:\WINDOWS\system32\uqvnc2ga.dll -> Adware.SAHA : Cleaned with backup
C:\WINDOWS\system32\webrebates.exe/rebates.exe -> Spyware.WinAD : Cleaned with backup
C:\WINDOWS\system32\webrebates.exe/toolbar.exe -> Trojan.Crypt.e : Cleaned with backup
C:\WINDOWS\system32\yjasshe.exe -> Trojan.Agent.cp : Cleaned with backup
C:\WINDOWS\tattldozhm.exe -> Adware.BetterInternet : Cleaned with backup
C:\WINDOWS\tdtb.exe -> Trojan.Imiserv.c : Cleaned with backup
C:\WINDOWS\wt\wtvh.dll -> Spyware.WildTangent : Cleaned with backup
C:\WINDOWS\wupdt.exe -> TrojanDownloader.Intexp.c : Cleaned with backup
::Report End
*grrr*
Something has retriggered pieces of Aurora and the "Win Server Updt" infection. Let's carefully and completely repeat the basic Aurora cleaning proceedure, with the following adjustments:
* Reboot into Safe Mode again.
* Once in Safe Mode, double-click on Nailfix.cmd. Your desktop and icons will disappear and reappear, and a window should open and close very quickly (this is normal).
* Then run Ewido, and run a full scan. Save the logfile from the scan.
* Next run HijackThis, click Scan, and put a check in the box to the left of:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?T...ario&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?T...ario&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?T...ario&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?T...ario&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?T...ario&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://ie.redirect.hp.com/svs/rdr?T...ario&pf=desktop
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O4 - HKLM\..\Run: [Win Server Updt] C:\WINDOWS\wupdt.exe
O4 - HKLM\..\Run: [qmvpymw] c:\windows\system32\yjasshe.exe
Close all open windows except for HijackThis and click Fix Checked.
- Close HijackThis.
* Open Windows Explorer, and in the Folder Options->View settings under the Tools menu, select "show hidden files and folders", and uncheck "Hide protected operating system files" and "Hide extentions for known file types".
- Locate and delete the following files:
C:\WINDOWS\Nail.exe
C:\WINDOWS\wupdt.exe
c:\windows\system32\yjasshe.exe
- For every user account listed under C:\Documents and Settings, delete the entire contents of these folders (but not the folders themselves):
Important: One of the normal steps in eliminating malicious programs is to entirely delete the contents of all Temp folders. Given that, if any data that you care about is living in those Temp folders, you need to move it to a safe location now, or it will be erased along with everything else!
1. Cookies
2. Local Settings\Temp
3. Local Settings\History
4. Local Settings\Temporary Internet Files
- Delete the entire content of your C:\Windows\Temp folder.
- Delete the entire content of your C:\Windows\Prefetch folder.
Note- If you get any messages concerning the deletion of system files such as desktop.ini or index.dat, just choose to delete those files; they'll be automatically regenerated by Windows if needed. Windows will allow you to delete the versions of those files which exist in sub-folders within the main Temp/Temorary folders, but might not let you delete the versions of those files that exist in the main Temp folders themselves; this is normal and OK.
- Empty your Recycle Bin.
* Restart your computer in normal mode and post a new HijackThis log, as well as the log from the Ewido scan.
Something has retriggered pieces of Aurora and the "Win Server Updt" infection. Let's carefully and completely repeat the basic Aurora cleaning proceedure, with the following adjustments:
* Reboot into Safe Mode again.
* Once in Safe Mode, double-click on Nailfix.cmd. Your desktop and icons will disappear and reappear, and a window should open and close very quickly (this is normal).
* Then run Ewido, and run a full scan. Save the logfile from the scan.
* Next run HijackThis, click Scan, and put a check in the box to the left of:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?T...ario&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?T...ario&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?T...ario&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?T...ario&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?T...ario&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://ie.redirect.hp.com/svs/rdr?T...ario&pf=desktop
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O4 - HKLM\..\Run: [Win Server Updt] C:\WINDOWS\wupdt.exe
O4 - HKLM\..\Run: [qmvpymw] c:\windows\system32\yjasshe.exe
Close all open windows except for HijackThis and click Fix Checked.
- Close HijackThis.
* Open Windows Explorer, and in the Folder Options->View settings under the Tools menu, select "show hidden files and folders", and uncheck "Hide protected operating system files" and "Hide extentions for known file types".
- Locate and delete the following files:
C:\WINDOWS\Nail.exe
C:\WINDOWS\wupdt.exe
c:\windows\system32\yjasshe.exe
- For every user account listed under C:\Documents and Settings, delete the entire contents of these folders (but not the folders themselves):
Important: One of the normal steps in eliminating malicious programs is to entirely delete the contents of all Temp folders. Given that, if any data that you care about is living in those Temp folders, you need to move it to a safe location now, or it will be erased along with everything else!
