1
   

SPYWARE: HJT Log... please take a look and advise.

Forums: Computers
Email this Topic Print this Page
 
 
sepand
 
Reply Sun 16 Oct, 2005 08:33 pm
My friend's laptop was recently starting to perform very slow, and popups after popups would, well, pop up. So she gave me her laptop so that I would clean it, and I've followed one of the links on this forum. I've performed multiple resident scans, online scans, installed/updated MS Antispyware, SPybot, etc. and in short, performed every task that was written down (except for AboutBuster, which for some reason does not work anymore, and many other ppl have complained about it too).

So now I'm posting my HJT log along with EWIDO's Security Suite:

EWIDO

***1st scan:
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 1:43:25 PM, 10/13/2005
+ Report-Checksum: BD991AA7

+ Scan result:

HKLM\SOFTWARE\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} -> Spyware.MiniBug : Cleaned with backup
HKLM\SOFTWARE\Classes\MiniBugTransporter.MiniBugTransporterX\CLSID\\ -> Spyware.MiniBug : Cleaned with backup
HKLM\SOFTWARE\Classes\MiniBugTransporter.MiniBugTransporterX.1\CLSID\\ -> Spyware.MiniBug : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8DA5457F-A8AA-4CCF-A842-70E6FD274094} -> Spyware.HuntBar : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\AUI -> Spyware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/QDow.dll\\.Owner -> Spyware.HuntBar : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/QDow.dll\\{26E8361F-BCE7-4F75-A347-98C88B418322} -> Spyware.HuntBar : Cleaned with backup
HKU\S-1-5-21-3550054110-525687701-1819233997-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6E21F428-5617-47F7-AED8-B2E1D8FBA711} -> Spyware.IBIS : Cleaned with backup
HKU\S-1-5-21-3550054110-525687701-1819233997-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{87766247-311C-43B4-8499-3D5FEC94A183} -> Spyware.HuntBar : Cleaned with backup
HKU\S-1-5-21-3550054110-525687701-1819233997-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8B0FA130-0C3D-4CB1-AEB7-2C29DA5509A3} -> Spyware.IBIS : Cleaned with backup
HKU\S-1-5-21-3550054110-525687701-1819233997-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8DA5457F-A8AA-4CCF-A842-70E6FD274094} -> Spyware.HuntBar : Cleaned with backup
C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll -> Spyware.Wheaterbug : Cleaned with backup


::Report End


*** SECOND SCAN: Found nothing.


HJT[/u]
Logfile of HijackThis v1.99.1
Scan saved at 10:02:13 PM, on 10/16/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Trend Micro\Internet Security\tmproxy.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Trend Micro\Internet Security\PccPfw.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Dell\AccessDirect\dadapp.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Trend Micro\Internet Security\PCClient.exe
C:\Program Files\Trend Micro\Internet Security\TMOAgent.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\rdso\eetu.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = server:80
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O1 - Hosts: the corresponding host name.
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {161F0027-9BEA-5709-3DDD-858B71C75326} - (no file)
O2 - BHO: (no name) - {20A362F3-A037-D0E5-4B47-DA38763A91B9} - (no file)
O2 - BHO: (no name) - {4DDCF581-0634-5351-6BE4-9E6DB512CBEA} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [DadApp] C:\Program Files\Dell\AccessDirect\dadapp.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security\pccguide.exe"
O4 - HKLM\..\Run: [PCClient.exe] "C:\Program Files\Trend Micro\Internet Security\PCClient.exe"
O4 - HKLM\..\Run: [TM Outbreak Agent] "C:\Program Files\Trend Micro\Internet Security\TMOAgent.exe" /run
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [Aida] "C:\Program Files\rdso\eetu.exe" -vt mt
O4 - HKCU\..\Run: [Xkycxd] C:\WINDOWS\system32\d?dplay.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4598/mcfscan.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Trend Micro Personal Firewall (PccPfw) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Internet Security\PccPfw.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Internet Security\Tmntsrv.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Internet Security\tmproxy.exe


If you can, please tell me what I have to get rid of, and how do I go about doing that.

Thanks,
S.
  • Topic Stats
  • Top Replies
  • Link to this Topic
Type: Discussion • Score: 1 • Views: 640 • Replies: 8
No top replies

 
sepand
 
  1  
Reply Tue 18 Oct, 2005 09:56 pm
K, anyone? Please?
0 Replies
 
sepand
 
  1  
Reply Fri 21 Oct, 2005 01:45 am
K I'm giving up hope on this forum Sad But anyways, I'm gonna post another HJT and Ewido log which was ran on ANOTHER PC. So please, if anyone can, please write if I need to take any further actions FOR BOTH COMPUTERS.

