1
   

[RESOLVED] Yuckware Removal

Forums: Computers
Email this Topic Print this Page
 
 
woody45
 
Reply Sun 31 Jul, 2005 02:24 pm
Hello. I had an infestation of yuckware on my machine. I had ABI popups (extremely irritating - whoever is behind them should be in jail) and a trojan autodialer. I followed timber landko's removal tips and it seemed to have cured the problems. Thank you Timber! He suggested that I post the Ewido and HijackThis logs on my own thread - Here goes:

Ewido report #1

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 7:54:00 PM, 7/30/2005
+ Report-Checksum: 288F9E30

+ Scan result:

:mozilla.65:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\trg23s76.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.66:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\trg23s76.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.67:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\trg23s76.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.68:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\trg23s76.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.70:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\trg23s76.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.71:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\trg23s76.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.77:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\trg23s76.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.120:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\trg23s76.default\cookies.txt -> Spyware.Cookie.Coremetrics : Cleaned with backup
:mozilla.137:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\trg23s76.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.138:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\trg23s76.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.139:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\trg23s76.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.140:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\trg23s76.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.141:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\trg23s76.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.142:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\trg23s76.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.150:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\trg23s76.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.152:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\trg23s76.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.153:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\trg23s76.default\cookies.txt -> Spyware.Cookie.Realtracker : Cleaned with backup
:mozilla.158:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\trg23s76.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.159:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\trg23s76.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.179:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\trg23s76.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.180:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\trg23s76.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.181:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\trg23s76.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.182:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\trg23s76.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.185:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\trg23s76.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.186:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\trg23s76.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.192:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\trg23s76.default\cookies.txt -> Spyware.Cookie.Specificpop : Cleaned with backup
:mozilla.193:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\trg23s76.default\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.207:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\trg23s76.default\cookies.txt -> Spyware.Cookie.Coremetrics : Cleaned with backup
:mozilla.228:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\trg23s76.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.242:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\trg23s76.default\cookies.txt -> Spyware.Cookie.Qksrv : Cleaned with backup
:mozilla.243:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\trg23s76.default\cookies.txt -> Spyware.Cookie.Qksrv : Cleaned with backup
:mozilla.244:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\trg23s76.default\cookies.txt -> Spyware.Cookie.Qksrv : Cleaned with backup
:mozilla.256:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\trg23s76.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.263:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\trg23s76.default\cookies.txt -> Spyware.Cookie.Findwhat : Cleaned with backup
:mozilla.270:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\trg23s76.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.286:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\trg23s76.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.287:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\trg23s76.default\cookies.txt -> Spyware.Cookie.Pro-market : Cleaned with backup
:mozilla.288:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\trg23s76.default\cookies.txt -> Spyware.Cookie.Pro-market : Cleaned with backup
:mozilla.311:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\trg23s76.default\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.341:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\trg23s76.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.342:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\trg23s76.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.370:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\trg23s76.default\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
:mozilla.371:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\trg23s76.default\cookies.txt -> Spyware.Cookie.Revenue : Cleaned with backup
:mozilla.375:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\trg23s76.default\cookies.txt -> Spyware.Cookie.Euniverseads : Cleaned with backup
:mozilla.382:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\trg23s76.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.384:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\trg23s76.default\cookies.txt -> Spyware.Cookie.Hitslink : Cleaned with backup
:mozilla.388:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\trg23s76.default\cookies.txt -> Spyware.Cookie.Hitslink : Cleaned with backup
:mozilla.391:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\trg23s76.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.392:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\trg23s76.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.395:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\trg23s76.default\cookies.txt -> Spyware.Cookie.Addynamix : Cleaned with backup
:mozilla.400:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\trg23s76.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.402:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\trg23s76.default\cookies.txt -> Spyware.Cookie.Coremetrics : Cleaned with backup
:mozilla.403:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\trg23s76.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.404:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\trg23s76.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.405:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\trg23s76.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.407:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\trg23s76.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.408:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\trg23s76.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.414:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\trg23s76.default\cookies.txt -> Spyware.Cookie.Specificpop : Cleaned with backup
:mozilla.417:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\trg23s76.default\cookies.txt -> Spyware.Cookie.Specificpop : Cleaned with backup
:mozilla.420:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\trg23s76.default\cookies.txt -> Spyware.Cookie.Hitslink : Cleaned with backup
:mozilla.422:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\trg23s76.default\cookies.txt -> Spyware.Cookie.Hitslink : Cleaned with backup
:mozilla.434:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\trg23s76.default\cookies.txt -> Spyware.Cookie.Commission-junction : Cleaned with backup
:mozilla.435:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\trg23s76.default\cookies.txt -> Spyware.Cookie.Commission-junction : Cleaned with backup
:mozilla.436:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\trg23s76.default\cookies.txt -> Spyware.Cookie.Commission-junction : Cleaned with backup
:mozilla.437:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\trg23s76.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.438:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\trg23s76.default\cookies.txt -> Spyware.Cookie.Bfast : Cleaned with backup
