VIRUS HELP!!!!!

Discussion in 'Windows - Virus and spyware problems' started by Jaskol, Aug 9, 2006.

  1. Jaskol

    Jaskol Member

    Joined:
    Aug 9, 2006
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    11
    Hi -

    I seem to have become infected with some sort of virus/trojan etc. I've done all I can by reading other forums including running Spybot, Adaware, Norton Antivirus 2005, Ewido 1.4 and a number of trojan remover utilities including Vundofix and Smitfraud fix. Unfortunately, I still seem to have a problem. I'm no longer getting hijacked but Norton regularly pops a window saying that it's detected a trojan.dialer that it can't delete.

    Any help would be much appreciated! Below is my HJT log:

    Logfile of HijackThis v1.99.1
    Scan saved at 8:38:12 PM, on 09/08/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\SYSTEM32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\brsvc01a.exe
    C:\WINDOWS\system32\brss01a.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\ewido anti-spyware 4.0\guard.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\LTSMMSG.exe
    C:\Program Files\Apoint2K\Apoint.exe
    C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
    C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
    C:\Program Files\Apoint2K\Apntex.exe
    C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
    C:\Program Files\Motive\AsstCommon\motmon.exe
    C:\WINDOWS\system32\PRISMSTA.EXE
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\ewido anti-spyware 4.0\ewido.exe
    C:\Program Files\Common Files\{B04345A7-069E-1033-1010-020209250002}\Update.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
    C:\Program Files\Fujitsu Service Assistant\bin\mad.exe
    C:\Program Files\Fujitsu Service Assistant\bin\mpbtn.exe
    C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
    C:\Program Files\CCleaner\ccleaner.exe
    C:\DOCUME~1\Owner\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.library.utoronto.ca:8080
    R3 - Default URLSearchHook is missing
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
    O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
    O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
    O4 - HKLM\..\Run: [IndicatorUtility] C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
    O4 - HKLM\..\Run: [LoadFujitsuQuickTouch] C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
    O4 - HKLM\..\Run: [LoadBtnHnd] C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
    O4 - HKLM\..\Run: [MotiveMonitor] C:\Program Files\Motive\AsstCommon\motmon.exe
    O4 - HKLM\..\Run: [PRISMSTA.EXE] PRISMSTA.EXE
    O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
    O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg
    O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
    O4 - HKLM\..\RunOnce: [Panda_cleaner_298501] C:\WINDOWS\system32\ActiveScan\pavdr.exe xPanda ActiveScan 298501
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
    O4 - Global Startup: Fujitsu Service Assistant.lnk = C:\Program Files\Fujitsu Service Assistant\bin\matcli.exe
    O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\palmOne\Hotsync.exe
    O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
    O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://www.fujitsupc.com/
    O16 - DPF: {0C568603-D79D-11D2-87A7-00C04FF158BB} (BrowseFolderPopup Class) - http://download.mcafee.com/molbin/Shared/MGBrwFld.cab
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kavwebscan_unicode.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1408.g.akamai.net/7/1408/99...W/win/019-0123.20031218.zes4d/iTunesSetup.exe
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,55/mcinsctl.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1128958329541
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) -
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {CAFEEFAC-0014-0001-0003-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_03) -
    O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://blacks.pnimedia.com/upload/activex/v2_0_0_9/PCAXSetupv2.0.0.9.cab?
    O20 - AppInit_DLLs: C:\WINDOWS\system32\notepad.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O20 - Winlogon Notify: winasd32 - C:\WINDOWS\SYSTEM32\winasd32.dll
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Creative Service for CDROM Access - Unknown owner - C:\WINDOWS\System32\CTsvcCDA.exe (file missing)
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    O23 - Service: NTBOOTMGR (NTBOOT) - Unknown owner - C:\WINDOWS\SYSTEM\DRIVER\ntuser.exe (file missing)
    O23 - Service: NTLOAD - Unknown owner - C:\WINDOWS\SYSTEM\DRIVER\ntsrv.exe (file missing)
    O23 - Service: NTSVCMGR - Unknown owner - C:\WINDOWS\SYSTEM\DRIVER\ntsrv.exe (file missing)
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

    Thanks a lot.

    - Jeff
     
    Jaskol, Aug 9, 2006
    #1
  2. Niobis

    Niobis Active member

    Joined:
    Jan 30, 2005
    Messages:
    2,326
    Likes Received:
    0
    Trophy Points:
    66
    Run Ewdio and Spybot in [bold]safe mode[/bold](press F8 upon boot, select "Safe Mode" from menu). Ewido will rid the dialer.
     