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 10:35:47 AM, 10/20/2005
+ Report-Checksum: C435404

+ Scan result:

:mozilla.6:C:\Documents and Settings\Sepand Siassi\Application Data\Mozilla\Firefox\Profiles\vpeiz01a.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.7:C:\Documents and Settings\Sepand Siassi\Application Data\Mozilla\Firefox\Profiles\vpeiz01a.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.8:C:\Documents and Settings\Sepand Siassi\Application Data\Mozilla\Firefox\Profiles\vpeiz01a.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.9:C:\Documents and Settings\Sepand Siassi\Application Data\Mozilla\Firefox\Profiles\vpeiz01a.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.11:C:\Documents and Settings\Sepand Siassi\Application Data\Mozilla\Firefox\Profiles\vpeiz01a.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.12:C:\Documents and Settings\Sepand Siassi\Application Data\Mozilla\Firefox\Profiles\vpeiz01a.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.37:C:\Documents and Settings\Sepand Siassi\Application Data\Mozilla\Firefox\Profiles\vpeiz01a.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.38:C:\Documents and Settings\Sepand Siassi\Application Data\Mozilla\Firefox\Profiles\vpeiz01a.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.39:C:\Documents and Settings\Sepand Siassi\Application Data\Mozilla\Firefox\Profiles\vpeiz01a.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.40:C:\Documents and Settings\Sepand Siassi\Application Data\Mozilla\Firefox\Profiles\vpeiz01a.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.41:C:\Documents and Settings\Sepand Siassi\Application Data\Mozilla\Firefox\Profiles\vpeiz01a.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.42:C:\Documents and Settings\Sepand Siassi\Application Data\Mozilla\Firefox\Profiles\vpeiz01a.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.52:C:\Documents and Settings\Sepand Siassi\Application Data\Mozilla\Firefox\Profiles\vpeiz01a.default\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.53:C:\Documents and Settings\Sepand Siassi\Application Data\Mozilla\Firefox\Profiles\vpeiz01a.default\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.55:C:\Documents and Settings\Sepand Siassi\Application Data\Mozilla\Firefox\Profiles\vpeiz01a.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.56:C:\Documents and Settings\Sepand Siassi\Application Data\Mozilla\Firefox\Profiles\vpeiz01a.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.57:C:\Documents and Settings\Sepand Siassi\Application Data\Mozilla\Firefox\Profiles\vpeiz01a.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.58:C:\Documents and Settings\Sepand Siassi\Application Data\Mozilla\Firefox\Profiles\vpeiz01a.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.59:C:\Documents and Settings\Sepand Siassi\Application Data\Mozilla\Firefox\Profiles\vpeiz01a.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.65:C:\Documents and Settings\Sepand Siassi\Application Data\Mozilla\Firefox\Profiles\vpeiz01a.default\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.71:C:\Documents and Settings\Sepand Siassi\Application Data\Mozilla\Firefox\Profiles\vpeiz01a.default\cookies.txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
:mozilla.72:C:\Documents and Settings\Sepand Siassi\Application Data\Mozilla\Firefox\Profiles\vpeiz01a.default\cookies.txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
:mozilla.73:C:\Documents and Settings\Sepand Siassi\Application Data\Mozilla\Firefox\Profiles\vpeiz01a.default\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
:mozilla.80:C:\Documents and Settings\Sepand Siassi\Application Data\Mozilla\Firefox\Profiles\vpeiz01a.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.81:C:\Documents and Settings\Sepand Siassi\Application Data\Mozilla\Firefox\Profiles\vpeiz01a.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.82:C:\Documents and Settings\Sepand Siassi\Application Data\Mozilla\Firefox\Profiles\vpeiz01a.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.83:C:\Documents and Settings\Sepand Siassi\Application Data\Mozilla\Firefox\Profiles\vpeiz01a.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.84:C:\Documents and Settings\Sepand Siassi\Application Data\Mozilla\Firefox\Profiles\vpeiz01a.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.85:C:\Documents and Settings\Sepand Siassi\Application Data\Mozilla\Firefox\Profiles\vpeiz01a.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.86:C:\Documents and Settings\Sepand Siassi\Application Data\Mozilla\Firefox\Profiles\vpeiz01a.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.87:C:\Documents and Settings\Sepand Siassi\Application Data\Mozilla\Firefox\Profiles\vpeiz01a.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.88:C:\Documents and Settings\Sepand Siassi\Application Data\Mozilla\Firefox\Profiles\vpeiz01a.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.89:C:\Documents and Settings\Sepand Siassi\Application Data\Mozilla\Firefox\Profiles\vpeiz01a.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.90:C:\Documents and Settings\Sepand Siassi\Application Data\Mozilla\Firefox\Profiles\vpeiz01a.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.91:C:\Documents and Settings\Sepand Siassi\Application Data\Mozilla\Firefox\Profiles\vpeiz01a.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.92:C:\Documents and Settings\Sepand Siassi\Application Data\Mozilla\Firefox\Profiles\vpeiz01a.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.93:C:\Documents and Settings\Sepand Siassi\Application Data\Mozilla\Firefox\Profiles\vpeiz01a.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.94:C:\Documents and Settings\Sepand Siassi\Application Data\Mozilla\Firefox\Profiles\vpeiz01a.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.95:C:\Documents and Settings\Sepand Siassi\Application Data\Mozilla\Firefox\Profiles\vpeiz01a.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.96:C:\Documents and Settings\Sepand Siassi\Application Data\Mozilla\Firefox\Profiles\vpeiz01a.