Ad Project virus and others [HJT Log]

zbratch1 · 2006/04/26

I have windows popping up from my task tray. One that looks like Windows Update and another that's just a red box in the lower right-hand corner saying I have a virus.

Here's my HijackThis logfile:

Logfile of HijackThis v1.99.1
Scan saved at 10:58:56 PM, on 4/26/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\scvhost.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\nvidGUIv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\R_SERVER.EXE
C:\WINDOWS\System32\svchost.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\System32\atmclk.exe
C:\WINDOWS\System32\dcomcfg.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\WINDOWS\system32\ezSP_Px.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\msngrs.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\MMDiag.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\AIM\aim.exe
C:\Documents and Settings\William Bratcher\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.hotmail.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://download.microsoft.com/download/OfficeXPStandard/SP/oxpsp1/W98NT42KMeXP/EN-US/Oxpsp1.exe
O2 - BHO: Nothing - {b0398eca-0bcd-4645-8261-5e9dc70248d0} - C:\WINDOWS\System32\hp48D6.tmp
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [MCAgentExe] C:\Program Files\McAfee.com\Agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe "
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKLM\..\Run: [Microsoft schedule] msngrs.exe
O4 - HKLM\..\RunServices: [Microsoft schedule] msngrs.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkId=39204&clcid=0x409
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.yorkphoto.com/YorkActivia.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/2070af3b183ecd767302/netzip/RdxIE601.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1141614476375
O16 - DPF: {72D59B9C-1E59-4958-803A-ABDEE2D4CFA6} - http://download.divx.com/player/DivXPlayerInstaller.exe
O16 - DPF: {A1A961DA-2BA6-4032-859E-01AC35357163} (One2One Viewer) - http://www.one2one.com/static/class/one2one.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab27513.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Loading Outpost Connections (KDE) - Unknown owner - C:\WINDOWS\system32\cmdtel.exe (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Local Security Authority Subsystem Service (lsass) - Unknown owner - C:\WINDOWS\scvhost.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Mcafee.com Corporation - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: nvidGUIv (nvidGUIv2) - Unknown owner - C:\WINDOWS\nvidGUIv.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Remote Administrator Service (r_server) - Unknown owner - C:\WINDOWS\system32\R_SERVER.EXE" /service (file missing)
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

PeteC · 2006/04/27

zbratch1 - Welcome to the Board

Please move hijackthis.exe to a permanent folder on your hard drive, say C:\HJT - if items are fixed HJT needs to make a backup and the desktop is not a suitable location.

Start the computer in Safe Mode and navigate to C:\WINDOWS\System32\ and delete msngrs.exe

Then go Start > Run > type in msconfig > OK and hit the Startup tab and disable the entry for msngrs.exe

Then scan again with HJT and place a checkmark against these items and hit Fix Selected.

O2 - BHO: Nothing - {b0398eca-0bcd-4645-8261-5e9dc70248d0} - C:\WINDOWS\System32\hp48D6.tmp
O4 - HKLM\..\Run: [Microsoft schedule] msngrs.exe
O4 - HKLM\..\RunServices: [Microsoft schedule] msngrs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O23 - Service: Remote Administrator Service (r_server) - Unknown owner - C:\WINDOWS\system32\R_SERVER.EXE" /service (file missing)

Reboot and run another scan and post the results here.

I see you have ewido installed - have you run a scan with this? If not please run it, save the report and post a copy here.

zbratch1 · 2006/04/27

... Here's the HJT Logfile:

Logfile of HijackThis v1.99.1
Scan saved at 3:00:39 PM, on 4/27/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\scvhost.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\nvidGUIv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\R_SERVER.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wuauclt.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\System32\atmclk.exe
C:\WINDOWS\System32\dcomcfg.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\WINDOWS\system32\ezSP_Px.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
C:\Program Files\hijack this\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.hotmail.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://download.microsoft.com/download/OfficeXPStandard/SP/oxpsp1/W98NT42KMeXP/EN-US/Oxpsp1.exe
O2 - BHO: Nothing - {b0398eca-0bcd-4645-8261-5e9dc70248d0} - C:\WINDOWS\System32\hp82DD.tmp
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [MCAgentExe] C:\Program Files\McAfee.com\Agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe "
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkId=39204&clcid=0x409
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.yorkphoto.com/YorkActivia.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/2070af3b183ecd767302/netzip/RdxIE601.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1141614476375
O16 - DPF: {72D59B9C-1E59-4958-803A-ABDEE2D4CFA6} - http://download.divx.com/player/DivXPlayerInstaller.exe
O16 - DPF: {A1A961DA-2BA6-4032-859E-01AC35357163} (One2One Viewer) - http://www.one2one.com/static/class/one2one.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab27513.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Loading Outpost Connections (KDE) - Unknown owner - C:\WINDOWS\system32\cmdtel.exe (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Local Security Authority Subsystem Service (lsass) - Unknown owner - C:\WINDOWS\scvhost.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Mcafee.com Corporation - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: nvidGUIv (nvidGUIv2) - Unknown owner - C:\WINDOWS\nvidGUIv.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Remote Administrator Service (r_server) - Unknown owner - C:\WINDOWS\system32\R_SERVER.EXE" /service (file missing)
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

zbratch1 · 2006/04/27

... and here's the first part of the ewido scan file:

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 3:47:42 PM, 4/27/2006
+ Report-Checksum: F113B141

+ Scan result:

