Your Java application is out of date and causes a slight security risk as a result.
Please follow these steps to remove older version Java components
1. Close any open programs you may have running, especially your web
browser.
2. Click Start-->Control Panel-->Add or Remove Programs.
For those just reading this thread: Depending on your OS, you may have to click Start-->Settings-->Control Panel-->Add or Remove Programs.
3. Click once on any item listing Java Runtime Environment in the name (to highlight it) then click the "Remove" or "Change/Remove" button.
Not every version of Java will begin with "Java" so be sure to read each entry in the list. Repeat step 3 as many times as necessary to remove all versions of Java.
**If you are asked to reboot at any point during the uninstallations, please do so. Then go back to Add/Remove and continue with the rest of the removals...when finished uninstalling all of them, reboot the computer.
4. Navigate to and delete:
C:\Program Files\ Java =this folderif found
5. Then go to
this page.
Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications"and click the "Download" button to the right.
6. Check the box that says: "Accept License Agreement"
the page will refresh and click on the link to download Windows Offline Installation with or without Multi-language. Save it to your desktop.
Then from your desktop double-click on jre-1_5_0_09-windowsi586-p.exe to install the newest version.
Run hijackthis again and check the following:
O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\Program Files\DAP\DAPBHO.dll
Close all windows except for hijackthis, then click
Fix Checked.
Reboot and post a new log. May I ask what part of the globe you are from?
Hi thanks for helping.I`m from Romania.
Done everything you said but in "add/remove programs" I could find only one "Java" entry.Maye it`s important, that`s why I mentioned it.Anyway the problems are still there but finally I could close quickly some of IE windows that are poping up when I press a link to a thread (for example) and I could see where are redirecting me.It`s a google search http://www.google.com/search?hl=en&q=julissa+thecenter+bet and from what I saw I think that there aren`t all the same.
Logfile of HijackThis v1.99.1
Scan saved at 11:35:11, on 07.11.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
* Click Start.
* Open My Computer.
* Select the Tools menu and click Folder Options.
* Select the View Tab.
* Under the Hidden files and folders heading select
Show hidden files and folders.
* Uncheck the Hide protected operating system files
(recommended) option.
* Click Yes to confirm.
* Click OK.
When the installation completes successfully, reboot the computer.
Download and scan with AVG Anti-Spyware v7.5 (
This is Ewido 4.0 renamed. If you already have Ewido installed, please update to this version which has a special "clean driver" for removing persistent malware)
After download, double click on the file to launch the install process.
Choose a language, click "OK" and then click "Next".
After setup completes, click "Finish" to start the program automatically or launch AVG Anti-Spyware by double-clicking its icon on your desktop or in the system tray.
The main "Status" menu will appear. Select "Change state" to inactivate 'Resident Shield' and 'Automatic Updates'.
Then right click on AVG Anti-Spyware in the system tray and uncheck "Start with Windows".
Go to Start > Run and type:
services.msc
Press "OK".
Click the "Extended tab" and scroll down the list to find AVG Anti-Spyware guard.
When you find the guard service, double-click on it.
In the Properties Window > General Tab that opens, click the "Stop" button.
From the drop-down menu next to "Startup Type", click on "Manual".
Now click "Apply", then "OK" and close the Services window.
Select the "Update" button and click "Start update". Wait until you see the "Update succesfull message. If you are having problems with the updater, manually update with the AVG Anti-Spyware Full database installer from here.
Once the updates are installed do the following:
Click on the "
Scanner" button and choose the "
Settings" tab.
Under "How to act?", click on "Recommended actions" and choose "Quarantine" to set default action for detected malware.
Under "How to Scan?" check all (default).
Under "Possibly unwanted software" check all (default).
Under "What to Scan?" make sure "Scan every file" is selected (default).
Under "Reports" select "Automatically generate report after every scan" and UNcheck "Only if threats were found".
Close the application and reboot the computer into
Safe mode. Once in safe mode continue with the instructions below:
Open the AVG Anti-Spyware application and click the "
Scan" tab.
Click "
Complete System Scan" to start.
Note: Close all open windows, programs, and DO NOT USE the computer while AVG Anti-Spyware is scanning. If Explorer or other programs are open during the scan that means certain files will also be in use. Some malware will insert itself and hide in areas that are "protected" by Windows when the files are being used. This can hamper AVG Anti-Spyware's ability to clean properly and may result in reinfection.
Note: If AVG Anti-Spyware "crashes" or "hangs" during the scan, try scanning again by doing this:
Scan one sector of the system at a time by using the "Custom Scan" feature. To do this select Scanner > Custom Scan and click on Add drive/directory/file. Browse to C:\Windows > System, add this folder to the list and click on "Start Scan". When the scan is complete, repeat the Custom Scan but this time, browse to and add the System32 folder. Then keep repeating this procedure until all your folders have been scanned. Make sure you include the Documents & Settings folder.
If this still does not help, then turn the ADS scanner off while making a Custom Scan. To do this select Scanner > Scan Settings and untick "Scan in NTFS Alternate Data Streams". Then repeat the steps above for performing a Custom Scan.
When the scan has finished you will be presented with a list of infected objects found. Click "
Apply all actions" to place the files in Quarantine.
IMPORTANT! Do not save the report before you have clicked the
Apply all actions button. If you do, the log that is created will indicate "
No action taken", making it more difficult to interpret the report. So be sure you save it only AFTER clicking the "Apply all actions" button?
Click on "
Save Report" to view all completed scans. Click on the most recent scan you just performed and select "
Save report as" - the default file name will be in date/time format as follows:
Report-Scan-20060620-142816.txt. Save to your desktop. A copy of each report will also be saved in C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Reports\
Exit AVG Anti-Spyware when done.
Please run HijackThis again and check the following:
O2 - BHO: (no name) - {73364D99-1240-4dff-B12A-67E448373148} - C:\WINDOWS\system32\ipv6mons.dll
Close all windows except for HijackThis then click
Fix Checked.
Locate and delete the following file indicated in
Bold text if still present on your system:
C:\WINDOWS\system32\
ipv6mons.dll
Reboot back to your normal user mode.
Please perform this online scan:
F-Secure Online Scanner Next Generation Beta 1. Click on the link "
F-Secure Online Scanner Next Generation Beta".
