trojan-psw.win 32.lmir.agw

  1. 17-09-2005  #1
    Eileen
    Eileen is offline Newbie

    Angry trojan-psw.win 32.lmir.agw

    My virus program dected "trojan-psw.win 32.lmir.agw virus last night, it said it was deleted I have run scans from several different sorces, how do i make sure that this isn't hidden somewhere in my machine, i would hate to have to reformat this computer again.

    Thanks................Eileen-Wisconsin
  2. 17-09-2005  #2
    Neal
    Neal is offline Dedicated Member
    Hi and welcome,

    Download the new version of hijackthis here:
    http://www.thatcomputerguy.us/downloads-cat4.html
    or here:
    http://majorgeeks.com/download3155.html

    Create a folder HJT such as C:\HJT or C:\Program Files\HJT. Copy or drag-and-drop the HijackThis program to the newly created folder. Then make or alter the shortcut to the HJT program.

    Notepad will open up and results of scan will be there, copy and paste that into your next reply. Thanks. Do not post it yet please.


    Make sure you can see hidden files/folders
    In Windows XP
    Click Start.
    Open My Computer.
    Select the Tools menu and click Folder Options.
    Select the View Tab.
    Under the Hidden files and folders heading select Show hidden files and folders.
    Uncheck the Hide protected operating system files (recommended) option.
    Click Yes to confirm.
    Click OK.
    After you're cleaned, please "rehide" them again.


    Please download, install, update and scan your system with the free version of Ewido trojan scanner: www.ewido.net/en/download/

    1. When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".

    2. When you run ewido for the first time, you will get a warning "Database could not be found!". Click OK. We will fix this in a moment.

    3. From the main ewido screen, click on UPDATE in the left menu, then click the Start update button.

    4. After the update finishes (the status bar at the bottom will display "Update successful"), click on the Scanner button in the left menu, then click on the Start button. This scan can take quite a while to run.


    5. If ewido finds anything, it will pop up a notification. You can select "clean" and check the boxes "Perform action with all infections" and "Create encrypted backup" before clicking on OK.


    6. When the scan finishes, click on "Save Report". This will create a text file. Please then paste the contents of the text file to this thread, along with a new HijackThis log.


    Make sure you are set to normal startup. Click Start -> Run -> Type Msconfig -> Press Enter -> make sure Startup is set to Normal.