HKLM\SOFTWARE\Classes\CLSID\{2178F3FB-2560-458f-BDEE-631E2FE0DFE4} -> Adware.WinAntiVirus : Cleaned with backup
HKLM\SOFTWARE\Classes\WindowsSB.Band.1 -> Adware.BlazeFind : Cleaned with backup
HKLM\SOFTWARE\Classes\WindowsSB.EventHandler.1 -> Adware.BlazeFind : Cleaned with backup
HKLM\SOFTWARE\SurfSideKick3 -> Adware.SurfSide : Cleaned with backup
HKLM\SOFTWARE\SurfSideKick3\Internet Explorer -> Adware.SurfSide : Cleaned with backup
[1364] C:\WINDOWS\System32\twain32.dll -> Not-A-Virus.Hoax.Win32.Renos.cu : Cleaned with backup
[192] C:\WINDOWS\scvhost.exe -> Backdoor.SdBot.aad : Cleaned with backup
[480] C:\WINDOWS\system32\R_SERVER.EXE -> Backdoor.RAdmin.j : Cleaned with backup
[244] C:\WINDOWS\system32\winmp.dll -> Backdoor.Afcore.cm : Cleaned with backup
[1936] C:\WINDOWS\system32\winmp.dll -> Backdoor.Afcore.cm : Cleaned with backup
[472] C:\WINDOWS\system32\winmp.dll -> Backdoor.Afcore.cm : Cleaned with backup
[504] C:\WINDOWS\system32\winmp.dll -> Backdoor.Afcore.cm : Cleaned with backup
[824] C:\WINDOWS\system32\winmp.dll -> Backdoor.Afcore.cm : Cleaned with backup
[896] C:\WINDOWS\system32\winmp.dll -> Backdoor.Afcore.cm : Cleaned with backup
[984] C:\WINDOWS\system32\winmp.dll -> Backdoor.Afcore.cm : Cleaned with backup
[1316] C:\WINDOWS\system32\winmp.dll -> Backdoor.Afcore.cm : Cleaned with backup
[1172] C:\WINDOWS\system32\winmp.dll -> Backdoor.Afcore.cm : Cleaned with backup
[1288] C:\WINDOWS\system32\winmp.dll -> Backdoor.Afcore.cm : Cleaned with backup
[708] C:\WINDOWS\system32\winmp.dll -> Backdoor.Afcore.cm : Cleaned with backup
[1444] C:\WINDOWS\system32\winmp.dll -> Backdoor.Afcore.cm : Cleaned with backup
[1536] C:\WINDOWS\system32\winmp.dll -> Backdoor.Afcore.cm : Cleaned with backup
[1560] C:\WINDOWS\system32\winmp.dll -> Backdoor.Afcore.cm : Cleaned with backup
[1680] C:\WINDOWS\system32\winmp.dll -> Backdoor.Afcore.cm : Cleaned with backup
[2052] C:\WINDOWS\system32\winmp.dll -> Backdoor.Afcore.cm : Cleaned with backup
[2072] C:\WINDOWS\system32\winmp.dll -> Backdoor.Afcore.cm : Cleaned with backup
[2160] C:\WINDOWS\system32\winmp.dll -> Backdoor.Afcore.cm : Cleaned with backup
[3872] C:\WINDOWS\system32\winmp.dll -> Backdoor.Afcore.cm : Cleaned with backup
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\81EB01AJ\ra[1].exe -> Dropper.RDM.a : Cleaned with backup
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\OT6N85YN\ra[1].exe -> Dropper.RDM.a : Cleaned with backup
:mozilla.33:C:\Documents and Settings\William Bratcher\Application Data\Mozilla\Firefox\Profiles\n2an8u5v.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.34:C:\Documents and Settings\William Bratcher\Application Data\Mozilla\Firefox\Profiles\n2an8u5v.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.35:C:\Documents and Settings\William Bratcher\Application Data\Mozilla\Firefox\Profiles\n2an8u5v.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.36:C:\Documents and Settings\William Bratcher\Application Data\Mozilla\Firefox\Profiles\n2an8u5v.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.49:C:\Documents and Settings\William Bratcher\Application Data\Mozilla\Firefox\Profiles\n2an8u5v.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.51:C:\Documents and Settings\William Bratcher\Application Data\Mozilla\Firefox\Profiles\n2an8u5v.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.52:C:\Documents and Settings\William Bratcher\Application Data\Mozilla\Firefox\Profiles\n2an8u5v.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.54:C:\Documents and Settings\William Bratcher\Application Data\Mozilla\Firefox\Profiles\n2an8u5v.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.56:C:\Documents and Settings\William Bratcher\Application Data\Mozilla\Firefox\Profiles\n2an8u5v.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.57:C:\Documents and Settings\William Bratcher\Application Data\Mozilla\Firefox\Profiles\n2an8u5v.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.58:C:\Documents and Settings\William Bratcher\Application Data\Mozilla\Firefox\Profiles\n2an8u5v.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.59:C:\Documents and Settings\William Bratcher\Application Data\Mozilla\Firefox\Profiles\n2an8u5v.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.60:C:\Documents and Settings\William Bratcher\Application Data\Mozilla\Firefox\Profiles\n2an8u5v.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.62:C:\Documents and Settings\William Bratcher\Application Data\Mozilla\Firefox\Profiles\n2an8u5v.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.63:C:\Documents and Settings\William Bratcher\Application Data\Mozilla\Firefox\Profiles\n2an8u5v.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.64:C:\Documents and Settings\William Bratcher\Application Data\Mozilla\Firefox\Profiles\n2an8u5v.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.65:C:\Documents and Settings\William Bratcher\Application Data\Mozilla\Firefox\Profiles\n2an8u5v.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.66:C:\Documents and Settings\William Bratcher\Application Data\Mozilla\Firefox\Profiles\n2an8u5v.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.67:C:\Documents and Settings\William Bratcher\Application Data\Mozilla\Firefox\Profiles\n2an8u5v.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.68:C:\Documents and Settings\William Bratcher\Application Data\Mozilla\Firefox\Profiles\n2an8u5v.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.69:C:\Documents and Settings\William Bratcher\Application Data\Mozilla\Firefox\Profiles\n2an8u5v.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.70:C:\Documents and Settings\William Bratcher\Application Data\Mozilla\Firefox\Profiles\n2an8u5v.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.71:C:\Documents and Settings\William Bratcher\Application Data\Mozilla\Firefox\Profiles\n2an8u5v.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.72:C:\Documents and Settings\William Bratcher\Application Data\Mozilla\Firefox\Profiles\n2an8u5v.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.73:C:\Documents and Settings\William Bratcher\Application Data\Mozilla\Firefox\Profiles\n2an8u5v.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.74:C:\Documents and Settings\William Bratcher\Application Data\Mozilla\Firefox\Profiles\n2an8u5v.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.75:C:\Documents and Settings\William Bratcher\Application Data\Mozilla\Firefox\Profiles\n2an8u5v.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.85:C:\Documents and Settings\William Bratcher\Application Data\Mozilla\Firefox\Profiles\n2an8u5v.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.86:C:\Documents and Settings\William Bratcher\Application Data\Mozilla\Firefox\Profiles\n2an8u5v.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.87:C:\Documents and Settings\William Bratcher\Application Data\Mozilla\Firefox\Profiles\n2an8u5v.default\cookies.txt -> TrackingCookie.Coremetrics : Cleaned with backup
:mozilla.91:C:\Documents and Settings\William Bratcher\Application Data\Mozilla\Firefox\Profiles\n2an8u5v.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.92:C:\Documents and Settings\William Bratcher\Application Data\Mozilla\Firefox\Profiles\n2an8u5v.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.93:C:\Documents and Settings\William Bratcher\Application Data\Mozilla\Firefox\Profiles\n2an8u5v.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.94:C:\Documents and Settings\William Bratcher\Application Data\Mozilla\Firefox\Profiles\n2an8u5v.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.95:C:\Documents and Settings\William Bratcher\Application Data\Mozilla\Firefox\Profiles\n2an8u5v.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.96:C:\Documents and Settings\William Bratcher\Application Data\Mozilla\Firefox\Profiles\n2an8u5v.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.97:C:\Documents and Settings\William Bratcher\Application Data\Mozilla\Firefox\Profiles\n2an8u5v.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.100:C:\Documents and Settings\William Bratcher\Application Data\Mozilla\Firefox\Profiles\n2an8u5v.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.102:C:\Documents and Settings\William Bratcher\Application Data\Mozilla\Firefox\Profiles\n2an8u5v.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.103:C:\Documents and Settings\William Bratcher\Application Data\Mozilla\Firefox\Profiles\n2an8u5v.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.104:C:\Documents and Settings\William Bratcher\Application Data\Mozilla\Firefox\Profiles\n2an8u5v.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.105:C:\Documents and Settings\William Bratcher\Application

zbratch1 · 2006/04/27

... here's the continuation of the ewido scan file:

Data\Mozilla\Firefox\Profiles\n2an8u5v.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.118:C:\Documents and Settings\William Bratcher\Application Data\Mozilla\Firefox\Profiles\n2an8u5v.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.119:C:\Documents and Settings\William Bratcher\Application Data\Mozilla\Firefox\Profiles\n2an8u5v.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.120:C:\Documents and Settings\William Bratcher\Application Data\Mozilla\Firefox\Profiles\n2an8u5v.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.121:C:\Documents and Settings\William Bratcher\Application Data\Mozilla\Firefox\Profiles\n2an8u5v.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.136:C:\Documents and Settings\William Bratcher\Application Data\Mozilla\Firefox\Profiles\n2an8u5v.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.137:C:\Documents and Settings\William Bratcher\Application Data\Mozilla\Firefox\Profiles\n2an8u5v.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.138:C:\Documents and Settings\William Bratcher\Application Data\Mozilla\Firefox\Profiles\n2an8u5v.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.139:C:\Documents and Settings\William Bratcher\Application Data\Mozilla\Firefox\Profiles\n2an8u5v.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.140:C:\Documents and Settings\William Bratcher\Application Data\Mozilla\Firefox\Profiles\n2an8u5v.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.141:C:\Documents and Settings\William Bratcher\Application Data\Mozilla\Firefox\Profiles\n2an8u5v.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.177:C:\Documents and Settings\William Bratcher\Application Data\Mozilla\Firefox\Profiles\n2an8u5v.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.180:C:\Documents and Settings\William Bratcher\Application Data\Mozilla\Firefox\Profiles\n2an8u5v.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.181:C:\Documents and Settings\William Bratcher\Application Data\Mozilla\Firefox\Profiles\n2an8u5v.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.189:C:\Documents and Settings\William Bratcher\Application Data\Mozilla\Firefox\Profiles\n2an8u5v.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.190:C:\Documents and Settings\William Bratcher\Application Data\Mozilla\Firefox\Profiles\n2an8u5v.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.191:C:\Documents and Settings\William Bratcher\Application Data\Mozilla\Firefox\Profiles\n2an8u5v.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.192:C:\Documents and Settings\William Bratcher\Application Data\Mozilla\Firefox\Profiles\n2an8u5v.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.193:C:\Documents and Settings\William Bratcher\Application Data\Mozilla\Firefox\Profiles\n2an8u5v.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.194:C:\Documents and Settings\William Bratcher\Application Data\Mozilla\Firefox\Profiles\n2an8u5v.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.195:C:\Documents and Settings\William Bratcher\Application Data\Mozilla\Firefox\Profiles\n2an8u5v.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.196:C:\Documents and Settings\William Bratcher\Application Data\Mozilla\Firefox\Profiles\n2an8u5v.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.197:C:\Documents and Settings\William Bratcher\Application Data\Mozilla\Firefox\Profiles\n2an8u5v.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.198:C:\Documents and Settings\William Bratcher\Application Data\Mozilla\Firefox\Profiles\n2an8u5v.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.203:C:\Documents and Settings\William Bratcher\Application Data\Mozilla\Firefox\Profiles\n2an8u5v.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.204:C:\Documents and Settings\William Bratcher\Application Data\Mozilla\Firefox\Profiles\n2an8u5v.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.205:C:\Documents and Settings\William Bratcher\Application Data\Mozilla\Firefox\Profiles\n2an8u5v.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.206:C:\Documents and Settings\William Bratcher\Application Data\Mozilla\Firefox\Profiles\n2an8u5v.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.233:C:\Documents and Settings\William Bratcher\Application Data\Mozilla\Firefox\Profiles\n2an8u5v.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.234:C:\Documents and Settings\William Bratcher\Application Data\Mozilla\Firefox\Profiles\n2an8u5v.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.235:C:\Documents and Settings\William Bratcher\Application Data\Mozilla\Firefox\Profiles\n2an8u5v.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.236:C:\Documents and Settings\William Bratcher\Application Data\Mozilla\Firefox\Profiles\n2an8u5v.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.258:C:\Documents and Settings\William Bratcher\Application Data\Mozilla\Firefox\Profiles\n2an8u5v.default\cookies.txt -> TrackingCookie.Bfast : Cleaned with backup
:mozilla.259:C:\Documents and Settings\William Bratcher\Application Data\Mozilla\Firefox\Profiles\n2an8u5v.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
:mozilla.260:C:\Documents and Settings\William Bratcher\Application Data\Mozilla\Firefox\Profiles\n2an8u5v.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
:mozilla.261:C:\Documents and Settings\William Bratcher\Application Data\Mozilla\Firefox\Profiles\n2an8u5v.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.262:C:\Documents and Settings\William Bratcher\Application Data\Mozilla\Firefox\Profiles\n2an8u5v.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.263:C:\Documents and Settings\William Bratcher\Application Data\Mozilla\Firefox\Profiles\n2an8u5v.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.264:C:\Documents and Settings\William Bratcher\Application Data\Mozilla\Firefox\Profiles\n2an8u5v.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.265:C:\Documents and Settings\William Bratcher\Application Data\Mozilla\Firefox\Profiles\n2an8u5v.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.266:C:\Documents and Settings\William Bratcher\Application Data\Mozilla\Firefox\Profiles\n2an8u5v.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.267:C:\Documents and Settings\William Bratcher\Application Data\Mozilla\Firefox\Profiles\n2an8u5v.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.281:C:\Documents and Settings\William Bratcher\Application Data\Mozilla\Firefox\Profiles\n2an8u5v.default\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup
:mozilla.282:C:\Documents and Settings\William Bratcher\Application Data\Mozilla\Firefox\Profiles\n2an8u5v.default\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup
:mozilla.283:C:\Documents and Settings\William Bratcher\Application Data\Mozilla\Firefox\Profiles\n2an8u5v.default\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup
:mozilla.284:C:\Documents and Settings\William Bratcher\Application Data\Mozilla\Firefox\Profiles\n2an8u5v.default\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup
:mozilla.287:C:\Documents and Settings\William Bratcher\Application Data\Mozilla\Firefox\Profiles\n2an8u5v.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup
:mozilla.288:C:\Documents and Settings\William Bratcher\Application Data\Mozilla\Firefox\Profiles\n2an8u5v.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup
:mozilla.289:C:\Documents and Settings\William Bratcher\Application Data\Mozilla\Firefox\Profiles\n2an8u5v.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup
:mozilla.290:C:\Documents and Settings\William Bratcher\Application Data\Mozilla\Firefox\Profiles\n2an8u5v.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup
:mozilla.295:C:\Documents and Settings\William Bratcher\Application Data\Mozilla\Firefox\Profiles\n2an8u5v.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.298:C:\Documents and Settings\William Bratcher\Application Data\Mozilla\Firefox\Profiles\n2an8u5v.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.324:C:\Documents and Settings\William Bratcher\Application Data\Mozilla\Firefox\Profiles\n2an8u5v.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.325:C:\Documents and Settings\William Bratcher\Application Data\Mozilla\Firefox\Profiles\n2an8u5v.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.330:C:\Documents and Settings\William Bratcher\Application Data\Mozilla\Firefox\Profiles\n2an8u5v.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.336:C:\Documents and Settings\William Bratcher\Application Data\Mozilla\Firefox\Profiles\n2an8u5v.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.357:C:\Documents and Settings\William Bratcher\Application Data\Mozilla\Firefox\Profiles\n2an8u5v.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.358:C:\Documents and Settings\William Bratcher\Application Data\Mozilla\Firefox\Profiles\n2an8u5v.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.359:C:\Documents and Settings\William Bratcher\Application Data\Mozilla\Firefox\Profiles\n2an8u5v.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.360:C:\Documents and Settings\William Bratcher\Application Data\Mozilla\Firefox\Profiles\n2an8u5v.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.361:C:\Documents and Settings\William Bratcher\Application Data\Mozilla\Firefox\Profiles\n2an8u5v.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.364:C:\Documents and Settings\William Bratcher\Application

