need help with spyware

tupham102 · Aug 21, 2006

I'm new to this website & I've been reading alot of the threads that's on this. I've downloaded hijackthis & a few other things that's I've read about. Can someone help me with problem, please?
Thanks in advance!!

Here's my HijackThis log:

Logfile of HijackThis v1.99.1
Scan saved at 9:49:13 PM, on 8/21/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Nhksrv.exe
C:\Program Files\Yahoo!\Antivirus\ISafe.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\Ontrack\SYSTEM~1\MXTask.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\ZipToA.exe
C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
C:\WINDOWS\System32\hphmon04.exe
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\Program Files\2Wire\2PortalMon.exe
C:\WINDOWS\System32\WgaTray.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\HjT\HijackThis_v1.99.1.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: TChkBHO Class - {97EA6478-68A0-4239-8A60-7837E12F5D06} - C:\WINDOWS\SYSTEM32\ynoikqy.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: BrowserHelper Class - {EBCDDA60-2A68-11D3-8A43-0060083CFB9C} - C:\WINDOWS\System32\nzdd.dll
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [bwgqtgrj] C:\WINDOWS\System32\wmnmsv.exe
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\System32\hphmon04.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [2wSysTray] C:\Program Files\2Wire\2PortalMon.exe
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\CANONC~1\TEXTBR~1\Bin\REGIST~1.EXE
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Define - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra 'Tools' menuitem: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .mng: c:\program files\internet explorer\PLUGINS\NpHcd32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MTSInstallers/MetaStream3.cab?url=http://www.viewpoint.com/cgi-bin/vet_install_popup.pl?1&04.00.04.03&http://www.thomasvillecabinetry.com/Products/product.asp?DSFID=215
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1155761003250
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} (Yahoo! Photos Easy Upload Tool Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/ydropper/ydropper1_6us.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IomegaAccess - Iomega Corporation - C:\WINDOWS\System32\IomegaAccess.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\WINDOWS\Nhksrv.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\System32\HPHipm11.exe
O23 - Service: SystemSuite Task Manager - Ontrack Data International - C:\PROGRA~1\Ontrack\SYSTEM~1\MXTask.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE
O23 - Service: ZipToA - Iomega Corporation - C:\WINDOWS\System32\ZipToA.exe

Here's my ewido report:

---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 9:41:17 PM 8/21/2006

+ Scan result:

C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll -> Adware.Aws : Cleaned with backup (quarantined).
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2D.tmp -> Adware.BiSpy : Cleaned with backup (quarantined).
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2E.tmp -> Adware.BiSpy : Cleaned with backup (quarantined).
C:\WINDOWS\LastGood\MSView.DLL -> Adware.BiSpy : Cleaned with backup (quarantined).
C:\WINDOWS\LastGood\MSVprep.exe -> Adware.BiSpy : Cleaned with backup (quarantined).
C:\WINDOWS\LastGood\preInsTT.exe -> Adware.BiSpy : Cleaned with backup (quarantined).
C:\WINDOWS\LastGood\twaintec.dll -> Adware.BiSpy : Cleaned with backup (quarantined).
C:\Program Files\Ontrack\SystemSuite\UninstallEngine\UndoLogs\F_E6A86EF001C248AF004FAB53.fiz/4FAC4D.nd2 -> Adware.Comet : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\cd_clint.dll -> Adware.Cydoor : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MediaLoads Enhanced -> Adware.Downloadware : Cleaned with backup (quarantined).
C:\Program Files\Common Files\tbchlllp\rdjlrrhn\lrhpbrlh.exe -> Adware.Gator : Cleaned with backup (quarantined).
C:\Program Files\Common Files\tbchlllp\tcnltacrbd\dphnbjjdp.exe -> Adware.Gator : Cleaned with backup (quarantined).
HKU\S-1-5-21-2346120412-3924064129-568730901-500\Software\Hiwire -> Adware.HiWire : Cleaned with backup (quarantined).
HKU\S-1-5-21-2346120412-3924064129-568730901-500\Software\Hiwire\MusicMatch -> Adware.HiWire : Cleaned with backup (quarantined).
HKU\S-1-5-21-2346120412-3924064129-568730901-500\Software\Hiwire\MusicMatch\Browser -> Adware.HiWire : Cleaned with backup (quarantined).
HKU\S-1-5-21-2346120412-3924064129-568730901-500\Software\Hiwire\MusicMatch\Faceplate -> Adware.HiWire : Cleaned with backup (quarantined).
HKU\S-1-5-21-2346120412-3924064129-568730901-500\Software\Hiwire\MusicMatch\History -> Adware.HiWire : Cleaned with backup (quarantined).
HKU\S-1-5-21-2346120412-3924064129-568730901-500\Software\Hiwire\MusicMatch\Resources -> Adware.HiWire : Cleaned with backup (quarantined).
HKU\S-1-5-21-2346120412-3924064129-568730901-500\Software\Hiwire\MusicMatch\Stations -> Adware.HiWire : Cleaned with backup (quarantined).
HKU\S-1-5-21-2346120412-3924064129-568730901-500\Software\Hiwire\MusicMatch\WebUpdate -> Adware.HiWire : Cleaned with backup (quarantined).
C:\WINDOWS\LastGood\IPINSIGT.DLL -> Adware.IPInsight : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\MP.MediaPops -> Adware.NetworkEssentials : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\MP.MediaPops.1 -> Adware.NetworkEssentials : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\MP.MediaPops\CLSID -> Adware.NetworkEssentials : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\MP.MediaPops\CurVer -> Adware.NetworkEssentials : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP1134\A0148136.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP1134\A0148137.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP1134\A0148138.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP1134\A0148139.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP1134\A0148140.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP1134\A0148141.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP1134\A0148142.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP1134\A0148143.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP1134\A0148144.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP1134\A0148145.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP1134\A0148146.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
HKU\.DEFAULT\Software\New.net -> Adware.NewDotNet : Cleaned with backup (quarantined).
HKU\S-1-5-18\Software\New.net -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2C.tmp -> Adware.VCatch : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\mobupd.exe -> Adware.WurldMedia : Cleaned with backup (quarantined).
HKLM\SOFTWARE\FENX -> Dialer.Generic : Cleaned with backup (quarantined).
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqC.tmp -> Hijacker.Delf.r : Cleaned with backup (quarantined).
:mozilla.223:C:\Documents and Settings\Jared\Application Data\Mozilla\Firefox\Profiles\kqbozzdt.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.224:C:\Documents and Settings\Jared\Application Data\Mozilla\Firefox\Profiles\kqbozzdt.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.225:C:\Documents and Settings\Jared\Application Data\Mozilla\Firefox\Profiles\kqbozzdt.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.226:C:\Documents and Settings\Jared\Application Data\Mozilla\Firefox\Profiles\kqbozzdt.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.227:C:\Documents and Settings\Jared\Application Data\Mozilla\Firefox\Profiles\kqbozzdt.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.228:C:\Documents and Settings\Jared\Application Data\Mozilla\Firefox\Profiles\kqbozzdt.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.229:C:\Documents and Settings\Jared\Application Data\Mozilla\Firefox\Profiles\kqbozzdt.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.230:C:\Documents and Settings\Jared\Application Data\Mozilla\Firefox\Profiles\kqbozzdt.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.231:C:\Documents and Settings\Jared\Application Data\Mozilla\Firefox\Profiles\kqbozzdt.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Jared\Cookies\jared@2o7[2].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq59.tmp -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.30:C:\Documents and Settings\Jared\Application Data\Mozilla\Firefox\Profiles\kqbozzdt.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.325:C:\Documents and Settings\Jerry\Application Data\Mozilla\Firefox\Profiles\f5s3fzxx.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.326:C:\Documents and Settings\Jerry\Application Data\Mozilla\Firefox\Profiles\f5s3fzxx.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.327:C:\Documents and Settings\Jerry\Application Data\Mozilla\Firefox\Profiles\f5s3fzxx.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.328:C:\Documents and Settings\Jerry\Application Data\Mozilla\Firefox\Profiles\f5s3fzxx.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.32:C:\Documents and Settings\Jared\Application Data\Mozilla\Firefox\Profiles\kqbozzdt.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.33:C:\Documents and Settings\Jared\Application Data\Mozilla\Firefox\Profiles\kqbozzdt.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.34:C:\Documents and Settings\Jared\Application Data\Mozilla\Firefox\Profiles\kqbozzdt.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.35:C:\Documents and Settings\Jared\Application Data\Mozilla\Firefox\Profiles\kqbozzdt.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.36:C:\Documents and Settings\Jared\Application Data\Mozilla\Firefox\Profiles\kqbozzdt.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.37:C:\Documents and Settings\Jared\Application Data\Mozilla\Firefox\Profiles\kqbozzdt.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.105:C:\Documents and Settings\Jared\Application Data\Mozilla\Firefox\Profiles\kqbozzdt.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup (quarantined).
:mozilla.106:C:\Documents and Settings\Jared\Application Data\Mozilla\Firefox\Profiles\kqbozzdt.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup (quarantined).
:mozilla.107:C:\Documents and Settings\Jared\Application Data\Mozilla\Firefox\Profiles\kqbozzdt.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup (quarantined).
:mozilla.79:C:\Documents and Settings\Jerry\Application Data\Mozilla\Firefox\Profiles\f5s3fzxx.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup (quarantined).
:mozilla.80:C:\Documents and Settings\Jerry\Application Data\Mozilla\Firefox\Profiles\f5s3fzxx.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup (quarantined).
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq74.tmp -> TrackingCookie.Adserver : Cleaned with backup (quarantined).