    Restart your computer in normal mode and please post a new HijackThis log, as well as the log from the Ewido scan.
  3. 17-09-2005  #3
    Eileen
    Eileen is offline Newbie
    Scan saved at 11:08:37 PM, on 9/16/2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
    C:\windows\system\hpsysdrv.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
    C:\Program Files\Picasa2\PicasaMediaDetector.exe
    C:\WINDOWS\vsnpstd2.exe
    C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb1 0.exe
    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    C:\Program Files\Charter High-Speed Security Suite\Common\FSM32.EXE
    C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
    C:\HP\KBD\KBD.EXE
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Ares\Ares.exe
    C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
    C:\Program Files\Blue Security\bluefrog.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Google\Google Talk\googletalk.exe
    C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsgk32st.exe
    C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\FSGK32.EXE
    C:\Program Files\Charter High-Speed Security Suite\backweb\3528733\program\fsbwsys.exe
    C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fssm32.exe
    C:\Program Files\Charter High-Speed Security Suite\Common\FSMA32.EXE
    c:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Charter High-Speed Security Suite\Common\FSMB32.EXE
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    C:\Program Files\MRU-Blaster\scheduler.exe
    C:\Program Files\SpywareGuard\sgmain.exe
    C:\Program Files\SpywareGuard\sgbhp.exe
    C:\Program Files\Charter High-Speed Security Suite\Common\FCH32.EXE
    C:\Program Files\Charter High-Speed Security Suite\Common\FAMEH32.EXE
    C:\Program Files\Charter High-Speed Security Suite\FSPC\fspc.exe
    C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsav32.exe
    C:\Program Files\Charter High-Speed Security Suite\FWES\Program\fsdfwd.exe
    C:\Program Files\Charter High-Speed Security Suite\FSGUI\fsguiexe.exe
    C:\Program Files\Pinnacle\Instant PhotoAlbum\Programs\TitleDeko.exe
    C:\Program Files\InterVideo\WCreator2\WCreator.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\ewido\security suite\ewidoctrl.exe
    C:\Documents and Settings\HP_Owner\My Documents\hijack\hijackthis1991.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.charter.net/index.php
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.charter.net/index.php
    N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csea rchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Profiles\default\dik9xdbe.slt\prefs.j s)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
    O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
    O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
    O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
    O4 - HKLM\..\Run: [SNPSTD2] C:\WINDOWS\vsnpstd2.exe
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb1 0.exe
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Charter High-Speed Security Suite\Common\FSM32.EXE" /splash
    O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Charter High-Speed Security Suite\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
    O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Charter High-Speed Security Suite\FSGUI\FSSW.EXE" /reboot
    O4 - HKLM\..\Run: [News Service] "C:\Program Files\Charter High-Speed Security Suite\FSGUI\ispnews.exe"
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
    O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
    O4 - HKCU\..\Run: [Blue Frog] C:\Program Files\Blue Security\bluefrog.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - Startup: MRU-Blaster Scheduler.lnk = C:\Program Files\MRU-Blaster\scheduler.exe
    O4 - Startup: MRU-Blaster Silent Clean.lnk = C:\Program Files\MRU-Blaster\mrublaster.exe
    O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
    O4 - Global Startup: Event Reminder.lnk = C:\Program Files\Broderbund\PrintMaster\PMremind.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
    O9 - Extra button: Web Filter - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Charter High-Speed Security Suite\FSPC\fspcmsie.dll
    O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Charter High-Speed Security Suite\FSPC\fspcmsie.dll
    O9 - Extra 'Tools' menuitem: Show website &list - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Charter High-Speed Security Suite\FSPC\fspcmsie.dll
    O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F02} - C:\Program Files\Charter High-Speed Security Suite\FSPC\fspcmsie.dll
    O9 - Extra 'Tools' menuitem: &Suspend Webpage Filter - {200DB664-75B5-47c0-8B45-A44ACCF73F02} - C:\Program Files\Charter High-Speed Security Suite\FSPC\fspcmsie.dll
    O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F03} - C:\Program Files\Charter High-Speed Security Suite\FSPC\fspcmsie.dll
    O9 - Extra 'Tools' menuitem: &Deny this website - {200DB664-75B5-47c0-8B45-A44ACCF73F03} - C:\Program Files\Charter High-Speed Security Suite\FSPC\fspcmsie.dll
    O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F04} - C:\Program Files\Charter High-Speed Security Suite\FSPC\fspcmsie.dll
    O9 - Extra 'Tools' menuitem: &Allow this website - {200DB664-75B5-47c0-8B45-A44ACCF73F04} - C:\Program Files\Charter High-Speed Security Suite\FSPC\fspcmsie.dll
    O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
    O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: PCPitstop-Tracks-Checker - http://www.pcpitstop.com/privacy/PCPTracks.cab
    O16 - DPF: {0441781A-3075-4C8F-9FDB-A6BCAE8769A1} (vmLaunch Class) - http://videomail2.charter.net/vm/vmd...vmLauncher.cab
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage) - http://go.microsoft.com/fwlink/?Link...04&clcid=0x409
    O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn...taller_gmn.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {6BEA1C48-1850-486C-8F58-C7354BA3165E} (Install Class) - http://updates.lifescapeinc.com/inst...l/pinstall.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1121811021046
    O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - http://support.f-secure.com/ols/fscax.cab
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
    O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?326
    O16 - DPF: {EFAEF0E4-F044-4D57-9900-1C3FF18524C9} (AV Class) - http://www.pcpitstop.com/antivirus/PitPav.cab
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O23 - Service: Charter High-Speed Security Suite (BackWeb Plug-in - 3528733) - Unknown owner - C:\PROGRA~1\CHARTE~2\backweb\3528733\Program\SERVI C~1.EXE
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
    O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsgk32st.exe
    O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\Charter High-Speed Security Suite\backweb\3528733\program\fsbwsys.exe
    O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Charter High-Speed Security Suite\FWES\Program\fsdfwd.exe
    O23 - Service: F-Secure HTTP Server (fshttps) - F-Secure Corporation - C:\Program Files\Charter High-Speed Security Suite\FSPC\fshttps\fshttps.exe
    O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Charter High-Speed Security Suite\Common\FSMA32.EXE
    O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS.exe (file missing)
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightSc
  4. 17-09-2005  #4
    Eileen
    Eileen is offline Newbie
    ---------------------------------------------------------
    ewido security suite - Scan report
    ---------------------------------------------------------

