954,255 Members — Technology Publication meets Social Media
Username:
Password:
Lost login information?
Have something to say? Contribute New Article Reply to this Article
6 Years Ago
0

download.trojan--please help!

Hi!

I have Norton 2005 Security and for the past month it's been popping up a window stating that I have the download.trojan virus in C/Windows/System32/ssqrp.dll. I've run Norton & AVG in safe mode but when I go back to normal mode I still have the same problem. My computer was purchased in January 2006 and it's running super slow. Could it be this virus or do you think I have something else wrong.

Either way, can you help me remove this virus?

Thank you for these websites!

Feb20
Newbie Poster
11 posts since May 2006
Reputation Points: 10
Solved Threads: 0
 
6 Years Ago
0

Awsome, ya found it :)

Alrite, we need to have a HijackThis log to diagnose the problem.

Download HijackThis (current verison is v1.99.1)

or here (Alternate 1, a self-extracting zip file)
or here (Alternate 2, an *.exe file)

Make a new folder to put your HijackThis.exe into.

(Anywhere on your hard drive is fine other than your Desktop or the Temp folder. Suitable examples are:C:\HijackThis\
C:\Programs\hijackthis\
C:\Windows\My Documents\HJT\
but feel free to use any name.)

Extract and save the HijackThis download to the new folder you made. Then navigate to it and run HijackThis from there. (This is to ensure it makes the necessary backups for recovery if fixes are made) Then, doubleclick HijackThis.exe, and click Scan.

When the scan is finished, the "Scan" button will change into a "Save Log" button. Press that and copy & paste its contents in your reply. Most of what it lists will be harmless or even essential, don't try to fix anything yourself.

Thanks.

'Stein
Lapsed Skeptic
Team Colleague
1,941 posts since Jan 2006
Reputation Points: 222
Solved Threads: 106
 
6 Years Ago
0

Should I do this in safe or normal mode?

Feb20
Newbie Poster
11 posts since May 2006
Reputation Points: 10
Solved Threads: 0
 
6 Years Ago
0

Normal please.

'Stein
Lapsed Skeptic
Team Colleague
1,941 posts since Jan 2006
Reputation Points: 222
Solved Threads: 106
 
6 Years Ago
0

Here is my hijack this log. Any help is greatly appreciated!
Logfile of HijackThis v1.99.1
Scan saved at 2:58:21 PM, on 5/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\MMDiag.exe
C:\WINDOWS\system32\hkcmd.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\WINDOWS\system32\igfxpers.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TSC.EXE
C:\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydsl/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydsl/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\common\YIeTagBm.dll
O2 - BHO: WTLHelper Object - {6D33B121-5C4C-4450-9D1F-7B67085CC199} - C:\WINDOWS\system32\mljjh.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {ADCD30FF-0119-4906-8A8B-D52D1EED044B} - C:\WINDOWS\system32\ssqrp.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: SBC Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .wav: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} (Live Collaboration) - http://liveca12.custhelp.com/7530-b327h/rnl/java/RntX.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: mljjh - C:\WINDOWS\system32\mljjh.dll
O20 - Winlogon Notify: ssqrp - C:\WINDOWS\SYSTEM32\ssqrp.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

Feb20
Newbie Poster
11 posts since May 2006
Reputation Points: 10
Solved Threads: 0
 
6 Years Ago
0

Does it have something to do with the 'no name' attached to the file ....system32/ssqrp.dll?

Feb20
Newbie Poster
11 posts since May 2006
Reputation Points: 10
Solved Threads: 0
 
6 Years Ago
0

Please run HJT again, select Do system scan only. And check these items.


R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=

O2 - BHO: WTLHelper Object - {6D33B121-5C4C-4450-9D1F-7B67085CC199} - C:\WINDOWS\system32\mljjh.dll

O2 - BHO: (no name) - {ADCD30FF-0119-4906-8A8B-D52D1EED044B} - C:\WINDOWS\system32\ssqrp.dll

O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} (Live Collaboration) - http://liveca12.custhelp.com/7530-b3.../java/RntX.cab

O20 - Winlogon Notify: mljjh - C:\WINDOWS\system32\mljjh.dll

O20 - Winlogon Notify: ssqrp - C:\WINDOWS\SYSTEM32\ssqrp.dll

Click Fix Checked.