:mozilla.237:C:\Documents and Settings\Jerry\Application Data\Mozilla\Firefox\Profiles\f5s3fzxx.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.238:C:\Documents and Settings\Jerry\Application Data\Mozilla\Firefox\Profiles\f5s3fzxx.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.239:C:\Documents and Settings\Jerry\Application Data\Mozilla\Firefox\Profiles\f5s3fzxx.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.240:C:\Documents and Settings\Jerry\Application Data\Mozilla\Firefox\Profiles\f5s3fzxx.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.241:C:\Documents and Settings\Jerry\Application Data\Mozilla\Firefox\Profiles\f5s3fzxx.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.242:C:\Documents and Settings\Jerry\Application Data\Mozilla\Firefox\Profiles\f5s3fzxx.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.243:C:\Documents and Settings\Jerry\Application Data\Mozilla\Firefox\Profiles\f5s3fzxx.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.244:C:\Documents and Settings\Jerry\Application Data\Mozilla\Firefox\Profiles\f5s3fzxx.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.245:C:\Documents and Settings\Jerry\Application Data\Mozilla\Firefox\Profiles\f5s3fzxx.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.246:C:\Documents and Settings\Jerry\Application Data\Mozilla\Firefox\Profiles\f5s3fzxx.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.247:C:\Documents and Settings\Jerry\Application Data\Mozilla\Firefox\Profiles\f5s3fzxx.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.248:C:\Documents and Settings\Jerry\Application Data\Mozilla\Firefox\Profiles\f5s3fzxx.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.249:C:\Documents and Settings\Jerry\Application Data\Mozilla\Firefox\Profiles\f5s3fzxx.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.250:C:\Documents and Settings\Jerry\Application Data\Mozilla\Firefox\Profiles\f5s3fzxx.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.251:C:\Documents and Settings\Jerry\Application Data\Mozilla\Firefox\Profiles\f5s3fzxx.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.252:C:\Documents and Settings\Jerry\Application Data\Mozilla\Firefox\Profiles\f5s3fzxx.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.253:C:\Documents and Settings\Jerry\Application Data\Mozilla\Firefox\Profiles\f5s3fzxx.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.254:C:\Documents and Settings\Jerry\Application Data\Mozilla\Firefox\Profiles\f5s3fzxx.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.255:C:\Documents and Settings\Jerry\Application Data\Mozilla\Firefox\Profiles\f5s3fzxx.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.256:C:\Documents and Settings\Jerry\Application Data\Mozilla\Firefox\Profiles\f5s3fzxx.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.279:C:\Documents and Settings\Jerry\Application Data\Mozilla\Firefox\Profiles\f5s3fzxx.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.280:C:\Documents and Settings\Jerry\Application Data\Mozilla\Firefox\Profiles\f5s3fzxx.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.281:C:\Documents and Settings\Jerry\Application Data\Mozilla\Firefox\Profiles\f5s3fzxx.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.345:C:\Documents and Settings\Jerry\Application Data\Mozilla\Firefox\Profiles\f5s3fzxx.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.57:C:\Documents and Settings\Jared\Application Data\Mozilla\Firefox\Profiles\kqbozzdt.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.58:C:\Documents and Settings\Jared\Application Data\Mozilla\Firefox\Profiles\kqbozzdt.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.59:C:\Documents and Settings\Jared\Application Data\Mozilla\Firefox\Profiles\kqbozzdt.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.60:C:\Documents and Settings\Jared\Application Data\Mozilla\Firefox\Profiles\kqbozzdt.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.61:C:\Documents and Settings\Jared\Application Data\Mozilla\Firefox\Profiles\kqbozzdt.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.62:C:\Documents and Settings\Jared\Application Data\Mozilla\Firefox\Profiles\kqbozzdt.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.63:C:\Documents and Settings\Jared\Application Data\Mozilla\Firefox\Profiles\kqbozzdt.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.65:C:\Documents and Settings\Jared\Application Data\Mozilla\Firefox\Profiles\kqbozzdt.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.66:C:\Documents and Settings\Jared\Application Data\Mozilla\Firefox\Profiles\kqbozzdt.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.67:C:\Documents and Settings\Jared\Application Data\Mozilla\Firefox\Profiles\kqbozzdt.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.68:C:\Documents and Settings\Jared\Application Data\Mozilla\Firefox\Profiles\kqbozzdt.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.69:C:\Documents and Settings\Jared\Application Data\Mozilla\Firefox\Profiles\kqbozzdt.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.70:C:\Documents and Settings\Jared\Application Data\Mozilla\Firefox\Profiles\kqbozzdt.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.71:C:\Documents and Settings\Jared\Application Data\Mozilla\Firefox\Profiles\kqbozzdt.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.72:C:\Documents and Settings\Jared\Application Data\Mozilla\Firefox\Profiles\kqbozzdt.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.75:C:\Documents and Settings\Jared\Application Data\Mozilla\Firefox\Profiles\kqbozzdt.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
C:\Documents and Settings\2\Cookies\2@advertising[1].txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
C:\Documents and Settings\Jared\Cookies\jared@advertising[1].txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq5A.tmp -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq5E.tmp -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq6F.tmp -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.318:C:\Documents and Settings\Jerry\Application Data\Mozilla\Firefox\Profiles\f5s3fzxx.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
:mozilla.38:C:\Documents and Settings\Jared\Application Data\Mozilla\Firefox\Profiles\kqbozzdt.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
C:\Documents and Settings\2\Cookies\2@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
C:\Documents and Settings\Jared\Cookies\jared@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq5B.tmp -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
:mozilla.240:C:\Documents and Settings\Jared\Application Data\Mozilla\Firefox\Profiles\kqbozzdt.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned with backup (quarantined).
C:\Documents and Settings\Tu\Cookies\2@bluestreak[2].txt -> TrackingCookie.Bluestreak : Cleaned with backup (quarantined).
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq63.tmp -> TrackingCookie.Bluestreak : Cleaned with backup (quarantined).
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq66.tmp -> TrackingCookie.Bridgetrack : Cleaned with backup (quarantined).
:mozilla.73:C:\Documents and Settings\Jared\Application Data\Mozilla\Firefox\Profiles\kqbozzdt.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned with backup (quarantined).
:mozilla.74:C:\Documents and Settings\Jared\Application Data\Mozilla\Firefox\Profiles\kqbozzdt.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned with backup (quarantined).
:mozilla.102:C:\Documents and Settings\Jerry\Application Data\Mozilla\Firefox\Profiles\f5s3fzxx.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
:mozilla.7:C:\Documents and Settings\Jared\Application Data\Mozilla\Firefox\Profiles\kqbozzdt.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
:mozilla.198:C:\Documents and Settings\Jared\Application Data\Mozilla\Firefox\Profiles\kqbozzdt.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.62:C:\Documents and Settings\Jerry\Application Data\Mozilla\Firefox\Profiles\f5s3fzxx.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.63:C:\Documents and Settings\Jerry\Application Data\Mozilla\Firefox\Profiles\f5s3fzxx.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.64:C:\Documents and Settings\Jerry\Application Data\Mozilla\Firefox\Profiles\f5s3fzxx.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.65:C:\Documents and Settings\Jerry\Application Data\Mozilla\Firefox\Profiles\f5s3fzxx.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
C:\Documents and Settings\2\Cookies\2@casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq64.tmp -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.220:C:\Documents and Settings\Jared\Application Data\Mozilla\Firefox\Profiles\kqbozzdt.default\cookies.txt -> TrackingCookie.Centrport : Cleaned with backup (quarantined).
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq65.tmp -> TrackingCookie.Centrport : Cleaned with backup (quarantined).
:mozilla.199:C:\Documents and Settings\Jared\Application Data\Mozilla\Firefox\Profiles\kqbozzdt.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup (quarantined).
:mozilla.200:C:\Documents and Settings\Jared\Application Data\Mozilla\Firefox\Profiles\kqbozzdt.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup (quarantined).
:mozilla.201:C:\Documents and Settings\Jared\Application Data\Mozilla\Firefox\Profiles\kqbozzdt.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup (quarantined).
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq67.tmp -> TrackingCookie.Coremetrics : Cleaned with backup (quarantined).
:mozilla.166:C:\Documents and Settings\Jerry\Application Data\Mozilla\Firefox\Profiles\f5s3fzxx.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
:mozilla.31:C:\Documents and Settings\Jared\Application Data\Mozilla\Firefox\Profiles\kqbozzdt.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
C:\Documents and Settings\2\Cookies\2@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
C:\Documents and Settings\Jared\Cookies\jared@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
C:\Documents and Settings\Tu\Cookies\2@doubleclick[2].txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq5C.tmp -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