2. You may receive an alert on the address bar at this point to install the ActiveX control.
3. Click on that alert and then Click
Insall ActiveX component.
4. Read the license agreement and click "
Accept".
5.Click "
Custom Scan" and be sure the following are checked:
Scan whole System
Scan all files
Scan whole system for rootkits
Scan whole system for spyware
Scan inside archives
Use advanced heuristics
6. When the scan completes, click the "
I want to decide item by item" button.
7. For each item found, Select "
Disinfect" and click "
Next".
8. When done, click the "
Show Report" button, then copy and paste the entire report into your next reply along with the log from your AVG Anti-spyware scan and a fresh HijackThis log. Thanks!
Quote: Weird last line from the online scan, tried to refresh but still the same error.
...what error? Did the scan not complete for you? If you received an error, please post exactly what the error message said. The only thing that I coudn`t do as written was to stop AVG to start at statup.When rightclicking on tray that opion was unbolded, so I coudn`t click it.
Were you logged on as "Administrator"?
Logfile of HijackThis v1.99.1
Scan saved at 22:30:36, on 08.11.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Weird last line from the online scan, tried to refresh but still the same error.
The only thing that I coudn`t do as written was to stop AVG to start at statup.When rightclicking on tray that opion was unbolded, so I coudn`t click it.
Thanks
Result: 9 malware found
Java/Byteverify.J (virus)
C:\Documents and Settings\n\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-453fec19-643edbbe.zip\Dummy.class
Stealth_file (hidden item)
C:\WINDOWS\system32\dmiyw.exe (Submitted)
C:\WINDOWS\system32\dmxxq.exe
C:\WINDOWS\system32\cslza.exe (Submitted)
Tracking Cookie (spyware)
System (Disinfected)
System
System
System
System
Yes, I only have one account on PC.
"Resident shield" and "automatic updates" are also not available from tray.
Looks like the pop-ups are gone (even if I didn`t used so much IE till now `cose it took about 6 hours to do that online scan and I was affraid not to freeze), but my google searches are still redirected sometimes to "wordsea.com" , "weddingcamerasplace.com" and a few other weird sites.And only when using IE.
Message Edited by petrica moise on 11-08-2006 06:03 PM
Open your AVG Anti-Spyware application. Click the
Analysis icon from the menu at the top of the applciation. Click the
Autostart tab. Find AVG Antispyware in the list and click it to highlight it. Click the
Delete selected items button at the bottom of the application. Close AVG Anti-Spyware and reboot. See if AVG Anti-Spyware no longer runs in the system tray at startup.
Download and scan withCCleaner 1. Starting with v1.27.260,
CCleaner installs the Yahoo Toolbar as an option which IS checkmarked by default during the installation. IF you do NOT want it,
REMOVE the checkmark when provided with the option
ORdownload the toolbarfree Basic version instead of the Standard Build.
2. Before first use,
select Options > Advanced and UNCHECK "
Only delete files in Windows Temp folder older than 48 hours"
3. Then select the items you wish to clean up.
In the Windows Tab:
Clean all entries in the "Internet Explorer" section.
*Note* Checking "Cookies" will remove problem spyware cookies and help to speed up other spyware/adware/malware scans. This will mean however, the next time you click on a web page where you have signed in before, you will have to re-enter your user I.D. and password.
Clean all the entries in the "Windows Explorer" section. Clean all entries in the "System" section. Clean all entries in the "Advanced" section. Clean any others that you choose.
In the Applications Tab:
Clean all in the Firefox/Mozilla section if you use it. Clean all in the Opera section if you use it. Clean Sun Java in the Internet Section. Clean any others that you choose.
4. Click the "
Run Cleaner" button.
5. A pop up box will appear advising this process will permanently delete files from your system.
6. Click "
OK" and it will scan and clean your system.
7. Click "
exit" when done.
Update your on board Kasperski Antivirus application. Reboot the computer into
Safe mode. Once in safe mode, open Kaspersky antivirus and run a complete system scan. Allow the application to quarantine whatever it finds.
Next, please run hijackthis again and check the following:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://.rd.yahoo.com/customize/ycomp/defaults/sb/*http://.docs.yahoo.com/info/ie 6.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://.rd.yahoo.com/customize/ycomp/defaults/sp/*http://.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://.rd.yahoo.com/customize/ycomp/defaults/su/*http://.yahoo.com
Close all windows now except for the hijackthis application window. Click
Remove. Reboot back to your normal user mode.
Open I.E. and re-set your home page to Yahoo.com...try a search or two and see if you still get redirected.
Post back a new HijackThis log and advise how the computer is running now. Thanks!
1972vet
3.3K Posts
0
November 7th, 2006 00:00
Please follow these steps to remove older version Java components
1. Close any open programs you may have running, especially your web
browser.
2. Click Start-->Control Panel-->Add or Remove Programs.
For those just reading this thread:
Depending on your OS, you may have to click Start-->Settings-->Control Panel-->Add or Remove Programs.
3. Click once on any item listing Java Runtime Environment in the name (to highlight it) then click the "Remove" or "Change/Remove" button.
Not every version of Java will begin with "Java" so be sure to read each entry in the list.
Repeat step 3 as many times as necessary to remove all versions of Java.
**If you are asked to reboot at any point during the uninstallations, please do so. Then go back to Add/Remove and continue with the rest of the removals...when finished uninstalling all of them, reboot the computer.
4. Navigate to and delete:
- C:\Program Files\ Java =this folder if found
5. Then go to this page.Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications"and click the "Download" button to the right.
6. Check the box that says: "Accept License Agreement" the page will refresh and click on the link to download Windows Offline Installation with or without Multi-language. Save it to your desktop.
Then from your desktop double-click on jre-1_5_0_09-windowsi586-p.exe to install the newest version.
Run hijackthis again and check the following:
O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\Program Files\DAP\DAPBHO.dll
Close all windows except for hijackthis, then click Fix Checked.
