aurora and drpmon.dll problem

Question

SediAK 0 Newbie Poster

18 Years Ago

For some reason I picked it up and dont know where. Tried to remove it using Adaware and its still there and when I tried deleting the drpmon.dll file it wont let me. SO I ran hijackthis and here is my log

Logfile of HijackThis v1.99.1
Scan saved at 11:53:09 AM, on 6/19/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
c:\windows\system32\htjmkdh.exe
C:\Program Files\Xfire\Xfire.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijackthis\HijackThis.exe

R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_3_12_0.dll
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_3_12_0.dll
O3 - Toolbar: Games toolbar - {02ffc86e-283e-4faa-95d6-addca024f30a} - C:\Program Files\Games\tbGame.dll (file missing)
O3 - Toolbar: My &Search Bar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O4 - HKLM\..\Run: [ztkedjw] c:\windows\system32\htjmkdh.exe r
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\RunServices: [Winzip Archiver] Winzip32.exe
O8 - Extra context menu item: &AOL Toolbar Search - res://c:\program files\aol\aol toolbar 2.0\aoltbhtml.dll/search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: ICQ 4 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {C9B8ABB6-1CC3-4957-9CA3-053036B2EE3A} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O10 - Broken Internet access because of LSP provider 'xfire_lsp_10650.dll' missing
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3B869A6F-B0FE-440E-96C9-D20A237B706A}: NameServer = 4.2.2.2
O17 - HKLM\System\CCS\Services\Tcpip\..\{99C2A277-40E5-4C84-9214-A21786E4CA32}: NameServer = 4.2.2.2
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe

What do I do now?

windows-virus

2 Contributors
19 Replies
573 Views
1 Week Discussion Span
Latest Post 18 Years Ago Latest Post by SediAK

All 19 Replies

dlh6213 27 Posting Maven

18 Years Ago

Hi SediAK, welcome to DaniWeb :D

Go to Add/Remove Programs in your Control Panel and remove (if present):

MyWay (or MySearch, MyBar, or anything similar)

Download Ewido Security Suite from here:
http://fileforum.betanews.com/detail/ewido_security_suite/1098736486/1

Install it, and while installing, under Additional Options, uncheck Install background guard and Install scan via context menu.

From the main Ewido screen, click on Update in the left menu, and then click the Start update button. After the update finishes (the status bar at the bottom will display Update successful), close the program (don't scan yet).

Download Nailfix from here:
http://users.pandora.be/bluepatchy/nailfix.zip
Unzip it to your desktop, but do not run it yet.

Reboot into Safe Mode.

Double-click on the Nailfix.bat that is on your desktop. Your desktop and icons will disappear and reappear, and a window should open and close very quickly -- this is normal.

Then run a full system scan with Ewido (note: you will be posting the log from this scan when back in normal mode).

Reboot normally.

Scan with hijackthis and have it fix the following entries:

F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
O3 - Toolbar: Games toolbar - {02ffc86e-283e-4faa-95d6-addca024f30a} - C:\Program Files\Games\tbGame.dll (file missing)
O3 - Toolbar: My &Search Bar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
O4 - HKLM\..\Run: [ztkedjw] c:\windows\system32\htjmkdh.exe r
O9 - Extra button: (no name) - {C9B8ABB6-1CC3-4957-9CA3-053036B2EE3A} - (no file)
O10 - Broken Internet access because of LSP provider 'xfire_lsp_10650.dll' missing
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe

These entries are suspicious; check with your ISP and ask if they should be there:
O17 - HKLM\System\CCS\Services\Tcpip\..\{3B869A6F-B0FE-440E-96C9-D20A237B706A}: NameServer = 4.2.2.2
O17 - HKLM\System\CCS\Services\Tcpip\..\{99C2A277-40E5-4C84-9214-A21786E4CA32}: NameServer = 4.2.2.2

Be sure to close any open windows, other then hijackthis, before hitting Fix checked.

Go to the following locations and delete the highlighted files and folders (if present):

C:\WINDOWS\Nail.exe
C:\WINDOWS\svcproc.exe
C:\windows\system32\htjmkdh.exe
C:\Program Files\Games\tbGame.dll

C:\Program Files\MyWay

Empty your Recycle Bin and reboot.

Close any open browser windows, scan with hijackthis, and post a new log along with the Ewido log.

dlh6213 27 Posting Maven

18 Years Ago

Remove Newdotnet either from Add/Remove Programs, or by going to http://www.newdotnet.com/#remove and scrolling down to the Uninstall tool.

For every User listed under C:\Documents and Settings, delete the entire contents of these folders (not the folders themselves):

Local Settings\Temp
Cookies
History
Local Settings\Temporary Internet Files\Content.IE5

Delete the entire contents of your C:\Windows\Temp folder.

Delete the entire contents of your C:\Temp folder (if you have one).

Do a search for *.tmp and delete all entries found.

Go to Start, Run, and type in cleanmgr, and then click OK. Select the drive XP is on, and check the boxes for Downloaded Program Files (move any files you wish to keep out of this folder first), Temporary Internet Files, Recycle Bin, Temporary Files, Temporary Offline Files, Offline Files, (and Compress old files & Catalog files for the Content Indexer if you wish), and then click OK. Click Yes to confirm you want these files deleted. It may take awhile for this to run, please be patient.

Note: if any of these temporary files cannot be deleted while in normal mode, try Safe Mode.

Open Firefox, go to Tools, Options, and click on Privacy (padlock icon on the left); click on the Clear All button.

Go to Add/Remove Programs in your Control Panel and remove Kazaa.

Get Kazaabegone to remove all remnants of Kazaa:
http://www.spychecker.com/program/kazaagone.html

Before running Kazaabegone, download LSPfix from http://www.computercops.biz/downloads-file-334.html (the process of getting rid of Kazaa sometimes messes up the internet connection and this will allow you to restore it).

Run Kazaabegone; if your internet connection is lost, start LSPfix.
On the opening screen, click the I know what I'm doing checkbox. Then click Finish.
That will restore all previous settings.

Scan with hijackthis and have it fix the following entries:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
O2 - BHO: Band Class - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - C:\WINDOWS\systb.dll (file missing)
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O4 - HKLM\..\Run: [iotfss] c:\windows\system32\cstqpn.exe r
O10 - Broken Internet access because of LSP provider 'xfire_lsp_10650.dll' missing

Remember to close any open windows before hitting Fix checked.

Did you find out if these are legit?
O17 - HKLM\System\CCS\Services\Tcpip\..\{3B869A6F-B0FE-440E-96C9-D20A237B706A}: NameServer = 4.2.2.2
O17 - HKLM\System\CCS\Services\Tcpip\..\{99C2A277-40E5-4C84-9214-A21786E4CA32}: NameServer = 4.2.2.2

Go to the following locations and delete the highlighted files:

C:\WINDOWS\systb.dll
C:\windows\system32\cstqpn.exe

Empty your Recycle Bin, reboot, and post a new hijackthis log please.

dlh6213 27 Posting Maven

18 Years Ago

Sorry, that site has been revised; please go here instead and follow the instructions:
http://www.newdotnet.com/removal.html

Your system needs to be set to Show hidden files and folders in order to see those folders.

Deleting the temp files hurt won't the programs.

dlh6213 27 Posting Maven

18 Years Ago

Do this again please...

Reboot into Safe Mode.

Double-click on the Nailfix.bat that is on your desktop.

When it's finished, run a full system scan with Ewido.

Reboot normally.

Scan with hijackthis and have it fix the following entries:

F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O4 - HKLM\..\Run: [qisqtc] c:\windows\system32\coyeps.exe r
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe

Be sure to close all open windows before hitting Fix checked.

go to the following locations and delete the highlighted files:

C:\WINDOWS\Nail.exe
C:\windows\system32\coyeps.exe
C:\WINDOWS\svcproc.exe

Reboot and post a new hijackthis log and the new Ewido log.

dlh6213 27 Posting Maven

18 Years Ago

Open Firefox, go to Tools, Options, and click on Privacy (padlock icon on the left); click on the Clear All button.

Scan with hijackthis and have it fix this entry:
O4 - HKLM\..\Run: [lvmkyfg] c:\windows\system32\uvivqm.exe r

Then delete this file:
C:\windows\system32\uvivqm.exe

Download and run Silent Runners.vbs -- http://www.silentrunners.org/. Post the information from the log it generates in this thread.

Please post another hijackthis log as well.

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

SediAK 0 Newbie Poster · Answer 1 · 2005-06-20T03:49:26+00:00

ok and now I have werid things going on...

the way my computer is set up is I have an 80 gig hard drive with a slaved 20 gig hard drive....the 20 gig harddrive is where i have all mygames installed at that I play online.....for some reason I cant open any games because a file is missing and when I open theat hard drive this is what it looks like http://us.share.geocities.com/tamed_kaos/desktop.bmp

for 1. there is more files there than should be....and for 2 those are deffinately not the names I titled them lol.....what is going on and how do I fix it?

SediAK 0 Newbie Poster · Answer 2 · 2005-06-21T06:09:27+00:00

Logfile of HijackThis v1.99.1
Scan saved at 4:08:22 PM, on 6/20/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Messenger\msmsgs.exe
c:\windows\system32\cstqpn.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = [url]http://websearch.drsnsrch.com/sidesearch.cgi?id=[/url]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [url]http://websearch.drsnsrch.com/sidesearch.cgi?id=[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = [url]http://websearch.drsnsrch.com/sidesearch.cgi?id=[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [url]http://websearch.drsnsrch.com/sidesearch.cgi?id=[/url]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = [url]http://websearch.drsnsrch.com/sidesearch.cgi?id=[/url]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = [url]http://websearch.drsnsrch.com/sidesearch.cgi?id=[/url]
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: Band Class - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - C:\WINDOWS\systb.dll (file missing)
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_3_12_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_3_12_0.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [iotfss] c:\windows\system32\cstqpn.exe r
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: &AOL Toolbar Search - res://c:\program files\aol\aol toolbar 2.0\aoltbhtml.dll/search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: ICQ 4 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O10 - Broken Internet access because of LSP provider 'xfire_lsp_10650.dll' missing
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - [url]http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab[/url]
O17 - HKLM\System\CCS\Services\Tcpip\..\{3B869A6F-B0FE-440E-96C9-D20A237B706A}: NameServer = 4.2.2.2
O17 - HKLM\System\CCS\Services\Tcpip\..\{99C2A277-40E5-4C84-9214-A21786E4CA32}: NameServer = 4.2.2.2
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

EWIDO Log

---------------------------------------------------------
 ewido security suite - Scan report
---------------------------------------------------------

 + Created on:          3:53:40 PM, 6/20/2005
 + Report-Checksum:     9931B0D6

 + Scan result:

