MyTechSupport.ca :: Your Computer Technical Resource Headquarters! MyTechSupport.ca :: Your Computer Technical Resource Headquarters!
HOME FORUMS RESOURCES & TOOLS ARTICLES ONLINE STORE ABOUT US
Computer Support Forums arrow Internet & Network Support arrow Security & Viruses arrow Topic: AIM Virus
December 13, 2019, 10:20:27 PM
 

Home Forum Rules Help Search Mobile Version Login Register

Welcome, Guest. Please login or register.
Did you miss your activation email?
December 13, 2019, 10:20:27 PM

Login with username, password and session length
 Featured Sites:
News
Article Writers We are looking for quality, informational articles to add to our Computer Articles
Please contact us if you are interested in submitting some....
  0 Members and 1 Guest are viewing this topic.
Pages: [1] 2  All Go Down Print
Author Topic: AIM Virus  (Read 3252 times)
SteveSharp
Newbie
*

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 9


Bookmark and Share

View Profile
« on: October 12, 2005, 06:46:48 PM »

PLEASE SUPPLY RELEVANT INFORMATION:
Operating System Version: Windows XP
Problem Application Name & Version:
Problem Hardware Make & Model:
Error Messages:



My son has picked up an AIM virus.  It has disabled his Norton Antivirus software.  I don't know the name of the virus, but one of the objects it has created is lock1.exe.
I have read on here, something about HijackThis software that could give you more info, but don't have that.  Please advise.


Logged

 
Pancake
Global Moderator
Hero Member
*****

Karma: +78/-0
Offline Offline

Gender: Male
Posts: 3915


Bookmark and Share

View Profile
« Reply #1 on: October 13, 2005, 01:04:27 AM »

Please download HijackThis.  It will create a directory folder for you. Run a scan and save the log file.  Post the whole log file here.  Do not fix anything since most of them listed there are harmless (some are system required).  This program will help  determine what,if any, spyware/malware is on your computer.
Logged

An Australian Member of

EDDY
SteveSharp
Newbie
*

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 9


Bookmark and Share

View Profile
« Reply #2 on: October 13, 2005, 02:46:26 PM »

Logfile of HijackThis v1.99.1
Scan saved at 7:42:57 AM, on 10/13/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\WINDOWS\System32\alg.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\NavNT\vptray.exe
C:\Program Files\InetGet\Adperform180safull.exe
C:\WINDOWS\etb\pokapoka75.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\AOL\1124366379\ee\AOLHostManager.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Common Files\AOL\1124366379\ee\AOLServiceHost.exe
C:\Program Files\Common Files\Windows\services32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.myseachexplorer.com/sp2.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.myseachexplorer.com/sp2.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.myseachexplorer.com/sp2.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.myseachexplorer.com/sp2.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [Aol Instant Messenger Fix] aolfix.exe
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1124366379\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [strtas] lock1.exe
O4 - HKLM\..\Run: [Media Gateway] C:\Program Files\InetGet\Adperform180safull.exe
O4 - HKLM\..\Run: [System service75] C:\WINDOWS\etb\pokapoka75.exe
O4 - HKLM\..\RunServices: [Aol Instant Messenger Fix] aolfix.exe
O4 - HKLM\..\RunServices: [strtas] lock1.exe
O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI Multimedia\main\launchpd.exe"
O4 - HKCU\..\Run: [Steam] "c:\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [Aol Instant Messenger Fix] aolfix.exe
O4 - HKCU\..\Run: [strtas] lock1.exe
O4 - HKCU\..\Run: [services32] C:\Program Files\Common Files\Windows\mc-67-525-0000166.exe
O4 - HKCU\..\Run: [DNS] C:\Program Files\Common Files\mc-67-525-0000166.exe
O4 - HKCU\..\RunServices: [Aol Instant Messenger Fix] aolfix.exe
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {99410CDE-6F16-42ce-9D49-3807F78F0287} (ClientInstaller Class) - http://www.zango.com/GetZango/Download/zangoax.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{49DE14F7-E079-4F4B-9821-0900DEF89AAB}: NameServer = 192.168.0.1
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: Windows lsass Service (lsass) - Unknown owner - C:\WINDOWS\lsass.exe (file missing)
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
Logged

 
SteveSharp
Newbie
*

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 9


Bookmark and Share

View Profile
« Reply #3 on: October 16, 2005, 10:35:29 PM »

Hello anyone, still waiting on an answer.
Logged

 
Pancake
Global Moderator
Hero Member
*****

Karma: +78/-0
Offline Offline

Gender: Male
Posts: 3915


Bookmark and Share

View Profile
« Reply #4 on: October 18, 2005, 02:55:46 AM »

Whoops...sorry.I forgot to subscribe to the topic.

Lets get all this nicely cleaned first.

Please download Ewido Security Suite and do a scan when you first get into Safe Mode.

Please start by putting your computer in SAFE MODE.  During reboot, tap the F8 key. Select Safe Mode and then run HJT.

 Install Ewido Security Suite.
 When installing, under 'Additional Options' uncheck: "Install background guard" and  "Install scan via context menu"

To open the main screen double click the icon on the desktop.
 
 You will get a warning 'Database could not be found!'.(only if no updated have first been installed) Click OK.

 Update to the latest definition files.On the left of the main screen click Update.Then click on Start Update.Let it complete the updates.

Now Click on Scanner and Click on Complete System Scan and the scan will start.

During some scans  it may find cases of false positives so you will need to step through the process of cleaning files one-by-one.

If a file is detected you KNOW to be legitimate, select None as the action. Do NOT select 'Perform action on all infections'
 
If you are unsure of any entry found play safe and select None as the action.
Press the button marked Save Report

Save the report .txt file to your desktop or somewhere you can find it.Post it back with your next HJT log.

« Last Edit: October 18, 2005, 02:57:39 AM by Pancake » Logged

An Australian Member of

EDDY
SteveSharp
Newbie
*

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 9


Bookmark and Share

View Profile
« Reply #5 on: October 19, 2005, 01:59:03 AM »

HJT
Logfile of HijackThis v1.99.1
Scan saved at 6:45:37 PM, on 10/18/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: Internet Explorer Web Content Catcher  - {FFF4E223-7019-4ce7-BE03-D7D3C8CCE884} - C:\Program Files\DNS\Catcher.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [Aol Instant Messenger Fix] aolfix.exe
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1124366379\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [Media Gateway] C:\Program Files\InetGet\Adperform180safull.exe
O4 - HKLM\..\Run: [System service75] C:\WINDOWS\etb\pokapoka75.exe
O4 - HKLM\..\RunServices: [Aol Instant Messenger Fix] aolfix.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{49DE14F7-E079-4F4B-9821-0900DEF89AAB}: NameServer = 192.168.0.1
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Windows lsass Service (lsass) - Unknown owner - C:\WINDOWS\lsass.exe (file missing)
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe

---------------------------------------------------------
 ewido security suite - Scan report
---------------------------------------------------------

 + Created on:         6:41:47 PM, 10/18/2005
 + Report-Checksum:      F89C7453

 + Scan result:

   HKLM\SOFTWARE\Classes\ClientAX.ClientInstaller -> Spyware.180Solutions : Cleaned with backup
   HKLM\SOFTWARE\Classes\ClientAX.ClientInstaller\CLSID -> Spyware.180Solutions : Cleaned with backup
   HKLM\SOFTWARE\Classes\ClientAX.ClientInstaller\CLSID\\ -> Spyware.Zango : Cleaned with backup
   HKLM\SOFTWARE\Classes\ClientAX.ClientInstaller\CurVer -> Spyware.180Solutions : Cleaned with backup
   HKLM\SOFTWARE\Classes\ClientAX.ClientInstaller.1 -> Spyware.180Solutions : Cleaned with backup
   HKLM\SOFTWARE\Classes\ClientAX.ClientInstaller.1\CLSID\\ -> Spyware.Zango : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{01F44A8A-8C97-4325-A378-76E68DC4AB2E} -> Spyware.IEPlugin : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{0AC49246-419B-4EE0-8917-8818DAAD6A4E}\TypeLib\\ -> Spyware.180Solutions : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} -> Spyware.MiniBug : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{99410CDE-6F16-42ce-9D49-3807F78F0287} -> Spyware.Zango : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{99410CDE-6F16-42ce-9D49-3807F78F0287}\TypeLib\\ -> Spyware.180Solutions : Cleaned with backup
   HKLM\SOFTWARE\Classes\Interface\{2B0ECEAC-F597-4858-A542-D966B49055B9} -> Spyware.180Solutions : Cleaned with backup
   HKLM\SOFTWARE\Classes\Interface\{2B0ECEAC-F597-4858-A542-D966B49055B9}\TypeLib\\ -> Spyware.180Solutions : Cleaned with backup
   HKLM\SOFTWARE\Classes\Interface\{DDEA2E1D-8555-45E5-AF09-EC9AA4EA27AD} -> Spyware.180Solutions : Cleaned with backup
   HKLM\SOFTWARE\Classes\Interface\{DDEA2E1D-8555-45E5-AF09-EC9AA4EA27AD}\TypeLib\\ -> Spyware.180Solutions : Cleaned with backup
   HKLM\SOFTWARE\Classes\Interface\{F1F1E775-1B21-454D-8D38-7C16519969E5}\TypeLib\\ -> Spyware.180Solutions : Cleaned with backup
   HKLM\SOFTWARE\Classes\MiniBugTransporter.MiniBugTransporterX\CLSID\\ -> Spyware.MiniBug : Cleaned with backup
   HKLM\SOFTWARE\Classes\MiniBugTransporter.MiniBugTransporterX.1\CLSID\\ -> Spyware.MiniBug : Cleaned with backup
   HKLM\SOFTWARE\Classes\TypeLib\{5B6689B5-C2D4-4DC7-BFD1-24AC17E5FCDA} -> Spyware.180Solutions : Cleaned with backup
   HKLM\SOFTWARE\Classes\Wbho.Band -> Spyware.IEPlugin : Cleaned with backup
   HKLM\SOFTWARE\Classes\Wbho.Band\CLSID -> Spyware.IEPlugin : Cleaned with backup
   HKLM\SOFTWARE\Classes\Wbho.Band\CLSID\\ -> Spyware.IEPlugin : Cleaned with backup
   HKLM\SOFTWARE\Classes\Wbho.Band\CurVer -> Spyware.IEPlugin : Cleaned with backup
   HKLM\SOFTWARE\Classes\Wbho.Band.1 -> Spyware.IEPlugin : Cleaned with backup
   HKLM\SOFTWARE\Classes\Wbho.Band.1\CLSID\\ -> Spyware.IEPlugin : Cleaned with backup
   HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{99410CDE-6F16-42ce-9D49-3807F78F0287} -> Spyware.Zango : Cleaned with backup
   HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000010-6F7D-442C-93E3-4A4827C2E4C8} -> Spyware.InternetOptimizer : Cleaned with backup
   HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000049-8F91-4D9C-9573-F016E7626484} -> Spyware.BetterInternet : Cleaned with backup
   HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000010-6F7D-442C-93E3-4A4827C2E4C8} -> Spyware.InternetOptimizer : Cleaned with backup
   HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000049-8F91-4D9C-9573-F016E7626484} -> Spyware.BetterInternet : Cleaned with backup
   C:\Documents and Settings\LocalService\Cookies\system@www.shopathomeselect[1].txt -> Spyware.Cookie.Shopathomeselect : Cleaned with backup
   C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\X7ZIJKUM\nem220[1].dll -> TrojanDownloader.Dyfuca : Cleaned with backup
   :mozilla.6:C:\Documents and Settings\Taylor\Application Data\Mozilla\Firefox\Profiles\aj5hiiea.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
   :mozilla.17:C:\Documents and Settings\Taylor\Application Data\Mozilla\Firefox\Profiles\aj5hiiea.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
   :mozilla.18:C:\Documents and Settings\Taylor\Application Data\Mozilla\Firefox\Profiles\aj5hiiea.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
   :mozilla.19:C:\Documents and Settings\Taylor\Application Data\Mozilla\Firefox\Profiles\aj5hiiea.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
   :mozilla.20:C:\Documents and Settings\Taylor\Application Data\Mozilla\Firefox\Profiles\aj5hiiea.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
   :mozilla.21:C:\Documents and Settings\Taylor\Application Data\Mozilla\Firefox\Profiles\aj5hiiea.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
   :mozilla.22:C:\Documents and Settings\Taylor\Application Data\Mozilla\Firefox\Profiles\aj5hiiea.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
   :mozilla.23:C:\Documents and Settings\Taylor\Application Data\Mozilla\Firefox\Profiles\aj5hiiea.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
   :mozilla.24:C:\Documents and Settings\Taylor\Application Data\Mozilla\Firefox\Profiles\aj5hiiea.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
   :mozilla.25:C:\Documents and Settings\Taylor\Application Data\Mozilla\Firefox\Profiles\aj5hiiea.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
   :mozilla.26:C:\Documents and Settings\Taylor\Application Data\Mozilla\Firefox\Profiles\aj5hiiea.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
   :mozilla.27:C:\Documents and Settings\Taylor\Application Data\Mozilla\Firefox\Profiles\aj5hiiea.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
   :mozilla.28:C:\Documents and Settings\Taylor\Application Data\Mozilla\Firefox\Profiles\aj5hiiea.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
   :mozilla.29:C:\Documents and Settings\Taylor\Application Data\Mozilla\Firefox\Profiles\aj5hiiea.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
   :mozilla.30:C:\Documents and Settings\Taylor\Application Data\Mozilla\Firefox\Profiles\aj5hiiea.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
   :mozilla.31:C:\Documents and Settings\Taylor\Application Data\Mozilla\Firefox\Profiles\aj5hiiea.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
   :mozilla.32:C:\Documents and Settings\Taylor\Application Data\Mozilla\Firefox\Profiles\aj5hiiea.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
   :mozilla.33:C:\Documents and Settings\Taylor\Application Data\Mozilla\Firefox\Profiles\aj5hiiea.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
   :mozilla.34:C:\Documents and Settings\Taylor\Application Data\Mozilla\Firefox\Profiles\aj5hiiea.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
   :mozilla.35:C:\Documents and Settings\Taylor\Application Data\Mozilla\Firefox\Profiles\aj5hiiea.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
   :mozilla.36:C:\Documents and Settings\Taylor\Application Data\Mozilla\Firefox\Profiles\aj5hiiea.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
   :mozilla.37:C:\Documents and Settings\Taylor\Application Data\Mozilla\Firefox\Profiles\aj5hiiea.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
   :mozilla.38:C:\Documents and Settings\Taylor\Application Data\Mozilla\Firefox\Profiles\aj5hiiea.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
   :mozilla.39:C:\Documents and Settings\Taylor\Application Data\Mozilla\Firefox\Profiles\aj5hiiea.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
   :mozilla.40:C:\Documents and Settings\Taylor\Application Data\Mozilla\Firefox\Profiles\aj5hiiea.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
   :mozilla.41:C:\Documents and Settings\Taylor\Application Data\Mozilla\Firefox\Profiles\aj5hiiea.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
   :mozilla.42:C:\Documents and Settings\Taylor\Application Data\Mozilla\Firefox\Profiles\aj5hiiea.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
   :mozilla.43:C:\Documents and Settings\Taylor\Application Data\Mozilla\Firefox\Profiles\aj5hiiea.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
   :mozilla.44:C:\Documents and Settings\Taylor\Application Data\Mozilla\Firefox\Profiles\aj5hiiea.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
   :mozilla.45:C:\Documents and Settings\Taylor\Application Data\Mozilla\Firefox\Profiles\aj5hiiea.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
   :mozilla.46:C:\Documents and Settings\Taylor\Application Data\Mozilla\Firefox\Profiles\aj5hiiea.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
   :mozilla.47:C:\Documents and Settings\Taylor\Application Data\Mozilla\Firefox\Profiles\aj5hiiea.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
   :mozilla.48:C:\Documents and Settings\Taylor\Application Data\Mozilla\Firefox\Profiles\aj5hiiea.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
   :mozilla.49:C:\Documents and Settings\Taylor\Application Data\Mozilla\Firefox\Profiles\aj5hiiea.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
   :mozilla.50:C:\Documents and Settings\Taylor\Application Data\Mozilla\Firefox\Profiles\aj5hiiea.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
   :mozilla.51:C:\Documents and Settings\Taylor\Application Data\Mozilla\Firefox\Profiles\aj5hiiea.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
   :mozilla.52:C:\Documents and Settings\Taylor\Application Data\Mozilla\Firefox\Profiles\aj5hiiea.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
   :mozilla.53:C:\Documents and Settings\Taylor\Application Data\Mozilla\Firefox\Profiles\aj5hiiea.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
   :mozilla.54:C:\Documents and Settings\Taylor\Application Data\Mozilla\Firefox\Profiles\aj5hiiea.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
   :mozilla.55:C:\Documents and Settings\Taylor\Application Data\Mozilla\Firefox\Profiles\aj5hiiea.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
   :mozilla.56:C:\Documents and Settings\Taylor\Application Data\Mozilla\Firefox\Profiles\aj5hiiea.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
