Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijackthis Log: Please Help Diagnose


  • Please log in to reply
7 replies to this topic

#1 self_tuaght

self_tuaght

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:42 AM

Posted 18 March 2006 - 04:51 PM

Logfile of HijackThis v1.99.1
Scan saved at 1:46:12 PM, on 3/18/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\EARTHL~1\PROTEC~1\ADSSER~1.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\ZoneLabs\isafe.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\IM Names\IM-svr.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\system32\swinssap.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\WINDOWS\System32\hpsw.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\aim\aim.exe
C:\DOCUME~1\bobbie\APPLIC~1\YMBOLS~1\mshta.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\Documents and Settings\bobbie\Desktop\HijackThis\HijackThis.exe
C:\WINDOWS\system32\notepad.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...er=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...B_PVER}&ar=home
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: (no name) - {C7212E4B-B3D0-9507-ADFB-903B837621E0} - C:\WINDOWS\System32\ahl.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
O2 - BHO: Trecker Class - {39C78B50-7E98-4aa0-B007-D83114EA6E0F} - C:\PROGRA~1\Jalmp\jalmp.dll
O2 - BHO: HomepageBHO - {4da4616d-7e6e-4fd9-a2d5-b6c535733e22} - C:\WINDOWS\System32\hp91A1.tmp
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {C7212E4B-B3D0-9507-ADFB-903B837621E0} - C:\WINDOWS\System32\ahl.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Big Fish Games Toolbar - {4E7BD74F-2B8D-469E-86BD-FD60BB9AAE3A} - C:\PROGRA~1\BFGTOO~1\BFGTOO~1.DLL (file missing)
O3 - Toolbar: (no name) - {57F02779-3D88-4958-8AD3-83C12D86ADC7} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [IMprocess] C:\Program Files\IM Names\IM-svr.EXE
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SPRINT~1\SMARTB~1\SprintDSLAlert.exe
O4 - HKLM\..\Run: [Earthlink Protection Control Center] C:\Program Files\EarthLink\Protection Control Center\elnk_pcc.exe /minimize
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SpywareStrike] C:\Program Files\SpywareStrike\SpywareStrike.exe /h
O4 - HKLM\..\Run: [084c0xog.dll] RUNDLL32.EXE 084c0xog.dll,b 6980859
O4 - HKLM\..\Run: [susse] "C:\WINDOWS\System32\hpsw.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\RunOnce: [srePostpone] rundll32.exe c:\windows\system32\zonelabs\srescan.dll,DoSpecialAction
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Microsoft Works Update Detection] c:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\aim\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Usrr] "C:\Program Files\etea\rpen.exe" -vt mt
O4 - HKCU\..\Run: [Zkg] C:\WINDOWS\System32\m?dtc.exe
O4 - HKCU\..\Run: [Nsjxttvy] C:\WINDOWS\System32\??chost.exe
O4 - HKCU\..\Run: [Bata] "C:\DOCUME~1\bobbie\APPLIC~1\YMBOLS~1\mshta.exe" -vt mt
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\aim\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1138072001359
O16 - DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} (WildfireActiveXHost Class) - http://aolsvc.aol.com/onlinegames/ghtumblebugs/axhost.cab
O16 - DPF: {9AC54695-69A4-46F1-BE10-10C74F9520D5} (elitectl.DemoCtl) - http://cabs.elitemediagroup.net/cabs/mediaview.cab
O16 - DPF: {A243F6C2-34D2-4549-BCCD-A7BEF759B236} (Seekford Solutions, Inc.'s ssiPictureUploader Control) - http://img.funtigo.com/images/uploader/ssi...ureUploader.cab
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://download.games.yahoo.com/games/web_...inematycoon.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.iwin.com/global/premium/popcap/...aploader_v6.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Filter: text/html - {2F6E85DC-8D2D-4896-8A4F-7DF8A7B1749D} - C:\PROGRA~1\Jalmp\jalmp.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: ADSService - Copyrightę Aluria Software, LLC - C:\PROGRA~1\EARTHL~1\PROTEC~1\ADSSER~1.EXE
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\System32\ZoneLabs\isafe.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: EarthLink Firewall Process Path Service (ElnkFWPPService) - Aluria Software, LLC. - C:\PROGRA~1\EARTHL~1\PROTEC~1\EFWPPS~1.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

BC AdBot (Login to Remove)

 


m

#2 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:05:42 AM

Posted 25 March 2006 - 11:54 AM

Hello self_tuaght and welcome to the BC HijackThis forum. It looks like we have a few issues here so let's start with an Ewido scan and see what it can clean up first. Please print these directions and then procees with the following instructions.

Download and install the trial version of the ewido security suite. Update the program and then close it. Do not run it yet.

Start in Safe Mode Using the F8 method:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until the boot menu appears.
  • Use the arrow keys to select the Safe Mode menu item.
  • Press the Enter key.
Start ewido and do the following:
  • Click on the Scanner button.
  • Click on the Complete System Scan.
  • If anything is found you will be prompted to clean the first infected file found. Choose Clean and put a checkmark in the checkbox for Perform action on all infections and click the Ok button to continue the scan.
  • When the scan is complete close ewido and reboot the computer normally.
Now run at least 2 of the following on-line virus scans:Bitdefender <<<Add a check by 'Autoclean'.
eTrust <<<'Cure' whatever is found, then delete if unsuccessful
Housecall <<<Put on 'Autoclean' and delete what it can't clean.
Panda ActiveScan <<<Accept default settings
If there are any files that cannot be automatically disinfected or quarantined then you will need to delete them manually.

