Skip to main content
Start a Conversation

Unsolved

This post is more than 5 years old

Electraa

20 Posts

2798

October 17th, 2006 22:00

Spyware/popup problem/ Files missing

Hi i posted yesterday a thread about my problem on the other page and told me to come here to see if anyone coould help me. Here is the message that i posted:

"I was surfing the web today and out of nowhere a page opened and something started either to scan doenload install whatever. The next thing i know there are bunch of icons on my desktop and this toolbar called Mirar and Search bar too. I cannot fin those files anywhere in my computer under those names and they are not in the Add/Remove page. I deleted a lot of stuff, in Add/Remove page, that installed into my computer out of nowhere. A bunch of things! Probably some that i should have deleted in the first place. Now that i deleted all this stuff the toolbar is still there and im getting like 10 popups a min or more. It seems that there is no way i can delete that toolbar with everything that got installed into my computer without my permission. Please help me because i definatley cannot hire some person to clean my computer, cuz my parents will kill me! (Im 16)
Help me please anyone that knows how to get rid of this stuff.
Oh and my antivirus program is AVG Free Edition."

On the other thread two people helped me out and told me that i should scan my comp with Hijack This, so i did. Now i see that somethings are missing on my computer (or so i think). Plus i can no longer open my internet explorer because everytime i do it closes! It has an error message or something like that.
Oh and i did delte my Related page (Mirar toolbar) but its still there!!! I deleted it throught Add/Remove. I also deleted a lot of other stuff which i think i shouldnt have and now i think my computer is going crazy!

Please someone help me!

Here is my log:



Logfile of HijackThis v1.99.1
Scan saved at 6:56:38 PM, on 10/17/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr_.exe
C:\Program Files\Common Files\AOL\1149892265\ee\AOLSoftware.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\next06.exe
C:\WINDOWS\cfg32.exe
C:\nwnmff_e31.exe
C:\dfndrff_e32.exe
C:\kybrdff_e32.exe
C:\WINDOWS\Duce6.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Documents and Settings\electraa\My Documents\?dobe\w?nspool.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\devldr32.exe
C:\WINDOWS\cfg32a.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\hijackthis\HijackThis.exe
C:\WINDOWS\system32\cidaemon.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.findthewebsiteyouneed.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - {A8BD6820-6ED7-423E-9558-2D1486B0FEEA} - (no file)
R3 - URLSearchHook: DeskbarBHO - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - C:\Program Files\Deskbar\deskbar.dll
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\fservice.exe
O3 - Toolbar: Pa&nicware Pop-Up Stopper Pro - {B1E741E7-1E77-40D4-9FD8-51949B9CCBD0} - C:\Program Files\Panicware\Pop-Up Stopper Pro\popuppro.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Search - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\WINDOWS\cfg32s.dll
O3 - Toolbar: Related Page - {9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\System32\WinNB58.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr_.exe
O4 - HKLM\..\Run: [b56f3f18.exe] C:\WINDOWS\System32\b56f3f18.exe
O4 - HKLM\..\Run: [nod32kui] C:\Program Files\Eset\nod32kui.exe /WAITSERVICE
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1149892265\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [eSnips] "C:\Program Files\eSnips\ClientGW.exe"
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s
O4 - HKLM\..\Run: [mmnext06] C:\WINDOWS\next06.exe
O4 - HKLM\..\Run: [Configuration Manager] C:\WINDOWS\cfg32.exe
O4 - HKLM\..\Run: [newname] C:\\nwnmff_e31.exe
O4 - HKLM\..\Run: [defender] C:\\dfndrff_e32.exe
O4 - HKLM\..\Run: [keyboard] C:\\kybrdff_e32.exe
O4 - HKLM\..\Run: [TheMonitor] C:\WINDOWS\Duce6.exe
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [Zinio DLM] C:\Program Files\Zinio\ZinioDeliveryManager.exe /autostart
O4 - HKCU\..\Run: [b56f3f18.exe] C:\Documents and Settings\electraa\Local Settings\Application Data\b56f3f18.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [Fdmlrmfc] C:\Documents and Settings\electraa\My Documents\?dobe\w?nspool.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZJxdm078YYUS
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\electraa\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O10 - Hijacked Internet access by New.Net
O10 - Broken Internet access because of LSP provider 'osmim.dll' missing
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/ZwinkyInitialSetup1.0.0.15.cab
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} (CInstall Class) - http://www.errorguard.com/installation/Install.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {78996C9C-F96B-5C77-6664-72C706B46112} - http://85.255.115.229/1/gdnUS1402.exe
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {87067F04-DE4C-4688-BC3C-4FCF39D609E7} - http://download.websearch.com/Dnl/T_50188/QDow_AS2.cab
O16 - DPF: {8C875948-9C60-4381-9248-0DF180542D53} - http://installs.spamblockerutility.com/installs/spamblockerutility/programs/spamblockerutility.cab
O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} - http://static.zangocash.com/cab/Zango/ie/bridge-c18.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {E4C29FDC-F547-4219-ACFD-571F2A7A564A} (WebCamTest Class) - http://awbeta.net-nucleus.com/CABUPDATES/winwcd.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9E45389C-CD7F-4F17-96A1-D4C697F32544}: NameServer = 68.237.161.12 71.250.0.12
O21 - SSODL: IEFilter - {F6BBD367-19AF-4305-A209-0C53E4B359E5} - C:\WINDOWS\system32\IEFilter.dll (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: NOD32 Kernel Service (NOD32krn) - Unknown owner - C:\Program Files\Eset\nod32krn.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Service - Unknown owner - C:\WINDOWS\System32\Service.exe
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\rvivxya.exe (file missing)


Thank you for reading this long post! Hopefully it's possible to fix this!

~Electraa

bamajim

10.4K Posts

October 29th, 2006 23:00

Electraa

That's o.k. about the delay, your log looks so much better and glad to hear things are well. Your log was so heavily infected we need to do one or 2 more things to make sure your PC is clean, and make sure it doesn't return. So please hang in there for another post or 2

Go here and Download AVG Anti-Spyware
 ( 30 day free trial version) Save it to Your Desktop
 
Double Click AVG Anti-Spyware-setup
(It will create its own folder)
Once the program starts You will be at the Status menu
  • Under "Your computers Security"
    Click change status on Resident shield to inactive
    Click Update now (next to last update)
    After the update loads
    Under Automatic updates Uncheck download and install updates automatically(recommended)
    (you can always select maual updates the next day)
At the top toolbar Click Scanner Then the settings tab
  • Under How to act? Set default action for detected malwareTo Quarantine
    Under how to scan All boxes should be checked
    Under Possibly unwanted software All boxes should be checked
    Under reports Select Automatically generate report after every scan
    Uncheck Only if threats were found
    Under what to scan Scan every file should be highlited
Exit AVG(But do not run it yet)
 