:mozilla.321:C:\Documents and Settings\Jerry\Application Data\Mozilla\Firefox\Profiles\f5s3fzxx.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.37:C:\Documents and Settings\Jerry\Application Data\Mozilla\Firefox\Profiles\f5s3fzxx.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.38:C:\Documents and Settings\Jerry\Application Data\Mozilla\Firefox\Profiles\f5s3fzxx.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.39:C:\Documents and Settings\Jerry\Application Data\Mozilla\Firefox\Profiles\f5s3fzxx.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.40:C:\Documents and Settings\Jerry\Application Data\Mozilla\Firefox\Profiles\f5s3fzxx.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.41:C:\Documents and Settings\Jerry\Application Data\Mozilla\Firefox\Profiles\f5s3fzxx.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.42:C:\Documents and Settings\Jerry\Application Data\Mozilla\Firefox\Profiles\f5s3fzxx.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.48:C:\Documents and Settings\Jared\Application Data\Mozilla\Firefox\Profiles\kqbozzdt.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.49:C:\Documents and Settings\Jared\Application Data\Mozilla\Firefox\Profiles\kqbozzdt.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.50:C:\Documents and Settings\Jared\Application Data\Mozilla\Firefox\Profiles\kqbozzdt.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.51:C:\Documents and Settings\Jared\Application Data\Mozilla\Firefox\Profiles\kqbozzdt.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.52:C:\Documents and Settings\Jared\Application Data\Mozilla\Firefox\Profiles\kqbozzdt.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.53:C:\Documents and Settings\Jared\Application Data\Mozilla\Firefox\Profiles\kqbozzdt.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.54:C:\Documents and Settings\Jared\Application Data\Mozilla\Firefox\Profiles\kqbozzdt.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.167:C:\Documents and Settings\Jerry\Application Data\Mozilla\Firefox\Profiles\f5s3fzxx.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
:mozilla.168:C:\Documents and Settings\Jerry\Application Data\Mozilla\Firefox\Profiles\f5s3fzxx.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
:mozilla.214:C:\Documents and Settings\Jared\Application Data\Mozilla\Firefox\Profiles\kqbozzdt.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq69.tmp -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq68.tmp -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq6A.tmp -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq6B.tmp -> TrackingCookie.Hitslink : Cleaned with backup (quarantined).
:mozilla.112:C:\Documents and Settings\Jerry\Application Data\Mozilla\Firefox\Profiles\f5s3fzxx.default\cookies.txt -> TrackingCookie.Kmpads : Cleaned with backup (quarantined).
:mozilla.113:C:\Documents and Settings\Jerry\Application Data\Mozilla\Firefox\Profiles\f5s3fzxx.default\cookies.txt -> TrackingCookie.Kmpads : Cleaned with backup (quarantined).
C:\Documents and Settings\Tu\Cookies\2@linksynergy[1].txt -> TrackingCookie.Linksynergy : Cleaned with backup (quarantined).
:mozilla.167:C:\Documents and Settings\Jared\Application Data\Mozilla\Firefox\Profiles\kqbozzdt.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).
:mozilla.196:C:\Documents and Settings\Jared\Application Data\Mozilla\Firefox\Profiles\kqbozzdt.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).
:mozilla.197:C:\Documents and Settings\Jared\Application Data\Mozilla\Firefox\Profiles\kqbozzdt.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).
:mozilla.257:C:\Documents and Settings\Jerry\Application Data\Mozilla\Firefox\Profiles\f5s3fzxx.default\cookies.txt -> TrackingCookie.Masterstats : Cleaned with backup (quarantined).
:mozilla.163:C:\Documents and Settings\Jared\Application Data\Mozilla\Firefox\Profiles\kqbozzdt.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup (quarantined).
C:\Documents and Settings\2\Cookies\2@mediaplex[2].txt -> TrackingCookie.Mediaplex : Cleaned with backup (quarantined).
C:\Documents and Settings\Tu\Cookies\2@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned with backup (quarantined).
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq6C.tmp -> TrackingCookie.Mediaplex : Cleaned with backup (quarantined).
:mozilla.120:C:\Documents and Settings\Jerry\Application Data\Mozilla\Firefox\Profiles\f5s3fzxx.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
:mozilla.121:C:\Documents and Settings\Jerry\Application Data\Mozilla\Firefox\Profiles\f5s3fzxx.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
:mozilla.143:C:\Documents and Settings\Jared\Application Data\Mozilla\Firefox\Profiles\kqbozzdt.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
:mozilla.175:C:\Documents and Settings\Jared\Application Data\Mozilla\Firefox\Profiles\kqbozzdt.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
:mozilla.176:C:\Documents and Settings\Jared\Application Data\Mozilla\Firefox\Profiles\kqbozzdt.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
C:\Documents and Settings\2\Cookies\2@overture[2].txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
:mozilla.161:C:\Documents and Settings\Jerry\Application Data\Mozilla\Firefox\Profiles\f5s3fzxx.default\cookies.txt -> TrackingCookie.Paypopup : Cleaned with backup (quarantined).
:mozilla.162:C:\Documents and Settings\Jerry\Application Data\Mozilla\Firefox\Profiles\f5s3fzxx.default\cookies.txt -> TrackingCookie.Paypopup : Cleaned with backup (quarantined).
:mozilla.163:C:\Documents and Settings\Jerry\Application Data\Mozilla\Firefox\Profiles\f5s3fzxx.default\cookies.txt -> TrackingCookie.Paypopup : Cleaned with backup (quarantined).
:mozilla.164:C:\Documents and Settings\Jerry\Application Data\Mozilla\Firefox\Profiles\f5s3fzxx.default\cookies.txt -> TrackingCookie.Paypopup : Cleaned with backup (quarantined).
:mozilla.76:C:\Documents and Settings\Jared\Application Data\Mozilla\Firefox\Profiles\kqbozzdt.default\cookies.txt -> TrackingCookie.Paypopup : Cleaned with backup (quarantined).
:mozilla.77:C:\Documents and Settings\Jared\Application Data\Mozilla\Firefox\Profiles\kqbozzdt.default\cookies.txt -> TrackingCookie.Paypopup : Cleaned with backup (quarantined).
:mozilla.78:C:\Documents and Settings\Jared\Application Data\Mozilla\Firefox\Profiles\kqbozzdt.default\cookies.txt -> TrackingCookie.Paypopup : Cleaned with backup (quarantined).
:mozilla.79:C:\Documents and Settings\Jared\Application Data\Mozilla\Firefox\Profiles\kqbozzdt.default\cookies.txt -> TrackingCookie.Paypopup : Cleaned with backup (quarantined).
:mozilla.80:C:\Documents and Settings\Jared\Application Data\Mozilla\Firefox\Profiles\kqbozzdt.default\cookies.txt -> TrackingCookie.Paypopup : Cleaned with backup (quarantined).
:mozilla.202:C:\Documents and Settings\Jared\Application Data\Mozilla\Firefox\Profiles\kqbozzdt.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
:mozilla.203:C:\Documents and Settings\Jared\Application Data\Mozilla\Firefox\Profiles\kqbozzdt.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
:mozilla.204:C:\Documents and Settings\Jared\Application Data\Mozilla\Firefox\Profiles\kqbozzdt.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
:mozilla.205:C:\Documents and Settings\Jared\Application Data\Mozilla\Firefox\Profiles\kqbozzdt.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
:mozilla.299:C:\Documents and Settings\Jerry\Application Data\Mozilla\Firefox\Profiles\f5s3fzxx.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
:mozilla.304:C:\Documents and Settings\Jerry\Application Data\Mozilla\Firefox\Profiles\f5s3fzxx.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
:mozilla.334:C:\Documents and Settings\Jerry\Application Data\Mozilla\Firefox\Profiles\f5s3fzxx.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
:mozilla.335:C:\Documents and Settings\Jerry\Application Data\Mozilla\Firefox\Profiles\f5s3fzxx.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
C:\Documents and Settings\2\Cookies\2@ads.pointroll[1].txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
:mozilla.111:C:\Documents and Settings\Jerry\Application Data\Mozilla\Firefox\Profiles\f5s3fzxx.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
:mozilla.134:C:\Documents and Settings\Jared\Application Data\Mozilla\Firefox\Profiles\kqbozzdt.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq5D.tmp -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq6D.tmp -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
:mozilla.135:C:\Documents and Settings\Jared\Application Data\Mozilla\Firefox\Profiles\kqbozzdt.default\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup (quarantined).
:mozilla.46:C:\Documents and Settings\Jerry\Application Data\Mozilla\Firefox\Profiles\f5s3fzxx.default\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup (quarantined).
C:\Documents and Settings\2\Cookies\2@revenue[1].txt -> TrackingCookie.Revenue : Cleaned with backup (quarantined).