    HKLM\SOFTWARE\Classes\IMIToolbar.BottomFrame -> Spyware.IEPlugin
    HKLM\SOFTWARE\Classes\IMIToolbar.BottomFrame\CLSID -> Spyware.IEPlugin
    HKLM\SOFTWARE\Classes\IMIToolbar.BottomFrame\CurVer -> Spyware.IEPlugin
    HKLM\SOFTWARE\Classes\IMIToolbar.LeftFrame -> Spyware.IEPlugin
    HKLM\SOFTWARE\Classes\IMIToolbar.LeftFrame\CLSID -> Spyware.IEPlugin
    HKLM\SOFTWARE\Classes\IMIToolbar.LeftFrame\CurVer -> Spyware.IEPlugin
    HKLM\SOFTWARE\Classes\IMIToolbar.PopupBrowser -> Spyware.IEPlugin
    HKLM\SOFTWARE\Classes\IMIToolbar.PopupBrowser\CLSID -> Spyware.IEPlugin
    HKLM\SOFTWARE\Classes\IMIToolbar.PopupBrowser\CurVer -> Spyware.IEPlugin
    HKLM\SOFTWARE\Classes\IMIToolbar.PopupWindow -> Spyware.IEPlugin
    HKLM\SOFTWARE\Classes\IMIToolbar.PopupWindow\CLSID -> Spyware.IEPlugin
    HKLM\SOFTWARE\Classes\IMIToolbar.PopupWindow\CurVer -> Spyware.IEPlugin
    HKLM\SOFTWARE\Classes\Wbho.Band -> Spyware.IEPlugin
    HKLM\SOFTWARE\Classes\Wbho.Band\CLSID -> Spyware.IEPlugin
    HKLM\SOFTWARE\Classes\Wbho.Band\CurVer -> Spyware.IEPlugin
    HKLM\SOFTWARE\eUniverse -> Spyware.KeenValue
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins -> Spyware.WebRebates
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PUK -> Spyware.CometCursor
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RelevantKnowledge -> Spyware.BroadCastPC
    HKU\S-1-5-21-1844237615-839522115-682003330-1004\Software\intexp -> Spyware.IEPlugin
    HKU\S-1-5-21-1844237615-839522115-682003330-1004\Software\intexp\Config -> Spyware.IEPlugin
    HKU\S-1-5-21-1844237615-839522115-682003330-1004\Software\intexp\MyFileSystem2 -> Spyware.IEPlugin
    :mozilla.10:C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\ujdoam5u.default\cookies.txt -> Spyware.Cookie.Adjuggler
    :mozilla.11:C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\ujdoam5u.default\cookies.txt -> Spyware.Cookie.Atdmt
    :mozilla.22:C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\ujdoam5u.default\cookies.txt -> Spyware.Cookie.Specificclick
    :mozilla.23:C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\ujdoam5u.default\cookies.txt -> Spyware.Cookie.Specificclick
    :mozilla.24:C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\ujdoam5u.default\cookies.txt -> Spyware.Cookie.Specificclick
    :mozilla.25:C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\ujdoam5u.default\cookies.txt -> Spyware.Cookie.Specificclick
    :mozilla.30:C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\ujdoam5u.default\cookies.txt -> Spyware.Cookie.Mediaplex
    :mozilla.32:C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\ujdoam5u.default\cookies.txt -> Spyware.Cookie.Netshelter
    :mozilla.33:C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\ujdoam5u.default\cookies.txt -> Spyware.Cookie.Netshelter
    :mozilla.34:C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\ujdoam5u.default\cookies.txt -> Spyware.Cookie.Adtech
    :mozilla.35:C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\ujdoam5u.default\cookies.txt -> Spyware.Cookie.Adtech
    :mozilla.40:C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\ujdoam5u.default\cookies.txt -> Spyware.Cookie.Questionmarket
    :mozilla.48:C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\ujdoam5u.default\cookies.txt -> Spyware.Cookie.Doubleclick
    :mozilla.49:C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\ujdoam5u.default\cookies.txt -> Spyware.Cookie.Adrevolver
    :mozilla.50:C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\ujdoam5u.default\cookies.txt -> Spyware.Cookie.Adrevolver
    :mozilla.51:C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\ujdoam5u.default\cookies.txt -> Spyware.Cookie.Adrevolver
    :mozilla.52:C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\ujdoam5u.default\cookies.txt -> Spyware.Cookie.Adrevolver
    :mozilla.53:C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\ujdoam5u.default\cookies.txt -> Spyware.Cookie.Adrevolver
    :mozilla.54:C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\ujdoam5u.default\cookies.txt -> Spyware.Cookie.Adrevolver
    :mozilla.55:C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\ujdoam5u.default\cookies.txt -> Spyware.Cookie.Adserver
    :mozilla.56:C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\ujdoam5u.default\cookies.txt -> Spyware.Cookie.Fastclick
    :mozilla.57:C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\ujdoam5u.default\cookies.txt -> Spyware.Cookie.Fastclick
    :mozilla.58:C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\ujdoam5u.default\cookies.txt -> Spyware.Cookie.Fastclick
    :mozilla.59:C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\ujdoam5u.default\cookies.txt -> Spyware.Cookie.Adserver
    :mozilla.60:C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\ujdoam5u.default\cookies.txt -> Spyware.Cookie.Adserver
    :mozilla.61:C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\ujdoam5u.default\cookies.txt -> Spyware.Cookie.Adserver
    :mozilla.62:C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\ujdoam5u.default\cookies.txt -> Spyware.Cookie.Partner2profit
    :mozilla.73:C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\ujdoam5u.default\cookies.txt -> Spyware.Cookie.Serving-sys
    :mozilla.74:C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\ujdoam5u.default\cookies.txt -> Spyware.Cookie.Serving-sys
    :mozilla.77:C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\ujdoam5u.default\cookies.txt -> Spyware.Cookie.Serving-sys
    :mozilla.84:C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\ujdoam5u.default\cookies.txt -> Spyware.Cookie.Serving-sys
    :mozilla.100:C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\ujdoam5u.default\cookies.txt -> Spyware.Cookie.Overture
    :mozilla.101:C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\ujdoam5u.default\cookies.txt -> Spyware.Cookie.Myaffiliateprogram
    :mozilla.102:C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\ujdoam5u.default\cookies.txt -> Spyware.Cookie.Myaffiliateprogram
    :mozilla.123:C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\ujdoam5u.default\cookies.txt -> Spyware.Cookie.Timeinc
    :mozilla.128:C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\ujdoam5u.default\cookies.txt -> Spyware.Cookie.Tribalfusion
    :mozilla.129:C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\ujdoam5u.default\cookies.txt -> Spyware.Cookie.Tribalfusion
    :mozilla.130:C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\ujdoam5u.default\cookies.txt -> Spyware.Cookie.Tribalfusion
    :mozilla.131:C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\ujdoam5u.default\cookies.txt -> Spyware.Cookie.Tribalfusion
    :mozilla.132:C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\ujdoam5u.default\cookies.txt -> Spyware.Cookie.Googleadservices
    :mozilla.133:C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\ujdoam5u.default\cookies.txt -> Spyware.Cookie.Com
    :mozilla.134:C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\ujdoam5u.default\cookies.txt -> Spyware.Cookie.Com
    :mozilla.136:C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\ujdoam5u.default\cookies.txt -> Spyware.Cookie.Wwwdownload
    :mozilla.137:C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\ujdoam5u.default\cookies.txt -> Spyware.Cookie.Webshots
    :mozilla.150:C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\ujdoam5u.default\cookies.txt -> Spyware.Cookie.Miniclip
    :mozilla.151:C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\ujdoam5u.default\cookies.txt -> Spyware.Cookie.Miniclip
    :mozilla.152:C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\ujdoam5u.default\cookies.txt -> Spyware.Cookie.Advertising
    :mozilla.153:C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\ujdoam5u.default\cookies.txt -> Spyware.Cookie.Advertising
    :mozilla.154:C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\ujdoam5u.default\cookies.txt -> Spyware.Cookie.Advertising
    :mozilla.155:C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\ujdoam5u.default\cookies.txt -> Spyware.Cookie.Advertising
    :mozilla.156:C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\ujdoam5u.default\cookies.txt -> Spyware.Cookie.Advertising
    :mozilla.157:C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\ujdoam5u.default\cookies.txt -> Spyware.Cookie.Advertising
    :mozilla.158:C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\ujdoam5u.default\cookies.txt -> Spyware.Cookie.Advertising
    :mozilla.159:C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\ujdoam5u.default\cookies.txt -> Spyware.Cookie.Advertising
    :mozilla.160:C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\ujdoam5u.default\cookies.txt -> Spyware.Cookie.Advertising
    :mozilla.161:C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\ujdoam5u.default\cookies.txt -> Spyware.Cookie.Advertising
    :mozilla.162:C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\ujdoam5u.default\cookies.txt -> Spyware.Cookie.Advertising
    :mozilla.163:C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\ujdoam5u.default\cookies.txt -> Spyware.Cookie.Advertising
    :mozilla.164:C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\ujdoam5u.default\cookies.txt -> Spyware.Cookie.Advertising
    :mozilla.165:C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\ujdoam5u.default\cookies.txt -> Spyware.Cookie.Advertising
    :mozilla.166:C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\ujdoam5u.default\cookies.txt -> Spyware.Cookie.Advertising
    :mozilla.167:C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\ujdoam5u.default\cookies.txt -> Spyware.Cookie.Advertising
    :mozilla.168:C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\ujdoam5u.default\cookies.txt -> Spyware.Cookie.Advertising
    :mozilla.169:C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\ujdoam5u.default\cookies.txt -> Spyware.Cookie.Advertising
    :mozilla.170:C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\ujdoam5u.default\cookies.txt -> Spyware.Cookie.Advertising
    :mozilla.171:C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\ujdoam5u.default\cookies.txt -> Spyware.Cookie.Advertising
    :mozilla.172:C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\ujdoam5u.default\cookies.txt -> Spyware.Cookie.Advertising
    :mozilla.173:C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\ujdoam5u.default\cookies.txt -> Spyware.Cookie.Advertising
    :mozilla.174:C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\ujdoam5u.default\cookies.txt -> Spyware.Cookie.Advertising