    Niobis, Aug 9, 2006
    #2
  3. Jaskol

    Jaskol Member

    Joined:
    Aug 9, 2006
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    11
    I've already done that (sorry, I didn't state that in my initial post), but I still have the trojan...
     
    Jaskol, Aug 9, 2006
    #3
  4. Niobis

    Niobis Active member

    Joined:
    Jan 30, 2005
    Messages:
    2,326
    Likes Received:
    0
    Trophy Points:
    66
    Post an Ewido log. Let's see what kind of dialer it is.
     
    Niobis, Aug 9, 2006
    #4
  5. Jaskol

    Jaskol Member

    Joined:
    Aug 9, 2006
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    11
    Panda active scan log:

    Incident Status Location

    Potentially unwanted tool:application/sysprotect Not disinfected hkey_local_machine\software\classes\appid\CheckProduct2_1.DLL
    Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@apmebf[2].txt
    Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Owner\Cookies\owner@adrevolver[1].txt
    Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Owner\Cookies\owner@atwola[1].txt
    Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\Owner\Cookies\owner@bravenet[2].txt
    Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Owner\Cookies\owner@maxserving[2].txt
    Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Owner\Cookies\owner@realmedia[2].txt
    Spyware:Cookie/Target Not disinfected C:\Documents and Settings\Owner\Cookies\owner@target[1].txt
    Spyware:Cookie/Tucows Not disinfected C:\Documents and Settings\Owner\Cookies\owner@tucows[1].txt
    Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Owner\Cookies\sara gray@adrevolver[1].txt
    Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Owner\Cookies\sara gray@apmebf[1].txt
    Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Owner\Cookies\sara gray@atwola[2].txt
    Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Owner\Cookies\sara gray@belnk[1].txt
    Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Owner\Cookies\sara gray@dist.belnk[2].txt
    Spyware:Cookie/Netster Not disinfected C:\Documents and Settings\Owner\Cookies\sara gray@lb1.netster[1].txt
    Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Owner\Cookies\sara gray@maxserving[1].txt
    Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Owner\Cookies\sara gray@realmedia[2].txt
    Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Owner\Cookies\sara gray@xiti[1].txt
    Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Owner\My Documents\Virus cleaning\SmitfraudFix\Process.exe
    Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Owner\My Documents\Virus cleaning\VirtumundoBeGone.exe[²ƒÇ]
    Spyware:Spyware/Conducent-Timesink

    ---------------------------------------------------------
    ewido anti-spyware - Scan Report
    ---------------------------------------------------------

    + Created at: 8:23:28 PM 07/08/2006

    + Scan result:



    C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\AFUFI9IB\SysProtectScannerInstall[1].cab/USYP_0001_N85M2606NetInstaller.exe -> Downloader.Agent.alr : Cleaned with backup (quarantined).
    C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\WLYZODQR\!update-4095[1].0000 -> Downloader.PurityScan.co : Cleaned with backup (quarantined).
    C:\WINDOWS\Temp\!update.exe -> Downloader.PurityScan.co : Cleaned with backup (quarantined).
    C:\Program Files\Common Files\WіnSxS\rundll.exe -> Downloader.PurityScan.cu : Cleaned with backup (quarantined).
    C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\3GNCAEXD\WinAntiVirusPro2006FreeInstall[1].cab/UWA6P_0001_N91M1807NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Ignored.
    C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\O5U3WTE3\WinAntiVirusPro2006FreeInstall[1].cab/UWA6P_0001_N91M1807NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Ignored.
    C:\WINDOWS\Downloaded Program Files\CONFLICT.1\UWA6P_0001_N91M1807NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Ignored.
    C:\WINDOWS\Downloaded Program Files\CONFLICT.2\UWA6P_0001_N91M1807NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Ignored.
    C:\WINDOWS\Downloaded Program Files\UWA6P_0001_N91M1807NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Ignored.
    C:\WINDOWS\system32\components\flx6.dll -> Not-A-Virus.Hoax.Win32.Renos.ds : Ignored.
    C:\Documents and Settings\Owner\Desktop\OBP5Backup.Sara Gray.2006-05-29.21-28.opz/^IE Data^/C/sara gray@247realmedia[2].txt -> TrackingCookie.247realmedia : Cleaned.
    C:\Documents and Settings\Owner\Desktop\OBP5Backup.Sara Gray.2006-05-29.21-28.opz/^IE Data^/C/sara gray@2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
    C:\Documents and Settings\Owner\Desktop\OBP5Backup.Sara Gray.2006-05-29.21-28.opz/^IE Data^/C/sara gray@bellglobemediapublishing.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
    C:\Documents and Settings\Owner\Desktop\OBP5Backup.Sara Gray.2006-05-29.21-28.opz/^IE Data^/C/sara gray@cbs.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
    C:\Documents and Settings\Owner\Desktop\OBP5Backup.Sara Gray.2006-05-29.21-28.opz/^IE Data^/C/sara gray@cnn.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
    C:\Documents and Settings\Owner\Desktop\OBP5Backup.Sara Gray.2006-05-29.21-28.opz/^IE Data^/C/sara gray@cratebarrel.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
    C:\Documents and Settings\Owner\Desktop\OBP5Backup.Sara Gray.2006-05-29.21-28.opz/^IE Data^/C/sara gray@efashionsolutions.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
    C:\Documents and Settings\Owner\Desktop\OBP5Backup.Sara Gray.2006-05-29.21-28.opz/^IE Data^/C/sara gray@genentech.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
    C:\Documents and Settings\Owner\Desktop\OBP5Backup.Sara Gray.2006-05-29.21-28.opz/^IE Data^/C/sara gray@imc2.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
    C:\Documents and Settings\Owner\Desktop\OBP5Backup.Sara Gray.2006-05-29.21-28.opz/^IE Data^/C/sara gray@journalregistercompany.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
    C:\Documents and Settings\Owner\Desktop\OBP5Backup.Sara Gray.2006-05-29.21-28.opz/^IE Data^/C/sara gray@microsofteup.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
    C:\Documents and Settings\Owner\Desktop\OBP5Backup.Sara Gray.2006-05-29.21-28.opz/^IE Data^/C/sara gray@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
    C:\Documents and Settings\Owner\Desktop\OBP5Backup.Sara Gray.2006-05-29.21-28.opz/^IE Data^/C/sara gray@thestar.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
    C:\Documents and Settings\Owner\Desktop\OBP5Backup.Sara Gray.2006-05-29.21-28.opz/^IE Data^/C/sara gray@ads.addynamix[1].txt -> TrackingCookie.Addynamix : Cleaned.
    C:\Documents and Settings\Owner\Desktop\OBP5Backup.Sara Gray.2006-05-29.21-28.opz/^IE Data^/C/sara gray@adrevolver[2].txt -> TrackingCookie.Adrevolver : Cleaned.
    C:\Documents and Settings\Owner\Desktop\OBP5Backup.Sara Gray.2006-05-29.21-28.opz/^IE Data^/C/sara gray@z1.adserver[1].txt -> TrackingCookie.Adserver : Cleaned.
    C:\Documents and Settings\Owner\Desktop\OBP5Backup.Sara Gray.2006-05-29.21-28.opz/^IE Data^/C/sara gray@advertising[2].txt -> TrackingCookie.Advertising : Cleaned.