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.97:C:\Documents and Settings\Sepand Siassi\Application Data\Mozilla\Firefox\Profiles\vpeiz01a.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.98:C:\Documents and Settings\Sepand Siassi\Application Data\Mozilla\Firefox\Profiles\vpeiz01a.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.99:C:\Documents and Settings\Sepand Siassi\Application Data\Mozilla\Firefox\Profiles\vpeiz01a.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.100:C:\Documents and Settings\Sepand Siassi\Application Data\Mozilla\Firefox\Profiles\vpeiz01a.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.101:C:\Documents and Settings\Sepand Siassi\Application Data\Mozilla\Firefox\Profiles\vpeiz01a.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.102:C:\Documents and Settings\Sepand Siassi\Application Data\Mozilla\Firefox\Profiles\vpeiz01a.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.103:C:\Documents and Settings\Sepand Siassi\Application Data\Mozilla\Firefox\Profiles\vpeiz01a.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.104:C:\Documents and Settings\Sepand Siassi\Application Data\Mozilla\Firefox\Profiles\vpeiz01a.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.105:C:\Documents and Settings\Sepand Siassi\Application Data\Mozilla\Firefox\Profiles\vpeiz01a.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.106:C:\Documents and Settings\Sepand Siassi\Application Data\Mozilla\Firefox\Profiles\vpeiz01a.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.107:C:\Documents and Settings\Sepand Siassi\Application Data\Mozilla\Firefox\Profiles\vpeiz01a.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.108:C:\Documents and Settings\Sepand Siassi\Application Data\Mozilla\Firefox\Profiles\vpeiz01a.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.109:C:\Documents and Settings\Sepand Siassi\Application Data\Mozilla\Firefox\Profiles\vpeiz01a.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.110:C:\Documents and Settings\Sepand Siassi\Application Data\Mozilla\Firefox\Profiles\vpeiz01a.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.111:C:\Documents and Settings\Sepand Siassi\Application Data\Mozilla\Firefox\Profiles\vpeiz01a.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.112:C:\Documents and Settings\Sepand Siassi\Application Data\Mozilla\Firefox\Profiles\vpeiz01a.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.113:C:\Documents and Settings\Sepand Siassi\Application Data\Mozilla\Firefox\Profiles\vpeiz01a.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.114:C:\Documents and Settings\Sepand Siassi\Application Data\Mozilla\Firefox\Profiles\vpeiz01a.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.115:C:\Documents and Settings\Sepand Siassi\Application Data\Mozilla\Firefox\Profiles\vpeiz01a.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.116:C:\Documents and Settings\Sepand Siassi\Application Data\Mozilla\Firefox\Profiles\vpeiz01a.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.117:C:\Documents and Settings\Sepand Siassi\Application Data\Mozilla\Firefox\Profiles\vpeiz01a.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.118:C:\Documents and Settings\Sepand Siassi\Application Data\Mozilla\Firefox\Profiles\vpeiz01a.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.119:C:\Documents and Settings\Sepand Siassi\Application Data\Mozilla\Firefox\Profiles\vpeiz01a.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.120:C:\Documents and Settings\Sepand Siassi\Application Data\Mozilla\Firefox\Profiles\vpeiz01a.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.121:C:\Documents and Settings\Sepand Siassi\Application Data\Mozilla\Firefox\Profiles\vpeiz01a.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.122:C:\Documents and Settings\Sepand Siassi\Application Data\Mozilla\Firefox\Profiles\vpeiz01a.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.123:C:\Documents and Settings\Sepand Siassi\Application Data\Mozilla\Firefox\Profiles\vpeiz01a.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.124:C:\Documents and Settings\Sepand Siassi\Application Data\Mozilla\Firefox\Profiles\vpeiz01a.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.125:C:\Documents and Settings\Sepand Siassi\Application Data\Mozilla\Firefox\Profiles\vpeiz01a.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.126:C:\Documents and Settings\Sepand Siassi\Application Data\Mozilla\Firefox\Profiles\vpeiz01a.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.127:C:\Documents and Settings\Sepand Siassi\Application Data\Mozilla\Firefox\Profiles\vpeiz01a.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.128:C:\Documents and Settings\Sepand Siassi\Application Data\Mozilla\Firefox\Profiles\vpeiz01a.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.129:C:\Documents and Settings\Sepand Siassi\Application Data\Mozilla\Firefox\Profiles\vpeiz01a.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.130:C:\Documents and Settings\Sepand Siassi\Application Data\Mozilla\Firefox\Profiles\vpeiz01a.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.131:C:\Documents and Settings\Sepand Siassi\Application Data\Mozilla\Firefox\Profiles\vpeiz01a.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.132:C:\Documents and Settings\Sepand Siassi\Application Data\Mozilla\Firefox\Profiles\vpeiz01a.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.133:C:\Documents and Settings\Sepand Siassi\Application Data\Mozilla\Firefox\Profiles\vpeiz01a.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.134:C:\Documents and Settings\Sepand Siassi\Application Data\Mozilla\Firefox\Profiles\vpeiz01a.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.139:C:\Documents and Settings\Sepand Siassi\Application Data\Mozilla\Firefox\Profiles\vpeiz01a.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.140:C:\Documents and Settings\Sepand Siassi\Application Data\Mozilla\Firefox\Profiles\vpeiz01a.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.141:C:\Documents and Settings\Sepand Siassi\Application Data\Mozilla\Firefox\Profiles\vpeiz01a.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.142:C:\Documents and Settings\Sepand Siassi\Application Data\Mozilla\Firefox\Profiles\vpeiz01a.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.143:C:\Documents and Settings\Sepand Siassi\Application Data\Mozilla\Firefox\Profiles\vpeiz01a.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.144:C:\Documents and Settings\Sepand Siassi\Application Data\Mozilla\Firefox\Profiles\vpeiz01a.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.146:C:\Documents and Settings\Sepand Siassi\Application Data\Mozilla\Firefox\Profiles\vpeiz01a.default\cookies.txt -> Spyware.Cookie.Bfast : Cleaned with backup