   :mozilla.57:C:\Documents and Settings\Taylor\Application Data\Mozilla\Firefox\Profiles\aj5hiiea.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
   :mozilla.58:C:\Documents and Settings\Taylor\Application Data\Mozilla\Firefox\Profiles\aj5hiiea.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
   :mozilla.59:C:\Documents and Settings\Taylor\Application Data\Mozilla\Firefox\Profiles\aj5hiiea.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
   :mozilla.60:C:\Documents and Settings\Taylor\Application Data\Mozilla\Firefox\Profiles\aj5hiiea.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
   :mozilla.61:C:\Documents and Settings\Taylor\Application Data\Mozilla\Firefox\Profiles\aj5hiiea.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
   :mozilla.62:C:\Documents and Settings\Taylor\Application Data\Mozilla\Firefox\Profiles\aj5hiiea.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
   :mozilla.63:C:\Documents and Settings\Taylor\Application Data\Mozilla\Firefox\Profiles\aj5hiiea.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
   :mozilla.64:C:\Documents and Settings\Taylor\Application Data\Mozilla\Firefox\Profiles\aj5hiiea.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
   :mozilla.73:C:\Documents and Settings\Taylor\Application Data\Mozilla\Firefox\Profiles\aj5hiiea.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
   :mozilla.77:C:\Documents and Settings\Taylor\Application Data\Mozilla\Firefox\Profiles\aj5hiiea.default\cookies.txt -> Spyware.Cookie.Qksrv : Cleaned with backup
   :mozilla.78:C:\Documents and Settings\Taylor\Application Data\Mozilla\Firefox\Profiles\aj5hiiea.default\cookies.txt -> Spyware.Cookie.Qksrv : Cleaned with backup
   :mozilla.79:C:\Documents and Settings\Taylor\Application Data\Mozilla\Firefox\Profiles\aj5hiiea.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
   :mozilla.80:C:\Documents and Settings\Taylor\Application Data\Mozilla\Firefox\Profiles\aj5hiiea.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
   :mozilla.81:C:\Documents and Settings\Taylor\Application Data\Mozilla\Firefox\Profiles\aj5hiiea.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
   :mozilla.82:C:\Documents and Settings\Taylor\Application Data\Mozilla\Firefox\Profiles\aj5hiiea.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
   :mozilla.83:C:\Documents and Settings\Taylor\Application Data\Mozilla\Firefox\Profiles\aj5hiiea.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
   :mozilla.84:C:\Documents and Settings\Taylor\Application Data\Mozilla\Firefox\Profiles\aj5hiiea.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
   :mozilla.85:C:\Documents and Settings\Taylor\Application Data\Mozilla\Firefox\Profiles\aj5hiiea.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
   :mozilla.86:C:\Documents and Settings\Taylor\Application Data\Mozilla\Firefox\Profiles\aj5hiiea.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
   :mozilla.87:C:\Documents and Settings\Taylor\Application Data\Mozilla\Firefox\Profiles\aj5hiiea.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
   :mozilla.88:C:\Documents and Settings\Taylor\Application Data\Mozilla\Firefox\Profiles\aj5hiiea.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
   :mozilla.89:C:\Documents and Settings\Taylor\Application Data\Mozilla\Firefox\Profiles\aj5hiiea.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
   :mozilla.90:C:\Documents and Settings\Taylor\Application Data\Mozilla\Firefox\Profiles\aj5hiiea.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
   :mozilla.91:C:\Documents and Settings\Taylor\Application Data\Mozilla\Firefox\Profiles\aj5hiiea.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
   :mozilla.92:C:\Documents and Settings\Taylor\Application Data\Mozilla\Firefox\Profiles\aj5hiiea.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
   :mozilla.93:C:\Documents and Settings\Taylor\Application Data\Mozilla\Firefox\Profiles\aj5hiiea.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
   :mozilla.94:C:\Documents and Settings\Taylor\Application Data\Mozilla\Firefox\Profiles\aj5hiiea.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
   :mozilla.95:C:\Documents and Settings\Taylor\Application Data\Mozilla\Firefox\Profiles\aj5hiiea.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
   :mozilla.96:C:\Documents and Settings\Taylor\Application Data\Mozilla\Firefox\Profiles\aj5hiiea.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
   :mozilla.97:C:\Documents and Settings\Taylor\Application Data\Mozilla\Firefox\Profiles\aj5hiiea.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
   :mozilla.98:C:\Documents and Settings\Taylor\Application Data\Mozilla\Firefox\Profiles\aj5hiiea.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
   :mozilla.99:C:\Documents and Settings\Taylor\Application Data\Mozilla\Firefox\Profiles\aj5hiiea.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
   :mozilla.100:C:\Documents and Settings\Taylor\Application Data\Mozilla\Firefox\Profiles\aj5hiiea.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
   :mozilla.101:C:\Documents and Settings\Taylor\Application Data\Mozilla\Firefox\Profiles\aj5hiiea.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
   :mozilla.102:C:\Documents and Settings\Taylor\Application Data\Mozilla\Firefox\Profiles\aj5hiiea.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
   :mozilla.103:C:\Documents and Settings\Taylor\Application Data\Mozilla\Firefox\Profiles\aj5hiiea.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
   :mozilla.104:C:\Documents and Settings\Taylor\Application Data\Mozilla\Firefox\Profiles\aj5hiiea.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
   :mozilla.105:C:\Documents and Settings\Taylor\Application Data\Mozilla\Firefox\Profiles\aj5hiiea.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
   :mozilla.106:C:\Documents and Settings\Taylor\Application Data\Mozilla\Firefox\Profiles\aj5hiiea.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
   :mozilla.108:C:\Documents and Settings\Taylor\Application Data\Mozilla\Firefox\Profiles\aj5hiiea.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
   :mozilla.109:C:\Documents and Settings\Taylor\Application Data\Mozilla\Firefox\Profiles\aj5hiiea.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
   :mozilla.110:C:\Documents and Settings\Taylor\Application Data\Mozilla\Firefox\Profiles\aj5hiiea.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
   :mozilla.113:C:\Documents and Settings\Taylor\Application Data\Mozilla\Firefox\Profiles\aj5hiiea.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
   :mozilla.114:C:\Documents and Settings\Taylor\Application Data\Mozilla\Firefox\Profiles\aj5hiiea.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
   :mozilla.115:C:\Documents and Settings\Taylor\Application Data\Mozilla\Firefox\Profiles\aj5hiiea.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
   :mozilla.116:C:\Documents and Settings\Taylor\Application Data\Mozilla\Firefox\Profiles\aj5hiiea.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
   :mozilla.117:C:\Documents and Settings\Taylor\Application Data\Mozilla\Firefox\Profiles\aj5hiiea.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
   :mozilla.118:C:\Documents and Settings\Taylor\Application Data\Mozilla\Firefox\Profiles\aj5hiiea.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
   :mozilla.126:C:\Documents and Settings\Taylor\Application Data\Mozilla\Firefox\Profiles\aj5hiiea.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
   :mozilla.127:C:\Documents and Settings\Taylor\Application Data\Mozilla\Firefox\Profiles\aj5hiiea.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
   :mozilla.128:C:\Documents and Settings\Taylor\Application Data\Mozilla\Firefox\Profiles\aj5hiiea.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
   :mozilla.129:C:\Documents and Settings\Taylor\Application Data\Mozilla\Firefox\Profiles\aj5hiiea.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
   :mozilla.130:C:\Documents and Settings\Taylor\Application Data\Mozilla\Firefox\Profiles\aj5hiiea.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
   :mozilla.131:C:\Documents and Settings\Taylor\Application Data\Mozilla\Firefox\Profiles\aj5hiiea.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
   :mozilla.132:C:\Documents and Settings\Taylor\Application Data\Mozilla\Firefox\Profiles\aj5hiiea.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
   :mozilla.133:C:\Documents and Settings\Taylor\Application Data\Mozilla\Firefox\Profiles\aj5hiiea.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
   :mozilla.134:C:\Documents and Settings\Taylor\Application Data\Mozilla\Firefox\Profiles\aj5hiiea.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
   :mozilla.135:C:\Documents and Settings\Taylor\Application Data\Mozilla\Firefox\Profiles\aj5hiiea.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
   :mozilla.136:C:\Documents and Settings\Taylor\Application Data\Mozilla\Firefox\Profiles\aj5hiiea.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
   :mozilla.137:C:\Documents and Settings\Taylor\Application Data\Mozilla\Firefox\Profiles\aj5hiiea.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
   :mozilla.152:C:\Documents and Settings\Taylor\Application Data\Mozilla\Firefox\Profiles\aj5hiiea.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
   :mozilla.153:C:\Documents and Settings\Taylor\Application Data\Mozilla\Firefox\Profiles\aj5hiiea.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
   :mozilla.154:C:\Documents and Settings\Taylor\Application Data\Mozilla\Firefox\Profiles\aj5hiiea.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
   :mozilla.155:C:\Documents and Settings\Taylor\Application Data\Mozilla\Firefox\Profiles\aj5hiiea.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
   :mozilla.156:C:\Documents and Settings\Taylor\Application Data\Mozilla\Firefox\Profiles\aj5hiiea.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