_______________________________________________

Please download VundoFix.exe to your desktop.Double-click VundoFix.exe to run it.
Put a check next to Run VundoFix as a task.
You will receive a message saying vundofix will close and re-open in a minute or less. Click OK
When VundoFix re-opens, click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will shutdown your computer, click OK.
Turn your computer back on.

_______________________________________________________

Please download ewido anti-malware it is a free version of the program.Install ewido anti-malware
When installing, under "Additional Options" uncheck..Install background guard
Install scan via context menu

Launch ewido, there should be an icon on your desktop, double-click it.
The program will now open to the main screen.
When you run ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment.
You will need to update ewido to the latest definition files.On the left hand side of the main screen click update.
Then click on Start Update.

The update will start and a progress bar will show the updates being installed.
(the status bar at the bottom will display ("Update successful" )
If you are having problems with the updater, you can use this link to manually update ewido.
ewido manual updates

Once the updates are installed do the following:Open up Ewido
Click on scanner
Click on Complete System Scan and the scan will begin.
You will be prompted to clean the first infection.
Select "Perform action on all infections", then proceed.
Once the scan has completed, there will be a button located on the bottom of the screen named Save report
Click Save report.
Save the report .txt file to your desktop or a location where you can find it easily.
Close ewido anti-malware.

Reboot.

______________________________________________________

Please post the contents of C:\vundofix.txt and a new HiJackThis log, and the ewido log. - We will continue you with the fix, as you show signs of other infections

tayspen
<Insert title here>
Team Colleague
1,622 posts since Jul 2005
Reputation Points: 84
Solved Threads: 99
 
6 Years Ago
0

I have finished all three steps and there is already a HUGE difference in my computer.... here are my 3 logs.....

Logfile of HijackThis v1.99.1
Scan saved at 4:21:02 PM, on 5/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\WINDOWS\system32\hkcmd.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\SecuritySuite.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydsl/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydsl/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\common\YIeTagBm.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: SBC Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .wav: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe



________________________________________________

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------
+ Created on: 4:20:32 PM, 5/11/2006
+ Report-Checksum: 48FFA7C2
+ Scan result:
C:\Documents and Settings\Cristina Russo\Cookies\cristina [EMAIL="russo@2o7"]russo@2o7[/EMAIL][2].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Cristina Russo\Cookies\cristina [EMAIL="russo@a.tribalfusion"]russo@a.tribalfusion[/EMAIL][1].txt -> TrackingCookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\Cristina Russo\Cookies\cristina [EMAIL="russo@ad.yieldmanager"]russo@ad.yieldmanager[/EMAIL][1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Cristina Russo\Cookies\cristina [EMAIL="russo@adjuggler"]russo@adjuggler[/EMAIL][2].txt -> TrackingCookie.Adjuggler : Cleaned with backup
C:\Documents and Settings\Cristina Russo\Cookies\cristina [EMAIL="russo@adopt.specificclick"]russo@adopt.specificclick[/EMAIL][2].txt -> TrackingCookie.Specificclick : Cleaned with backup
C:\Documents and Settings\Cristina Russo\Cookies\cristina [EMAIL="russo@adrevolver"]russo@adrevolver[/EMAIL][3].txt -> TrackingCookie.Adrevolver : Cleaned with backup
C:\Documents and Settings\Cristina Russo\Cookies\cristina [EMAIL="russo@ads.addynamix"]russo@ads.addynamix[/EMAIL][1].txt -> TrackingCookie.Addynamix : Cleaned with backup
C:\Documents and Settings\Cristina Russo\Cookies\cristina [EMAIL="russo@ads.pointroll"]russo@ads.pointroll[/EMAIL][2].txt -> TrackingCookie.Pointroll : Cleaned with backup
C:\Documents and Settings\Cristina Russo\Cookies\cristina [EMAIL="russo@advertising"]russo@advertising[/EMAIL][2].txt -> TrackingCookie.Advertising : Cleaned with backup
C:\Documents and Settings\Cristina Russo\Cookies\cristina [EMAIL="russo@as-us.falkag"]russo@as-us.falkag[/EMAIL][1].txt -> TrackingCookie.Falkag : Cleaned with backup
C:\Documents and Settings\Cristina Russo\Cookies\cristina [EMAIL="russo@as.casalemedia"]russo@as.casalemedia[/EMAIL][1].txt -> TrackingCookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\Cristina Russo\Cookies\cristina [EMAIL="russo@atdmt"]russo@atdmt[/EMAIL][2].txt -> TrackingCookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Cristina Russo\Cookies\cristina [EMAIL="russo@bfast"]russo@bfast[/EMAIL][2].txt -> TrackingCookie.Bfast : Cleaned with backup
C:\Documents and Settings\Cristina Russo\Cookies\cristina [EMAIL="russo@casalemedia"]russo@casalemedia[/EMAIL][2].txt -> TrackingCookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\Cristina Russo\Cookies\cristina [EMAIL="russo@com"]russo@com[/EMAIL][1].txt -> TrackingCookie.Com : Cleaned with backup
C:\Documents and Settings\Cristina Russo\Cookies\cristina [EMAIL="russo@cpvfeed"]russo@cpvfeed[/EMAIL][2].txt -> TrackingCookie.Cpvfeed : Cleaned with backup
C:\Documents and Settings\Cristina Russo\Cookies\cristina [EMAIL="russo@doubleclick"]russo@doubleclick[/EMAIL][2].txt -> TrackingCookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Cristina Russo\Cookies\cristina [EMAIL="russo@ehg-2ndsightinc.hitbox"]russo@ehg-2ndsightinc.hitbox[/EMAIL][1].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Cristina Russo\Cookies\cristina [EMAIL="russo@fastclick"]russo@fastclick[/EMAIL][1].txt -> TrackingCookie.Fastclick : Cleaned with backup
C:\Documents and Settings\Cristina Russo\Cookies\cristina [EMAIL="russo@hitbox"]russo@hitbox[/EMAIL][2].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Cristina Russo\Cookies\cristina [EMAIL="russo@mediaplex"]russo@mediaplex[/EMAIL][1].txt -> TrackingCookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\Cristina Russo\Cookies\cristina [EMAIL="russo@msnportal.112.2o7"]russo@msnportal.112.2o7[/EMAIL][1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Cristina Russo\Cookies\cristina [EMAIL="russo@questionmarket"]russo@questionmarket[/EMAIL][2].txt -> TrackingCookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\Cristina Russo\Cookies\cristina [EMAIL="russo@rotator.adjuggler"]russo@rotator.adjuggler[/EMAIL][1].txt -> TrackingCookie.Adjuggler : Cleaned with backup
C:\Documents and Settings\Cristina Russo\Cookies\cristina [EMAIL="russo@stats1.reliablestats"]russo@stats1.reliablestats[/EMAIL][2].txt -> TrackingCookie.Reliablestats : Cleaned with backup