:mozilla.163:C:\Documents and Settings\Sepand Siassi\Application Data\Mozilla\Firefox\Profiles\vpeiz01a.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.164:C:\Documents and Settings\Sepand Siassi\Application Data\Mozilla\Firefox\Profiles\vpeiz01a.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.165:C:\Documents and Settings\Sepand Siassi\Application Data\Mozilla\Firefox\Profiles\vpeiz01a.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.166:C:\Documents and Settings\Sepand Siassi\Application Data\Mozilla\Firefox\Profiles\vpeiz01a.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.178:C:\Documents and Settings\Sepand Siassi\Application Data\Mozilla\Firefox\Profiles\vpeiz01a.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.179:C:\Documents and Settings\Sepand Siassi\Application Data\Mozilla\Firefox\Profiles\vpeiz01a.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.180:C:\Documents and Settings\Sepand Siassi\Application Data\Mozilla\Firefox\Profiles\vpeiz01a.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.181:C:\Documents and Settings\Sepand Siassi\Application Data\Mozilla\Firefox\Profiles\vpeiz01a.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.202:C:\Documents and Settings\Sepand Siassi\Application Data\Mozilla\Firefox\Profiles\vpeiz01a.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.220:C:\Documents and Settings\Sepand Siassi\Application Data\Mozilla\Firefox\Profiles\vpeiz01a.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.229:C:\Documents and Settings\Sepand Siassi\Application Data\Mozilla\Firefox\Profiles\vpeiz01a.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.230:C:\Documents and Settings\Sepand Siassi\Application Data\Mozilla\Firefox\Profiles\vpeiz01a.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.237:C:\Documents and Settings\Sepand Siassi\Application Data\Mozilla\Firefox\Profiles\vpeiz01a.default\cookies.txt -> Spyware.Cookie.247realmedia : Cleaned with backup
:mozilla.238:C:\Documents and Settings\Sepand Siassi\Application Data\Mozilla\Firefox\Profiles\vpeiz01a.default\cookies.txt -> Spyware.Cookie.247realmedia : Cleaned with backup
:mozilla.239:C:\Documents and Settings\Sepand Siassi\Application Data\Mozilla\Firefox\Profiles\vpeiz01a.default\cookies.txt -> Spyware.Cookie.247realmedia : Cleaned with backup
:mozilla.241:C:\Documents and Settings\Sepand Siassi\Application Data\Mozilla\Firefox\Profiles\vpeiz01a.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.243:C:\Documents and Settings\Sepand Siassi\Application Data\Mozilla\Firefox\Profiles\vpeiz01a.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.245:C:\Documents and Settings\Sepand Siassi\Application Data\Mozilla\Firefox\Profiles\vpeiz01a.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.246:C:\Documents and Settings\Sepand Siassi\Application Data\Mozilla\Firefox\Profiles\vpeiz01a.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.252:C:\Documents and Settings\Sepand Siassi\Application Data\Mozilla\Firefox\Profiles\vpeiz01a.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.275:C:\Documents and Settings\Sepand Siassi\Application Data\Mozilla\Firefox\Profiles\vpeiz01a.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.276:C:\Documents and Settings\Sepand Siassi\Application Data\Mozilla\Firefox\Profiles\vpeiz01a.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.277:C:\Documents and Settings\Sepand Siassi\Application Data\Mozilla\Firefox\Profiles\vpeiz01a.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.278:C:\Documents and Settings\Sepand Siassi\Application Data\Mozilla\Firefox\Profiles\vpeiz01a.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.279:C:\Documents and Settings\Sepand Siassi\Application Data\Mozilla\Firefox\Profiles\vpeiz01a.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.281:C:\Documents and Settings\Sepand Siassi\Application Data\Mozilla\Firefox\Profiles\vpeiz01a.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.282:C:\Documents and Settings\Sepand Siassi\Application Data\Mozilla\Firefox\Profiles\vpeiz01a.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.283:C:\Documents and Settings\Sepand Siassi\Application Data\Mozilla\Firefox\Profiles\vpeiz01a.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.284:C:\Documents and Settings\Sepand Siassi\Application Data\Mozilla\Firefox\Profiles\vpeiz01a.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.285:C:\Documents and Settings\Sepand Siassi\Application Data\Mozilla\Firefox\Profiles\vpeiz01a.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.286:C:\Documents and Settings\Sepand Siassi\Application Data\Mozilla\Firefox\Profiles\vpeiz01a.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.287:C:\Documents and Settings\Sepand Siassi\Application Data\Mozilla\Firefox\Profiles\vpeiz01a.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.288:C:\Documents and Settings\Sepand Siassi\Application Data\Mozilla\Firefox\Profiles\vpeiz01a.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.292:C:\Documents and Settings\Sepand Siassi\Application Data\Mozilla\Firefox\Profiles\vpeiz01a.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.293:C:\Documents and Settings\Sepand Siassi\Application Data\Mozilla\Firefox\Profiles\vpeiz01a.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.294:C:\Documents and Settings\Sepand Siassi\Application Data\Mozilla\Firefox\Profiles\vpeiz01a.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.295:C:\Documents and Settings\Sepand Siassi\Application Data\Mozilla\Firefox\Profiles\vpeiz01a.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.296:C:\Documents and Settings\Sepand Siassi\Application Data\Mozilla\Firefox\Profiles\vpeiz01a.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.324:C:\Documents and Settings\Sepand Siassi\Application Data\Mozilla\Firefox\Profiles\vpeiz01a.default\cookies.txt -> Spyware.Cookie.Myaffiliateprogram : Cleaned with backup