OK. Reboot your computer normally, start HijackThis and perform a new scan. Use the Add Reply button to post your new log file back here along with the Ewido log file and details of any problems you encountered performing the above steps and I will review it when it comes in.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#3 self_tuaght

self_tuaght
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:42 AM

Posted 25 March 2006 - 05:43 PM

HIJACK LOG::

Logfile of HijackThis v1.99.1
Scan saved at 2:41:15 PM, on 3/25/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\EARTHL~1\PROTEC~1\ADSSER~1.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\IM Names\IM-svr.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\MYWEBS~1\bar\3.bin\mwsoemon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\bobbie\Desktop\HijackThis\HijackThis.exe
C:\Program Files\aim\aim.exe
C:\WINDOWS\System32\m?dtc.exe
C:\DOCUME~1\bobbie\APPLIC~1\YMBOLS~1\mshta.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...er=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...B_PVER}&ar=home
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: (no name) - {C7212E4B-B3D0-9507-ADFB-903B837621E0} - C:\WINDOWS\System32\ahl.dll (file missing)
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\3.bin\MWSSRCAS.DLL
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\3.bin\MWSSRCAS.DLL
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\3.bin\MWSBAR.DLL
O2 - BHO: URLLink - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet7_22.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {C7212E4B-B3D0-9507-ADFB-903B837621E0} - C:\WINDOWS\System32\ahl.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Big Fish Games Toolbar - {4E7BD74F-2B8D-469E-86BD-FD60BB9AAE3A} - C:\PROGRA~1\BFGTOO~1\BFGTOO~1.DLL (file missing)
O3 - Toolbar: (no name) - {57F02779-3D88-4958-8AD3-83C12D86ADC7} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [IMprocess] C:\Program Files\IM Names\IM-svr.EXE
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SPRINT~1\SMARTB~1\SprintDSLAlert.exe
O4 - HKLM\..\Run: [Earthlink Protection Control Center] C:\Program Files\EarthLink\Protection Control Center\elnk_pcc.exe /minimize
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SpywareStrike] C:\Program Files\SpywareStrike\SpywareStrike.exe /h
O4 - HKLM\..\Run: [084c0xog.dll] RUNDLL32.EXE 084c0xog.dll,b 6980859
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\3.bin\MWSBAR.DLL,S
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\3.bin\mwsoemon.exe
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Microsoft Works Update Detection] c:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\aim\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Usrr] "C:\Program Files\etea\rpen.exe" -vt mt
O4 - HKCU\..\Run: [Zkg] C:\WINDOWS\System32\m?dtc.exe
O4 - HKCU\..\Run: [Bata] "C:\DOCUME~1\bobbie\APPLIC~1\YMBOLS~1\mshta.exe" -vt mt
O4 - HKCU\..\Run: [Efajxctw] C:\Documents and Settings\bobbie\Application Data\??mantec\e?plorer.exe
O4 - Startup: Zeno.lnk = C:\WINDOWS\system32\swinssap.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...html?p=ZCfox000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\aim\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O10 - Broken Internet access because of LSP provider 'c:\program files\newdotnet\newdotnet7_22.dll' missing
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1138072001359
O16 - DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} (WildfireActiveXHost Class) - http://aolsvc.aol.com/onlinegames/ghtumblebugs/axhost.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {9AC54695-69A4-46F1-BE10-10C74F9520D5} (elitectl.DemoCtl) - http://cabs.elitemediagroup.net/cabs/mediaview.cab
O16 - DPF: {A243F6C2-34D2-4549-BCCD-A7BEF759B236} (Seekford Solutions, Inc.'s ssiPictureUploader Control) - http://img.funtigo.com/images/uploader/ssi...ureUploader.cab
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://download.games.yahoo.com/games/web_...inematycoon.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.iwin.com/global/premium/popcap/...aploader_v6.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Filter: text/html - {2F6E85DC-8D2D-4896-8A4F-7DF8A7B1749D} - C:\PROGRA~1\Jalmp\jalmp.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: ADSService - Copyrightę Aluria Software, LLC - C:\PROGRA~1\EARTHL~1\PROTEC~1\ADSSER~1.EXE
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: EarthLink Firewall Process Path Service (ElnkFWPPService) - Aluria Software, LLC. - C:\PROGRA~1\EARTHL~1\PROTEC~1\EFWPPS~1.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe




EWIDO LOG::
---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 11:27:28 AM, 3/25/2006
+ Report-Checksum: 30FD1AB0

+ Scan result:

HKLM\SOFTWARE\Classes\CLSID\{2178F3FB-2560-458f-BDEE-631E2FE0DFE4} -> Adware.WinAntiVirus : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{27150F81-0877-42E9-AF13-55E5A3439A26} -> Adware.Generic : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{39C78B50-7E98-4aa0-B007-D83114EA6E0F} -> Adware.Generic : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{4DA4616D-7E6E-4FD9-A2D5-B6C535733E22} -> Adware.Generic : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{39C78B50-7E98-4AA0-B007-D83114EA6E0F} -> Adware.Generic : Cleaned with backup
HKLM\SOFTWARE\Classes\WUSN.1 -> Adware.SaveNow : Error during cleaning
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objecta\{27150f81-0877-42e9-af13-55e5a3439a26} -> Adware.Generic : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objecta\{4da4616d-7e6e-4fd9-a2d5-b6c535733e22} -> Adware.Generic : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objecta\{e0103cd4-d1ce-411a-b75b-4fec072867f4} -> Trojan.Puper.ac : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39C78B50-7E98-4aa0-B007-D83114EA6E0F} -> Adware.Generic : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4da4616d-7e6e-4fd9-a2d5-b6c535733e22} -> Adware.Generic : Cleaned with backup
[468] C:\Program Files\NewDotNet\newdotnet7_22.dll -> Adware.NewDotNet : Cleaned with backup
:mozilla.10:C:\Documents and Settings\Angela\Application Data\Mozilla\Firefox\Profiles\rczvb0nl.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.11:C:\Documents and Settings\Angela\Application Data\Mozilla\Firefox\Profiles\rczvb0nl.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.12:C:\Documents and Settings\Angela\Application Data\Mozilla\Firefox\Profiles\rczvb0nl.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.13:C:\Documents and Settings\Angela\Application Data\Mozilla\Firefox\Profiles\rczvb0nl.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.14:C:\Documents and Settings\Angela\Application Data\Mozilla\Firefox\Profiles\rczvb0nl.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.15:C:\Documents and Settings\Angela\Application Data\Mozilla\Firefox\Profiles\rczvb0nl.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.16:C:\Documents and Settings\Angela\Application Data\Mozilla\Firefox\Profiles\rczvb0nl.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.17:C:\Documents and Settings\Angela\Application Data\Mozilla\Firefox\Profiles\rczvb0nl.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.18:C:\Documents and Settings\Angela\Application Data\Mozilla\Firefox\Profiles\rczvb0nl.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
:mozilla.19:C:\Documents and Settings\Angela\Application Data\Mozilla\Firefox\Profiles\rczvb0nl.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
:mozilla.20:C:\Documents and Settings\Angela\Application Data\Mozilla\Firefox\Profiles\rczvb0nl.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
:mozilla.21:C:\Documents and Settings\Angela\Application Data\Mozilla\Firefox\Profiles\rczvb0nl.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned with backup
:mozilla.22:C:\Documents and Settings\Angela\Application Data\Mozilla\Firefox\Profiles\rczvb0nl.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.23:C:\Documents and Settings\Angela\Application Data\Mozilla\Firefox\Profiles\rczvb0nl.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.24:C:\Documents and Settings\Angela\Application Data\Mozilla\Firefox\Profiles\rczvb0nl.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.29:C:\Documents and Settings\Angela\Application Data\Mozilla\Firefox\Profiles\rczvb0nl.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\Angela\Cookies\angela@2o7[2].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Angela\Cookies\angela@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Angela\Cookies\angela@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : Cleaned with backup
C:\Documents and Settings\Angela\Cookies\angela@adrevolver[3].txt -> TrackingCookie.Adrevolver : Cleaned with backup
C:\Documents and Settings\Angela\Cookies\angela@ads.addynamix[2].txt -> TrackingCookie.Addynamix : Cleaned with backup
C:\Documents and Settings\Angela\Cookies\angela@ads.pointroll[1].txt -> TrackingCookie.Pointroll : Cleaned with backup
C:\Documents and Settings\Angela\Cookies\angela@ads.realcastmedia[1].txt -> TrackingCookie.Realcastmedia : Cleaned with backup
C:\Documents and Settings\Angela\Cookies\angela@advertising[1].txt -> TrackingCookie.Advertising : Cleaned with backup
C:\Documents and Settings\Angela\Cookies\angela@as-eu.falkag[1].txt -> TrackingCookie.Falkag : Cleaned with backup
C:\Documents and Settings\Angela\Cookies\angela@as-us.falkag[1].txt -> TrackingCookie.Falkag : Cleaned with backup
C:\Documents and Settings\Angela\Cookies\angela@as1.falkag[1].txt -> TrackingCookie.Falkag : Cleaned with backup
C:\Documents and Settings\Angela\Cookies\angela@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Angela\Cookies\angela@bluestreak[1].txt -> TrackingCookie.Bluestreak : Cleaned with backup
C:\Documents and Settings\Angela\Cookies\angela@burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned with backup
C:\Documents and Settings\Angela\Cookies\angela@casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\Angela\Cookies\angela@citi.bridgetrack[2].txt -> TrackingCookie.Bridgetrack : Cleaned with backup
C:\Documents and Settings\Angela\Cookies\angela@cz7.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned with backup
C:\Documents and Settings\Angela\Cookies\angela@data4.perf.overture[2].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\Angela\Cookies\angela@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Angela\Cookies\angela@e-2dj6wgkielcpceo.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Angela\Cookies\angela@e-2dj6wgkycgd5iaq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Angela\Cookies\angela@e-2dj6wjmiondpwgo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Angela\Cookies\angela@e-2dj6wjnyokdpeep.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Angela\Cookies\angela@edge.ru4[2].txt -> TrackingCookie.Ru4 : Cleaned with backup
C:\Documents and Settings\Angela\Cookies\angela@ehg-cafepress.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Angela\Cookies\angela@ehg-clearchannel.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Angela\Cookies\angela@ehg-nestleusainc.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Angela\Cookies\angela@ehg-wizardsofthecoast.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Angela\Cookies\angela@fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned with backup