Reboot into Safe Mode
This can be done by
  • Restart your PC, and after it starts, but before you see the Windows Splash screen
    Begin tapping the F8 key twice a second untill you reach another menu screen (black background with white menu choices)
    Use your arrow keys and select Safe Mode and then Enter
Run AVG Anti-Spyware
  • Click scanner
    Select Complete system scan
Once the scan finishes
  • Select Apply all actions (The items found will be quarantined)
    Click save report as (Another window will open)
    Save it to your desktop
    (By default It will be saved in the AVG folder as)
    C:\Program Files\Grisoft\AVG anti-spyware 7.5\Reports
Exit AVG
 
Reboot your PC in Normal Mode->>Re run Hijackthis and post a fresh Hijackthis log.
  • Double click the report-scan txt. you saved to your desktop
    It will open in Notepad
    Copy and paste that report as a reply to this thread

Your reply should include
  • a fresh Hijackthis log
    your report_scan.txt log from AVG
    bamajim   Graduate of Malware Removal University


    Electraa

    20 Posts

    November 4th, 2006 22:00

    Hey sorry for the delay! I finally figured out the who windows thing :). Well here is the first part of my Report-Scan log :
     
    ---------------------------------------------------------
    AVG Anti-Spyware - Scan Report
    ---------------------------------------------------------
     + Created at: 10:04:06 PM 10/30/2006
     + Scan result: 
     
