Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Win Fixer Help Hijackthis Log Posted


  • This topic is locked This topic is locked
12 replies to this topic

#1 magurgle

magurgle

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:06 AM

Posted 25 January 2006 - 07:57 PM

I am at my mother house, helping with their computer. Thay have 4 active users, my mom and my three teenage siblings. I feel sorry for this computer :thumbsup: I do what I can on my weekly visits to keep it running as best I can, but my limited ability has met it's match. I have just installed firefox for them to use instead of IE. I have been unable to remove win fixer 2006 and some other malware.

Here is the hijackthis log
Thank you in advance for your help

Logfile of HijackThis v1.99.1
Scan saved at 7:48:15 PM, on 1/25/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\TizzleTalk\TizzleTalk.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\bama\tlii.exe
C:\WINDOWS\system32\w?nspool.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.tc3net.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = TC3Net Internet Explorer
R3 - URLSearchHook: (no name) - {E594344F-82D7-FC2A-F038-FBEA16BE7A9D} - C:\WINDOWS\system32\zihued.dll
O2 - BHO: (no name) - AutorunsDisabled - (no file)
O2 - BHO: (no name) - {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} - C:\WINDOWS\system32\ssqpm.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {43D52D46-CE8D-E326-F51A-EC2B5A9AD892} - C:\WINDOWS\system32\mlw.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {60E763E7-8A23-A4D0-0591-F14A3C8CA8C3} - C:\WINDOWS\system32\ogmj.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: ATLDistrib Object - {7A1A109F-58B3-414B-9829-5F4D9BE5FEDE} - C:\WINDOWS\system32\jkhhh.dll
O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
O2 - BHO: (no name) - {DE2A3D20-D7E4-AB19-C71C-FCBAA3351393} - C:\WINDOWS\system32\ijhlm.dll
O2 - BHO: (no name) - {E594344F-82D7-FC2A-F038-FBEA16BE7A9D} - C:\WINDOWS\system32\zihued.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [TizzleTalk] C:\Program Files\TizzleTalk\TizzleTalk.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Sen] "C:\Program Files\bama\tlii.exe" -vt tzt
O4 - HKCU\..\Run: [Gbe] C:\WINDOWS\system32\w?nspool.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll/search.htm
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZNxmk572YYUS
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-us\msntabres.dll/229?bf987c3124e8411aa1b6e4f1c58f7f
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-us\msntabres.dll/230?bf987c3124e8411aa1b6e4f1c58f7f
O8 - Extra context menu item: Web Rebates. - file://C:\Program Files\WebRebates4\websrebates\webtrebates\toprC0.htm
O9 - Extra button: (no name) - AutorunsDisabled - (no file)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .aif: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O12 - Plugin for .WAV: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/web_...aploader_v6.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: jkhhh - C:\WINDOWS\system32\jkhhh.dll
O20 - Winlogon Notify: ssqpm - ssqpm.dll (file missing)
O20 - Winlogon Notify: ssttt - C:\WINDOWS\system32\ssttt.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

BC AdBot (Login to Remove)

 


#2 Daemon

Daemon

    Security Expert


  • Members
  • 1,446 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:09:06 AM

Posted 26 January 2006 - 02:56 AM

Please download VundoFix.exe to your desktop.
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will shutdown your computer, click OK.
  • Turn your computer back on.
  • Please post the contents of C:\vundofix.txt and a new HiJackThis log.

Posted Image

Have I helped you? Please consider donating to help me continue with the fight against malware. Click here

#3 Daemon

Daemon

    Security Expert


  • Members
  • 1,446 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:09:06 AM

Posted 03 February 2006 - 01:32 AM

Due to inactivity this topic will be closed.

If you need this topic reopened, please email the moderating team - be sure to include the address of the thread and the name you posted under.
Posted Image

Have I helped you? Please consider donating to help me continue with the fight against malware. Click here

#4 Daemon

Daemon

    Security Expert


  • Members
  • 1,446 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:09:06 AM

Posted 03 February 2006 - 02:22 AM

Re-opened at users request - next reply due Feb 5.
Posted Image

Have I helped you? Please consider donating to help me continue with the fight against malware. Click here

#5 magurgle

magurgle
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:06 AM

Posted 05 February 2006 - 05:51 PM

VundoFix V4.2.22
Scan started at 5:40:11 PM 2/5/2006

Listing files found while scanning....