    C:\Documents and Settings\Owner\Desktop\OBP5Backup.Sara Gray.2006-05-29.21-28.opz/^IE Data^/C/sara gray@servedby.advertising[1].txt -> TrackingCookie.Advertising : Cleaned.
    C:\Documents and Settings\Owner\Desktop\OBP5Backup.Sara Gray.2006-05-29.21-28.opz/^IE Data^/C/sara gray@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
    C:\Documents and Settings\Owner\Desktop\OBP5Backup.Sara Gray.2006-05-29.21-28.opz/^IE Data^/C/sara gray@bfast[2].txt -> TrackingCookie.Bfast : Cleaned.
    C:\Documents and Settings\Owner\Desktop\OBP5Backup.Sara Gray.2006-05-29.21-28.opz/^IE Data^/C/sara gray@bluestreak[1].txt -> TrackingCookie.Bluestreak : Cleaned.
    C:\Documents and Settings\Owner\Desktop\OBP5Backup.Sara Gray.2006-05-29.21-28.opz/^IE Data^/C/sara gray@www.burstbeacon[1].txt -> TrackingCookie.Burstbeacon : Cleaned.
    C:\Documents and Settings\Owner\Desktop\OBP5Backup.Sara Gray.2006-05-29.21-28.opz/^IE Data^/C/sara gray@burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned.
    C:\Documents and Settings\Owner\Desktop\OBP5Backup.Sara Gray.2006-05-29.21-28.opz/^IE Data^/C/sara gray@casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned.
    C:\Documents and Settings\Owner\Desktop\OBP5Backup.Sara Gray.2006-05-29.21-28.opz/^IE Data^/C/sara gray@data.coremetrics[1].txt -> TrackingCookie.Coremetrics : Cleaned.
    C:\Documents and Settings\Owner\Desktop\OBP5Backup.Sara Gray.2006-05-29.21-28.opz/^IE Data^/C/sara gray@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
    C:\Documents and Settings\Owner\Desktop\OBP5Backup.Sara Gray.2006-05-29.21-28.opz/^IE Data^/C/sara gray@e-2dj6wjk4emd5kbo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\Owner\Desktop\OBP5Backup.Sara Gray.2006-05-29.21-28.opz/^IE Data^/C/sara gray@e-2dj6wjkowmcjmgq.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\Owner\Desktop\OBP5Backup.Sara Gray.2006-05-29.21-28.opz/^IE Data^/C/sara gray@e-2dj6wjkyaocjglq.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\Owner\Desktop\OBP5Backup.Sara Gray.2006-05-29.21-28.opz/^IE Data^/C/sara gray@e-2dj6wjmichajwfq.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\Owner\Desktop\OBP5Backup.Sara Gray.2006-05-29.21-28.opz/^IE Data^/C/sara gray@fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned.
    C:\Documents and Settings\Owner\Desktop\OBP5Backup.Sara Gray.2006-05-29.21-28.opz/^IE Data^/C/sara gray@media.fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned.
    C:\Documents and Settings\Owner\Desktop\OBP5Backup.Sara Gray.2006-05-29.21-28.opz/^IE Data^/C/sara gray@ehg-aha.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
    C:\Documents and Settings\Owner\Desktop\OBP5Backup.Sara Gray.2006-05-29.21-28.opz/^IE Data^/C/sara gray@ehg-bestbuy.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
    C:\Documents and Settings\Owner\Desktop\OBP5Backup.Sara Gray.2006-05-29.21-28.opz/^IE Data^/C/sara gray@ehg-microsoft.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
    C:\Documents and Settings\Owner\Desktop\OBP5Backup.Sara Gray.2006-05-29.21-28.opz/^IE Data^/C/sara gray@ehg-nestlewaters.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
    C:\Documents and Settings\Owner\Desktop\OBP5Backup.Sara Gray.2006-05-29.21-28.opz/^IE Data^/C/sara gray@ehg-shanken.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
    C:\Documents and Settings\Owner\Desktop\OBP5Backup.Sara Gray.2006-05-29.21-28.opz/^IE Data^/C/sara gray@hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
    C:\Documents and Settings\Owner\Desktop\OBP5Backup.Sara Gray.2006-05-29.21-28.opz/^IE Data^/C/sara gray@phg.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
    C:\Documents and Settings\Owner\Desktop\OBP5Backup.Sara Gray.2006-05-29.21-28.opz/^IE Data^/C/sara gray@counter.hitslink[1].txt -> TrackingCookie.Hitslink : Cleaned.
    C:\Documents and Settings\Owner\Desktop\OBP5Backup.Sara Gray.2006-05-29.21-28.opz/^IE Data^/C/sara gray@server.iad.liveperson[2].txt -> TrackingCookie.Liveperson : Cleaned.
    C:\Documents and Settings\Owner\Desktop\OBP5Backup.Sara Gray.2006-05-29.21-28.opz/^IE Data^/C/sara gray@mediaplex[2].txt -> TrackingCookie.Mediaplex : Cleaned.
    C:\Documents and Settings\Owner\Desktop\OBP5Backup.Sara Gray.2006-05-29.21-28.opz/^IE Data^/C/sara gray@data1.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned.
