Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Startup Slow -s&dd/hijackthis Does Not Remove


  • Please log in to reply
27 replies to this topic

#1 bullma99

bullma99

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:08 PM

Posted 22 July 2007 - 02:49 PM

Hello everyone. I 'm new here, however, I've followed the pre-troubleshooting steps before posting here.
Lately, I've noticed that my system takes approx 2 minutes before CPU performance drops under 10%.
I currently use CCleaner, SpybotS&D as my routine weekly checkups. However, the recent lags have not been fixed with the mentioned utilities.
1) I ran MSconfig and checked all the startups.
2) I then went to the database search to review each startup and determined that the followings were either not needed or trojan. See list:
Name Filename Status
ANIWZCSService WZCSLDR.exe ?
UpdReg Updreg.exe N
PDVDServ PDVDServ.exe U
RemoteControl PDVDServe.exe U
QuickTime qttask.exe X
ctfmon cftmon.exe X

3) I unchecked the box and rebooted but startups above duplicated themselves while still showing the ones I had unchecked.
4) Restarted in safemode and network capability and followed same procedure.
I also ran SpybotS&D but this time decided to removed qttask.exe, UpdReg, PDVDServ, ctfmon.
5) rebooted normal- Msconfig- startup tab- and still showing.


So, my question is: How do I get rid of them and did I select the right ones to get rid off. Per the database search, I determined I didn't need them. But just need 2nd opinion.
As for the qttask.exe and the ctfmon.exe, the database indicated that they were trojans- so these ones definitely need to go.
...........
I hope I was cleared.
...
Below is my hijackThis logfile and startup log file:

Your assistance is greatly appreciated:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:39:16 PM, on 7/22/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
D:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\mcafee.com\mps\mscifapp.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
D:\Program Files\iTunes\iTunesHelper.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
D:\Program Files\D-Link\AirPlus Xtreme G\AirPlusCFG.exe
D:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
D:\Utilities\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe
D:\Program Files\Creative\MediaSource\Go\CTCMSGo.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\WINDOWS\System32\svchost.exe
D:\UTILITIES\PROCEXP\PROCEXP.EXE
C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe
C:\WINDOWS\system32\NOTEPAD.EXE
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Utilities\HiJackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\program files\mcafee.com\mps\mcbrhlpr.dll
O2 - BHO: McAfee Privacy Service Popup Blocker - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - c:\program files\mcafee.com\mps\popupkiller.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\UTILIT~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [CTSysVol] D:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MPFEXE] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [D-Link AirPlus Xtreme G] D:\Program Files\D-Link\AirPlus Xtreme G\AirPlusCFG.exe
O4 - HKLM\..\Run: [ANIWZCSService] C:\Program Files\Alpha Networks\ANIWZCS Service\WZCSLDR.exe
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [RemoteControl] "D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Creative Detector] d:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [AWMON] "D:\Utilities\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe"
O4 - HKCU\..\Run: [Creative MediaSource Go] "D:\Program Files\Creative\MediaSource\Go\CTCMSGo.exe" /SCB
O4 - HKCU\..\Run: [Ffjbgwf] C:\WINDOWS\system32\??stem\w?wexec.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://bb.fccj.edu
O16 - DPF: {0713E8D2-850A-101B-AFC0-4210102A8DA7} (Microsoft ProgressBar Control, version 5.0 (SP2)) - http://download.mcafee.com/molbin/Shared/C...22/ComCtl32.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe

--
End of file - 6721 bytes



StartupList report, 7/22/2007, 3:41:26 PM

StartupList version: 1.52.2
Started from : D:\Utilities\HiJackThis.EXE
Detected: Windows XP SP2 (WinNT 5.01.2600)
Detected: Internet Explorer v7.00 (7.00.6000.16473)
* Using default options
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
D:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\mcafee.com\mps\mscifapp.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
D:\Program Files\iTunes\iTunesHelper.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
D:\Program Files\D-Link\AirPlus Xtreme G\AirPlusCFG.exe
D:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
D:\Utilities\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe
D:\Program Files\Creative\MediaSource\Go\CTCMSGo.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\WINDOWS\System32\svchost.exe
D:\UTILITIES\PROCEXP\PROCEXP.EXE
C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe
C:\WINDOWS\system32\NOTEPAD.EXE
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Utilities\HiJackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

CTSysVol = D:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
MCAgentExe = c:\PROGRA~1\mcafee.com\agent\mcagent.exe
MCUpdateExe = C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
MPFEXE = C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
MPSExe = c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
VSOCheckTask = "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
VirusScan Online = C:\Program Files\McAfee.com\VSO\mcvsshld.exe
OASClnt = C:\Program Files\McAfee.com\VSO\oasclnt.exe
iTunesHelper = "D:\Program Files\iTunes\iTunesHelper.exe"
D-Link AirPlus Xtreme G = D:\Program Files\D-Link\AirPlus Xtreme G\AirPlusCFG.exe
ANIWZCSService = C:\Program Files\Alpha Networks\ANIWZCS Service\WZCSLDR.exe
P17Helper = Rundll32 P17.dll,P17Helper
UpdReg = C:\WINDOWS\UpdReg.EXE
RemoteControl = "D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

Creative Detector = d:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
AWMON = "D:\Utilities\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe"
Creative MediaSource Go = "D:\Program Files\Creative\MediaSource\Go\CTCMSGo.exe" /SCB
Ffjbgwf = C:\WINDOWS\system32\??stem\w?wexec.exe
ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

[OptionalComponents]
=

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=C:\windows\system32\ssmyst.scr
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry key not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------


Enumerating Browser Helper Objects:

(no name) - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
(no name) - c:\program files\mcafee.com\mps\mcbrhlpr.dll - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E}
(no name) - c:\program files\mcafee.com\mps\popupkiller.dll - {3EC8255F-E043-4cae-8B3B-B191550C2A22}
(no name) - D:\UTILIT~1\SPYBOT~1\SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F}
(no name) - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}

--------------------------------------------------

Enumerating Task Scheduler jobs:

AppleSoftwareUpdate.job

--------------------------------------------------

Enumerating Download Program Files:

[Microsoft ProgressBar Control, version 5.0 (SP2)]
InProcServer32 = C:\WINDOWS\system32\COMCTL32.OCX
CODEBASE = http://download.mcafee.com/molbin/Shared/C...22/ComCtl32.cab

[Shockwave ActiveX Control]
InProcServer32 = C:\windows\system32\macromed\Director\SwDir.dll
CODEBASE = http://download.macromedia.com/pub/shockwa...director/sw.cab

[Office Update Installation Engine]
InProcServer32 = C:\WINDOWS\opuc.dll
CODEBASE = http://office.microsoft.com/officeupdate/content/opuc3.cab

[McAfee.com Operating System Class]
InProcServer32 = C:\WINDOWS\system32\mcinsctl.dll
CODEBASE = http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab

[{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}]
CODEBASE = http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab

[DwnldGroupMgr Class]
InProcServer32 = C:\WINDOWS\system32\McGDMgr.dll
CODEBASE = http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab

[Office Update Installation Engine]
InProcServer32 = C:\windows\opuc.dll
CODEBASE = http://office.microsoft.com/officeupdate/content/opuc4.cab

[Shockwave Flash Object]
InProcServer32 = C:\windows\system32\Macromed\Flash\Flash9c.ocx
CODEBASE = http://fpdownload.macromedia.com/get/flash...ent/swflash.cab

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\windows\system32\webcheck.dll
SysTray: C:\WINDOWS\system32\stobject.dll

--------------------------------------------------
End of report, 7,456 bytes
Report generated in 0.032 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only

Attached Files



BC AdBot (Login to Remove)

 


#2 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:07:08 PM

Posted 23 July 2007 - 04:46 AM

Hello there and welcome to BleepingComputer. My name is Charles and I will be dealing with your log today.
Those startup entries you listed are legitimate programs- not trojans, so they do not need deleting. There are, however signs of another infection that needs dealing with, so we will run a Combofix scan.

Download Combofix to your Desktop.
Double click combofix.exe
Follow the prompts that are displayed.
Don't click on the window while the fix is running, because that will cause your system to hang.
When finished, it should produce a log, combofix.txt. Post that in your next reply.

Please post back both the Combofix log and a new HijackThis log in your next reply.
Thanks,
Charles

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#3 bullma99

bullma99
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:08 PM

Posted 23 July 2007 - 11:15 PM

Hi Charles,
Thanks for taking the time to review my log file.
I followed your instructions, but before I past the results- I was wondering why the programs I had indicated (two of them) were not considered "trojans". The database search assigned an "x" in red warning of a virus. ie: qttask.exe X
and cftmon.exe X
..
After you review the log, can please extend why it has an X and not considered a "trojan"?
..
Anyway, attached is the combofix log along with a new hijackThis log file.
Again, thank you in advance.