    C:\System Volume Information\_restore{818FF6FC-57E8-41F3-9F7C-B670A9C1FB49}\RP65\A0005396.exe -> Adware.AdURL : Cleaned with backup (quarantined).
    C:\Program Files\Altnet -> Adware.Altnet : Cleaned with backup (quarantined).
    C:\Program Files\Altnet\Download Manager -> Adware.Altnet : Cleaned with backup (quarantined).
    C:\Program Files\Altnet\Download Manager\asmps.dll -> Adware.Altnet : Cleaned with backup (quarantined).
    C:\Program Files\Altnet\My Altnet Shares -> Adware.Altnet : Cleaned with backup (quarantined).
    C:\Program Files\Altnet\My Altnet Shares\Bullguard Protection -> Adware.Altnet : Cleaned with backup (quarantined).
    C:\Program Files\Altnet\My Altnet Shares\Bullguard Protection\plugins.cab.cab -> Adware.Altnet : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Altnet -> Adware.Altnet : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Altnet\TopSearch -> Adware.Altnet : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\ADM25.ADM25 -> Adware.Altnet : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\ADM25.ADM25.1 -> Adware.Altnet : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\ADM25.ADM25\CurVer -> Adware.Altnet : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\ADM4.ADM4 -> Adware.Altnet : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\ADM4.ADM4.1 -> Adware.Altnet : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\ADM4.ADM4\CurVer -> Adware.Altnet : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\AppID\Altnet Signing Module.EXE -> Adware.Altnet : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\AppID\adm.EXE -> Adware.Altnet : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\TopSearch.TSLink -> Adware.Altnet : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\TopSearch.TSLink.1 -> Adware.Altnet : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\TopSearch.TSLink\CLSID -> Adware.Altnet : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\TopSearch.TSLink\CurVer -> Adware.Altnet : Cleaned with backup (quarantined).
    C:\Documents and Settings\All Users\Application Data\AutoSearch.dll -> Adware.AutoSearch : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{818FF6FC-57E8-41F3-9F7C-B670A9C1FB49}\RP65\A0005409.exe/AutoSearch.dll -> Adware.AutoSearch : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{818FF6FC-57E8-41F3-9F7C-B670A9C1FB49}\RP61\A0004146.exe -> Adware.Bagon : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\WinadX.Installer -> Adware.BlazeFind : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\WinadX.Installer\CLSID -> Adware.BlazeFind : Cleaned with backup (quarantined).
    C:\H\backups\backup-20061028-010744-218.dll -> Adware.BookedSpace : Cleaned with backup (quarantined).
    C:\H\backups\backup-20061028-010744-713.dll -> Adware.BookedSpace : Cleaned with backup (quarantined).
    C:\H\backups\backup-20061028-010744-995.dll -> Adware.BookedSpace : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{818FF6FC-57E8-41F3-9F7C-B670A9C1FB49}\RP61\A0004138.exe -> Adware.BookedSpace : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{818FF6FC-57E8-41F3-9F7C-B670A9C1FB49}\RP61\A0004139.exe -> Adware.BookedSpace : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{818FF6FC-57E8-41F3-9F7C-B670A9C1FB49}\RP62\A0005352.dll -> Adware.BookedSpace : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{818FF6FC-57E8-41F3-9F7C-B670A9C1FB49}\RP62\A0005353.dll -> Adware.BookedSpace : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{818FF6FC-57E8-41F3-9F7C-B670A9C1FB49}\RP62\A0005354.dll -> Adware.BookedSpace : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{818FF6FC-57E8-41F3-9F7C-B670A9C1FB49}\RP65\A0005394.exe -> Adware.BookedSpace : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{818FF6FC-57E8-41F3-9F7C-B670A9C1FB49}\RP65\A0005399.exe -> Adware.BookedSpace : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{818FF6FC-57E8-41F3-9F7C-B670A9C1FB49}\RP65\A0005400.dll -> Adware.BookedSpace : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\AppID\BookedSpace.DLL -> Adware.BookedSpace : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\BookedSpace.Extension -> Adware.BookedSpace : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\BookedSpace.Extension.5 -> Adware.BookedSpace : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\BookedSpace.Extension\CLSID -> Adware.BookedSpace : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\BookedSpace.Extension\CurVer -> Adware.BookedSpace : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{818FF6FC-57E8-41F3-9F7C-B670A9C1FB49}\RP65\A0005392.dll -> Adware.CASClient : Cleaned with backup (quarantined).
    HKU\S-1-5-21-606747145-1614895754-1801674531-1006\Software\Classes\AutoSearch.AutoSearchObj -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
    HKU\S-1-5-21-606747145-1614895754-1801674531-1006\Software\Classes\AutoSearch.AutoSearchObj.1 -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
    HKU\S-1-5-21-606747145-1614895754-1801674531-1006\Software\Classes\AutoSearch.AutoSearchObj\CLSID -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
    HKU\S-1-5-21-606747145-1614895754-1801674531-1006\Software\Classes\AutoSearch.AutoSearchObj\CurVer -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{818FF6FC-57E8-41F3-9F7C-B670A9C1FB49}\RP65\A0005387.dll -> Adware.EZula : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\ezPopStub.exe -> Adware.EZula : Cleaned with backup (quarantined).
    C:\WINDOWS\Downloaded Program Files\HbInstIE.dll -> Adware.HotBar : Cleaned with backup (quarantined).
    HKU\S-1-5-21-606747145-1614895754-1801674531-1006\Software\INSTAFIN -> Adware.InstaFinder : Cleaned with backup (quarantined).
    HKU\S-1-5-21-606747145-1614895754-1801674531-1006\Software\INSTAFIN\Reports -> Adware.InstaFinder : Cleaned with backup (quarantined).
    HKU\S-1-5-21-606747145-1614895754-1801674531-1006\Software\INSTAFIN\Reports\38416 -> Adware.InstaFinder : Cleaned with backup (quarantined).
    HKU\S-1-5-21-606747145-1614895754-1801674531-1006\Software\INSTAFIN\Reports\38416\Click -> Adware.InstaFinder : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\LinkMaker.LinkMakerFilter -> Adware.LinkMaker : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\LinkMaker.LinkMakerFilter.1 -> Adware.LinkMaker : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\LinkMaker.LinkMakerFilter\CLSID -> Adware.LinkMaker : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\LinkMaker.LinkTracker -> Adware.LinkMaker : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\LinkMaker.LinkTracker.1 -> Adware.LinkMaker : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\LinkMaker.LinkTracker\CLSID -> Adware.LinkMaker : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{818FF6FC-57E8-41F3-9F7C-B670A9C1FB49}\RP62\A0004217.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{818FF6FC-57E8-41F3-9F7C-B670A9C1FB49}\RP62\A0004218.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{818FF6FC-57E8-41F3-9F7C-B670A9C1FB49}\RP62\A0004219.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{818FF6FC-57E8-41F3-9F7C-B670A9C1FB49}\RP62\A0004220.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\ilmdat.exe -> Adware.MDH : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{818FF6FC-57E8-41F3-9F7C-B670A9C1FB49}\RP65\A0005403.exe -> Adware.MediaMotor : Cleaned with backup (quarantined).