    :mozilla.175:C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\ujdoam5u.default\cookies.txt -> Spyware.Cookie.Advertising
    :mozilla.176:C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\ujdoam5u.default\cookies.txt -> Spyware.Cookie.Advertising
    :mozilla.177:C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\ujdoam5u.default\cookies.txt -> Spyware.Cookie.Advertising
    :mozilla.178:C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\ujdoam5u.default\cookies.txt -> Spyware.Cookie.Advertising
    :mozilla.179:C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\ujdoam5u.default\cookies.txt -> Spyware.Cookie.Advertising
    :mozilla.180:C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\ujdoam5u.default\cookies.txt -> Spyware.Cookie.Advertising
    :mozilla.181:C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\ujdoam5u.default\cookies.txt -> Spyware.Cookie.Advertising
    :mozilla.182:C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\ujdoam5u.default\cookies.txt -> Spyware.Cookie.Advertising
    :mozilla.183:C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\ujdoam5u.default\cookies.txt -> Spyware.Cookie.Advertising
    :mozilla.184:C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\ujdoam5u.default\cookies.txt -> Spyware.Cookie.Advertising
    :mozilla.185:C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\ujdoam5u.default\cookies.txt -> Spyware.Cookie.Advertising
    :mozilla.186:C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\ujdoam5u.default\cookies.txt -> Spyware.Cookie.Advertising
    :mozilla.187:C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\ujdoam5u.default\cookies.txt -> Spyware.Cookie.Advertising
    :mozilla.188:C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\ujdoam5u.default\cookies.txt -> Spyware.Cookie.Advertising
    :mozilla.189:C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\ujdoam5u.default\cookies.txt -> Spyware.Cookie.Advertising
    :mozilla.190:C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\ujdoam5u.default\cookies.txt -> Spyware.Cookie.Advertising
    :mozilla.191:C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\ujdoam5u.default\cookies.txt -> Spyware.Cookie.Advertising
    :mozilla.192:C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\ujdoam5u.default\cookies.txt -> Spyware.Cookie.Advertising
    :mozilla.199:C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\ujdoam5u.default\cookies.txt -> Spyware.Cookie.Zedo
    :mozilla.200:C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\ujdoam5u.default\cookies.txt -> Spyware.Cookie.Zedo
    :mozilla.201:C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\ujdoam5u.default\cookies.txt -> Spyware.Cookie.Zedo
    :mozilla.217:C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\ujdoam5u.default\cookies.txt -> Spyware.Cookie.Targetgraph
    :mozilla.218:C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\ujdoam5u.default\cookies.txt -> Spyware.Cookie.Targetgraph
    :mozilla.219:C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\ujdoam5u.default\cookies.txt -> Spyware.Cookie.Targetgraph
    :mozilla.221:C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\ujdoam5u.default\cookies.txt -> Spyware.Cookie.2o7
    :mozilla.225:C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\ujdoam5u.default\cookies.txt -> Spyware.Cookie.Abum
    :mozilla.226:C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\ujdoam5u.default\cookies.txt -> Spyware.Cookie.Abum
    :mozilla.227:C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\ujdoam5u.default\cookies.txt -> Spyware.Cookie.Adknowledge
    :mozilla.228:C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\ujdoam5u.default\cookies.txt -> Spyware.Cookie.Casalemedia
    :mozilla.229:C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\ujdoam5u.default\cookies.txt -> Spyware.Cookie.Casalemedia
    :mozilla.230:C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\ujdoam5u.default\cookies.txt -> Spyware.Cookie.Casalemedia
    :mozilla.231:C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\ujdoam5u.default\cookies.txt -> Spyware.Cookie.Casalemedia
    :mozilla.232:C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\ujdoam5u.default\cookies.txt -> Spyware.Cookie.Casalemedia
    :mozilla.240:C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\ujdoam5u.default\cookies.txt -> Spyware.Cookie.Adlegend
    :mozilla.241:C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\ujdoam5u.default\cookies.txt -> Spyware.Cookie.Hitbox
    :mozilla.243:C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\ujdoam5u.default\cookies.txt -> Spyware.Cookie.Hitbox
    :mozilla.244:C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\ujdoam5u.default\cookies.txt -> Spyware.Cookie.Hitbox
    :mozilla.249:C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\ujdoam5u.default\cookies.txt -> Spyware.Cookie.Belnk
    :mozilla.253:C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\ujdoam5u.default\cookies.txt -> Spyware.Cookie.Intellisrv
    :mozilla.254:C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\ujdoam5u.default\cookies.txt -> Spyware.Cookie.Intellisrv
    :mozilla.255:C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\ujdoam5u.default\cookies.txt -> Spyware.Cookie.Intellisrv
    :mozilla.256:C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\ujdoam5u.default\cookies.txt -> Spyware.Cookie.Intellisrv
    :mozilla.260:C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\ujdoam5u.default\cookies.txt -> Spyware.Cookie.Humanclick
    :mozilla.261:C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\ujdoam5u.default\cookies.txt -> Spyware.Cookie.Humanclick
    :mozilla.262:C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\ujdoam5u.default\cookies.txt -> Spyware.Cookie.Humanclick
    :mozilla.263:C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\ujdoam5u.default\cookies.txt -> Spyware.Cookie.Pointroll
    :mozilla.264:C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\ujdoam5u.default\cookies.txt -> Spyware.Cookie.Pointroll
    :mozilla.265:C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\ujdoam5u.default\cookies.txt -> Spyware.Cookie.Pointroll
    :mozilla.266:C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\ujdoam5u.default\cookies.txt -> Spyware.Cookie.Pointroll
    :mozilla.267:C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\ujdoam5u.default\cookies.txt -> Spyware.Cookie.Webtrendslive
    :mozilla.268:C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\ujdoam5u.default\cookies.txt -> Spyware.Cookie.Webtrendslive
    :mozilla.269:C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\ujdoam5u.default\cookies.txt -> Spyware.Cookie.Hitslink
    :mozilla.270:C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\ujdoam5u.default\cookies.txt -> Spyware.Cookie.Hitslink
    :mozilla.271:C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\ujdoam5u.default\cookies.txt -> Spyware.Cookie.Hitslink
    :mozilla.272:C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\ujdoam5u.default\cookies.txt -> Spyware.Cookie.Hitslink
    :mozilla.288:C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\ujdoam5u.default\cookies.txt -> Spyware.Cookie.Imrworldwide
    :mozilla.290:C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\ujdoam5u.default\cookies.txt -> Spyware.Cookie.Imrworldwide
    :mozilla.304:C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\ujdoam5u.default\cookies.txt -> Spyware.Cookie.Coremetrics
    :mozilla.327:C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\ujdoam5u.default\cookies.txt -> Spyware.Cookie.Webstat
    :mozilla.328:C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\ujdoam5u.default\cookies.txt -> Spyware.Cookie.Webstat
    :mozilla.332:C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\ujdoam5u.default\cookies.txt -> Spyware.Cookie.Bravenet
    :mozilla.333:C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\ujdoam5u.default\cookies.txt -> Spyware.Cookie.Bravenet
    :mozilla.349:C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\ujdoam5u.default\cookies.txt -> Spyware.Cookie.Maxserving
    :mozilla.351:C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\ujdoam5u.default\cookies.txt -> Spyware.Cookie.Hitbox
    :mozilla.353:C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\ujdoam5u.default\cookies.txt -> Spyware.Cookie.Trafficmp
    :mozilla.354:C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\ujdoam5u.default\cookies.txt -> Spyware.Cookie.Trafficmp
    :mozilla.355:C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\ujdoam5u.default\cookies.txt -> Spyware.Cookie.Trafficmp
    :mozilla.356:C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\ujdoam5u.default\cookies.txt -> Spyware.Cookie.Trafficmp
    :mozilla.357:C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\ujdoam5u.default\cookies.txt -> Spyware.Cookie.Valueclick
    :mozilla.358:C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\ujdoam5u.default\cookies.txt -> Spyware.Cookie.Realtechnetwork
    :mozilla.359:C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\ujdoam5u.default\cookies.txt -> Spyware.Cookie.Valueclick
    :mozilla.360:C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\ujdoam5u.default\cookies.txt -> Spyware.Cookie.Realmedia
    :mozilla.361:C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\ujdoam5u.default\cookies.txt -> Spyware.Cookie.Realmedia
    :mozilla.362:C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\ujdoam5u.default\cookies.txt -> Spyware.Cookie.Realmedia
    :mozilla.363:C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\ujdoam5u.default\cookies.txt -> Spyware.Cookie.Tmcs
    :mozilla.379:C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\ujdoam5u.default\cookies.txt -> Spyware.Cookie.Hitbox
    :mozilla.385:C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\ujdoam5u.default\cookies.txt -> Spyware.Cookie.Centrport
    :mozilla.386:C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\ujdoam5u.default\cookies.txt -> Spyware.Cookie.Ru4
    :mozilla.387:C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\ujdoam5u.default\cookies.txt -> Spyware.Cookie.Ru4
    :mozilla.390:C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\ujdoam5u.default\cookies.txt -> Spyware.Cookie.Element5
    :mozilla.391:C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\ujdoam5u.default\cookies.txt -> Spyware.Cookie.Wwwdownload
    C:\Documents and Settings\Bryan\Cookies\bryan@888[1].txt -> Spyware.Cookie.888.com
    C:\Documents and Settings\Bryan\Cookies\bryan@abetterinternet[2].txt -> Spyware.Cookie.Abetterinternet