C:\Documents and Settings\Angela\Cookies\angela@gateway.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Angela\Cookies\angela@hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Angela\Cookies\angela@hotlog[2].txt -> TrackingCookie.Hotlog : Cleaned with backup
C:\Documents and Settings\Angela\Cookies\angela@linksynergy[1].txt -> TrackingCookie.Linksynergy : Cleaned with backup
C:\Documents and Settings\Angela\Cookies\angela@login.tracking101[2].txt -> TrackingCookie.Tracking101 : Cleaned with backup
C:\Documents and Settings\Angela\Cookies\angela@mediaplex[2].txt -> TrackingCookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\Angela\Cookies\angela@overture[2].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\Angela\Cookies\angela@partygaming.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Angela\Cookies\angela@perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\Angela\Cookies\angela@pro-market[2].txt -> TrackingCookie.Pro-market : Cleaned with backup
C:\Documents and Settings\Angela\Cookies\angela@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\Angela\Cookies\angela@reduxads.valuead[2].txt -> TrackingCookie.Valuead : Cleaned with backup
C:\Documents and Settings\Angela\Cookies\angela@revenue[2].txt -> TrackingCookie.Revenue : Cleaned with backup
C:\Documents and Settings\Angela\Cookies\angela@s.as-us.falkag[1].txt -> TrackingCookie.Falkag : Cleaned with backup
C:\Documents and Settings\Angela\Cookies\angela@sel.as-eu.falkag[1].txt -> TrackingCookie.Falkag : Cleaned with backup
C:\Documents and Settings\Angela\Cookies\angela@serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\Angela\Cookies\angela@stat.onestat[2].txt -> TrackingCookie.Onestat : Cleaned with backup
C:\Documents and Settings\Angela\Cookies\angela@statcounter[2].txt -> TrackingCookie.Statcounter : Cleaned with backup
C:\Documents and Settings\Angela\Cookies\angela@statse.webtrendslive[2].txt -> TrackingCookie.Webtrendslive : Cleaned with backup
C:\Documents and Settings\Angela\Cookies\angela@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned with backup
C:\Documents and Settings\Angela\Cookies\angela@targetnet[2].txt -> TrackingCookie.Targetnet : Cleaned with backup
C:\Documents and Settings\Angela\Cookies\angela@trafficmp[2].txt -> TrackingCookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\Angela\Cookies\angela@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\Angela\Cookies\angela@valueclick[1].txt -> TrackingCookie.Valueclick : Cleaned with backup
C:\Documents and Settings\Angela\Cookies\angela@weborama[1].txt -> TrackingCookie.Weborama : Cleaned with backup
C:\Documents and Settings\Angela\Cookies\angela@www.burstbeacon[1].txt -> TrackingCookie.Burstbeacon : Cleaned with backup
C:\Documents and Settings\Angela\Cookies\angela@yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Angela\Cookies\angela@z1.adserver[2].txt -> TrackingCookie.Adserver : Cleaned with backup
C:\Documents and Settings\Angela\Cookies\angela@zedo[1].txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.14:C:\Documents and Settings\bobbie\Application Data\Mozilla\Firefox\Profiles\u9ogiwoy.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.15:C:\Documents and Settings\bobbie\Application Data\Mozilla\Firefox\Profiles\u9ogiwoy.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.16:C:\Documents and Settings\bobbie\Application Data\Mozilla\Firefox\Profiles\u9ogiwoy.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.17:C:\Documents and Settings\bobbie\Application Data\Mozilla\Firefox\Profiles\u9ogiwoy.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.18:C:\Documents and Settings\bobbie\Application Data\Mozilla\Firefox\Profiles\u9ogiwoy.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.20:C:\Documents and Settings\bobbie\Application Data\Mozilla\Firefox\Profiles\u9ogiwoy.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.21:C:\Documents and Settings\bobbie\Application Data\Mozilla\Firefox\Profiles\u9ogiwoy.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.22:C:\Documents and Settings\bobbie\Application Data\Mozilla\Firefox\Profiles\u9ogiwoy.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.25:C:\Documents and Settings\bobbie\Application Data\Mozilla\Firefox\Profiles\u9ogiwoy.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.26:C:\Documents and Settings\bobbie\Application Data\Mozilla\Firefox\Profiles\u9ogiwoy.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.29:C:\Documents and Settings\bobbie\Application Data\Mozilla\Firefox\Profiles\u9ogiwoy.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.30:C:\Documents and Settings\bobbie\Application Data\Mozilla\Firefox\Profiles\u9ogiwoy.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.31:C:\Documents and Settings\bobbie\Application Data\Mozilla\Firefox\Profiles\u9ogiwoy.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.32:C:\Documents and Settings\bobbie\Application Data\Mozilla\Firefox\Profiles\u9ogiwoy.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.33:C:\Documents and Settings\bobbie\Application Data\Mozilla\Firefox\Profiles\u9ogiwoy.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.66:C:\Documents and Settings\bobbie\Application Data\Mozilla\Firefox\Profiles\u9ogiwoy.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.70:C:\Documents and Settings\bobbie\Application Data\Mozilla\Firefox\Profiles\u9ogiwoy.default\cookies.txt -> TrackingCookie.Spylog : Cleaned with backup
:mozilla.71:C:\Documents and Settings\bobbie\Application Data\Mozilla\Firefox\Profiles\u9ogiwoy.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.72:C:\Documents and Settings\bobbie\Application Data\Mozilla\Firefox\Profiles\u9ogiwoy.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.73:C:\Documents and Settings\bobbie\Application Data\Mozilla\Firefox\Profiles\u9ogiwoy.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.74:C:\Documents and Settings\bobbie\Application Data\Mozilla\Firefox\Profiles\u9ogiwoy.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.75:C:\Documents and Settings\bobbie\Application Data\Mozilla\Firefox\Profiles\u9ogiwoy.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.76:C:\Documents and Settings\bobbie\Application Data\Mozilla\Firefox\Profiles\u9ogiwoy.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.77:C:\Documents and Settings\bobbie\Application Data\Mozilla\Firefox\Profiles\u9ogiwoy.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.78:C:\Documents and Settings\bobbie\Application Data\Mozilla\Firefox\Profiles\u9ogiwoy.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.79:C:\Documents and Settings\bobbie\Application Data\Mozilla\Firefox\Profiles\u9ogiwoy.