    C:\WINDOWS\motorsix.ocx -> Adware.MediaMotor : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{818FF6FC-57E8-41F3-9F7C-B670A9C1FB49}\RP61\A0004148.dll -> Adware.Mirar : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\WinATS.dll -> Adware.Mirar : Cleaned with backup (quarantined).
    C:\WINDOWS\lbbho.dll -> Adware.Neon : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{818FF6FC-57E8-41F3-9F7C-B670A9C1FB49}\RP61\A0003951.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{818FF6FC-57E8-41F3-9F7C-B670A9C1FB49}\RP61\A0003952.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{818FF6FC-57E8-41F3-9F7C-B670A9C1FB49}\RP61\A0003968.dll -> Adware.NewDotNet : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{818FF6FC-57E8-41F3-9F7C-B670A9C1FB49}\RP65\A0005410.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{818FF6FC-57E8-41F3-9F7C-B670A9C1FB49}\RP65\A0005411.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\KBBar.KBBarBand -> Adware.PowerStrip : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\KBBar.KBBarBand.1 -> Adware.PowerStrip : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\KBBar.KBBarBand\CLSID -> Adware.PowerStrip : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\KBBar.KBBarBand\CurVer -> Adware.PowerStrip : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{818FF6FC-57E8-41F3-9F7C-B670A9C1FB49}\RP65\A0005384.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
    C:\WINDOWS\rk.exe -> Adware.Relevant : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{818FF6FC-57E8-41F3-9F7C-B670A9C1FB49}\RP65\A0005423.exe -> Adware.RK : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\CLSID\{59879FA4-4790-461c-A1CC-4EC4DE4CA483} -> Adware.RXToolbar : Cleaned with backup (quarantined).
    HKU\S-1-5-21-606747145-1614895754-1801674531-1006\Software\RX Toolbar -> Adware.RXToolbar : Cleaned with backup (quarantined).
    C:\WINDOWS\876056.exe -> Adware.SaveNow : Cleaned with backup (quarantined).
    C:\RECYCLER\S-1-5-21-606747145-1614895754-1801674531-1007\Dc1\VSToolBar.dll -> Adware.Searchcolours : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Xhrmy -> Adware.SecondThought : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{818FF6FC-57E8-41F3-9F7C-B670A9C1FB49}\RP61\A0004142.exe -> Adware.Softomate : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{818FF6FC-57E8-41F3-9F7C-B670A9C1FB49}\RP61\A0004150.dll -> Adware.Softomate : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\PreUninstall.exe -> Adware.Suggestor : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\lmf32v.dll -> Adware.Suggestor : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{818FF6FC-57E8-41F3-9F7C-B670A9C1FB49}\RP65\A0005407.exe -> Adware.SurfSide : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{818FF6FC-57E8-41F3-9F7C-B670A9C1FB49}\RP61\A0004055.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
    C:\VundoFix Backups\khfgede.dll.bad -> Adware.Virtumonde : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{818FF6FC-57E8-41F3-9F7C-B670A9C1FB49}\RP65\A0005405.dll -> Adware.WebHancer : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{818FF6FC-57E8-41F3-9F7C-B670A9C1FB49}\RP65\A0005406.exe -> Adware.WebHancer : Cleaned with backup (quarantined).
    C:\WINDOWS\whAgent.inf -> Adware.Webhancer : Cleaned with backup (quarantined).
    C:\WINDOWS\whInstaller.ini -> Adware.Webhancer : Cleaned with backup (quarantined).
    HKLM\SYSTEM\CurrentControlSet\Services\vspf -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
    HKLM\SYSTEM\CurrentControlSet\Services\vspf\Security -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
    HKLM\SYSTEM\CurrentControlSet\Services\vspf_hk -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
    HKLM\SYSTEM\CurrentControlSet\Services\vspf_hk\Security -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
    HKU\S-1-5-21-606747145-1614895754-1801674531-1006\Software\WinAntiVirus Pro 2006 -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
    HKU\S-1-5-21-606747145-1614895754-1801674531-1006\Software\WinAntiVirus Pro 2006\Settings -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\CLSID\{00000000-15D9-4736-AB29-131578A45F2B} -> Adware.Wordsonweb : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{818FF6FC-57E8-41F3-9F7C-B670A9C1FB49}\RP65\A0005395.exe -> Adware.Zestyfind : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{818FF6FC-57E8-41F3-9F7C-B670A9C1FB49}\RP62\A0004309.exe -> Downloader.Adload. : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{818FF6FC-57E8-41F3-9F7C-B670A9C1FB49}\RP62\A0005351.exe -> Downloader.Adload.gw : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\actskn45.ocx -> Downloader.IstBar : Cleaned with backup (quarantined).
    C:\WINDOWS\Downloaded Program Files\CONFLICT.34\gdnUS1402.exe -> Downloader.Obfuscated.j : Cleaned with backup (quarantined).
    C:\WINDOWS\Downloaded Program Files\CONFLICT.35\gdnUS1402.exe -> Downloader.Obfuscated.j : Cleaned with backup (quarantined).
    C:\WINDOWS\Downloaded Program Files\CONFLICT.36\gdnUS1402.exe -> Downloader.Obfuscated.j : Cleaned with backup (quarantined).
    C:\WINDOWS\Downloaded Program Files\CONFLICT.37\gdnUS1402.exe -> Downloader.Obfuscated.j : Cleaned with backup (quarantined).
    C:\WINDOWS\Downloaded Program Files\CONFLICT.38\gdnUS1402.exe -> Downloader.Obfuscated.j : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{818FF6FC-57E8-41F3-9F7C-B670A9C1FB49}\RP61\A0004137.exe -> Downloader.PurityScan.dc : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{818FF6FC-57E8-41F3-9F7C-B670A9C1FB49}\RP62\A0005363.exe -> Downloader.VB.anl : Cleaned with backup (quarantined).
    C:\Documents and Settings\electraa\Local Settings\Temporary Internet Files\Content.IE5\1V9R167T\popup[2].php -> Hijacker.Agent.a : Cleaned with backup (quarantined).
    C:\Documents and Settings\electraa\Local Settings\Temporary Internet Files\Content.IE5\CRZ3EK99\popup[2].php -> Hijacker.Agent.a : Cleaned with backup (quarantined).
    C:\Documents and Settings\electraa\Local Settings\Temporary Internet Files\Content.IE5\CRZ3EK99\popup[3].php -> Hijacker.Agent.a : Cleaned with backup (quarantined).
    C:\Documents and Settings\electraa\Local Settings\Temporary Internet Files\Content.IE5\FLFNMO9S\popup[2].php -> Hijacker.Agent.a : Cleaned with backup (quarantined).
    C:\Documents and Settings\electraa\Local Settings\Temporary Internet Files\Content.IE5\FLFNMO9S\popup[3].php -> Hijacker.Agent.a : Cleaned with backup (quarantined).
    C:\Documents and Settings\electraa\Local Settings\Temporary Internet Files\Content.IE5\FLFNMO9S\popup[4].php -> Hijacker.Agent.a : Cleaned with backup (quarantined).
    C:\Documents and Settings\electraa\Local Settings\Temporary Internet Files\Content.IE5\L28E7L9W\popup[2].php -> Hijacker.Agent.a : Cleaned with backup (quarantined).
    C:\Documents and Settings\electraa\Local Settings\Temporary Internet Files\Content.IE5\L28E7L9W\popup[3].php -> Hijacker.Agent.a : Cleaned with backup (quarantined).