    + Created on: 5:05:59 AM, 9/17/2005
    + Report-Checksum: F204A682

    + Scan result:

    HKLM\SOFTWARE\Need2Find -> Spyware.Need2Find : Cleaned with backup
    HKLM\SOFTWARE\Need2Find\bar -> Spyware.Need2Find : Cleaned with backup
    HKLM\SOFTWARE\Need2Find\bar\Partner -> Spyware.Need2Find : Cleaned with backup
    HKU\S-1-5-21-3666408397-1474273791-521751019-1009\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{25D8BACF-3DE2-4B48-AE22-D659B8D835B0} -> Spyware.RXToolbar : Cleaned with backup
    HKU\S-1-5-21-3666408397-1474273791-521751019-1009\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{2A8A997F-BB9F-48F6-AA2B-2762D50F9289} -> Spyware.SmartShopper : Cleaned with backup
    HKU\S-1-5-21-3666408397-1474273791-521751019-1009\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{4D1C4E81-A32A-416B-BCDB-33B3EF3617D3} -> Spyware.Need2Find : Cleaned with backup
    HKU\S-1-5-21-3666408397-1474273791-521751019-1009\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{4E7BD74F-2B8D-469E-90F0-F66AB581A933} -> Spyware.MyWebSearch : Cleaned with backup
    HKU\S-1-5-21-3666408397-1474273791-521751019-1009\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{946B3E9E-E21A-49C8-9F63-900533FAFE14} -> Spyware.HotBar : Cleaned with backup
    HKU\S-1-5-21-3666408397-1474273791-521751019-1009\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{E77EDA01-3C56-4A96-8D08-02B42891C169} -> Spyware.HotBar : Cleaned with backup
    HKU\S-1-5-21-3666408397-1474273791-521751019-1009\Software\Need2Find -> Spyware.Need2Find : Cleaned with backup
    HKU\S-1-5-21-3666408397-1474273791-521751019-1009\Software\Need2Find\bar -> Spyware.Need2Find : Cleaned with backup
    :mozilla.18:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Profiles\default\dik9xdbe.slt\cookies .txt -> Spyware.Cookie.2o7 : Cleaned with backup
    :mozilla.19:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Profiles\default\dik9xdbe.slt\cookies .txt -> Spyware.Cookie.2o7 : Cleaned with backup
    :mozilla.20:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Profiles\default\dik9xdbe.slt\cookies .txt -> Spyware.Cookie.2o7 : Cleaned with backup
    :mozilla.21:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Profiles\default\dik9xdbe.slt\cookies .txt -> Spyware.Cookie.2o7 : Cleaned with backup
    :mozilla.22:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Profiles\default\dik9xdbe.slt\cookies .txt -> Spyware.Cookie.2o7 : Cleaned with backup
    :mozilla.34:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Profiles\default\dik9xdbe.slt\cookies .txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
    :mozilla.35:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Profiles\default\dik9xdbe.slt\cookies .txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
    :mozilla.36:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Profiles\default\dik9xdbe.slt\cookies .txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
    :mozilla.37:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Profiles\default\dik9xdbe.slt\cookies .txt -> Spyware.Cookie.Com : Cleaned with backup
    :mozilla.38:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Profiles\default\dik9xdbe.slt\cookies .txt -> Spyware.Cookie.Com : Cleaned with backup
    :mozilla.46:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Profiles\default\dik9xdbe.slt\cookies .txt -> Spyware.Cookie.Ru4 : Cleaned with backup
    :mozilla.47:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Profiles\default\dik9xdbe.slt\cookies .txt -> Spyware.Cookie.Ru4 : Cleaned with backup
    :mozilla.48:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Profiles\default\dik9xdbe.slt\cookies .txt -> Spyware.Cookie.Ru4 : Cleaned with backup
    :mozilla.78:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Profiles\default\dik9xdbe.slt\cookies .txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
    :mozilla.79:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Profiles\default\dik9xdbe.slt\cookies .txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
    :mozilla.80:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Profiles\default\dik9xdbe.slt\cookies .txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
    :mozilla.81:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Profiles\default\dik9xdbe.slt\cookies .txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
    :mozilla.82:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Profiles\default\dik9xdbe.slt\cookies .txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
    :mozilla.83:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Profiles\default\dik9xdbe.slt\cookies .txt -> Spyware.Cookie.Statcounter : Cleaned with backup
    :mozilla.84:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Profiles\default\dik9xdbe.slt\cookies .txt -> Spyware.Cookie.Statcounter : Cleaned with backup
    :mozilla.100:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Profiles\default\dik9xdbe.slt\cookies .txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
    :mozilla.101:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Profiles\default\dik9xdbe.slt\cookies .txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
    :mozilla.102:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Profiles\default\dik9xdbe.slt\cookies .txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
    :mozilla.112:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Profiles\default\dik9xdbe.slt\cookies .txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
    :mozilla.113:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Profiles\default\dik9xdbe.slt\cookies .txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
    :mozilla.114:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Profiles\default\dik9xdbe.slt\cookies .txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
    :mozilla.115:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Profiles\default\dik9xdbe.slt\cookies .txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
    :mozilla.117:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Profiles\default\dik9xdbe.slt\cookies .txt -> Spyware.Cookie.Liveperson : Cleaned with backup
    :mozilla.118:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Profiles\default\dik9xdbe.slt\cookies .txt -> Spyware.Cookie.Liveperson : Cleaned with backup
    C:\Documents and Settings\HP_Owner\Cookies\hp_owner@burstnet[2].txt -> Spyware.Cookie.Burstnet : Cleaned with backup
    C:\Documents and Settings\HP_Owner\Cookies\hp_owner@com[2].txt -> Spyware.Cookie.Com : Cleaned with backup
    C:\Documents and Settings\HP_Owner\Cookies\hp_owner@www.burstnet[1].txt -> Spyware.Cookie.Burstnet : Cleaned with backup
    C:\WINDOWS\Downloaded Program Files\popcaploader.dll -> Not-A-Virus.PornWare.PopCap.b : Cleaned with backup
    C:\WINDOWS\Temp\Cookies\hp_owner@com[2].txt -> Spyware.Cookie.C
  5. 18-09-2005  #5
    Neal
    Neal is offline Dedicated Member
    Your log is clean.