   :mozilla.157:C:\Documents and Settings\Taylor\Application Data\Mozilla\Firefox\Profiles\aj5hiiea.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
   :mozilla.158:C:\Documents and Settings\Taylor\Application Data\Mozilla\Firefox\Profiles\aj5hiiea.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
   :mozilla.159:C:\Documents and Settings\Taylor\Application Data\Mozilla\Firefox\Profiles\aj5hiiea.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
   :mozilla.162:C:\Documents and Settings\Taylor\Application Data\Mozilla\Firefox\Profiles\aj5hiiea.default\cookies.txt -> Spyware.Cookie.Adbrite : Cleaned with backup
   :mozilla.171:C:\Documents and Settings\Taylor\Application Data\Mozilla\Firefox\Profiles\aj5hiiea.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
   :mozilla.172:C:\Documents and Settings\Taylor\Application Data\Mozilla\Firefox\Profiles\aj5hiiea.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
   :mozilla.173:C:\Documents and Settings\Taylor\Application Data\Mozilla\Firefox\Profiles\aj5hiiea.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
   :mozilla.174:C:\Documents and Settings\Taylor\Application Data\Mozilla\Firefox\Profiles\aj5hiiea.default\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
   :mozilla.175:C:\Documents and Settings\Taylor\Application Data\Mozilla\Firefox\Profiles\aj5hiiea.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
   :mozilla.176:C:\Documents and Settings\Taylor\Application Data\Mozilla\Firefox\Profiles\aj5hiiea.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
   :mozilla.177:C:\Documents and Settings\Taylor\Application Data\Mozilla\Firefox\Profiles\aj5hiiea.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
   :mozilla.178:C:\Documents and Settings\Taylor\Application Data\Mozilla\Firefox\Profiles\aj5hiiea.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
   :mozilla.179:C:\Documents and Settings\Taylor\Application Data\Mozilla\Firefox\Profiles\aj5hiiea.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
   :mozilla.180:C:\Documents and Settings\Taylor\Application Data\Mozilla\Firefox\Profiles\aj5hiiea.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
   :mozilla.188:C:\Documents and Settings\Taylor\Application Data\Mozilla\Firefox\Profiles\aj5hiiea.default\cookies.txt -> Spyware.Cookie.Bfast : Cleaned with backup
   :mozilla.191:C:\Documents and Settings\Taylor\Application Data\Mozilla\Firefox\Profiles\aj5hiiea.default\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
   :mozilla.192:C:\Documents and Settings\Taylor\Application Data\Mozilla\Firefox\Profiles\aj5hiiea.default\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
   :mozilla.208:C:\Documents and Settings\Taylor\Application Data\Mozilla\Firefox\Profiles\aj5hiiea.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
   :mozilla.209:C:\Documents and Settings\Taylor\Application Data\Mozilla\Firefox\Profiles\aj5hiiea.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
   :mozilla.210:C:\Documents and Settings\Taylor\Application Data\Mozilla\Firefox\Profiles\aj5hiiea.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
   :mozilla.211:C:\Documents and Settings\Taylor\Application Data\Mozilla\Firefox\Profiles\aj5hiiea.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
   :mozilla.212:C:\Documents and Settings\Taylor\Application Data\Mozilla\Firefox\Profiles\aj5hiiea.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
   :mozilla.213:C:\Documents and Settings\Taylor\Application Data\Mozilla\Firefox\Profiles\aj5hiiea.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
   :mozilla.214:C:\Documents and Settings\Taylor\Application Data\Mozilla\Firefox\Profiles\aj5hiiea.default\cookies.txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
   :mozilla.215:C:\Documents and Settings\Taylor\Application Data\Mozilla\Firefox\Profiles\aj5hiiea.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
   :mozilla.216:C:\Documents and Settings\Taylor\Application Data\Mozilla\Firefox\Profiles\aj5hiiea.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
   :mozilla.217:C:\Documents and Settings\Taylor\Application Data\Mozilla\Firefox\Profiles\aj5hiiea.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
   :mozilla.218:C:\Documents and Settings\Taylor\Application Data\Mozilla\Firefox\Profiles\aj5hiiea.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
   :mozilla.219:C:\Documents and Settings\Taylor\Application Data\Mozilla\Firefox\Profiles\aj5hiiea.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
   :mozilla.220:C:\Documents and Settings\Taylor\Application Data\Mozilla\Firefox\Profiles\aj5hiiea.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
   :mozilla.221:C:\Documents and Settings\Taylor\Application Data\Mozilla\Firefox\Profiles\aj5hiiea.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
   :mozilla.222:C:\Documents and Settings\Taylor\Application Data\Mozilla\Firefox\Profiles\aj5hiiea.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
   :mozilla.223:C:\Documents and Settings\Taylor\Application Data\Mozilla\Firefox\Profiles\aj5hiiea.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
   :mozilla.225:C:\Documents and Settings\Taylor\Application Data\Mozilla\Firefox\Profiles\aj5hiiea.default\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
   :mozilla.226:C:\Documents and Settings\Taylor\Application Data\Mozilla\Firefox\Profiles\aj5hiiea.default\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
   :mozilla.228:C:\Documents and Settings\Taylor\Application Data\Mozilla\Firefox\Profiles\aj5hiiea.default\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
   :mozilla.229:C:\Documents and Settings\Taylor\Application Data\Mozilla\Firefox\Profiles\aj5hiiea.default\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
   :mozilla.231:C:\Documents and Settings\Taylor\Application Data\Mozilla\Firefox\Profiles\aj5hiiea.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
   :mozilla.232:C:\Documents and Settings\Taylor\Application Data\Mozilla\Firefox\Profiles\aj5hiiea.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
   :mozilla.233:C:\Documents and Settings\Taylor\Application Data\Mozilla\Firefox\Profiles\aj5hiiea.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
   :mozilla.237:C:\Documents and Settings\Taylor\Application Data\Mozilla\Firefox\Profiles\aj5hiiea.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
   :mozilla.238:C:\Documents and Settings\Taylor\Application Data\Mozilla\Firefox\Profiles\aj5hiiea.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
   :mozilla.243:C:\Documents and Settings\Taylor\Application Data\Mozilla\Firefox\Profiles\aj5hiiea.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
   :mozilla.244:C:\Documents and Settings\Taylor\Application Data\Mozilla\Firefox\Profiles\aj5hiiea.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
   :mozilla.262:C:\Documents and Settings\Taylor\Application Data\Mozilla\Firefox\Profiles\aj5hiiea.default\cookies.txt -> Spyware.Cookie.s*xcounter : Cleaned with backup
   :mozilla.263:C:\Documents and Settings\Taylor\Application Data\Mozilla\Firefox\Profiles\aj5hiiea.default\cookies.txt -> Spyware.Cookie.s*xcounter : Cleaned with backup
   :mozilla.264:C:\Documents and Settings\Taylor\Application Data\Mozilla\Firefox\Profiles\aj5hiiea.default\cookies.txt -> Spyware.Cookie.s*xcounter : Cleaned with backup
   :mozilla.265:C:\Documents and Settings\Taylor\Application Data\Mozilla\Firefox\Profiles\aj5hiiea.default\cookies.txt -> Spyware.Cookie.s*xcounter : Cleaned with backup
   :mozilla.273:C:\Documents and Settings\Taylor\Application Data\Mozilla\Firefox\Profiles\aj5hiiea.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
   :mozilla.274:C:\Documents and Settings\Taylor\Application Data\Mozilla\Firefox\Profiles\aj5hiiea.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
   :mozilla.276:C:\Documents and Settings\Taylor\Application Data\Mozilla\Firefox\Profiles\aj5hiiea.default\cookies.txt -> Spyware.Cookie.Linksynergy : Cleaned with backup
   :mozilla.277:C:\Documents and Settings\Taylor\Application Data\Mozilla\Firefox\Profiles\aj5hiiea.default\cookies.txt -> Spyware.Cookie.Linksynergy : Cleaned with backup
   :mozilla.278:C:\Documents and Settings\Taylor\Application Data\Mozilla\Firefox\Profiles\aj5hiiea.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
   :mozilla.279:C:\Documents and Settings\Taylor\Application Data\Mozilla\Firefox\Profiles\aj5hiiea.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
   :mozilla.280:C:\Documents and Settings\Taylor\Application Data\Mozilla\Firefox\Profiles\aj5hiiea.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
   :mozilla.357:C:\Documents and Settings\Taylor\Application Data\Mozilla\Firefox\Profiles\aj5hiiea.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
   :mozilla.367:C:\Documents and Settings\Taylor\Application Data\Mozilla\Firefox\Profiles\aj5hiiea.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
   :mozilla.368:C:\Documents and Settings\Taylor\Application Data\Mozilla\Firefox\Profiles\aj5hiiea.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
   :mozilla.369:C:\Documents and Settings\Taylor\Application Data\Mozilla\Firefox\Profiles\aj5hiiea.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
   :mozilla.371:C:\Documents and Settings\Taylor\Application Data\Mozilla\Firefox\Profiles\aj5hiiea.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
   :mozilla.372:C:\Documents and Settings\Taylor\Application Data\Mozilla\Firefox\Profiles\aj5hiiea.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
   :mozilla.373:C:\Documents and Settings\Taylor\Application Data\Mozilla\Firefox\Profiles\aj5hiiea.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
   :mozilla.374:C:\Documents and Settings\Taylor\Application Data\Mozilla\Firefox\Profiles\aj5hiiea.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