    Electraa

    20 Posts

    November 4th, 2006 22:00

    HKLM\SOFTWARE\Classes\PK.IE -> Logger.PerfectKeylogger : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\PK.IE.1 -> Logger.PerfectKeylogger : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\PK.IE\CLSID -> Logger.PerfectKeylogger : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\PK.IE\CurVer -> Logger.PerfectKeylogger : Cleaned with backup (quarantined).
    C:\WINDOWS\Downloaded Program Files\popcaploader.dll -> Not-A-Virus.Downloader.Win32.PopCap.b : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{818FF6FC-57E8-41F3-9F7C-B670A9C1FB49}\RP65\A0005415.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
    :mozilla.147:C:\Documents and Settings\electraa\Application Data\Mozilla\Firefox\Profiles\xg766dlj.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.161:C:\Documents and Settings\electraa\Application Data\Mozilla\Firefox\Profiles\xg766dlj.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.162:C:\Documents and Settings\electraa\Application Data\Mozilla\Firefox\Profiles\xg766dlj.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.163:C:\Documents and Settings\electraa\Application Data\Mozilla\Firefox\Profiles\xg766dlj.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.164:C:\Documents and Settings\electraa\Application Data\Mozilla\Firefox\Profiles\xg766dlj.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.165:C:\Documents and Settings\electraa\Application Data\Mozilla\Firefox\Profiles\xg766dlj.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.166:C:\Documents and Settings\electraa\Application Data\Mozilla\Firefox\Profiles\xg766dlj.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.167:C:\Documents and Settings\electraa\Application Data\Mozilla\Firefox\Profiles\xg766dlj.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.286:C:\Documents and Settings\electraa\Application Data\Mozilla\Firefox\Profiles\xg766dlj.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.357:C:\Documents and Settings\electraa\Application Data\Mozilla\Firefox\Profiles\xg766dlj.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    C:\Documents and Settings\electraa\Cookies\electraa@2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
    C:\Documents and Settings\electraa\Cookies\electraa@cbs.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
    C:\Documents and Settings\electraa\Cookies\electraa@entrepreneur.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
    C:\Documents and Settings\electraa\Cookies\electraa@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.358:C:\Documents and Settings\electraa\Application Data\Mozilla\Firefox\Profiles\xg766dlj.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
    :mozilla.359:C:\Documents and Settings\electraa\Application Data\Mozilla\Firefox\Profiles\xg766dlj.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
    :mozilla.464:C:\Documents and Settings\electraa\Application Data\Mozilla\Firefox\Profiles\xg766dlj.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
    :mozilla.111:C:\Documents and Settings\electraa\Application Data\Mozilla\Firefox\Profiles\xg766dlj.default\cookies.txt -> TrackingCookie.Addynamix : Cleaned.
    C:\Documents and Settings\electraa\Cookies\electraa@ads.addynamix[1].txt -> TrackingCookie.Addynamix : Cleaned.
    :mozilla.218:C:\Documents and Settings\electraa\Application Data\Mozilla\Firefox\Profiles\xg766dlj.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
    :mozilla.219:C:\Documents and Settings\electraa\Application Data\Mozilla\Firefox\Profiles\xg766dlj.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
    :mozilla.220:C:\Documents and Settings\electraa\Application Data\Mozilla\Firefox\Profiles\xg766dlj.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
    C:\Documents and Settings\electraa\Cookies\electraa@rotator.adjuggler[1].txt -> TrackingCookie.Adjuggler : Cleaned.
    C:\Documents and Settings\electraa\Cookies\electraa@thunderbolt.adjuggler[1].txt -> TrackingCookie.Adjuggler : Cleaned.
    C:\Documents and Settings\electraa\Cookies\electraa@admarketplace[1].txt -> TrackingCookie.Admarketplace : Cleaned.
    :mozilla.53:C:\Documents and Settings\electraa\Application Data\Mozilla\Firefox\Profiles\xg766dlj.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
    :mozilla.54:C:\Documents and Settings\electraa\Application Data\Mozilla\Firefox\Profiles\xg766dlj.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
    :mozilla.55:C:\Documents and Settings\electraa\Application Data\Mozilla\Firefox\Profiles\xg766dlj.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
    :mozilla.56:C:\Documents and Settings\electraa\Application Data\Mozilla\Firefox\Profiles\xg766dlj.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
    :mozilla.57:C:\Documents and Settings\electraa\Application Data\Mozilla\Firefox\Profiles\xg766dlj.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
    :mozilla.58:C:\Documents and Settings\electraa\Application Data\Mozilla\Firefox\Profiles\xg766dlj.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
    C:\Documents and Settings\electraa\Cookies\electraa@adrevolver[3].txt -> TrackingCookie.Adrevolver : Cleaned.
    C:\Documents and Settings\electraa\Cookies\electraa@z1.adserver[1].txt -> TrackingCookie.Adserver : Cleaned.
    :mozilla.75:C:\Documents and Settings\electraa\Application Data\Mozilla\Firefox\Profiles\xg766dlj.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
    :mozilla.76:C:\Documents and Settings\electraa\Application Data\Mozilla\Firefox\Profiles\xg766dlj.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
    :mozilla.77:C:\Documents and Settings\electraa\Application Data\Mozilla\Firefox\Profiles\xg766dlj.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
    :mozilla.78:C:\Documents and Settings\electraa\Application Data\Mozilla\Firefox\Profiles\xg766dlj.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
    :mozilla.79:C:\Documents and Settings\electraa\Application Data\Mozilla\Firefox\Profiles\xg766dlj.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
    :mozilla.80:C:\Documents and Settings\electraa\Application Data\Mozilla\Firefox\Profiles\xg766dlj.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
    C:\Documents and Settings\electraa\Cookies\electraa@advertising[2].txt -> TrackingCookie.Advertising : Cleaned.
    :mozilla.30:C:\Documents and Settings\electraa\Application Data\Mozilla\Firefox\Profiles\xg766dlj.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
    C:\Documents and Settings\electraa\Cookies\electraa@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
    :mozilla.110:C:\Documents and Settings\electraa\Application Data\Mozilla\Firefox\Profiles\xg766dlj.default\cookies.txt -> TrackingCookie.Bfast : Cleaned.
    C:\Documents and Settings\electraa\Cookies\electraa@bfast[2].txt -> TrackingCookie.Bfast : Cleaned.
    :mozilla.392:C:\Documents and Settings\electraa\Application Data\Mozilla\Firefox\Profiles\xg766dlj.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned.
    C:\Documents and Settings\electraa\Cookies\electraa@bluestreak[1].txt -> TrackingCookie.Bluestreak : Cleaned.
    :mozilla.531:C:\Documents and Settings\electraa\Application Data\Mozilla\Firefox\Profiles\xg766dlj.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned.
    :mozilla.532:C:\Documents and Settings\electraa\Application Data\Mozilla\Firefox\Profiles\xg766dlj.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned.
    :mozilla.533:C:\Documents and Settings\electraa\Application Data\Mozilla\Firefox\Profiles\xg766dlj.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned.
    :mozilla.534:C:\Documents and Settings\electraa\Application Data\Mozilla\Firefox\Profiles\xg766dlj.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned.
    C:\Documents and Settings\electraa\Cookies\electraa@citi.bridgetrack[2].txt -> TrackingCookie.Bridgetrack : Cleaned.
    :mozilla.527:C:\Documents and Settings\electraa\Application Data\Mozilla\Firefox\Profiles\xg766dlj.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned.
    C:\Documents and Settings\electraa\Cookies\electraa@www.burstbeacon[1].txt -> TrackingCookie.Burstbeacon : Cleaned.
    :mozilla.345:C:\Documents and Settings\electraa\Application Data\Mozilla\Firefox\Profiles\xg766dlj.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
    :mozilla.346:C:\Documents and Settings\electraa\Application Data\Mozilla\Firefox\Profiles\xg766dlj.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
    :mozilla.347:C:\Documents and Settings\electraa\Application Data\Mozilla\Firefox\Profiles\xg766dlj.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
    C:\Documents and Settings\electraa\Cookies\electraa@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned.
    C:\Documents and Settings\electraa\Cookies\electraa@www.burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned.
    :mozilla.124:C:\Documents and Settings\electraa\Application Data\Mozilla\Firefox\Profiles\xg766dlj.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
    :mozilla.125:C:\Documents and Settings\electraa\Application Data\Mozilla\Firefox\Profiles\xg766dlj.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
    :mozilla.126:C:\Documents and Settings\electraa\Application Data\Mozilla\Firefox\Profiles\xg766dlj.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
    :mozilla.127:C:\Documents and Settings\electraa\Application Data\Mozilla\Firefox\Profiles\xg766dlj.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
    :mozilla.128:C:\Documents and Settings\electraa\Application Data\Mozilla\Firefox\Profiles\xg766dlj.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
    :mozilla.129:C:\Documents and Settings\electraa\Application Data\Mozilla\Firefox\Profiles\xg766dlj.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
    C:\Documents and Settings\electraa\Cookies\electraa@casalemedia[2].txt -> TrackingCookie.Casalemedia : Cleaned.
    :mozilla.120:C:\Documents and Settings\electraa\Application Data\Mozilla\Firefox\Profiles\xg766dlj.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned.
    :mozilla.121:C:\Documents and Settings\electraa\Application Data\Mozilla\Firefox\Profiles\xg766dlj.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned.
    :mozilla.348:C:\Documents and Settings\electraa\Application Data\Mozilla\Firefox\Profiles\xg766dlj.default\cookies.txt -> TrackingCookie.Com : Cleaned.
    C:\Documents and Settings\electraa\Cookies\electraa@com[1].txt -> TrackingCookie.Com : Cleaned.
    C:\Documents and Settings\electraa\Cookies\electraa@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned.
    :mozilla.257:C:\Documents and Settings\electraa\Application Data\Mozilla\Firefox\Profiles\xg766dlj.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
    :mozilla.26:C:\Documents and Settings\electraa\Application Data\Mozilla\Firefox\Profiles\xg766dlj.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
    C:\Documents and Settings\electraa\Cookies\electraa@doubleclick[2].txt -> TrackingCookie.Doubleclick : Cleaned.
    C:\Documents and Settings\electraa\Cookies\electraa@adservices6.enhance[1].txt -> TrackingCookie.Enhance : Cleaned.
    C:\Documents and Settings\electraa\Cookies\electraa@c.enhance[2].txt -> TrackingCookie.Enhance : Cleaned.
    :mozilla.90:C:\Documents and Settings\electraa\Application Data\Mozilla\Firefox\Profiles\xg766dlj.default\cookies.txt -> TrackingCookie.Estat : Cleaned.
    C:\Documents and Settings\electraa\Cookies\electraa@as-us.falkag[2].txt -> TrackingCookie.Falkag : Cleaned.
    :mozilla.37:C:\Documents and Settings\electraa\Application Data\Mozilla\Firefox\Profiles\xg766dlj.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
    :mozilla.38:C:\Documents and Settings\electraa\Application Data\Mozilla\Firefox\Profiles\xg766dlj.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
    :mozilla.39:C:\Documents and Settings\electraa\Application Data\Mozilla\Firefox\Profiles\xg766dlj.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
    C:\Documents and Settings\electraa\Cookies\electraa@fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned.
    C:\Documents and Settings\electraa\Cookies\electraa@findwhat[1].txt -> TrackingCookie.Findwhat : Cleaned.
    C:\Documents and Settings\electraa\Cookies\electraa@banner.goldenpalace[2].txt -> TrackingCookie.Goldenpalace : Cleaned.
    C:\Documents and Settings\electraa\Cookies\electraa@goldenpalace[1].txt -> TrackingCookie.Goldenpalace : Cleaned.
    :mozilla.239:C:\Documents and Settings\electraa\Application Data\Mozilla\Firefox\Profiles\xg766dlj.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
    :mozilla.412:C:\Documents and Settings\electraa\Application Data\Mozilla\Firefox\Profiles\xg766dlj.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
    :mozilla.428:C:\Documents and Settings\electraa\Application Data\Mozilla\Firefox\Profiles\xg766dlj.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
    :mozilla.234:C:\Documents and Settings\electraa\Application Data\Mozilla\Firefox\Profiles\xg766dlj.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
    :mozilla.235:C:\Documents and Settings\electraa\Application Data\Mozilla\Firefox\Profiles\xg766dlj.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
    :mozilla.236:C:\Documents and Settings\electraa\Application Data\Mozilla\Firefox\Profiles\xg766dlj.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
    :mozilla.316:C:\Documents and Settings\electraa\Application Data\Mozilla\Firefox\Profiles\xg766dlj.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
    :mozilla.317:C:\Documents and Settings\electraa\Application Data\Mozilla\Firefox\Profiles\xg766dlj.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
    :mozilla.380:C:\Documents and Settings\electraa\Application Data\Mozilla\Firefox\Profiles\xg766dlj.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
    :mozilla.381:C:\Documents and Settings\electraa\Application Data\Mozilla\Firefox\Profiles\xg766dlj.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
    :mozilla.388:C:\Documents and Settings\electraa\Application Data\Mozilla\Firefox\Profiles\xg766dlj.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
    :mozilla.389:C:\Documents and Settings\electraa\Application Data\Mozilla\Firefox\Profiles\xg766dlj.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
    :mozilla.390:C:\Documents and Settings\electraa\Application Data\Mozilla\Firefox\Profiles\xg766dlj.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
    :mozilla.462:C:\Documents and Settings\electraa\Application Data\Mozilla\Firefox\Profiles\xg766dlj.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
    :mozilla.465:C:\Documents and Settings\electraa\Application Data\Mozilla\Firefox\Profiles\xg766dlj.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
    C:\Documents and Settings\electraa\Cookies\electraa@ehg-dig.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
    C:\Documents and Settings\electraa\Cookies\electraa@ehg-hollywood.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
    C:\Documents and Settings\electraa\Cookies\electraa@ehg-knightridder.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
    C:\Documents and Settings\electraa\Cookies\electraa@ehg-lowermybills.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
    C:\Documents and Settings\electraa\Cookies\electraa@ehg-optionsxpress.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
    C:\Documents and Settings\electraa\Cookies\electraa@hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.