:mozilla.441:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\trg23s76.default\cookies.txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
:mozilla.444:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\trg23s76.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.445:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\trg23s76.default\cookies.txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
:mozilla.448:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\trg23s76.default\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.449:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\trg23s76.default\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.452:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\trg23s76.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.458:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\trg23s76.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.469:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\trg23s76.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.470:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\trg23s76.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.471:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\trg23s76.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.472:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\trg23s76.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.473:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\trg23s76.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.474:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\trg23s76.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.475:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\trg23s76.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.476:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\trg23s76.default\cookies.txt -> Spyware.Cookie.Hitslink : Cleaned with backup
:mozilla.477:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\trg23s76.default\cookies.txt -> Spyware.Cookie.Hitslink : Cleaned with backup
:mozilla.478:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\trg23s76.default\cookies.txt -> Spyware.Cookie.Hitslink : Cleaned with backup
:mozilla.479:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\trg23s76.default\cookies.txt -> Spyware.Cookie.Hitslink : Cleaned with backup
:mozilla.480:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\trg23s76.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.483:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\trg23s76.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.497:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\trg23s76.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.498:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\trg23s76.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.499:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\trg23s76.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.500:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\trg23s76.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.501:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\trg23s76.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.502:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\trg23s76.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.503:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\trg23s76.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.504:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\trg23s76.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.505:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\trg23s76.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.506:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\trg23s76.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.507:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\trg23s76.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.508:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\trg23s76.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.509:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\trg23s76.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.510:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\trg23s76.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.511:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\trg23s76.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.512:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\trg23s76.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.513:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\trg23s76.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.516:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\trg23s76.default\cookies.txt -> Spyware.Cookie.Ad-logics : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@247realmedia[2].txt -> Spyware.Cookie.247realmedia : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@abetterinternet[1].txt -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt -> Spyware.Cookie.Specificclick : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> Spyware.Cookie.Addynamix : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> Spyware.Cookie.Pointroll : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@adtech[2].txt -> Spyware.Cookie.Adtech : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@advertising[2].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> Spyware.Cookie.Falkag : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@bfast[2].txt -> Spyware.Cookie.Bfast : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@bluestreak[2].txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@burstnet[2].txt -> Spyware.Cookie.Burstnet : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@casalemedia[1].txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> Spyware.Cookie.Hitslink : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> Spyware.Cookie.Sextracker : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> Spyware.Cookie.Coremetrics : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt -> Spyware.Cookie.Ru4 : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@fastclick[1].txt -> Spyware.Cookie.Fastclick : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@findwhat[1].txt -> Spyware.Cookie.Findwhat : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@mediaplex[1].txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@overture[2].txt -> Spyware.Cookie.Overture : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> Spyware.Cookie.Overture : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt -> Spyware.Cookie.Liveperson : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt -> Spyware.Cookie.Liveperson : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@sexlist[2].txt -> Spyware.Cookie.Sexlist : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@sextracker[2].txt -> Spyware.Cookie.Sextracker : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@spylog[1].txt -> Spyware.Cookie.Spylog : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@statcounter[2].txt -> Spyware.Cookie.Statcounter : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@trafficmp[2].txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@tribalfusion[2].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@valueclick[1].txt -> Spyware.Cookie.Valueclick : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> Spyware.Cookie.Myaffiliateprogram : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> Spyware.Cookie.Shopathomeselect : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> Spyware.Cookie.Adserver : Cleaned with backup
C:\Documents and Settings\Administrator\Local Settings\Temp\snuninst.exe -> TrojanSpy.Bancos.ds : Cleaned with backup
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\G92FC9AR\abiuninst[1].exe -> Adware.BetterInternet : Cleaned with backup
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\UHDYJITS\aurora[1].exe -> Adware.BetterInternet : Cleaned with backup
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\WJTI7A2H\AuroraHandler[1].dll -> Adware.BetterInternet : Cleaned with backup
C:\WINDOWS\jfwpokudzt.exe -> Adware.BetterInternet : Cleaned with backup
C:\WINDOWS\n4f68vko.exe -> Adware.SAHA : Cleaned with backup
C:\WINDOWS\system32\5fbv1fpf.exe -> Adware.Saha : Cleaned with backup
C:\WINDOWS\system32\9e44fsp5.exe -> Adware.SAHA : Cleaned with backup
C:\WINDOWS\system32\ja2hf7o9.dll -> Adware.SAHA : Cleaned with backup
C:\WINDOWS\system32\nsrF.dll -> Spyware.HotSearchBar : Cleaned with backup
C:\WINDOWS\system32\richup.exe -> Spyware.SafeSurfing : Cleaned with backup
C:\WINDOWS\vbtwgq.exe -> Adware.BetterInternet : Cleaned with backup
C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wtvh.dll -> Spyware.WildTangent : Cleaned with backup
C:\WINDOWS\wt\wtupdates\wtwebdriver\files\3.3.0.002\npwthost.dll -> Spyware.WildTangent : Cleaned with backup
C:\WINDOWS\wt\wtupdates\wtwebdriver\files\3.3.0.002\wtvh.dll -> Spyware.WildTangent : Cleaned with backup
C:\WINDOWS\wt\wtvh.dll -> Spyware.WildTangent : Cleaned with backup