Sincerely,


Oscar aka bullma99

..
"Oscar" - 2007-07-23 23:52:37 - ComboFix 07-07-23.6 - Service Pack 2 NTFS


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Program Files\Common Files\fnts~1
C:\WINDOWS\system32\fnts~1
C:\WINDOWS\system32\stem~1
C:\WINDOWS\system32\wnstsit.exe


((((((((((((((((((((((((( Files Created from 2007-06-24 to 2007-07-24 )))))))))))))))))))))))))))))))


2007-07-23 23:52 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-22 04:03 <DIR> d--h----- C:\WINDOWS\PIF
2007-07-19 23:09 <DIR> d-------- C:\DOCUME~1\OSCAR~1.HOM\APPLIC~1\EPSON
2007-07-16 23:34 <DIR> d-------- C:\DOCUME~1\ADMINI~1.HOM\APPLIC~1\Lavasoft
2007-07-16 23:19 <DIR> d-------- C:\DOCUME~1\ADMINI~1.HOM\APPLIC~1\Talkback
2007-07-14 02:30 73,216 --a------ C:\WINDOWS\ST6UNST.EXE
2007-07-14 02:30 249,856 --------- C:\WINDOWS\Setup1.exe
2007-06-30 00:43 <DIR> d-------- C:\Program Files\Skype
2007-06-30 00:43 <DIR> d-------- C:\Program Files\Common Files\Skype
2007-06-28 18:54 <DIR> d-------- C:\DOCUME~1\OSCAR~1.HOM\APPLIC~1\Smart Panel
2007-06-28 18:50 98,304 -ra------ C:\WINDOWS\StiRegstEng.dll
2007-06-28 18:50 78,608 --a------ C:\WINDOWS\system32\Vb5db.dll
2007-06-28 18:50 385,024 --a------ C:\WINDOWS\system32\Vbar332.dll
2007-06-28 18:49 73,810 --a------ C:\WINDOWS\system32\rapi.dll
2007-06-28 18:49 430,080 --a------ C:\WINDOWS\system32\Msrepl35.dll
2007-06-28 18:49 41,044 --a------ C:\WINDOWS\system32\ceutil.dll
2007-06-28 18:49 306,688 --a------ C:\WINDOWS\IsUninst.exe
2007-06-28 18:49 294,912 --a------ C:\WINDOWS\system32\Msxbse35.dll
2007-06-28 18:49 262,144 --a------ C:\WINDOWS\system32\Msrd2x35.dll
2007-06-28 18:49 262,144 --a------ C:\WINDOWS\system32\Msexcl35.dll
2007-06-28 18:49 250,128 --a------ C:\WINDOWS\system32\mspdox35.dll
2007-06-28 18:49 24,848 --a------ C:\WINDOWS\system32\msjter35.dll
2007-06-28 18:49 176,128 --a------ C:\WINDOWS\system32\Mstext35.dll
2007-06-28 18:49 166,160 --a------ C:\WINDOWS\system32\msltus35.dll
2007-06-28 18:49 123,664 --a------ C:\WINDOWS\system32\msjint35.dll
2007-06-28 18:49 1,056,768 --a------ C:\WINDOWS\system32\Msjet35.dll
2007-06-28 18:49 <DIR> d-------- C:\Program Files\NewSoft
2007-06-28 18:48 708,696 --a------ C:\WINDOWS\system32\python21.dll
2007-06-28 18:48 57,344 --a------ C:\WINDOWS\system32\PyWinTypes21.dll
2007-06-28 18:48 290,919 --a------ C:\WINDOWS\system32\pythoncom21.dll
2007-06-28 18:48 <DIR> d-------- C:\Program Files\Common Files\Python
2007-06-28 18:48 <DIR> d-------- C:\Program Files\ABBYY FineReader 5.0 Sprint
2007-06-28 18:46 96,768 --a------ C:\WINDOWS\SlantAdj.dll
2007-06-28 18:46 73,216 --a------ C:\WINDOWS\ADE.DLL
2007-06-28 18:46 3,136 --a------ C:\WINDOWS\Ade001.bin
2007-06-28 18:46 <DIR> d-------- C:\Program Files\Smart Panel
2007-06-28 18:45 64,000 --a------ C:\WINDOWS\system32\ESFW30.BIN
2007-06-28 18:45 278,528 --a------ C:\WINDOWS\system32\esint30.dll
2007-06-28 18:45 217,088 --a------ C:\WINDOWS\system32\ESDTR.dll
2007-06-28 18:45 176,128 --a------ C:\WINDOWS\system32\ESWIA30.dll
2007-06-28 18:45 <DIR> d-------- C:\Program Files\EPSON
2007-06-28 18:15 59,264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys
2007-06-24 09:38 <DIR> d-------- C:\Program Files\TryMedia


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-24 03:48:10 -------- d-----w C:\DOCUME~1\OSCAR~1.HOM\APPLIC~1\Skype
2007-07-01 17:59:36 -------- d-----w C:\DOCUME~1\OSCAR~1.HOM\APPLIC~1\Nvu
2007-06-30 05:48:15 983 ----a-w C:\WINDOWS\mozver.dat
2007-06-28 22:48:41 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-06-24 13:41:08 -------- d-----w C:\Program Files\Yahoo!
2007-05-30 04:10:10 -------- d-----w C:\DOCUME~1\OSCAR~1.HOM\APPLIC~1\Ahead
2007-05-27 16:04:38 -------- d-----w C:\Program Files\Google
2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2005-05-13 22:12:00 217,073 --sha-r C:\WINDOWS\meta4.exe
2005-10-24 16:13:58 66,560 --sha-r C:\WINDOWS\MOTA113.exe
2005-10-14 02:27:00 422,400 --sha-r C:\WINDOWS\x2.64.exe
2005-10-08 00:14:52 308,224 --sha-r C:\WINDOWS\system32\avisynth.dll
2005-07-14 17:31:20 27,648 --sha-r C:\WINDOWS\system32\AVSredirect.dll
2005-06-26 20:32:28 616,448 --sha-r C:\WINDOWS\system32\cygwin1.dll
2005-06-22 03:37:42 45,568 --sha-r C:\WINDOWS\system32\cygz.dll
2004-01-25 05:00:00 70,656 --sha-r C:\WINDOWS\system32\i420vfw.dll
2006-04-27 15:24:24 2,945,024 --sha-r C:\WINDOWS\system32\Smab.dll
2005-02-28 18:16:22 240,128 --sha-r C:\WINDOWS\system32\x.264.exe
2004-01-25 05:00:00 70,656 --sha-r C:\WINDOWS\system32\yv12vfw.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTSysVol"="D:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-02-15 16:10]
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [2005-09-22 18:29]
"MCUpdateExe"="C:\PROGRA~1\mcafee.com\agent\McUpdate.exe" [2006-01-11 12:05]
"MPFEXE"="C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe" [2005-11-11 17:00]
"MPSExe"="c:\PROGRA~1\mcafee.com\mps\mscifapp.exe" [2006-03-30 14:31]
"VSOCheckTask"="C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" [2005-07-08 18:18]
"VirusScan Online"="C:\Program Files\McAfee.com\VSO\mcvsshld.exe" [2005-08-10 12:49]
"OASClnt"="C:\Program Files\McAfee.com\VSO\oasclnt.exe" [2005-08-11 22:02]
"iTunesHelper"="D:\Program Files\iTunes\iTunesHelper.exe" [2006-10-30 10:36]
"D-Link AirPlus Xtreme G"="D:\Program Files\D-Link\AirPlus Xtreme G\AirPlusCFG.exe" [2003-11-04 17:00]
"ANIWZCSService"="C:\Program Files\Alpha Networks\ANIWZCS Service\WZCSLDR.exe" [2003-08-21 16:12]
"P17Helper"="P17.dll" [2005-05-02 23:38 C:\WINDOWS\system32\P17.dll]
"RemoteControl"="D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 19:42]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 19:58]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 01:00]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Creative Detector"="d:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 18:23]
"AWMON"="D:\Utilities\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe" [2005-05-25 13:12]
"Creative MediaSource Go"="D:\Program Files\Creative\MediaSource\Go\CTCMSGo.exe" [2004-11-30 11:00]
"Ffjbgwf"="C:\WINDOWS\system32\??stem\w?wexec.exe" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:00]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages msv1_0 relog_ap