    Electraa

    20 Posts

    November 4th, 2006 22:00

    Logfile of HijackThis v1.99.1
    Scan saved at 7:16:55 PM, on 11/4/2006
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\WINDOWS\system32\cisvc.exe
    C:\WINDOWS\System32\CTsvcCDA.EXE
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr_.exe
    C:\Program Files\Common Files\AOL\1149892265\ee\AOLSoftware.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
    C:\WINDOWS\System32\devldr32.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\Program Files\Windows Media Player\wmplayer.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\H\H.exe
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://msn.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O3 - Toolbar: Pa&nicware Pop-Up Stopper Pro - {B1E741E7-1E77-40D4-9FD8-51949B9CCBD0} - C:\Program Files\Panicware\Pop-Up Stopper Pro\popuppro.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
    O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr_.exe
    O4 - HKLM\..\Run: [nod32kui] C:\Program Files\Eset\nod32kui.exe /WAITSERVICE
    O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1149892265\ee\AOLSoftware.exe
    O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
    O4 - HKCU\..\Run: [Zinio DLM] C:\Program Files\Zinio\ZinioDeliveryManager.exe /autostart
    O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
    O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\electraa\Start Menu\Programs\>IMVU\Run IMVU.lnk (file missing)
    O10 - Broken Internet access because of LSP provider 'osmim.dll' missing
    O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
    O16 - DPF: {8C875948-9C60-4381-9248-0DF180542D53} - http://installs.spamblockerutility.com/installs/spamblockerutility/programs/spamblockerutility.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
    O16 - DPF: {E4C29FDC-F547-4219-ACFD-571F2A7A564A} (WebCamTest Class) - http://awbeta.net-nucleus.com/CABUPDATES/winwcd.cab
    O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{9E45389C-CD7F-4F17-96A1-D4C697F32544}: NameServer = 68.237.161.12 71.250.0.12
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Unknown owner - C:\Program Files\Eset\nod32krn.exe (file missing)
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
     

    Electraa

    20 Posts

    November 4th, 2006 22:00

    Third part :
     