:mozilla.274:C:\Documents and Settings\Jerry\Application Data\Mozilla\Firefox\Profiles\f5s3fzxx.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.275:C:\Documents and Settings\Jerry\Application Data\Mozilla\Firefox\Profiles\f5s3fzxx.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.276:C:\Documents and Settings\Jerry\Application Data\Mozilla\Firefox\Profiles\f5s3fzxx.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.277:C:\Documents and Settings\Jerry\Application Data\Mozilla\Firefox\Profiles\f5s3fzxx.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.330:C:\Documents and Settings\Jerry\Application Data\Mozilla\Firefox\Profiles\f5s3fzxx.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq70.tmp -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.108:C:\Documents and Settings\Jerry\Application Data\Mozilla\Firefox\Profiles\f5s3fzxx.default\cookies.txt -> TrackingCookie.Shopathomeselect : Cleaned with backup (quarantined).
:mozilla.113:C:\Documents and Settings\Jared\Application Data\Mozilla\Firefox\Profiles\kqbozzdt.default\cookies.txt -> TrackingCookie.Shopathomeselect : Cleaned with backup (quarantined).
:mozilla.156:C:\Documents and Settings\Jared\Application Data\Mozilla\Firefox\Profiles\kqbozzdt.default\cookies.txt -> TrackingCookie.Shopathomeselect : Cleaned with backup (quarantined).
:mozilla.239:C:\Documents and Settings\Jared\Application Data\Mozilla\Firefox\Profiles\kqbozzdt.default\cookies.txt -> TrackingCookie.Shopathomeselect : Cleaned with backup (quarantined).
:mozilla.312:C:\Documents and Settings\Jerry\Application Data\Mozilla\Firefox\Profiles\f5s3fzxx.default\cookies.txt -> TrackingCookie.Shopathomeselect : Cleaned with backup (quarantined).
:mozilla.96:C:\Documents and Settings\Jared\Application Data\Mozilla\Firefox\Profiles\kqbozzdt.default\cookies.txt -> TrackingCookie.Shopathomeselect : Cleaned with backup (quarantined).
:mozilla.188:C:\Documents and Settings\Jared\Application Data\Mozilla\Firefox\Profiles\kqbozzdt.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup (quarantined).
:mozilla.189:C:\Documents and Settings\Jared\Application Data\Mozilla\Firefox\Profiles\kqbozzdt.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup (quarantined).
:mozilla.302:C:\Documents and Settings\Jerry\Application Data\Mozilla\Firefox\Profiles\f5s3fzxx.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup (quarantined).
:mozilla.342:C:\Documents and Settings\Jerry\Application Data\Mozilla\Firefox\Profiles\f5s3fzxx.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup (quarantined).
:mozilla.184:C:\Documents and Settings\Jared\Application Data\Mozilla\Firefox\Profiles\kqbozzdt.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
C:\Documents and Settings\2\Cookies\2@anad.tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
:mozilla.103:C:\Documents and Settings\Jerry\Application Data\Mozilla\Firefox\Profiles\f5s3fzxx.default\cookies.txt -> TrackingCookie.Targetnet : Cleaned with backup (quarantined).
:mozilla.27:C:\Documents and Settings\Jared\Application Data\Mozilla\Firefox\Profiles\kqbozzdt.default\cookies.txt -> TrackingCookie.Targetnet : Cleaned with backup (quarantined).
:mozilla.28:C:\Documents and Settings\Jared\Application Data\Mozilla\Firefox\Profiles\kqbozzdt.default\cookies.txt -> TrackingCookie.Targetnet : Cleaned with backup (quarantined).
:mozilla.29:C:\Documents and Settings\Jared\Application Data\Mozilla\Firefox\Profiles\kqbozzdt.default\cookies.txt -> TrackingCookie.Targetnet : Cleaned with backup (quarantined).
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq5F.tmp -> TrackingCookie.Tradedoubler : Cleaned with backup (quarantined).
:mozilla.119:C:\Documents and Settings\Jared\Application Data\Mozilla\Firefox\Profiles\kqbozzdt.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.148:C:\Documents and Settings\Jerry\Application Data\Mozilla\Firefox\Profiles\f5s3fzxx.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.149:C:\Documents and Settings\Jerry\Application Data\Mozilla\Firefox\Profiles\f5s3fzxx.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.150:C:\Documents and Settings\Jerry\Application Data\Mozilla\Firefox\Profiles\f5s3fzxx.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.151:C:\Documents and Settings\Jerry\Application Data\Mozilla\Firefox\Profiles\f5s3fzxx.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.152:C:\Documents and Settings\Jerry\Application Data\Mozilla\Firefox\Profiles\f5s3fzxx.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.153:C:\Documents and Settings\Jerry\Application Data\Mozilla\Firefox\Profiles\f5s3fzxx.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq71.tmp -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.47:C:\Documents and Settings\Jared\Application Data\Mozilla\Firefox\Profiles\kqbozzdt.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq60.tmp -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
:mozilla.106:C:\Documents and Settings\Jerry\Application Data\Mozilla\Firefox\Profiles\f5s3fzxx.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup (quarantined).
:mozilla.107:C:\Documents and Settings\Jerry\Application Data\Mozilla\Firefox\Profiles\f5s3fzxx.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup (quarantined).
:mozilla.166:C:\Documents and Settings\Jared\Application Data\Mozilla\Firefox\Profiles\kqbozzdt.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup (quarantined).
:mozilla.170:C:\Documents and Settings\Jared\Application Data\Mozilla\Firefox\Profiles\kqbozzdt.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup (quarantined).
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq61.tmp -> TrackingCookie.Valueclick : Cleaned with backup (quarantined).
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq72.tmp -> TrackingCookie.Webtrendslive : Cleaned with backup (quarantined).
:mozilla.10:C:\Documents and Settings\Jared\Application Data\Mozilla\Firefox\Profiles\kqbozzdt.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.12:C:\Documents and Settings\Jared\Application Data\Mozilla\Firefox\Profiles\kqbozzdt.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.16:C:\Documents and Settings\Jared\Application Data\Mozilla\Firefox\Profiles\kqbozzdt.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.20:C:\Documents and Settings\Jared\Application Data\Mozilla\Firefox\Profiles\kqbozzdt.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.21:C:\Documents and Settings\Jared\Application Data\Mozilla\Firefox\Profiles\kqbozzdt.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.22:C:\Documents and Settings\Jared\Application Data\Mozilla\Firefox\Profiles\kqbozzdt.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.23:C:\Documents and Settings\Jared\Application Data\Mozilla\Firefox\Profiles\kqbozzdt.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.24:C:\Documents and Settings\Jared\Application Data\Mozilla\Firefox\Profiles\kqbozzdt.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.25:C:\Documents and Settings\Jared\Application Data\Mozilla\Firefox\Profiles\kqbozzdt.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.314:C:\Documents and Settings\Jerry\Application Data\Mozilla\Firefox\Profiles\f5s3fzxx.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.315:C:\Documents and Settings\Jerry\Application Data\Mozilla\Firefox\Profiles\f5s3fzxx.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.316:C:\Documents and Settings\Jerry\Application Data\Mozilla\Firefox\Profiles\f5s3fzxx.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.317:C:\Documents and Settings\Jerry\Application Data\Mozilla\Firefox\Profiles\f5s3fzxx.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.9:C:\Documents and Settings\Jared\Application Data\Mozilla\Firefox\Profiles\kqbozzdt.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\Documents and Settings\2\Cookies\2@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\Documents and Settings\Jerry\Cookies\jerry@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.14:C:\Documents and Settings\Jared\Application Data\Mozilla\Firefox\Profiles\kqbozzdt.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
:mozilla.15:C:\Documents and Settings\Jared\Application Data\Mozilla\Firefox\Profiles\kqbozzdt.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
:mozilla.17:C:\Documents and Settings\Jared\Application Data\Mozilla\Firefox\Profiles\kqbozzdt.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
:mozilla.18:C:\Documents and Settings\Jared\Application Data\Mozilla\Firefox\Profiles\kqbozzdt.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
:mozilla.19:C:\Documents and Settings\Jared\Application Data\Mozilla\Firefox\Profiles\kqbozzdt.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
:mozilla.8:C:\Documents and Settings\Jared\Application Data\Mozilla\Firefox\Profiles\kqbozzdt.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
:mozilla.90:C:\Documents and Settings\Jerry\Application Data\Mozilla\Firefox\Profiles\f5s3fzxx.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq75.tmp -> TrackingCookie.Zedo : Cleaned with backup (quarantined).