Reboot and post a new log. May I ask what part of the globe you are from?
petrica moise
8 Posts
0
November 7th, 2006 07:00
Done everything you said but in "add/remove programs" I could find only one "Java" entry.Maye it`s important, that`s why I mentioned it.Anyway the problems are still there but finally I could close quickly some of IE windows that are poping up when I press a link to a thread (for example) and I could see where are redirecting me.It`s a google search http://www.google.com/search?hl=en&q=julissa+thecenter+bet and from what I saw I think that there aren`t all the same.
Logfile of HijackThis v1.99.1
Scan saved at 11:35:11, on 07.11.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\hijack\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://.rd.yahoo.com/customize/ycomp/defaults/sb/*http://.docs.yahoo.com/info/ie6.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://.rd.yahoo.com/customize/ycomp/defaults/sp/*http://.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://.rd.yahoo.com/customize/ycomp/defaults/su/*http://.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {73364D99-1240-4dff-B12A-67E448373148} - C:\WINDOWS\system32\ipv6mons.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\Program Files\DAP\DAPIEBar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: desktop(2).ini
O4 - Startup: rds.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: desktop(2).ini
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{8BAC2244-6446-47FC-BC05-C111CE9FAA21}: NameServer = 193.231.233.29 193.231.233.29
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
Message Edited by petrica moise on 11-07-2006 03:43 AM
1972vet
3.3K Posts
0
November 7th, 2006 11:00
First let's make sure you can view all files:
* Click Start.
* Open My Computer.
* Select the Tools menu and click Folder Options.
* Select the View Tab.
* Under the Hidden files and folders heading select
Show hidden files and folders.
* Uncheck the Hide protected operating system files
(recommended) option.
* Click Yes to confirm.
* Click OK.
Please select and install one of these free Firewall applications:
ZoneAlarm Free Version
Outpost Free
Kerio
When the installation completes successfully, reboot the computer.
Download and scan with AVG Anti-Spyware v7.5
( This is Ewido 4.0 renamed. If you already have Ewido installed, please update to this version which has a special "clean driver" for removing persistent malware)
- After download, double click on the file to launch the install process.
- Choose a language, click "OK" and then click "Next".
- Read the "License Agreement" and click "I Agree".
- Accept default installation path: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5, click "Next", then click "Install".
- After setup completes, click "Finish" to start the program automatically or launch AVG Anti-Spyware by double-clicking its icon on your desktop or in the system tray.
- The main "Status" menu will appear. Select "Change state" to inactivate 'Resident Shield' and 'Automatic Updates'.
- Then right click on AVG Anti-Spyware in the system tray and uncheck "Start with Windows".
Go to Start > Run and type: services.mscOnce the updates are installed do the following:
Click on the " Scanner" button and choose the " Settings" tab.
Close the application and reboot the computer into Safe mode. Once in safe mode continue with the instructions below:
Open the AVG Anti-Spyware application and click the " Scan" tab.
Click " Complete System Scan" to start.
Note: Close all open windows, programs, and DO NOT USE the computer while AVG Anti-Spyware is scanning. If Explorer or other programs are open during the scan that means certain files will also be in use. Some malware will insert itself and hide in areas that are "protected" by Windows when the files are being used. This can hamper AVG Anti-Spyware's ability to clean properly and may result in reinfection.
Note: If AVG Anti-Spyware "crashes" or "hangs" during the scan, try scanning again by doing this:
- Scan one sector of the system at a time by using the "Custom Scan" feature. To do this select Scanner > Custom Scan and click on Add drive/directory/file. Browse to C:\Windows > System, add this folder to the list and click on "Start Scan". When the scan is complete, repeat the Custom Scan but this time, browse to and add the System32 folder. Then keep repeating this procedure until all your folders have been scanned. Make sure you include the Documents & Settings folder.
- If this still does not help, then turn the ADS scanner off while making a Custom Scan. To do this select Scanner > Scan Settings and untick "Scan in NTFS Alternate Data Streams". Then repeat the steps above for performing a Custom Scan.
When the scan has finished you will be presented with a list of infected objects found. Click " Apply all actions" to place the files in Quarantine.IMPORTANT! Do not save the report before you have clicked the Apply all actions button. If you do, the log that is created will indicate " No action taken", making it more difficult to interpret the report. So be sure you save it only AFTER clicking the "Apply all actions" button?
Click on " Save Report" to view all completed scans. Click on the most recent scan you just performed and select " Save report as" - the default file name will be in date/time format as follows: Report-Scan-20060620-142816.txt. Save to your desktop. A copy of each report will also be saved in C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Reports\
Exit AVG Anti-Spyware when done.
Please run HijackThis again and check the following:
O2 - BHO: (no name) - {73364D99-1240-4dff-B12A-67E448373148} - C:\WINDOWS\system32\ipv6mons.dll
Close all windows except for HijackThis then click Fix Checked.
Locate and delete the following file indicated in Bold text if still present on your system:
C:\WINDOWS\system32\ ipv6mons.dll
Reboot back to your normal user mode.
Please perform this online scan: F-Secure Online Scanner Next Generation Beta
1. Click on the link " F-Secure Online Scanner Next Generation Beta".
2. You may receive an alert on the address bar at this point to install the ActiveX control.
3. Click on that alert and then Click Insall ActiveX component.
4. Read the license agreement and click " Accept".
5.Click " Custom Scan" and be sure the following are checked:
- Scan whole System
- Scan all files
- Scan whole system for rootkits
- Scan whole system for spyware
- Scan inside archives
- Use advanced heuristics
6. When the scan completes, click the " I want to decide item by item" button.7. For each item found, Select " Disinfect" and click " Next".
8. When done, click the " Show Report" button, then copy and paste the entire report into your next reply along with the log from your AVG Anti-spyware scan and a fresh HijackThis log. Thanks!
1972vet
3.3K Posts
0
November 8th, 2006 18:00
Weird last line from the online scan, tried to refresh but still the same error.
...what error? Did the scan not complete for you? If you received an error, please post exactly what the error message said.
The only thing that I coudn`t do as written was to stop AVG to start at statup.When rightclicking on tray that opion was unbolded, so I coudn`t click it.