:mozilla.332:C:\Documents and Settings\Sepand Siassi\Application Data\Mozilla\Firefox\Profiles\vpeiz01a.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.343:C:\Documents and Settings\Sepand Siassi\Application Data\Mozilla\Firefox\Profiles\vpeiz01a.default\cookies.txt -> Spyware.Cookie.Spylog : Cleaned with backup
:mozilla.374:C:\Documents and Settings\Sepand Siassi\Application Data\Mozilla\Firefox\Profiles\vpeiz01a.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.375:C:\Documents and Settings\Sepand Siassi\Application Data\Mozilla\Firefox\Profiles\vpeiz01a.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.387:C:\Documents and Settings\Sepand Siassi\Application Data\Mozilla\Firefox\Profiles\vpeiz01a.default\cookies.txt -> Spyware.Cookie.Coremetrics : Cleaned with backup
:mozilla.389:C:\Documents and Settings\Sepand Siassi\Application Data\Mozilla\Firefox\Profiles\vpeiz01a.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.392:C:\Documents and Settings\Sepand Siassi\Application Data\Mozilla\Firefox\Profiles\vpeiz01a.default\cookies.txt -> Spyware.Cookie.Pro-market : Cleaned with backup
:mozilla.400:C:\Documents and Settings\Sepand Siassi\Application Data\Mozilla\Firefox\Profiles\vpeiz01a.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.412:C:\Documents and Settings\Sepand Siassi\Application Data\Mozilla\Firefox\Profiles\vpeiz01a.default\cookies.txt -> Spyware.Cookie.Realtracker : Cleaned with backup
:mozilla.413:C:\Documents and Settings\Sepand Siassi\Application Data\Mozilla\Firefox\Profiles\vpeiz01a.default\cookies.txt -> Spyware.Cookie.Realtracker : Cleaned with backup
:mozilla.445:C:\Documents and Settings\Sepand Siassi\Application Data\Mozilla\Firefox\Profiles\vpeiz01a.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.446:C:\Documents and Settings\Sepand Siassi\Application Data\Mozilla\Firefox\Profiles\vpeiz01a.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.447:C:\Documents and Settings\Sepand Siassi\Application Data\Mozilla\Firefox\Profiles\vpeiz01a.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.448:C:\Documents and Settings\Sepand Siassi\Application Data\Mozilla\Firefox\Profiles\vpeiz01a.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.449:C:\Documents and Settings\Sepand Siassi\Application Data\Mozilla\Firefox\Profiles\vpeiz01a.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.450:C:\Documents and Settings\Sepand Siassi\Application Data\Mozilla\Firefox\Profiles\vpeiz01a.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.451:C:\Documents and Settings\Sepand Siassi\Application Data\Mozilla\Firefox\Profiles\vpeiz01a.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.462:C:\Documents and Settings\Sepand Siassi\Application Data\Mozilla\Firefox\Profiles\vpeiz01a.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.463:C:\Documents and Settings\Sepand Siassi\Application Data\Mozilla\Firefox\Profiles\vpeiz01a.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.464:C:\Documents and Settings\Sepand Siassi\Application Data\Mozilla\Firefox\Profiles\vpeiz01a.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.465:C:\Documents and Settings\Sepand Siassi\Application Data\Mozilla\Firefox\Profiles\vpeiz01a.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.466:C:\Documents and Settings\Sepand Siassi\Application Data\Mozilla\Firefox\Profiles\vpeiz01a.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.467:C:\Documents and Settings\Sepand Siassi\Application Data\Mozilla\Firefox\Profiles\vpeiz01a.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.474:C:\Documents and Settings\Sepand Siassi\Application Data\Mozilla\Firefox\Profiles\vpeiz01a.default\cookies.txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup
:mozilla.508:C:\Documents and Settings\Sepand Siassi\Application Data\Mozilla\Firefox\Profiles\vpeiz01a.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.510:C:\Documents and Settings\Sepand Siassi\Application Data\Mozilla\Firefox\Profiles\vpeiz01a.default\cookies.txt -> Spyware.Cookie.Adtech : Cleaned with backup
:mozilla.511:C:\Documents and Settings\Sepand Siassi\Application Data\Mozilla\Firefox\Profiles\vpeiz01a.default\cookies.txt -> Spyware.Cookie.Adtech : Cleaned with backup
:mozilla.512:C:\Documents and Settings\Sepand Siassi\Application Data\Mozilla\Firefox\Profiles\vpeiz01a.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.513:C:\Documents and Settings\Sepand Siassi\Application Data\Mozilla\Firefox\Profiles\vpeiz01a.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.514:C:\Documents and Settings\Sepand Siassi\Application Data\Mozilla\Firefox\Profiles\vpeiz01a.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.515:C:\Documents and Settings\Sepand Siassi\Application Data\Mozilla\Firefox\Profiles\vpeiz01a.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.517:C:\Documents and Settings\Sepand Siassi\Application Data\Mozilla\Firefox\Profiles\vpeiz01a.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Sepand Siassi\Cookies\sepand [email protected][1].txt -> Spyware.Cookie.Pointroll : Cleaned with backup
C:\Documents and Settings\Sepand Siassi\Cookies\sepand siassi@statcounter[2].txt -> Spyware.Cookie.Statcounter : Cleaned with backup
C:\Documents and Settings\Sepand Siassi\Cookies\sepand siassi@tradedoubler[2].txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup


::Report End
========================================

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 12:58:24 PM, 10/20/2005
+ Report-Checksum: 840B8457

+ Scan result:

No infected objects found.


::Report End

===================================
Logfile of HijackThis v1.99.1
Scan saved at 3:29:22 PM, on 10/20/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9AA.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Raxco\PerfectDisk\PDSched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.bbc.co.uk/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.0.3
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Downloads\GetRight\xx2gr.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O4 - HKLM\..\Run: [\\V4000\EPSON Stylus CX4600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9AA.EXE /P34 "\\V4000\EPSON Stylus CX4600 Series" /O6 "USB001" /M "Stylus CX4600"
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O8 - Extra context menu item: Download with GetRight - C:\Downloads\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Downloads\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q304&bd=pavilion&pf=laptop
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/DigWXMSN.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: CWShredder Service - InterMute, Inc. - C:\Documents and Settings\Sepand Siassi\Desktop\New Folder (2)\cwshredder.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDSched.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe


That's all. Somebody, anybody... Thx.
0 Replies
 
timberlandko
 
  1  
Reply Sun 23 Oct, 2005 05:03 am
Sorry to take so long to get here, sepand, this one slipped by me.

EDIT - this applies to the SECOND set of logs you posted

That looks like a clean system. However, there are a few orphan entries that ought to be fixed with HJT, and some final cleanup tweaking could be done. Launch HJT, then place a check next to each of the following entries only:

R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)

Click "Fix Checked", and when that has completed, run full system scan-and-cleans with Ad-Aware SE, EWIDO, Microsoft Antispyware, and Spybot S&D (update all before scanning if you have not updated within the past couple of days).

When the scan-and cleans have been completed, launch CCleaner, select "Issues" (the blue stacked blocks icon), and make sure everything in the "Issue Scanning Settings" is selected, then click the "Scan for Issues" button. This could take a while. When it completes, check through the list in the righthand panel to make sure there's nothing there you want to keep (rare, but could happen - if in doubt set the entry to unchecked), otherwise make sure everything else found is selcted. Click "Fix selected issues ... " down at the bottom right of the page. Confirm, and when prompted to create a backup, do so, and note where the backup will be saved. Another "Fix all issues?" box then will pop up, select "Fix all issues", and confirm.

When that has completed, select "Cleaner" (the whiskbroom icon at the top). In the "Windows" tab, make sure everything is selected, then click the "Analyze" button down at the bottom left of that page. Be patient, this will take a while. When that has completed, click the "Run Cleaner" button down at the bottom righthand side of the page, and confirm.

When that has completed, reboot into safe mode, and repeat the full system scans-and-cleans with Ad-Aware SE, EWIDO, Microsoft Antispyware, and Spybot S&D. They should all come up clean; if any of them don't come up clean, repeat that one at least twice.

When that has completed, launch CCleaner, select "Issues", and run another scan and clean as above. Following that, select "Cleaner" and repeat that process as above.

When that has completed, reboot normally, and repeat all swcan-and-clean operations, finishing with a final run of CCleaner's "Cleanup", then reboot normally once more.

At that point you should be good to go.
0 Replies
 
sepand
 
  1  
Reply Sun 23 Oct, 2005 09:31 am
k thanks. And what about the first HJT log? Is it all clean?
0 Replies
 
timberlandko
 
  1  
Reply Sun 23 Oct, 2005 01:53 pm
No, the first one still has some bigtime nasties. Better print this out before beginning.

Launch HJT, and place a checkmark next to each of only the following entries:

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = server:80
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: the corresponding host name.
O2 - BHO: (no name) - {161F0027-9BEA-5709-3DDD-858B71C75326} - (no file)
O2 - BHO: (no name) - {20A362F3-A037-D0E5-4B47-DA38763A91B9} - (no file)
O2 - BHO: (no name) - {4DDCF581-0634-5351-6BE4-9E6DB512CBEA} - (no file)
O4 - HKCU\..\Run: [Aida] "C:\Program Files\rdso\eetu.exe" -vt mt
O4 - HKCU\..\Run: [Xkycxd] C:\WINDOWS\system32\d?dplay.exe

Click "Fix Checked" and confirm.

Using Windows Explorer (Windows key + E), configured to View All Files, search for and delete if found:

C:\Program Files\rdso <--- delete entire folder


Locate and uninstall the machine's present version of CWShredder.

With the machine's resident antivirus disabled, and with no antispyware/popup stoppers/adblockers active - including Spybot S&D's "SD Helper" and/or "Teatimer", Microsoft Antispyware's "Actve Protection", and/or EWIDO's "Guard", go to TrendMicro Housecall and perform the online spyware scan. Record the full name and path of any file it reports having a problem with, should such occur. Then perform the online virus scan available at the same page, again recording the full name and path of any file it reports having a problem with, should such occur. While there, also download the latest version of CWShredder - just download it to a convenient to find location on your machine, don't do anything else with it yet.