1. Cookies
2. Local Settings\Temp
3. Local Settings\History
4. Local Settings\Temporary Internet Files
- Delete the entire content of your C:\Windows\Temp folder.
- Delete the entire content of your C:\Windows\Prefetch folder.
Note- If you get any messages concerning the deletion of system files such as desktop.ini or index.dat, just choose to delete those files; they'll be automatically regenerated by Windows if needed. Windows will allow you to delete the versions of those files which exist in sub-folders within the main Temp/Temorary folders, but might not let you delete the versions of those files that exist in the main Temp folders themselves; this is normal and OK.
- Empty your Recycle Bin.
* Restart your computer in normal mode and post a new HijackThis log, as well as the log from the Ewido scan.
"May the Wombat of Happiness snuffle through your underbrush."
- Ancient Aborigine blessing
Please do not contact me by email or PM for help. We're all volunteers here, and only have so much free time to dedicate to our efforts.
However, if I've been working on a thread with you already, and seem to have "forgotten" your thread, please do send me a message. I try not to let things slip through the cracks, but it does happen sometimes.
- Ancient Aborigine blessing
Please do not contact me by email or PM for help. We're all volunteers here, and only have so much free time to dedicate to our efforts.
However, if I've been working on a thread with you already, and seem to have "forgotten" your thread, please do send me a message. I try not to let things slip through the cracks, but it does happen sometimes.
Logfile of HijackThis v1.99.1
Scan saved at 1:36:35 PM, on 7/8/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\gearsec.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
c:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\AIM\aim.exe
C:\Program Files\Common Files\Real\Update_OB\rnathchk.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Owner\Desktop\hijackthis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,First Home Page = C:\Program Files\AOL Toolbar\welcome.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [UWICKCD] F:\AUTORUN\UWICK.EXE F:\AUTORUN
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Gear Security Service (GEARSecurity) - GEAR Software - C:\WINDOWS\System32\gearsec.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------
+ Created on: 1:05:08 PM, 7/8/2005
+ Report-Checksum: C70822E2
+ Scan result:
:mozilla.14:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\k8ecodrr.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.15:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\k8ecodrr.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.16:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\k8ecodrr.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.17:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\k8ecodrr.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.26:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\k8ecodrr.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.27:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\k8ecodrr.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.28:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\k8ecodrr.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.29:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\k8ecodrr.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.30:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\k8ecodrr.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.31:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\k8ecodrr.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.32:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\k8ecodrr.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.49:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\k8ecodrr.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.50:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\k8ecodrr.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.52:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\k8ecodrr.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.53:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\k8ecodrr.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.54:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\k8ecodrr.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.55:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\k8ecodrr.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.56:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\k8ecodrr.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@adopt.specificclick[2].txt -> Spyware.Cookie.Specificclick : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@advertising[2].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@mediaplex[1].txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@servedby.advertising[2].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe -> Heuristic.Win32.Dialer : Cleaned with backup
::Report End
And, whenever I startup my computer, I get this error message:
http://img.photobucket.com/albums/v2.../nailerror.jpg
I looked up in msconfig and disabled all the stuff, but this message still shows up...
Scan saved at 1:36:35 PM, on 7/8/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\gearsec.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
c:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\AIM\aim.exe
C:\Program Files\Common Files\Real\Update_OB\rnathchk.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Owner\Desktop\hijackthis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,First Home Page = C:\Program Files\AOL Toolbar\welcome.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [UWICKCD] F:\AUTORUN\UWICK.EXE F:\AUTORUN
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Gear Security Service (GEARSecurity) - GEAR Software - C:\WINDOWS\System32\gearsec.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------
+ Created on: 1:05:08 PM, 7/8/2005
+ Report-Checksum: C70822E2
+ Scan result:
:mozilla.14:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\k8ecodrr.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.15:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\k8ecodrr.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.16:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\k8ecodrr.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.17:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\k8ecodrr.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.26:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\k8ecodrr.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.27:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\k8ecodrr.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.28:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\k8ecodrr.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.29:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\k8ecodrr.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.30:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\k8ecodrr.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.31:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\k8ecodrr.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.32:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\k8ecodrr.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.49:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\k8ecodrr.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.50:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\k8ecodrr.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.52:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\k8ecodrr.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.53:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\k8ecodrr.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.54:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\k8ecodrr.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.55:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\k8ecodrr.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.56:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\k8ecodrr.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@adopt.specificclick[2].txt -> Spyware.Cookie.Specificclick : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@advertising[2].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@mediaplex[1].txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@servedby.advertising[2].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe -> Heuristic.Win32.Dialer : Cleaned with backup
::Report End
And, whenever I startup my computer, I get this error message:
http://img.photobucket.com/albums/v2.../nailerror.jpg
I looked up in msconfig and disabled all the stuff, but this message still shows up...