Were you logged on as "Administrator"?
petrica moise
8 Posts
0
November 8th, 2006 18:00
Scan saved at 22:30:36, on 08.11.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\n\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fsgk32.exe
C:\DOCUME~1\n\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fssm32.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe
C:\Program Files\mIRC\mirc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\hijack\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://.rd.yahoo.com/customize/ycomp/defaults/sb/*http://.docs.yahoo.com/info/ie6.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://.rd.yahoo.com/customize/ycomp/defaults/sp/*http://.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://.rd.yahoo.com/customize/ycomp/defaults/su/*http://.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\Program Files\DAP\DAPIEBar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: desktop(2).ini
O4 - Startup: rds.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: desktop(2).ini
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols3/fscax.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8BAC2244-6446-47FC-BC05-C111CE9FAA21}: NameServer = 193.231.233.29 193.231.233.29
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
petrica moise
8 Posts
0
November 8th, 2006 18:00
The only thing that I coudn`t do as written was to stop AVG to start at statup.When rightclicking on tray that opion was unbolded, so I coudn`t click it.
Thanks
petrica moise
8 Posts
0
November 8th, 2006 18:00
C:\Documents and Settings\n\Cookies\n@cz4.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned.
:mozilla.88:C:\Documents and Settings\n\Application Data\Mozilla\Firefox\Profiles\bcaa6569.default\cookies-1.txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\n\Cookies\n@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.124:C:\Documents and Settings\n\Application Data\Mozilla\Firefox\Profiles\bcaa6569.default\cookies-1.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.125:C:\Documents and Settings\n\Application Data\Mozilla\Firefox\Profiles\bcaa6569.default\cookies-1.txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\n\Cookies\n@media.fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.426:C:\Documents and Settings\n\Application Data\Mozilla\Firefox\Profiles\bcaa6569.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.427:C:\Documents and Settings\n\Application Data\Mozilla\Firefox\Profiles\bcaa6569.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.429:C:\Documents and Settings\n\Application Data\Mozilla\Firefox\Profiles\bcaa6569.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.130:C:\Documents and Settings\n\Application Data\Mozilla\Firefox\Profiles\bcaa6569.default\cookies.txt -> TrackingCookie.Masterstats : Cleaned.
:mozilla.68:C:\Documents and Settings\n\Application Data\Mozilla\Firefox\Profiles\bcaa6569.default\cookies-1.txt -> TrackingCookie.Masterstats : Cleaned.
C:\Documents and Settings\n\Cookies\n@image.masterstats[1].txt -> TrackingCookie.Masterstats : Cleaned.
:mozilla.118:C:\Documents and Settings\n\Application Data\Mozilla\Firefox\Profiles\bcaa6569.default\cookies-1.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.281:C:\Documents and Settings\n\Application Data\Mozilla\Firefox\Profiles\bcaa6569.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.282:C:\Documents and Settings\n\Application Data\Mozilla\Firefox\Profiles\bcaa6569.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.354:C:\Documents and Settings\n\Application Data\Mozilla\Firefox\Profiles\bcaa6569.default\cookies.txt -> TrackingCookie.Paypopup : Cleaned.
:mozilla.355:C:\Documents and Settings\n\Application Data\Mozilla\Firefox\Profiles\bcaa6569.default\cookies.txt -> TrackingCookie.Paypopup : Cleaned.
:mozilla.356:C:\Documents and Settings\n\Application Data\Mozilla\Firefox\Profiles\bcaa6569.default\cookies.txt -> TrackingCookie.Paypopup : Cleaned.
C:\Documents and Settings\n\Cookies\n@serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.172:C:\Documents and Settings\n\Application Data\Mozilla\Firefox\Profiles\bcaa6569.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.173:C:\Documents and Settings\n\Application Data\Mozilla\Firefox\Profiles\bcaa6569.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.174:C:\Documents and Settings\n\Application Data\Mozilla\Firefox\Profiles\bcaa6569.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.175:C:\Documents and Settings\n\Application Data\Mozilla\Firefox\Profiles\bcaa6569.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.176:C:\Documents and Settings\n\Application Data\Mozilla\Firefox\Profiles\bcaa6569.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.177:C:\Documents and Settings\n\Application Data\Mozilla\Firefox\Profiles\bcaa6569.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.284:C:\Documents and Settings\n\Application Data\Mozilla\Firefox\Profiles\bcaa6569.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned.
:mozilla.285:C:\Documents and Settings\n\Application Data\Mozilla\Firefox\Profiles\bcaa6569.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned.
:mozilla.286:C:\Documents and Settings\n\Application Data\Mozilla\Firefox\Profiles\bcaa6569.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned.
:mozilla.257:C:\Documents and Settings\n\Application Data\Mozilla\Firefox\Profiles\bcaa6569.default\cookies.txt -> TrackingCookie.Sextracker : Cleaned.
:mozilla.258:C:\Documents and Settings\n\Application Data\Mozilla\Firefox\Profiles\bcaa6569.default\cookies.txt -> TrackingCookie.Sextracker : Cleaned.
:mozilla.259:C:\Documents and Settings\n\Application Data\Mozilla\Firefox\Profiles\bcaa6569.default\cookies.txt -> TrackingCookie.Sextracker : Cleaned.
:mozilla.260:C:\Documents and Settings\n\Application Data\Mozilla\Firefox\Profiles\bcaa6569.default\cookies.txt -> TrackingCookie.Sextracker : Cleaned.