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ANIWZCSService]
C:\Program Files\Alpha Networks\ANIWZCS Service\WZCSLDR.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
"D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
C:\WINDOWS\UpdReg.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"ANIWZCSService"=C:\Program Files\Alpha Networks\ANIWZCS Service\WZCSLDR.exe

R0 sbp2port;SBP-2 Transport/Protocol Bus Driver;C:\WINDOWS\system32\DRIVERS\sbp2port.sys
R0 snapman;Acronis Snapshots Manager;C:\WINDOWS\system32\DRIVERS\snapman.sys
R0 timounter;Acronis True Image Backup Archive Explorer;C:\WINDOWS\system32\DRIVERS\timntr.sys
R0 uagp35;Microsoft AGPv3.5 Filter;C:\WINDOWS\system32\DRIVERS\uagp35.sys
R1 mnmdd;mnmdd;C:\WINDOWS\system32\drivers\mnmdd.sys
R1 MPFIREWL;MPFIREWL;C:\WINDOWS\system32\Drivers\MpFirewall.sys
R1 Npfs;Npfs;C:\WINDOWS\system32\drivers\Npfs.sys
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment;C:\WINDOWS\system32\drivers\ws2ifsl.sys
R2 ANIO;ANIO Service;\??\C:\WINDOWS\system32\ANIO.SYS
R2 lanmanserver;Server;C:\WINDOWS\system32\svchost.exe -k netsvcs
R2 lanmanworkstation;Workstation;C:\WINDOWS\system32\svchost.exe -k netsvcs
R2 tifsfilter;Acronis True Image FS Filter;C:\WINDOWS\system32\DRIVERS\tifsfilt.sys
R2 winmgmt;Windows Management Instrumentation;C:\WINDOWS\system32\svchost.exe -k netsvcs
R3 NaiAvFilter1;NaiAvFilter1;C:\WINDOWS\system32\drivers\naiavf5x.sys
R3 P17;Sound Blaster Audigy;C:\WINDOWS\system32\drivers\P17.sys
R3 wdmaud;Microsoft WINMM WDM Audio Compatibility Driver;C:\WINDOWS\system32\drivers\wdmaud.sys
S3 61883;61883 Unit Device;C:\WINDOWS\system32\DRIVERS\61883.sys
S3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);C:\WINDOWS\system32\DRIVERS\A3AB.sys
S3 Avc;AVC Device;C:\WINDOWS\system32\DRIVERS\avc.sys
S3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver;C:\WINDOWS\system32\DRIVERS\fetnd5.sys
S3 mnmsrvc;NetMeeting Remote Desktop Sharing;C:\WINDOWS\system32\mnmsrvc.exe
S3 MSDV;Microsoft DV Camera and VCR;C:\WINDOWS\system32\DRIVERS\msdv.sys
S3 nm;Network Monitor Driver;C:\WINDOWS\system32\DRIVERS\NMnt.sys
S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys


Contents of the 'Scheduled Tasks' folder
2007-06-15 14:31:00 C:\WINDOWS\tasks\AppleSoftwareUpdate.job

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-23 23:54:46
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]
"TracesProcessed"=dword:000003a7

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-07-23 23:55:46
C:\ComboFix-quarantined-files.txt ... 2007-07-23 23:55

--- E O F ---


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:06:07 AM, on 7/24/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
D:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\mcafee.com\mps\mscifapp.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
D:\Program Files\iTunes\iTunesHelper.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
D:\Program Files\D-Link\AirPlus Xtreme G\AirPlusCFG.exe
C:\Program Files\Alpha Networks\ANIWZCS Service\WZCSLDR.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\taskmgr.exe
D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\QuickTime\qttask.exe
D:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
D:\Utilities\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe
D:\Program Files\Creative\MediaSource\Go\CTCMSGo.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\WINDOWS\System32\svchost.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Utilities\HiJackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\program files\mcafee.com\mps\mcbrhlpr.dll
O2 - BHO: McAfee Privacy Service Popup Blocker - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - c:\program files\mcafee.com\mps\popupkiller.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\UTILIT~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [CTSysVol] D:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MPFEXE] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [D-Link AirPlus Xtreme G] D:\Program Files\D-Link\AirPlus Xtreme G\AirPlusCFG.exe
O4 - HKLM\..\Run: [ANIWZCSService] C:\Program Files\Alpha Networks\ANIWZCS Service\WZCSLDR.exe
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [RemoteControl] "D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKCU\..\Run: [Creative Detector] d:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [AWMON] "D:\Utilities\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe"
O4 - HKCU\..\Run: [Creative MediaSource Go] "D:\Program Files\Creative\MediaSource\Go\CTCMSGo.exe" /SCB
O4 - HKCU\..\Run: [Ffjbgwf] C:\WINDOWS\system32\??stem\w?wexec.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://bb.fccj.edu
O16 - DPF: {0713E8D2-850A-101B-AFC0-4210102A8DA7} (Microsoft ProgressBar Control, version 5.0 (SP2)) - http://download.mcafee.com/molbin/Shared/C...22/ComCtl32.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe

--
End of file - 6854 bytes

#4 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:07:08 PM

Posted 24 July 2007 - 04:00 AM

Hello there,
The filenames you listed are used both by malware trying to look like a legitimate program, and the legitmate ones themselves. You will see, for example, that in our 'Startup List' there are three entries for qttask.exe, only one of which is bad, and therefore marked with an X. The "names" of these three entries (which is found under the Names column) are different, so you need to know the name of the entry before we can determine whether it is good or bad. If we take a look at your HijackThis log, we will see the following two entries:

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe


If we look back on the qttask.exe page, we will see that the one with the name QuickTime Task is the legitimate one.
Now, the ctfmon.exe entry is a little harder, because according to our 'Startup List', there are two different entries which have both the 'Name' and 'Filename' exactly the same; this often causes confusion. Now in this instance, the location of the file is the giveaway - your vesion is located in C:\WINDOWS\system32, whilst a malware version would be located elsewhere. This is the only way that we know this entry is legitimate, and is also very confusing.

I hope I've cleared that up a little, and explained it in such a way that it makes sense. On with the fix ... :thumbsup:

Scan again with HijackThis and put a checkmark next to the following entry(if present):

O4 - HKCU\..\Run: [Ffjbgwf] C:\WINDOWS\system32\??stem\w?wexec.exe


Then close all other windows--you should only see HijackThis on your Desktop--and click the Fix checked button.

Please reboot your computer, and then let me know how things seem to be running at the moment; are you having any more malware-related problems?
Thanks,
Charles

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#5 bullma99

bullma99
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:08 PM

Posted 24 July 2007 - 08:16 PM

1) I followed the last instructions. After re-running HijackThis, placed a check mark on the item O4 - HKCU\..\Run: [Ffjbgwf] C:\WINDOWS\system32\??stem\w?wexec.exe
2) rebooted.
3) startup is extremely slow-I believe is even worst. As the startup continues while system lags, I manage to get to task mngr- CPU peformance tab is at 100%/graph in red. Eventually dies down and goes to normal.

Below is my updated log along with startup log.

Again, thanks for bearing w/me.

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 9:10:35 PM, on 7/24/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\WINDOWS\system32\svchost.exe
D:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\mcafee.com\mps\mscifapp.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
D:\Program Files\iTunes\iTunesHelper.exe
D:\Program Files\D-Link\AirPlus Xtreme G\AirPlusCFG.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Alpha Networks\ANIWZCS Service\WZCSLDR.exe
C:\WINDOWS\system32\Rundll32.exe
D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\QuickTime\qttask.exe
D:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
D:\Utilities\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe
D:\Program Files\Creative\MediaSource\Go\CTCMSGo.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\taskmgr.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
D:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe
D:\Utilities\HiJackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\program files\mcafee.com\mps\mcbrhlpr.dll
O2 - BHO: McAfee Privacy Service Popup Blocker - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - c:\program files\mcafee.com\mps\popupkiller.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\UTILIT~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [CTSysVol] D:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MPFEXE] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [D-Link AirPlus Xtreme G] D:\Program Files\D-Link\AirPlus Xtreme G\AirPlusCFG.exe
O4 - HKLM\..\Run: [ANIWZCSService] C:\Program Files\Alpha Networks\ANIWZCS Service\WZCSLDR.exe
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [RemoteControl] "D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKCU\..\Run: [Creative Detector] d:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [AWMON] "D:\Utilities\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe"
O4 - HKCU\..\Run: [Creative MediaSource Go] "D:\Program Files\Creative\MediaSource\Go\CTCMSGo.exe" /SCB
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Ffjbgwf] C:\WINDOWS\system32\??stem\w?wexec.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://bb.fccj.edu
O16 - DPF: {0713E8D2-850A-101B-AFC0-4210102A8DA7} (Microsoft ProgressBar Control, version 5.0 (SP2)) - http://download.mcafee.com/molbin/Shared/C...22/ComCtl32.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe

--
End of file - 6853 bytes


StartupList report, 7/24/2007, 9:11:03 PM
StartupList version: 1.52.2
Started from : D:\Utilities\HiJackThis.EXE
Detected: Windows XP SP2 (WinNT 5.01.2600)
Detected: Internet Explorer v7.00 (7.00.6000.16473)
* Using default options
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\WINDOWS\system32\svchost.exe
D:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\mcafee.com\mps\mscifapp.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
D:\Program Files\iTunes\iTunesHelper.exe
D:\Program Files\D-Link\AirPlus Xtreme G\AirPlusCFG.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Alpha Networks\ANIWZCS Service\WZCSLDR.exe
C:\WINDOWS\system32\Rundll32.exe
D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\QuickTime\qttask.exe
D:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
D:\Utilities\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe
D:\Program Files\Creative\MediaSource\Go\CTCMSGo.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\taskmgr.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
D:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe
D:\Utilities\HiJackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

CTSysVol = D:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
MCAgentExe = c:\PROGRA~1\mcafee.com\agent\mcagent.exe
MCUpdateExe = C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
MPFEXE = C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
MPSExe = c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
VSOCheckTask = "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
VirusScan Online = C:\Program Files\McAfee.com\VSO\mcvsshld.exe
OASClnt = C:\Program Files\McAfee.com\VSO\oasclnt.exe
iTunesHelper = "D:\Program Files\iTunes\iTunesHelper.exe"
D-Link AirPlus Xtreme G = D:\Program Files\D-Link\AirPlus Xtreme G\AirPlusCFG.exe
ANIWZCSService = C:\Program Files\Alpha Networks\ANIWZCS Service\WZCSLDR.exe
P17Helper = Rundll32 P17.dll,P17Helper
RemoteControl = "D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime
UpdReg = C:\WINDOWS\UpdReg.EXE

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

Creative Detector = d:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
AWMON = "D:\Utilities\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe"
Creative MediaSource Go = "D:\Program Files\Creative\MediaSource\Go\CTCMSGo.exe" /SCB
ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe
Ffjbgwf = C:\WINDOWS\system32\??stem\w?wexec.exe

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

[optionalcomponents]
=

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

[0001]
*FixWareOut = C:\WINDOWS\system32\cmd.exe /c C:\fixwareout\FindT\XP-2K2.cmd

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=*Registry value not found*
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry value not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------


Enumerating Browser Helper Objects:

(no name) - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
(no name) - c:\program files\mcafee.com\mps\mcbrhlpr.dll - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E}
(no name) - c:\program files\mcafee.com\mps\popupkiller.dll - {3EC8255F-E043-4cae-8B3B-B191550C2A22}
(no name) - D:\UTILIT~1\SPYBOT~1\SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F}
(no name) - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}

--------------------------------------------------

Enumerating Task Scheduler jobs:

AppleSoftwareUpdate.job

--------------------------------------------------

Enumerating Download Program Files:

[Microsoft ProgressBar Control, version 5.0 (SP2)]
InProcServer32 = C:\WINDOWS\system32\COMCTL32.OCX
CODEBASE = http://download.mcafee.com/molbin/Shared/C...22/ComCtl32.cab

[Shockwave ActiveX Control]
InProcServer32 = C:\windows\system32\macromed\Director\SwDir.dll
CODEBASE = http://download.macromedia.com/pub/shockwa...director/sw.cab

[Office Update Installation Engine]
InProcServer32 = C:\WINDOWS\opuc.dll
CODEBASE = http://office.microsoft.com/officeupdate/content/opuc3.cab

[McAfee.com Operating System Class]
InProcServer32 = C:\WINDOWS\system32\mcinsctl.dll
CODEBASE = http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab

[{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}]
CODEBASE = http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab

[DwnldGroupMgr Class]
InProcServer32 = C:\WINDOWS\system32\McGDMgr.dll
CODEBASE = http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab

[Office Update Installation Engine]
InProcServer32 = C:\windows\opuc.dll
CODEBASE = http://office.microsoft.com/officeupdate/content/opuc4.cab

[Shockwave Flash Object]
InProcServer32 = C:\windows\system32\Macromed\Flash\Flash9c.ocx
CODEBASE = http://fpdownload.macromedia.com/get/flash...ent/swflash.cab

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\windows\system32\webcheck.dll
SysTray: C:\WINDOWS\system32\stobject.dll

--------------------------------------------------
End of report, 7,843 bytes
Report generated in 0.016 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only

#6 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:07:08 PM

Posted 25 July 2007 - 03:25 AM

Hello again,
That entry has not gone from your HijackThis log, so please try the following:

Please download AVG Anti-Spyware to your Desktop.
Start the set-up program by double clicking the installer.
Follow the on screen instructions to install the program, making sure that "Launch AVG Anti-Spyware" is checked.
Click the Update tab then select Start update; a progress bar will show the updates being installed.
Now press the Scanner icon, and click the Settings tab.
Click Recommended actions, then set it to Quarantine.
Close the program now, we will scan with it later on.

Reboot into Safe Mode and fix the entry with HijackThis:

O4 - HKCU\..\Run: [Ffjbgwf] C:\WINDOWS\system32\??stem\w?wexec.exe

The steps that I am about to suggest involve modifying the registry. Modifying the registry can be dangerous so we will make a backup of the registry first.

Backup the Registry:
Navigate to Start | Run and paste the following:
regedit /e c:\registrybackup.reg
Now click OK
It won't appear to be doing anything, that's normal.
Your mouse pointer may turn to an hour glass for a minute.
Please continue when it no longer has the hour glass.

Open Notepad and copy and paste the following quotebox into a new text document. (Don't forget to copy and paste REGEDIT4!)

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Ffjbgwf"=-

Save this as fix.reg Choose to save as *all files and place it on your Desktop.
It should look like this: Posted Image
Double-click on it and when it asks you if you want to merge the contents to the registry, click Yes/OK.

Then delete the following folder:

C:\WINDOWS\system32\??stem
The two question marks will be strange-looking symbols, that make the folder name look like "system".

Launch AVG Anti-Spyware by double clicking the icon on your Desktop.
Press the Scanner icon.
Then click on the Complete System Scan button.
If any infections are found, you will be asked for an action; select Apply all actions.
Now press the Reports icon at the top.
Choose Save report as and save the text file to your Desktop.
Please post this log in your next reply.

Reboot back into Normal Mode again and post a new HijackThis log along with the AVG report.
We will sort out the slowdown you are experiencing later, this may be a result of malware, so I want to tackle and remove it all first before we use other methods to speed up your PC.
Thanks,
Charles

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#7 bullma99

bullma99
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:08 PM

Posted 25 July 2007 - 10:31 PM

Hi Charle,
I downloaded AVG
Reboot safe mode
fix the entry as indicated with HiJackThis
Regedit steps followed, however, this time. I was not able to locate the ??stem folder. I followed the path C;\Windows\System32\ but not ??stem.
..
Launch AVG/ran as indicated.
here is the report:


---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 11:16:34 PM 7/25/2007

+ Scan result:



F:\Drive(G)\Program Files\AWS\WeatherBug\MiniBugTransporter.dll -> Adware.Aws : Cleaned.
F:\System Volume Information\_restore{75694ADB-ECFD-4D63-BDD9-E2790D8CDA26}\RP309\A0032773.vxd/C:/WINDOWS/SYSTEM/bbchk.exe -> Adware.BargainBuddy : Cleaned.
F:\System Volume Information\_restore{75694ADB-ECFD-4D63-BDD9-E2790D8CDA26}\RP309\A0032773.vxd/C:/WINDOWS/SYSTEM/exdl.exe -> Adware.BargainBuddy : Cleaned.
F:\System Volume Information\_restore{75694ADB-ECFD-4D63-BDD9-E2790D8CDA26}\RP309\A0032773.vxd/C:/WINDOWS/SYSTEM/exul.exe -> Adware.BargainBuddy : Cleaned.
F:\System Volume Information\_restore{75694ADB-ECFD-4D63-BDD9-E2790D8CDA26}\RP309\A0032773.vxd/C:/WINDOWS/SYSTEM/javexulm.vxd -> Adware.BargainBuddy : Cleaned.
F:\System Volume Information\_restore{75694ADB-ECFD-4D63-BDD9-E2790D8CDA26}\RP309\A0032773.vxd/C:/WINDOWS/SYSTEM/mqexdlm.srg -> Adware.BargainBuddy : Cleaned.
F:\System Volume Information\_restore{75694ADB-ECFD-4D63-BDD9-E2790D8CDA26}\RP309\A0032772.exe -> Adware.Clipgenie : Cleaned.
F:\System Volume Information\_restore{75694ADB-ECFD-4D63-BDD9-E2790D8CDA26}\RP309\A0032773.vxd/C:/WINDOWS/SYSTEM/exclean.exe -> Adware.Exact : Cleaned.
F:\Drive(G)\Program Files\MemoryWatcher\TrayIcon.ocx -> Adware.MemoryWatche : Cleaned.
F:\Drive(G)\WINDOWS\NDNuninstall4_50.exe -> Adware.NewDotNet : Cleaned.
F:\System Volume Information\_restore{75694ADB-ECFD-4D63-BDD9-E2790D8CDA26}\RP308\A0032763.exe -> Adware.PurityScan : Cleaned.
F:\Drive(G)\Program Files\AWS\WeatherBug\Weather.exe -> Adware.WeatherBug : Cleaned.
F:\System Volume Information\_restore{75694ADB-ECFD-4D63-BDD9-E2790D8CDA26}\RP309\A0032773.vxd/C:/WINDOWS/SYSTEM/msexreg.exe -> Dialer.Small : Cleaned.
F:\Drive(G)\Program Files\Encompass\EncDial.exe -> Heuristic.Win32.Dialer : Cleaned.
:mozilla.133:C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\kg41yy2t.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.135:C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\kg41yy2t.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.211:C:\Documents and Settings\Steph\Application Data\Mozilla\Firefox\Profiles\dquz0l44.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.212:C:\Documents and Settings\Steph\Application Data\Mozilla\Firefox\Profiles\dquz0l44.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.213:C:\Documents and Settings\Steph\Application Data\Mozilla\Firefox\Profiles\dquz0l44.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.214:C:\Documents and Settings\Steph\Application Data\Mozilla\Firefox\Profiles\dquz0l44.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.100:C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\kg41yy2t.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.101:C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\kg41yy2t.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.102:C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\kg41yy2t.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.103:C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\kg41yy2t.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.104:C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\kg41yy2t.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.105:C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\kg41yy2t.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.106:C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\kg41yy2t.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.107:C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\kg41yy2t.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.108:C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\kg41yy2t.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.109:C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\kg41yy2t.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.110:C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\kg41yy2t.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.111:C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\kg41yy2t.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.112:C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\kg41yy2t.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.259:C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\kg41yy2t.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.298:C:\Documents and Settings\Steph\Application Data\Mozilla\Firefox\Profiles\dquz0l44.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.325:C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\kg41yy2t.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.41:C:\Documents and Settings\Alejandro\Application Data\Mozilla\Firefox\Profiles\mteqcqfo.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.41:C:\Documents and Settings\Steph\Application Data\Mozilla\Firefox\Profiles\dquz0l44.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.42:C:\Documents and Settings\Steph\Application Data\Mozilla\Firefox\Profiles\dquz0l44.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.43:C:\Documents and Settings\Steph\Application Data\Mozilla\Firefox\Profiles\dquz0l44.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.444:C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\kg41yy2t.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.448:C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\kg41yy2t.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.44:C:\Documents and Settings\Steph\Application Data\Mozilla\Firefox\Profiles\dquz0l44.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.45:C:\Documents and Settings\Steph\Application Data\Mozilla\Firefox\Profiles\dquz0l44.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.467:C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\kg41yy2t.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.46:C:\Documents and Settings\Steph\Application Data\Mozilla\Firefox\Profiles\dquz0l44.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.47:C:\Documents and Settings\Steph\Application Data\Mozilla\Firefox\Profiles\dquz0l44.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.489:C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\kg41yy2t.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.48:C:\Documents and Settings\Steph\Application Data\Mozilla\Firefox\Profiles\dquz0l44.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.523:C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\kg41yy2t.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.594:C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\kg41yy2t.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.82:C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\kg41yy2t.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.83:C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\kg41yy2t.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.84:C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\kg41yy2t.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.85:C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\kg41yy2t.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.86:C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\kg41yy2t.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.87:C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\kg41yy2t.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.88:C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\kg41yy2t.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.89:C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\kg41yy2t.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.90:C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\kg41yy2t.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.91:C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\kg41yy2t.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.92:C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\kg41yy2t.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.93:C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\kg41yy2t.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.94:C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\kg41yy2t.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.95:C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\kg41yy2t.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.96:C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\kg41yy2t.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.97:C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\kg41yy2t.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.98:C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\kg41yy2t.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.99:C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\kg41yy2t.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
F:\Drive(G)\WINDOWS\Cookies\anyuser@2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.126:C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\kg41yy2t.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.127:C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\kg41yy2t.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.59:C:\Documents and Settings\Steph\Application Data\Mozilla\Firefox\Profiles\dquz0l44.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.60:C:\Documents and Settings\Steph\Application Data\Mozilla\Firefox\Profiles\dquz0l44.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.641:C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\kg41yy2t.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.42:C:\Documents and Settings\Alejandro\Application Data\Mozilla\Firefox\Profiles\mteqcqfo.default\cookies.txt -> TrackingCookie.Adobe : Cleaned.
:mozilla.167:C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\kg41yy2t.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.168:C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\kg41yy2t.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.171:C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\kg41yy2t.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.172:C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\kg41yy2t.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.31:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\yinllbpz.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.32:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\yinllbpz.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.33:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\yinllbpz.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.34:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\yinllbpz.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.35:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\yinllbpz.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.81:C:\Documents and Settings\Steph\Application Data\Mozilla\Firefox\Profiles\dquz0l44.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.82:C:\Documents and Settings\Steph\Application Data\Mozilla\Firefox\Profiles\dquz0l44.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.83:C:\Documents and Settings\Steph\Application Data\Mozilla\Firefox\Profiles\dquz0l44.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.84:C:\Documents and Settings\Steph\Application Data\Mozilla\Firefox\Profiles\dquz0l44.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.85:C:\Documents and Settings\Steph\Application Data\Mozilla\Firefox\Profiles\dquz0l44.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.86:C:\Documents and Settings\Steph\Application Data\Mozilla\Firefox\Profiles\dquz0l44.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.87:C:\Documents and Settings\Steph\Application Data\Mozilla\Firefox\Profiles\dquz0l44.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.65:C:\Documents and Settings\Steph\Application Data\Mozilla\Firefox\Profiles\dquz0l44.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.66:C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\kg41yy2t.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.66:C:\Documents and Settings\Steph\Application Data\Mozilla\Firefox\Profiles\dquz0l44.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.67:C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\kg41yy2t.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.67:C:\Documents and Settings\Steph\Application Data\Mozilla\Firefox\Profiles\dquz0l44.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.68:C:\Documents and Settings\Steph\Application Data\Mozilla\Firefox\Profiles\dquz0l44.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.69:C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\kg41yy2t.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.69:C:\Documents and Settings\Steph\Application Data\Mozilla\Firefox\Profiles\dquz0l44.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.70:C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\kg41yy2t.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.71:C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\kg41yy2t.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
F:\Drive(G)\WINDOWS\Cookies\michael e. henly@advertising[1].txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.121:C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\kg41yy2t.default\cookies.txt -> TrackingCookie.Adviva : Cleaned.