    :mozilla.431:C:\Documents and Settings\electraa\Application Data\Mozilla\Firefox\Profiles\xg766dlj.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned.
    C:\Documents and Settings\electraa\Cookies\electraa@server.iad.liveperson[2].txt -> TrackingCookie.Liveperson : Cleaned.
    C:\Documents and Settings\electraa\Cookies\electraa@server.lon.liveperson[2].txt -> TrackingCookie.Liveperson : Cleaned.
    :mozilla.119:C:\Documents and Settings\electraa\Application Data\Mozilla\Firefox\Profiles\xg766dlj.default\cookies.txt -> TrackingCookie.Masterstats : Cleaned.
    :mozilla.25:C:\Documents and Settings\electraa\Application Data\Mozilla\Firefox\Profiles\xg766dlj.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
    C:\Documents and Settings\electraa\Cookies\electraa@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
    C:\Documents and Settings\electraa\Cookies\electraa@www.myaffiliateprogram[1].txt -> TrackingCookie.Myaffiliateprogram : Cleaned.
    :mozilla.427:C:\Documents and Settings\electraa\Application Data\Mozilla\Firefox\Profiles\xg766dlj.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
    :mozilla.73:C:\Documents and Settings\electraa\Application Data\Mozilla\Firefox\Profiles\xg766dlj.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
    C:\Documents and Settings\electraa\Cookies\electraa@data2.perf.overture[2].txt -> TrackingCookie.Overture : Cleaned.
    C:\Documents and Settings\electraa\Cookies\electraa@overture[1].txt -> TrackingCookie.Overture : Cleaned.
    C:\Documents and Settings\electraa\Cookies\electraa@perf.overture[1].txt -> TrackingCookie.Overture : Cleaned.
    :mozilla.31:C:\Documents and Settings\electraa\Application Data\Mozilla\Firefox\Profiles\xg766dlj.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
    :mozilla.32:C:\Documents and Settings\electraa\Application Data\Mozilla\Firefox\Profiles\xg766dlj.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
    :mozilla.33:C:\Documents and Settings\electraa\Application Data\Mozilla\Firefox\Profiles\xg766dlj.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
    :mozilla.34:C:\Documents and Settings\electraa\Application Data\Mozilla\Firefox\Profiles\xg766dlj.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
    C:\Documents and Settings\electraa\Cookies\electraa@ads.pointroll[1].txt -> TrackingCookie.Pointroll : Cleaned.
    C:\Documents and Settings\electraa\Cookies\electraa@qksrv[1].txt -> TrackingCookie.Qksrv : Cleaned.
    :mozilla.22:C:\Documents and Settings\electraa\Application Data\Mozilla\Firefox\Profiles\xg766dlj.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
    :mozilla.23:C:\Documents and Settings\electraa\Application Data\Mozilla\Firefox\Profiles\xg766dlj.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
    :mozilla.24:C:\Documents and Settings\electraa\Application Data\Mozilla\Firefox\Profiles\xg766dlj.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
    C:\Documents and Settings\electraa\Cookies\electraa@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned.
    C:\Documents and Settings\electraa\Cookies\electraa@project2.realtracker[1].txt -> TrackingCookie.Realtracker : Cleaned.
    C:\Documents and Settings\electraa\Cookies\electraa@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : Cleaned.
    C:\Documents and Settings\electraa\Cookies\electraa@revenue[1].txt -> TrackingCookie.Revenue : Cleaned.
    :mozilla.408:C:\Documents and Settings\electraa\Application Data\Mozilla\Firefox\Profiles\xg766dlj.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
    :mozilla.409:C:\Documents and Settings\electraa\Application Data\Mozilla\Firefox\Profiles\xg766dlj.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
    :mozilla.410:C:\Documents and Settings\electraa\Application Data\Mozilla\Firefox\Profiles\xg766dlj.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
    :mozilla.411:C:\Documents and Settings\electraa\Application Data\Mozilla\Firefox\Profiles\xg766dlj.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
    C:\Documents and Settings\electraa\Cookies\electraa@edge.ru4[2].txt -> TrackingCookie.Ru4 : Cleaned.
    :mozilla.61:C:\Documents and Settings\electraa\Application Data\Mozilla\Firefox\Profiles\xg766dlj.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
    :mozilla.62:C:\Documents and Settings\electraa\Application Data\Mozilla\Firefox\Profiles\xg766dlj.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
    :mozilla.63:C:\Documents and Settings\electraa\Application Data\Mozilla\Firefox\Profiles\xg766dlj.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
    :mozilla.64:C:\Documents and Settings\electraa\Application Data\Mozilla\Firefox\Profiles\xg766dlj.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
    :mozilla.65:C:\Documents and Settings\electraa\Application Data\Mozilla\Firefox\Profiles\xg766dlj.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
    :mozilla.66:C:\Documents and Settings\electraa\Application Data\Mozilla\Firefox\Profiles\xg766dlj.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
    C:\Documents and Settings\electraa\Cookies\electraa@.serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned.
    C:\Documents and Settings\electraa\Cookies\electraa@serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned.
    :mozilla.322:C:\Documents and Settings\electraa\Application Data\Mozilla\Firefox\Profiles\xg766dlj.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
    :mozilla.323:C:\Documents and Settings\electraa\Application Data\Mozilla\Firefox\Profiles\xg766dlj.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
    :mozilla.324:C:\Documents and Settings\electraa\Application Data\Mozilla\Firefox\Profiles\xg766dlj.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
    :mozilla.325:C:\Documents and Settings\electraa\Application Data\Mozilla\Firefox\Profiles\xg766dlj.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
    :mozilla.326:C:\Documents and Settings\electraa\Application Data\Mozilla\Firefox\Profiles\xg766dlj.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
    C:\Documents and Settings\electraa\Cookies\electraa@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : Cleaned.
    :mozilla.68:C:\Documents and Settings\electraa\Application Data\Mozilla\Firefox\Profiles\xg766dlj.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.69:C:\Documents and Settings\electraa\Application Data\Mozilla\Firefox\Profiles\xg766dlj.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.70:C:\Documents and Settings\electraa\Application Data\Mozilla\Firefox\Profiles\xg766dlj.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.71:C:\Documents and Settings\electraa\Application Data\Mozilla\Firefox\Profiles\xg766dlj.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.72:C:\Documents and Settings\electraa\Application Data\Mozilla\Firefox\Profiles\xg766dlj.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
    C:\Documents and Settings\electraa\Cookies\electraa@statcounter[2].txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.203:C:\Documents and Settings\electraa\Application Data\Mozilla\Firefox\Profiles\xg766dlj.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
    :mozilla.204:C:\Documents and Settings\electraa\Application Data\Mozilla\Firefox\Profiles\xg766dlj.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
    :mozilla.206:C:\Documents and Settings\electraa\Application Data\Mozilla\Firefox\Profiles\xg766dlj.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
    :mozilla.519:C:\Documents and Settings\electraa\Application Data\Mozilla\Firefox\Profiles\xg766dlj.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
    C:\Documents and Settings\electraa\Cookies\electraa@anad.tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
    C:\Documents and Settings\electraa\Cookies\electraa@anat.tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
    C:\Documents and Settings\electraa\Cookies\electraa@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned.
    C:\Documents and Settings\electraa\Cookies\electraa@targetnet[1].txt -> TrackingCookie.Targetnet : Cleaned.
    :mozilla.304:C:\Documents and Settings\electraa\Application Data\Mozilla\Firefox\Profiles\xg766dlj.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
    :mozilla.307:C:\Documents and Settings\electraa\Application Data\Mozilla\Firefox\Profiles\xg766dlj.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
    :mozilla.308:C:\Documents and Settings\electraa\Application Data\Mozilla\Firefox\Profiles\xg766dlj.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
    :mozilla.309:C:\Documents and Settings\electraa\Application Data\Mozilla\Firefox\Profiles\xg766dlj.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
    :mozilla.310:C:\Documents and Settings\electraa\Application Data\Mozilla\Firefox\Profiles\xg766dlj.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
    :mozilla.311:C:\Documents and Settings\electraa\Application Data\Mozilla\Firefox\Profiles\xg766dlj.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
    :mozilla.312:C:\Documents and Settings\electraa\Application Data\Mozilla\Firefox\Profiles\xg766dlj.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
    :mozilla.313:C:\Documents and Settings\electraa\Application Data\Mozilla\Firefox\Profiles\xg766dlj.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
    C:\Documents and Settings\electraa\Cookies\electraa@trafficmp[2].txt -> TrackingCookie.Trafficmp : Cleaned.
    :mozilla.50:C:\Documents and Settings\electraa\Application Data\Mozilla\Firefox\Profiles\xg766dlj.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
    :mozilla.51:C:\Documents and Settings\electraa\Application Data\Mozilla\Firefox\Profiles\xg766dlj.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
    :mozilla.52:C:\Documents and Settings\electraa\Application Data\Mozilla\Firefox\Profiles\xg766dlj.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
    C:\Documents and Settings\electraa\Cookies\electraa@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned.
    C:\Documents and Settings\electraa\Cookies\electraa@pmads.valuead[2].txt -> TrackingCookie.Valuead : Cleaned.
    C:\Documents and Settings\electraa\Cookies\electraa@reduxads.valuead[1].txt -> TrackingCookie.Valuead : Cleaned.
    :mozilla.91:C:\Documents and Settings\electraa\Application Data\Mozilla\Firefox\Profiles\xg766dlj.default\cookies.txt -> TrackingCookie.Weborama : Cleaned.
    C:\Documents and Settings\electraa\Cookies\electraa@statse.webtrendslive[1].txt -> TrackingCookie.Webtrendslive : Cleaned.
    :mozilla.95:C:\Documents and Settings\electraa\Application Data\Mozilla\Firefox\Profiles\xg766dlj.default\cookies.txt -> TrackingCookie.Yadro : Cleaned.
    :mozilla.372:C:\Documents and Settings\electraa\Application Data\Mozilla\Firefox\Profiles\xg766dlj.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
    :mozilla.373:C:\Documents and Settings\electraa\Application Data\Mozilla\Firefox\Profiles\xg766dlj.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
    C:\Documents and Settings\electraa\Cookies\electraa@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned.
    :mozilla.331:C:\Documents and Settings\electraa\Application Data\Mozilla\Firefox\Profiles\xg766dlj.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
    :mozilla.332:C:\Documents and Settings\electraa\Application Data\Mozilla\Firefox\Profiles\xg766dlj.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
    :mozilla.333:C:\Documents and Settings\electraa\Application Data\Mozilla\Firefox\Profiles\xg766dlj.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
    C:\Documents and Settings\electraa\Cookies\electraa@zedo[1].txt -> TrackingCookie.Zedo : Cleaned.
    C:\System Volume Information\_restore{818FF6FC-57E8-41F3-9F7C-B670A9C1FB49}\RP62\A0004308.exe -> Trojan.Pakes : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{818FF6FC-57E8-41F3-9F7C-B670A9C1FB49}\RP65\A0005389.exe -> Trojan.Zapchast.ca : Cleaned with backup (quarantined).