   :mozilla.375:C:\Documents and Settings\Taylor\Application Data\Mozilla\Firefox\Profiles\aj5hiiea.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
   :mozilla.388:C:\Documents and Settings\Taylor\Application Data\Mozilla\Firefox\Profiles\aj5hiiea.default\cookies.txt -> Spyware.Cookie.Targetnet : Cleaned with backup
   :mozilla.411:C:\Documents and Settings\Taylor\Application Data\Mozilla\Firefox\Profiles\aj5hiiea.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
   :mozilla.412:C:\Documents and Settings\Taylor\Application Data\Mozilla\Firefox\Profiles\aj5hiiea.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
   :mozilla.413:C:\Documents and Settings\Taylor\Application Data\Mozilla\Firefox\Profiles\aj5hiiea.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
   :mozilla.414:C:\Documents and Settings\Taylor\Application Data\Mozilla\Firefox\Profiles\aj5hiiea.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
   :mozilla.421:C:\Documents and Settings\Taylor\Application Data\Mozilla\Firefox\Profiles\aj5hiiea.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
   :mozilla.423:C:\Documents and Settings\Taylor\Application Data\Mozilla\Firefox\Profiles\aj5hiiea.default\cookies.txt -> Spyware.Cookie.Adtech : Cleaned with backup
   :mozilla.424:C:\Documents and Settings\Taylor\Application Data\Mozilla\Firefox\Profiles\aj5hiiea.default\cookies.txt -> Spyware.Cookie.Adtech : Cleaned with backup
   :mozilla.425:C:\Documents and Settings\Taylor\Application Data\Mozilla\Firefox\Profiles\aj5hiiea.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
   :mozilla.442:C:\Documents and Settings\Taylor\Application Data\Mozilla\Firefox\Profiles\aj5hiiea.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
   :mozilla.451:C:\Documents and Settings\Taylor\Application Data\Mozilla\Firefox\Profiles\aj5hiiea.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
   :mozilla.453:C:\Documents and Settings\Taylor\Application Data\Mozilla\Firefox\Profiles\aj5hiiea.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
   :mozilla.454:C:\Documents and Settings\Taylor\Application Data\Mozilla\Firefox\Profiles\aj5hiiea.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
   :mozilla.464:C:\Documents and Settings\Taylor\Application Data\Mozilla\Firefox\Profiles\aj5hiiea.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
   :mozilla.465:C:\Documents and Settings\Taylor\Application Data\Mozilla\Firefox\Profiles\aj5hiiea.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
   :mozilla.466:C:\Documents and Settings\Taylor\Application Data\Mozilla\Firefox\Profiles\aj5hiiea.default\cookies.txt -> Spyware.Cookie.Shopathomeselect : Cleaned with backup
   :mozilla.467:C:\Documents and Settings\Taylor\Application Data\Mozilla\Firefox\Profiles\aj5hiiea.default\cookies.txt -> Spyware.Cookie.Shopathomeselect : Cleaned with backup
   :mozilla.468:C:\Documents and Settings\Taylor\Application Data\Mozilla\Firefox\Profiles\aj5hiiea.default\cookies.txt -> Spyware.Cookie.Shopathomeselect : Cleaned with backup
   :mozilla.469:C:\Documents and Settings\Taylor\Application Data\Mozilla\Firefox\Profiles\aj5hiiea.default\cookies.txt -> Spyware.Cookie.Shopathomeselect : Cleaned with backup
   :mozilla.477:C:\Documents and Settings\Taylor\Application Data\Mozilla\Firefox\Profiles\aj5hiiea.default\cookies.txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup
   :mozilla.496:C:\Documents and Settings\Taylor\Application Data\Mozilla\Firefox\Profiles\aj5hiiea.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
   :mozilla.497:C:\Documents and Settings\Taylor\Application Data\Mozilla\Firefox\Profiles\aj5hiiea.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
   :mozilla.498:C:\Documents and Settings\Taylor\Application Data\Mozilla\Firefox\Profiles\aj5hiiea.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
   :mozilla.499:C:\Documents and Settings\Taylor\Application Data\Mozilla\Firefox\Profiles\aj5hiiea.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
   :mozilla.507:C:\Documents and Settings\Taylor\Application Data\Mozilla\Firefox\Profiles\aj5hiiea.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
   :mozilla.516:C:\Documents and Settings\Taylor\Application Data\Mozilla\Firefox\Profiles\aj5hiiea.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
   :mozilla.517:C:\Documents and Settings\Taylor\Application Data\Mozilla\Firefox\Profiles\aj5hiiea.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
   :mozilla.518:C:\Documents and Settings\Taylor\Application Data\Mozilla\Firefox\Profiles\aj5hiiea.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
   :mozilla.521:C:\Documents and Settings\Taylor\Application Data\Mozilla\Firefox\Profiles\aj5hiiea.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
   :mozilla.522:C:\Documents and Settings\Taylor\Application Data\Mozilla\Firefox\Profiles\aj5hiiea.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
   :mozilla.532:C:\Documents and Settings\Taylor\Application Data\Mozilla\Firefox\Profiles\aj5hiiea.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
   :mozilla.533:C:\Documents and Settings\Taylor\Application Data\Mozilla\Firefox\Profiles\aj5hiiea.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
   :mozilla.549:C:\Documents and Settings\Taylor\Application Data\Mozilla\Firefox\Profiles\aj5hiiea.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
   :mozilla.550:C:\Documents and Settings\Taylor\Application Data\Mozilla\Firefox\Profiles\aj5hiiea.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
   :mozilla.551:C:\Documents and Settings\Taylor\Application Data\Mozilla\Firefox\Profiles\aj5hiiea.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
   :mozilla.552:C:\Documents and Settings\Taylor\Application Data\Mozilla\Firefox\Profiles\aj5hiiea.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
   :mozilla.553:C:\Documents and Settings\Taylor\Application Data\Mozilla\Firefox\Profiles\aj5hiiea.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
   :mozilla.554:C:\Documents and Settings\Taylor\Application Data\Mozilla\Firefox\Profiles\aj5hiiea.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
   :mozilla.578:C:\Documents and Settings\Taylor\Application Data\Mozilla\Firefox\Profiles\aj5hiiea.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
   :mozilla.610:C:\Documents and Settings\Taylor\Application Data\Mozilla\Firefox\Profiles\aj5hiiea.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
   :mozilla.614:C:\Documents and Settings\Taylor\Application Data\Mozilla\Firefox\Profiles\aj5hiiea.default\cookies.txt -> Spyware.Cookie.Onestat : Cleaned with backup
   :mozilla.617:C:\Documents and Settings\Taylor\Application Data\Mozilla\Firefox\Profiles\aj5hiiea.default\cookies.txt -> Spyware.Cookie.Onestat : Cleaned with backup
   :mozilla.618:C:\Documents and Settings\Taylor\Application Data\Mozilla\Firefox\Profiles\aj5hiiea.default\cookies.txt -> Spyware.Cookie.Onestat : Cleaned with backup
   :mozilla.627:C:\Documents and Settings\Taylor\Application Data\Mozilla\Firefox\Profiles\aj5hiiea.default\cookies.txt -> Spyware.Cookie.Hitslink : Cleaned with backup
   :mozilla.628:C:\Documents and Settings\Taylor\Application Data\Mozilla\Firefox\Profiles\aj5hiiea.default\cookies.txt -> Spyware.Cookie.Hitslink : Cleaned with backup
   :mozilla.629:C:\Documents and Settings\Taylor\Application Data\Mozilla\Firefox\Profiles\aj5hiiea.default\cookies.txt -> Spyware.Cookie.Hitslink : Cleaned with backup
   :mozilla.630:C:\Documents and Settings\Taylor\Application Data\Mozilla\Firefox\Profiles\aj5hiiea.default\cookies.txt -> Spyware.Cookie.Hitslink : Cleaned with backup
   :mozilla.631:C:\Documents and Settings\Taylor\Application Data\Mozilla\Firefox\Profiles\aj5hiiea.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
   :mozilla.632:C:\Documents and Settings\Taylor\Application Data\Mozilla\Firefox\Profiles\aj5hiiea.default\cookies.txt -> Spyware.Cookie.Hypertracker : Cleaned with backup
   :mozilla.633:C:\Documents and Settings\Taylor\Application Data\Mozilla\Firefox\Profiles\aj5hiiea.default\cookies.txt -> Spyware.Cookie.Hypertracker : Cleaned with backup
   :mozilla.634:C:\Documents and Settings\Taylor\Application Data\Mozilla\Firefox\Profiles\aj5hiiea.default\cookies.txt -> Spyware.Cookie.Hypertracker : Cleaned with backup
   :mozilla.657:C:\Documents and Settings\Taylor\Application Data\Mozilla\Firefox\Profiles\aj5hiiea.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
   :mozilla.658:C:\Documents and Settings\Taylor\Application Data\Mozilla\Firefox\Profiles\aj5hiiea.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
   :mozilla.659:C:\Documents and Settings\Taylor\Application Data\Mozilla\Firefox\Profiles\aj5hiiea.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
   :mozilla.660:C:\Documents and Settings\Taylor\Application Data\Mozilla\Firefox\Profiles\aj5hiiea.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
   :mozilla.661:C:\Documents and Settings\Taylor\Application Data\Mozilla\Firefox\Profiles\aj5hiiea.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
   :mozilla.662:C:\Documents and Settings\Taylor\Application Data\Mozilla\Firefox\Profiles\aj5hiiea.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
   :mozilla.663:C:\Documents and Settings\Taylor\Application Data\Mozilla\Firefox\Profiles\aj5hiiea.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
   :mozilla.687:C:\Documents and Settings\Taylor\Application Data\Mozilla\Firefox\Profiles\aj5hiiea.default\cookies.txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
   :mozilla.715:C:\Documents and Settings\Taylor\Application Data\Mozilla\Firefox\Profiles\aj5hiiea.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
   :mozilla.745:C:\Documents and Settings\Taylor\Application Data\Mozilla\Firefox\Profiles\aj5hiiea.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