C:\WINDOWS\system32\jkhhh.dll
C:\WINDOWS\system32\hhhkj.ini
C:\WINDOWS\system32\hhhkj.bak1
C:\WINDOWS\system32\hhhkj.bak2
C:\WINDOWS\system32\hhhkj.ini2
C:\WINDOWS\system32\hhhkj.tmp
C:\WINDOWS\system32\ssqpm.dll

C:\WINDOWS\system32\hhhkj.bak1
C:\WINDOWS\system32\hhhkj.bak2
C:\WINDOWS\system32\hhhkj.tmp
C:\WINDOWS\system32\hhhkj.ini
C:\WINDOWS\system32\hhhkj.ini2
C:\WINDOWS\system32\jkhhh.dll
C:\WINDOWS\system32\tttss.bak1
C:\WINDOWS\system32\tttss.ini
C:\WINDOWS\system32\ssttt.dll
C:\WINDOWS\system32\hhhkj.ini2
C:\WINDOWS\system32\hhhkj.bak2
C:\WINDOWS\system32\hhhkj.tmp
C:\WINDOWS\system32\hhhkj.ini
C:\WINDOWS\system32\hhhkj.ini2
C:\WINDOWS\system32\jkhhh.dll
Attempting to delete C:\WINDOWS\system32\jkhhh.dll
C:\WINDOWS\system32\jkhhh.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\hhhkj.ini
C:\WINDOWS\system32\hhhkj.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\hhhkj.bak1
C:\WINDOWS\system32\hhhkj.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\hhhkj.bak2
C:\WINDOWS\system32\hhhkj.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\hhhkj.ini2
C:\WINDOWS\system32\hhhkj.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\hhhkj.tmp
C:\WINDOWS\system32\hhhkj.tmp Has been deleted!

Attempting to delete C:\WINDOWS\system32\jkhhh.dll
C:\WINDOWS\system32\jkhhh.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\tttss.bak1
C:\WINDOWS\system32\tttss.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\tttss.ini
C:\WINDOWS\system32\tttss.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\ssttt.dll
C:\WINDOWS\system32\ssttt.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\jkhhh.dll
C:\WINDOWS\system32\jkhhh.dll Could not be deleted.

Performing Repairs to the registry.
Done!


Logfile of HijackThis v1.99.1
Scan saved at 5:47:37 PM, on 2/5/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\TizzleTalk\TizzleTalk.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\w?nspool.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\bama\tlii.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.tc3net.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = TC3Net Internet Explorer
R3 - URLSearchHook: (no name) - {8D79343D-D1AB-A552-D7E8-A60FA89619CA} - C:\WINDOWS\system32\mcc.dll
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: (no name) - AutorunsDisabled - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {882E3339-89A9-A400-DDE8-A60FA89619CA} - C:\WINDOWS\system32\nwtrilvo.dll
O2 - BHO: (no name) - {8D79343D-D1AB-A552-D7E8-A60FA89619CA} - C:\WINDOWS\system32\mcc.dll
O2 - BHO: (no name) - {BD15233E-9AA0-EE05-D05D-B83ECB207B99} - C:\WINDOWS\system32\tfk.dll
O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
O2 - BHO: (no name) - {D97C3068-85FF-A75B-80E8-A60FA8964FCC} - C:\WINDOWS\system32\vjbzudo.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [TizzleTalk] C:\Program Files\TizzleTalk\TizzleTalk.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Gbe] C:\WINDOWS\system32\w?nspool.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Sen] "C:\Program Files\bama\tlii.exe" -vt tzt
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll/search.htm
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZNxmk572YYUS
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-us\msntabres.dll/229?bf987c3124e8411aa1b6e4f1c58f7f
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-us\msntabres.dll/230?bf987c3124e8411aa1b6e4f1c58f7f
O8 - Extra context menu item: Web Rebates. - file://C:\Program Files\WebRebates4\websrebates\webtrebates\toprC0.htm
O9 - Extra button: (no name) - AutorunsDisabled - (no file)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .aif: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O12 - Plugin for .WAV: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/web_...aploader_v6.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: ssqpm - ssqpm.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

Thank you for your patience, I will not be able to reply for another week. My mothers house in in another state and I only make the trip once a week. No one here feels confedent with their ability to do this kind of work.