    C:\Documents and Settings\Bryan\Cookies\bryan@aimtoday.aol[1].txt -> Spyware.Cookie.Aol
    C:\Documents and Settings\Bryan\Cookies\bryan@btg.btgrab[1].txt -> Spyware.Cookie.Btgrab
    C:\Documents and Settings\Bryan\Cookies\bryan@cliks[1].txt -> Spyware.Cookie.Cliks
    C:\Documents and Settings\Bryan\Cookies\bryan@doubleclick[1].txt -> Spyware.Cookie.Doubleclick
    C:\Documents and Settings\Bryan\Cookies\bryan@emarketmakers[1].txt -> Spyware.Cookie.Emarketmakers
    C:\Documents and Settings\Bryan\Cookies\bryan@linksynergy[2].txt -> Spyware.Cookie.Linksynergy
    C:\Documents and Settings\Bryan\Cookies\bryan@myway[2].txt -> Spyware.Cookie.Myway
    C:\Documents and Settings\Bryan\Cookies\bryan@netflix[2].txt -> Spyware.Cookie.Netflix
    C:\Documents and Settings\Bryan\Cookies\bryan@offeroptimizer[1].txt -> Spyware.Cookie.Offeroptimizer
    C:\Documents and Settings\Bryan\Cookies\bryan@www.azoogleads[2].txt -> Spyware.Cookie.Azoogleads
    C:\Documents and Settings\Bryan\Cookies\bryan@www.everyfreegift[2].txt -> Spyware.Cookie.Everyfreegift
    :mozilla.9:C:\Documents and Settings\Shamai\Application Data\Mozilla\Firefox\Profiles\unpvm2y6.default\cookies.txt -> Spyware.Cookie.Atdmt
    :mozilla.26:C:\Documents and Settings\Shamai\Application Data\Mozilla\Firefox\Profiles\unpvm2y6.default\cookies.txt -> Spyware.Cookie.Serving-sys
    :mozilla.27:C:\Documents and Settings\Shamai\Application Data\Mozilla\Firefox\Profiles\unpvm2y6.default\cookies.txt -> Spyware.Cookie.Serving-sys
    :mozilla.28:C:\Documents and Settings\Shamai\Application Data\Mozilla\Firefox\Profiles\unpvm2y6.default\cookies.txt -> Spyware.Cookie.Serving-sys
    :mozilla.29:C:\Documents and Settings\Shamai\Application Data\Mozilla\Firefox\Profiles\unpvm2y6.default\cookies.txt -> Spyware.Cookie.Serving-sys
    :mozilla.30:C:\Documents and Settings\Shamai\Application Data\Mozilla\Firefox\Profiles\unpvm2y6.default\cookies.txt -> Spyware.Cookie.Serving-sys
    :mozilla.31:C:\Documents and Settings\Shamai\Application Data\Mozilla\Firefox\Profiles\unpvm2y6.default\cookies.txt -> Spyware.Cookie.Netflix
    :mozilla.32:C:\Documents and Settings\Shamai\Application Data\Mozilla\Firefox\Profiles\unpvm2y6.default\cookies.txt -> Spyware.Cookie.Netflix
    :mozilla.33:C:\Documents and Settings\Shamai\Application Data\Mozilla\Firefox\Profiles\unpvm2y6.default\cookies.txt -> Spyware.Cookie.Netflix
    :mozilla.34:C:\Documents and Settings\Shamai\Application Data\Mozilla\Firefox\Profiles\unpvm2y6.default\cookies.txt -> Spyware.Cookie.Netflix
    :mozilla.35:C:\Documents and Settings\Shamai\Application Data\Mozilla\Firefox\Profiles\unpvm2y6.default\cookies.txt -> Spyware.Cookie.Netflix
    :mozilla.36:C:\Documents and Settings\Shamai\Application Data\Mozilla\Firefox\Profiles\unpvm2y6.default\cookies.txt -> Spyware.Cookie.Netflix
    :mozilla.37:C:\Documents and Settings\Shamai\Application Data\Mozilla\Firefox\Profiles\unpvm2y6.default\cookies.txt -> Spyware.Cookie.Netflix
    :mozilla.38:C:\Documents and Settings\Shamai\Application Data\Mozilla\Firefox\Profiles\unpvm2y6.default\cookies.txt -> Spyware.Cookie.Netflix
    :mozilla.39:C:\Documents and Settings\Shamai\Application Data\Mozilla\Firefox\Profiles\unpvm2y6.default\cookies.txt -> Spyware.Cookie.Netflix
    :mozilla.40:C:\Documents and Settings\Shamai\Application Data\Mozilla\Firefox\Profiles\unpvm2y6.default\cookies.txt -> Spyware.Cookie.Doubleclick
    :mozilla.57:C:\Documents and Settings\Shamai\Application Data\Mozilla\Firefox\Profiles\unpvm2y6.default\cookies.txt -> Spyware.Cookie.Questionmarket
    :mozilla.58:C:\Documents and Settings\Shamai\Application Data\Mozilla\Firefox\Profiles\unpvm2y6.default\cookies.txt -> Spyware.Cookie.Mediaplex
    :mozilla.59:C:\Documents and Settings\Shamai\Application Data\Mozilla\Firefox\Profiles\unpvm2y6.default\cookies.txt -> Spyware.Cookie.Valueclick
    :mozilla.60:C:\Documents and Settings\Shamai\Application Data\Mozilla\Firefox\Profiles\unpvm2y6.default\cookies.txt -> Spyware.Cookie.Valueclick
    :mozilla.64:C:\Documents and Settings\Shamai\Application Data\Mozilla\Firefox\Profiles\unpvm2y6.default\cookies.txt -> Spyware.Cookie.Bluestreak
    :mozilla.66:C:\Documents and Settings\Shamai\Application Data\Mozilla\Firefox\Profiles\unpvm2y6.default\cookies.txt -> Spyware.Cookie.Centrport
    :mozilla.67:C:\Documents and Settings\Shamai\Application Data\Mozilla\Firefox\Profiles\unpvm2y6.default\cookies.txt -> Spyware.Cookie.Centrport
    :mozilla.75:C:\Documents and Settings\Shamai\Application Data\Mozilla\Firefox\Profiles\unpvm2y6.default\cookies.txt -> Spyware.Cookie.Advertising
    :mozilla.76:C:\Documents and Settings\Shamai\Application Data\Mozilla\Firefox\Profiles\unpvm2y6.default\cookies.txt -> Spyware.Cookie.Advertising
    :mozilla.77:C:\Documents and Settings\Shamai\Application Data\Mozilla\Firefox\Profiles\unpvm2y6.default\cookies.txt -> Spyware.Cookie.Advertising
    :mozilla.78:C:\Documents and Settings\Shamai\Application Data\Mozilla\Firefox\Profiles\unpvm2y6.default\cookies.txt -> Spyware.Cookie.Advertising
    :mozilla.79:C:\Documents and Settings\Shamai\Application Data\Mozilla\Firefox\Profiles\unpvm2y6.default\cookies.txt -> Spyware.Cookie.Advertising
    :mozilla.80:C:\Documents and Settings\Shamai\Application Data\Mozilla\Firefox\Profiles\unpvm2y6.default\cookies.txt -> Spyware.Cookie.Advertising
    :mozilla.82:C:\Documents and Settings\Shamai\Application Data\Mozilla\Firefox\Profiles\unpvm2y6.default\cookies.txt -> Spyware.Cookie.Advertising
    :mozilla.83:C:\Documents and Settings\Shamai\Application Data\Mozilla\Firefox\Profiles\unpvm2y6.default\cookies.txt -> Spyware.Cookie.Advertising
    :mozilla.84:C:\Documents and Settings\Shamai\Application Data\Mozilla\Firefox\Profiles\unpvm2y6.default\cookies.txt -> Spyware.Cookie.Advertising
    :mozilla.85:C:\Documents and Settings\Shamai\Application Data\Mozilla\Firefox\Profiles\unpvm2y6.default\cookies.txt -> Spyware.Cookie.Advertising
    :mozilla.86:C:\Documents and Settings\Shamai\Application Data\Mozilla\Firefox\Profiles\unpvm2y6.default\cookies.txt -> Spyware.Cookie.Advertising
    :mozilla.87:C:\Documents and Settings\Shamai\Application Data\Mozilla\Firefox\Profiles\unpvm2y6.default\cookies.txt -> Spyware.Cookie.Advertising
    :mozilla.88:C:\Documents and Settings\Shamai\Application Data\Mozilla\Firefox\Profiles\unpvm2y6.default\cookies.txt -> Spyware.Cookie.Advertising
    :mozilla.89:C:\Documents and Settings\Shamai\Application Data\Mozilla\Firefox\Profiles\unpvm2y6.default\cookies.txt -> Spyware.Cookie.Advertising
    :mozilla.90:C:\Documents and Settings\Shamai\Application Data\Mozilla\Firefox\Profiles\unpvm2y6.default\cookies.txt -> Spyware.Cookie.Advertising
    :mozilla.91:C:\Documents and Settings\Shamai\Application Data\Mozilla\Firefox\Profiles\unpvm2y6.default\cookies.txt -> Spyware.Cookie.Advertising
    :mozilla.92:C:\Documents and Settings\Shamai\Application Data\Mozilla\Firefox\Profiles\unpvm2y6.default\cookies.txt -> Spyware.Cookie.Advertising
    :mozilla.93:C:\Documents and Settings\Shamai\Application Data\Mozilla\Firefox\Profiles\unpvm2y6.default\cookies.txt -> Spyware.Cookie.Advertising
    :mozilla.94:C:\Documents and Settings\Shamai\Application Data\Mozilla\Firefox\Profiles\unpvm2y6.default\cookies.txt -> Spyware.Cookie.Advertising
    :mozilla.95:C:\Documents and Settings\Shamai\Application Data\Mozilla\Firefox\Profiles\unpvm2y6.default\cookies.txt -> Spyware.Cookie.Advertising
    :mozilla.96:C:\Documents and Settings\Shamai\Application Data\Mozilla\Firefox\Profiles\unpvm2y6.default\cookies.txt -> Spyware.Cookie.Advertising
    :mozilla.97:C:\Documents and Settings\Shamai\Application Data\Mozilla\Firefox\Profiles\unpvm2y6.default\cookies.txt -> Spyware.Cookie.Advertising
    :mozilla.99:C:\Documents and Settings\Shamai\Application Data\Mozilla\Firefox\Profiles\unpvm2y6.default\cookies.txt -> Spyware.Cookie.Advertising
    :mozilla.100:C:\Documents and Settings\Shamai\Application Data\Mozilla\Firefox\Profiles\unpvm2y6.default\cookies.txt -> Spyware.Cookie.Advertising
    :mozilla.101:C:\Documents and Settings\Shamai\Application Data\Mozilla\Firefox\Profiles\unpvm2y6.default\cookies.txt -> Spyware.Cookie.Advertising
    :mozilla.102:C:\Documents and Settings\Shamai\Application Data\Mozilla\Firefox\Profiles\unpvm2y6.default\cookies.txt -> Spyware.Cookie.Advertising
    :mozilla.103:C:\Documents and Settings\Shamai\Application Data\Mozilla\Firefox\Profiles\unpvm2y6.default\cookies.txt -> Spyware.Cookie.Advertising
    :mozilla.107:C:\Documents and Settings\Shamai\Application Data\Mozilla\Firefox\Profiles\unpvm2y6.default\cookies.txt -> Spyware.Cookie.Imrworldwide
    :mozilla.108:C:\Documents and Settings\Shamai\Application Data\Mozilla\Firefox\Profiles\unpvm2y6.default\cookies.txt -> Spyware.Cookie.Webtrendslive
    :mozilla.109:C:\Documents and Settings\Shamai\Application Data\Mozilla\Firefox\Profiles\unpvm2y6.default\cookies.txt -> Spyware.Cookie.Imrworldwide
    :mozilla.111:C:\Documents and Settings\Shamai\Application Data\Mozilla\Firefox\Profiles\unpvm2y6.default\cookies.txt -> Spyware.Cookie.Coremetrics
    :mozilla.117:C:\Documents and Settings\Shamai\Application Data\Mozilla\Firefox\Profiles\unpvm2y6.default\cookies.txt -> Spyware.Cookie.Apmebf
    :mozilla.118:C:\Documents and Settings\Shamai\Application Data\Mozilla\Firefox\Profiles\unpvm2y6.default\cookies.txt -> Spyware.Cookie.Qksrv
    :mozilla.119:C:\Documents and Settings\Shamai\Application Data\Mozilla\Firefox\Profiles\unpvm2y6.default\cookies.txt -> Spyware.Cookie.Qksrv
    :mozilla.120:C:\Documents and Settings\Shamai\Application Data\Mozilla\Firefox\Profiles\unpvm2y6.default\cookies.txt -> Spyware.Cookie.Apmebf
    :mozilla.121:C:\Documents and Settings\Shamai\Application Data\Mozilla\Firefox\Profiles\unpvm2y6.default\cookies.txt -> Spyware.Cookie.Addfreestats
    :mozilla.122:C:\Documents and Settings\Shamai\Application Data\Mozilla\Firefox\Profiles\unpvm2y6.default\cookies.txt -> Spyware.Cookie.Bfast
    :mozilla.124:C:\Documents and Settings\Shamai\Application Data\Mozilla\Firefox\Profiles\unpvm2y6.default\cookies.txt -> Spyware.Cookie.Hitbox
    :mozilla.125:C:\Documents and Settings\Shamai\Application Data\Mozilla\Firefox\Profiles\unpvm2y6.default\cookies.txt -> Spyware.Cookie.Overture
    :mozilla.126:C:\Documents and Settings\Shamai\Application Data\Mozilla\Firefox\Profiles\unpvm2y6.default\cookies.txt -> Spyware.Cookie.Overture
    :mozilla.127:C:\Documents and Settings\Shamai\Application Data\Mozilla\Firefox\Profiles\unpvm2y6.default\cookies.txt -> Spyware.Cookie.Bizrate