OK- your log is clean now.
In terms of the error message, did you see and/or disable a reference to Nail.exe in the System.ini tab of msconfig? What else (if anything) did you disable with msconfig?
In terms of the error message, did you see and/or disable a reference to Nail.exe in the System.ini tab of msconfig? What else (if anything) did you disable with msconfig?
"May the Wombat of Happiness snuffle through your underbrush."
- Ancient Aborigine blessing
Please do not contact me by email or PM for help. We're all volunteers here, and only have so much free time to dedicate to our efforts.
However, if I've been working on a thread with you already, and seem to have "forgotten" your thread, please do send me a message. I try not to let things slip through the cracks, but it does happen sometimes.
- Ancient Aborigine blessing
Please do not contact me by email or PM for help. We're all volunteers here, and only have so much free time to dedicate to our efforts.
However, if I've been working on a thread with you already, and seem to have "forgotten" your thread, please do send me a message. I try not to let things slip through the cracks, but it does happen sometimes.
I didn't see any reference to Nail.exe at all, unless the name for that is totally different.
Here is what currently is enabled with msconfig in the startup section:
qttask
realsched
AOLDial
AUTORUN
aim
ctfmon
The only one item that I don't recognize is the ctfmon. I keeps on getting enabled after I disable it...maybe that's what causing the error message?
I really appreciate your help, DMR. Thanks again
Here is what currently is enabled with msconfig in the startup section:
qttask
realsched
AOLDial
AUTORUN
aim
ctfmon
The only one item that I don't recognize is the ctfmon. I keeps on getting enabled after I disable it...maybe that's what causing the error message?
I really appreciate your help, DMR. Thanks again
•
•
•
•
Originally Posted by WatermelonX
Here is what currently is enabled with msconfig in the startup section:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini
Click on the "Run..." option in your Start menu, type the following in the resulting "Open:" dialog box, and then hit Enter:
regedit
In the left-hand pane of the Registry Editor, navigate to the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini folder and click on it to display its contents in the right-hand pane.
In the right-hand pane, look for a "Shell" value (or any other value, for that matter) which refers to "Nail.exe". If you find such an entry, just write down exactly what's listed there, but DO NOT edit/change anything yet!
If you don't see a Nail.exe reference in the main "system.ini" key, also look in the "Boot" subkey.
•
•
•
•
Originally Posted by WatermelonX
The only one item that I don't recognize is the ctfmon. I keeps on getting enabled after I disable it...maybe that's what causing the error message?
http://support.microsoft.com/?kbid=282599
"May the Wombat of Happiness snuffle through your underbrush."
- Ancient Aborigine blessing
Please do not contact me by email or PM for help. We're all volunteers here, and only have so much free time to dedicate to our efforts.
However, if I've been working on a thread with you already, and seem to have "forgotten" your thread, please do send me a message. I try not to let things slip through the cracks, but it does happen sometimes.
- Ancient Aborigine blessing
Please do not contact me by email or PM for help. We're all volunteers here, and only have so much free time to dedicate to our efforts.
However, if I've been working on a thread with you already, and seem to have "forgotten" your thread, please do send me a message. I try not to let things slip through the cracks, but it does happen sometimes.
 |
Similar Threads
- DrPmon.dll & Aurora problems (Viruses, Spyware and other Nasties)
- Aurora/drpmon.dll - assistance needed (Viruses, Spyware and other Nasties)
Other Threads in the Viruses, Spyware and other Nasties Forum
- Previous Thread: What is jiorzm.exe?
- Next Thread: Aurora problems
| Thread Tools | Search this Thread |
You need to join our community in order to build your list of favorite forums. You can visit the forum index for a listing of all forums.
Related Forum Features
Latest Viruses, Spyware and other Nasties Posts
adware anti-malware anti-virussitesaccessissue antivirus apple attack audio avg backtoschoolspeech bar blackhat botnet botnets censorship china commercial commercials conficker connect control crosssitescripting cyber cybercrime cyberwarfare ddos domains e-mafia education email europe exam exploit facebook fake fancheckvirus gaming gumblar halloween hijack hosting internet iphone kaspersky legal logfiles mail malware mcafee mega-d messagelabs microsoft mobile msn nazi news obama onlinethreats panel parents patch phishing police policeprovirusmba-mblockedinternetaccess president privacy pro problem redirect redirecting reliability report research risk rogueantivirus sans scareware school search security seopoisoning software spam spyware spywareexternalwindows7adminstratortrojans sqlinjection symantec system teen trojan unabletoaccessanti-virussites unwanted update usa virus viruses vista warning windows worm yahoo