#6 Daemon

Daemon

    Security Expert


  • Members
  • 1,446 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:09:06 AM

Posted 05 February 2006 - 06:31 PM

Click here to download ewido anti-malware - it is a trial version of the program.
  • Install ewido.
  • When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
  • Launch ewido, there should be an icon on your desktop double-click it.
  • The program will now go to the main screen.
You will need to update ewido to the latest definition files.
  • On the left hand side of the main screen click update
  • Then click on Start Update
The update will start and a progress bar will show the updates being installed. Then:
  • Click on scanner
  • Click on Complete System Scan and the scan will begin (do not open any folders or open the windows control panel while the scan is in progress).
  • While the scan is in progress you will be prompted to clean files, click OK
  • When it asks if you want to clean the first file, put a check in the lower left corner of the box that says "Perform action on all infections" then choose clean and click OK.
  • Once the scan has completed, there will be a button located on the bottom of the screen named Save report
  • Click Save report.
  • Save the report .txt file to your desktop.
Now close ewido.

Rescan with HJT and post a new log here together with the ewido log so that any remnants can be removed manually.
Posted Image

Have I helped you? Please consider donating to help me continue with the fight against malware. Click here

#7 magurgle

magurgle
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:06 AM

Posted 12 February 2006 - 05:08 PM

Logfile of HijackThis v1.99.1
Scan saved at 5:03:21 PM, on 2/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\TizzleTalk\TizzleTalk.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\bama\tlii.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\m?config.exe
C:\Program Files\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.tc3net.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = TC3Net Internet Explorer
R3 - URLSearchHook: (no name) - {21BD24C2-C651-B3FC-2806-BDCE64BBEAC7} - C:\WINDOWS\system32\irju.dll
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: (no name) - AutorunsDisabled - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {21BD24C2-C651-B3FC-2806-BDCE64BBEAC7} - C:\WINDOWS\system32\irju.dll
O2 - BHO: (no name) - {4B966536-D7FD-FF02-8559-AD7F1F1D85CD} - C:\WINDOWS\system32\mdvlzv.dll (file missing)
O2 - BHO: (no name) - {4FC16A68-83FD-AE00-DE59-AD7F1F1D85CD} - C:\WINDOWS\system32\axb.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {B215226F-CAFC-BA03-DE5D-B83ECB20229C} - C:\WINDOWS\system32\fnmmnp.dll (file missing)
O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
O2 - BHO: (no name) - {E8447269-CEAE-B901-875D-B83ECB2020CB} - C:\WINDOWS\system32\hguyqh.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [TizzleTalk] C:\Program Files\TizzleTalk\TizzleTalk.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Sen] "C:\Program Files\bama\tlii.exe" -vt tzt
O4 - HKCU\..\Run: [Ergn] C:\WINDOWS\system32\m?config.exe
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll/search.htm
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZNxmk572YYUS
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-us\msntabres.dll/229?bf987c3124e8411aa1b6e4f1c58f7f
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-us\msntabres.dll/230?bf987c3124e8411aa1b6e4f1c58f7f
O8 - Extra context menu item: Web Rebates. - file://C:\Program Files\WebRebates4\websrebates\webtrebates\toprC0.htm
O9 - Extra button: (no name) - AutorunsDisabled - (no file)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .aif: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O12 - Plugin for .WAV: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/web_...aploader_v6.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: ssqpm - ssqpm.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE



---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 4:58:56 PM, 2/12/2006
+ Report-Checksum: 880A891C

+ Scan result:

HKLM\SOFTWARE\ClickSpring -> Adware.PurityScan : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins -> Adware.WebRebates : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\AutorunsDisabled\\{D49E9D35-254C-4c6a-9D17-95018D228FF5} -> Adware.Starware : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\AutorunsDisabled\{CA356D79-679B-4b4c-8E49-5AF97014F4C1} -> Adware.Starware : Cleaned with backup
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C2EEB4FA-B6D6-41B9-9CFA-ABA87F862BCB} -> Adware.Generic : Cleaned with backup
HKU\S-1-5-21-402894697-73668564-2997002767-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00DBDAC8-4691-4797-8E6A-7C6AB89BC441} -> Downloader.ConHook.l : Cleaned with backup
HKU\S-1-5-21-402894697-73668564-2997002767-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7A1A109F-58B3-414B-9829-5F4D9BE5FEDE} -> Adware.Virtumonde : Cleaned with backup
HKU\S-1-5-21-402894697-73668564-2997002767-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C2EEB4FA-B6D6-41B9-9CFA-ABA87F862BCB} -> Adware.Generic : Cleaned with backup
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C2EEB4FA-B6D6-41B9-9CFA-ABA87F862BCB} -> Adware.Generic : Cleaned with backup
[1288] C:\WINDOWS\system32\wіnspool.exe -> Adware.PurityScan : Cleaned with backup
C:\Documents and Settings\All Users\Start Menu\Programs\Block Checker -> Adware.BlockChecker : Cleaned with backup
C:\Documents and Settings\All Users\Start Menu\Programs\Block Checker\Block Checker -> Adware.BlockChecker : Cleaned with backup
C:\Documents and Settings\All Users\Start Menu\Programs\Block Checker\Block Checker\Block Checker.lnk -> Adware.BlockChecker : Cleaned with backup
:mozilla.14:C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\frk286bn.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.16:C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\frk286bn.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.19:C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\frk286bn.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.20:C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\frk286bn.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.21:C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\frk286bn.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.22:C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\frk286bn.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.23:C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\frk286bn.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.24:C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\frk286bn.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.28:C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\frk286bn.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.29:C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\frk286bn.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.30:C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\frk286bn.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.35:C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\frk286bn.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.50:C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\frk286bn.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.63:C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\frk286bn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.64:C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\frk286bn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.67:C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\frk286bn.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.68:C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\frk286bn.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.69:C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\frk286bn.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.70:C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\frk286bn.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.71:C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\frk286bn.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.72:C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\frk286bn.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.73:C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\frk286bn.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.74:C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\frk286bn.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.75:C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\frk286bn.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.76:C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\frk286bn.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.77:C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\frk286bn.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.78:C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\frk286bn.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.79:C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\frk286bn.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.80:C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\frk286bn.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.81:C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\frk286bn.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.82:C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\frk286bn.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.83:C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\frk286bn.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.84:C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\frk286bn.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.85:C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\frk286bn.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.86:C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\frk286bn.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.87:C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\frk286bn.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.88:C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\frk286bn.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.89:C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\frk286bn.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.90:C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\frk286bn.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.91:C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\frk286bn.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.92:C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\frk286bn.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.93:C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\frk286bn.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.96:C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\frk286bn.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.97:C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\frk286bn.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.98:C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\frk286bn.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.99:C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\frk286bn.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.100:C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\frk286bn.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.101:C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\frk286bn.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.102:C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\frk286bn.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.103:C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\frk286bn.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.104:C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\frk286bn.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.105:C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\frk286bn.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.106:C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\frk286bn.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.107:C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\frk286bn.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.108:C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\frk286bn.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.109:C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\frk286bn.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.110:C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\frk286bn.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.111:C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\frk286bn.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.112:C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\frk286bn.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.113:C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\frk286bn.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.114:C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\frk286bn.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.174:C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\frk286bn.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.175:C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\frk286bn.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.195:C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\frk286bn.default\cookies.txt -> TrackingCookie.Adtrak : Cleaned with backup