:mozilla.100:C:\Documents and Settings\n\Application Data\Mozilla\Firefox\Profiles\bcaa6569.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.101:C:\Documents and Settings\n\Application Data\Mozilla\Firefox\Profiles\bcaa6569.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.102:C:\Documents and Settings\n\Application Data\Mozilla\Firefox\Profiles\bcaa6569.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.104:C:\Documents and Settings\n\Application Data\Mozilla\Firefox\Profiles\bcaa6569.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.41:C:\Documents and Settings\n\Application Data\Mozilla\Firefox\Profiles\bcaa6569.default\cookies-1.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.46:C:\Documents and Settings\n\Application Data\Mozilla\Firefox\Profiles\bcaa6569.default\cookies-1.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.78:C:\Documents and Settings\n\Application Data\Mozilla\Firefox\Profiles\bcaa6569.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.79:C:\Documents and Settings\n\Application Data\Mozilla\Firefox\Profiles\bcaa6569.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.80:C:\Documents and Settings\n\Application Data\Mozilla\Firefox\Profiles\bcaa6569.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.81:C:\Documents and Settings\n\Application Data\Mozilla\Firefox\Profiles\bcaa6569.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.82:C:\Documents and Settings\n\Application Data\Mozilla\Firefox\Profiles\bcaa6569.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.83:C:\Documents and Settings\n\Application Data\Mozilla\Firefox\Profiles\bcaa6569.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.84:C:\Documents and Settings\n\Application Data\Mozilla\Firefox\Profiles\bcaa6569.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.85:C:\Documents and Settings\n\Application Data\Mozilla\Firefox\Profiles\bcaa6569.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.86:C:\Documents and Settings\n\Application Data\Mozilla\Firefox\Profiles\bcaa6569.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.87:C:\Documents and Settings\n\Application Data\Mozilla\Firefox\Profiles\bcaa6569.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.88:C:\Documents and Settings\n\Application Data\Mozilla\Firefox\Profiles\bcaa6569.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.89:C:\Documents and Settings\n\Application Data\Mozilla\Firefox\Profiles\bcaa6569.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.90:C:\Documents and Settings\n\Application Data\Mozilla\Firefox\Profiles\bcaa6569.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.91:C:\Documents and Settings\n\Application Data\Mozilla\Firefox\Profiles\bcaa6569.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.92:C:\Documents and Settings\n\Application Data\Mozilla\Firefox\Profiles\bcaa6569.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.93:C:\Documents and Settings\n\Application Data\Mozilla\Firefox\Profiles\bcaa6569.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.94:C:\Documents and Settings\n\Application Data\Mozilla\Firefox\Profiles\bcaa6569.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.95:C:\Documents and Settings\n\Application Data\Mozilla\Firefox\Profiles\bcaa6569.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.96:C:\Documents and Settings\n\Application Data\Mozilla\Firefox\Profiles\bcaa6569.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.97:C:\Documents and Settings\n\Application Data\Mozilla\Firefox\Profiles\bcaa6569.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.98:C:\Documents and Settings\n\Application Data\Mozilla\Firefox\Profiles\bcaa6569.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.99:C:\Documents and Settings\n\Application Data\Mozilla\Firefox\Profiles\bcaa6569.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
C:\Documents and Settings\n\Cookies\n@statcounter[1].txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.119:C:\Documents and Settings\n\Application Data\Mozilla\Firefox\Profiles\bcaa6569.default\cookies-1.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.120:C:\Documents and Settings\n\Application Data\Mozilla\Firefox\Profiles\bcaa6569.default\cookies-1.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.121:C:\Documents and Settings\n\Application Data\Mozilla\Firefox\Profiles\bcaa6569.default\cookies-1.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.122:C:\Documents and Settings\n\Application Data\Mozilla\Firefox\Profiles\bcaa6569.default\cookies-1.txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\n\Cookies\n@anad.tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\n\Cookies\n@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.346:C:\Documents and Settings\n\Application Data\Mozilla\Firefox\Profiles\bcaa6569.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.347:C:\Documents and Settings\n\Application Data\Mozilla\Firefox\Profiles\bcaa6569.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.18:C:\Documents and Settings\n\Application Data\Mozilla\Firefox\Profiles\bcaa6569.default\cookies-1.txt -> TrackingCookie.Trafic : Cleaned.
:mozilla.217:C:\Documents and Settings\n\Application Data\Mozilla\Firefox\Profiles\bcaa6569.default\cookies.txt -> TrackingCookie.Trafic : Cleaned.
C:\Documents and Settings\n\Cookies\n@trafic[1].txt -> TrackingCookie.Trafic : Cleaned.
:mozilla.123:C:\Documents and Settings\n\Application Data\Mozilla\Firefox\Profiles\bcaa6569.default\cookies-1.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.397:C:\Documents and Settings\n\Application Data\Mozilla\Firefox\Profiles\bcaa6569.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\n\Cookies\n@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.66:C:\Documents and Settings\n\Application Data\Mozilla\Firefox\Profiles\bcaa6569.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.67:C:\Documents and Settings\n\Application Data\Mozilla\Firefox\Profiles\bcaa6569.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.68:C:\Documents and Settings\n\Application Data\Mozilla\Firefox\Profiles\bcaa6569.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.69:C:\Documents and Settings\n\Application Data\Mozilla\Firefox\Profiles\bcaa6569.default\cookies-1.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.69:C:\Documents and Settings\n\Application Data\Mozilla\Firefox\Profiles\bcaa6569.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.70:C:\Documents and Settings\n\Application Data\Mozilla\Firefox\Profiles\bcaa6569.default\cookies-1.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.70:C:\Documents and Settings\n\Application Data\Mozilla\Firefox\Profiles\bcaa6569.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.71:C:\Documents and Settings\n\Application Data\Mozilla\Firefox\Profiles\bcaa6569.default\cookies-1.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.71:C:\Documents and Settings\n\Application Data\Mozilla\Firefox\Profiles\bcaa6569.