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.80:C:\Documents and Settings\bobbie\Application Data\Mozilla\Firefox\Profiles\u9ogiwoy.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.81:C:\Documents and Settings\bobbie\Application Data\Mozilla\Firefox\Profiles\u9ogiwoy.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.82:C:\Documents and Settings\bobbie\Application Data\Mozilla\Firefox\Profiles\u9ogiwoy.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.83:C:\Documents and Settings\bobbie\Application Data\Mozilla\Firefox\Profiles\u9ogiwoy.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.84:C:\Documents and Settings\bobbie\Application Data\Mozilla\Firefox\Profiles\u9ogiwoy.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.85:C:\Documents and Settings\bobbie\Application Data\Mozilla\Firefox\Profiles\u9ogiwoy.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.86:C:\Documents and Settings\bobbie\Application Data\Mozilla\Firefox\Profiles\u9ogiwoy.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.87:C:\Documents and Settings\bobbie\Application Data\Mozilla\Firefox\Profiles\u9ogiwoy.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.88:C:\Documents and Settings\bobbie\Application Data\Mozilla\Firefox\Profiles\u9ogiwoy.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.103:C:\Documents and Settings\bobbie\Application Data\Mozilla\Firefox\Profiles\u9ogiwoy.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.104:C:\Documents and Settings\bobbie\Application Data\Mozilla\Firefox\Profiles\u9ogiwoy.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.105:C:\Documents and Settings\bobbie\Application Data\Mozilla\Firefox\Profiles\u9ogiwoy.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.106:C:\Documents and Settings\bobbie\Application Data\Mozilla\Firefox\Profiles\u9ogiwoy.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.107:C:\Documents and Settings\bobbie\Application Data\Mozilla\Firefox\Profiles\u9ogiwoy.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.108:C:\Documents and Settings\bobbie\Application Data\Mozilla\Firefox\Profiles\u9ogiwoy.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.109:C:\Documents and Settings\bobbie\Application Data\Mozilla\Firefox\Profiles\u9ogiwoy.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.110:C:\Documents and Settings\bobbie\Application Data\Mozilla\Firefox\Profiles\u9ogiwoy.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.111:C:\Documents and Settings\bobbie\Application Data\Mozilla\Firefox\Profiles\u9ogiwoy.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.116:C:\Documents and Settings\bobbie\Application Data\Mozilla\Firefox\Profiles\u9ogiwoy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.117:C:\Documents and Settings\bobbie\Application Data\Mozilla\Firefox\Profiles\u9ogiwoy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.118:C:\Documents and Settings\bobbie\Application Data\Mozilla\Firefox\Profiles\u9ogiwoy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.119:C:\Documents and Settings\bobbie\Application Data\Mozilla\Firefox\Profiles\u9ogiwoy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.120:C:\Documents and Settings\bobbie\Application Data\Mozilla\Firefox\Profiles\u9ogiwoy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.121:C:\Documents and Settings\bobbie\Application Data\Mozilla\Firefox\Profiles\u9ogiwoy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.122:C:\Documents and Settings\bobbie\Application Data\Mozilla\Firefox\Profiles\u9ogiwoy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.123:C:\Documents and Settings\bobbie\Application Data\Mozilla\Firefox\Profiles\u9ogiwoy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.124:C:\Documents and Settings\bobbie\Application Data\Mozilla\Firefox\Profiles\u9ogiwoy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.125:C:\Documents and Settings\bobbie\Application Data\Mozilla\Firefox\Profiles\u9ogiwoy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.126:C:\Documents and Settings\bobbie\Application Data\Mozilla\Firefox\Profiles\u9ogiwoy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.127:C:\Documents and Settings\bobbie\Application Data\Mozilla\Firefox\Profiles\u9ogiwoy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.128:C:\Documents and Settings\bobbie\Application Data\Mozilla\Firefox\Profiles\u9ogiwoy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.129:C:\Documents and Settings\bobbie\Application Data\Mozilla\Firefox\Profiles\u9ogiwoy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.130:C:\Documents and Settings\bobbie\Application Data\Mozilla\Firefox\Profiles\u9ogiwoy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.142:C:\Documents and Settings\bobbie\Application Data\Mozilla\Firefox\Profiles\u9ogiwoy.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.143:C:\Documents and Settings\bobbie\Application Data\Mozilla\Firefox\Profiles\u9ogiwoy.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.144:C:\Documents and Settings\bobbie\Application Data\Mozilla\Firefox\Profiles\u9ogiwoy.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.145:C:\Documents and Settings\bobbie\Application Data\Mozilla\Firefox\Profiles\u9ogiwoy.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.146:C:\Documents and Settings\bobbie\Application Data\Mozilla\Firefox\Profiles\u9ogiwoy.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.147:C:\Documents and Settings\bobbie\Application Data\Mozilla\Firefox\Profiles\u9ogiwoy.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.148:C:\Documents and Settings\bobbie\Application Data\Mozilla\Firefox\Profiles\u9ogiwoy.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.149:C:\Documents and Settings\bobbie\Application Data\Mozilla\Firefox\Profiles\u9ogiwoy.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.150:C:\Documents and Settings\bobbie\Application Data\Mozilla\Firefox\Profiles\u9ogiwoy.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.151:C:\Documents and Settings\bobbie\Application Data\Mozilla\Firefox\Profiles\u9ogiwoy.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.152:C:\Documents and Settings\bobbie\Application Data\Mozilla\Firefox\Profiles\u9ogiwoy.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.153:C:\Documents and Settings\bobbie\Application Data\Mozilla\Firefox\Profiles\u9ogiwoy.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.154:C:\Documents and Settings\bobbie\Application Data\Mozilla\Firefox\Profiles\u9ogiwoy.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.155:C:\Documents and Settings\bobbie\Application Data\Mozilla\Firefox\Profiles\u9ogiwoy.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.156:C:\Documents and Settings\bobbie\Application Data\Mozilla\Firefox\Profiles\u9ogiwoy.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.157:C:\Documents and Settings\bobbie\Application Data\Mozilla\Firefox\Profiles\u9ogiwoy.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.158:C:\Documents and Settings\bobbie\Application Data\Mozilla\Firefox\Profiles\u9ogiwoy.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup
:mozilla.159:C:\Documents and Settings\bobbie\Application Data\Mozilla\Firefox\Profiles\u9ogiwoy.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup
:mozilla.160:C:\Documents and Settings\bobbie\Application Data\Mozilla\Firefox\Profiles\u9ogiwoy.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup
:mozilla.161:C:\Documents and Settings\bobbie\Application Data\Mozilla\Firefox\Profiles\u9ogiwoy.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup
:mozilla.162:C:\Documents and Settings\bobbie\Application Data\Mozilla\Firefox\Profiles\u9ogiwoy.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.163:C:\Documents and Settings\bobbie\Application Data\Mozilla\Firefox\Profiles\u9ogiwoy.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.164:C:\Documents and Settings\bobbie\Application Data\Mozilla\Firefox\Profiles\u9ogiwoy.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.165:C:\Documents and Settings\bobbie\Application Data\Mozilla\Firefox\Profiles\u9ogiwoy.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.166:C:\Documents and Settings\bobbie\Application Data\Mozilla\Firefox\Profiles\u9ogiwoy.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.167:C:\Documents and Settings\bobbie\Application Data\Mozilla\Firefox\Profiles\u9ogiwoy.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.168:C:\Documents and Settings\bobbie\Application Data\Mozilla\Firefox\Profiles\u9ogiwoy.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.169:C:\Documents and Settings\bobbie\Application Data\Mozilla\Firefox\Profiles\u9ogiwoy.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.170:C:\Documents and Settings\bobbie\Application Data\Mozilla\Firefox\Profiles\u9ogiwoy.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.171:C:\Documents and Settings\bobbie\Application Data\Mozilla\Firefox\Profiles\u9ogiwoy.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.172:C:\Documents and Settings\bobbie\Application Data\Mozilla\Firefox\Profiles\u9ogiwoy.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.173:C:\Documents and Settings\bobbie\Application Data\Mozilla\Firefox\Profiles\u9ogiwoy.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.174:C:\Documents and Settings\bobbie\Application Data\Mozilla\Firefox\Profiles\u9ogiwoy.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.175:C:\Documents and Settings\bobbie\Application Data\Mozilla\Firefox\Profiles\u9ogiwoy.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.176:C:\Documents and Settings\bobbie\Application Data\Mozilla\Firefox\Profiles\u9ogiwoy.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.184:C:\Documents and Settings\bobbie\Application Data\Mozilla\Firefox\Profiles\u9ogiwoy.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.185:C:\Documents and Settings\bobbie\Application Data\Mozilla\Firefox\Profiles\u9ogiwoy.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.186:C:\Documents and Settings\bobbie\Application Data\Mozilla\Firefox\Profiles\u9ogiwoy.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.187:C:\Documents and Settings\bobbie\Application Data\Mozilla\Firefox\Profiles\u9ogiwoy.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.188:C:\Documents and Settings\bobbie\Application Data\Mozilla\Firefox\Profiles\u9ogiwoy.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.189:C:\Documents and Settings\bobbie\Application Data\Mozilla\Firefox\Profiles\u9ogiwoy.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.190:C:\Documents and Settings\bobbie\Application Data\Mozilla\Firefox\Profiles\u9ogiwoy.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.191:C:\Documents and Settings\bobbie\Application Data\Mozilla\Firefox\Profiles\u9ogiwoy.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.192:C:\Documents and Settings\bobbie\Application Data\Mozilla\Firefox\Profiles\u9ogiwoy.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned with backup
:mozilla.200:C:\Documents and Settings\bobbie\Application Data\Mozilla\Firefox\Profiles\u9ogiwoy.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.201:C:\Documents and Settings\bobbie\Application Data\Mozilla\Firefox\Profiles\u9ogiwoy.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.202:C:\Documents and Settings\bobbie\Application Data\Mozilla\Firefox\Profiles\u9ogiwoy.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.203:C:\Documents and Settings\bobbie\Application Data\Mozilla\Firefox\Profiles\u9ogiwoy.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.211:C:\Documents and Settings\bobbie\Application Data\Mozilla\Firefox\Profiles\u9ogiwoy.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.215:C:\Documents and Settings\bobbie\Application Data\Mozilla\Firefox\Profiles\u9ogiwoy.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.216:C:\Documents and Settings\bobbie\Application Data\Mozilla\Firefox\Profiles\u9ogiwoy.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.226:C:\Documents and Settings\bobbie\Application Data\Mozilla\Firefox\Profiles\u9ogiwoy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.240:C:\Documents and Settings\bobbie\Application Data\Mozilla\Firefox\Profiles\u9ogiwoy.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.241:C:\Documents and Settings\bobbie\Application Data\Mozilla\Firefox\Profiles\u9ogiwoy.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.246:C:\Documents and Settings\bobbie\Application Data\Mozilla\Firefox\Profiles\u9ogiwoy.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.247:C:\Documents and Settings\bobbie\Application Data\Mozilla\Firefox\Profiles\u9ogiwoy.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.248:C:\Documents and Settings\bobbie\Application Data\Mozilla\Firefox\Profiles\u9ogiwoy.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.262:C:\Documents and Settings\bobbie\Application Data\Mozilla\Firefox\Profiles\u9ogiwoy.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.263:C:\Documents and Settings\bobbie\Application Data\Mozilla\Firefox\Profiles\u9ogiwoy.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.264:C:\Documents and Settings\bobbie\Application Data\Mozilla\Firefox\Profiles\u9ogiwoy.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.272:C:\Documents and Settings\bobbie\Application Data\Mozilla\Firefox\Profiles\u9ogiwoy.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.276:C:\Documents and Settings\bobbie\Application Data\Mozilla\Firefox\Profiles\u9ogiwoy.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup
:mozilla.277:C:\Documents and Settings\bobbie\Application Data\Mozilla\Firefox\Profiles\u9ogiwoy.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup
:mozilla.278:C:\Documents and Settings\bobbie\Application Data\Mozilla\Firefox\Profiles\u9ogiwoy.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup
:mozilla.279:C:\Documents and Settings\bobbie\Application Data\Mozilla\Firefox\Profiles\u9ogiwoy.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.280:C:\Documents and Settings\bobbie\Application Data\Mozilla\Firefox\Profiles\u9ogiwoy.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.281:C:\Documents and Settings\bobbie\Application Data\Mozilla\Firefox\Profiles\u9ogiwoy.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.282:C:\Documents and Settings\bobbie\Application Data\Mozilla\Firefox\Profiles\u9ogiwoy.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.283:C:\Documents and Settings\bobbie\Application Data\Mozilla\Firefox\Profiles\u9ogiwoy.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.284:C:\Documents and Settings\bobbie\Application Data\Mozilla\Firefox\Profiles\u9ogiwoy.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.306:C:\Documents and Settings\bobbie\Application Data\Mozilla\Firefox\Profiles\u9ogiwoy.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.307:C:\Documents and Settings\bobbie\Application Data\Mozilla\Firefox\Profiles\u9ogiwoy.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.308:C:\Documents and Settings\bobbie\Application Data\Mozilla\Firefox\Profiles\u9ogiwoy.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.315:C:\Documents and Settings\bobbie\Application Data\Mozilla\Firefox\Profiles\u9ogiwoy.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
:mozilla.316:C:\Documents and Settings\bobbie\Application Data\Mozilla\Firefox\Profiles\u9ogiwoy.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
:mozilla.320:C:\Documents and Settings\bobbie\Application Data\Mozilla\Firefox\Profiles\u9ogiwoy.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned with backup
:mozilla.321:C:\Documents and Settings\bobbie\Application Data\Mozilla\Firefox\Profiles\u9ogiwoy.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned with backup
:mozilla.332:C:\Documents and Settings\bobbie\Application Data\Mozilla\Firefox\Profiles\u9ogiwoy.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.333:C:\Documents and Settings\bobbie\Application Data\Mozilla\Firefox\Profiles\u9ogiwoy.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.334:C:\Documents and Settings\bobbie\Application Data\Mozilla\Firefox\Profiles\u9ogiwoy.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.335:C:\Documents and Settings\bobbie\Application Data\Mozilla\Firefox\Profiles\u9ogiwoy.default\cookies.txt -> TrackingCookie.Bfast : Cleaned with backup
:mozilla.355:C:\Documents and Settings\bobbie\Application Data\Mozilla\Firefox\Profiles\u9ogiwoy.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.357:C:\Documents and Settings\bobbie\Application Data\Mozilla\Firefox\Profiles\u9ogiwoy.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.358:C:\Documents and Settings\bobbie\Application Data\Mozilla\Firefox\Profiles\u9ogiwoy.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.374:C:\Documents and Settings\bobbie\Application Data\Mozilla\Firefox\Profiles\u9ogiwoy.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned with backup
:mozilla.375:C:\Documents and Settings\bobbie\Application Data\Mozilla\Firefox\Profiles\u9ogiwoy.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned with backup
:mozilla.376:C:\Documents and Settings\bobbie\Application Data\Mozilla\Firefox\Profiles\u9ogiwoy.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned with backup
:mozilla.377:C:\Documents and Settings\bobbie\Application Data\Mozilla\Firefox\Profiles\u9ogiwoy.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned with backup
:mozilla.378:C:\Documents and Settings\bobbie\Application Data\Mozilla\Firefox\Profiles\u9ogiwoy.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned with backup
:mozilla.379:C:\Documents and Settings\bobbie\Application Data\Mozilla\Firefox\Profiles\u9ogiwoy.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned with backup
:mozilla.380:C:\Documents and Settings\bobbie\Application Data\Mozilla\Firefox\Profiles\u9ogiwoy.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned with backup
:mozilla.381:C:\Documents and Settings\bobbie\Application Data\Mozilla\Firefox\Profiles\u9ogiwoy.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned with backup
:mozilla.382:C:\Documents and Settings\bobbie\Application Data\Mozilla\Firefox\Profiles\u9ogiwoy.default\cookies.txt -> TrackingCookie.Tracking101 : Cleaned with backup
:mozilla.409:C:\Documents and Settings\bobbie\Application Data\Mozilla\Firefox\Profiles\u9ogiwoy.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
:mozilla.411:C:\Documents and Settings\bobbie\Application Data\Mozilla\Firefox\Profiles\u9ogiwoy.default\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup
:mozilla.412:C:\Documents and Settings\bobbie\Application Data\Mozilla\Firefox\Profiles\u9ogiwoy.default\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup
:mozilla.422:C:\Documents and Settings\bobbie\Application Data\Mozilla\Firefox\Profiles\u9ogiwoy.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned with backup
:mozilla.423:C:\Documents and Settings\bobbie\Application Data\Mozilla\Firefox\Profiles\u9ogiwoy.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.426:C:\Documents and Settings\bobbie\Application Data\Mozilla\Firefox\Profiles\u9ogiwoy.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.437:C:\Documents and Settings\bobbie\Application Data\Mozilla\Firefox\Profiles\u9ogiwoy.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned with backup
:mozilla.491:C:\Documents and Settings\bobbie\Application Data\Mozilla\Firefox\Profiles\u9ogiwoy.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.525:C:\Documents and Settings\bobbie\Application Data\Mozilla\Firefox\Profiles\u9ogiwoy.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.526:C:\Documents and Settings\bobbie\Application Data\Mozilla\Firef