:mozilla.229:C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\frk286bn.default\cookies.txt -> TrackingCookie.Starware : Cleaned with backup
:mozilla.235:C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\frk286bn.default\cookies.txt -> TrackingCookie.Starware : Cleaned with backup
:mozilla.260:C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\frk286bn.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned with backup
:mozilla.267:C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\frk286bn.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
:mozilla.270:C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\frk286bn.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
:mozilla.282:C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\frk286bn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.299:C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\frk286bn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.356:C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\frk286bn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.368:C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\frk286bn.default\cookies.txt -> TrackingCookie.Masterstats : Cleaned with backup
:mozilla.381:C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\frk286bn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.418:C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\frk286bn.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.421:C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\frk286bn.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.426:C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\frk286bn.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.427:C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\frk286bn.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.429:C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\frk286bn.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.430:C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\frk286bn.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.432:C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\frk286bn.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.433:C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\frk286bn.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.434:C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\frk286bn.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.439:C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\frk286bn.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.441:C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\frk286bn.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.442:C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\frk286bn.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.443:C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\frk286bn.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.444:C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\frk286bn.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.445:C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\frk286bn.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.446:C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\frk286bn.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.447:C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\frk286bn.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.448:C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\frk286bn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.449:C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\frk286bn.default\cookies.txt -> TrackingCookie.Starware : Cleaned with backup
:mozilla.450:C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\frk286bn.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.451:C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\frk286bn.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.457:C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\frk286bn.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.458:C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\frk286bn.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.459:C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\frk286bn.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.462:C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\frk286bn.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.463:C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\frk286bn.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.464:C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\frk286bn.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.465:C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\frk286bn.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.468:C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\frk286bn.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.470:C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\frk286bn.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.475:C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\frk286bn.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.478:C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\frk286bn.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.480:C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\frk286bn.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.481:C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\frk286bn.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.487:C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\frk286bn.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.488:C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\frk286bn.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.489:C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\frk286bn.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.490:C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\frk286bn.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.493:C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\frk286bn.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.498:C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\frk286bn.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.499:C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\frk286bn.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.500:C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\frk286bn.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.501:C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\frk286bn.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.503:C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\frk286bn.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.505:C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\frk286bn.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.512:C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\frk286bn.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.514:C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\frk286bn.