    The only thing I can see is that you have ares and it is bundled with spyware/adware.

    There are clean alternatives for this type of thing.

    I suggest you remove it from add/remove program

    Fix this entry in HJT log with all windows closed before fixing:

    O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h

    Delete this folder also:

    C:\Program Files\Ares < folder

    Reboot, how is your computer running now.

    Let's do some junk cleaning while we are at it.

    Download CCleaner from here:
    http://www.majorgeeks.com/download4191.html
    or here:
    http://www.filehippo.com/download_ccleaner.html

    Install and run it. The windows tab should be opened in the upper left of the program. Click analyze and then click run cleaner. Just use the windows tab that is up front by default.

    1.Uncheck "Cookies" under "Internet Explorer".

    2.If you are running Firefox: ,then click on the "Applications" tab and uncheck "Cookies" under "Firefox".

    Clean alternatives:

    http://www.spywareinfo.com/articles/p2p/#limewire
  6. 19-09-2005  #6
    Eileen
    Eileen is offline Newbie
    Thanks I installed ccleaner and it delete some junk, thanks for the help! but is there anyway to prevent "yeildmanager" from entering my system like a block program?
    Thanks Eileen
  7. 19-09-2005  #7
    Neal
    Neal is offline Dedicated Member
    Save 20% on AVG Internet Security 2012 Suite!
    Look in the other Eileen post.
+ Reply to Thread
« Where might I find a spyware/adware db? | Yeildmanager »