Viruses, Spyware and other Nasties RSS Viruses, Spyware and other Nasties RSS

Viruses/Spyware on my PC :-(

Reply
1 2

Join Date: Jul 2005
Posts: 7
Reputation: hbadger30 is an unknown quantity at this point 
Solved Threads: 0
hbadger30 hbadger30 is offline Offline
Newbie Poster

Viruses/Spyware on my PC :-(

 
0
  #1
Jul 26th, 2005
Hi guys,

I've done some searching back through previous threads in order to help me remove the Transponder.pynix spyware (part of VX2 I believe) but to no avail - here is my hijack this log:

Logfile of HijackThis v1.99.1
Scan saved at 16:01:04, on 26/07/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Promise\Utility\MsgAgt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sophos SWEEP for NT\SWNETSUP.EXE
C:\Program Files\Sophos SWEEP for NT\SWEEPSRV.SYS
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Dell AIO Printer A940\dlbabmon.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\SYSTEM32\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Sophos SWEEP for NT\ICMON.EXE
C:\audio\MOTU\FireWire Audio\MFWAKeys.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Graham Archer\Desktop\Virus Protection\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://bt.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.co.uk
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://bt.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://bt.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.co.uk
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://bt.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.co.uk
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.co.uk
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://www.york.ac.uk/proxy.config
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = wwwcache.sns.york.ac.uk:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_17_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - (no file)
O2 - BHO: (no name) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file)
O3 - Toolbar: BT Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_17_0.dll
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Dell AIO Printer A940] "C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe"
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM32\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: InterCheck Monitor.LNK = C:\Program Files\Sophos SWEEP for NT\ICMON.EXE
O4 - Global Startup: MFWAKeys.lnk = C:\audio\MOTU\FireWire Audio\MFWAKeys.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: BT Yahoo! Sidebar - {51085E3D-A958-42A2-A6BE-A6A9B0BAF276} - C:\Program Files\Yahoo!\browser\ysidebarIE.dll
O9 - Extra 'Tools' menuitem: BT &Yahoo! Sidebar - {51085E3D-A958-42A2-A6BE-A6A9B0BAF276} - C:\Program Files\Yahoo!\browser\ysidebarIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: BT - {94879043-16A1-425D-90CC-EB5D3F8F73C6} - http://www.bt.com (file missing) (HKCU)
O9 - Extra button: Homepage - {97367153-69C3-4610-835E-ACF3A3CEB6EC} - http://bt.yahoo.com (file missing) (HKCU)
O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?link...38&clcid=0x409
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.m7z.net/content.info...TunesSetup.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1093180511655
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} (DmiReader Class) - http://support.euro.dell.com/global/...r/PROFILER.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary...o.cab32846.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Promise RAID message agent (RAIDmAgt) - Unknown owner - C:\Program Files\Promise\Utility\MsgAgt.exe
O23 - Service: Sophos Anti-Virus Network (SweepNet) - Sophos Plc - C:\Program Files\Sophos SWEEP for NT\SWNETSUP.EXE
O23 - Service: Sophos Anti-Virus (SWEEPSRV.SYS) - Sophos Plc - C:\Program Files\Sophos SWEEP for NT\SWEEPSRV.SYS
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE



And also my panda log:


Incident Status Location

Adware:Adware/IPInsight No disinfected C:\Documents and Settings\Graham Archer\Local Settings\Temp\alchem.cab
Adware:Adware/IPInsight No disinfected C:\Documents and Settings\Graham Archer\Local Settings\Temp\alchem.cab[alchem.inf]
Adware:Adware/IPInsight No disinfected C:\Documents and Settings\Graham Archer\Local Settings\Temp\alchem.cab[alchem.exe]
Adware:Adware/IPInsight No disinfected C:\Documents and Settings\Graham Archer\Local Settings\Temp\alchem.cab[alchem.ini]
Adware:Adware/IPInsight No disinfected C:\Documents and Settings\Graham Archer\Local Settings\Temp\alchem.inf
Adware:Adware/IPInsight No disinfected C:\Documents and Settings\Graham Archer\Local Settings\Temp\alchem.ini
Virus:Trj/Downloader.GK Disinfected C:\Documents and Settings\Graham Archer\Local Settings\Temp\polmx.cab
Spywarepyware/BetterInet No disinfected C:\Documents and Settings\Graham Archer\Local Settings\Temp\satmat.inf
Adware:Adware/IPInsight No disinfected C:\Documents and Settings\Graham Archer\Local Settings\Temp\satmat.ini
Adware:Adware/MultiMPP No disinfected C:\Documents and Settings\Graham Archer\Local Settings\Temp\THI104A.tmp\dlmax.cab[dlmax.dll]
Adware:Adware/MultiMPP No disinfected C:\Documents and Settings\Graham Archer\Local Settings\Temp\THI13AE.tmp\dlmax.cab[dlmax.dll]
Adware:Adware/MultiMPP No disinfected C:\Documents and Settings\Graham Archer\Local Settings\Temp\THI1448.tmp\dlmax.cab[dlmax.dll]
Adware:Adware/MultiMPP No disinfected C:\Documents and Settings\Graham Archer\Local Settings\Temp\THI1A74.tmp\dlmax.cab[dlmax.dll]
Adware:Adware/MultiMPP No disinfected C:\Documents and Settings\Graham Archer\Local Settings\Temp\THI248E.tmp\dlmax.cab[dlmax.dll]
Adware:Adware/MultiMPP No disinfected C:\Documents and Settings\Graham Archer\Local Settings\Temp\THI2539.tmp\dlmax.cab[dlmax.dll]
Adware:Adware/MultiMPP No disinfected C:\Documents and Settings\Graham Archer\Local Settings\Temp\THI256A.tmp\dlmax.cab[dlmax.dll]
Adware:Adware/Transponder No disinfected C:\Documents and Settings\Graham Archer\Local Settings\Temp\THI2791.tmp\Pynix.inf
Adware:Adware/MultiMPP No disinfected C:\Documents and Settings\Graham Archer\Local Settings\Temp\THI332A.tmp\zserv.cab
Spywarepyware/BetterInet No disinfected C:\Documents and Settings\Graham Archer\Local Settings\Temp\THI332A.tmp\zserv.cab[zserv.inf]
Adware:Adware/MultiMPP No disinfected C:\Documents and Settings\Graham Archer\Local Settings\Temp\THI332A.tmp\zserv.cab[ZServ.dll]
Spywarepyware/BetterInet No disinfected C:\Documents and Settings\Graham Archer\Local Settings\Temp\THI332A.tmp\zserv.inf
Adware:Adware/MultiMPP No disinfected C:\Documents and Settings\Graham Archer\Local Settings\Temp\THI34B4.tmp\dlmax.cab[dlmax.dll]
Adware:Adware/MultiMPP No disinfected C:\Documents and Settings\Graham Archer\Local Settings\Temp\THI3F86.tmp\dlmax.cab[dlmax.dll]
Adware:Adware/MultiMPP No disinfected C:\Documents and Settings\Graham Archer\Local Settings\Temp\THI4176.tmp\zserv.cab
Spywarepyware/BetterInet No disinfected C:\Documents and Settings\Graham Archer\Local Settings\Temp\THI4176.tmp\zserv.cab[zserv.inf]
Adware:Adware/MultiMPP No disinfected C:\Documents and Settings\Graham Archer\Local Settings\Temp\THI4176.tmp\zserv.cab[ZServ.dll]
Spywarepyware/BetterInet No disinfected C:\Documents and Settings\Graham Archer\Local Settings\Temp\THI4176.tmp\zserv.inf
Adware:Adware/MultiMPP No disinfected C:\Documents and Settings\Graham Archer\Local Settings\Temp\THI421D.tmp\dlmax.cab[dlmax.dll]
Adware:Adware/MultiMPP No disinfected C:\Documents and Settings\Graham Archer\Local Settings\Temp\THI4582.tmp\dlmax.cab[dlmax.dll]
Adware:Adware/MultiMPP No disinfected C:\Documents and Settings\Graham Archer\Local Settings\Temp\THI493B.tmp\zserv.cab
Spywarepyware/BetterInet No disinfected C:\Documents and Settings\Graham Archer\Local Settings\Temp\THI493B.tmp\zserv.cab[zserv.inf]
Adware:Adware/MultiMPP No disinfected C:\Documents and Settings\Graham Archer\Local Settings\Temp\THI493B.tmp\zserv.cab[ZServ.dll]
Spywarepyware/BetterInet No disinfected C:\Documents and Settings\Graham Archer\Local Settings\Temp\THI493B.tmp\zserv.inf
Adware:Adware/MultiMPP No disinfected C:\Documents and Settings\Graham Archer\Local Settings\Temp\THI49B1.tmp\dlmax.cab[dlmax.dll]
Adware:Adware/MultiMPP No disinfected C:\Documents and Settings\Graham Archer\Local Settings\Temp\THI4EDF.tmp\dlmax.cab[dlmax.dll]
Adware:Adware/MultiMPP No disinfected C:\Documents and Settings\Graham Archer\Local Settings\Temp\THI5243.tmp\dlmax.cab[dlmax.dll]
Adware:Adware/MultiMPP No disinfected C:\Documents and Settings\Graham Archer\Local Settings\Temp\THI550E.tmp\dlmax.cab[dlmax.dll]
Adware:Adware/BTGrab No disinfected C:\Documents and Settings\Graham Archer\Local Settings\Temp\THI5686.tmp\btgrab.cab[BTGrab.dll]
Adware:Adware/Twain-Tech No disinfected C:\Documents and Settings\Graham Archer\Local Settings\Temp\THI5686.tmp\btgrab.cab[polall1b.exe]
Adware:Adware/MultiMPP No disinfected C:\Documents and Settings\Graham Archer\Local Settings\Temp\THI59DF.tmp\dlmax.cab[dlmax.dll]
Adware:Adware/MultiMPP No disinfected C:\Documents and Settings\Graham Archer\Local Settings\Temp\THI5B88.tmp\dlmax.cab[dlmax.dll]
Adware:Adware/MultiMPP No disinfected C:\Documents and Settings\Graham Archer\Local Settings\Temp\THI5E3.tmp\dlmax.cab[dlmax.dll]
Adware:Adware/MultiMPP No disinfected C:\Documents and Settings\Graham Archer\Local Settings\Temp\THI614.tmp\zserv.cab
Spywarepyware/BetterInet No disinfected C:\Documents and Settings\Graham Archer\Local Settings\Temp\THI614.tmp\zserv.cab[zserv.inf]
Adware:Adware/MultiMPP No disinfected C:\Documents and Settings\Graham Archer\Local Settings\Temp\THI614.tmp\zserv.cab[ZServ.dll]
Spywarepyware/BetterInet No disinfected C:\Documents and Settings\Graham Archer\Local Settings\Temp\THI614.tmp\zserv.inf
Adware:Adware/MultiMPP No disinfected C:\Documents and Settings\Graham Archer\Local Settings\Temp\THI62A1.tmp\zserv.cab
Spywarepyware/BetterInet No disinfected C:\Documents and Settings\Graham Archer\Local Settings\Temp\THI62A1.tmp\zserv.cab[zserv.inf]
Adware:Adware/MultiMPP No disinfected C:\Documents and Settings\Graham Archer\Local Settings\Temp\THI62A1.tmp\zserv.cab[ZServ.dll]
Spywarepyware/BetterInet No disinfected C:\Documents and Settings\Graham Archer\Local Settings\Temp\THI62A1.tmp\zserv.inf
Adware:Adware/MultiMPP No disinfected C:\Documents and Settings\Graham Archer\Local Settings\Temp\THI69B8.tmp\zserv.cab
Spywarepyware/BetterInet No disinfected C:\Documents and Settings\Graham Archer\Local Settings\Temp\THI69B8.tmp\zserv.cab[zserv.inf]
Adware:Adware/MultiMPP No disinfected C:\Documents and Settings\Graham Archer\Local Settings\Temp\THI69B8.tmp\zserv.cab[ZServ.dll]
Spywarepyware/BetterInet No disinfected C:\Documents and Settings\Graham Archer\Local Settings\Temp\THI69B8.tmp\zserv.inf
Adware:Adware/MultiMPP No disinfected C:\Documents and Settings\Graham Archer\Local Settings\Temp\THI702A.tmp\dlmax.cab[dlmax.dll]
Adware:Adware/MultiMPP No disinfected C:\Documents and Settings\Graham Archer\Local Settings\Temp\THI840.tmp\zserv.cab
Spywarepyware/BetterInet No disinfected C:\Documents and Settings\Graham Archer\Local Settings\Temp\THI840.tmp\zserv.cab[zserv.inf]
Adware:Adware/MultiMPP No disinfected C:\Documents and Settings\Graham Archer\Local Settings\Temp\THI840.tmp\zserv.cab[ZServ.dll]
Spywarepyware/BetterInet No disinfected C:\Documents and Settings\Graham Archer\Local Settings\Temp\THI840.tmp\zserv.inf
Adware:Adware/MultiMPP No disinfected C:\Documents and Settings\Graham Archer\Local Settings\Temp\THI94F.tmp\dlmax.cab[dlmax.dll]
Adware:Adware/MultiMPP No disinfected C:\Documents and Settings\Graham Archer\Local Settings\Temp\THIC3E.tmp\zserv.cab
Spywarepyware/BetterInet No disinfected C:\Documents and Settings\Graham Archer\Local Settings\Temp\THIC3E.tmp\zserv.cab[zserv.inf]
Adware:Adware/MultiMPP No disinfected C:\Documents and Settings\Graham Archer\Local Settings\Temp\THIC3E.tmp\zserv.cab[ZServ.dll]
Spywarepyware/BetterInet No disinfected C:\Documents and Settings\Graham Archer\Local Settings\Temp\THIC3E.tmp\zserv.inf
Adware:Adware/TopRebates No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\2C7C7F55-F7BA-4FBD-9671-CC0580\2D780BEE-0EAC-4F3A-923C-D0B3CE
Spywarepyware/BetterInet No disinfected C:\WINDOWS\INF\banner.inf
Spywarepyware/BetterInet No disinfected C:\WINDOWS\INF\satmat.inf
Adware:Adware/IPInsight No disinfected C:\WINDOWS\satmat.ini


By the looks of this I probably have more than just the pynix spyware but any help would be much appreciated.

Thanks in advance.

Graham
Reply With Quote Quick reply to this message  
Join Date: Dec 2003
Posts: 6,439
Reputation: DMR will become famous soon enough DMR will become famous soon enough 
Solved Threads: 363
Team Colleague
DMR's Avatar
DMR DMR is offline Offline
Wombat At Large

Re: Viruses/Spyware on my PC :-(

 
0
  #2
Jul 26th, 2005
1. Symantec has a recently-updated descripition of the Pynix VX2 infection and a download link to their stand-alone removal utility here. Try the utility and let us know the results.