    C:\Documents and Settings\Owner\Desktop\OBP5Backup.Sara Gray.2006-05-29.21-28.opz/^IE Data^/C/sara gray@data2.perf.overture[2].txt -> TrackingCookie.Overture : Cleaned.
    C:\Documents and Settings\Owner\Desktop\OBP5Backup.Sara Gray.2006-05-29.21-28.opz/^IE Data^/C/sara gray@overture[2].txt -> TrackingCookie.Overture : Cleaned.
    C:\Documents and Settings\Owner\Desktop\OBP5Backup.Sara Gray.2006-05-29.21-28.opz/^IE Data^/C/sara gray@perf.overture[1].txt -> TrackingCookie.Overture : Cleaned.
    C:\Documents and Settings\Owner\Desktop\OBP5Backup.Sara Gray.2006-05-29.21-28.opz/^IE Data^/C/sara gray@ads.pointroll[1].txt -> TrackingCookie.Pointroll : Cleaned.
    C:\Documents and Settings\Owner\Desktop\OBP5Backup.Sara Gray.2006-05-29.21-28.opz/^IE Data^/C/sara gray@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned.
    C:\Documents and Settings\Owner\Desktop\OBP5Backup.Sara Gray.2006-05-29.21-28.opz/^IE Data^/C/sara gray@edge.ru4[1].txt -> TrackingCookie.Ru4 : Cleaned.
    C:\Documents and Settings\Owner\Desktop\OBP5Backup.Sara Gray.2006-05-29.21-28.opz/^IE Data^/C/sara gray@bs.serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned.
    C:\Documents and Settings\Owner\Desktop\OBP5Backup.Sara Gray.2006-05-29.21-28.opz/^IE Data^/C/sara gray@serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned.
    C:\Documents and Settings\Owner\Desktop\OBP5Backup.Sara Gray.2006-05-29.21-28.opz/^IE Data^/C/sara gray@adopt.specificclick[1].txt -> TrackingCookie.Specificclick : Cleaned.
    C:\Documents and Settings\Owner\Desktop\OBP5Backup.Sara Gray.2006-05-29.21-28.opz/^IE Data^/C/sara gray@statcounter[1].txt -> TrackingCookie.Statcounter : Cleaned.
    C:\Documents and Settings\Owner\Desktop\OBP5Backup.Sara Gray.2006-05-29.21-28.opz/^IE Data^/C/sara gray@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
    C:\Documents and Settings\Owner\Desktop\OBP5Backup.Sara Gray.2006-05-29.21-28.opz/^IE Data^/C/sara gray@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Cleaned.
    C:\Documents and Settings\Owner\Desktop\OBP5Backup.Sara Gray.2006-05-29.21-28.opz/^IE Data^/C/sara gray@trafficmp[1].txt -> TrackingCookie.Trafficmp : Cleaned.
    C:\Documents and Settings\Owner\Desktop\OBP5Backup.Sara Gray.2006-05-29.21-28.opz/^IE Data^/C/sara gray@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned.
    C:\Documents and Settings\Owner\Desktop\OBP5Backup.Sara Gray.2006-05-29.21-28.opz/^IE Data^/C/sara gray@valueclick[1].txt -> TrackingCookie.Valueclick : Cleaned.
    C:\Documents and Settings\Owner\Desktop\OBP5Backup.Sara Gray.2006-05-29.21-28.opz/^IE Data^/C/sara gray@statse.webtrendslive[2].txt -> TrackingCookie.Webtrendslive : Cleaned.
    C:\Documents and Settings\Owner\Desktop\OBP5Backup.Sara Gray.2006-05-29.21-28.opz/^IE Data^/C/sara gray@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned.
    C:\Documents and Settings\Owner\Desktop\OBP5Backup.Sara Gray.2006-05-29.21-28.opz/^IE Data^/C/sara gray@c1.zedo[1].txt -> TrackingCookie.Zedo : Cleaned.
    C:\Documents and Settings\Owner\Desktop\OBP5Backup.Sara Gray.2006-05-29.21-28.opz/^IE Data^/C/sara gray@zedo[1].txt -> TrackingCookie.Zedo : Cleaned.
    C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\KL23OLA7\srvlii[1].exe -> Trojan.Dialer.qs : Cleaned with backup (quarantined).
    C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\WLYZODQR\srvnsa[1].exe -> Trojan.Dialer.qs : Cleaned with backup (quarantined).
    C:\WINDOWS\Temp\win320.tmp -> Trojan.Dialer.qs : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\cool.exe -> Trojan.Dialer.qs : Cleaned with backup (quarantined).
    C:\WINDOWS\Temp\win319.tmp.exe -> Trojan.Pakes : Cleaned with backup (quarantined).
    C:\WINDOWS\Temp\win320.tmp.exe -> Trojan.Pakes : Cleaned with backup (quarantined).


    ::Report end

    Thanks...
     
    Jaskol, Aug 10, 2006
    #5
  6. maca1

    maca1 Regular member

    Joined:
    Mar 15, 2006
    Messages:
    630
    Likes Received:
    0
    Trophy Points:
    26
    you ignored certain things with Ewido. by accident maybe.
    Make sure evything is set to Quarantine or delete




     
    Last edited: Aug 10, 2006
    maca1, Aug 10, 2006
    #6

Share This Page