    :mozilla.128:C:\Documents and Settings\Shamai\Application Data\Mozilla\Firefox\Profiles\unpvm2y6.default\cookies.txt -> Spyware.Cookie.Hitbox
    :mozilla.129:C:\Documents and Settings\Shamai\Application Data\Mozilla\Firefox\Profiles\unpvm2y6.default\cookies.txt -> Spyware.Cookie.Hitbox
    :mozilla.130:C:\Documents and Settings\Shamai\Application Data\Mozilla\Firefox\Profiles\unpvm2y6.default\cookies.txt -> Spyware.Cookie.Bizrate
    :mozilla.135:C:\Documents and Settings\Shamai\Application Data\Mozilla\Firefox\Profiles\unpvm2y6.default\cookies.txt -> Spyware.Cookie.Bizrate
    :mozilla.136:C:\Documents and Settings\Shamai\Application Data\Mozilla\Firefox\Profiles\unpvm2y6.default\cookies.txt -> Spyware.Cookie.Bizrate
    :mozilla.145:C:\Documents and Settings\Shamai\Application Data\Mozilla\Firefox\Profiles\unpvm2y6.default\cookies.txt -> Spyware.Cookie.2o7
    :mozilla.146:C:\Documents and Settings\Shamai\Application Data\Mozilla\Firefox\Profiles\unpvm2y6.default\cookies.txt -> Spyware.Cookie.2o7
    :mozilla.147:C:\Documents and Settings\Shamai\Application Data\Mozilla\Firefox\Profiles\unpvm2y6.default\cookies.txt -> Spyware.Cookie.2o7
    :mozilla.156:C:\Documents and Settings\Shamai\Application Data\Mozilla\Firefox\Profiles\unpvm2y6.default\cookies.txt -> Spyware.Cookie.Abum
    :mozilla.157:C:\Documents and Settings\Shamai\Application Data\Mozilla\Firefox\Profiles\unpvm2y6.default\cookies.txt -> Spyware.Cookie.Adknowledge
    :mozilla.158:C:\Documents and Settings\Shamai\Application Data\Mozilla\Firefox\Profiles\unpvm2y6.default\cookies.txt -> Spyware.Cookie.Abum
    :mozilla.159:C:\Documents and Settings\Shamai\Application Data\Mozilla\Firefox\Profiles\unpvm2y6.default\cookies.txt -> Spyware.Cookie.Fastclick
    :mozilla.160:C:\Documents and Settings\Shamai\Application Data\Mozilla\Firefox\Profiles\unpvm2y6.default\cookies.txt -> Spyware.Cookie.Casalemedia
    :mozilla.161:C:\Documents and Settings\Shamai\Application Data\Mozilla\Firefox\Profiles\unpvm2y6.default\cookies.txt -> Spyware.Cookie.Casalemedia
    :mozilla.162:C:\Documents and Settings\Shamai\Application Data\Mozilla\Firefox\Profiles\unpvm2y6.default\cookies.txt -> Spyware.Cookie.Casalemedia
    :mozilla.173:C:\Documents and Settings\Shamai\Application Data\Mozilla\Firefox\Profiles\unpvm2y6.default\cookies.txt -> Spyware.Cookie.Trafficmp
    :mozilla.174:C:\Documents and Settings\Shamai\Application Data\Mozilla\Firefox\Profiles\unpvm2y6.default\cookies.txt -> Spyware.Cookie.Trafficmp
    :mozilla.175:C:\Documents and Settings\Shamai\Application Data\Mozilla\Firefox\Profiles\unpvm2y6.default\cookies.txt -> Spyware.Cookie.Trafficmp
    :mozilla.176:C:\Documents and Settings\Shamai\Application Data\Mozilla\Firefox\Profiles\unpvm2y6.default\cookies.txt -> Spyware.Cookie.Trafficmp
    :mozilla.177:C:\Documents and Settings\Shamai\Application Data\Mozilla\Firefox\Profiles\unpvm2y6.default\cookies.txt -> Spyware.Cookie.Trafficmp
    :mozilla.178:C:\Documents and Settings\Shamai\Application Data\Mozilla\Firefox\Profiles\unpvm2y6.default\cookies.txt -> Spyware.Cookie.Zedo
    :mozilla.179:C:\Documents and Settings\Shamai\Application Data\Mozilla\Firefox\Profiles\unpvm2y6.default\cookies.txt -> Spyware.Cookie.Zedo
    :mozilla.180:C:\Documents and Settings\Shamai\Application Data\Mozilla\Firefox\Profiles\unpvm2y6.default\cookies.txt -> Spyware.Cookie.Zedo
    :mozilla.181:C:\Documents and Settings\Shamai\Application Data\Mozilla\Firefox\Profiles\unpvm2y6.default\cookies.txt -> Spyware.Cookie.About
    :mozilla.183:C:\Documents and Settings\Shamai\Application Data\Mozilla\Firefox\Profiles\unpvm2y6.default\cookies.txt -> Spyware.Cookie.About
    :mozilla.184:C:\Documents and Settings\Shamai\Application Data\Mozilla\Firefox\Profiles\unpvm2y6.default\cookies.txt -> Spyware.Cookie.About
    :mozilla.185:C:\Documents and Settings\Shamai\Application Data\Mozilla\Firefox\Profiles\unpvm2y6.default\cookies.txt -> Spyware.Cookie.About
    :mozilla.186:C:\Documents and Settings\Shamai\Application Data\Mozilla\Firefox\Profiles\unpvm2y6.default\cookies.txt -> Spyware.Cookie.About
    :mozilla.191:C:\Documents and Settings\Shamai\Application Data\Mozilla\Firefox\Profiles\unpvm2y6.default\cookies.txt -> Spyware.Cookie.Specificclick
    :mozilla.192:C:\Documents and Settings\Shamai\Application Data\Mozilla\Firefox\Profiles\unpvm2y6.default\cookies.txt -> Spyware.Cookie.Specificclick
    :mozilla.193:C:\Documents and Settings\Shamai\Application Data\Mozilla\Firefox\Profiles\unpvm2y6.default\cookies.txt -> Spyware.Cookie.Wwwbettycrocker
    :mozilla.197:C:\Documents and Settings\Shamai\Application Data\Mozilla\Firefox\Profiles\unpvm2y6.default\cookies.txt -> Spyware.Cookie.Checkm8
    :mozilla.198:C:\Documents and Settings\Shamai\Application Data\Mozilla\Firefox\Profiles\unpvm2y6.default\cookies.txt -> Spyware.Cookie.Checkm8
    :mozilla.199:C:\Documents and Settings\Shamai\Application Data\Mozilla\Firefox\Profiles\unpvm2y6.default\cookies.txt -> Spyware.Cookie.Checkm8
    :mozilla.200:C:\Documents and Settings\Shamai\Application Data\Mozilla\Firefox\Profiles\unpvm2y6.default\cookies.txt -> Spyware.Cookie.Checkm8
    :mozilla.204:C:\Documents and Settings\Shamai\Application Data\Mozilla\Firefox\Profiles\unpvm2y6.default\cookies.txt -> Spyware.Cookie.Ru4
    :mozilla.206:C:\Documents and Settings\Shamai\Application Data\Mozilla\Firefox\Profiles\unpvm2y6.default\cookies.txt -> Spyware.Cookie.Pointroll
    :mozilla.207:C:\Documents and Settings\Shamai\Application Data\Mozilla\Firefox\Profiles\unpvm2y6.default\cookies.txt -> Spyware.Cookie.Pointroll
    :mozilla.208:C:\Documents and Settings\Shamai\Application Data\Mozilla\Firefox\Profiles\unpvm2y6.default\cookies.txt -> Spyware.Cookie.Pointroll
    :mozilla.209:C:\Documents and Settings\Shamai\Application Data\Mozilla\Firefox\Profiles\unpvm2y6.default\cookies.txt -> Spyware.Cookie.Pointroll
    :mozilla.210:C:\Documents and Settings\Shamai\Application Data\Mozilla\Firefox\Profiles\unpvm2y6.default\cookies.txt -> Spyware.Cookie.Pointroll
    :mozilla.12:C:\Documents and Settings\Shamai\Application Data\Mozilla\Profiles\default\rll6lq4o.slt\cookies.txt -> Spyware.Cookie.Questionmarket
    C:\Documents and Settings\Shamai\Cookies\shamai@888[2].txt -> Spyware.Cookie.888.com
    C:\Documents and Settings\Shamai\Cookies\shamai@a.websponsors[1].txt -> Spyware.Cookie.Websponsors
    C:\Documents and Settings\Shamai\Cookies\shamai@aavalue[1].txt -> Spyware.Cookie.Aavalue
    C:\Documents and Settings\Shamai\Cookies\shamai@abetterinternet[2].txt -> Spyware.Cookie.Abetterinternet
    C:\Documents and Settings\Shamai\Cookies\shamai@adknowledge[2].txt -> Spyware.Cookie.Adknowledge
    C:\Documents and Settings\Shamai\Cookies\shamai@adultfriendfinder[1].txt -> Spyware.Cookie.Adult-friend-finder
    C:\Documents and Settings\Shamai\Cookies\shamai@aimtoday.aol[1].txt -> Spyware.Cookie.Aol
    C:\Documents and Settings\Shamai\Cookies\shamai@atdmt[2].txt -> Spyware.Cookie.Atdmt
    C:\Documents and Settings\Shamai\Cookies\shamai@azjmp[1].txt -> Spyware.Cookie.Azjmp
    C:\Documents and Settings\Shamai\Cookies\shamai@bigchurch[2].txt -> Spyware.Cookie.Bigchurch
    C:\Documents and Settings\Shamai\Cookies\shamai@btg.btgrab[1].txt -> Spyware.Cookie.Btgrab
    C:\Documents and Settings\Shamai\Cookies\shamai@chtah[1].txt -> Spyware.Cookie.Chtah
    C:\Documents and Settings\Shamai\Cookies\shamai@cliks[2].txt -> Spyware.Cookie.Cliks
    C:\Documents and Settings\Shamai\Cookies\shamai@creativeby.viewpoint[1].txt -> Spyware.Cookie.Viewpoint
    C:\Documents and Settings\Shamai\Cookies\shamai@desktop.kazaa[1].txt -> Spyware.Cookie.Kazaa
    C:\Documents and Settings\Shamai\Cookies\shamai@dist.belnk[2].txt -> Spyware.Cookie.Belnk
    C:\Documents and Settings\Shamai\Cookies\shamai@dr.webservicehosts[1].txt -> Spyware.Cookie.Webservicehosts
    C:\Documents and Settings\Shamai\Cookies\shamai@e.rn11[1].txt -> Spyware.Cookie.Rn11
    C:\Documents and Settings\Shamai\Cookies\shamai@emarketmakers[2].txt -> Spyware.Cookie.Emarketmakers
    C:\Documents and Settings\Shamai\Cookies\shamai@eztracks.aavalue[2].txt -> Spyware.Cookie.Aavalue
    C:\Documents and Settings\Shamai\Cookies\shamai@hoylegames.sierra[1].txt -> Spyware.Cookie.Sierra
    C:\Documents and Settings\Shamai\Cookies\shamai@kazaa[1].txt -> Spyware.Cookie.Kazaa
    C:\Documents and Settings\Shamai\Cookies\shamai@login.tracking101[2].txt -> Spyware.Cookie.Tracking101
    C:\Documents and Settings\Shamai\Cookies\shamai@mediaplex[1].txt -> Spyware.Cookie.Mediaplex
    C:\Documents and Settings\Shamai\Cookies\shamai@myway[2].txt -> Spyware.Cookie.Myway
    C:\Documents and Settings\Shamai\Cookies\shamai@mywebsearch[1].txt -> Spyware.Cookie.Mywebsearch
    C:\Documents and Settings\Shamai\Cookies\shamai@namesdatabase[2].txt -> Spyware.Cookie.Namesdatabase
    C:\Documents and Settings\Shamai\Cookies\shamai@offeroptimizer[2].txt -> Spyware.Cookie.Offeroptimizer
    C:\Documents and Settings\Shamai\Cookies\shamai@partner2profit[2].txt -> Spyware.Cookie.Partner2profit
    C:\Documents and Settings\Shamai\Cookies\shamai@pyn.pynix[2].txt -> Spyware.Cookie.Pynix
    C:\Documents and Settings\Shamai\Cookies\shamai@rightmedia[2].txt -> Spyware.Cookie.Rightmedia
    C:\Documents and Settings\Shamai\Cookies\shamai@rn11[2].txt -> Spyware.Cookie.Rn11
    C:\Documents and Settings\Shamai\Cookies\shamai@sageanalyst[1].txt -> Spyware.Cookie.Sageanalyst
    C:\Documents and Settings\Shamai\Cookies\shamai@ssa.kazaa[1].txt -> Spyware.Cookie.Kazaa
    C:\Documents and Settings\Shamai\Cookies\shamai@webservicehosts[1].txt -> Spyware.Cookie.Webservicehosts
    C:\Documents and Settings\Shamai\Cookies\shamai@www.azoogleads[2].txt -> Spyware.Cookie.Azoogleads
    C:\Documents and Settings\Shamai\Cookies\shamai@www.match[2].txt -> Spyware.Cookie.Wwwmatch
    C:\Documents and Settings\Shamai\Local Settings\Temp\p2psetup.exe -> Spyware.P2PNetworking
    C:\Documents and Settings\Shamai\Local Settings\Temp\THI2810.tmp\pynix.cab/Pynix.dll -> Spyware.BiSpy
    C:\Documents and Settings\Shamai\Local Settings\Temp\THI2810.tmp\pynix.cab/polall1p.exe -> Trojan.Agent.ay
    C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll -> Spyware.Wheaterbug
    C:\Program Files\Hewlett-Packard\Memories Disc\hpodlog.exe -> Heuristic.Win32.Hijacker1
    C:\Program Files\Microsoft Office\Office\MSOHTMED.EXE -> Heuristic.Win32.Downloader
    C:\WINDOWS\bshpejk.exe -> Spyware.BetterInternet
    C:\WINDOWS\NDNuninstall6_38.exe -> Spyware.NewDotNet
    C:\WINDOWS\vmithbmnj.exe -> Spyware.BetterInternet
    C:\WINDOWS\wupdt.exe -> TrojanDownloader.Intexp.c