2. Download Ewido and install it, and then open the program. If you initially receive a warning message saying "Database not found" when you first run the program, just click "OK" for this. Next- in the main screen, click "Update" and click "Start Update". After the update process, exit from Ewido; do not actually have it scan your system yet.


3. Reboot into safe mode (you get to the safe mode boot option by hitting the F8 key as your computer is starting up)

- Open Windows Explorer, and in the Folder Options->View settings under the Tools menu, select "show hidden files and folders", and uncheck "Hide protected operating system files" and "Hide extentions for known file types".

- Locate and delete the following files:

C:\WINDOWS\INF\banner.inf
C:\WINDOWS\INF\satmat.inf
C:\WINDOWS\satmat.ini

- For every user account listed under C:\Documents and Settings, delete the entire contents of the following folders (but not the folders themselves):

(Important: One of the normal steps in eliminating malicious programs is to entirely delete the contents of all Temp folders. Given that, if any data that you care about is living in those Temp folders, you need to move it to a safe location now, or it will be erased along with everything else!)

1. Cookies
2. Local Settings\Temp
3. Local Settings\History
4. Local Settings\Temporary Internet Files

- Delete the entire content of your C:\Windows\Temp folder.

- Delete the entire content of your C:\Windows\Prefetch folder.

Note- If you get any messages concerning the deletion of system files such as desktop.ini or index.dat, just choose to delete those files; they'll be automatically regenerated by Windows if needed. Windows will allow you to delete the versions of those files which exist in sub-folders within the main Temp/Temorary folders, but might not let you delete the versions of those files that exist in the main Temp folders themselves; this is normal and OK.

- Empty your Recycle Bin.


4. While still in Safe Mode, open Ewido and run a full system scan. Once ewido finishes scanning/fixing, save the scan report log it generates.


5. Reboot normally, run HijackThis again, and post the new log. Also post the log that ewido generated.
"May the Wombat of Happiness snuffle through your underbrush."
- Ancient Aborigine blessing

Please do not contact me by email or PM for help. We're all volunteers here, and only have so much free time to dedicate to our efforts.

However, if I've been working on a thread with you already, and seem to have "forgotten" your thread, please do send me a message. I try not to let things slip through the cracks, but it does happen sometimes.
Reply With Quote Quick reply to this message  
Join Date: Jul 2005
Posts: 7
Reputation: hbadger30 is an unknown quantity at this point 
Solved Threads: 0
hbadger30 hbadger30 is offline Offline
Newbie Poster

Re: Viruses/Spyware on my PC :-(

 
0
  #3
Jul 26th, 2005
Hi,

Thanks for the quick response! I did all the above but pynix is still there. Here is my new hijackthis log:

Logfile of HijackThis v1.99.1
Scan saved at 23:51:58, on 26/07/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Promise\Utility\MsgAgt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sophos SWEEP for NT\SWNETSUP.EXE
C:\Program Files\Sophos SWEEP for NT\SWEEPSRV.SYS
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe
C:\Program Files\Dell AIO Printer A940\dlbabmon.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\WINDOWS\SYSTEM32\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Sophos SWEEP for NT\ICMON.EXE
C:\Program Files\Microsoft AntiSpyware\gcasServAlert.exe
C:\audio\MOTU\FireWire Audio\MFWAKeys.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Documents and Settings\Graham Archer\Desktop\Virus Protection\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://bt.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.co.uk
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://bt.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://bt.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.co.uk
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://bt.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.co.uk
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.co.uk
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://www.york.ac.uk/proxy.config
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = wwwcache.sns.york.ac.uk:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_17_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - (no file)
O2 - BHO: (no name) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file)
O3 - Toolbar: BT Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_17_0.dll
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Dell AIO Printer A940] "C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe"
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM32\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: InterCheck Monitor.LNK = C:\Program Files\Sophos SWEEP for NT\ICMON.EXE
O4 - Global Startup: MFWAKeys.lnk = C:\audio\MOTU\FireWire Audio\MFWAKeys.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: BT Yahoo! Sidebar - {51085E3D-A958-42A2-A6BE-A6A9B0BAF276} - C:\Program Files\Yahoo!\browser\ysidebarIE.dll
O9 - Extra 'Tools' menuitem: BT &Yahoo! Sidebar - {51085E3D-A958-42A2-A6BE-A6A9B0BAF276} - C:\Program Files\Yahoo!\browser\ysidebarIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: BT - {94879043-16A1-425D-90CC-EB5D3F8F73C6} - http://www.bt.com (file missing) (HKCU)
O9 - Extra button: Homepage - {97367153-69C3-4610-835E-ACF3A3CEB6EC} - http://bt.yahoo.com (file missing) (HKCU)
O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?link...38&clcid=0x409
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.m7z.net/content.info...TunesSetup.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1093180511655
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} (DmiReader Class) - http://support.euro.dell.com/global/...r/PROFILER.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary...o.cab32846.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Promise RAID message agent (RAIDmAgt) - Unknown owner - C:\Program Files\Promise\Utility\MsgAgt.exe
O23 - Service: Sophos Anti-Virus Network (SweepNet) - Sophos Plc - C:\Program Files\Sophos SWEEP for NT\SWNETSUP.EXE
O23 - Service: Sophos Anti-Virus (SWEEPSRV.SYS) - Sophos Plc - C:\Program Files\Sophos SWEEP for NT\SWEEPSRV.SYS
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE


And here is the Ewido log:

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 23:48:05, 26/07/2005
+ Report-Checksum: D3BF617A

+ Scan result:

HKLM\SOFTWARE\Classes\Interface\{5326B223-DC21-43A4-9B79-635E2D18DCB2} -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins -> Spyware.WebRebates : Cleaned with backup
:mozilla.20:C:\Documents and Settings\Graham Archer\Application Data\Mozilla\Firefox\Profiles\vqgkptm5.default\cookies.txt -> Spyware.Cookie.Ivwbox : Cleaned with backup
:mozilla.119:C:\Documents and Settings\Graham Archer\Application Data\Mozilla\Firefox\Profiles\vqgkptm5.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.120:C:\Documents and Settings\Graham Archer\Application Data\Mozilla\Firefox\Profiles\vqgkptm5.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.121:C:\Documents and Settings\Graham Archer\Application Data\Mozilla\Firefox\Profiles\vqgkptm5.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.122:C:\Documents and Settings\Graham Archer\Application Data\Mozilla\Firefox\Profiles\vqgkptm5.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.123:C:\Documents and Settings\Graham Archer\Application Data\Mozilla\Firefox\Profiles\vqgkptm5.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.124:C:\Documents and Settings\Graham Archer\Application Data\Mozilla\Firefox\Profiles\vqgkptm5.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.125:C:\Documents and Settings\Graham Archer\Application Data\Mozilla\Firefox\Profiles\vqgkptm5.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.126:C:\Documents and Settings\Graham Archer\Application Data\Mozilla\Firefox\Profiles\vqgkptm5.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.127:C:\Documents and Settings\Graham Archer\Application Data\Mozilla\Firefox\Profiles\vqgkptm5.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.128:C:\Documents and Settings\Graham Archer\Application Data\Mozilla\Firefox\Profiles\vqgkptm5.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.129:C:\Documents and Settings\Graham Archer\Application Data\Mozilla\Firefox\Profiles\vqgkptm5.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.130:C:\Documents and Settings\Graham Archer\Application Data\Mozilla\Firefox\Profiles\vqgkptm5.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.131:C:\Documents and Settings\Graham Archer\Application Data\Mozilla\Firefox\Profiles\vqgkptm5.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.132:C:\Documents and Settings\Graham Archer\Application Data\Mozilla\Firefox\Profiles\vqgkptm5.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.133:C:\Documents and Settings\Graham Archer\Application Data\Mozilla\Firefox\Profiles\vqgkptm5.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.134:C:\Documents and Settings\Graham Archer\Application Data\Mozilla\Firefox\Profiles\vqgkptm5.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.135:C:\Documents and Settings\Graham Archer\Application Data\Mozilla\Firefox\Profiles\vqgkptm5.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.136:C:\Documents and Settings\Graham Archer\Application Data\Mozilla\Firefox\Profiles\vqgkptm5.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.137:C:\Documents and Settings\Graham Archer\Application Data\Mozilla\Firefox\Profiles\vqgkptm5.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.138:C:\Documents and Settings\Graham Archer\Application Data\Mozilla\Firefox\Profiles\vqgkptm5.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.139:C:\Documents and Settings\Graham Archer\Application Data\Mozilla\Firefox\Profiles\vqgkptm5.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.140:C:\Documents and Settings\Graham Archer\Application Data\Mozilla\Firefox\Profiles\vqgkptm5.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.141:C:\Documents and Settings\Graham Archer\Application Data\Mozilla\Firefox\Profiles\vqgkptm5.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.142:C:\Documents and Settings\Graham Archer\Application Data\Mozilla\Firefox\Profiles\vqgkptm5.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.143:C:\Documents and Settings\Graham Archer\Application Data\Mozilla\Firefox\Profiles\vqgkptm5.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.144:C:\Documents and Settings\Graham Archer\Application Data\Mozilla\Firefox\Profiles\vqgkptm5.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.145:C:\Documents and Settings\Graham Archer\Application Data\Mozilla\Firefox\Profiles\vqgkptm5.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.146:C:\Documents and Settings\Graham Archer\Application Data\Mozilla\Firefox\Profiles\vqgkptm5.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.147:C:\Documents and Settings\Graham Archer\Application Data\Mozilla\Firefox\Profiles\vqgkptm5.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.148:C:\Documents and Settings\Graham Archer\Application Data\Mozilla\Firefox\Profiles\vqgkptm5.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.149:C:\Documents and Settings\Graham Archer\Application Data\Mozilla\Firefox\Profiles\vqgkptm5.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.150:C:\Documents and Settings\Graham Archer\Application Data\Mozilla\Firefox\Profiles\vqgkptm5.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.151:C:\Documents and Settings\Graham Archer\Application Data\Mozilla\Firefox\Profiles\vqgkptm5.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.152:C:\Documents and Settings\Graham Archer\Application Data\Mozilla\Firefox\Profiles\vqgkptm5.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.153:C:\Documents and Settings\Graham Archer\Application Data\Mozilla\Firefox\Profiles\vqgkptm5.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.154:C:\Documents and Settings\Graham Archer\Application Data\Mozilla\Firefox\Profiles\vqgkptm5.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.155:C:\Documents and Settings\Graham Archer\Application Data\Mozilla\Firefox\Profiles\vqgkptm5.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.156:C:\Documents and Settings\Graham Archer\Application Data\Mozilla\Firefox\Profiles\vqgkptm5.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.157:C:\Documents and Settings\Graham Archer\Application Data\Mozilla\Firefox\Profiles\vqgkptm5.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.158:C:\Documents and Settings\Graham Archer\Application Data\Mozilla\Firefox\Profiles\vqgkptm5.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.159:C:\Documents and Settings\Graham Archer\Application Data\Mozilla\Firefox\Profiles\vqgkptm5.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.160:C:\Documents and Settings\Graham Archer\Application Data\Mozilla\Firefox\Profiles\vqgkptm5.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.161:C:\Documents and Settings\Graham Archer\Application Data\Mozilla\Firefox\Profiles\vqgkptm5.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.162:C:\Documents and Settings\Graham Archer\Application Data\Mozilla\Firefox\Profiles\vqgkptm5.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.163:C:\Documents and Settings\Graham Archer\Application Data\Mozilla\Firefox\Profiles\vqgkptm5.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.164:C:\Documents and Settings\Graham Archer\Application Data\Mozilla\Firefox\Profiles\vqgkptm5.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.165:C:\Documents and Settings\Graham Archer\Application Data\Mozilla\Firefox\Profiles\vqgkptm5.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.166:C:\Documents and Settings\Graham Archer\Application Data\Mozilla\Firefox\Profiles\vqgkptm5.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.171:C:\Documents and Settings\Graham Archer\Application Data\Mozilla\Firefox\Profiles\vqgkptm5.default\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.172:C:\Documents and Settings\Graham Archer\Application Data\Mozilla\Firefox\Profiles\vqgkptm5.default\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.180:C:\Documents and Settings\Graham Archer\Application Data\Mozilla\Firefox\Profiles\vqgkptm5.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.181:C:\Documents and Settings\Graham Archer\Application Data\Mozilla\Firefox\Profiles\vqgkptm5.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.182:C:\Documents and Settings\Graham Archer\Application Data\Mozilla\Firefox\Profiles\vqgkptm5.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.183:C:\Documents and Settings\Graham Archer\Application Data\Mozilla\Firefox\Profiles\vqgkptm5.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.184:C:\Documents and Settings\Graham Archer\Application Data\Mozilla\Firefox\Profiles\vqgkptm5.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.185:C:\Documents and Settings\Graham Archer\Application Data\Mozilla\Firefox\Profiles\vqgkptm5.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.186:C:\Documents and Settings\Graham Archer\Application Data\Mozilla\Firefox\Profiles\vqgkptm5.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.187:C:\Documents and Settings\Graham Archer\Application Data\Mozilla\Firefox\Profiles\vqgkptm5.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.188:C:\Documents and Settings\Graham Archer\Application Data\Mozilla\Firefox\Profiles\vqgkptm5.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.191:C:\Documents and Settings\Graham Archer\Application Data\Mozilla\Firefox\Profiles\vqgkptm5.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.194:C:\Documents and Settings\Graham Archer\Application Data\Mozilla\Firefox\Profiles\vqgkptm5.default\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