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.518:C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\frk286bn.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.520:C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\frk286bn.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.521:C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\frk286bn.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.523:C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\frk286bn.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.525:C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\frk286bn.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.526:C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\frk286bn.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.528:C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\frk286bn.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.530:C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\frk286bn.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.531:C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\frk286bn.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.532:C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\frk286bn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.533:C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\frk286bn.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.536:C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\frk286bn.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.537:C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\frk286bn.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.538:C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\frk286bn.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.542:C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\frk286bn.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.544:C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\frk286bn.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.561:C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\frk286bn.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup
:mozilla.562:C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\frk286bn.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup
:mozilla.566:C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\frk286bn.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.569:C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\frk286bn.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup
:mozilla.574:C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\frk286bn.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.575:C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\frk286bn.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.581:C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\frk286bn.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned with backup
:mozilla.586:C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\frk286bn.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.587:C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\frk286bn.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.589:C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\frk286bn.default\cookies.txt -> TrackingCookie.Adorigin : Cleaned with backup
:mozilla.595:C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\frk286bn.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.601:C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\frk286bn.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.605:C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\frk286bn.default\cookies.txt -> TrackingCookie.Goclick : Cleaned with backup
:mozilla.606:C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\frk286bn.default\cookies.txt -> TrackingCookie.Goclick : Cleaned with backup
:mozilla.622:C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\frk286bn.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.8:C:\Documents and Settings\Kenny\Application Data\Netscape\NSB\Profiles\l86rskna.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.10:C:\Documents and Settings\Kenny\Application Data\Netscape\NSB\Profiles\l86rskna.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.11:C:\Documents and Settings\Kenny\Application Data\Netscape\NSB\Profiles\l86rskna.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.12:C:\Documents and Settings\Kenny\Application Data\Netscape\NSB\Profiles\l86rskna.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.13:C:\Documents and Settings\Kenny\Application Data\Netscape\NSB\Profiles\l86rskna.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.14:C:\Documents and Settings\Kenny\Application Data\Netscape\NSB\Profiles\l86rskna.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.15:C:\Documents and Settings\Kenny\Application Data\Netscape\NSB\Profiles\l86rskna.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Kenny\Application Data\Starware -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\Kenny\Application Data\Starware\BrowserSearch -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\Kenny\Application Data\Starware\BrowserSearch\BrowserSearch.xml -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\Kenny\Application Data\Starware\BrowserSearch\BrowserSearch.xml.backup -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\Kenny\Application Data\Starware\ErrorSearch -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\Kenny\Application Data\Starware\ErrorSearch\ErrorSearchOptions.xml -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\Kenny\Application Data\Starware\ErrorSearch\ErrorSearchOptions.xml.backup -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\Kenny\Application Data\Starware\Games -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\Kenny\Application Data\Starware\Games\GamesOptions.xml -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\Kenny\Application Data\Starware\Games\GamesOptions.xml.backup -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\Kenny\Application Data\Starware\Layouts -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\Kenny\Application Data\Starware\Layouts\PreferencesLayout.xml -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\Kenny\Application Data\Starware\Layouts\PreferencesLayout.xml.backup -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\Kenny\Application Data\Starware\Layouts\ToolbarLayout.xml -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\Kenny\Application Data\Starware\Layouts\ToolbarLayout.xml.backup -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\Kenny\Application Data\Starware\Manager -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\Kenny\Application Data\Starware\Manager\ManagerOptions.xml -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\Kenny\Application Data\Starware\Manager\ManagerOptions.xml.backup -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\Kenny\Application Data\Starware\PopupBlocker -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\Kenny\Application Data\Starware\PopupBlocker\PopupBlockerOptions.xml -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\Kenny\Application Data\Starware\PopupBlocker\PopupBlockerOptions.xml.backup -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\Kenny\Application Data\Starware\Reference -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\Kenny\Application Data\Starware\Reference\ReferenceOptions.xml -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\Kenny\Application Data\Starware\Reference\ReferenceOptions.xml.backup -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\Kenny\Application Data\Starware\RelatedSearch -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\Kenny\Application Data\Starware\RelatedSearch\RelatedSearchOptions.xml -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\Kenny\Application Data\Starware\RelatedSearch\RelatedSearchOptions.xml.backup -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\Kenny\Application Data\Starware\ScreenSavers -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\Kenny\Application Data\Starware\ScreenSavers\ScreenSaversOptions.xml -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\Kenny\Application Data\Starware\ScreenSavers\ScreenSaversOptions.xml.backup -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\Kenny\Application Data\Starware\SearchAssistPlus -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\Kenny\Application Data\Starware\SearchAssistPlus\SearchAssistPlusOptions.xml -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\Kenny\Application Data\Starware\SearchAssistPlus\SearchAssistPlusOptions.xml.backup -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\Kenny\Application Data\Starware\SearchMatch -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\Kenny\Application Data\Starware\SearchMatch\SearchMatchOptions.xml -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\Kenny\Application Data\Starware\SearchMatch\SearchMatchOptions.xml.backup -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\Kenny\Application Data\Starware\SmileyTown -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\Kenny\Application Data\Starware\SmileyTown\SmileyTownOptions.xml -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\Kenny\Application Data\Starware\SmileyTown\SmileyTownOptions.xml.backup -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\Kenny\Application Data\Starware\Toolbar -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\Kenny\Application Data\Starware\Toolbar\TBProductsOptions.xml -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\Kenny\Application Data\Starware\Toolbar\TBProductsOptions.xml.backup -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\Kenny\Application Data\Starware\ToolbarLogo -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\Kenny\Application Data\Starware\ToolbarLogo\ToolbarLogoOptions.xml -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\Kenny\Application Data\Starware\ToolbarLogo\ToolbarLogoOptions.xml.backup -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\Kenny\Application Data\Starware\ToolbarSearch -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\Kenny\Application Data\Starware\ToolbarSearch\ToolbarSearchOptions.xml -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\Kenny\Application Data\Starware\ToolbarSearch\ToolbarSearchOptions.xml.backup -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\Kenny\Application Data\Starware\TravelSearch -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\Kenny\Application Data\Starware\TravelSearch\TravelSearchOptions.xml -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\Kenny\Application Data\Starware\TravelSearch\TravelSearchOptions.xml.backup -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\Kenny\Cookies\kenny@2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Kenny\Cookies\kenny@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Kenny\Cookies\kenny@adopt.euroclick[1].txt -> TrackingCookie.Euroclick : Cleaned with backup
C:\Documents and Settings\Kenny\Cookies\kenny@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : Cleaned with backup
C:\Documents and Settings\Kenny\Cookies\kenny@adorigin[1].txt -> TrackingCookie.Adorigin : Cleaned with backup
C:\Documents and Settings\Kenny\Cookies\kenny@ads.addynamix[2].txt -> TrackingCookie.Addynamix : Cleaned with backup
C:\Documents and Settings\Kenny\Cookies\kenny@ads.realcastmedia[1].txt -> TrackingCookie.Realcastmedia : Cleaned with backup
C:\Documents and Settings\Kenny\Cookies\kenny@ads1.revenue[1].txt -> TrackingCookie.Revenue : Cleaned with backup
C:\Documents and Settings\Kenny\Cookies\kenny@advertising[1].txt -> TrackingCookie.Advertising : Cleaned with backup
C:\Documents and Settings\Kenny\Cookies\kenny@as-us.falkag[1].txt -> TrackingCookie.Falkag : Cleaned with backup
C:\Documents and Settings\Kenny\Cookies\kenny@atdmt[1].txt -> TrackingCookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Kenny\Cookies\kenny@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned with backup
C:\Documents and Settings\Kenny\Cookies\kenny@c.goclick[2].txt -> TrackingCookie.Goclick : Cleaned with backup
C:\Documents and Settings\Kenny\Cookies\kenny@com[2].txt -> TrackingCookie.Com : Cleaned with backup
C:\Documents and Settings\Kenny\Cookies\kenny@cpvfeed[1].txt -> TrackingCookie.Cpvfeed : Cleaned with backup
C:\Documents and Settings\Kenny\Cookies\kenny@data4.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\Kenny\Cookies\kenny@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Kenny\Cookies\kenny@e-2dj6wfk4ahcpkcp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Kenny\Cookies\kenny@e-2dj6wfk4koajgaq.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Kenny\Cookies\kenny@e-2dj6wfk4slcjado.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Kenny\Cookies\kenny@e-2dj6wfkiahczclq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Kenny\Cookies\kenny@e-2dj6wfkiajajcco.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Kenny\Cookies\kenny@e-2dj6wfkiclcjwcp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Kenny\Cookies\kenny@e-2dj6wfkiekcjobp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Kenny\Cookies\kenny@e-2dj6wfkikpajcgo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Kenny\Cookies\kenny@e-2dj6wfkioldzchp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Kenny\Cookies\kenny@e-2dj6wfkoancpwdp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Kenny\Cookies\kenny@e-2dj6wfkyelcjiho.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Kenny\Cookies\kenny@e-2dj6wfkyqpc5kko.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Kenny\Cookies\kenny@e-2dj6wfliemd5ilp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Kenny\Cookies\kenny@e-2dj6wfliqpcpwdo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Kenny\Cookies\kenny@e-2dj6wfmickdjgkq.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Kenny\Cookies\kenny@e-2dj6wfmicnc5iao.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Kenny\Cookies\kenny@e-2dj6wfmyokdjkeq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Kenny\Cookies\kenny@e-2dj6wfmywic5olo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Kenny\Cookies\kenny@e-2dj6wgkigpazigp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Kenny\Cookies\kenny@e-2dj6wjk4ejc5elp.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Kenny\Cookies\kenny@e-2dj6wjkoaod5mlo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Kenny\Cookies\kenny@e-2dj6wjkoujdjwdo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Kenny\Cookies\kenny@e-2dj6wjkyclczgfp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Kenny\Cookies\kenny@e-2dj6wjkykgdjelq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Kenny\Cookies\kenny@e-2dj6wjkykhdpsbo.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Kenny\Cookies\kenny@e-2dj6wjkyujcjocp.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Kenny\Cookies\kenny@e-2dj6wjl4cjdpihp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Kenny\Cookies\kenny@e-2dj6wjl4ejajggq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Kenny\Cookies\kenny@e-2dj6wjl4eldzsfo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Kenny\Cookies\kenny@e-2dj6wjl4ggazibo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Kenny\Cookies\kenny@e-2dj6wjl4qmdzwcp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Kenny\Cookies\kenny@e-2dj6wjliajazefo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Kenny\Cookies\kenny@e-2dj6wjlickcjmlq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Kenny\Cookies\kenny@e-2dj6wjliooc5keq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Kenny\Cookies\kenny@e-2dj6wjlioocjedo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Kenny\Cookies\kenny@e-2dj6wjliugdjwcq.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Kenny\Cookies\kenny@e-2dj6wjliuhd5maq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Kenny\Cookies\kenny@e-2dj6wjliwmczoeo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Kenny\Cookies\kenny@e-2dj6wjliwpdzihp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Kenny\Cookies\kenny@e-2dj6wjlogkdjogo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Kenny\Cookies\kenny@e-2dj6wjlogmcpwap.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Kenny\Cookies\kenny@e-2dj6wjlokjajgho.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Kenny\Cookies\kenny@e-2dj6wjloqmdjicq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Kenny\Cookies\kenny@e-2dj6wjlyggcjckq.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settin