Data\Mozilla\Firefox\Profiles\n2an8u5v.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.375:C:\Documents and Settings\William Bratcher\Application Data\Mozilla\Firefox\Profiles\n2an8u5v.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.376:C:\Documents and Settings\William Bratcher\Application Data\Mozilla\Firefox\Profiles\n2an8u5v.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.377:C:\Documents and Settings\William Bratcher\Application Data\Mozilla\Firefox\Profiles\n2an8u5v.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned with backup
:mozilla.389:C:\Documents and Settings\William Bratcher\Application Data\Mozilla\Firefox\Profiles\n2an8u5v.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned with backup
:mozilla.449:C:\Documents and Settings\William Bratcher\Application Data\Mozilla\Firefox\Profiles\n2an8u5v.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.450:C:\Documents and Settings\William Bratcher\Application Data\Mozilla\Firefox\Profiles\n2an8u5v.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.451:C:\Documents and Settings\William Bratcher\Application Data\Mozilla\Firefox\Profiles\n2an8u5v.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.452:C:\Documents and Settings\William Bratcher\Application Data\Mozilla\Firefox\Profiles\n2an8u5v.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.453:C:\Documents and Settings\William Bratcher\Application Data\Mozilla\Firefox\Profiles\n2an8u5v.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.454:C:\Documents and Settings\William Bratcher\Application Data\Mozilla\Firefox\Profiles\n2an8u5v.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.455:C:\Documents and Settings\William Bratcher\Application Data\Mozilla\Firefox\Profiles\n2an8u5v.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.472:C:\Documents and Settings\William Bratcher\Application Data\Mozilla\Firefox\Profiles\n2an8u5v.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned with backup
:mozilla.56:C:\Documents and Settings\William Bratcher\Application Data\Mozilla\Firefox\Profiles\xc83unhz.Default User\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.57:C:\Documents and Settings\William Bratcher\Application Data\Mozilla\Firefox\Profiles\xc83unhz.Default User\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.58:C:\Documents and Settings\William Bratcher\Application Data\Mozilla\Firefox\Profiles\xc83unhz.Default User\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.65:C:\Documents and Settings\William Bratcher\Application Data\Mozilla\Firefox\Profiles\xc83unhz.Default User\cookies.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.67:C:\Documents and Settings\William Bratcher\Application Data\Mozilla\Firefox\Profiles\xc83unhz.Default User\cookies.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.81:C:\Documents and Settings\William Bratcher\Application Data\Mozilla\Firefox\Profiles\xc83unhz.Default User\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.82:C:\Documents and Settings\William Bratcher\Application Data\Mozilla\Firefox\Profiles\xc83unhz.Default User\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.83:C:\Documents and Settings\William Bratcher\Application Data\Mozilla\Firefox\Profiles\xc83unhz.Default User\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
C:\Documents and Settings\William Bratcher\Cookies\william bratcher@advertising[1].txt -> TrackingCookie.Advertising : Cleaned with backup
C:\Documents and Settings\William Bratcher\Cookies\william bratcher@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup
C:\Documents and Settings\William Bratcher\Cookies\william bratcher@doubleclick[2].txt -> TrackingCookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\William Bratcher\Local Settings\Temp\pspv.exe -> Not-A-Virus.PSWTool.Win32.PassView.a : Cleaned with backup
C:\install.htm -> Not-A-Virus.Exploit.DialogArg : Cleaned with backup
C:\Program Files\Aprps -> Adware.Apropos : Cleaned with backup
C:\Program Files\Aprps\ace.dll -> Adware.Apropos : Cleaned with backup
C:\Program Files\Aprps\AI_16-08-2005.log -> Adware.Apropos : Cleaned with backup
C:\Program Files\Aprps\AI_17-08-2005.log -> Adware.Apropos : Cleaned with backup
C:\Program Files\Aprps\AI_18-08-2005.log -> Adware.Apropos : Cleaned with backup
C:\Program Files\Aprps\AI_19-08-2005.log -> Adware.Apropos : Cleaned with backup
C:\Program Files\Aprps\AI_20-08-2005.log -> Adware.Apropos : Cleaned with backup
C:\Program Files\Aprps\AI_21-08-2005.log -> Adware.Apropos : Cleaned with backup
C:\Program Files\Aprps\AI_22-08-2005.log -> Adware.Apropos : Cleaned with backup
C:\Program Files\Aprps\atl.dll -> Adware.Apropos : Cleaned with backup
C:\Program Files\Aprps\CxtPls.dll -> Adware.Apropos : Cleaned with backup
C:\Program Files\Aprps\CxtPls.exe -> Adware.Apropos : Cleaned with backup

zbratch1 · 2006/04/27

... and finally ...