   :mozilla.746:C:\Documents and Settings\Taylor\Application Data\Mozilla\Firefox\Profiles\aj5hiiea.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
   :mozilla.756:C:\Documents and Settings\Taylor\Application Data\Mozilla\Firefox\Profiles\aj5hiiea.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
   :mozilla.766:C:\Documents and Settings\Taylor\Application Data\Mozilla\Firefox\Profiles\aj5hiiea.default\cookies.txt -> Spyware.Cookie.Adjuggler : Cleaned with backup
   :mozilla.830:C:\Documents and Settings\Taylor\Application Data\Mozilla\Firefox\Profiles\aj5hiiea.default\cookies.txt -> Spyware.Cookie.Revenue : Cleaned with backup
   :mozilla.849:C:\Documents and Settings\Taylor\Application Data\Mozilla\Firefox\Profiles\aj5hiiea.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
   :mozilla.850:C:\Documents and Settings\Taylor\Application Data\Mozilla\Firefox\Profiles\aj5hiiea.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
   :mozilla.851:C:\Documents and Settings\Taylor\Application Data\Mozilla\Firefox\Profiles\aj5hiiea.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
   :mozilla.857:C:\Documents and Settings\Taylor\Application Data\Mozilla\Firefox\Profiles\aj5hiiea.default\cookies.txt -> Spyware.Cookie.Dbbsrv : Cleaned with backup
   :mozilla.863:C:\Documents and Settings\Taylor\Application Data\Mozilla\Firefox\Profiles\aj5hiiea.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
   :mozilla.866:C:\Documents and Settings\Taylor\Application Data\Mozilla\Firefox\Profiles\aj5hiiea.default\cookies.txt -> Spyware.Cookie.Weborama : Cleaned with backup
   :mozilla.867:C:\Documents and Settings\Taylor\Application Data\Mozilla\Firefox\Profiles\aj5hiiea.default\cookies.txt -> Spyware.Cookie.Weborama : Cleaned with backup
   :mozilla.868:C:\Documents and Settings\Taylor\Application Data\Mozilla\Firefox\Profiles\aj5hiiea.default\cookies.txt -> Spyware.Cookie.Weborama : Cleaned with backup
   :mozilla.869:C:\Documents and Settings\Taylor\Application Data\Mozilla\Firefox\Profiles\aj5hiiea.default\cookies.txt -> Spyware.Cookie.Estat : Cleaned with backup
   :mozilla.870:C:\Documents and Settings\Taylor\Application Data\Mozilla\Firefox\Profiles\aj5hiiea.default\cookies.txt -> Spyware.Cookie.247realmedia : Cleaned with backup
   :mozilla.874:C:\Documents and Settings\Taylor\Application Data\Mozilla\Firefox\Profiles\aj5hiiea.default\cookies.txt -> Spyware.Cookie.Ad-logics : Cleaned with backup
   :mozilla.899:C:\Documents and Settings\Taylor\Application Data\Mozilla\Firefox\Profiles\aj5hiiea.default\cookies.txt -> Spyware.Cookie.Clickzs : Cleaned with backup
   :mozilla.900:C:\Documents and Settings\Taylor\Application Data\Mozilla\Firefox\Profiles\aj5hiiea.default\cookies.txt -> Spyware.Cookie.Clickzs : Cleaned with backup
   :mozilla.904:C:\Documents and Settings\Taylor\Application Data\Mozilla\Firefox\Profiles\aj5hiiea.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
   C:\Documents and Settings\Taylor\Cookies\taylor@2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
   C:\Documents and Settings\Taylor\Cookies\taylor@ad.yieldmanager[1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
   C:\Documents and Settings\Taylor\Cookies\taylor@ad.yieldmanager[3].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
   C:\Documents and Settings\Taylor\Cookies\taylor@ads.addynamix[1].txt -> Spyware.Cookie.Addynamix : Cleaned with backup
   C:\Documents and Settings\Taylor\Cookies\taylor@as1.falkag[2].txt -> Spyware.Cookie.Falkag : Cleaned with backup
   C:\Documents and Settings\Taylor\Cookies\taylor@trafficmp[1].txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
   C:\Documents and Settings\Taylor\Cookies\taylor@yieldmanager[2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
   C:\Documents and Settings\Taylor\Cookies\taylor@z1.adserver[1].txt -> Spyware.Cookie.Adserver : Cleaned with backup
   C:\Documents and Settings\Taylor\Local Settings\Temp\drp1.tmp\thnall5c.exe -> Adware.BetterInternet : Cleaned with backup
   C:\Documents and Settings\Taylor\Local Settings\Temp\drp10A.tmp\thnall5c.exe -> Adware.BetterInternet : Cleaned with backup
   C:\Documents and Settings\Taylor\Local Settings\Temp\drp243.tmp\thnall5c.exe -> Adware.BetterInternet : Cleaned with backup
   C:\Documents and Settings\Taylor\Local Settings\Temp\drp2FE.tmp\thnall5c.exe -> Adware.BetterInternet : Cleaned with backup
   C:\Documents and Settings\Taylor\Local Settings\Temp\drp3A1.tmp\thnall5c.exe -> Adware.BetterInternet : Cleaned with backup
   C:\Documents and Settings\Taylor\Local Settings\Temp\drp548.tmp\thnall5c.exe -> Adware.BetterInternet : Cleaned with backup
   C:\Documents and Settings\Taylor\Local Settings\Temp\drp629.tmp\thnall5c.exe -> Adware.BetterInternet : Cleaned with backup
   C:\Documents and Settings\Taylor\Local Settings\Temp\DrTemp\ceres.cab/ceres.dll -> Adware.BetterInternet : Cleaned with backup
   C:\Documents and Settings\Taylor\Local Settings\Temp\DrTemp\ceres.dll -> Adware.BetterInternet : Cleaned with backup
   C:\Documents and Settings\Taylor\Local Settings\Temp\nst7.EXE -> Spyware.SmartPops : Cleaned with backup
   C:\Documents and Settings\Taylor\Local Settings\Temp\res11.tmp -> Spyware.180Solutions : Cleaned with backup
   C:\Documents and Settings\Taylor\Local Settings\Temp\res3A3.tmp/clientax.dll -> Spyware.180Solutions : Cleaned with backup
   C:\Documents and Settings\Taylor\Local Settings\Temp\res3A3.tmp/clientax.dll -> Spyware.180Solutions : Cleaned with backup
   C:\Documents and Settings\Taylor\Local Settings\Temp\res3A5.tmp -> Spyware.180Solutions : Cleaned with backup
   C:\Documents and Settings\Taylor\Local Settings\Temp\res3D.tmp -> Spyware.180Solutions : Cleaned with backup
   C:\Documents and Settings\Taylor\Local Settings\Temp\res401.tmp/clientax.dll -> Spyware.180Solutions : Cleaned with backup
   C:\Documents and Settings\Taylor\Local Settings\Temp\res401.tmp/clientax.dll -> Spyware.180Solutions : Cleaned with backup
   C:\Documents and Settings\Taylor\Local Settings\Temp\res411.tmp/clientax.dll -> Spyware.180Solutions : Cleaned with backup
   C:\Documents and Settings\Taylor\Local Settings\Temp\res411.tmp/clientax.dll -> Spyware.180Solutions : Cleaned with backup
   C:\Documents and Settings\Taylor\Local Settings\Temp\res422.tmp/clientax.dll -> Spyware.180Solutions : Cleaned with backup
   C:\Documents and Settings\Taylor\Local Settings\Temp\res422.tmp/clientax.dll -> Spyware.180Solutions : Cleaned with backup
   C:\Documents and Settings\Taylor\Local Settings\Temp\wupdt.exe -> TrojanDownloader.Intexp.c : Cleaned with backup
   C:\Documents and Settings\Taylor\msdirectx.sys -> Trojan.Rootkit.h : Cleaned with backup
   C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll -> Spyware.Wheaterbug : Cleaned with backup
   C:\Program Files\CDM\gwkvhxlbyy.dll -> Spyware.SmartPops : Cleaned with backup
   C:\Program Files\CDM\gwkvhxlbyy.exe -> Spyware.SmartPops : Cleaned with backup
   C:\Program Files\Common Files\services.exe -> Spyware.Maxifiles : Cleaned with backup
   C:\Program Files\Common Files\system32.dll/gui.exe -> TrojanDownloader.Agent.rv : Error during cleaning
   C:\Program Files\Common Files\Windows\services32.exe -> Spyware.Maxifiles : Cleaned with backup
   C:\Program Files\DNS\gui.exe -> TrojanDownloader.Agent.rv : Cleaned with backup
   C:\Program Files\InetGet\Adperform180safull.exe -> Spyware.WinAD : Cleaned with backup
   C:\Program Files\SurfSideKick 3\Ssk.exe -> Spyware.SurfSide : Cleaned with backup
   C:\Program Files\SurfSideKick 3\SskBho.dll -> Spyware.SurfSide : Cleaned with backup
   C:\Program Files\SurfSideKick 3\SskCore.dll -> Spyware.SurfSide : Cleaned with backup
   C:\Program Files\Zango Games\AirHockey\ZangoInstaller.exe/clientax.dll -> Spyware.180Solutions : Error during cleaning
   C:\Program Files\Zango Games\AirHockey\ZangoInstaller.exe/clientax.dll -> Spyware.180Solutions : Error during cleaning
   C:\Program Files\Zango Games\Foosball\ZangoInstaller.exe/clientax.dll -> Spyware.180Solutions : Error during cleaning
   C:\Program Files\Zango Games\Foosball\ZangoInstaller.exe/clientax.dll -> Spyware.180Solutions : Error during cleaning
   C:\Program Files\ZangoClient\zanu.exe -> Spyware.180Solutions : Cleaned with backup
   C:\Program Files\ZangoClient\zanuhook.dll -> Spyware.180Solutions : Cleaned with backup
   C:\temp\180SAInstaller.exe/clientax.dll -> Spyware.180Solutions : Cleaned with backup
   C:\temp\180SAInstaller.exe/clientax.dll -> Spyware.180Solutions : Cleaned with backup
   C:\WINDOWS\7p4etpsr.exe -> Adware.SAHA : Cleaned with backup
   C:\WINDOWS\Buddy.exe -> Adware.BetterInternet : Cleaned with backup
   C:\WINDOWS\Downloaded Program Files\ClientAX.dll -> Spyware.180Solutions : Cleaned with backup
   C:\WINDOWS\Downloaded Program Files\MediaTicketsInstaller.ocx -> Spyware.MediaTickets : Cleaned with backup
   C:\WINDOWS\SSK3_B5.exe -> TrojanDropper.Small.qn : Cleaned with backup
   C:\WINDOWS\system32\31l42m57.exe -> Adware.SAHA : Cleaned with backup
   C:\WINDOWS\system32\9h14jge4.exe -> Adware.SAHA : Cleaned with backup
   C:\WINDOWS\system32\cjjzxfko.exe -> Trojan.Agent.ay : Cleaned with backup
   C:\WINDOWS\tct101.dll -> TrojanDownloader.Dyfuca.eg : Cleaned with backup
   C:\WINDOWS\tdtb.exe -> Trojan.Imiserv.c : Cleaned with backup
   C:\WINDOWS\Temp\180sainstaller.exe/clientax.dll -> Spyware.180Solutions : Cleaned with backup
   C:\WINDOWS\Temp\180sainstaller.exe/clientax.dll -> Spyware.180Solutions : Cleaned with backup
   C:\WINDOWS\Temp\Del1C.tmp -> Spyware.180Solutions : Cleaned with backup
   C:\WINDOWS\Temp\DelD.tmp -> TrojanDownloader.Small.asf : Cleaned with backup
   C:\WINDOWS\Temp\DrTemp\ceres.cab/ceres.dll -> Adware.BetterInternet : Cleaned with backup
   C:\WINDOWS\Temp\DrTemp\ceres.dll -> Adware.BetterInternet : Cleaned with backup
   C:\WINDOWS\Temp\i3.tmp -> Spyware.SurfSide : Cleaned with backup
   C:\WINDOWS\Temp\resE.tmp -> Spyware.180Solutions : Cleaned with backup