Reactivate the machine's resident antivirus and update it. Don't use it yet, just update it.

Locate and delete the folder from which the earlier (5.0) version AboutBuster runs. Download the updated AboutBuster 5.1, unzip it to a folder on your desktop, and read the accompanying text file. Don't run it yet.

Update Ad-Aware, CCleaner, EWIDO (use manual update per the instructions linked on the Yuckware Removal topic if the trial has expired), Microsoft Antispyware, and Spybot S&D. Don't run any of them yet - just update them then close them. When you update Ad-Aware SE, also download the updated VX2 Cleaner tool - be sure to read and understand the updated instructions for use (its a good idea to print them out). Just download the updated VX2 plugin, don't install it or run it yet.

When you have done all that, disconnect from the internet, locate the folder from which Ad-Aware SE runs (should be C:\Program Files\Lavasoft\Ad-Aware SE}, locate and open the "Plugins" folder, then locate and delete just the 3 files vx2cleaner.chm, vx2cleaner.dll and vx2cleaner.dlx. Close the folder, then locate the updated VX2 Cleaner download you just performed and install it per instructions. Don't use it yet, just install the updated version.

Reboot into safe mode, and run a full system scan-and-clean with the machine's resident antivirus.

Locate and run AboutBuster 5.1; when it has completed, run it a second time. If prompted to reboot, do so, returning to safe mode, then go on to the next step, otherwise, don't reboot. Note and save AboutBuster's log following your second run of the app.

When AboutBuster 5.1 has completed its 2cnd run, and you have saved its log, locate, unzip if necessary, and run the updated CWShredder, selecting the "Fix" option. When it has completed, run it a second time. Don't reboot unless prompted to do so.

Locate DelDomains.inf, which you should already have downloaded and used at least once. Right-click on the file "DelDomains.inf", select "Install", and confirm if prompted. Note: This will remove all entries in your "Trusted Zone" and "Ranges".

Launch Ad-Aware SE, select "Add-ons", select "VX2Cleaner", then click "Run Tool" and confirm. On the "Tools" tab, select the VX2 Cleaner tool and click "Run Tool". If the plugin reports computer isn't infected, click "Close". Otherwise, if your computer is reported as infected, select "Clean", then reboot normally, but do not allow the machine to connect to the internet. Scan with Ad-Aware SE and remove any VX2 objects detected, and any other detected threats. Reboot normally again, still not allowing the machine to connect to the internet, and run a second scan to make sure the files have been removed. Remove everything, if anything, detected. Whether or not the second scan reports anything detected, reboot into safe mode, run the VX2 Cleaner plugin one more time, and follow with a full system scan-and-clean with Ad-Aware SE.

While still in safe mode, run full system scan-and-clean operations with EWIDO (saving the log), Microsoft Antispyware, and Spybot S&D, in that order.

When the scan-and cleans have been completed, launch CCleaner, select "Issues" (the blue stacked blocks icon), and make sure everything in the "Issue Scanning Settings" is selected, then click the "Scan for Issues" button. This could take a while. When it completes, check through the list in the righthand panel to make sure there's nothing there you want to keep (rare, but could happen - if in doubt set the entry to unchecked), otherwise make sure everything else found is selcted. Click "Fix selected issues ... " down at the bottom right of the page. Confirm, and when prompted to create a backup, do so, and note where the backup will be saved. Another "Fix all issues?" box then will pop up, select "Fix all issues", and confirm.

When that has completed, select "Cleaner" (the whiskbroom icon at the top). In the "Windows" tab, make sure everything is selected, then click the "Analyze" button down at the bottom left of that page. Be patient, this will take a while. When that has completed, click the "Run Cleaner" button down at the bottom righthand side of the page, and confirm.

When that has been completed, launch Microsoft Antispyware again, select "Advanced Tools", then "Browser Restore". Place a checkmark in the "Select All" box at the bottom of the left-hand panel, then click "Restore" and confirm. This should reset your Start Page and Search Assistants to Microsoft defaults; you can always reset them to your own preferences if you wish, but its good to start from a known-safe point.

When that has been done, boot normally and repeat full scan-and fixes with all, saving the EWIDO log, followed by an "Issues" scan-and-fix then a final cleanup with CCleaner.

Finally ("pheeewwww!!!", huh? Laughing ), reboot normally one more time, immediately run a scan-andsave-log-only with HJT, fixing nothing, then connect to the internet, navigate back here, and post the requested logs (AboutBuster, 2 EWIDO, and the latest HJT log), the full name and path of any files the Trend Micro online scans had trouble with, if any, and if applicable a detailed description of any errors or other glitches you encountered.
0 Replies
 
sepand
 
  1  
Reply Tue 1 Nov, 2005 12:22 pm
Phew. Here are the details:

*** AboutBuster ***
I couldn't save the logs because of a Run-Time Error that also kept happening in the older version. However, the scan did not find anything, neither the first time or the second time.

*** EWIDO ***
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 11:39:15 PM, 10/31/2005
+ Report-Checksum: 8293A66

+ Scan result:

:mozilla.10:C:\Documents and Settings\Mitra Modaressi\Application Data\Mozilla\Firefox\Profiles\efgvse86.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.11:C:\Documents and Settings\Mitra Modaressi\Application Data\Mozilla\Firefox\Profiles\efgvse86.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
C:\WINDOWS\SYSTEM32\oins.exe -> Spyware.MediaTickets : Cleaned with backup


::Report End


---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 11:45:22 AM, 11/1/2005
+ Report-Checksum: 99346A46

+ Scan result:

No infected objects found.