C:\Documents and Settings\Cristina Russo\Cookies\cristina [EMAIL="russo@trafficmp"]russo@trafficmp[/EMAIL][2].txt -> TrackingCookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\Cristina Russo\Cookies\cristina [EMAIL="russo@tribalfusion"]russo@tribalfusion[/EMAIL][2].txt -> TrackingCookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\Cristina Russo\Cookies\cristina [EMAIL="russo@www.myaffiliateprogram"]russo@www.myaffiliateprogram[/EMAIL][1].txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup
C:\Documents and Settings\Cristina Russo\Cookies\cristina [EMAIL="russo@zedo"]russo@zedo[/EMAIL][2].txt -> TrackingCookie.Zedo : Cleaned with backup
C:\RECYCLER\S-1-5-21-706042720-4250874448-3189256575-1007\Dc110.txt -> TrackingCookie.Reliablestats : Cleaned with backup
C:\RECYCLER\S-1-5-21-706042720-4250874448-3189256575-1007\Dc126.txt -> TrackingCookie.2o7 : Cleaned with backup
C:\RECYCLER\S-1-5-21-706042720-4250874448-3189256575-1007\Dc13.txt -> TrackingCookie.Com : Cleaned with backup
C:\RECYCLER\S-1-5-21-706042720-4250874448-3189256575-1007\Dc134.txt -> TrackingCookie.2o7 : Cleaned with backup
C:\RECYCLER\S-1-5-21-706042720-4250874448-3189256575-1007\Dc159.txt -> TrackingCookie.Com : Cleaned with backup
C:\RECYCLER\S-1-5-21-706042720-4250874448-3189256575-1007\Dc161.txt -> TrackingCookie.Specificclick : Cleaned with backup
C:\RECYCLER\S-1-5-21-706042720-4250874448-3189256575-1007\Dc165.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\RECYCLER\S-1-5-21-706042720-4250874448-3189256575-1007\Dc168.txt -> TrackingCookie.Cpvfeed : Cleaned with backup
C:\RECYCLER\S-1-5-21-706042720-4250874448-3189256575-1007\Dc17.txt -> TrackingCookie.2o7 : Cleaned with backup
C:\RECYCLER\S-1-5-21-706042720-4250874448-3189256575-1007\Dc178.txt -> TrackingCookie.Reliablestats : Cleaned with backup
C:\RECYCLER\S-1-5-21-706042720-4250874448-3189256575-1007\Dc26.txt -> TrackingCookie.2o7 : Cleaned with backup
C:\RECYCLER\S-1-5-21-706042720-4250874448-3189256575-1007\Dc31.txt -> TrackingCookie.Euroclick : Cleaned with backup
C:\RECYCLER\S-1-5-21-706042720-4250874448-3189256575-1007\Dc40.txt -> TrackingCookie.2o7 : Cleaned with backup
C:\RECYCLER\S-1-5-21-706042720-4250874448-3189256575-1007\Dc50.txt -> TrackingCookie.Casalemedia : Cleaned with backup
C:\RECYCLER\S-1-5-21-706042720-4250874448-3189256575-1007\Dc52.txt -> TrackingCookie.Cpvfeed : Cleaned with backup
C:\RECYCLER\S-1-5-21-706042720-4250874448-3189256575-1007\Dc60.txt -> TrackingCookie.Mediaplex : Cleaned with backup
C:\RECYCLER\S-1-5-21-706042720-4250874448-3189256575-1007\Dc62.txt -> TrackingCookie.Doubleclick : Cleaned with backup
C:\RECYCLER\S-1-5-21-706042720-4250874448-3189256575-1007\Dc70.txt -> TrackingCookie.Atdmt : Cleaned with backup
C:\RECYCLER\S-1-5-21-706042720-4250874448-3189256575-1007\Dc73.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\RECYCLER\S-1-5-21-706042720-4250874448-3189256575-1007\Dc78.txt -> TrackingCookie.Specificclick : Cleaned with backup
C:\RECYCLER\S-1-5-21-706042720-4250874448-3189256575-1007\Dc80.txt -> TrackingCookie.Addynamix : Cleaned with backup
C:\RECYCLER\S-1-5-21-706042720-4250874448-3189256575-1007\Dc81.txt -> TrackingCookie.Trafficmp : Cleaned with backup
C:\RECYCLER\S-1-5-21-706042720-4250874448-3189256575-1007\Dc82.txt -> TrackingCookie.Serving-sys : Cleaned with backup
C:\RECYCLER\S-1-5-21-706042720-4250874448-3189256575-1007\Dc83.txt -> TrackingCookie.Casalemedia : Cleaned with backup
C:\RECYCLER\S-1-5-21-706042720-4250874448-3189256575-1007\Dc84.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
C:\RECYCLER\S-1-5-21-706042720-4250874448-3189256575-1007\Dc86.txt -> TrackingCookie.Fastclick : Cleaned with backup
C:\RECYCLER\S-1-5-21-706042720-4250874448-3189256575-1007\Dc88.txt -> TrackingCookie.Questionmarket : Cleaned with backup
C:\RECYCLER\S-1-5-21-706042720-4250874448-3189256575-1007\Dc89.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
C:\RECYCLER\S-1-5-21-706042720-4250874448-3189256575-1007\Dc90.txt -> TrackingCookie.Falkag : Cleaned with backup
C:\RECYCLER\S-1-5-21-706042720-4250874448-3189256575-1007\Dc92.txt -> TrackingCookie.Adrevolver : Cleaned with backup
C:\RECYCLER\S-1-5-21-706042720-4250874448-3189256575-1007\Dc95.txt -> TrackingCookie.Zedo : Cleaned with backup
C:\RECYCLER\S-1-5-21-706042720-4250874448-3189256575-1007\Dc96.txt -> TrackingCookie.Ru4 : Cleaned with backup
C:\RECYCLER\S-1-5-21-706042720-4250874448-3189256575-1007\Dc98.txt -> TrackingCookie.Advertising : Cleaned with backup