#8 Daemon

Daemon

    Security Expert


  • Members
  • 1,446 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:09:06 AM

Posted 12 February 2006 - 05:40 PM

Grab a copy of this little free application to help control those tracking cookies in future:

http://www.analogx.com/contents/download/network/cookie.htm

Make sure that you have no browser windows open as this could prevent the fix from working properly. Open HijackThis, scan and when complete, remove the following entries by checking the box to the left and clicking 'fixed checked':

R3 - URLSearchHook: (no name) - {21BD24C2-C651-B3FC-2806-BDCE64BBEAC7} - C:\WINDOWS\system32\irju.dll
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: (no name) - AutorunsDisabled - (no file)
O2 - BHO: (no name) - {21BD24C2-C651-B3FC-2806-BDCE64BBEAC7} - C:\WINDOWS\system32\irju.dll
O2 - BHO: (no name) - {4B966536-D7FD-FF02-8559-AD7F1F1D85CD} - C:\WINDOWS\system32\mdvlzv.dll (file missing)
O2 - BHO: (no name) - {4FC16A68-83FD-AE00-DE59-AD7F1F1D85CD} - C:\WINDOWS\system32\axb.dll (file missing)
O2 - BHO: (no name) - {B215226F-CAFC-BA03-DE5D-B83ECB20229C} - C:\WINDOWS\system32\fnmmnp.dll (file missing)
O2 - BHO: (no name) - {E8447269-CEAE-B901-875D-B83ECB2020CB} - C:\WINDOWS\system32\hguyqh.dll (file missing)
O4 - HKLM\..\Run: [TizzleTalk] C:\Program Files\TizzleTalk\TizzleTalk.exe
O4 - HKCU\..\Run: [Sen] "C:\Program Files\bama\tlii.exe" -vt tzt
O4 - HKCU\..\Run: [Ergn] C:\WINDOWS\system32\m?config.exe
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZNxmk572YYUS
O8 - Extra context menu item: Web Rebates. - file://C:\Program Files\WebRebates4\websrebates\webtrebates\toprC0.htm
O9 - Extra button: (no name) - AutorunsDisabled - (no file)
O20 - Winlogon Notify: ssqpm - ssqpm.dll (file missing)


Exit HijackThis when done. Reboot into Safe Mode by tapping F8 after the BIOS has loaded. Using Windows Explorer, find and delete the following:

C:\Program Files\TizzleTalk <-- folder
C:\Program Files\bama <-- folder

Exit Explorer and reboot into Normal Mode. Rescan with HijackThis and post a new log here.
Posted Image

Have I helped you? Please consider donating to help me continue with the fight against malware. Click here

#9 spmead

spmead

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:09:06 AM

Posted 13 February 2006 - 01:45 PM

Hi... erm some help would be nice here.. i have some s :thumbsup: that nothing i've tried can get rid of... main thing is Win Fixer... i wanna KILL IT!!!!

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = 192.168.1.72
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O2 - BHO: (no name) - {1D04E7C1-809D-FFE3-2EDE-37289D1DB34D} - C:\DOCUME~1\ADMINI~1\APPLIC~1\mix1help\SafeCoal.exe (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [BlockChecker] C:\Program Files\Block Checker\block-checker.exe
O4 - HKLM\..\Run: [optionshimdashdata] C:\Documents and Settings\All Users\Application Data\WEB LOUD OPTION SHIM\purerect.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CTRegRun] C:\WINDOWS\CTRegRun.EXE
O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Corn remote] C:\DOCUME~1\ADMINI~1\APPLIC~1\LOCKSD~1\bend body kind.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
O4 - Global Startup: PCSuiteForNokia6600 Detect.lnk = ?
O4 - Global Startup: PCSuiteForNokia6600 TS.lnk = ?
O4 - Global Startup: Ulead Photo Express 4.0 SE Calendar Checker .lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html...GB_ZCxdm492YYGB
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesuk.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesuk.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwe...up1.0.0.8-2.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{AB58930D-0612-489C-9BC6-E6DA31550F66}: NameServer = 192.168.1.250
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

#10 Daemon

Daemon

    Security Expert


  • Members
  • 1,446 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:09:06 AM

Posted 13 February 2006 - 03:12 PM

Please do not post in other people's topics.

Edited by Daemon, 13 February 2006 - 03:14 PM.

Posted Image

Have I helped you? Please consider donating to help me continue with the fight against malware. Click here

#11 magurgle

magurgle
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:06 AM

Posted 15 February 2006 - 07:45 PM

thanks, working good, looks good so far. hopefully we can keep it that way. Thank you for you help and patience

#12 Daemon

Daemon

    Security Expert


  • Members
  • 1,446 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:09:06 AM

Posted 16 February 2006 - 02:06 AM

Please post that new HJT log so that I can check that you are clean.
Posted Image

Have I helped you? Please consider donating to help me continue with the fight against malware. Click here

#13 Daemon

Daemon

    Security Expert


  • Members
  • 1,446 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:09:06 AM

Posted 25 February 2006 - 11:03 AM

As this problem has been resolved the topic will be closed. If you need this topic reopened, please email the moderating team - be sure to include the address of the thread and the name you posted under.
Posted Image

Have I helped you? Please consider donating to help me continue with the fight against malware. Click here




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users