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.72:C:\Documents and Settings\n\Application Data\Mozilla\Firefox\Profiles\bcaa6569.default\cookies-1.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.72:C:\Documents and Settings\n\Application Data\Mozilla\Firefox\Profiles\bcaa6569.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\n\Cookies\n@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\WINDOWS\system32\dmkux.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\WINDOWS\system32\dmlhz.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\WINDOWS\system32\dmmby.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\WINDOWS\system32\dmpwv.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\WINDOWS\system32\dmqsh.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\WINDOWS\system32\dmrsu.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\WINDOWS\system32\dmsqe.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\WINDOWS\system32\dmtzd.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\WINDOWS\system32\dmusf.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\WINDOWS\system32\dmyfv.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\WINDOWS\system32\dmzqw.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
::Report end
-----------------------
petrica moise
8 Posts
0
November 8th, 2006 18:00
Wednesday, November 08, 2006 13:59:19 - 22:27:24
Computer name: NELU
Scanning type: Scan system for viruses, rootkits, spyware
Target: C:\ D:\
--------------------------------------------------------------------------------
Result: 9 malware found
Java/Byteverify.J (virus)
C:\Documents and Settings\n\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-453fec19-643edbbe.zip\Dummy.class
Stealth_file (hidden item)
C:\WINDOWS\system32\dmiyw.exe (Submitted)
C:\WINDOWS\system32\dmxxq.exe
C:\WINDOWS\system32\cslza.exe (Submitted)
Tracking Cookie (spyware)
System (Disinfected)
System
System
System
System
--------------------------------------------------------------------------------
Statistics
Scanned:
Files: 422134
System: 3746
Not scanned: 139
Actions:
Disinfected: 1
Renamed: 0
Deleted: 0
None: 8
Submitted: 2
Files not scanned:
x ³ €2 2.EX_
C:\DOCUMENTS AND SETTINGS\ALL USERS.LOG
C:\DOCUMENTS AND SETTINGS\DEFAULT USER.LOG
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\NTUSER.DAT
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\LOCAL SETTINGS\APPLICATION DATA\MICROSOFT\WINDOWS\USRCLASS.DAT
C:\DOCUMENTS AND SETTINGS\N\NTUSER.DAT
C:\Documents and Settings\n\Local Settings\Temporary Internet Files\Content.IE5\Y5O1690X\urchin[56].js\urchin[56]
C:\Documents and Settings\n\Local Settings\Temporary Internet Files\Content.IE5\W9INERGX\SpeedyGonzales_220x220_SPA[1].swf\SpeedyGonzales_220x220_SPA[1]
C:\Documents and Settings\n\Local Settings\Temporary Internet Files\Content.IE5\UHDYJITS\tgp[1]\tgp[1]
C:\Documents and Settings\n\Local Settings\Temporary Internet Files\Content.IE5\REWBVLKP\snooker_en[1].swf\snooker_en[1]
C:\Documents and Settings\n\Local Settings\Temporary Internet Files\Content.IE5\M9LU7ADO\SpeedyGonzales_pl[1].swf\SpeedyGonzales_pl[1]
C:\Documents and Settings\n\Local Settings\Temporary Internet Files\Content.IE5\EDL2VA9C\forumdisplay[1].php\forumdisplay[1]
C:\Documents and Settings\n\Local Settings\Temporary Internet Files\Content.IE5\0XORO7KZ\sportsbook[1].css\sportsbook[1]
C:\DOCUMENTS AND SETTINGS\N\LOCAL SETTINGS\TEMP\PERFLIB_PERFDATA_340.DAT
C:\DOCUMENTS AND SETTINGS\N\LOCAL SETTINGS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\BCAA6569.DEFAULT\CACHE\_CACHE_001_
C:\DOCUMENTS AND SETTINGS\N\LOCAL SETTINGS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\BCAA6569.DEFAULT\CACHE\_CACHE_002_
C:\DOCUMENTS AND SETTINGS\N\LOCAL SETTINGS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\BCAA6569.DEFAULT\CACHE\_CACHE_003_
C:\DOCUMENTS AND SETTINGS\N\LOCAL SETTINGS\APPLICATION DATA\MICROSOFT\WINDOWS\USRCLASS.DAT
C:\DOCUMENTS AND SETTINGS\N\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\BCAA6569.DEFAULT\PARENT.LOCK
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE.NT AUTHORITY\NTUSER.DAT
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE.NT AUTHORITY\LOCAL SETTINGS\APPLICATION DATA\MICROSOFT\WINDOWS\USRCLASS.DAT
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\AlexaRelated.zip\related.htm
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\LSA.zip\sbRecovery.reg
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\LSA1.zip\sbRecovery.reg
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\LSA2.zip\sbRecovery.reg
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\LSA3.zip\sbRecovery.reg
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\LSA4.zip\sbRecovery.reg
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\PSGuard.zip\sbRecovery.ini
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SpyFalcon.zip\SpyFalcon 2.0.lnk
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SpyFalcon1.zip\SpyFalcon 2.0.lnk
C:\Documents and SettingETTINÞ Œ &
------------------------------------------------
1972vet
3.3K Posts
0
November 8th, 2006 18:00
petrica moise
8 Posts
0
November 8th, 2006 18:00
AVG Anti-Spyware - Scan Report
---------------------------------------------------------
+ Created at: 13:43:54 08.11.2006
+ Scan result:
C:\Documents and Settings\n\Local Settings\Temporary Internet Files\Content.IE5\0JJJD5NK\SetupPoker[1].exe -> Adware.Casino : Cleaned with backup (quarantined).
C:\Documents and Settings\n\Local Settings\Temporary Internet Files\Content.IE5\IH03I5Y5\SetupCasino[1].exe -> Adware.Casino : Cleaned with backup (quarantined).
C:\Documents and Settings\n\Local Settings\Temporary Internet Files\Content.IE5\IH03I5Y5\commodore[1].exe -> Adware.Casino : Cleaned with backup (quarantined).
C:\Documents and Settings\n\Local Settings\Temporary Internet Files\Content.IE5\KJJZ2OH5\SetupPoker[1].exe -> Adware.Casino : Cleaned with backup (quarantined).
C:\Documents and Settings\n\Local Settings\Temporary Internet Files\Content.IE5\KRZFI4LL\SetupCasino[1].exe -> Adware.Casino : Cleaned with backup (quarantined).
[208] VM_00DB0000 -> Downloader.Agent.uj : Cleaned with backup (quarantined).
[232] VM_00C40000 -> Downloader.Agent.uj : Cleaned with backup (quarantined).
[736] VM_00A20000 -> Downloader.Agent.uj : Cleaned with backup (quarantined).
C:\Documents and Settings\n\Local Settings\Temporary Internet Files\Content.IE5\1KWZ59C1\BreakAwayCasino[1].exe -> Heuristic.Win32.Dialer : Cleaned with backup (quarantined).
C:\Documents and Settings\n\Local Settings\Temporary Internet Files\Content.IE5\IH03I5Y5\SailAwayCasino[1].exe -> Heuristic.Win32.Dialer : Cleaned with backup (quarantined).
C:\Documents and Settings\n\Local Settings\Temporary Internet Files\Content.IE5\IH03I5Y5\SmartDownload[1].exe -> Heuristic.Win32.Dialer : Cleaned with backup (quarantined).
C:\Documents and Settings\n\Local Settings\Temporary Internet Files\Content.IE5\KJJZ2OH5\SciFiCasino[1].exe -> Heuristic.Win32.Dialer : Cleaned with backup (quarantined).