::Report End

SediAK 0 Newbie Poster · Answer 3 · 2005-06-21T06:41:42+00:00

and I am still getting the popups just to let you know

SediAK 0 Newbie Poster · Answer 4 · 2005-06-21T13:54:45+00:00

Remove Newdotnet either from Add/Remove Programs, or by going to http://www.newdotnet.com/#remove and scrolling down to the Uninstall tool.

I did this and it wasnt in add/remove programs and when I go the site I dont see an uninstall tool.

For every User listed under C:\Documents and Settings, delete the entire contents of these folders (not the folders themselves):
Local Settings\Temp
Cookies
History
Local Settings\Temporary Internet Files\Content.IE5

Some of these files werent even there like History and Local Settings\Temp.

Do a search for *.tmp and delete all entries found.

I also have a bunch of .tmpl files that pop up that have to do with XFire and Norton Anti-Virus. deleting any of these wont hurt the programs?

SediAK 0 Newbie Poster · Answer 5 · 2005-06-21T14:23:21+00:00

ok did all that and here you go.....

Logfile of HijackThis v1.99.1
Scan saved at 12:22:33 AM, on 6/21/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
c:\windows\system32\coyeps.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Hijackthis\HijackThis.exe

R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_3_12_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_3_12_0.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [qisqtc] c:\windows\system32\coyeps.exe r
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: &AOL Toolbar Search - res://c:\program files\aol\aol toolbar 2.0\aoltbhtml.dll/search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: ICQ 4 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3B869A6F-B0FE-440E-96C9-D20A237B706A}: NameServer = 4.2.2.2
O17 - HKLM\System\CCS\Services\Tcpip\..\{99C2A277-40E5-4C84-9214-A21786E4CA32}: NameServer = 4.2.2.2
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

SediAK 0 Newbie Poster · Answer 6 · 2005-06-22T01:58:39+00:00

Logfile of HijackThis v1.99.1
Scan saved at 11:57:36 AM, on 6/21/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Messenger\msmsgs.exe
c:\windows\system32\uvivqm.exe
C:\WINDOWS\System32\msiexec.exe
C:\Program Files\Hijackthis\HijackThis.exe

R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_3_12_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_3_12_0.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [lvmkyfg] c:\windows\system32\uvivqm.exe r
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: &AOL Toolbar Search - res://c:\program files\aol\aol toolbar 2.0\aoltbhtml.dll/search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - [url]http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab[/url]
O17 - HKLM\System\CCS\Services\Tcpip\..\{3B869A6F-B0FE-440E-96C9-D20A237B706A}: NameServer = 4.2.2.2
O17 - HKLM\System\CCS\Services\Tcpip\..\{99C2A277-40E5-4C84-9214-A21786E4CA32}: NameServer = 4.2.2.2
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe



---------------------------------------------------------
 ewido security suite - Scan report
---------------------------------------------------------

 + Created on:          11:48:28 AM, 6/21/2005
 + Report-Checksum:     9AB6D1EA

 + Scan result:

    :mozilla.10:C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\ujdoam5u.default\cookies.txt -> Spyware.Cookie.Adjuggler
    :mozilla.15:C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\ujdoam5u.default\cookies.txt -> Spyware.Cookie.Atdmt
    :mozilla.16:C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\ujdoam5u.default\cookies.txt -> Spyware.Cookie.Myaffiliateprogram
    :mozilla.17:C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\ujdoam5u.default\cookies.txt -> Spyware.Cookie.New
    :mozilla.18:C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\ujdoam5u.default\cookies.txt -> Spyware.Cookie.Specificclick
    :mozilla.19:C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\ujdoam5u.default\cookies.txt -> Spyware.Cookie.Specificclick
    :mozilla.20:C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\ujdoam5u.default\cookies.txt -> Spyware.Cookie.Specificclick
    :mozilla.21:C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\ujdoam5u.default\cookies.txt -> Spyware.Cookie.Adserver
    :mozilla.22:C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\ujdoam5u.default\cookies.txt -> Spyware.Cookie.Adserver
    :mozilla.23:C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\ujdoam5u.default\cookies.txt -> Spyware.Cookie.Specificclick
    C:\Documents and Settings\Bryan\Cookies\bryan@abetterinternet[1].txt -> Spyware.Cookie.Abetterinternet
    C:\Documents and Settings\Bryan\Cookies\bryan@btg.btgrab[1].txt -> Spyware.Cookie.Btgrab
    C:\Documents and Settings\Bryan\Cookies\bryan@cliks[2].txt -> Spyware.Cookie.Cliks
    C:\Documents and Settings\Bryan\Cookies\bryan@offeroptimizer[1].txt -> Spyware.Cookie.Offeroptimizer
    C:\WINDOWS\bshpejk.exe -> Spyware.BetterInternet
    C:\WINDOWS\vmithbmnj.exe -> Spyware.BetterInternet


::Report End

SediAK 0 Newbie Poster · Answer 7 · 2005-06-22T12:19:26+00:00

Logfile of HijackThis v1.99.1
Scan saved at 10:25:48 PM, on 6/21/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.exe
c:\windows\system32\gjlblli.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\dllhost.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = [url]http://websearch.drsnsrch.com/sidesearch.cgi?id=[/url]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [url]http://websearch.drsnsrch.com/sidesearch.cgi?id=[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = [url]http://websearch.drsnsrch.com/sidesearch.cgi?id=[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [url]http://websearch.drsnsrch.com/sidesearch.cgi?id=[/url]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = [url]http://websearch.drsnsrch.com/sidesearch.cgi?id=[/url]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = [url]http://websearch.drsnsrch.com/sidesearch.cgi?id=[/url]
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: Band Class - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - C:\WINDOWS\systb.dll
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_3_12_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_3_12_0.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O4 - HKLM\..\Run: [Win Server Updt] C:\WINDOWS\wupdt.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ppgmull] c:\windows\system32\gjlblli.exe r
O4 - HKLM\..\Run: [gnzrsbm] c:\windows\system32\znxafz.exe r
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: &AOL Toolbar Search - res://c:\program files\aol\aol toolbar 2.0\aoltbhtml.dll/search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - [url]http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab[/url]
O17 - HKLM\System\CCS\Services\Tcpip\..\{3B869A6F-B0FE-440E-96C9-D20A237B706A}: NameServer = 4.2.2.2
O17 - HKLM\System\CCS\Services\Tcpip\..\{99C2A277-40E5-4C84-9214-A21786E4CA32}: NameServer = 4.2.2.2
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: System Startup Service  (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe





"Silent Runners.vbs", revision 38.1, [url]http://www.silentrunners.org/[/url]
Operating System: Windows XP
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"MSMSGS" = ""C:\Program Files\Messenger\msmsgs.exe" /background" [MS]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"Win Server Updt" = "C:\WINDOWS\wupdt.exe" [null data]
"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup" [MS]
"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]
"NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit" [MS]
"ppgmull" = "c:\windows\system32\gjlblli.exe r" [null data]
"gnzrsbm" = "c:\windows\system32\znxafz.exe r" [null data]

HKLM\Software\Microsoft\Active Setup\Installed Components\
{89B4C1CD-B018-4511-B0A1-5476DBF70820}\(Default) = (no title provided)
                                       \StubPath   = "C:\WINDOWS\System32\Rundll32.exe C:\WINDOWS\System32\mscories.dll,Install" [MS]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{01F44A8A-8C97-4325-A378-76E68DC4AB2E}\(Default) = "Band Class" [from CLSID]
  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\systb.dll" [empty string]
{02478D38-C3F9-4efb-9B51-7695ECA05670}\(Default) = "Yahoo! Companion BHO" [from CLSID]
  -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_3_12_0.dll" ["Yahoo! Inc."]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = "AcroIEHlprObj Class" [from CLSID]
  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{7C554162-8CB7-45A4-B8F4-8EA1C75885F9}\(Default) = "AOL Toolbar Launcher"
  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll" ["America Online, Inc."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Display Panning CPL Extension"
  -> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext"
  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"
  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\Audiodev.dll" [MS]
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\Audiodev.dll" [MS]
"{5464D816-CF16-4784-B9F3-75C0DB52B499}" = "Yahoo! Mail"
  -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\Yahoo!\Common\ymmapi.dll" ["Yahoo! Inc."]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler"
  -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office\OLKFSTUB.DLL" [MS]
"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"
  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\nvcpl.dll" ["NVIDIA Corporation"]
"{acb4a560-3606-11d3-aef4-00104bd0f92d}" = "KodakShellExtension"
  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Common Files\KODAK\IFSCore\kodakshx.dll" ["Eastman Kodak Company"]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"
  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\nvcpl.dll" ["NVIDIA Corporation"]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"
  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"
  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
INFECTION WARNING! "{54D9498B-CF93-414F-8984-8CE7FDE0D391}" = "ewido shell guard"
  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\ewido\security suite\shellhook.dll" ["TODO: <Firmenname>"]

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\
INFECTION WARNING! "Shell" = "Explorer.exe C:\WINDOWS\Nail.exe" [MS], [null data]


Active Desktop and Wallpaper:
-----------------------------

Active Desktop is disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\WINDOWS\web\wallpaper\Bliss.bmp"


Enabled Scheduled Tasks:
------------------------

"Symantec NetDetect" -> launches: "C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE" ["Symantec Corporation"]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 11
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05


Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" = "&Yahoo! Companion" [from CLSID]
  -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_3_12_0.dll" ["Yahoo! Inc."]

"{DE9C389F-3316-41A7-809B-AA305ED9D922}" = "AOL Toolbar" [from CLSID]
  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll" ["America Online, Inc."]

HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" = "&Yahoo! Companion" [from CLSID]
  -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_3_12_0.dll" ["Yahoo! Inc."]

"{DE9C389F-3316-41A7-809B-AA305ED9D922}" = "AOL Toolbar"
  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll" ["America Online, Inc."]

Explorer Bars

HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\
{4528BBE0-4E08-11D5-AD55-00010333D0AD}\ = "&Yahoo! Messenger" [from CLSID]
  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll" ["Yahoo! Inc."]

Dormant Explorer Bars in "View, Explorer Bar" menu

HKLM\Software\Classes\CLSID\{E2BF1BF3-1FDB-4C93-8874-0B09E71C594C}\ = "LeftFrame Class"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "C:\WINDOWS\systb.dll" [empty string]

HKLM\Software\Classes\CLSID\{F3155057-4C2C-4078-8576-50486693FD49}\ = "BottomFrame Class"
Implemented Categories\{00021494-0000-0000-C000-000000000046}\ [horizontal bar]
InProcServer32\(Default) = "C:\WINDOWS\systb.dll" [empty string]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Sun Java Console"
"CLSIDExtension" = "{08B0E5C0-4FCB-11CF-AAA5-00401C608501}"

{3369AF0D-62E9-4BDA-8103-B4C75499B578}\
"ButtonText" = "AOL Toolbar"
"CLSIDExtension" = "{DE9C389F-3316-41A7-809B-AA305ED9D922}"
  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll" ["America Online, Inc."]

{4528BBE0-4E08-11D5-AD55-00010333D0AD}\
"ButtonText" = "Messenger"
"MenuText" = "Yahoo! Messenger"
"CLSIDExtension" = "{4C171D40-8277-11D5-AD55-00010333D0AD}"
  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll" ["Yahoo! Inc."]

{AC9E2541-2814-11D5-BC6D-00B0D0A1DE45}\
"ButtonText" = "AIM"
"Exec" = "C:\Program Files\AIM\aim.exe" ["America Online, Inc."]

{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Program Files\Messenger\MSMSGS.EXE" [MS]


Miscellaneous IE Hijack Points
------------------------------

HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\

Missing lines (compared with English-language version):
"{EA756889-2338-43DB-8F07-D1CA6FB9C90D}" = "AOL Search"
  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll" ["America Online, Inc."]

HKLM\Software\Microsoft\Internet Explorer\AboutURLs\
HIJACK WARNING! "searchprovider" = "res://C:\WINDOWS\System32\SEARCH~1.DLL/search.htm" [empty string]


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

ewido security suite control, ewido security suite control, "C:\Program Files\ewido\security suite\ewidoctrl.exe" ["ewido networks"]
Kodak Camera Connection Software, KodakCCS, "C:\WINDOWS\system32\drivers\KodakCCS.exe" ["Eastman Kodak Company"]
NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\System32\nvsvc32.exe" ["NVIDIA Corporation"]
Symantec Network Drivers Service, SNDSrvc, "C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe" ["Symantec Corporation"]
Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\System32\wdfmgr.exe" [MS]


----------
This report excludes default entries except where indicated.
To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
----------

dlh6213 27 Posting Maven Team Colleague · Answer 8 · 2005-06-22T16:11:06+00:00

Apparently there is an updated fix for this that I wasn't aware of; hopefully this will clean it up.

You will need to be disconnected from the internet during this process, so you may wish to print out these instructions.

Download the updated Nailfix from here:
http://www.noidea.us/easyfile/file.php?download=20050515010747824
Unzip it to your desktop but do NOT run it yet.

Disconnect your system from the internet and reboot into Safe Mode.

Double-click on Nailfix.cmd; your desktop and icons will disappear and reappear, and a window should open and close very quickly -- this is normal.

Then run another full scan scan with Ewido and save the log.

Next run HijackThis, click Scan, and check:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: Band Class - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - C:\WINDOWS\systb.dll
O4 - HKLM\..\Run: [Win Server Updt] C:\WINDOWS\wupdt.exe
O4 - HKLM\..\Run: [ppgmull] c:\windows\system32\gjlblli.exe r
O4 - HKLM\..\Run: [gnzrsbm] c:\windows\system32\znxafz.exe r

Close all open windows, other then HijackThis, and click Fix checked.

Go to the following locations and delete the highlighted files:

C:\WINDOWS\Nail.exe
C:\WINDOWS\systb.dll
C:\WINDOWS\wupdt.exe
C:\windows\system32\gjlblli.exe
C:\windows\system32\znxafz.exe

Empty your Recycle Bin and reboot normally.

Reconnect to the net, close any open browser window, scan with HJT and post a new log along with the new Ewido log.