C:\Program Files\Aprps\libexpat.dll -> Adware.Apropos : Cleaned with backup
C:\Program Files\Aprps\ProxyStub.dll -> Adware.Apropos : Cleaned with backup
C:\Program Files\Aprps\uninstaller.exe -> Adware.Apropos : Cleaned with backup
C:\Program Files\Aprps\WinGenerics.dll -> Adware.Apropos : Cleaned with backup
C:\Program Files\Aprps\wmeayl32.dll -> Adware.Apropos : Cleaned with backup
C:\Program Files\BitTornado\wmeayl32.dll -> Trojan.Agent.hh : Cleaned with backup
C:\Program Files\CommonName -> Adware.CommonName : Cleaned with backup
C:\Program Files\CommonName\AddressBar -> Adware.CommonName : Cleaned with backup
C:\Program Files\CommonName\AddressBar\babe.dat -> Adware.CommonName : Cleaned with backup
C:\Program Files\CommonName\AddressBar\cnbabe.dll -> Adware.CommonName : Cleaned with backup
C:\Program Files\CommonName\AddressBar\createbookmark.htm -> Adware.CommonName : Cleaned with backup
C:\Program Files\CommonName\AddressBar\createnote.htm -> Adware.CommonName : Cleaned with backup
C:\Program Files\CommonName\AddressBar\dfs.dat -> Adware.CommonName : Cleaned with backup
C:\Program Files\CommonName\AddressBar\emaillink.htm -> Adware.CommonName : Cleaned with backup
C:\Program Files\CommonName\AddressBar\exit.dat -> Adware.CommonName : Cleaned with backup
C:\Program Files\CommonName\AddressBar\fws.dat -> Adware.CommonName : Cleaned with backup
C:\Program Files\CommonName\AddressBar\navigate.htm -> Adware.CommonName : Cleaned with backup
C:\Program Files\CommonName\AddressBar\rws.dat -> Adware.CommonName : Cleaned with backup
C:\Program Files\CommonName\AddressBar\unins.exe -> Adware.CommonName : Cleaned with backup
C:\Program Files\CommonName\AddressBar\url2.dat -> Adware.CommonName : Cleaned with backup
C:\Program Files\CommonName\AddressBar\url8.dat -> Adware.CommonName : Cleaned with backup
C:\Program Files\CommonName\AddressBar\url9.dat -> Adware.CommonName : Cleaned with backup
C:\Program Files\hijack this\backups\backup-20050823-025351-517.dll -> Adware.VB : Cleaned with backup
C:\Program Files\SurfSideKick 3 -> Adware.SurfSide : Cleaned with backup
C:\Program Files\WinFixer 2005 -> Adware.WinFixer : Cleaned with backup
C:\ra.exe -> Dropper.RDM.a : Cleaned with backup
C:\RECYCLER\S-1-5-21-494673281-2970808526-1443641403-500\Dc1.exe -> Backdoor.Rbot.arw : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP43\A0002167.sys -> Rootkit.Agent.ab : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP45\A0002203.sys -> Rootkit.Agent.ab : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP45\A0002216.sys -> Rootkit.Agent.ab : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP47\A0002252.sys -> Rootkit.Agent.ab : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP50\A0008555.sys -> Rootkit.Agent.ab : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP51\A0008747.sys -> Rootkit.Agent.ab : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP53\A0008779.sys -> Rootkit.Agent.ab : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP56\A0008920.exe -> Backdoor.SdBot.aad : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP56\A0008921.sys -> Rootkit.Agent.ab : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP59\A0010223.sys -> Rootkit.Agent.ab : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP60\A0010250.sys -> Rootkit.Agent.ab : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP60\A0010270.sys -> Rootkit.Agent.ab : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP60\A0010290.sys -> Rootkit.Agent.ab : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP61\A0010319.sys -> Rootkit.Agent.ab : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP62\A0010334.sys -> Rootkit.Agent.ab : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP62\A0010347.sys -> Rootkit.Agent.ab : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP63\A0010379.sys -> Rootkit.Agent.ab : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP65\A0010411.sys -> Rootkit.Agent.ab : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP66\A0010436.sys -> Rootkit.Agent.ab : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP66\A0010461.sys -> Rootkit.Agent.ab : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP66\A0010775.sys -> Rootkit.Agent.ab : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP66\A0010822.sys -> Rootkit.Agent.ab : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP67\A0010899.sys -> Rootkit.Agent.ab : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP67\A0010913.sys -> Rootkit.Agent.ab : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP68\A0010935.sys -> Rootkit.Agent.ab : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP69\A0010982.sys -> Rootkit.Agent.ab : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP69\A0011002.sys -> Rootkit.Agent.ab : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP70\A0011072.sys -> Rootkit.Agent.ab : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP70\A0011080.sys -> Rootkit.Agent.ab : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP72\A0011161.sys -> Rootkit.Agent.ab : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP73\A0011300.sys -> Rootkit.Agent.ab : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP74\A0011317.sys -> Rootkit.Agent.ab : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP74\A0011334.sys -> Rootkit.Agent.ab : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP75\A0011367.sys -> Rootkit.Agent.ab : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP76\A0011388.sys -> Rootkit.Agent.ab : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP77\A0011402.sys -> Rootkit.Agent.ab : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP77\A0011422.sys -> Rootkit.Agent.ab : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP79\A0011454.sys -> Rootkit.Agent.ab : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP79\A0011518.sys -> Rootkit.Agent.ab : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP80\A0011553.sys -> Rootkit.Agent.ab : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP80\A0011560.sys -> Rootkit.Agent.ab : Cleaned with backup
C:\WINDOWS\bar.exe -> Adware.IeSearchBar : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\UWFX5LP_0001_0715NetInstaller.exe -> Not-A-Virus.Downloader.Win32.Agent.e : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\CONFLICT.2\UWFX5LP_0001_0715NetInstaller.exe -> Not-A-Virus.Downloader.Win32.Agent.e : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\UWA6P_0001_N73M1004NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.f : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\UWFX5LP_0001_0715NetInstaller.exe -> Not-A-Virus.Downloader.Win32.Agent.e : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\UWFX5LP_0001_0721NetInstaller.exe -> Not-A-Virus.Downloader.Win32.Agent.c : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\UWFX5LP_0001_0802NetInstaller.exe -> Not-A-Virus.Downloader.Win32.Agent.c : Cleaned with backup
C:\WINDOWS\nvidGUIv.exe -> Backdoor.SdBot.aad : Cleaned with backup
C:\WINDOWS\scvhost.exe -> Backdoor.Aimbot.ch : Cleaned with backup
C:\WINDOWS\SYSTEM32\AdmDll.dll -> Backdoor.RAdmin.s : Cleaned with backup
C:\WINDOWS\SYSTEM32\BO2802040128.exe -> Adware.VirtualBouncer : Cleaned with backup
C:\WINDOWS\SYSTEM32\remon.sys -> Rootkit.Agent.ab : Cleaned with backup
C:\WINDOWS\SYSTEM32\r_server.exe -> Backdoor.RAdmin.j : Cleaned with backup
C:\WINDOWS\SYSTEM32\setup_00147.exe -> Backdoor.SdBot.aad : Cleaned with backup
C:\WINDOWS\SYSTEM32\setup_00276.exe -> Backdoor.SdBot.aad : Cleaned with backup
C:\WINDOWS\SYSTEM32\setup_06052.exe -> Backdoor.SdBot.aad : Cleaned with backup
C:\WINDOWS\SYSTEM32\setup_10661.exe -> Backdoor.SdBot.aad : Cleaned with backup
C:\WINDOWS\SYSTEM32\setup_14572.exe -> Backdoor.SdBot.aad : Cleaned with backup
C:\WINDOWS\SYSTEM32\setup_15828.exe -> Backdoor.SdBot.aad : Cleaned with backup
C:\WINDOWS\SYSTEM32\setup_21678.exe -> Backdoor.SdBot.aad : Cleaned with backup
C:\WINDOWS\SYSTEM32\setup_23085.exe -> Backdoor.SdBot.aad : Cleaned with backup
C:\WINDOWS\SYSTEM32\setup_25827.exe -> Backdoor.SdBot.aad : Cleaned with backup
C:\WINDOWS\SYSTEM32\setup_26228.exe -> Backdoor.SdBot.aad : Cleaned with backup
C:\WINDOWS\SYSTEM32\setup_36464.exe -> Backdoor.SdBot.aad : Cleaned with backup
C:\WINDOWS\SYSTEM32\setup_37253.exe -> Backdoor.SdBot.aad : Cleaned with backup
C:\WINDOWS\SYSTEM32\setup_37847.exe -> Backdoor.SdBot.aad : Cleaned with backup
C:\WINDOWS\SYSTEM32\setup_40741.exe -> Backdoor.SdBot.aad : Cleaned with backup
C:\WINDOWS\SYSTEM32\setup_47751.exe -> Backdoor.SdBot.aad : Cleaned with backup
C:\WINDOWS\SYSTEM32\setup_57183.exe -> Backdoor.SdBot.aad : Cleaned with backup
C:\WINDOWS\SYSTEM32\setup_64861.exe -> Backdoor.SdBot.aad : Cleaned with backup
C:\WINDOWS\SYSTEM32\setup_66462.exe -> Backdoor.SdBot.aad : Cleaned with backup
C:\WINDOWS\SYSTEM32\setup_67843.exe -> Backdoor.SdBot.aad : Cleaned with backup
C:\WINDOWS\SYSTEM32\setup_71321.exe -> Backdoor.SdBot.aad : Cleaned with backup
C:\WINDOWS\SYSTEM32\setup_74542.exe -> Backdoor.SdBot.aad : Cleaned with backup
C:\WINDOWS\SYSTEM32\setup_77471.exe -> Backdoor.SdBot.aad : Cleaned with backup
C:\WINDOWS\SYSTEM32\setup_78618.exe -> Backdoor.SdBot.aad : Cleaned with backup
C:\WINDOWS\SYSTEM32\setup_81385.exe -> Backdoor.SdBot.aad : Cleaned with backup
C:\WINDOWS\SYSTEM32\setup_83508.exe -> Backdoor.SdBot.aad : Cleaned with backup
C:\WINDOWS\SYSTEM32\twain32.dll -> Not-A-Virus.Hoax.Win32.Renos.cu : Cleaned with backup
C:\WINDOWS\SYSTEM32\winmp.dll -> Backdoor.Afcore.cm : Cleaned with backup

::Report End

PeteC · 2006/04/27

Wow - you sure had a whole bunch of nasties on your computer That is one of the longest logs I've seen.