C:\Documents and Settings\n\Local Settings\Temporary Internet Files\Content.IE5\KRZFI4LL\HamptonCasino[1].exe -> Heuristic.Win32.Dialer : Cleaned with backup (quarantined).
C:\Documents and Settings\n\Local Settings\Temporary Internet Files\Content.IE5\KRZFI4LL\PortofinoCasino[1].exe -> Heuristic.Win32.Dialer : Cleaned with backup (quarantined).
C:\Documents and Settings\n\Local Settings\Temporary Internet Files\Content.IE5\KRZFI4LL\SciFiCasino[1].exe -> Heuristic.Win32.Dialer : Cleaned with backup (quarantined).
C:\Documents and Settings\n\Local Settings\Temporary Internet Files\Content.IE5\ODYR85IR\smartdownload[1].exe -> Heuristic.Win32.Dialer : Cleaned with backup (quarantined).
C:\Documents and Settings\n\Local Settings\Temporary Internet Files\Content.IE5\OQBK523V\BreakAwayCasino[1].exe -> Heuristic.Win32.Dialer : Cleaned with backup (quarantined).
C:\Documents and Settings\n\Local Settings\Temporary Internet Files\Content.IE5\OQBK523V\BreakAwayCasino[2].exe -> Heuristic.Win32.Dialer : Cleaned with backup (quarantined).
C:\Documents and Settings\n\Local Settings\Temporary Internet Files\Content.IE5\OQBK523V\smartdownload[1].exe -> Heuristic.Win32.Dialer : Cleaned with backup (quarantined).
:mozilla.131:C:\Documents and Settings\n\Application Data\Mozilla\Firefox\Profiles\bcaa6569.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.133:C:\Documents and Settings\n\Application Data\Mozilla\Firefox\Profiles\bcaa6569.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.134:C:\Documents and Settings\n\Application Data\Mozilla\Firefox\Profiles\bcaa6569.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.135:C:\Documents and Settings\n\Application Data\Mozilla\Firefox\Profiles\bcaa6569.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.435:C:\Documents and Settings\n\Application Data\Mozilla\Firefox\Profiles\bcaa6569.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\n\Cookies\n@cbs.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.114:C:\Documents and Settings\n\Application Data\Mozilla\Firefox\Profiles\bcaa6569.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.115:C:\Documents and Settings\n\Application Data\Mozilla\Firefox\Profiles\bcaa6569.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.116:C:\Documents and Settings\n\Application Data\Mozilla\Firefox\Profiles\bcaa6569.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.117:C:\Documents and Settings\n\Application Data\Mozilla\Firefox\Profiles\bcaa6569.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.118:C:\Documents and Settings\n\Application Data\Mozilla\Firefox\Profiles\bcaa6569.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.132:C:\Documents and Settings\n\Application Data\Mozilla\Firefox\Profiles\bcaa6569.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.283:C:\Documents and Settings\n\Application Data\Mozilla\Firefox\Profiles\bcaa6569.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.38:C:\Documents and Settings\n\Application Data\Mozilla\Firefox\Profiles\bcaa6569.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.39:C:\Documents and Settings\n\Application Data\Mozilla\Firefox\Profiles\bcaa6569.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.40:C:\Documents and Settings\n\Application Data\Mozilla\Firefox\Profiles\bcaa6569.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.41:C:\Documents and Settings\n\Application Data\Mozilla\Firefox\Profiles\bcaa6569.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.42:C:\Documents and Settings\n\Application Data\Mozilla\Firefox\Profiles\bcaa6569.default\cookies-1.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.42:C:\Documents and Settings\n\Application Data\Mozilla\Firefox\Profiles\bcaa6569.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.43:C:\Documents and Settings\n\Application Data\Mozilla\Firefox\Profiles\bcaa6569.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.44:C:\Documents and Settings\n\Application Data\Mozilla\Firefox\Profiles\bcaa6569.default\cookies-1.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.44:C:\Documents and Settings\n\Application Data\Mozilla\Firefox\Profiles\bcaa6569.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.45:C:\Documents and Settings\n\Application Data\Mozilla\Firefox\Profiles\bcaa6569.default\cookies-1.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.45:C:\Documents and Settings\n\Application Data\Mozilla\Firefox\Profiles\bcaa6569.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.46:C:\Documents and Settings\n\Application Data\Mozilla\Firefox\Profiles\bcaa6569.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.47:C:\Documents and Settings\n\Application Data\Mozilla\Firefox\Profiles\bcaa6569.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.48:C:\Documents and Settings\n\Application Data\Mozilla\Firefox\Profiles\bcaa6569.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.49:C:\Documents and Settings\n\Application Data\Mozilla\Firefox\Profiles\bcaa6569.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.50:C:\Documents and Settings\n\Application Data\Mozilla\Firefox\Profiles\bcaa6569.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.51:C:\Documents and Settings\n\Application Data\Mozilla\Firefox\Profiles\bcaa6569.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.52:C:\Documents and Settings\n\Application Data\Mozilla\Firefox\Profiles\bcaa6569.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.53:C:\Documents and Settings\n\Application Data\Mozilla\Firefox\Profiles\bcaa6569.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.54:C:\Documents and Settings\n\Application Data\Mozilla\Firefox\Profiles\bcaa6569.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.55:C:\Documents and Settings\n\Application Data\Mozilla\Firefox\Profiles\bcaa6569.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.57:C:\Documents and Settings\n\Application Data\Mozilla\Firefox\Profiles\bcaa6569.default\cookies-1.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.57:C:\Documents and Settings\n\Application Data\Mozilla\Firefox\Profiles\bcaa6569.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.58:C:\Documents and Settings\n\Application Data\Mozilla\Firefox\Profiles\bcaa6569.default\cookies-1.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.58:C:\Documents and Settings\n\Application Data\Mozilla\Firefox\Profiles\bcaa6569.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.59:C:\Documents and Settings\n\Application Data\Mozilla\Firefox\Profiles\bcaa6569.default\cookies-1.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.59:C:\Documents and Settings\n\Application Data\Mozilla\Firefox\Profiles\bcaa6569.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.60:C:\Documents and Settings\n\Application Data\Mozilla\Firefox\Profiles\bcaa6569.default\cookies-1.