::Report End
Logged

 
Pancake
Global Moderator
Hero Member
*****

Karma: +78/-0
Offline Offline

Gender: Male
Posts: 3915


Bookmark and Share

View Profile
« Reply #6 on: October 19, 2005, 02:35:19 AM »

Hi.
This should complete the cleanup


It may help you if you print out or copy this page for easy reference.. Make sure to work through the fixes in the exact order its listed. Please Keep your browser and all open programs closed (except firewalls and antivirus) when you are carrying out the fixes






SHOW HIDDEN FILES AND FOLDERS.
To show hidden files instructions (WinXP)
Doubleclick My Computer | Tools | Folder Options | View tab
Select Show Hidden Files and Folders
Uncheck Hide extensions for known file types
Uncheck Hide protected operating system files (Recommended)
Select Apply to All Folders | Yes | Apply | OK
------------------------------------------------------------------


 Folders that have been highlighted RED will need to be uninstalled.
  -----------------------------------------------------------------------



Please start by putting your computer in SAFE MODE.  During reboot, tap the F8 key. Select Safe Mode and then run HJT.
--------------------------------------------------------------


Uninstall the following programs (if they still exist) Go into HijackThis->Config->Misc.Tools->Open Uninstall manager

etb
InetGet
DNS

-----------------------------------------------------------------



Have "Hijack This" fix all the following items in the list below by placing a check in the appropriate boxes.Confirm that you have only the listed ones checked, then press <Fix checked> and Close HJT.

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: Internet Explorer Web Content Catcher - {FFF4E223-7019-4ce7-BE03-D7D3C8CCE884} - C:\Program Files\DNS\Catcher.dll
O4 - HKLM\..\Run: [Media Gateway] C:\Program Files\InetGet\Adperform180safull.exe
O4 - HKLM\..\Run: [System service75] C:\WINDOWS\etb\pokapoka75.exe




 ---------------------------------------------------------------------------
Open Windows Explorer and delete the following highlighted file/s (or delete the whole folder (Red) if no specific file is given)

C:\WINDOWS\etb
C:\Program Files\InetGet
 C:\Program Files\DNS
------------------------------------------------------------------------

Restart your computer and post a new HijackThis log

Logged

An Australian Member of

EDDY
SteveSharp
Newbie
*

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 9


Bookmark and Share

View Profile
« Reply #7 on: October 19, 2005, 03:09:49 AM »

Logfile of HijackThis v1.99.1
Scan saved at 8:07:32 PM, on 10/18/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\NavNT\defwatch.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\sstray.exe
C:\Program Files\ASUS\Probe\AsusProb.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\NavNT\vptray.exe
C:\WINDOWS\etb\pokapoka76.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\Program Files\Common Files\AOL\1124366379\ee\AOLHostManager.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Windows\services32.exe
C:\Program Files\Common Files\AOL\1124366379\ee\AOLServiceHost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HijackThis\HijackThis.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\WINDOWS\system32\wuauclt.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.eza1netsearch.com/sp2.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.eza1netsearch.com/sp2.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.eza1netsearch.com/sp2.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.eza1netsearch.com/sp2.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: Internet Explorer Web Content Catcher  - {FFF4E223-7019-4ce7-BE03-D7D3C8CCE884} - C:\Program Files\DNS\Catcher.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [Aol Instant Messenger Fix] aolfix.exe
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1124366379\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [Media Gateway] C:\Program Files\InetGet\Adperform180safull.exe
O4 - HKLM\..\Run: [System service75] C:\WINDOWS\etb\pokapoka75.exe
O4 - HKLM\..\Run: [System service76] C:\WINDOWS\etb\pokapoka76.exe
O4 - HKLM\..\RunServices: [Aol Instant Messenger Fix] aolfix.exe
O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI Multimedia\main\launchpd.exe"
O4 - HKCU\..\Run: [Steam] "c:\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [Aol Instant Messenger Fix] aolfix.exe
O4 - HKCU\..\Run: [services32] C:\Program Files\Common Files\Windows\mc-67-525-0000166.exe
O4 - HKCU\..\Run: [DNS] C:\Program Files\Common Files\mc-67-525-0000166.exe
O4 - HKCU\..\RunServices: [Aol Instant Messenger Fix] aolfix.exe
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{49DE14F7-E079-4F4B-9821-0900DEF89AAB}: NameServer = 192.168.0.1
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Windows lsass Service (lsass) - Unknown owner - C:\WINDOWS\lsass.exe (file missing)
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe

Logged

 
Pancake
Global Moderator
Hero Member
*****

Karma: +78/-0
Offline Offline

Gender: Male
Posts: 3915


Bookmark and Share

View Profile
« Reply #8 on: October 19, 2005, 03:46:50 AM »

Hi .Seems some failed to clean last time.This should be the last of them..


It may help you if you print out or copy this page for easy reference.. Make sure to work through the fixes in the exact order its listed. Please Keep your browser and all open programs closed (except firewalls and antivirus) when you are carrying out the fixes





SHOW HIDDEN FILES AND FOLDERS.
To show hidden files instructions (WinXP)
Doubleclick My Computer | Tools | Folder Options | View tab
Select Show Hidden Files and Folders
Uncheck Hide extensions for known file types
Uncheck Hide protected operating system files (Recommended)
Select Apply to All Folders | Yes | Apply | OK
------------------------------------------------------------------

Files highlighted in BLACK  will need to be removed from your hard drive.
 Folders that have been highlighted RED will need to be uninstalled.
  -----------------------------------------------------------------------
Uninstall the following programs (if they still exist) Go into HijackThis->Config->Misc.Tools->Open Uninstall manager

AWS

--------------------------------------------------------------------------

Go into HijackThis->Config->Misc. Tools->Open process manager. Select the following and click End Process for each one if they are still listed.

services32.exe
mc-67-525-0000166.exe
pokapoka76.exe
pokapoka75.exe

-----------------------------------------------------------------


Have "Hijack This" fix all the following items in the list below by placing a check in the appropriate boxes.Confirm that you have only the listed ones checked, then press <Fix checked> and Close HJT.