:mozilla.136:C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\kg41yy2t.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.13:C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\kg41yy2t.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.13:C:\Documents and Settings\Steph\Application Data\Mozilla\Firefox\Profiles\dquz0l44.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.19:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\yinllbpz.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.38:C:\Documents and Settings\Alejandro\Application Data\Mozilla\Firefox\Profiles\mteqcqfo.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
F:\Drive(G)\WINDOWS\Cookies\michael e. henly@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
F:\Drive(G)\WINDOWS\Cookies\michael e. henly@atdmt[3].txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.222:C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\kg41yy2t.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned.
:mozilla.28:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\yinllbpz.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned.
:mozilla.90:C:\Documents and Settings\Steph\Application Data\Mozilla\Firefox\Profiles\dquz0l44.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned.
:mozilla.194:C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\kg41yy2t.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned.
C:\Documents and Settings\Oscar.HOME2ACEVEDO\Cookies\oscar@www.burstbeacon[1].txt -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.198:C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\kg41yy2t.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.205:C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\kg41yy2t.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Oscar.HOME2ACEVEDO\Cookies\oscar@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Oscar.HOME2ACEVEDO\Cookies\oscar@www.burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.15:C:\Documents and Settings\Steph\Application Data\Mozilla\Firefox\Profiles\dquz0l44.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.19:C:\Documents and Settings\Steph\Application Data\Mozilla\Firefox\Profiles\dquz0l44.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.20:C:\Documents and Settings\Steph\Application Data\Mozilla\Firefox\Profiles\dquz0l44.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.21:C:\Documents and Settings\Steph\Application Data\Mozilla\Firefox\Profiles\dquz0l44.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.23:C:\Documents and Settings\Steph\Application Data\Mozilla\Firefox\Profiles\dquz0l44.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.340:C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\kg41yy2t.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned.
:mozilla.341:C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\kg41yy2t.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned.
:mozilla.342:C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\kg41yy2t.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned.
:mozilla.343:C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\kg41yy2t.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned.
C:\Documents and Settings\Oscar.HOME2ACEVEDO\Cookies\oscar@ads.cnn[1].txt -> TrackingCookie.Cnn : Cleaned.
C:\Documents and Settings\Oscar.HOME2ACEVEDO\Cookies\oscar@com[1].txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\Oscar.HOME2ACEVEDO\Cookies\oscar@search.techrepublic.com[2].txt -> TrackingCookie.Com : Cleaned.
F:\Oscar\Cookies\oscar@com[1].txt -> TrackingCookie.Com : Cleaned.
F:\Oscar\Cookies\oscar@techrepublic.com[1].txt -> TrackingCookie.Com : Cleaned.
:mozilla.157:C:\Documents and Settings\Steph\Application Data\Mozilla\Firefox\Profiles\dquz0l44.default\cookies.txt -> TrackingCookie.Coremetrics : Cleaned.
:mozilla.8:C:\Documents and Settings\Steph\Application Data\Mozilla\Firefox\Profiles\dquz0l44.default\cookies.txt -> TrackingCookie.Coremetrics : Cleaned.
:mozilla.349:C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\kg41yy2t.default\cookies.txt -> TrackingCookie.Dealtime : Cleaned.
:mozilla.350:C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\kg41yy2t.default\cookies.txt -> TrackingCookie.Dealtime : Cleaned.
:mozilla.351:C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\kg41yy2t.default\cookies.txt -> TrackingCookie.Dealtime : Cleaned.
:mozilla.14:C:\Documents and Settings\Alejandro\Application Data\Mozilla\Firefox\Profiles\mteqcqfo.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.22:C:\Documents and Settings\Steph\Application Data\Mozilla\Firefox\Profiles\dquz0l44.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.31:C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\kg41yy2t.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
F:\Drive(G)\WINDOWS\Cookies\anyuser@e-2dj6wjmikpcpgdo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
F:\Drive(G)\WINDOWS\Cookies\anyuser@e-2dj6wjmisgc5kgp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
F:\Drive(G)\WINDOWS\Cookies\michael e. henly@e-2dj6wfkiclcjwcp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
F:\Drive(G)\WINDOWS\Cookies\michael e. henly@e-2dj6wfl4coazkcp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
F:\Drive(G)\WINDOWS\Cookies\michael e. henly@e-2dj6wjkoqocjcaq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
F:\Drive(G)\WINDOWS\Cookies\michael e. henly@e-2dj6wjlisodzwkq.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.
F:\Drive(G)\WINDOWS\Cookies\michael e. henly@e-2dj6wjliwnczakp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.204:C:\Documents and Settings\Steph\Application Data\Mozilla\Firefox\Profiles\dquz0l44.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.256:C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\kg41yy2t.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.132:C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\kg41yy2t.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.24:C:\Documents and Settings\Steph\Application Data\Mozilla\Firefox\Profiles\dquz0l44.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.25:C:\Documents and Settings\Steph\Application Data\Mozilla\Firefox\Profiles\dquz0l44.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.58:C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\kg41yy2t.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.59:C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\kg41yy2t.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.397:C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\kg41yy2t.default\cookies.txt -> TrackingCookie.Findwhat : Cleaned.
:mozilla.101:C:\Documents and Settings\Steph\Application Data\Mozilla\Firefox\Profiles\dquz0l44.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.102:C:\Documents and Settings\Steph\Application Data\Mozilla\Firefox\Profiles\dquz0l44.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.19:C:\Documents and Settings\Alejandro\Application Data\Mozilla\Firefox\Profiles\mteqcqfo.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.20:C:\Documents and Settings\Alejandro\Application Data\Mozilla\Firefox\Profiles\mteqcqfo.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.236:C:\Documents and Settings\Steph\Application Data\Mozilla\Firefox\Profiles\dquz0l44.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.237:C:\Documents and Settings\Steph\Application Data\Mozilla\Firefox\Profiles\dquz0l44.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.242:C:\Documents and Settings\Steph\Application Data\Mozilla\Firefox\Profiles\dquz0l44.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
F:\Drive(G)\WINDOWS\Cookies\anyuser@ehg-comcast.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
F:\Drive(G)\WINDOWS\Cookies\anyuser@hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
F:\Drive(G)\WINDOWS\Cookies\michael e. henly@ehg-comcast.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
F:\Drive(G)\WINDOWS\Cookies\michael e. henly@ehg-traderpublishing.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
F:\Drive(G)\WINDOWS\Cookies\michael e. henly@hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.115:C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\kg41yy2t.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.116:C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\kg41yy2t.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.249:C:\Documents and Settings\Steph\Application Data\Mozilla\Firefox\Profiles\dquz0l44.default\cookies.txt -> TrackingCookie.Info : Cleaned.
:mozilla.250:C:\Documents and Settings\Steph\Application Data\Mozilla\Firefox\Profiles\dquz0l44.default\cookies.txt -> TrackingCookie.Info : Cleaned.
:mozilla.783:C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\kg41yy2t.default\cookies.txt -> TrackingCookie.Information : Cleaned.
:mozilla.248:C:\Documents and Settings\Steph\Application Data\Mozilla\Firefox\Profiles\dquz0l44.default\cookies.txt -> TrackingCookie.Intelli-direct : Cleaned.
:mozilla.275:C:\Documents and Settings\Steph\Application Data\Mozilla\Firefox\Profiles\dquz0l44.default\cookies.txt -> TrackingCookie.Linksynergy : Cleaned.
:mozilla.276:C:\Documents and Settings\Steph\Application Data\Mozilla\Firefox\Profiles\dquz0l44.default\cookies.txt -> TrackingCookie.Linksynergy : Cleaned.
:mozilla.37:C:\Documents and Settings\Steph\Application Data\Mozilla\Firefox\Profiles\dquz0l44.default\cookies.txt -> TrackingCookie.Live : Cleaned.
:mozilla.39:C:\Documents and Settings\Steph\Application Data\Mozilla\Firefox\Profiles\dquz0l44.default\cookies.txt -> TrackingCookie.Live : Cleaned.
:mozilla.40:C:\Documents and Settings\Steph\Application Data\Mozilla\Firefox\Profiles\dquz0l44.default\cookies.txt -> TrackingCookie.Live : Cleaned.
F:\Oscar\Cookies\oscar@search.live[2].txt -> TrackingCookie.Live : Cleaned.
:mozilla.221:C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\kg41yy2t.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.784:C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\kg41yy2t.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.766:C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\kg41yy2t.default\cookies.txt -> TrackingCookie.Masterstats : Cleaned.
:mozilla.14:C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\kg41yy2t.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.20:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\yinllbpz.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.21:C:\Documents and Settings\Alejandro\Application Data\Mozilla\Firefox\Profiles\mteqcqfo.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.96:C:\Documents and Settings\Steph\Application Data\Mozilla\Firefox\Profiles\dquz0l44.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.97:C:\Documents and Settings\Steph\Application Data\Mozilla\Firefox\Profiles\dquz0l44.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
F:\Drive(G)\WINDOWS\Cookies\anyuser@mediaplex[2].txt -> TrackingCookie.Mediaplex : Cleaned.
F:\Drive(G)\WINDOWS\Cookies\michael e. henly@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
F:\Drive(G)\WINDOWS\Cookies\michael e. henly@mediaplex[2].txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.790:C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\kg41yy2t.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.791:C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\kg41yy2t.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.154:C:\Documents and Settings\Steph\Application Data\Mozilla\Firefox\Profiles\dquz0l44.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.155:C:\Documents and Settings\Steph\Application Data\Mozilla\Firefox\Profiles\dquz0l44.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.156:C:\Documents and Settings\Steph\Application Data\Mozilla\Firefox\Profiles\dquz0l44.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.241:C:\Documents and Settings\Steph\Application Data\Mozilla\Firefox\Profiles\dquz0l44.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.546:C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\kg41yy2t.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.547:C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\kg41yy2t.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.548:C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\kg41yy2t.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.558:C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\kg41yy2t.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.73:C:\Documents and Settings\Steph\Application Data\Mozilla\Firefox\Profiles\dquz0l44.default\cookies.txt -> TrackingCookie.Paypal : Cleaned.
:mozilla.871:C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\kg41yy2t.default\cookies.txt -> TrackingCookie.Paypal : Cleaned.
F:\Drive(G)\WINDOWS\Cookies\anyuser@www.paypal[2].txt -> TrackingCookie.Paypal : Cleaned.
F:\Drive(G)\WINDOWS\Cookies\michael e. henly@www.paypal[2].txt -> TrackingCookie.Paypal : Cleaned.