SediAK 0 Newbie Poster · Answer 9 · 2005-06-23T02:39:45+00:00

Logfile of HijackThis v1.99.1
Scan saved at 12:38:53 PM, on 6/22/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
c:\windows\system32\alsfifn.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Hijackthis\HijackThis.exe

R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_3_12_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_3_12_0.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [kiwcplw] c:\windows\system32\alsfifn.exe r
O8 - Extra context menu item: &AOL Toolbar Search - res://c:\program files\aol\aol toolbar 2.0\aoltbhtml.dll/search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - [url]http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab[/url]
O17 - HKLM\System\CCS\Services\Tcpip\..\{3B869A6F-B0FE-440E-96C9-D20A237B706A}: NameServer = 4.2.2.2
O17 - HKLM\System\CCS\Services\Tcpip\..\{99C2A277-40E5-4C84-9214-A21786E4CA32}: NameServer = 4.2.2.2
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe




---------------------------------------------------------
 ewido security suite - Scan report
---------------------------------------------------------

 + Created on:          12:21:25 PM, 6/22/2005
 + Report-Checksum:     D868BCB

 + Scan result:

    HKLM\SOFTWARE\Classes\IMIToolbar.BottomFrame -> Spyware.IEPlugin
    HKLM\SOFTWARE\Classes\IMIToolbar.BottomFrame\CLSID -> Spyware.IEPlugin
    HKLM\SOFTWARE\Classes\IMIToolbar.BottomFrame\CurVer -> Spyware.IEPlugin
    HKLM\SOFTWARE\Classes\IMIToolbar.LeftFrame -> Spyware.IEPlugin
    HKLM\SOFTWARE\Classes\IMIToolbar.LeftFrame\CLSID -> Spyware.IEPlugin
    HKLM\SOFTWARE\Classes\IMIToolbar.LeftFrame\CurVer -> Spyware.IEPlugin
    HKLM\SOFTWARE\Classes\IMIToolbar.PopupBrowser -> Spyware.IEPlugin
    HKLM\SOFTWARE\Classes\IMIToolbar.PopupBrowser\CLSID -> Spyware.IEPlugin
    HKLM\SOFTWARE\Classes\IMIToolbar.PopupBrowser\CurVer -> Spyware.IEPlugin
    HKLM\SOFTWARE\Classes\IMIToolbar.PopupWindow -> Spyware.IEPlugin
    HKLM\SOFTWARE\Classes\IMIToolbar.PopupWindow\CLSID -> Spyware.IEPlugin
    HKLM\SOFTWARE\Classes\IMIToolbar.PopupWindow\CurVer -> Spyware.IEPlugin
    HKLM\SOFTWARE\Classes\Wbho.Band -> Spyware.IEPlugin
    HKLM\SOFTWARE\Classes\Wbho.Band\CLSID -> Spyware.IEPlugin
    HKLM\SOFTWARE\Classes\Wbho.Band\CurVer -> Spyware.IEPlugin
    HKU\S-1-5-21-1844237615-839522115-682003330-1004\Software\intexp -> Spyware.IEPlugin
    HKU\S-1-5-21-1844237615-839522115-682003330-1004\Software\intexp\Config -> Spyware.IEPlugin
    HKU\S-1-5-21-1844237615-839522115-682003330-1004\Software\intexp\MyFileSystem2 -> Spyware.IEPlugin
    :mozilla.12:C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\ujdoam5u.default\cookies.txt -> Spyware.Cookie.Adjuggler
    :mozilla.13:C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\ujdoam5u.default\cookies.txt -> Spyware.Cookie.Atdmt
    :mozilla.22:C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\ujdoam5u.default\cookies.txt -> Spyware.Cookie.Fastclick
    :mozilla.23:C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\ujdoam5u.default\cookies.txt -> Spyware.Cookie.Adserver
    :mozilla.24:C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\ujdoam5u.default\cookies.txt -> Spyware.Cookie.Adserver
    :mozilla.25:C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\ujdoam5u.default\cookies.txt -> Spyware.Cookie.Adserver
    :mozilla.26:C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\ujdoam5u.default\cookies.txt -> Spyware.Cookie.Fastclick
    :mozilla.27:C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\ujdoam5u.default\cookies.txt -> Spyware.Cookie.Fastclick
    :mozilla.29:C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\ujdoam5u.default\cookies.txt -> Spyware.Cookie.Doubleclick
    :mozilla.38:C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\ujdoam5u.default\cookies.txt -> Spyware.Cookie.Mediaplex
    :mozilla.41:C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\ujdoam5u.default\cookies.txt -> Spyware.Cookie.Bluestreak
    :mozilla.43:C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\ujdoam5u.default\cookies.txt -> Spyware.Cookie.Tribalfusion
    :mozilla.46:C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\ujdoam5u.default\cookies.txt -> Spyware.Cookie.Imrworldwide
    :mozilla.47:C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\ujdoam5u.default\cookies.txt -> Spyware.Cookie.Imrworldwide
    :mozilla.50:C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\ujdoam5u.default\cookies.txt -> Spyware.Cookie.Tribalfusion
    :mozilla.51:C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\ujdoam5u.default\cookies.txt -> Spyware.Cookie.Tribalfusion
    :mozilla.52:C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\ujdoam5u.default\cookies.txt -> Spyware.Cookie.Tribalfusion
    :mozilla.53:C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\ujdoam5u.default\cookies.txt -> Spyware.Cookie.Tribalfusion
    :mozilla.54:C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\ujdoam5u.default\cookies.txt -> Spyware.Cookie.Tribalfusion
    :mozilla.55:C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\ujdoam5u.default\cookies.txt -> Spyware.Cookie.Tribalfusion
    :mozilla.75:C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\ujdoam5u.default\cookies.txt -> Spyware.Cookie.Casalemedia
    :mozilla.76:C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\ujdoam5u.default\cookies.txt -> Spyware.Cookie.Casalemedia
    :mozilla.77:C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\ujdoam5u.default\cookies.txt -> Spyware.Cookie.Casalemedia
    :mozilla.83:C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\ujdoam5u.default\cookies.txt -> Spyware.Cookie.Filefront
    :mozilla.84:C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\ujdoam5u.default\cookies.txt -> Spyware.Cookie.Trafficmp
    :mozilla.85:C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\ujdoam5u.default\cookies.txt -> Spyware.Cookie.Trafficmp
    :mozilla.86:C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\ujdoam5u.default\cookies.txt -> Spyware.Cookie.Trafficmp
    :mozilla.87:C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\ujdoam5u.default\cookies.txt -> Spyware.Cookie.Trafficmp
    :mozilla.88:C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\ujdoam5u.default\cookies.txt -> Spyware.Cookie.Trafficmp
    :mozilla.89:C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\ujdoam5u.default\cookies.txt -> Spyware.Cookie.Trafficmp
    :mozilla.90:C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\ujdoam5u.default\cookies.txt -> Spyware.Cookie.Trafficmp
    :mozilla.98:C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\ujdoam5u.default\cookies.txt -> Spyware.Cookie.Belnk
    :mozilla.99:C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\ujdoam5u.default\cookies.txt -> Spyware.Cookie.Questionmarket
    :mozilla.104:C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\ujdoam5u.default\cookies.txt -> Spyware.Cookie.Dogpile
    :mozilla.105:C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\ujdoam5u.default\cookies.txt -> Spyware.Cookie.Specificclick
    :mozilla.106:C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\ujdoam5u.default\cookies.txt -> Spyware.Cookie.Specificclick
    :mozilla.107:C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\ujdoam5u.default\cookies.txt -> Spyware.Cookie.Specificclick
    :mozilla.108:C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\ujdoam5u.default\cookies.txt -> Spyware.Cookie.Specificclick
    :mozilla.109:C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\ujdoam5u.default\cookies.txt -> Spyware.Cookie.Burstnet
    :mozilla.110:C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\ujdoam5u.default\cookies.txt -> Spyware.Cookie.Burstnet
    :mozilla.111:C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\ujdoam5u.default\cookies.txt -> Spyware.Cookie.Myaffiliateprogram
    :mozilla.112:C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\ujdoam5u.default\cookies.txt -> Spyware.Cookie.Myaffiliateprogram
    C:\Documents and Settings\Bryan\Cookies\bryan@2o7[2].txt -> Spyware.Cookie.2o7
    C:\Documents and Settings\Bryan\Cookies\bryan@888[2].txt -> Spyware.Cookie.888.com
    C:\Documents and Settings\Bryan\Cookies\bryan@abetterinternet[2].txt -> Spyware.Cookie.Abetterinternet
    C:\Documents and Settings\Bryan\Cookies\bryan@aimtoday.aol[1].txt -> Spyware.Cookie.Aol
    C:\Documents and Settings\Bryan\Cookies\bryan@atdmt[2].txt -> Spyware.Cookie.Atdmt
    C:\Documents and Settings\Bryan\Cookies\bryan@btg.btgrab[1].txt -> Spyware.Cookie.Btgrab
    C:\Documents and Settings\Bryan\Cookies\bryan@cliks[1].txt -> Spyware.Cookie.Cliks
    C:\Documents and Settings\Bryan\Cookies\bryan@creativeby.viewpoint[1].txt -> Spyware.Cookie.Viewpoint
    C:\Documents and Settings\Bryan\Cookies\bryan@doubleclick[2].txt -> Spyware.Cookie.Doubleclick
    C:\Documents and Settings\Bryan\Cookies\bryan@emarketmakers[1].txt -> Spyware.Cookie.Emarketmakers
    C:\Documents and Settings\Bryan\Cookies\bryan@fastclick[1].txt -> Spyware.Cookie.Fastclick
    C:\Documents and Settings\Bryan\Cookies\bryan@fcstats.bcentral[2].txt -> Spyware.Cookie.Bcentral
    C:\Documents and Settings\Bryan\Cookies\bryan@hitbox[1].txt -> Spyware.Cookie.Hitbox
    C:\Documents and Settings\Bryan\Cookies\bryan@live365[1].txt -> Spyware.Cookie.Live365
    C:\Documents and Settings\Bryan\Cookies\bryan@mediaplex[1].txt -> Spyware.Cookie.Mediaplex
    C:\Documents and Settings\Bryan\Cookies\bryan@offeroptimizer[1].txt -> Spyware.Cookie.Offeroptimizer
    C:\Documents and Settings\Bryan\Cookies\bryan@overture[1].txt -> Spyware.Cookie.Overture
    C:\Documents and Settings\Bryan\Cookies\bryan@perf.overture[1].txt -> Spyware.Cookie.Overture
    C:\Documents and Settings\Bryan\Cookies\bryan@phg.hitbox[1].txt -> Spyware.Cookie.Hitbox
    C:\Documents and Settings\Bryan\Cookies\bryan@rn11[2].txt -> Spyware.Cookie.Rn11
    C:\Documents and Settings\Bryan\Cookies\bryan@server.iad.liveperson[2].txt -> Spyware.Cookie.Liveperson
    C:\Documents and Settings\Bryan\Cookies\bryan@statse.webtrendslive[2].txt -> Spyware.Cookie.Webtrendslive
    C:\Documents and Settings\Bryan\Cookies\bryan@trafficmp[1].txt -> Spyware.Cookie.Trafficmp
    C:\Documents and Settings\Bryan\Cookies\bryan@www.azoogleads[2].txt -> Spyware.Cookie.Azoogleads
    C:\Documents and Settings\Bryan\Cookies\bryan@www.everyfreegift[2].txt -> Spyware.Cookie.Everyfreegift
    :mozilla.15:C:\Documents and Settings\Shamai\Application Data\Mozilla\Firefox\Profiles\unpvm2y6.default\cookies.txt -> Spyware.Cookie.Burstnet
    :mozilla.16:C:\Documents and Settings\Shamai\Application Data\Mozilla\Firefox\Profiles\unpvm2y6.default\cookies.txt -> Spyware.Cookie.Burstnet
    :mozilla.17:C:\Documents and Settings\Shamai\Application Data\Mozilla\Firefox\Profiles\unpvm2y6.default\cookies.txt -> Spyware.Cookie.Burstnet
    :mozilla.18:C:\Documents and Settings\Shamai\Application Data\Mozilla\Firefox\Profiles\unpvm2y6.default\cookies.txt -> Spyware.Cookie.Atdmt
    :mozilla.20:C:\Documents and Settings\Shamai\Application Data\Mozilla\Firefox\Profiles\unpvm2y6.default\cookies.txt -> Spyware.Cookie.Dogpile
    :mozilla.21:C:\Documents and Settings\Shamai\Application Data\Mozilla\Firefox\Profiles\unpvm2y6.default\cookies.txt -> Spyware.Cookie.Dogpile
    :mozilla.22:C:\Documents and Settings\Shamai\Application Data\Mozilla\Firefox\Profiles\unpvm2y6.default\cookies.txt -> Spyware.Cookie.Doubleclick
    :mozilla.23:C:\Documents and Settings\Shamai\Application Data\Mozilla\Firefox\Profiles\unpvm2y6.default\cookies.txt -> Spyware.Cookie.Wwwbettycrocker
    :mozilla.24:C:\Documents and Settings\Shamai\Application Data\Mozilla\Firefox\Profiles\unpvm2y6.default\cookies.txt -> Spyware.Cookie.Wwwbettycrocker
    :mozilla.25:C:\Documents and Settings\Shamai\Application Data\Mozilla\Firefox\Profiles\unpvm2y6.default\cookies.txt -> Spyware.Cookie.Tribalfusion
    C:\Documents and Settings\Shamai\Cookies\shamai@abetterinternet[1].txt -> Spyware.Cookie.Abetterinternet
    C:\Documents and Settings\Shamai\Cookies\shamai@advertising[1].txt -> Spyware.Cookie.Advertising
    C:\Documents and Settings\Shamai\Cookies\shamai@atdmt[2].txt -> Spyware.Cookie.Atdmt
    C:\Documents and Settings\Shamai\Cookies\shamai@btg.btgrab[2].txt -> Spyware.Cookie.Btgrab
    C:\Documents and Settings\Shamai\Cookies\shamai@cliks[2].txt -> Spyware.Cookie.Cliks
    C:\Documents and Settings\Shamai\Cookies\shamai@mediaplex[1].txt -> Spyware.Cookie.Mediaplex
    C:\Documents and Settings\Shamai\Cookies\shamai@offeroptimizer[1].txt -> Spyware.Cookie.Offeroptimizer
    C:\Documents and Settings\Shamai\Cookies\shamai@realmedia[1].txt -> Spyware.Cookie.Realmedia
    C:\Documents and Settings\Shamai\Cookies\shamai@servedby.advertising[1].txt -> Spyware.Cookie.Advertising
    C:\Documents and Settings\Shamai\Cookies\shamai@trafficmp[2].txt -> Spyware.Cookie.Trafficmp
    C:\WINDOWS\bshpejk.exe -> Spyware.BetterInternet
    C:\WINDOWS\systb.dll -> Spyware.ImiBar
    C:\WINDOWS\vmithbmnj.exe -> Spyware.BetterInternet
    C:\WINDOWS\wupdt.exe -> TrojanDownloader.Intexp.c