::Report End

*** TREND MICRO ONLINE SPYWARE SCAN ***
BHOT_IBISLLC:

HLM\SYSTEM\CurrentControlSet\Enum\Root|LEGACY_TBPSSVC\
LEGACY_TBPSSVC\
LEGACY_TBPSSVC\0000\
LEGACY_TBPSSVC\0000\Service
LEGACY_TBPSSVC\0000\Legacy
LEGACY_TBPSSVC\0000\DeviceDesc
LEGACY_TBPSSVC\0000\ConfigFlags
LEGACY_TBPSSVC\0000\ClassGUID
LEGACY_TBPSSVC\0000\Class
LEGACY_TBPSSVC\0000\NextInstance

All the files were fixed.

*** HJT ***
Logfile of HijackThis v1.99.1
Scan saved at 12:56:12 PM, on 11/1/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Trend Micro\Internet Security\Tmntsrv.exe
C:\Program Files\Trend Micro\Internet Security\tmproxy.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Trend Micro\Internet Security\PccPfw.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Dell\AccessDirect\dadapp.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Trend Micro\Internet Security\pccguide.exe
C:\Program Files\Trend Micro\Internet Security\PCClient.exe
C:\Program Files\Trend Micro\Internet Security\TMOAgent.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\HJT\HijackThis.exe

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [DadApp] C:\Program Files\Dell\AccessDirect\dadapp.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security\pccguide.exe"
O4 - HKLM\..\Run: [PCClient.exe] "C:\Program Files\Trend Micro\Internet Security\PCClient.exe"
O4 - HKLM\..\Run: [TM Outbreak Agent] "C:\Program Files\Trend Micro\Internet Security\TMOAgent.exe" /run
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4598/mcfscan.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Trend Micro Personal Firewall (PccPfw) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Internet Security\PccPfw.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Internet Security\Tmntsrv.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Internet Security\tmproxy.exe

*** Perhaps it's worth noting that my last scan with Spybot in SAFE MODE found WILD_TANGENT (I think that's what it was called), and also found the same problem with my last scan (NOT IN SAFE MODE).

*** There still seems to be a problem with the desktop icons. My desktop shows NO ICONS at all. WHen I browse to DESKTOP through explorer, of course there files and folders on it, but nothing is visible on the desktop page itself.

*** The laptop is still very slow in performance. I will do some adjusting in msconfig once this is done to free up some resources. I'd be happy to hear any other suggestions which you may have.

Thanks.
0 Replies
 
sepand
 
  1  
Reply Sun 6 Nov, 2005 10:55 am
ummmm, anybody?
0 Replies
 
timberlandko
 
  1  
Reply Sun 6 Nov, 2005 03:45 pm
The HJT log doesn't show any yuckware signatures, but it appears both Trend PC-cillin and Norton Antivirus are running, as well as possibly both Trend's firewal and Norton's - either way, more than one active antivirus and/or more than one active firewall can slow things to a crawl - even cause a crash. I suggest you at the very least disable, if not in fact uninstall, one or the other example of each (if in fact both are installed and configured to run).

A thought on the missing desktop icons - that's a known issue with some versions of PC-Cillin - particularly with XP machines. I think it might be a good idea to uninstall it, then, if you intend to keep it (disabling real-time protection from, or totally getting rid of Norton instead), reinstall, reactivate, and immediately update it.

For the desktop icons problem, once you've done whatever regarding PC-Cillin, you might wanna try this script: Restore Desktop Icons and Taskbar (its from Kelly's Korner - a website maintained by respected Microsoft MSVP Kelly Theriot). To use the script, save it to your hard drive (you may want to create a folder for it, or point it to an easy-to-find existing folder), then right click and use "Save Target As", selecting "All Files" as type. When it has downloaded, locate the file, and double click it, (the extension will be ".vbs") to run - confirming if prompted - the fix. You'll get a prompt when the script has successfully executed. NOTE: If your anti-virus software complains about a "malicious script" or something like that, you can safely ignore the warning and permit the script to run; the script is not malicious, but it will effect a registry change, which is what triggers the antivirus warning. When done, reboot.
0 Replies
 
 

Related Topics

Super cool computer tricks, for dopes like me. - Discussion by OCCOM BILL
Clone of Micosoft Office - Question by Advocate
Do You Turn Off Your Computer at Night? - Discussion by Phoenix32890
The "Death" of the Computer Mouse - Discussion by Phoenix32890
Windows 10... - Discussion by Region Philbis
Surface Pro 3: What do you think? - Question by neologist
Windows 8 tips thread - Discussion by Wilso
Mac help/can't install new printer, don't remember passwd - Discussion by ossobuco
GOOGLE CHROME - Question by Setanta
.Net and Firefox... - Discussion by gungasnake
Hacking a computer and remote access - Discussion by trying2learn
 
  1. Forums
  2. » SPYWARE: HJT Log... please take a look and advise.
Copyright © 2025 MadLab, LLC :: Terms of Service :: Privacy Policy :: Page generated in 0.04 seconds on 12/28/2025 at 01:16:17