:mozilla.128:C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\kg41yy2t.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.129:C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\kg41yy2t.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.130:C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\kg41yy2t.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.131:C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\kg41yy2t.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.33:C:\Documents and Settings\Steph\Application Data\Mozilla\Firefox\Profiles\dquz0l44.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.34:C:\Documents and Settings\Steph\Application Data\Mozilla\Firefox\Profiles\dquz0l44.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.35:C:\Documents and Settings\Steph\Application Data\Mozilla\Firefox\Profiles\dquz0l44.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.36:C:\Documents and Settings\Alejandro\Application Data\Mozilla\Firefox\Profiles\mteqcqfo.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.36:C:\Documents and Settings\Steph\Application Data\Mozilla\Firefox\Profiles\dquz0l44.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.37:C:\Documents and Settings\Alejandro\Application Data\Mozilla\Firefox\Profiles\mteqcqfo.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.39:C:\Documents and Settings\Alejandro\Application Data\Mozilla\Firefox\Profiles\mteqcqfo.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.567:C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\kg41yy2t.default\cookies.txt -> TrackingCookie.Pro-market : Cleaned.
:mozilla.568:C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\kg41yy2t.default\cookies.txt -> TrackingCookie.Pro-market : Cleaned.
:mozilla.569:C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\kg41yy2t.default\cookies.txt -> TrackingCookie.Pro-market : Cleaned.
:mozilla.113:C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\kg41yy2t.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.114:C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\kg41yy2t.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.88:C:\Documents and Settings\Steph\Application Data\Mozilla\Firefox\Profiles\dquz0l44.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.89:C:\Documents and Settings\Steph\Application Data\Mozilla\Firefox\Profiles\dquz0l44.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
F:\Drive(G)\WINDOWS\Cookies\michael e. henly@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned.
F:\Drive(G)\WINDOWS\Cookies\michael e. henly@real[1].txt -> TrackingCookie.Real : Cleaned.
F:\Drive(G)\WINDOWS\Cookies\michael e. henly@realguide.real[1].txt -> TrackingCookie.Real : Cleaned.
:mozilla.592:C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\kg41yy2t.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.593:C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\kg41yy2t.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.79:C:\Documents and Settings\Steph\Application Data\Mozilla\Firefox\Profiles\dquz0l44.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.80:C:\Documents and Settings\Steph\Application Data\Mozilla\Firefox\Profiles\dquz0l44.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.598:C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\kg41yy2t.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.105:C:\Documents and Settings\Steph\Application Data\Mozilla\Firefox\Profiles\dquz0l44.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.106:C:\Documents and Settings\Steph\Application Data\Mozilla\Firefox\Profiles\dquz0l44.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.73:C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\kg41yy2t.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.74:C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\kg41yy2t.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.75:C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\kg41yy2t.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.76:C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\kg41yy2t.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.77:C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\kg41yy2t.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
F:\Oscar\Cookies\oscar@revsci[1].txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.371:C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\kg41yy2t.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.372:C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\kg41yy2t.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.47:C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\kg41yy2t.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.48:C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\kg41yy2t.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.49:C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\kg41yy2t.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.50:C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\kg41yy2t.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.51:C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\kg41yy2t.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.52:C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\kg41yy2t.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
F:\Drive(G)\WINDOWS\Cookies\michael e. henly@bs.serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned.
F:\Drive(G)\WINDOWS\Cookies\michael e. henly@serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.209:C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\kg41yy2t.default\cookies.txt -> TrackingCookie.Skype : Cleaned.
:mozilla.210:C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\kg41yy2t.default\cookies.txt -> TrackingCookie.Skype : Cleaned.
:mozilla.6:C:\Documents and Settings\Steph\Application Data\Mozilla\Firefox\Profiles\dquz0l44.default\cookies.txt -> TrackingCookie.Skype : Cleaned.
:mozilla.9:C:\Documents and Settings\Steph\Application Data\Mozilla\Firefox\Profiles\dquz0l44.default\cookies.txt -> TrackingCookie.Skype : Cleaned.
:mozilla.177:C:\Documents and Settings\Steph\Application Data\Mozilla\Firefox\Profiles\dquz0l44.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.211:C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\kg41yy2t.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.212:C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\kg41yy2t.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.213:C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\kg41yy2t.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.214:C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\kg41yy2t.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.215:C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\kg41yy2t.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.216:C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\kg41yy2t.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.217:C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\kg41yy2t.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.218:C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\kg41yy2t.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
C:\Documents and Settings\Oscar.HOME2ACEVEDO\Cookies\oscar@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : Cleaned.
C:\Documents and Settings\Oscar.HOME2ACEVEDO\Cookies\oscar@adopt.specificclick[3].txt -> TrackingCookie.Specificclick : Cleaned.
F:\Drive(G)\WINDOWS\Cookies\michael e. henly@specificclick[2].txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.435:C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\kg41yy2t.default\cookies.txt -> TrackingCookie.Starware : Cleaned.
:mozilla.436:C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\kg41yy2t.default\cookies.txt -> TrackingCookie.Starware : Cleaned.
:mozilla.801:C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\kg41yy2t.default\cookies.txt -> TrackingCookie.Starware : Cleaned.
:mozilla.264:C:\Documents and Settings\Steph\Application Data\Mozilla\Firefox\Profiles\dquz0l44.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.107:C:\Documents and Settings\Steph\Application Data\Mozilla\Firefox\Profiles\dquz0l44.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.108:C:\Documents and Settings\Steph\Application Data\Mozilla\Firefox\Profiles\dquz0l44.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.109:C:\Documents and Settings\Steph\Application Data\Mozilla\Firefox\Profiles\dquz0l44.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.195:C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\kg41yy2t.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.196:C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\kg41yy2t.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.197:C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\kg41yy2t.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.716:C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\kg41yy2t.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
F:\Drive(G)\WINDOWS\Cookies\michael e. henly@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.140:C:\Documents and Settings\Steph\Application Data\Mozilla\Firefox\Profiles\dquz0l44.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.141:C:\Documents and Settings\Steph\Application Data\Mozilla\Firefox\Profiles\dquz0l44.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.663:C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\kg41yy2t.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.664:C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\kg41yy2t.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.665:C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\kg41yy2t.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.666:C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\kg41yy2t.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.667:C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\kg41yy2t.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.668:C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\kg41yy2t.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.669:C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\kg41yy2t.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.56:C:\Documents and Settings\Steph\Application Data\Mozilla\Firefox\Profiles\dquz0l44.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.57:C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\kg41yy2t.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.169:C:\Documents and Settings\Steph\Application Data\Mozilla\Firefox\Profiles\dquz0l44.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned.
:mozilla.170:C:\Documents and Settings\Steph\Application Data\Mozilla\Firefox\Profiles\dquz0l44.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned.
:mozilla.770:C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\kg41yy2t.default\cookies.txt -> TrackingCookie.Webtrends : Cleaned.
:mozilla.9:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\yinllbpz.default\cookies.txt -> TrackingCookie.Webtrends : Cleaned.
C:\Documents and Settings\Oscar.HOME2ACEVEDO\Cookies\oscar@m.webtrends[1].txt -> TrackingCookie.Webtrends : Cleaned.
C:\Documents and Settings\Oscar.HOME2ACEVEDO\Cookies\oscar@m.webtrends[2].txt -> TrackingCookie.Webtrends : Cleaned.
F:\Oscar\Cookies\oscar@m.webtrends[1].txt -> TrackingCookie.Webtrends : Cleaned.
:mozilla.111:C:\Documents and Settings\Steph\Application Data\Mozilla\Firefox\Profiles\dquz0l44.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.17:C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\kg41yy2t.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.18:C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\kg41yy2t.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.19:C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\kg41yy2t.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.20:C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\kg41yy2t.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.21:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\yinllbpz.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.21:C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\kg41yy2t.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.22:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\yinllbpz.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.23:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\yinllbpz.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.24:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\yinllbpz.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.25:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\yinllbpz.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.71:C:\Documents and Settings\Steph\Application Data\Mozilla\Firefox\Profiles\dquz0l44.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.72:C:\Documents and Settings\Steph\Application Data\Mozilla\Firefox\Profiles\dquz0l44.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
F:\Drive(G)\WINDOWS\Cookies\michael e. henly@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.158:C:\Documents and Settings\Steph\Application Data\Mozilla\Firefox\Profiles\dquz0l44.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.159:C:\Documents and Settings\Steph\Application Data\Mozilla\Firefox\Profiles\dquz0l44.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.181:C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\kg41yy2t.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.182:C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\kg41yy2t.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.183:C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\kg41yy2t.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
F:\Drive(G)\WINDOWS\Cookies\michael e. henly@zedo[2].txt -> TrackingCookie.Zedo : Cleaned.
C:\QooBox\Quarantine\C\WINDOWS\system32\wnstsit.exe.vir -> Trojan.Small : Cleaned.
C:\System Volume Information\_restore{75694ADB-ECFD-4D63-BDD9-E2790D8CDA26}\RP315\A0034407.exe -> Trojan.Small : Cleaned.