::Report End

SediAK 0 Newbie Poster · Answer 10 · 2005-06-30T01:13:31+00:00

SediAK 0 Newbie Poster

18 Years Ago

so did ya give up? lol

Im still gettin aurora

dlh6213 27 Posting Maven Team Colleague · Answer 11 · 2005-06-30T13:16:56+00:00

I don't see the typical signs of Aurora in your last log. Please post a new hijackthis log after doing the following (yes again, your Ewido log still shows a lot of stuff in these folders):

For every User listed under C:\Documents and Settings, delete the entire contents of these folders (not the folders themselves):

Local Settings\Temp
Cookies
History
Local Settings\Temporary Internet Files\Content.IE5

Delete the entire contents of your C:\Windows\Temp folder.

Delete the entire contents of your C:\Temp folder (if you have one).

Do a search for *.tmp and delete all entries found.

Go to Start, Run, and type in cleanmgr, and then click OK. Select the drive XP is on, and check the boxes for Downloaded Program Files (move any files you wish to keep out of this folder first), Temporary Internet Files, Recycle Bin, Temporary Files, Temporary Offline Files, Offline Files, (and Compress old files & Catalog files for the Content Indexer if you wish), and then click OK. Click Yes to confirm you want these files deleted. It may take awhile for this to run, please be patient.

Note: if any of these temporary files cannot be deleted while in normal mode, try Safe Mode.

Open Firefox, go to Tools, Options, and click on Privacy (padlock icon on the left); click on the Clear All button.

SediAK 0 Newbie Poster · Answer 12 · 2005-06-30T15:06:05+00:00

heres whatI got after doing that....and as soon as I opened the browser to come post this I still got the Aurora pop-up.....

---------------------------------------------------------
 ewido security suite - Scan report
---------------------------------------------------------

 + Created on:          1:03:08 AM, 6/30/2005
 + Report-Checksum:     3958B92D

 + Scan result:

    [2156] VM_00900000 -> Spyware.BetterInternet


::Report End





Logfile of HijackThis v1.99.1
Scan saved at 1:03:27 AM, on 6/30/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
c:\windows\system32\gowzet.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Hijackthis\HijackThis.exe

R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_3_12_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_3_12_0.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [epcchv] c:\windows\system32\gowzet.exe r
O4 - HKLM\..\RunOnce: [AAW] "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe" "+b1"
O8 - Extra context menu item: &AOL Toolbar Search - res://c:\program files\aol\aol toolbar 2.0\aoltbhtml.dll/search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - [url]http://www.pandasoftware.com/activescan/as5/asinst.cab[/url]
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - [url]http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab[/url]
O17 - HKLM\System\CCS\Services\Tcpip\..\{3B869A6F-B0FE-440E-96C9-D20A237B706A}: NameServer = 4.2.2.2
O17 - HKLM\System\CCS\Services\Tcpip\..\{99C2A277-40E5-4C84-9214-A21786E4CA32}: NameServer = 4.2.2.2
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: System Startup Service  (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe (file missing)

dlh6213 27 Posting Maven Team Colleague · Answer 13 · 2005-06-30T20:07:44+00:00

Yep, you are correct, you have Aurora again :(

So, let's go through this again...

Disconnect from the net and reboot into Safe Mode.

Double-click on the Nailfix.cmd that is on your desktop.

Run a full system scan with Ewido (remember you will be posting the log from this scan in your next reply).

Still in Safe Mode, scan with hijackthis and have it fix the following entries:

F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O4 - HKLM\..\Run: [epcchv] c:\windows\system32\gowzet.exe r
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe (file missing)

Close any open windows and hit Fix checked.

Go to the following locations and delete the highlighted files:

C:\WINDOWS\Nail.exe
C:\windows\system32\gowzet.exe
C:\WINDOWS\svcproc.exe

Empty your Recycle Bin and do a search for each of those files and delete any instances found.

Empty your Recycle Bin again and reboot.

Download and run the BetterInternet removal tool from here:

http://securityresponse.symantec.com/avcenter/FixBinet.exe

Then, close any open browser windows, scan with HJT, and post a new log along with the Ewido log.

SediAK 0 Newbie Poster · Answer 14 · 2005-07-01T01:26:50+00:00

Logfile of HijackThis v1.99.1
Scan saved at 11:26:21 AM, on 6/30/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
c:\windows\system32\ljigoll.exe
C:\Program Files\Hijackthis\HijackThis.exe

R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: Band Class - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - C:\WINDOWS\systb.dll
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_3_12_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_3_12_0.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [msnwztz] c:\windows\system32\ljigoll.exe r
O4 - HKLM\..\Run: [Win Server Updt] C:\WINDOWS\wupdt.exe
O8 - Extra context menu item: &AOL Toolbar Search - res://c:\program files\aol\aol toolbar 2.0\aoltbhtml.dll/search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - [url]http://www.pandasoftware.com/activescan/as5/asinst.cab[/url]
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - [url]http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab[/url]
O17 - HKLM\System\CCS\Services\Tcpip\..\{3B869A6F-B0FE-440E-96C9-D20A237B706A}: NameServer = 4.2.2.2
O17 - HKLM\System\CCS\Services\Tcpip\..\{99C2A277-40E5-4C84-9214-A21786E4CA32}: NameServer = 4.2.2.2
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: System Startup Service  (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe





---------------------------------------------------------
 ewido security suite - Scan report
---------------------------------------------------------

 + Created on:          9:54:01 AM, 6/30/2005
 + Report-Checksum:     F6D6FFC

 + Scan result:

    :mozilla.14:C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\ujdoam5u.default\cookies.txt -> Spyware.Cookie.Atdmt
    :mozilla.25:C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\ujdoam5u.default\cookies.txt -> Spyware.Cookie.Adjuggler
    :mozilla.26:C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\ujdoam5u.default\cookies.txt -> Spyware.Cookie.Advertising
    :mozilla.27:C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\ujdoam5u.default\cookies.txt -> Spyware.Cookie.Advertising
    :mozilla.28:C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\ujdoam5u.default\cookies.txt -> Spyware.Cookie.Advertising
    :mozilla.29:C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\ujdoam5u.default\cookies.txt -> Spyware.Cookie.Advertising
    :mozilla.30:C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\ujdoam5u.default\cookies.txt -> Spyware.Cookie.Advertising
    :mozilla.31:C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\ujdoam5u.default\cookies.txt -> Spyware.Cookie.Advertising
    :mozilla.32:C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\ujdoam5u.default\cookies.txt -> Spyware.Cookie.Advertising
    :mozilla.33:C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\ujdoam5u.default\cookies.txt -> Spyware.Cookie.Advertising
    :mozilla.35:C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\ujdoam5u.default\cookies.txt -> Spyware.Cookie.Zedo
    :mozilla.40:C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\ujdoam5u.default\cookies.txt -> Spyware.Cookie.Zedo
    :mozilla.41:C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\ujdoam5u.default\cookies.txt -> Spyware.Cookie.Zedo
    :mozilla.45:C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\ujdoam5u.default\cookies.txt -> Spyware.Cookie.Doubleclick
    :mozilla.46:C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\ujdoam5u.default\cookies.txt -> Spyware.Cookie.Viewpoint
    :mozilla.48:C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\ujdoam5u.default\cookies.txt -> Spyware.Cookie.Ru4
    :mozilla.49:C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\ujdoam5u.default\cookies.txt -> Spyware.Cookie.Ru4
    :mozilla.50:C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\ujdoam5u.default\cookies.txt -> Spyware.Cookie.Mediaplex
    :mozilla.51:C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\ujdoam5u.default\cookies.txt -> Spyware.Cookie.Bluestreak
    :mozilla.54:C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\ujdoam5u.default\cookies.txt -> Spyware.Cookie.Pointroll
    :mozilla.55:C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\ujdoam5u.default\cookies.txt -> Spyware.Cookie.Pointroll
    :mozilla.56:C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\ujdoam5u.default\cookies.txt -> Spyware.Cookie.Pointroll
    :mozilla.57:C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\ujdoam5u.default\cookies.txt -> Spyware.Cookie.Questionmarket
    :mozilla.71:C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\ujdoam5u.default\cookies.txt -> Spyware.Cookie.Myaffiliateprogram
    :mozilla.73:C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\ujdoam5u.default\cookies.txt -> Spyware.Cookie.Specificclick
    :mozilla.74:C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\ujdoam5u.default\cookies.txt -> Spyware.Cookie.Specificclick
    :mozilla.75:C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\ujdoam5u.default\cookies.txt -> Spyware.Cookie.Specificclick
    :mozilla.76:C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\ujdoam5u.default\cookies.txt -> Spyware.Cookie.Specificclick
    C:\Documents and Settings\Bryan\Cookies\bryan@abetterinternet[1].txt -> Spyware.Cookie.Abetterinternet
    C:\Documents and Settings\Bryan\Cookies\bryan@aimtoday.aol[1].txt -> Spyware.Cookie.Aol
    C:\Documents and Settings\Bryan\Cookies\bryan@btg.btgrab[2].txt -> Spyware.Cookie.Btgrab
    C:\Documents and Settings\Bryan\Cookies\bryan@cliks[2].txt -> Spyware.Cookie.Cliks
    C:\Documents and Settings\Bryan\Cookies\bryan@creativeby.viewpoint[1].txt -> Spyware.Cookie.Viewpoint
    C:\Documents and Settings\Bryan\Cookies\bryan@offeroptimizer[2].txt -> Spyware.Cookie.Offeroptimizer
    C:\Documents and Settings\Bryan\Cookies\bryan@perf.overture[1].txt -> Spyware.Cookie.Overture
    C:\Documents and Settings\Bryan\Cookies\bryan@rn11[2].txt -> Spyware.Cookie.Rn11
    C:\Documents and Settings\Bryan\Cookies\bryan@trafficmp[1].txt -> Spyware.Cookie.Trafficmp
    C:\Documents and Settings\Bryan\Cookies\bryan@trk.pcsecurityshield[2].txt -> Spyware.Cookie.Pcsecurityshield
    C:\Documents and Settings\Bryan\Cookies\bryan@www.pcsecurityshield[1].txt -> Spyware.Cookie.Pcsecurityshield
    C:\WINDOWS\vmithbmnj.exe -> Spyware.BetterInternet


::Report End

aurora and drpmon.dll problem

Recommended Answers Collapse Answers

All 19 Replies

Recommended Answers