:mozilla.197:C:\Documents and Settings\Graham Archer\Application Data\Mozilla\Firefox\Profiles\vqgkptm5.default\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.199:C:\Documents and Settings\Graham Archer\Application Data\Mozilla\Firefox\Profiles\vqgkptm5.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
:mozilla.200:C:\Documents and Settings\Graham Archer\Application Data\Mozilla\Firefox\Profiles\vqgkptm5.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
:mozilla.212:C:\Documents and Settings\Graham Archer\Application Data\Mozilla\Firefox\Profiles\vqgkptm5.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.213:C:\Documents and Settings\Graham Archer\Application Data\Mozilla\Firefox\Profiles\vqgkptm5.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.214:C:\Documents and Settings\Graham Archer\Application Data\Mozilla\Firefox\Profiles\vqgkptm5.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.215:C:\Documents and Settings\Graham Archer\Application Data\Mozilla\Firefox\Profiles\vqgkptm5.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.217:C:\Documents and Settings\Graham Archer\Application Data\Mozilla\Firefox\Profiles\vqgkptm5.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.218:C:\Documents and Settings\Graham Archer\Application Data\Mozilla\Firefox\Profiles\vqgkptm5.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.219:C:\Documents and Settings\Graham Archer\Application Data\Mozilla\Firefox\Profiles\vqgkptm5.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.220:C:\Documents and Settings\Graham Archer\Application Data\Mozilla\Firefox\Profiles\vqgkptm5.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.221:C:\Documents and Settings\Graham Archer\Application Data\Mozilla\Firefox\Profiles\vqgkptm5.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.222:C:\Documents and Settings\Graham Archer\Application Data\Mozilla\Firefox\Profiles\vqgkptm5.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.223:C:\Documents and Settings\Graham Archer\Application Data\Mozilla\Firefox\Profiles\vqgkptm5.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.224:C:\Documents and Settings\Graham Archer\Application Data\Mozilla\Firefox\Profiles\vqgkptm5.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.225:C:\Documents and Settings\Graham Archer\Application Data\Mozilla\Firefox\Profiles\vqgkptm5.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.226:C:\Documents and Settings\Graham Archer\Application Data\Mozilla\Firefox\Profiles\vqgkptm5.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.227:C:\Documents and Settings\Graham Archer\Application Data\Mozilla\Firefox\Profiles\vqgkptm5.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.228:C:\Documents and Settings\Graham Archer\Application Data\Mozilla\Firefox\Profiles\vqgkptm5.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.229:C:\Documents and Settings\Graham Archer\Application Data\Mozilla\Firefox\Profiles\vqgkptm5.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.230:C:\Documents and Settings\Graham Archer\Application Data\Mozilla\Firefox\Profiles\vqgkptm5.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.231:C:\Documents and Settings\Graham Archer\Application Data\Mozilla\Firefox\Profiles\vqgkptm5.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.232:C:\Documents and Settings\Graham Archer\Application Data\Mozilla\Firefox\Profiles\vqgkptm5.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.233:C:\Documents and Settings\Graham Archer\Application Data\Mozilla\Firefox\Profiles\vqgkptm5.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.234:C:\Documents and Settings\Graham Archer\Application Data\Mozilla\Firefox\Profiles\vqgkptm5.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.235:C:\Documents and Settings\Graham Archer\Application Data\Mozilla\Firefox\Profiles\vqgkptm5.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.236:C:\Documents and Settings\Graham Archer\Application Data\Mozilla\Firefox\Profiles\vqgkptm5.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.237:C:\Documents and Settings\Graham Archer\Application Data\Mozilla\Firefox\Profiles\vqgkptm5.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.238:C:\Documents and Settings\Graham Archer\Application Data\Mozilla\Firefox\Profiles\vqgkptm5.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.239:C:\Documents and Settings\Graham Archer\Application Data\Mozilla\Firefox\Profiles\vqgkptm5.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.240:C:\Documents and Settings\Graham Archer\Application Data\Mozilla\Firefox\Profiles\vqgkptm5.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.241:C:\Documents and Settings\Graham Archer\Application Data\Mozilla\Firefox\Profiles\vqgkptm5.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.242:C:\Documents and Settings\Graham Archer\Application Data\Mozilla\Firefox\Profiles\vqgkptm5.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.243:C:\Documents and Settings\Graham Archer\Application Data\Mozilla\Firefox\Profiles\vqgkptm5.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.244:C:\Documents and Settings\Graham Archer\Application Data\Mozilla\Firefox\Profiles\vqgkptm5.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.245:C:\Documents and Settings\Graham Archer\Application Data\Mozilla\Firefox\Profiles\vqgkptm5.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.246:C:\Documents and Settings\Graham Archer\Application Data\Mozilla\Firefox\Profiles\vqgkptm5.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.247:C:\Documents and Settings\Graham Archer\Application Data\Mozilla\Firefox\Profiles\vqgkptm5.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.266:C:\Documents and Settings\Graham Archer\Application Data\Mozilla\Firefox\Profiles\vqgkptm5.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.267:C:\Documents and Settings\Graham Archer\Application Data\Mozilla\Firefox\Profiles\vqgkptm5.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.268:C:\Documents and Settings\Graham Archer\Application Data\Mozilla\Firefox\Profiles\vqgkptm5.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.269:C:\Documents and Settings\Graham Archer\Application Data\Mozilla\Firefox\Profiles\vqgkptm5.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.270:C:\Documents and Settings\Graham Archer\Application Data\Mozilla\Firefox\Profiles\vqgkptm5.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.271:C:\Documents and Settings\Graham Archer\Application Data\Mozilla\Firefox\Profiles\vqgkptm5.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.272:C:\Documents and Settings\Graham Archer\Application Data\Mozilla\Firefox\Profiles\vqgkptm5.default\cookies.txt -> Spyware.Cookie.Qksrv : Cleaned with backup
:mozilla.273:C:\Documents and Settings\Graham Archer\Application Data\Mozilla\Firefox\Profiles\vqgkptm5.default\cookies.txt -> Spyware.Cookie.Qksrv : Cleaned with backup
:mozilla.278:C:\Documents and Settings\Graham Archer\Application Data\Mozilla\Firefox\Profiles\vqgkptm5.default\cookies.txt -> Spyware.Cookie.Adtech : Cleaned with backup
:mozilla.279:C:\Documents and Settings\Graham Archer\Application Data\Mozilla\Firefox\Profiles\vqgkptm5.default\cookies.txt -> Spyware.Cookie.Adtech : Cleaned with backup
:mozilla.280:C:\Documents and Settings\Graham Archer\Application Data\Mozilla\Firefox\Profiles\vqgkptm5.default\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.281:C:\Documents and Settings\Graham Archer\Application Data\Mozilla\Firefox\Profiles\vqgkptm5.default\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.292:C:\Documents and Settings\Graham Archer\Application Data\Mozilla\Firefox\Profiles\vqgkptm5.default\cookies.txt -> Spyware.Cookie.Adviva : Cleaned with backup
:mozilla.293:C:\Documents and Settings\Graham Archer\Application Data\Mozilla\Firefox\Profiles\vqgkptm5.default\cookies.txt -> Spyware.Cookie.Adviva : Cleaned with backup
:mozilla.294:C:\Documents and Settings\Graham Archer\Application Data\Mozilla\Firefox\Profiles\vqgkptm5.default\cookies.txt -> Spyware.Cookie.Adviva : Cleaned with backup
:mozilla.295:C:\Documents and Settings\Graham Archer\Application Data\Mozilla\Firefox\Profiles\vqgkptm5.default\cookies.txt -> Spyware.Cookie.Adviva : Cleaned with backup
:mozilla.351:C:\Documents and Settings\Graham Archer\Application Data\Mozilla\Firefox\Profiles\vqgkptm5.default\cookies.txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