You ran Ewido after you scanned with HJT and a lot of spyware/malware was removed and the HJT log is not representative of your system at the present time, so would you please run another HJT scan in Safe Mode and post here.

Ewido found infections in System Restore - please turn this off until your system is seen to be clean. Otherwise if you had to restore your system you would also restore the bad guys.

It would seem that you have very little protection against malware/spyware. Is your MacAfee up to date with the virus definitions and which firewall are you running and is it turned on?

To prevent further infection on this scale I suggest you ....

Download Windows Defender - this provides real time protection against spyware/malware, autoscans and autoupdates.

Download and immediately update SpywareBlaster 3.5 and enable all protection - this provides permanent protection against several thousand baddies.

Additionally you might like to download Spybot and Ad-Aware SE through Quicklinks in my signature, update them and run them. These are on demand scanners and should be run occasionally as a backup/doublecheck on the two above. In Spybot hit the Immunize button followed by the green immunise + to enable some permanent protection.

zbratch1 · 2006/04/27

Thanks for your prompt help; I sincerely appreciate it.

Here's my HJT logfile after rebooting in Safe Mode:

Logfile of HijackThis v1.99.1
Scan saved at 5:57:01 PM, on 4/27/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\hijack this\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.hotmail.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://download.microsoft.com/download/OfficeXPStandard/SP/oxpsp1/W98NT42KMeXP/EN-US/Oxpsp1.exe
O2 - BHO: Nothing - {b0398eca-0bcd-4645-8261-5e9dc70248d0} - C:\WINDOWS\System32\hp54CB.tmp
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [MCAgentExe] C:\Program Files\McAfee.com\Agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe "
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkId=39204&clcid=0x409
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.yorkphoto.com/YorkActivia.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/2070af3b183ecd767302/netzip/RdxIE601.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1141614476375
O16 - DPF: {72D59B9C-1E59-4958-803A-ABDEE2D4CFA6} - http://download.divx.com/player/DivXPlayerInstaller.exe
O16 - DPF: {A1A961DA-2BA6-4032-859E-01AC35357163} (One2One Viewer) - http://www.one2one.com/static/class/one2one.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab27513.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Loading Outpost Connections (KDE) - Unknown owner - C:\WINDOWS\system32\cmdtel.exe (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Local Security Authority Subsystem Service (lsass) - Unknown owner - C:\WINDOWS\scvhost.exe (file missing)
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Mcafee.com Corporation - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: nvidGUIv (nvidGUIv2) - Unknown owner - C:\WINDOWS\nvidGUIv.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Remote Administrator Service (r_server) - Unknown owner - C:\WINDOWS\system32\R_SERVER.EXE" /service (file missing)
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

PeteC · 2006/04/27

Boot into safe mode, navigate to C:\WINDOWS\System32\and try to locate this file ....

hp54CB.tmp and delete it - you may need to enable 'Show hidden files and folders' under Tools > Folder Options View.

Then scan again wit HJT and put a check mark against these items if still present and hit Fix Selected.

O2 - BHO: Nothing - {b0398eca-0bcd-4645-8261-5e9dc70248d0} - C:\WINDOWS\System32\hp54CB.tmp
O23 - Service: Loading Outpost Connections (KDE) - Unknown owner - C:\WINDOWS\system32\cmdtel.exe (file missing)
O23 - Service: Local Security Authority Subsystem Service (lsass) - Unknown owner - C:\WINDOWS\scvhost.exe (file missing)
O23 - Service: nvidGUIv (nvidGUIv2) - Unknown owner - C:\WINDOWS\nvidGUIv.exe (file missing)
O23 - Service: Remote Administrator Service (r_server) - Unknown owner - C:\WINDOWS\system32\R_SERVER.EXE" /service (file missing)

Reboot to Normal Mode, scan again with HJT and post another log.

How is the computer running now? Past midnight here - I'll catch up in the morning

zbratch1 · 2006/04/27

Some of the adds continue popping up, but most of them are gone. Not sure if that's any help.

I followed your instructions; here's the HJT logfile:

Logfile of HijackThis v1.99.1
Scan saved at 7:43:22 PM, on 4/27/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wuauclt.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\System32\atmclk.exe
C:\WINDOWS\System32\dcomcfg.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\WINDOWS\system32\ezSP_Px.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\hijack this\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.hotmail.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://download.microsoft.com/download/OfficeXPStandard/SP/oxpsp1/W98NT42KMeXP/EN-US/Oxpsp1.exe
O2 - BHO: Nothing - {b0398eca-0bcd-4645-8261-5e9dc70248d0} - C:\WINDOWS\System32\hpA895.tmp
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [MCAgentExe] C:\Program Files\McAfee.com\Agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe "
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkId=39204&clcid=0x409
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.yorkphoto.com/YorkActivia.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/2070af3b183ecd767302/netzip/RdxIE601.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1141614476375
O16 - DPF: {72D59B9C-1E59-4958-803A-ABDEE2D4CFA6} - http://download.divx.com/player/DivXPlayerInstaller.exe
O16 - DPF: {A1A961DA-2BA6-4032-859E-01AC35357163} (One2One Viewer) - http://www.one2one.com/static/class/one2one.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab27513.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Loading Outpost Connections (KDE) - Unknown owner - C:\WINDOWS\system32\cmdtel.exe (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Local Security Authority Subsystem Service (lsass) - Unknown owner - C:\WINDOWS\scvhost.exe (file missing)
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Mcafee.com Corporation - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: nvidGUIv (nvidGUIv2) - Unknown owner - C:\WINDOWS\nvidGUIv.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Remote Administrator Service (r_server) - Unknown owner - C:\WINDOWS\system32\R_SERVER.EXE" /service (file missing)
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

PeteC · 2006/04/28

I see that these lines have reappeared - would you please confirm that you fixed them in HJT? ....

O23 - Service: Loading Outpost Connections (KDE) - Unknown owner - C:\WINDOWS\system32\cmdtel.exe (file missing)
O23 - Service: Local Security Authority Subsystem Service (lsass) - Unknown owner - C:\WINDOWS\scvhost.exe (file missing)
O23 - Service: nvidGUIv (nvidGUIv2) - Unknown owner - C:\WINDOWS\nvidGUIv.exe (file missing)
O23 - Service: Remote Administrator Service (r_server) - Unknown owner - C:\WINDOWS\system32\R_SERVER.EXE" /service (file missing)
O2 - BHO: Nothing - {b0398eca-0bcd-4645-8261-5e9dc70248d0} - C:\WINDOWS\System32\hpA895.tmp

I have no idea what the BHO is and nor does Google - in Internet Explorer go Tools > Manage Add-ons and disable it if present - post what you found, please.

Some of the adds you see may be harmless - are they offensive in any way and do you have a popup stopper running? Internet Explorer > Tools > Internet Options > Privacy - is the popup blocker checked?

zbratch1 · 2006/04/29

The adds are still popping up, and they could probably best be described as mildly offensive. All in all, they're just annoying.

I'm a Mozilla Firefox user, but the section "Manage Add-Ons" in the Tools section of Internet Explorer isn't even there. Neither is the pop-up blocker of the Tools > Internet Options. This may be because I don't have an updated version of Internet Explorer; I'm not really sure. However, something called Safety Defender has taken over as the IE homepage (something I'm assuming is the result of the virus).

I have fixed everything from the HJT File that you said, but I guess they still keep coming back.

Here's the logfile:

Logfile of HijackThis v1.99.1
Scan saved at 2:26:02 PM, on 4/29/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\nvidGUIv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\System32\atmclk.exe
C:\WINDOWS\System32\dcomcfg.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\WINDOWS\system32\ezSP_Px.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\System32\msiexec.exe
C:\Program Files\hijack this\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.hotmail.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://download.microsoft.com/download/OfficeXPStandard/SP/oxpsp1/W98NT42KMeXP/EN-US/Oxpsp1.exe
O2 - BHO: (no name) - {b0398eca-0bcd-4645-8261-5e9dc70248d0} - C:\WINDOWS\System32\hpB75A.tmp
O3 - Toolbar: SecurityToolbar - {736b5468-bdad-41be-92d0-22ae2ddf7bcb} - C:\Program Files\Security Toolbar\Security Toolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [MCAgentExe] C:\Program Files\McAfee.com\Agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe "
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkId=39204&clcid=0x409
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.yorkphoto.com/YorkActivia.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/2070af3b183ecd767302/netzip/RdxIE601.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1141614476375
O16 - DPF: {72D59B9C-1E59-4958-803A-ABDEE2D4CFA6} - http://download.divx.com/player/DivXPlayerInstaller.exe
O16 - DPF: {A1A961DA-2BA6-4032-859E-01AC35357163} (One2One Viewer) - http://www.one2one.com/static/class/one2one.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab27513.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Loading Outpost Connections (KDE) - Unknown owner - C:\WINDOWS\system32\cmdtel.exe (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Local Security Authority Subsystem Service (lsass) - Unknown owner - C:\WINDOWS\scvhost.exe (file missing)
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Mcafee.com Corporation - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: nvidGUIv (nvidGUIv2) - Unknown owner - C:\WINDOWS\nvidGUIv.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Remote Administrator Service (r_server) - Unknown owner - C:\WINDOWS\system32\R_SERVER.EXE" /service (file missing)
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

PeteC · 2006/04/29

You don't have the lasest version of IE, that's why you are not seeing Manage Add-ons, etc. No worry you have given me the lead in solving this problem by mentioning Safety Defender It explains why this line keeps on coming back ....