::Report end

here's my active scan report:

Incident Status Location

Adware:adware/clickalchemy Not disinfected c:\windows\inf\alchem.inf
Adware:adware/twain-tech Not disinfected c:\windows\inf\twaintec.inf
Adware:adware/gator Not disinfected c:\GatorPatch.log
Adware:adware/downloadware Not disinfected c:\windows\Digital Signature 20020514.htm
Adware:adware/ieplugin Not disinfected c:\windows\kwv2.dat
Adware:adware/sidesearch Not disinfected Windows Registry
Adware:adware/otx Not disinfected Windows Registry
Adware:adware/dyfuca Not disinfected Windows Registry
Adware:adware/shoppingcommunity Not disinfected Windows Registry
Spyware:spyware/shopnav Not disinfected Windows Registry
Potentially unwanted tool:Application/BrilliantDigital Not disinfected C:\BDE\bdeviewer.exe
Potentially unwanted tool:Application/BrilliantDigital Not disinfected C:\BDE\cache\bdeclean.exe
Potentially unwanted tool:Application/BrilliantDigital Not disinfected C:\BDE\cache\bdedetect1.dll
Potentially unwanted tool:Application/BrilliantDigital Not disinfected C:\BDE\npbdplay2.dll
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\2\Cookies\2@go[2].txt
Potentially unwanted tool:Application/BrilliantDigital Not disinfected C:\BDE\bdeviewer.exe
Potentially unwanted tool:Application/BrilliantDigital Not disinfected C:\BDE\cache\bdeclean.exe
Potentially unwanted tool:Application/BrilliantDigital Not disinfected C:\BDE\cache\bdedetect1.dll
Potentially unwanted tool:Application/BrilliantDigital Not disinfected C:\BDE\npbdplay2.dll
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\2\Cookies\2@go[2].txt

Niobis · Aug 22, 2006

First go to Add/Remove Programs and remove "BrilliantDigitals". If it will not allow it, get the uninstall http://www.enigmasoftware.com/affiliate3/link.php?ref=86&productid=4

Then you need to delete the entries found by Ewido. Look in the quarantine and then delete them.