:mozilla.352:C:\Documents and Settings\Graham Archer\Application Data\Mozilla\Firefox\Profiles\vqgkptm5.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.356:C:\Documents and Settings\Graham Archer\Application Data\Mozilla\Firefox\Profiles\vqgkptm5.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.357:C:\Documents and Settings\Graham Archer\Application Data\Mozilla\Firefox\Profiles\vqgkptm5.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.358:C:\Documents and Settings\Graham Archer\Application Data\Mozilla\Firefox\Profiles\vqgkptm5.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.387:C:\Documents and Settings\Graham Archer\Application Data\Mozilla\Firefox\Profiles\vqgkptm5.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.388:C:\Documents and Settings\Graham Archer\Application Data\Mozilla\Firefox\Profiles\vqgkptm5.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.389:C:\Documents and Settings\Graham Archer\Application Data\Mozilla\Firefox\Profiles\vqgkptm5.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.391:C:\Documents and Settings\Graham Archer\Application Data\Mozilla\Firefox\Profiles\vqgkptm5.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.392:C:\Documents and Settings\Graham Archer\Application Data\Mozilla\Firefox\Profiles\vqgkptm5.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.409:C:\Documents and Settings\Graham Archer\Application Data\Mozilla\Firefox\Profiles\vqgkptm5.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.411:C:\Documents and Settings\Graham Archer\Application Data\Mozilla\Firefox\Profiles\vqgkptm5.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.412:C:\Documents and Settings\Graham Archer\Application Data\Mozilla\Firefox\Profiles\vqgkptm5.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.414:C:\Documents and Settings\Graham Archer\Application Data\Mozilla\Firefox\Profiles\vqgkptm5.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.421:C:\Documents and Settings\Graham Archer\Application Data\Mozilla\Firefox\Profiles\vqgkptm5.default\cookies.txt -> Spyware.Cookie.247realmedia : Cleaned with backup
:mozilla.422:C:\Documents and Settings\Graham Archer\Application Data\Mozilla\Firefox\Profiles\vqgkptm5.default\cookies.txt -> Spyware.Cookie.Coremetrics : Cleaned with backup
:mozilla.423:C:\Documents and Settings\Graham Archer\Application Data\Mozilla\Firefox\Profiles\vqgkptm5.default\cookies.txt -> Spyware.Cookie.247realmedia : Cleaned with backup
:mozilla.427:C:\Documents and Settings\Graham Archer\Application Data\Mozilla\Firefox\Profiles\vqgkptm5.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.458:C:\Documents and Settings\Graham Archer\Application Data\Mozilla\Firefox\Profiles\vqgkptm5.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.459:C:\Documents and Settings\Graham Archer\Application Data\Mozilla\Firefox\Profiles\vqgkptm5.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.471:C:\Documents and Settings\Graham Archer\Application Data\Mozilla\Firefox\Profiles\vqgkptm5.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.472:C:\Documents and Settings\Graham Archer\Application Data\Mozilla\Firefox\Profiles\vqgkptm5.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.473:C:\Documents and Settings\Graham Archer\Application Data\Mozilla\Firefox\Profiles\vqgkptm5.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.485:C:\Documents and Settings\Graham Archer\Application Data\Mozilla\Firefox\Profiles\vqgkptm5.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.596:C:\Documents and Settings\Graham Archer\Application Data\Mozilla\Firefox\Profiles\vqgkptm5.default\cookies.txt -> Spyware.Cookie.Bfast : Cleaned with backup
:mozilla.597:C:\Documents and Settings\Graham Archer\Application Data\Mozilla\Firefox\Profiles\vqgkptm5.default\cookies.txt -> Spyware.Cookie.Xxxtoolbar : Cleaned with backup
:mozilla.624:C:\Documents and Settings\Graham Archer\Application Data\Mozilla\Firefox\Profiles\vqgkptm5.default\cookies.txt -> Spyware.Cookie.Enigmasoftwaregroup : Cleaned with backup
:mozilla.625:C:\Documents and Settings\Graham Archer\Application Data\Mozilla\Firefox\Profiles\vqgkptm5.default\cookies.txt -> Spyware.Cookie.Enigmasoftwaregroup : Cleaned with backup
:mozilla.626:C:\Documents and Settings\Graham Archer\Application Data\Mozilla\Firefox\Profiles\vqgkptm5.default\cookies.txt -> Spyware.Cookie.Enigmasoftwaregroup : Cleaned with backup
:mozilla.638:C:\Documents and Settings\Graham Archer\Application Data\Mozilla\Firefox\Profiles\vqgkptm5.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.640:C:\Documents and Settings\Graham Archer\Application Data\Mozilla\Firefox\Profiles\vqgkptm5.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.665:C:\Documents and Settings\Graham Archer\Application Data\Mozilla\Firefox\Profiles\vqgkptm5.default\cookies.txt -> Spyware.Cookie.Spylog : Cleaned with backup
:mozilla.666:C:\Documents and Settings\Graham Archer\Application Data\Mozilla\Firefox\Profiles\vqgkptm5.default\cookies.txt -> Spyware.Cookie.Hotlog : Cleaned with backup
:mozilla.676:C:\Documents and Settings\Graham Archer\Application Data\Mozilla\Firefox\Profiles\vqgkptm5.default\cookies.txt -> Spyware.Cookie.Realtracker : Cleaned with backup
:mozilla.719:C:\Documents and Settings\Graham Archer\Application Data\Mozilla\Firefox\Profiles\vqgkptm5.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.721:C:\Documents and Settings\Graham Archer\Application Data\Mozilla\Firefox\Profiles\vqgkptm5.default\cookies.txt -> Spyware.Cookie.Valuead : Cleaned with backup
:mozilla.722:C:\Documents and Settings\Graham Archer\Application Data\Mozilla\Firefox\Profiles\vqgkptm5.default\cookies.txt -> Spyware.Cookie.Valuead : Cleaned with backup
:mozilla.723:C:\Documents and Settings\Graham Archer\Application Data\Mozilla\Firefox\Profiles\vqgkptm5.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.724:C:\Documents and Settings\Graham Archer\Application Data\Mozilla\Firefox\Profiles\vqgkptm5.default\cookies.txt -> Spyware.Cookie.Valuead : Cleaned with backup
:mozilla.725:C:\Documents and Settings\Graham Archer\Application Data\Mozilla\Firefox\Profiles\vqgkptm5.default\cookies.txt -> Spyware.Cookie.Valuead : Cleaned with backup
:mozilla.726:C:\Documents and Settings\Graham Archer\Application Data\Mozilla\Firefox\Profiles\vqgkptm5.default\cookies.txt -> Spyware.Cookie.Valuead : Cleaned with backup
:mozilla.727:C:\Documents and Settings\Graham Archer\Application Data\Mozilla\Firefox\Profiles\vqgkptm5.default\cookies.txt -> Spyware.Cookie.Valuead : Cleaned with backup
:mozilla.733:C:\Documents and Settings\Graham Archer\Application Data\Mozilla\Firefox\Profiles\vqgkptm5.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.750:C:\Documents and Settings\Graham Archer\Application Data\Mozilla\Firefox\Profiles\vqgkptm5.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.751:C:\Documents and Settings\Graham Archer\Application Data\Mozilla\Firefox\Profiles\vqgkptm5.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.758:C:\Documents and Settings\Graham Archer\Application Data\Mozilla\Firefox\Profiles\vqgkptm5.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.767:C:\Documents and Settings\Graham Archer\Application Data\Mozilla\Firefox\Profiles\vqgkptm5.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.800:C:\Documents and Settings\Graham Archer\Application Data\Mozilla\Firefox\Profiles\vqgkptm5.default\cookies.txt -> Spyware.Cookie.Coremetrics : Cleaned with backup
:mozilla.809:C:\Documents and Settings\Graham Archer\Application Data\Mozilla\Firefox\Profiles\vqgkptm5.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.817:C:\Documents and Settings\Graham Archer\Application Data\Mozilla\Firefox\Profiles\vqgkptm5.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.831:C:\Documents and Settings\Graham Archer\Application Data\Mozilla\Firefox\Profiles\vqgkptm5.default\cookies.txt -> Spyware.Cookie.Targetnet : Cleaned with backup
:mozilla.833:C:\Documents and Settings\Graham Archer\Application Data\Mozilla\Firefox\Profiles\vqgkptm5.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.853:C:\Documents and Settings\Graham Archer\Application Data\Mozilla\Firefox\Profiles\vqgkptm5.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.854:C:\Documents and Settings\Graham Archer\Application Data\Mozilla\Firefox\Profiles\vqgkptm5.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.856:C:\Documents and Settings\Graham Archer\Application Data\Mozilla\Firefox\Profiles\vqgkptm5.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.857:C:\Documents and Settings\Graham Archer\Application Data\Mozilla\Firefox\Profiles\vqgkptm5.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.860:C:\Documents and Settings\Graham Archer\Application Data\Mozilla\Firefox\Profiles\vqgkptm5.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.861:C:\Documents and Settings\Graham Archer\Application Data\Mozilla\Firefox\Profiles\vqgkptm5.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.862:C:\Documents and Settings\Graham Archer\Application Data\Mozilla\Firefox\Profiles\vqgkptm5.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.870:C:\Documents and Settings\Graham Archer\Application Data\Mozilla\Firefox\Profiles\vqgkptm5.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.874:C:\Documents and Settings\Graham Archer\Application Data\Mozilla\Firefox\Profiles\vqgkptm5.default\cookies.txt -> Spyware.Cookie.Weborama : Cleaned with backup
:mozilla.875:C:\Documents and Settings\Graham Archer\Application Data\Mozilla\Firefox\Profiles\vqgkptm5.default\cookies.txt -> Spyware.Cookie.Weborama : Cleaned with backup
:mozilla.876:C:\Documents and Settings\Graham Archer\Application Data\Mozilla\Firefox\Profiles\vqgkptm5.default\cookies.txt -> Spyware.Cookie.Weborama : Cleaned with backup
:mozilla.882:C:\Documents and Settings\Graham Archer\Application Data\Mozilla\Firefox\Profiles\vqgkptm5.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.947:C:\Documents and Settings\Graham Archer\Application Data\Mozilla\Firefox\Profiles\vqgkptm5.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\2C7C7F55-F7BA-4FBD-9671-CC0580\2D780BEE-0EAC-4F3A-923C-D0B3CE -> Spyware.WebRebates : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP291\A0084325.exe -> TrojanDownloader.Agent.ex : Cleaned with backup