O2 - BHO: (no name) - {b0398eca-0bcd-4645-8261-5e9dc70248d0} - C:\WINDOWS\System32\hpB75A.tmp

Please download SmitfraudFix and extract to a folder named SmitfraudFix to your Desktop.

Open the SmitfraudFix folder and double-click smitfraudfix.cmd

Select option #1 - Search by typing 1 and press "Enter "; a text file will appear, which lists infected files (if present).

Copy and paste the report here.

zbratch1 · 2006/04/29

Here's the SmitfraudFix list:

SmitFraudFix v2.37

Scan done at 15:52:46.56, Sat 04/29/2006
Run from C:\Documents and Settings\William Bratcher\Desktop\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600]

»»»»»»»»»»»»»»»»»»»»»»»» C:\

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

C:\WINDOWS\system32\atmclk.exe FOUND !
C:\WINDOWS\system32\birdihuy.dll FOUND !
C:\WINDOWS\system32\dcomcfg.exe FOUND !
C:\WINDOWS\system32\dxole32.exe FOUND !
C:\WINDOWS\system32\hp????.tmp FOUND !
C:\WINDOWS\system32\ld????.tmp FOUND !
C:\WINDOWS\system32\ot.ico FOUND !
C:\WINDOWS\system32\simpole.tlb FOUND !
C:\WINDOWS\system32\stdole3.tlb FOUND !
C:\WINDOWS\system32\ts.ico FOUND !
C:\WINDOWS\system32\vxgamet?.exe FOUND !
C:\WINDOWS\system32\ztoolbar.bmp FOUND !
C:\WINDOWS\system32\ztoolbar.xml FOUND !
C:\WINDOWS\system32\1024\ FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\William Bratcher\Application Data

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\WILLIA~1\FAVORI~1

C:\DOCUME~1\WILLIA~1\FAVORI~1\Antivirus Test Online.url FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Desktop

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

C:\Program Files\Security Toolbar\ FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys

»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source "=" "
"SubscribedURL "= "About:Home "
"FriendlyName "= "My Current Home Page "

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!! Attention, follow keys are not inevitably infected !!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{F33812FB-F35C-4674-90F6-FD757C419C51} "= "DDE "

[HKEY_CLASSES_ROOT\CLSID\{F33812FB-F35C-4674-90F6-FD757C419C51}\InProcServer32]
@= "C:\WINDOWS\system32\birdihuy32.dll "

[HKEY_CURRENT_USER\Software\Classes\CLSID\{F33812FB-F35C-4674-90F6-FD757C419C51}\InProcServer32]
@= "C:\WINDOWS\system32\birdihuy32.dll "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{CA14EE13-ED15-C4A2-17FF-DA4D15C1BC5E} "= "Twain "

[HKEY_CLASSES_ROOT\CLSID\{CA14EE13-ED15-C4A2-17FF-DA4D15C1BC5E}\InProcServer32]
@= "C:\WINDOWS\System32\twain32.dll "

[HKEY_CURRENT_USER\Software\Classes\CLSID\{CA14EE13-ED15-C4A2-17FF-DA4D15C1BC5E}\InProcServer32]
@= "C:\WINDOWS\System32\twain32.dll "

»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection

»»»»»»»»»»»»»»»»»»»»»»»» End

PeteC · 2006/04/29

Fine ....

You may like to print out these instructions as you will be unable to connect to the Internet to read them while in Safe Mode.

You have Ewido installed, you will need to run a scan later.

Boot into Safe Mode and log onto your usual account.

In Safe Mode, open the SmitfraudFix folder again and double-click smitfraudfix.cmd

Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

You will be prompted : "Registry cleaning - Do you want to clean the registry ? "; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

[HKEY_CLASSES_ROOT\CLSID\{F33812FB-F35C-4674-90F6-FD757C419C51}\InProcServer32]
@= "C:\WINDOWS\system32\birdihuy32.dll "

[HKEY_CURRENT_USER\Software\Classes\CLSID\{F33812FB -F35C-4674-90F6-FD757C419C51}\InProcServer32]
@= "C:\WINDOWS\system32\birdihuy32.dll "

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter ".

The tool may need to restart your computer to finish the cleaning process. A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report here in your next post

After SmitfraudFix finishes - reboot if required into Safe Mode - and run a full system scan.

If ewido finds anything select "clean" and check the boxes "Perform action with all infections" and "Create encrypted backup" before clicking on OK.

When the scan is finished, click the Save report button at the bottom of the screen.

Save the report to your desktop and close Ewido.

Reboot into Normal Mode and post the contents of the SmitfraudFix log located at C:\rapport.txt into this thread, and the Ewido report and a new HijackThis log.

zbratch1 · 2006/05/01

Here is the SmitfraudFix log:

SmitFraudFix v2.37

Scan done at 10:01:55.89, Mon 05/01/2006
Run from C:\Documents and Settings\William Bratcher\Desktop\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600]

»»»»»»»»»»»»»»»»»»»»»»»» Killing process

»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\WINDOWS\system32\atmclk.exe Deleted
C:\WINDOWS\system32\birdihuy.dll Deleted
C:\WINDOWS\system32\dcomcfg.exe Deleted
C:\WINDOWS\system32\dxole32.exe Deleted
C:\WINDOWS\system32\hp????.tmp Deleted
C:\WINDOWS\system32\ld????.tmp Deleted
C:\WINDOWS\system32\ot.ico Deleted
C:\WINDOWS\system32\simpole.tlb Deleted
C:\WINDOWS\system32\stdole3.tlb Deleted
C:\WINDOWS\system32\ts.ico Deleted
C:\WINDOWS\system32\vxgamet?.exe Deleted
C:\WINDOWS\system32\ztoolbar.bmp Deleted
C:\WINDOWS\system32\ztoolbar.xml Deleted
C:\WINDOWS\system32\1024\ Deleted
C:\DOCUME~1\WILLIA~1\FAVORI~1\Antivirus Test Online.url Deleted
C:\Program Files\Security Toolbar\ Deleted

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» End

zbratch1 · 2006/05/01

Here is the HJT logfile:

Logfile of HijackThis v1.99.1
Scan saved at 12:33:53 PM, on 5/1/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\WINDOWS\system32\ezSP_Px.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
C:\Program Files\Webshots\webshots.scr
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\hijack this\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.hotmail.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://download.microsoft.com/download/OfficeXPStandard/SP/oxpsp1/W98NT42KMeXP/EN-US/Oxpsp1.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [MCAgentExe] C:\Program Files\McAfee.com\Agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe "
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkId=39204&clcid=0x409
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.yorkphoto.com/YorkActivia.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/2070af3b183ecd767302/netzip/RdxIE601.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1141614476375
O16 - DPF: {72D59B9C-1E59-4958-803A-ABDEE2D4CFA6} - http://download.divx.com/player/DivXPlayerInstaller.exe
O16 - DPF: {A1A961DA-2BA6-4032-859E-01AC35357163} (One2One Viewer) - http://www.one2one.com/static/class/one2one.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab27513.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Loading Outpost Connections (KDE) - Unknown owner - C:\WINDOWS\system32\cmdtel.exe (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Local Security Authority Subsystem Service (lsass) - Unknown owner - C:\WINDOWS\scvhost.exe (file missing)
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Mcafee.com Corporation - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: nvidGUIv (nvidGUIv2) - Unknown owner - C:\WINDOWS\nvidGUIv.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Remote Administrator Service (r_server) - Unknown owner - C:\WINDOWS\system32\R_SERVER.EXE" /service (file missing)
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

zbratch1 · 2006/05/01

Here's Part 1 of the Ewido report:

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 12:21:32 PM, 5/1/2006
+ Report-Checksum: 6B08463E

+ Scan result:

:mozilla.8:C:\Documents and Settings\William Bratcher\Application Data\Mozilla\Firefox\Profiles\n2an8u5v.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.9:C:\Documents and Settings\William Bratcher\Application Data\Mozilla\Firefox\Profiles\n2an8u5v.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.10:C:\Documents and Settings\William Bratcher\Application Data\Mozilla\Firefox\Profiles\n2an8u5v.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.11:C:\Documents and Settings\William Bratcher\Application Data\Mozilla\Firefox\Profiles\n2an8u5v.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.12:C:\Documents and Settings\William Bratcher\Application Data\Mozilla\Firefox\Profiles\n2an8u5v.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.13:C:\Documents and Settings\William Bratcher\Application Data\Mozilla\Firefox\Profiles\n2an8u5v.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.43:C:\Documents and Settings\William Bratcher\Application Data\Mozilla\Firefox\Profiles\n2an8u5v.default\cookies.txt -> TrackingCookie.Coremetrics : Cleaned with backup
:mozilla.57:C:\Documents and Settings\William Bratcher\Application Data\Mozilla\Firefox\Profiles\n2an8u5v.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.60:C:\Documents and Settings\William Bratcher\Application Data\Mozilla\Firefox\Profiles\n2an8u5v.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.61:C:\Documents and Settings\William Bratcher\Application Data\Mozilla\Firefox\Profiles\n2an8u5v.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.62:C:\Documents and Settings\William Bratcher\Application Data\Mozilla\Firefox\Profiles\n2an8u5v.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.63:C:\Documents and Settings\William Bratcher\Application Data\Mozilla\Firefox\Profiles\n2an8u5v.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.70:C:\Documents and Settings\William Bratcher\Application Data\Mozilla\Firefox\Profiles\n2an8u5v.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.71:C:\Documents and Settings\William Bratcher\Application Data\Mozilla\Firefox\Profiles\n2an8u5v.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.72:C:\Documents and Settings\William Bratcher\Application Data\Mozilla\Firefox\Profiles\n2an8u5v.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.73:C:\Documents and Settings\William Bratcher\Application Data\Mozilla\Firefox\Profiles\n2an8u5v.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.74:C:\Documents and Settings\William Bratcher\Application Data\Mozilla\Firefox\Profiles\n2an8u5v.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.75:C:\Documents and Settings\William Bratcher\Application Data\Mozilla\Firefox\Profiles\n2an8u5v.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.76:C:\Documents and Settings\William Bratcher\Application Data\Mozilla\Firefox\Profiles\n2an8u5v.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.77:C:\Documents and Settings\William Bratcher\Application Data\Mozilla\Firefox\Profiles\n2an8u5v.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.79:C:\Documents and Settings\William Bratcher\Application Data\Mozilla\Firefox\Profiles\n2an8u5v.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.101:C:\Documents and Settings\William Bratcher\Application Data\Mozilla\Firefox\Profiles\n2an8u5v.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.102:C:\Documents and Settings\William Bratcher\Application Data\Mozilla\Firefox\Profiles\n2an8u5v.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.103:C:\Documents and Settings\William Bratcher\Application Data\Mozilla\Firefox\Profiles\n2an8u5v.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.104:C:\Documents and Settings\William Bratcher\Application Data\Mozilla\Firefox\Profiles\n2an8u5v.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.105:C:\Documents and Settings\William Bratcher\Application Data\Mozilla\Firefox\Profiles\n2an8u5v.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.106:C:\Documents and Settings\William Bratcher\Application Data\Mozilla\Firefox\Profiles\n2an8u5v.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.107:C:\Documents and Settings\William Bratcher\Application Data\Mozilla\Firefox\Profiles\n2an8u5v.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.108:C:\Documents and Settings\William Bratcher\Application Data\Mozilla\Firefox\Profiles\n2an8u5v.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.109:C:\Documents and Settings\William Bratcher\Application Data\Mozilla\Firefox\Profiles\n2an8u5v.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.110:C:\Documents and Settings\William Bratcher\Application Data\Mozilla\Firefox\Profiles\n2an8u5v.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.111:C:\Documents and Settings\William Bratcher\Application Data\Mozilla\Firefox\Profiles\n2an8u5v.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.112:C:\Documents and Settings\William Bratcher\Application Data\Mozilla\Firefox\Profiles\n2an8u5v.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.113:C:\Documents and Settings\William Bratcher\Application Data\Mozilla\Firefox\Profiles\n2an8u5v.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.129:C:\Documents and Settings\William Bratcher\Application Data\Mozilla\Firefox\Profiles\n2an8u5v.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.130:C:\Documents and Settings\William Bratcher\Application Data\Mozilla\Firefox\Profiles\n2an8u5v.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.131:C:\Documents and Settings\William Bratcher\Application Data\Mozilla\Firefox\Profiles\n2an8u5v.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.132:C:\Documents and Settings\William Bratcher\Application Data\Mozilla\Firefox\Profiles\n2an8u5v.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.133:C:\Documents and Settings\William Bratcher\Application Data\Mozilla\Firefox\Profiles\n2an8u5v.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.134:C:\Documents and Settings\William Bratcher\Application Data\Mozilla\Firefox\Profiles\n2an8u5v.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.135:C:\Documents and Settings\William Bratcher\Application Data\Mozilla\Firefox\Profiles\n2an8u5v.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.136:C:\Documents and Settings\William Bratcher\Application Data\Mozilla\Firefox\Profiles\n2an8u5v.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.137:C:\Documents and Settings\William Bratcher\Application Data\Mozilla\Firefox\Profiles\n2an8u5v.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.139:C:\Documents and Settings\William Bratcher\Application Data\Mozilla\Firefox\Profiles\n2an8u5v.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.140:C:\Documents and Settings\William Bratcher\Application Data\Mozilla\Firefox\Profiles\n2an8u5v.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.141:C:\Documents and Settings\William Bratcher\Application Data\Mozilla\Firefox\Profiles\n2an8u5v.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.143:C:\Documents and Settings\William Bratcher\Application Data\Mozilla\Firefox\Profiles\n2an8u5v.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.144:C:\Documents and Settings\William Bratcher\Application Data\Mozilla\Firefox\Profiles\n2an8u5v.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.147:C:\Documents and Settings\William Bratcher\Application Data\Mozilla\Firefox\Profiles\n2an8u5v.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.148:C:\Documents and Settings\William Bratcher\Application Data\Mozilla\Firefox\Profiles\n2an8u5v.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.149:C:\Documents and Settings\William Bratcher\Application Data\Mozilla\Firefox\Profiles\n2an8u5v.default\cookies.txt -> TrackingCookie.Addynamix : Cleaned with backup
:mozilla.150:C:\Documents and Settings\William Bratcher\Application Data\Mozilla\Firefox\Profiles\n2an8u5v.default\cookies.txt -> TrackingCookie.Addynamix : Cleaned with backup
:mozilla.159:C:\Documents and Settings\William Bratcher\Application Data\Mozilla\Firefox\Profiles\n2an8u5v.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.160:C:\Documents and Settings\William Bratcher\Application Data\Mozilla\Firefox\Profiles\n2an8u5v.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.161:C:\Documents and Settings\William Bratcher\Application Data\Mozilla\Firefox\Profiles\n2an8u5v.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.162:C:\Documents and Settings\William Bratcher\Application Data\Mozilla\Firefox\Profiles\n2an8u5v.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.163:C:\Documents and Settings\William Bratcher\Application Data\Mozilla\Firefox\Profiles\n2an8u5v.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.164:C:\Documents and Settings\William Bratcher\Application Data\Mozilla\Firefox\Profiles\n2an8u5v.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.165:C:\Documents and Settings\William Bratcher\Application Data\Mozilla\Firefox\Profiles\n2an8u5v.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.166:C:\Documents and Settings\William Bratcher\Application Data\Mozilla\Firefox\Profiles\n2an8u5v.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.167:C:\Documents and Settings\William Bratcher\Application Data\Mozilla\Firefox\Profiles\n2an8u5v.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.168:C:\Documents and Settings\William Bratcher\Application Data\Mozilla\Firefox\Profiles\n2an8u5v.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.188:C:\Documents and Settings\William Bratcher\Application Data\Mozilla\Firefox\Profiles\n2an8u5v.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.189:C:\Documents and Settings\William Bratcher\Application Data\Mozilla\Firefox\Profiles\n2an8u5v.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.190:C:\Documents and Settings\William Bratcher\Application Data\Mozilla\Firefox\Profiles\n2an8u5v.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.191:C:\Documents and Settings\William Bratcher\Application Data\Mozilla\Firefox\Profiles\n2an8u5v.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.192:C:\Documents and Settings\William Bratcher\Application Data\Mozilla\Firefox\Profiles\n2an8u5v.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.193:C:\Documents and Settings\William Bratcher\Application Data\Mozilla\Firefox\Profiles\n2an8u5v.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.200:C:\Documents and Settings\William Bratcher\Application Data\Mozilla\Firefox\Profiles\n2an8u5v.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.202:C:\Documents and Settings\William Bratcher\Application Data\Mozilla\Firefox\Profiles\n2an8u5v.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.211:C:\Documents and Settings\William Bratcher\Application Data\Mozilla\Firefox\Profiles\n2an8u5v.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.212:C:\Documents and Settings\William Bratcher\Application Data\Mozilla\Firefox\Profiles\n2an8u5v.default\cookies.txt ->

zbratch1 · 2006/05/01

... and here's Part 2 ...