::Report End

Ewido report #2


---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 10:20:42 AM, 7/31/2005
+ Report-Checksum: AF7F4D7

+ Scan result:

No infected objects found.


::Report End


HijackThis log

Logfile of HijackThis v1.99.1
Scan saved at 10:59:34 AM, on 7/31/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\system32\Ati2evxx.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\ehome\ehtray.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\LTMSG.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\hphmon06.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb11.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\interMute\SpamSubtract\SpamSub.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Temporary Directory 1 for hijackthis_199.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {4AA870AC-8427-42a4-B92E-ECD956197489} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [AutoTKit] C:\hp\bin\AUTOTKIT.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NAV CfgWiz] c:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [HPHUPD06] C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb11.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - Startup: Event Minder Reminders.lnk = C:\HALLMARK\EMREMIND.EXE
O4 - Startup: SpamSubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSub.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkId=39204&clcid=0x409
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {88D8E8B7-A33B-4417-A385-8373484D43ED} (InstallHelper Class) - file://C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ThereInstallHelper.dll
O16 - DPF: {8B486EF6-6B2A-4A1E-BB0D-236CB2DBB8D2} (There Voice Trainer) - file://c:\Program Files\There\ThereClient\ThereVoiceTrainer.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {AAF421E6-7914-430A-9981-72B31AFF3BF4} (There Launcher) - file://c:\Program Files\There\ThereClient\ThereLauncher.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe



I hope this shows that my system has been cleaned. Thank you for your great service to computers users!

Woody
  • Topic Stats
  • Top Replies
  • Link to this Topic
Type: Discussion • Score: 1 • Views: 420 • Replies: 3
No top replies

 
timberlandko
 
  1  
Reply Sun 31 Jul, 2005 06:18 pm
That looks clean - a little bloated as far as startups go, which really is your call - but clean.

Run HJT once more, place a checkmark in the box next to these entries (they're not nasties, but you really don't need or want 'em):
O2 - BHO: (no name) - {4AA870AC-8427-42a4-B92E-ECD956197489} - (no file)
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
Click "Fix Checked", don't reboot yet, run CCleaner one more time, then rebooot. Run HJT one more time, to make sure those are gone.

I'd say you're good to go. You can uninstall or delete the downloaded tools, though I recommend keeping CCleaner, Microsoft Antispyware, SpyBot S&D, Spywareblaster, and Ad-Aware SE. Defrag your machine then set a fresh restore point, and Be Safe Out There
0 Replies
 
woody45
 
  1  
Reply Sat 6 Aug, 2005 05:25 pm
Timber,

Thanks again for your help.!

I'll "safen up", as Homer Simpson says!

Woody
0 Replies
 
timberlandko
 
  1  
Reply Mon 8 Aug, 2005 09:33 pm
Yer weccum, and thanks for the feedback. Glad we could help.
0 Replies
 
 

Related Topics

Super cool computer tricks, for dopes like me. - Discussion by OCCOM BILL
Clone of Micosoft Office - Question by Advocate
Do You Turn Off Your Computer at Night? - Discussion by Phoenix32890
The "Death" of the Computer Mouse - Discussion by Phoenix32890
Windows 10... - Discussion by Region Philbis
Surface Pro 3: What do you think? - Question by neologist
Windows 8 tips thread - Discussion by Wilso
Mac help/can't install new printer, don't remember passwd - Discussion by ossobuco
GOOGLE CHROME - Question by Setanta
.Net and Firefox... - Discussion by gungasnake
Hacking a computer and remote access - Discussion by trying2learn
 
  1. Forums
  2. » [RESOLVED] Yuckware Removal
Copyright © 2025 MadLab, LLC :: Terms of Service :: Privacy Policy :: Page generated in 0.03 seconds on 12/28/2025 at 12:23:30