::Report End


I hope this helps.

Many thanks,

Graham
Reply With Quote Quick reply to this message  
Join Date: Jul 2005
Posts: 7
Reputation: hbadger30 is an unknown quantity at this point 
Solved Threads: 0
hbadger30 hbadger30 is offline Offline
Newbie Poster

Re: Viruses/Spyware on my PC :-(

 
0
  #4
Jul 27th, 2005
Sorry a couple of things I forgot to mention.

- I tried the Symantec Pynix VX2 remover and this was the log:

Symantec Adware.BetterInternet Removal Tool 1.1.3


C:\bac47cd371a50f383bec07\sp2: (not scanned)
C:\Documents and Settings\Graham Archer\Desktop\Current Projects\Recording SIG - Due 2.05.05\Liverpool Philharmonic Orchestra 23.02.2005\LPO Cut and mastered CD tracks\Edward Elgar - Symphony No.1 in A flat major\1. Andante. Nobilmente e semplice - Allegro.wav (WARNING: not scanned, path to long)
Adware.BetterInternet has not been found on your computer.


Also I have microsoft anti-spyware beta installed and on every start up it prompts me to remove transponder.pynix to which I always click remove - is this the right thing to be doing?

Thanks,

Graham
Reply With Quote Quick reply to this message  
Join Date: Jul 2004
Posts: 2,964
Reputation: dlh6213 is on a distinguished road 
Solved Threads: 210
Team Colleague
dlh6213 dlh6213 is offline Offline
Posting Maven

Re: Viruses/Spyware on my PC :-(

 
0
  #5
Jul 28th, 2005
Do you use any file-sharing programs? That's the most common way for this particular infection to spread.

Open Firefox and go to Tools, Options, and then click on Privacy (padlock icon on the left); click on the Clear All button.

Download, install, update, and run the following utilities:

CounterSpy
http://www.download.com/CounterSpy/3...ml?tag=lst-0-1

CCleanerhttp://www.filehippo.com/download/Qi.../download.html

If, after doing the above, pynix is still on your computer, can you tell us where MS's Anti-spyware says it's located?
Links to help you help yourself :

Protect Your PC & Avoid Infections -- http://www.daniweb.com/techtalkforums/thread27519.html

Cleanup Procedures & Tools -- http://www.daniweb.com/techtalkforums/thread27570.html

Infection Removal & HijackThis Use -- http://www.daniweb.com/techtalkforums/thread28196.html
Reply With Quote Quick reply to this message  
Join Date: Jul 2005
Posts: 7
Reputation: hbadger30 is an unknown quantity at this point 
Solved Threads: 0
hbadger30 hbadger30 is offline Offline
Newbie Poster

Re: Viruses/Spyware on my PC :-(

 
0
  #6
Jul 28th, 2005
Hi,

I used to use Kazaa about a year ago for a short while but have since uninstalled it - I'm guessing that where I've picked this up from as pynix has been on my computer for a while now.

I did the things in Firefox and also downloaded and ran the two spyware programs but its still there!

However when I boot up I now get Counter Spy telling me that VX2.ABetterInternet is trying to install itself and not MS Anti-spyware. Also Counter Spy won't let me see where the infection is. On the other hand Spyware guard also says on start up:

Warning a BHO has been added:

{00000000-DD60-0064-6EC2-6E0100000000}

And its gives me the option to remove it (which I always take) but then its says that the program has performed a run time error:

'-2147024770(8007007e)'

I wondered if I should uninstall CounterSpy to see if MS Anti-spyware will tell me the location of the infection?

Thanks,

Graham
Reply With Quote Quick reply to this message  
Join Date: Jul 2004
Posts: 2,964
Reputation: dlh6213 is on a distinguished road 
Solved Threads: 210
Team Colleague
dlh6213 dlh6213 is offline Offline
Posting Maven

Re: Viruses/Spyware on my PC :-(

 
0
  #7
Jul 28th, 2005
Originally Posted by hbadger30
I wondered if I should uninstall CounterSpy to see if MS Anti-spyware will tell me the location of the infection?
Try that, and also post a new HijackThis log with your next reply.
Links to help you help yourself :

Protect Your PC & Avoid Infections -- http://www.daniweb.com/techtalkforums/thread27519.html

Cleanup Procedures & Tools -- http://www.daniweb.com/techtalkforums/thread27570.html

Infection Removal & HijackThis Use -- http://www.daniweb.com/techtalkforums/thread28196.html
Reply With Quote Quick reply to this message  
Join Date: Jul 2005
Posts: 7
Reputation: hbadger30 is an unknown quantity at this point 
Solved Threads: 0
hbadger30 hbadger30 is offline Offline
Newbie Poster

Re: Viruses/Spyware on my PC :-(

 
0
  #8
Jul 31st, 2005
Hi,

I uninstalled CounterSpy and MS AntiSpyware said that pynix was located here:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\00000000-DD60-0064-6EC2-6E0100000000

And this is what I get on start up:

"Microsoft AntiSpyware has detected the threat Transponder.Pynix trying to install a Browser Helper Object on your computer. If you would like to allow Transponder.Pynix to install the Browser Helper Object click the 'Allow' button below.

Name: Transponder.Pynix
Type: Spyware
Threat Level: High

Description: Software that collects information, such as the websites a user visits, without adequate consent. This may include installing without prominent notice or running without a clear method to disable.

Advise: High-risk items have a large potential for adverse effect, such as loss of computer control, and should be removed unless knowingly installed."