Then, run a scan only with HijackThis. Check and fix these(If they remain):

[bold]R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=

O2 - BHO: TChkBHO Class - {97EA6478-68A0-4239-8A60-7837E12F5D06} - C:\WINDOWS\SYSTEM32\ynoikqy.dll

O2 - BHO: BrowserHelper Class - {EBCDDA60-2A68-11D3-8A43-0060083CFB9C} - C:\WINDOWS\System32\nzdd.dll

O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)

O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MTSInstallers/MetaStream3.cab?url=http://www.viewpoint.com/cgi-bin/vet_install_popup.pl?1&04.00.04....
[/bold]

After fixes, post all three new logs.

tupham102 · Aug 25, 2006

here's the hijackthis log

Logfile of HijackThis v1.99.1
Scan saved at 8:38:52 PM, on 8/25/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Nhksrv.exe
C:\Program Files\Yahoo!\Antivirus\ISafe.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\Ontrack\SYSTEM~1\MXTask.exe
C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\ZipToA.exe
C:\WINDOWS\System32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
C:\WINDOWS\System32\hphmon04.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\Program Files\2Wire\2PortalMon.exe
C:\WINDOWS\System32\devldr32.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\WINDOWS\System32\wuauclt.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HjT\HijackThis_v1.99.1.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

http://www.dellnet.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http

://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http

://yahoo.sbc.com/dsl
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D

4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA

05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}

- C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:

\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C

:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9}

- C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: TChkBHO Class - {97EA6478-68A0-4239-8A60-7837E12F5D06} - C:

\WINDOWS\SYSTEM32\ynoikqy.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F

7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:

\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:

\Program Files\AIM Toolbar\AIMBar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -

C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C

:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:

\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl

.dll,NvStartup
O4 - HKLM\..\Run: [bwgqtgrj] C:\WINDOWS\System32\wmnmsv.exe
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!

\Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.

exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32

\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\System32\hphmon04.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0

_08\bin\jusched.exe"
O4 - HKLM\..\Run: [2wSysTray] C:\Program Files\2Wire\2PortalMon.exe
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common

Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0

\ewido.exe" /minimized
O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\CANONC~1

\TEXTBR~1\Bin\REGIST~1.EXE
O8 - Extra context menu item: &AOL Toolbar Search - c:\program

files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Define - C:\Program Files\Common

Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:

\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program

Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-

AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D

5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-

000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-

006097DBED37} - C:\Program Files\Common Files\Microsoft

Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D

4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft

Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578}

- C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C

:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF

.HTM
O9 - Extra 'Tools' menuitem: Define - {5DA9DE80-097A-11D4-A92E-006097

DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference

2001\A\ERS_DEF.HTM
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:

\Program Files\AIM\aim.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045

C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5

C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C

04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .mng: c:\program files\internet

explorer\PLUGINS\NpHcd32.dll
O12 - Plugin for .spop: C:\Program Files\Internet

Explorer\Plugins\NPDocBox.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class)

- http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/

client/muweb_site.cab?1155761003250
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer

Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control)

- https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} (Yahoo! Photos Easy

Upload Tool Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/

installs/ydropper/ydropper1_6us.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: CAISafe - Computer Associates International, Inc. - C:

\Program Files\Yahoo!\Antivirus\ISafe.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology

Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO

EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.

exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development

a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision

Corporation - C:\Program Files\Common Files\InstallShield\Driver\11

\Intel 32\IDriverT.exe
O23 - Service: IomegaAccess - Iomega Corporation - C:\WINDOWS\System

32\IomegaAccess.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program

Files\iPod\bin\iPodService.exe
O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:

\WINDOWS\Nhksrv.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA

Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\System32\HPHipm11.exe
O23 - Service: SystemSuite Task Manager - Ontrack Data International -

C:\PROGRA~1\Ontrack\SYSTEM~1\MXTask.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates

International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1

.EXE
O23 - Service: ZipToA - Iomega Corporation - C:\WINDOWS\System32

\ZipToA.exe

tupham102 · Aug 25, 2006

here's the active scan report:

Incident Status Location

Adware:adware/clickalchemy Not disinfected c:\windows\inf\alchem.inf
Adware:adware/twain-tech Not disinfected c:\windows\inf\twaintec.inf
Adware:adware/gator Not disinfected c:\GatorPatch.log
Adware:adware/downloadware Not disinfected c:\windows\Digital Signature 20020514.htm
Adware:adware/ieplugin Not disinfected c:\windows\kwv2.dat
Adware:adware/sidesearch Not disinfected Windows Registry
Adware:adware/otx Not disinfected Windows Registry
Adware:adware/dyfuca Not disinfected Windows Registry
Adware:adware/shoppingcommunity Not disinfected Windows Registry
Potentially unwanted tool:Application/BrilliantDigital Not disinfected C:\BDE\bdeviewer.exe
Potentially unwanted tool:Application/BrilliantDigital Not disinfected C:\BDE\cache\bdeclean.exe
Potentially unwanted tool:Application/BrilliantDigital Not disinfected C:\BDE\cache\bdedetect1.dll
Potentially unwanted tool:Application/BrilliantDigital Not disinfected C:\BDE\npbdplay2.dll
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\2\Cookies\2@go[2].txt

Incident Status Location

Potentially unwanted tool:Application/BrilliantDigital Not disinfected C:\BDE\bdeviewer.exe
Potentially unwanted tool:Application/BrilliantDigital Not disinfected C:\BDE\cache\bdeclean.exe
Potentially unwanted tool:Application/BrilliantDigital Not disinfected C:\BDE\cache\bdedetect1.dll
Potentially unwanted tool:Application/BrilliantDigital Not disinfected C:\BDE\npbdplay2.dll

tupham102 · Aug 25, 2006

Here's the ewido log

---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 11:13:20 PM 8/25/2006

+ Scan result:

C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP1196\A0149943.dll -> Adware.Aws : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP1196\A0149946.DLL -> Adware.BiSpy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP1196\A0149947.exe -> Adware.BiSpy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP1196\A0149948.exe -> Adware.BiSpy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP1196\A0149949.dll -> Adware.BiSpy : Cleaned with backup (quarantined).
C:\BDE\cache\bdedetect1.dll -> Adware.BrilliantDigital : Cleaned with backup (quarantined).
HKU\S-1-5-21-2346120412-3924064129-568730901-1006\Software\Brilliant Digital Entertainment -> Adware.BrilliantDigital : Cleaned with backup (quarantined).
HKU\S-1-5-21-2346120412-3924064129-568730901-1006\Software\Brilliant Digital Entertainment\PROJECTOR -> Adware.BrilliantDigital : Cleaned with backup (quarantined).
HKU\S-1-5-21-2346120412-3924064129-568730901-1006\Software\Brilliant Digital Entertainment\PROJECTOR\GUI -> Adware.BrilliantDigital : Cleaned with backup (quarantined).
HKU\S-1-5-21-2346120412-3924064129-568730901-1006\Software\Brilliant Digital Entertainment\PROJECTOR\casinosky -> Adware.BrilliantDigital : Cleaned with backup (quarantined).
HKU\S-1-5-21-2346120412-3924064129-568730901-1006\Software\Brilliant Digital Entertainment\PROJECTOR\goldenstar_sky -> Adware.BrilliantDigital : Cleaned with backup (quarantined).
HKU\S-1-5-21-2346120412-3924064129-568730901-1006\Software\Brilliant Digital Entertainment\PROJECTOR\goldenstar_sky\state -> Adware.BrilliantDigital : Cleaned with backup (quarantined).
HKU\S-1-5-21-2346120412-3924064129-568730901-1006\Software\Brilliant Digital Entertainment\PROJECTOR\goldenstarsky -> Adware.BrilliantDigital : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP1196\A0149951.dll -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP1196\A0149944.exe -> Adware.Gator : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP1196\A0149945.exe -> Adware.Gator : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP1196\A0149950.DLL -> Adware.IPInsight : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP1196\A0149952.exe -> Adware.WurldMedia : Cleaned with backup (quarantined).
HKLM\SOFTWARE\FENX -> Dialer.Generic : Cleaned with backup (quarantined).
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq16.tmp -> TrackingCookie.247realmedia : Cleaned with backup (quarantined).
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq26.tmp -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq3B.tmp -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
C:\Documents and Settings\Dana\Cookies\dana@atdmt[1].txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
C:\Documents and Settings\Dana\Cookies\dana@bluestreak[1].txt -> TrackingCookie.Bluestreak : Cleaned with backup (quarantined).
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2A.tmp -> TrackingCookie.Bluestreak : Cleaned with backup (quarantined).
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq30.tmp -> TrackingCookie.Bridgetrack : Cleaned with backup (quarantined).
C:\Documents and Settings\Dana\Cookies\dana@casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2F.tmp -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq31.tmp -> TrackingCookie.Com : Cleaned with backup (quarantined).
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq62.tmp -> TrackingCookie.Commission-junction : Cleaned with backup (quarantined).
C:\Documents and Settings\Dana\Cookies\dana@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq18.tmp -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq33.tmp -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq34.tmp -> TrackingCookie.Mediaplex : Cleaned with backup (quarantined).
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq3D.tmp -> TrackingCookie.Revenue : Cleaned with backup (quarantined).
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq32.tmp -> TrackingCookie.Ru4 : Cleaned with backup (quarantined).
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq36.tmp -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq19.tmp -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1A.tmp -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq37.tmp -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1B.tmp -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
C:\Documents and Settings\Dana\Cookies\dana@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq39.tmp -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1C.tmp -> TrackingCookie.Valueclick : Cleaned with backup (quarantined).
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq27.tmp -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq3A.tmp -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
C:\BDE\bdeviewer.exe -> Trojan.Krepper.y : Cleaned with backup (quarantined).

::Report end

tupham102 · Aug 25, 2006

By the way, I tried to add/remove that brilliant program thing but it's not on add/remove. so I tried to download this program http://www.enigmasoftware.com/affiliate3/link.php?ref=86&productid=4 but it wouldnt work. So what else can I do?

Niobis · Aug 26, 2006

Go here htt://www.ccleaner.com download Ccleaner.

Install and run both "Cleaner" ans "Issues" fix.

Then go here http://www.downloads.subratam.org/KillBox.zip and download KillBox.

Restart your computer in safe mode.
Open Killbox.exe.
Check "Standard File Kill".
In the "Full Path of File to Delete" box, copy and paste each of the following lines [bold]one at a time[/bold] then click on the button that has the red circle with the X in the middle after you enter each file.
You will be prompted to confirm, click Yes.

If KillBox prompts the files does not exist, just continue with others. Do not miss any.

[bold]c:\windows\inf\alchem.inf

c:\windows\inf\twaintec.inf

c:\GatorPatch.log

c:\windows\Digital Signature 20020514.htm

c:\windows\kwv2.dat

C:\BDE\bdeviewer.exe

C:\BDE\cache\bdeclean.exe

C:\BDE\cache\bdedetect1.dll

C:\BDE\npbdplay2.dll

C:\BDE\bdeviewer.exe

C:\BDE\cache\bdeclean.exe

C:\BDE\cache\bdedetect1.dll

C:\BDE\npbdplay2.dll[/bold]

Then, run another Active Scan, post the log. Post another HijackThis log.

Log in or Sign up

need help with spyware

tupham102 Member

Niobis Active member

tupham102 Member

tupham102 Member

tupham102 Member

tupham102 Member

Niobis Active member

Share This Page

Log in or Sign up

need help with spyware

tupham102 Member

Niobis Active member

tupham102 Member

tupham102 Member

tupham102 Member

tupham102 Member

Niobis Active member

Share This Page

Useful Searches