TrackingCookie.Tacoda : Cleaned with backup
:mozilla.213:C:\Documents and Settings\William Bratcher\Application Data\Mozilla\Firefox\Profiles\n2an8u5v.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.214:C:\Documents and Settings\William Bratcher\Application Data\Mozilla\Firefox\Profiles\n2an8u5v.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.215:C:\Documents and Settings\William Bratcher\Application Data\Mozilla\Firefox\Profiles\n2an8u5v.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.216:C:\Documents and Settings\William Bratcher\Application Data\Mozilla\Firefox\Profiles\n2an8u5v.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.217:C:\Documents and Settings\William Bratcher\Application Data\Mozilla\Firefox\Profiles\n2an8u5v.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.218:C:\Documents and Settings\William Bratcher\Application Data\Mozilla\Firefox\Profiles\n2an8u5v.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.219:C:\Documents and Settings\William Bratcher\Application Data\Mozilla\Firefox\Profiles\n2an8u5v.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.239:C:\Documents and Settings\William Bratcher\Application Data\Mozilla\Firefox\Profiles\n2an8u5v.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.240:C:\Documents and Settings\William Bratcher\Application Data\Mozilla\Firefox\Profiles\n2an8u5v.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.241:C:\Documents and Settings\William Bratcher\Application Data\Mozilla\Firefox\Profiles\n2an8u5v.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.246:C:\Documents and Settings\William Bratcher\Application Data\Mozilla\Firefox\Profiles\n2an8u5v.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.247:C:\Documents and Settings\William Bratcher\Application Data\Mozilla\Firefox\Profiles\n2an8u5v.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.248:C:\Documents and Settings\William Bratcher\Application Data\Mozilla\Firefox\Profiles\n2an8u5v.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.249:C:\Documents and Settings\William Bratcher\Application Data\Mozilla\Firefox\Profiles\n2an8u5v.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.283:C:\Documents and Settings\William Bratcher\Application Data\Mozilla\Firefox\Profiles\n2an8u5v.default\cookies.txt -> TrackingCookie.Bfast : Cleaned with backup
:mozilla.284:C:\Documents and Settings\William Bratcher\Application Data\Mozilla\Firefox\Profiles\n2an8u5v.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
:mozilla.285:C:\Documents and Settings\William Bratcher\Application Data\Mozilla\Firefox\Profiles\n2an8u5v.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
:mozilla.299:C:\Documents and Settings\William Bratcher\Application Data\Mozilla\Firefox\Profiles\n2an8u5v.default\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup
:mozilla.300:C:\Documents and Settings\William Bratcher\Application Data\Mozilla\Firefox\Profiles\n2an8u5v.default\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup
:mozilla.301:C:\Documents and Settings\William Bratcher\Application Data\Mozilla\Firefox\Profiles\n2an8u5v.default\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup
:mozilla.302:C:\Documents and Settings\William Bratcher\Application Data\Mozilla\Firefox\Profiles\n2an8u5v.default\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup
:mozilla.305:C:\Documents and Settings\William Bratcher\Application Data\Mozilla\Firefox\Profiles\n2an8u5v.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup
:mozilla.306:C:\Documents and Settings\William Bratcher\Application Data\Mozilla\Firefox\Profiles\n2an8u5v.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup
:mozilla.307:C:\Documents and Settings\William Bratcher\Application Data\Mozilla\Firefox\Profiles\n2an8u5v.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup
:mozilla.308:C:\Documents and Settings\William Bratcher\Application Data\Mozilla\Firefox\Profiles\n2an8u5v.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup
:mozilla.313:C:\Documents and Settings\William Bratcher\Application Data\Mozilla\Firefox\Profiles\n2an8u5v.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.314:C:\Documents and Settings\William Bratcher\Application Data\Mozilla\Firefox\Profiles\n2an8u5v.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.346:C:\Documents and Settings\William Bratcher\Application Data\Mozilla\Firefox\Profiles\n2an8u5v.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.367:C:\Documents and Settings\William Bratcher\Application Data\Mozilla\Firefox\Profiles\n2an8u5v.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.368:C:\Documents and Settings\William Bratcher\Application Data\Mozilla\Firefox\Profiles\n2an8u5v.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.369:C:\Documents and Settings\William Bratcher\Application Data\Mozilla\Firefox\Profiles\n2an8u5v.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.370:C:\Documents and Settings\William Bratcher\Application Data\Mozilla\Firefox\Profiles\n2an8u5v.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.371:C:\Documents and Settings\William Bratcher\Application Data\Mozilla\Firefox\Profiles\n2an8u5v.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.374:C:\Documents and Settings\William Bratcher\Application Data\Mozilla\Firefox\Profiles\n2an8u5v.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.384:C:\Documents and Settings\William Bratcher\Application Data\Mozilla\Firefox\Profiles\n2an8u5v.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.385:C:\Documents and Settings\William Bratcher\Application Data\Mozilla\Firefox\Profiles\n2an8u5v.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.386:C:\Documents and Settings\William Bratcher\Application Data\Mozilla\Firefox\Profiles\n2an8u5v.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned with backup
:mozilla.398:C:\Documents and Settings\William Bratcher\Application Data\Mozilla\Firefox\Profiles\n2an8u5v.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned with backup
:mozilla.456:C:\Documents and Settings\William Bratcher\Application Data\Mozilla\Firefox\Profiles\n2an8u5v.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.457:C:\Documents and Settings\William Bratcher\Application Data\Mozilla\Firefox\Profiles\n2an8u5v.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.458:C:\Documents and Settings\William Bratcher\Application Data\Mozilla\Firefox\Profiles\n2an8u5v.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.459:C:\Documents and Settings\William Bratcher\Application Data\Mozilla\Firefox\Profiles\n2an8u5v.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.460:C:\Documents and Settings\William Bratcher\Application Data\Mozilla\Firefox\Profiles\n2an8u5v.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.461:C:\Documents and Settings\William Bratcher\Application Data\Mozilla\Firefox\Profiles\n2an8u5v.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.462:C:\Documents and Settings\William Bratcher\Application Data\Mozilla\Firefox\Profiles\n2an8u5v.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.479:C:\Documents and Settings\William Bratcher\Application Data\Mozilla\Firefox\Profiles\n2an8u5v.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned with backup
:mozilla.55:C:\Documents and Settings\William Bratcher\Application Data\Mozilla\Firefox\Profiles\xc83unhz.Default User\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.56:C:\Documents and Settings\William Bratcher\Application Data\Mozilla\Firefox\Profiles\xc83unhz.Default User\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.57:C:\Documents and Settings\William Bratcher\Application Data\Mozilla\Firefox\Profiles\xc83unhz.Default User\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.64:C:\Documents and Settings\William Bratcher\Application Data\Mozilla\Firefox\Profiles\xc83unhz.Default User\cookies.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.66:C:\Documents and Settings\William Bratcher\Application Data\Mozilla\Firefox\Profiles\xc83unhz.Default User\cookies.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.80:C:\Documents and Settings\William Bratcher\Application Data\Mozilla\Firefox\Profiles\xc83unhz.Default User\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.81:C:\Documents and Settings\William Bratcher\Application Data\Mozilla\Firefox\Profiles\xc83unhz.Default User\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.82:C:\Documents and Settings\William Bratcher\Application Data\Mozilla\Firefox\Profiles\xc83unhz.Default User\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
C:\Documents and Settings\William Bratcher\Cookies\william bratcher@advertising[2].txt -> TrackingCookie.Advertising : Cleaned with backup
C:\Documents and Settings\William Bratcher\Cookies\william bratcher@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup
C:\Documents and Settings\William Bratcher\Cookies\william bratcher@doubleclick[2].txt -> TrackingCookie.Doubleclick : Cleaned with backup
C:\WINDOWS\nvidGUIv.exe -> Backdoor.SdBot.aad : Cleaned with backup
C:\WINDOWS\SYSTEM32\remon.sys -> Rootkit.Agent.ab : Cleaned with backup
C:\WINDOWS\SYSTEM32\setup_05523.exe -> Backdoor.SdBot.aad : Cleaned with backup
C:\WINDOWS\SYSTEM32\setup_87418.exe -> Backdoor.SdBot.aad : Cleaned with backup

::Report End

PeteC · 2006/05/01

To my eye your system is now clean, but your System Restore points will still contain the infection. Please turn off System Restore which will clear all the restore points, then turn it back on again. There is no way that you would want to restore your system to an infected state

I am surprised at the number of tracking cookies found again by Ewido - have you installed SpywareBlaster - my post #7 and enabled all protection?

Log in or Sign up

Ad Project virus and others [HJT Log]

zbratch1 Inactive Thread Starter

PeteC SuperGeek Staff

zbratch1 Inactive Thread Starter

zbratch1 Inactive Thread Starter

zbratch1 Inactive Thread Starter

zbratch1 Inactive Thread Starter

PeteC SuperGeek Staff

zbratch1 Inactive Thread Starter

PeteC SuperGeek Staff

zbratch1 Inactive Thread Starter

PeteC SuperGeek Staff

zbratch1 Inactive Thread Starter

PeteC SuperGeek Staff

zbratch1 Inactive Thread Starter

PeteC SuperGeek Staff

zbratch1 Inactive Thread Starter

zbratch1 Inactive Thread Starter

zbratch1 Inactive Thread Starter

zbratch1 Inactive Thread Starter

PeteC SuperGeek Staff

Share This Page

Log in or Sign up

Ad Project virus and others [HJT Log]

zbratch1 Inactive Thread Starter

PeteC SuperGeek Staff

zbratch1 Inactive Thread Starter

zbratch1 Inactive Thread Starter

zbratch1 Inactive Thread Starter

zbratch1 Inactive Thread Starter

PeteC SuperGeek Staff

zbratch1 Inactive Thread Starter

PeteC SuperGeek Staff

zbratch1 Inactive Thread Starter

PeteC SuperGeek Staff

zbratch1 Inactive Thread Starter

PeteC SuperGeek Staff

zbratch1 Inactive Thread Starter

PeteC SuperGeek Staff

zbratch1 Inactive Thread Starter

zbratch1 Inactive Thread Starter

zbratch1 Inactive Thread Starter

zbratch1 Inactive Thread Starter

PeteC SuperGeek Staff

Share This Page

Useful Searches