My new hijackthis log is:

Logfile of HijackThis v1.99.1
Scan saved at 12:17:04, on 31/07/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Promise\Utility\MsgAgt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sophos SWEEP for NT\SWNETSUP.EXE
C:\Program Files\Sophos SWEEP for NT\SWEEPSRV.SYS
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Dell AIO Printer A940\dlbabmon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\WINDOWS\SYSTEM32\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Sophos SWEEP for NT\ICMON.EXE
C:\audio\MOTU\FireWire Audio\MFWAKeys.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\iTunes\iTunes.exe
C:\Documents and Settings\Graham Archer\Desktop\Virus Protection\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co.uk
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.co.uk
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co.uk
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.co.uk
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.co.uk
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.co.uk
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.co.uk
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.co.uk
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://www.york.ac.uk/proxy.config
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = wwwcache.sns.york.ac.uk:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_17_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - (no file)
O2 - BHO: (no name) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file)
O3 - Toolbar: BT Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_17_0.dll
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Dell AIO Printer A940] "C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe"
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM32\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\RunOnce: [MicrosoftAntiSpywareCleaner] C:\Program Files\Microsoft AntiSpyware\gcASCleaner.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: InterCheck Monitor.LNK = C:\Program Files\Sophos SWEEP for NT\ICMON.EXE
O4 - Global Startup: MFWAKeys.lnk = C:\audio\MOTU\FireWire Audio\MFWAKeys.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: BT Yahoo! Sidebar - {51085E3D-A958-42A2-A6BE-A6A9B0BAF276} - C:\Program Files\Yahoo!\browser\ysidebarIE.dll
O9 - Extra 'Tools' menuitem: BT &Yahoo! Sidebar - {51085E3D-A958-42A2-A6BE-A6A9B0BAF276} - C:\Program Files\Yahoo!\browser\ysidebarIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: BT - {94879043-16A1-425D-90CC-EB5D3F8F73C6} - http://www.bt.com (file missing) (HKCU)
O9 - Extra button: Homepage - {97367153-69C3-4610-835E-ACF3A3CEB6EC} - http://bt.yahoo.com (file missing) (HKCU)
O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.m7z.net/content.info...TunesSetup.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1093180511655
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} (DmiReader Class) - http://support.euro.dell.com/global/...r/PROFILER.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary...o.cab32846.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Promise RAID message agent (RAIDmAgt) - Unknown owner - C:\Program Files\Promise\Utility\MsgAgt.exe
O23 - Service: Sophos Anti-Virus Network (SweepNet) - Sophos Plc - C:\Program Files\Sophos SWEEP for NT\SWNETSUP.EXE
O23 - Service: Sophos Anti-Virus (SWEEPSRV.SYS) - Sophos Plc - C:\Program Files\Sophos SWEEP for NT\SWEEPSRV.SYS
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE
Reply With Quote Quick reply to this message  
Join Date: Jul 2004
Posts: 2,964
Reputation: dlh6213 is on a distinguished road 
Solved Threads: 210
Team Colleague
dlh6213 dlh6213 is offline Offline
Posting Maven

Re: Viruses/Spyware on my PC :-(

 
0
  #9
Jul 31st, 2005
Go to Start, Run, type regedit in the box, and hit Enter.

At the top of the Registry Editor window, click on File, and then Export. In the Export range panel (at the bottom), click All, give the file a name, and then Save your registry as a backup to a location where you will be able to locate it easily if necessary.

Then click on Edit, Find; in the box, paste pynix, and then click on Find Next

Right-click on any entries found and click Delete.

Continue using the Find Next option until you get the Finished searching through registry message.

Repeat the above instructions using 00000000-DD60-0064-6EC2-6E0100000000

Close the Registry Editor.

Let us know the results and post a new HJT log please.
Reply With Quote Quick reply to this message  
Join Date: Jul 2005
Posts: 7
Reputation: hbadger30 is an unknown quantity at this point 
Solved Threads: 0
hbadger30 hbadger30 is offline Offline
Newbie Poster

Re: Viruses/Spyware on my PC :-(

 
0
  #10
Jul 31st, 2005
Hi I did the above and deleted about 5 reg keys but pynix is still there! Not quite sure what else to do but as ever here is my HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 00:16:02, on 01/08/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Promise\Utility\MsgAgt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sophos SWEEP for NT\SWNETSUP.EXE
C:\Program Files\Sophos SWEEP for NT\SWEEPSRV.SYS
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Dell AIO Printer A940\dlbabmon.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\WINDOWS\SYSTEM32\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Sophos SWEEP for NT\ICMON.EXE
C:\audio\MOTU\FireWire Audio\MFWAKeys.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Graham Archer\Desktop\Virus Protection\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co.uk
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.co.uk
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co.uk
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.co.uk
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.co.uk
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.co.uk
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.co.uk
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.co.uk
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://www.york.ac.uk/proxy.config
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = wwwcache.sns.york.ac.uk:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_17_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - (no file)
O2 - BHO: (no name) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file)
O3 - Toolbar: BT Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_17_0.dll
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Dell AIO Printer A940] "C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe"
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM32\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\RunOnce: [MicrosoftAntiSpywareCleaner] C:\Program Files\Microsoft AntiSpyware\gcASCleaner.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: InterCheck Monitor.LNK = C:\Program Files\Sophos SWEEP for NT\ICMON.EXE
O4 - Global Startup: MFWAKeys.lnk = C:\audio\MOTU\FireWire Audio\MFWAKeys.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: BT Yahoo! Sidebar - {51085E3D-A958-42A2-A6BE-A6A9B0BAF276} - C:\Program Files\Yahoo!\browser\ysidebarIE.dll
O9 - Extra 'Tools' menuitem: BT &Yahoo! Sidebar - {51085E3D-A958-42A2-A6BE-A6A9B0BAF276} - C:\Program Files\Yahoo!\browser\ysidebarIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: BT - {94879043-16A1-425D-90CC-EB5D3F8F73C6} - http://www.bt.com (file missing) (HKCU)
O9 - Extra button: Homepage - {97367153-69C3-4610-835E-ACF3A3CEB6EC} - http://bt.yahoo.com (file missing) (HKCU)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.m7z.net/content.info...TunesSetup.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1093180511655
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} (DmiReader Class) - http://support.euro.dell.com/global/...r/PROFILER.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} -
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary...o.cab32846.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Promise RAID message agent (RAIDmAgt) - Unknown owner - C:\Program Files\Promise\Utility\MsgAgt.exe
O23 - Service: Sophos Anti-Virus Network (SweepNet) - Sophos Plc - C:\Program Files\Sophos SWEEP for NT\SWNETSUP.EXE
O23 - Service: Sophos Anti-Virus (SWEEPSRV.SYS) - Sophos Plc - C:\Program Files\Sophos SWEEP for NT\SWEEPSRV.SYS
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE


Thanks guys.
Reply With Quote Quick reply to this message  
Reply
1 2

Quick Reply to Thread
This thread is more than three months old.
Perhaps start a new thread instead?
Message:



Similar Threads
Other Threads in the Viruses, Spyware and other Nasties Forum
Thread Tools Search this Thread



adware anti-malware anti-virussitesaccessissue antivirus apple attack avg backtoschoolspeech bar blackhat botnet botnets censorship china commercial commercials conficker connect control crosssitescripting cyber cybercrime cyberwarfare ddos domains e-mafia education email europe exam exploit fake fancheckvirus gaming gtaiv gumblar halloween herss.exe hijack hosting internet iphone kaspersky legal mail malware mcafee mega-d messagelabs microsoft mobile msn nazi news obama onlinethreats paedophile parents patch phishing police policeprovirusmba-mblockedinternetaccess president pro problem redirect reliability report research risk rogueantivirus samhain sans school search security seopoisoning sites software spam spyware spywareexternalwindows7adminstratortrojans sqlinjection symantec system teen translate trojan unabletoaccessanti-virussites unwanted update usa virus viruses vista war windows worm yahoo zeroday
About Us | Contact Us | Advertise | DaniWeb | Acceptable Use Policy | RSS Feed

©2003 - 2009 DaniWeb® LLC