    ::Report end
     

    bamajim

    10.4K Posts

    November 5th, 2006 23:00

     
    Thought you had given up on me.  How's your PC running now?
     
    bamajim   Graduate of Malware Removal University

    Electraa

    20 Posts

    November 6th, 2006 23:00

    Its working great! Internet Explorer is no longer getting any pop-ups and seems to run fast! I really appreciate your help! I wouldn't have done it myself, thats for sure! :]
     
    Thank you very very much! :smileywink:
     
    PS. Can I delete the logs and programs I installed during the cleaning or should I just let them be? 
    Pss. Oh and sorry for always posting late. It's in my nature to do that. I'm late for everything all the time :]
     

    Message Edited by Electraa on 11-06-2006 07:45 PM

    bamajim

    10.4K Posts

    November 7th, 2006 00:00

    Electraa

    Yes you may remove/uninstall the tools we used to clean your PC

    Your Log is Clean from malware :smileyhappy:
    I appreciate your patience in working through this.

    One last thing: You are currently running Windows XP with SP1 (service pack 1) Which leaves your PC vunerible to reinfection
    The latest version is SP2 (service pack 2) which includee many security upgrade features. It is a Must Have. It is a rather large download, about 2 hrs. on DSL. But it is very important that you download and install this update. I have provided a link below to get it. Just follow the prompts. If you have any problems Downloading and installing it, please reply.

    LINK for SP2

    Now that your log is clean

    There are some final notes:
    Disable and Enable System Restore
    • Lets create a clean System Restore point
      the instructions are here
    Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
    Please follow these steps to remove older version Java components and update.

    Updating Java:
    • Download the latest version of
      Java Runtime Environment (JRE) 5.0 Update 9.
      Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
      Click the " Download" button to the right.
      Check the box that says: " Accept License Agreement".
      The page will refresh.
      Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
      Close any programs you may have running - especially your web browser.
      Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
      Check any item with Java Runtime Environment (JRE or J2SE) in the name.
      Click the Remove or Change/Remove button.
      Repeat as many times as necessary to remove each Java versions.
      Reboot your computer once all Java components are removed.
      Then from your desktop double-click on jre-1_5_0_09-windowsi586-p.exe to install the newest version.
    Make your Internet Explorer more secure
    This can be done by following these simple instructions:
    • Open Internet Explorer click Tools->> Options.
      Click Security tab
      Click once on the Internet icon so it becomes highlighted.
      Click Custom Level.
      Change the Download signed ActiveX controls to Prompt
      Change the Download unsigned ActiveX controls to Disable
      Change the Initialise and script ActiveX controls not marked as safe to Disable
      Change the Installation of desktop items to Prompt
      Change the Launching programs and files in an IFRAME to Prompt
      Change the Navigate sub-frames across different domains to Prompt
      When all these settings have been made, click OK.
      If it prompts you to save the settings, press Yes.
      Next press Apply and then OK to exit the Internet Properties page
    Update your Anti Virus Software

    Use and maintain a Firewall such as ZoneAlarm
    • The Windows Firewall is good at blocking incoming threats, but not outgoing threats such as "Backdoor Trojans"
      Some others are
      Sygate
      And
      Sunbelt personal
      All of which are free
    Install IE SPAD for protection against innocent looking websites that are not innocent

    Visit Microsoft's Windows Update Site Frequently for critical updates

    Backup your Important Documents and Files on a regular basis
    • To a disc or a USB key, not your Hardrive
    You may want to read this article" So how did I get infected in the first place" by Tony Klein
    surf safe

    bamajim   Graduate of Malware Removal University




    Was this post helpful?

    View All

    No Events found!

    Top