::Report end

#8 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:07:08 PM

Posted 26 July 2007 - 02:51 AM

Could I have the new HijackThis log, please?

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#9 bullma99

bullma99
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:08 PM

Posted 26 July 2007 - 05:14 PM

Sorry about that.
Here is the HijackThis log:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:13:30 PM, on 7/26/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
F:\Oscar\Desktop\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
D:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\mcafee.com\mps\mscifapp.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
D:\Program Files\iTunes\iTunesHelper.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
D:\Program Files\D-Link\AirPlus Xtreme G\AirPlusCFG.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Alpha Networks\ANIWZCS Service\WZCSLDR.exe
C:\WINDOWS\system32\Rundll32.exe
D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
D:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
D:\Utilities\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe
D:\Program Files\Creative\MediaSource\Go\CTCMSGo.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Utilities\HiJackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\program files\mcafee.com\mps\mcbrhlpr.dll
O2 - BHO: McAfee Privacy Service Popup Blocker - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - c:\program files\mcafee.com\mps\popupkiller.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\UTILIT~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [CTSysVol] D:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MPFEXE] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [D-Link AirPlus Xtreme G] D:\Program Files\D-Link\AirPlus Xtreme G\AirPlusCFG.exe
O4 - HKLM\..\Run: [ANIWZCSService] C:\Program Files\Alpha Networks\ANIWZCS Service\WZCSLDR.exe
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [RemoteControl] "D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKCU\..\Run: [Creative Detector] d:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [AWMON] "D:\Utilities\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe"
O4 - HKCU\..\Run: [Creative MediaSource Go] "D:\Program Files\Creative\MediaSource\Go\CTCMSGo.exe" /SCB
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Ffjbgwf] C:\WINDOWS\system32\??stem\w?wexec.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://bb.fccj.edu
O16 - DPF: {0713E8D2-850A-101B-AFC0-4210102A8DA7} (Microsoft ProgressBar Control, version 5.0 (SP2)) - http://download.mcafee.com/molbin/Shared/C...22/ComCtl32.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - F:\Oscar\Desktop\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe

--
End of file - 6975 bytes

#10 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:07:08 PM

Posted 27 July 2007 - 03:36 AM

1. Please download The Avenger by Swandog46 to your Desktop.
  • Click on Avenger.zip to open the file
  • Extract avenger.exe to your desktop
2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

Registry values to delete:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run | Ffjbgwf


Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


3. Now, start The Avenger program by clicking on its icon on your desktop.
  • Under "Script file to execute" choose "Input Script Manually".
  • Now click on the Magnifying Glass icon which will open a new window titled "View/edit script"
  • Paste the text copied to clipboard into this window by pressing (Ctrl+V).
  • Click Done
  • Now click on the Green Light to begin execution of the script
  • Answer "Yes" twice when prompted.
4. The Avenger will automatically do the following:
  • It will Restart your computer. ( In cases where the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
5. Please copy/paste the content of c:\avenger.txt into your reply, along with a new HijackThis log

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#11 bullma99

bullma99
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:08 PM

Posted 28 July 2007 - 10:21 PM

I'm not able to complete the next step.
I downloaded avenger to desktop as instructed.
Copy/paste the script: HKCU\Software\Microsoft\Windows\CurrentVersion\Run | Ffjbgwf
However, when I click the green light, I get the following error:
"Error: selected file does not appear to be a valid script"
I press "OK"
Then I get another window display: Press OK to log error and continue or cancel to abort
I press "Ok"
I get another error message: "Error code: 0" Ok

#12 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:07:08 PM

Posted 29 July 2007 - 03:43 AM

Did you include the "Registry values to delete:" bit when you copied and pasted the script?

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#13 bullma99

bullma99
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:08 PM

Posted 29 July 2007 - 04:16 AM

//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Syntax error in line --- does not appear to be a valid registry path. Line will be ignored.
Error code: 0
Line: HKCU\Software\Microsoft\Windows\CurrentVersion\Run |Ffjbgwf


Error: could not create zip file.
Error code: 0


//////////////////////////////////////////


Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\dbcjtilx

*******************

Script file located at: \??\C:\lxcyrvds.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:


Completed script processing.

*******************

Finished! Terminate.//////////////////////////////////////////


Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\ksfmklsh

*******************

Script file located at: \??\C:\WINDOWS\system32\hybsupry.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at c:\Avenger

*******************

Beginning to process script file:


Completed script processing.

*******************

Finished! Terminate.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:13:31 AM, on 7/29/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
F:\Oscar\Desktop\AVG Anti-Spyware 7.5\guard.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\wuauclt.exe
D:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\mcafee.com\mps\mscifapp.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
D:\Program Files\iTunes\iTunesHelper.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
D:\Program Files\D-Link\AirPlus Xtreme G\AirPlusCFG.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\QuickTime\qttask.exe
D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Alpha Networks\ANIWZCS Service\WZCSLDR.exe
D:\Utilities\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Utilities\HiJackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\program files\mcafee.com\mps\mcbrhlpr.dll
O2 - BHO: McAfee Privacy Service Popup Blocker - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - c:\program files\mcafee.com\mps\popupkiller.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\UTILIT~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [CTSysVol] D:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MPFEXE] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [D-Link AirPlus Xtreme G] D:\Program Files\D-Link\AirPlus Xtreme G\AirPlusCFG.exe
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RemoteControl] "D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [ANIWZCSService] C:\Program Files\Alpha Networks\ANIWZCS Service\WZCSLDR.exe
O4 - HKCU\..\Run: [AWMON] "D:\Utilities\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe"
O4 - HKCU\..\Run: [Creative Detector] d:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [Ffjbgwf] C:\WINDOWS\system32\??stem\w?wexec.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Creative MediaSource Go] "D:\Program Files\Creative\MediaSource\Go\CTCMSGo.exe" /SCB
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://bb.fccj.edu
O16 - DPF: {0713E8D2-850A-101B-AFC0-4210102A8DA7} (Microsoft ProgressBar Control, version 5.0 (SP2)) - http://download.mcafee.com/molbin/Shared/C...22/ComCtl32.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - F:\Oscar\Desktop\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe

--
End of file - 6573 bytes

#14 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:07:08 PM

Posted 29 July 2007 - 03:13 PM

It looks like you entered the script without a space:
"Line: HKCU\Software\Microsoft\Windows\CurrentVersion\Run |Ffjbgwf"
There should be a space between the '|' and 'Ffjbgwf'

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#15 bullma99

bullma99
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:08 PM

Posted 04 August 2007 - 12:25 PM

Everytime I post the script as indicated, I get this message:

//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Syntax error in line --- does not appear to be a valid registry path. Line will be ignored.
Error code: 0
Line: HKCU\Software\Microsoft\Windows\CurrentVersion\Run | Ffjbgwf


I do paste the registry as this:
Registry values to delete:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run | Ffjbgwf




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users