::Report End




--------------------------------------------------------------------

VundoFix V4.2.74
Running as SYSTEM
from c:\windows\system32\VundoFix.exe
Checking Java version...
Java version is 1.4.2.3
Scan started at 3:47:25 PM 5/11/2006
Listing files found while scanning....
C:\WINDOWS\system32\mljjh.dll
C:\WINDOWS\system32\hjjlm.ini
C:\WINDOWS\system32\hjjlm.bak1
C:\WINDOWS\system32\hjjlm.bak2
C:\WINDOWS\system32\hjjlm.ini2
C:\WINDOWS\system32\hjjlm.tmp
C:\WINDOWS\system32\ssqrp.dll
C:\WINDOWS\system32\hjjlm.bak1
C:\WINDOWS\system32\hjjlm.bak2
C:\WINDOWS\system32\hjjlm.tmp
C:\WINDOWS\system32\hjjlm.ini
C:\WINDOWS\system32\hjjlm.ini2
C:\WINDOWS\system32\mljjh.dll
C:\WINDOWS\system32\hjjlm.ini2
C:\WINDOWS\system32\hjjlm.bak2
C:\WINDOWS\system32\hjjlm.tmp
C:\WINDOWS\system32\hjjlm.ini
C:\WINDOWS\system32\hjjlm.ini2
C:\WINDOWS\system32\mljjh.dll
Attempting to delete C:\WINDOWS\system32\mljjh.dll
C:\WINDOWS\system32\mljjh.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\hjjlm.ini
C:\WINDOWS\system32\hjjlm.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\hjjlm.bak1
C:\WINDOWS\system32\hjjlm.bak1 Has been deleted!
Attempting to delete C:\WINDOWS\system32\hjjlm.bak2
C:\WINDOWS\system32\hjjlm.bak2 Has been deleted!
Attempting to delete C:\WINDOWS\system32\hjjlm.ini2
C:\WINDOWS\system32\hjjlm.ini2 Has been deleted!
Attempting to delete C:\WINDOWS\system32\hjjlm.tmp
C:\WINDOWS\system32\hjjlm.tmp Has been deleted!
Attempting to delete C:\WINDOWS\system32\ssqrp.dll
C:\WINDOWS\system32\ssqrp.dll Has been deleted!
Performing Repairs to the registry.
Done!

I have not had a pop up stating that I have the virus, so do you think it's worked?

Feb20
Newbie Poster
11 posts since May 2006
Reputation Points: 10
Solved Threads: 0
 
6 Years Ago
0

Is there anything else I need to do next? Thank you sooooo very much for your help!

Feb20
Newbie Poster
11 posts since May 2006
Reputation Points: 10
Solved Threads: 0
 
6 Years Ago
0

Nope, that log look clean.

tayspen
<Insert title here>
Team Colleague
1,622 posts since Jul 2005
Reputation Points: 84
Solved Threads: 99
 
6 Years Ago
0

Thank you very much for all your help. Everything seems to be back to normal and running smoothly! Thanks again. :)

Feb20
Newbie Poster
11 posts since May 2006
Reputation Points: 10
Solved Threads: 0
 

This question has already been solved

Post: Markdown Syntax: Formatting Help
You
 
© 2012 DaniWeb® LLC
Home | About Us | Contact Us | Terms of Service | Advertising Opportunities
RSS Feed RSS Feed