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.60:C:\Documents and Settings\n\Application Data\Mozilla\Firefox\Profiles\bcaa6569.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.61:C:\Documents and Settings\n\Application Data\Mozilla\Firefox\Profiles\bcaa6569.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.62:C:\Documents and Settings\n\Application Data\Mozilla\Firefox\Profiles\bcaa6569.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.63:C:\Documents and Settings\n\Application Data\Mozilla\Firefox\Profiles\bcaa6569.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.64:C:\Documents and Settings\n\Application Data\Mozilla\Firefox\Profiles\bcaa6569.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.65:C:\Documents and Settings\n\Application Data\Mozilla\Firefox\Profiles\bcaa6569.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.73:C:\Documents and Settings\n\Application Data\Mozilla\Firefox\Profiles\bcaa6569.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.74:C:\Documents and Settings\n\Application Data\Mozilla\Firefox\Profiles\bcaa6569.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.75:C:\Documents and Settings\n\Application Data\Mozilla\Firefox\Profiles\bcaa6569.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.93:C:\Documents and Settings\n\Application Data\Mozilla\Firefox\Profiles\bcaa6569.default\cookies-1.txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\n\Cookies\n@adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.395:C:\Documents and Settings\n\Application Data\Mozilla\Firefox\Profiles\bcaa6569.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.396:C:\Documents and Settings\n\Application Data\Mozilla\Firefox\Profiles\bcaa6569.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\n\Cookies\n@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.126:C:\Documents and Settings\n\Application Data\Mozilla\Firefox\Profiles\bcaa6569.default\cookies-1.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.127:C:\Documents and Settings\n\Application Data\Mozilla\Firefox\Profiles\bcaa6569.default\cookies-1.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.128:C:\Documents and Settings\n\Application Data\Mozilla\Firefox\Profiles\bcaa6569.default\cookies-1.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.408:C:\Documents and Settings\n\Application Data\Mozilla\Firefox\Profiles\bcaa6569.default\cookies.txt -> TrackingCookie.Clickhype : Cleaned.
:mozilla.147:C:\Documents and Settings\n\Application Data\Mozilla\Firefox\Profiles\bcaa6569.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned.
:mozilla.148:C:\Documents and Settings\n\Application Data\Mozilla\Firefox\Profiles\bcaa6569.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned.
:mozilla.249:C:\Documents and Settings\n\Application Data\Mozilla\Firefox\Profiles\bcaa6569.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned.
:mozilla.250:C:\Documents and Settings\n\Application Data\Mozilla\Firefox\Profiles\bcaa6569.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned.
:mozilla.299:C:\Documents and Settings\n\Application Data\Mozilla\Firefox\Profiles\bcaa6569.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned.
:mozilla.300:C:\Documents and Settings\n\Application Data\Mozilla\Firefox\Profiles\bcaa6569.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned.
:mozilla.301:C:\Documents and Settings\n\Application Data\Mozilla\Firefox\Profiles\bcaa6569.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned.
:mozilla.302:C:\Documents and Settings\n\Application Data\Mozilla\Firefox\Profiles\bcaa6569.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned.
:mozilla.83:C:\Documents and Settings\n\Application Data\Mozilla\Firefox\Profiles\bcaa6569.default\cookies-1.txt -> TrackingCookie.Clickzs : Cleaned.
:mozilla.84:C:\Documents and Settings\n\Application Data\Mozilla\Firefox\Profiles\bcaa6569.default\cookies-1.txt -> TrackingCookie.Clickzs : Cleaned.
petrica moise
8 Posts
0
November 8th, 2006 21:00
"Resident shield" and "automatic updates" are also not available from tray.
Looks like the pop-ups are gone (even if I didn`t used so much IE till now `cose it took about 6 hours to do that online scan and I was affraid not to freeze), but my google searches are still redirected sometimes to "wordsea.com" , "weddingcamerasplace.com" and a few other weird sites.And only when using IE.
Message Edited by petrica moise on 11-08-2006 06:03 PM
1972vet
3.3K Posts
0
November 9th, 2006 14:00
Download and scan with CCleaner
1. Starting with v1.27.260, CCleaner installs the Yahoo Toolbar as an option which IS checkmarked by default during the installation. IF you do NOT want it, REMOVE the checkmark when provided with the option OR download the toolbarfree Basic version instead of the Standard Build.
2. Before first use, select Options > Advanced and UNCHECK " Only delete files in Windows Temp folder older than 48 hours"
3. Then select the items you wish to clean up.
In the Windows Tab:
Clean all entries in the "Internet Explorer" section. *Note*
Checking "Cookies" will remove problem spyware cookies and help to speed up other spyware/adware/malware scans.
This will mean however, the next time you click on a web page where you have signed in before, you will have to re-enter your user I.D. and password.
Clean all the entries in the "Windows Explorer" section.
Clean all entries in the "System" section.
Clean all entries in the "Advanced" section.
Clean any others that you choose.
In the Applications Tab:
Clean all in the Firefox/Mozilla section if you use it.
Clean all in the Opera section if you use it.
Clean Sun Java in the Internet Section.
Clean any others that you choose.
4. Click the " Run Cleaner" button.
5. A pop up box will appear advising this process will permanently delete files from your system.
6. Click " OK" and it will scan and clean your system.
7. Click " exit" when done.
Update your on board Kasperski Antivirus application. Reboot the computer into Safe mode. Once in safe mode, open Kaspersky antivirus and run a complete system scan. Allow the application to quarantine whatever it finds.
Next, please run hijackthis again and check the following:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://.rd.yahoo.com/customize/ycomp/defaults/sb/*http://.docs.yahoo.com/info/ie 6.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://.rd.yahoo.com/customize/ycomp/defaults/sp/*http://.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://.rd.yahoo.com/customize/ycomp/defaults/su/*http://.yahoo.com
Close all windows now except for the hijackthis application window. Click Remove. Reboot back to your normal user mode.
Open I.E. and re-set your home page to Yahoo.com...try a search or two and see if you still get redirected.
Post back a new HijackThis log and advise how the computer is running now. Thanks!