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.eza1netsearch.com/sp2.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.eza1netsearch.com/sp2.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.eza1netsearch.com/sp2.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.eza1netsearch.com/sp2.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
O4 - HKLM\..\Run: [Media Gateway] C:\Program Files\InetGet\Adperform180safull.exe
O4 - HKLM\..\Run: [System service75] C:\WINDOWS\etb\pokapoka75.exe
O4 - HKLM\..\Run: [System service76] C:\WINDOWS\etb\pokapoka76.exe
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [services32] C:\Program Files\Common Files\Windows\mc-67-525-0000166.exe
O4 - HKCU\..\Run: [DNS] C:\Program Files\Common Files\mc-67-525-0000166.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)



 ---------------------------------------------------------------------------
Open Windows Explorer and delete the following highlighted file/s (or delete the whole folder (Red) if no specific file is given)


C:\Program Files\Common Files\Windows\services32.exe
C:\Program Files\Common Files\Windows\mc-67-525-0000166.exe
 C:\WINDOWS\etb\pokapoka76.exe
 C:\WINDOWS\etb\pokapoka75.exe
C:\Program Files\InetGet\Adperform180safull.exe
C:\Program Files\InetGet
C:\PROGRAM FILES\AWS
C:\WINDOWS\etb
------------------------------------------------------------------------

 
Restart your computer and post a new HijackThis log

Logged

An Australian Member of

EDDY
SteveSharp
Newbie
*

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 9


Bookmark and Share

View Profile
« Reply #9 on: October 19, 2005, 04:38:11 AM »

I followed the instructions in order.
When I got to End Process for pokapoka76.exe, I ran into a problem.
I would kill the process and it would come right back, the process number on the far left side would change, but the process would not go away....

Therefore, I could not delete C:\Windows\etb\pokapoka76.exe or C:\Windows\etb

here is the HJT Log
Logfile of HijackThis v1.99.1
Scan saved at 9:31:57 PM, on 10/18/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\NavNT\vptray.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\etb\pokapoka76.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.esearch2005.com/sp2.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.esearch2005.com/sp2.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.esearch2005.com/sp2.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.esearch2005.com/sp2.php
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: Internet Explorer Web Content Catcher  - {FFF4E223-7019-4ce7-BE03-D7D3C8CCE884} - C:\Program Files\DNS\Catcher.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [Aol Instant Messenger Fix] aolfix.exe
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1124366379\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [System service76] C:\WINDOWS\etb\pokapoka76.exe
O4 - HKLM\..\RunServices: [Aol Instant Messenger Fix] aolfix.exe
O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI Multimedia\main\launchpd.exe"
O4 - HKCU\..\Run: [Steam] "c:\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [Aol Instant Messenger Fix] aolfix.exe
O4 - HKCU\..\RunServices: [Aol Instant Messenger Fix] aolfix.exe
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{49DE14F7-E079-4F4B-9821-0900DEF89AAB}: NameServer = 192.168.0.1
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Windows lsass Service (lsass) - Unknown owner - C:\WINDOWS\lsass.exe (file missing)
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe

Logged

 
Pancake
Global Moderator
Hero Member
*****

Karma: +78/-0
Offline Offline

Gender: Male
Posts: 3915


Bookmark and Share

View Profile
« Reply #10 on: October 19, 2005, 05:33:47 AM »

If we cant kill it one way we will kill it this way...

Download KillBox Paste the full file path in the box and click on "Delete on Reboot". Next click on the button with the red circle and an X in the middle. You will get a message saying "File with be deleted on next reboot, Process and Reboot now?" Click "Yes"and post a new log when you have rebooted.

C:\WINDOWS\etb\pokapoka76.exe

Also run HJT and fix this item.
O2 - BHO: Internet Explorer Web Content Catcher - {FFF4E223-7019-4ce7-BE03-D7D3C8CCE884} - C:\Program Files\DNS\Catcher.dll
Logged

An Australian Member of

EDDY
SteveSharp
Newbie
*

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 9


Bookmark and Share

View Profile
« Reply #11 on: October 19, 2005, 05:49:36 AM »

Here it is....

Logfile of HijackThis v1.99.1
Scan saved at 10:47:17 PM, on 10/18/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\NavNT\vptray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\Program Files\Common Files\AOL\1124366379\ee\AOLHostManager.exe
C:\Program Files\Common Files\AOL\1124366379\ee\AOLServiceHost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.esearch2005.com/sp2.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.esearch2005.com/sp2.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.esearch2005.com/sp2.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.esearch2005.com/sp2.php
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [Aol Instant Messenger Fix] aolfix.exe
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1124366379\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [System service76] C:\WINDOWS\etb\pokapoka76.exe
O4 - HKLM\..\RunServices: [Aol Instant Messenger Fix] aolfix.exe
O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI Multimedia\main\launchpd.exe"
O4 - HKCU\..\Run: [Steam] "c:\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [Aol Instant Messenger Fix] aolfix.exe
O4 - HKCU\..\RunServices: [Aol Instant Messenger Fix] aolfix.exe
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{49DE14F7-E079-4F4B-9821-0900DEF89AAB}: NameServer = 192.168.0.1
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Windows lsass Service (lsass) - Unknown owner - C:\WINDOWS\lsass.exe (file missing)
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe

Logged

 
Pancake
Global Moderator
Hero Member
*****

Karma: +78/-0
Offline Offline

Gender: Male
Posts: 3915


Bookmark and Share

View Profile
« Reply #12 on: October 19, 2005, 06:00:49 AM »

If this can be removed from the HJT log that should be it...

O4 - HKLM\..\Run: [System service76] C:\WINDOWS\etb\pokapoka76.exe

and also remove these...

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.esearch2005.com/sp2.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.esearch2005.com/sp2.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.esearch2005.com/sp2.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.esearch2005.com/sp2.php
« Last Edit: October 19, 2005, 06:02:22 AM by Pancake » Logged

An Australian Member of

EDDY
SteveSharp
Newbie
*

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 9


Bookmark and Share

View Profile
« Reply #13 on: October 19, 2005, 06:09:00 AM »

Yes, I removed it with HJT.
Thanks so much....
I will be sending a donation to this organization.

One more thing, is Norton inept, and should I be using someone else's Virus protection?

Here is the log....
Logfile of HijackThis v1.99.1
Scan saved at 11:04:48 PM, on 10/18/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\NavNT\vptray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\Program Files\Common Files\AOL\1124366379\ee\AOLHostManager.exe
C:\Program Files\Common Files\AOL\1124366379\ee\AOLServiceHost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.esearch2005.com/sp2.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.esearch2005.com/sp2.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.esearch2005.com/sp2.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.esearch2005.com/sp2.php
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [Aol Instant Messenger Fix] aolfix.exe
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1124366379\ee\AOLHostManager.exe
O4 - HKLM\..\RunServices: [Aol Instant Messenger Fix] aolfix.exe
O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI Multimedia\main\launchpd.exe"
O4 - HKCU\..\Run: [Steam] "c:\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [Aol Instant Messenger Fix] aolfix.exe
O4 - HKCU\..\RunServices: [Aol Instant Messenger Fix] aolfix.exe
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{49DE14F7-E079-4F4B-9821-0900DEF89AAB}: NameServer = 192.168.0.1
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Windows lsass Service (lsass) - Unknown owner - C:\WINDOWS\lsass.exe (file missing)
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe


Logged

 
Pancake
Global Moderator
Hero Member
*****

Karma: +78/-0
Offline Offline

Gender: Male
Posts: 3915


Bookmark and Share

View Profile
« Reply #14 on: October 19, 2005, 06:12:23 AM »

If the above fails to work( and knowing my luck today,it will Grin)

Please download miekiemoes' LQfix.exe and place it on your desktop.
Doubleclick LQfix.exe and click install.
Follow the prompts on the screen.
Your system will reboot afterwards.
Please be patient after reboot, because there is a script running in the background.
Logged

An Australian Member of

EDDY
Pages: [1] 2  All Go Up Print 
 
Jump to:  

Powered by MySQL Powered by PHP

Powered by SMF 1.1.21 | SMF © 2015, Simple Machines

Valid XHTML 1.0! Valid CSS!

Disclaimer
This site is NOT responsible for any damage that the information on this site may cause to your system. Everything you try, whether inspired by the response given from this site or not, is entirely at your own risk. All product names and company names used herein are for identification purpose only and may be trademarks or registered trademarks of their respective owners. We are in no way affiliated or representing any of the companies on this site unless specified.
Back to Top
Stop Spam Harvesters, Join Project Honey Pot Fight Back Against Spammers! Get Firefox! Get Thunderbird! View Sylvain Amyots profile on LinkedIn
Back to Top
Google visited last this page March 15, 2017, 06:22:44 AM