#4 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:05:42 AM

Posted 26 March 2006 - 09:52 AM

Hi self_tuaght. Ok, let's see what we can do with this. Please print these directions and then proceed with the following steps in order.

Step #1

Download CCleaner and install it but do not run it yet.

Download LSP-Fix and WinSockFix from the following links and save them to a location you can find later if necessary.LSP-Fix Download Link
WinsockFix
Remove these installed programs using Add or Remove Programs in the Control Panel:
  • Click Start.
  • Click Control Panel.
  • Double-click Add or Remove Programs.
  • Look in the Currently installed programs box for each program listed below and if it is there:
  • Click on it to select it.
  • Click Change (or Change/Remove) button.
  • If you are prompted to confirm the removal of the program, click Yes.
MyWebSearch
SpywareStrike
Big Fish Games Toolbar
IM Names
newdotnet

If you can't find NewDotNet, then please go here and follow the removal instructions in Procedure 4 at the bottom of the page.

If you can not connect to the Internet after removing New.net, please run the LSP-Fix program I had you download earlier, and click on the finish button. If you still have a problem run the WinSockFix program and click the Fix button. Reboot if you run either tool and you should be able to get back on.

Step #2

Start in Safe Mode Using the F8 method:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until the boot menu appears.
  • Use the arrow keys to select the Safe Mode menu item.
  • Press the Enter key.
Step #3

Start HijackThis and click the Scan button to perform a scan. Look for the following items and click in the checkbox in front of each item to select it:R3 - URLSearchHook: (no name) - {C7212E4B-B3D0-9507-ADFB-903B837621E0} - C:\WINDOWS\System32\ahl.dll (file missing)
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\3.bin\MWSSRCAS.DLL
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\3.bin\MWSSRCAS.DLL
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\3.bin\MWSBAR.DLL
O2 - BHO: URLLink - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet7_22.dll (file missing)
O2 - BHO: (no name) - {C7212E4B-B3D0-9507-ADFB-903B837621E0} - C:\WINDOWS\System32\ahl.dll (file missing)
O3 - Toolbar: Big Fish Games Toolbar - {4E7BD74F-2B8D-469E-86BD-FD60BB9AAE3A} - C:\PROGRA~1\BFGTOO~1\BFGTOO~1.DLL (file missing)
O3 - Toolbar: (no name) - {57F02779-3D88-4958-8AD3-83C12D86ADC7} - (no file)
O4 - HKLM\..\Run: [IMprocess] C:\Program Files\IM Names\IM-svr.EXE
O4 - HKLM\..\Run: [SpywareStrike] C:\Program Files\SpywareStrike\SpywareStrike.exe /h
O4 - HKLM\..\Run: [084c0xog.dll] RUNDLL32.EXE 084c0xog.dll,b 6980859
O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\3.bin\MWSBAR.DLL,S
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\3.bin\mwsoemon.exe
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s
O4 - HKCU\..\Run: [Usrr] "C:\Program Files\etea\rpen.exe" -vt mt
O4 - HKCU\..\Run: [Zkg] C:\WINDOWS\System32\m?dtc.exe
O4 - HKCU\..\Run: [Bata] "C:\DOCUME~1\bobbie\APPLIC~1\YMBOLS~1\mshta.exe" -vt mt
O4 - HKCU\..\Run: [Efajxctw] C:\Documents and Settings\bobbie\Application Data\??mantec\e?plorer.exe
O4 - Startup: Zeno.lnk = C:\WINDOWS\system32\swinssap.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...html?p=ZCfox000
O16 - DPF: {9AC54695-69A4-46F1-BE10-10C74F9520D5} (elitectl.DemoCtl) - http://cabs.elitemediagroup.net/cabs/mediaview.cab
O18 - Filter: text/html - {2F6E85DC-8D2D-4896-8A4F-7DF8A7B1749D} - C:\PROGRA~1\Jalmp\jalmp.dll

Now close ALL open windows except HijackThis and click the Fix Checked button to finish the repair.

Step #4

We need to make sure all hidden files are showing so please:
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View tab.
  • Under the Hidden files and folders heading select Show hidden files and folders.
  • Uncheck the Hide file extensions for known types option.
  • Uncheck the Hide protected operating system files (recommended) option.
  • Click Yes to confirm.
  • Click OK.
Find the following files/folders and delete them (don't worry if they are already gone):C:\WINDOWS\System32\ahl.dll
C:\WINDOWS\system32\swinssap.exe
C:\WINDOWS\System32\m?dtc.exe (see Note 1 below)
C:\Program Files\MyWebSearch\ <--folder
C:\Program Files\NewDotNet\ <--folder
C:\Program Files\BFGTOO~1\ <--folder (a folder whose name begins with BFGTOO)
C:\Program Files\IM Names\ <--folder
C:\Program Files\SpywareStrike\ <--folder
C:\Program Files\etea\ <--folder
C:\Program Files\Jalmp\ <--folder
C:\Documents and Settings\bobbie\Application Data\YMBOLS~1\ <--folder (a folder whose name begins with YMBOLS)
C:\Documents and Settings\bobbie\Application Data\??mantec\ <--folder (see Note 2 below)

Now perform a search for these files and delete all instances. Windows XP's search feature is a little different. When you click on 'All files and folders' on the left pane, click on the 'More advanced options' at the bottom. Make sure that Search system folders, Search hidden files and folders, and Search subfolders are checked.084c0xog.dll
Note 1
There is a valid operating system file named msdtc.exe. DO NOT DELETE THIS FILE. The rogue file will have a different letter as the 2nd character.

Note 2
There might be a folder named Symantec here. DO NOT DELETE THIS FOLDER (it is part of the anti-virus program). The rogue folder will have different letters for the 1st 2 characters.

Step #5

Start CCleaner and click on the Run Cleaner button in the lower right-hand corner. When it is finished close CCleaner.

Step #6

Reboot normally and run at least 2 of the following on-line virus scans:Bitdefender <<<Add a check by 'Autoclean'.
eTrust <<<'Cure' whatever is found, then delete if unsuccessful
Housecall <<<Put on 'Autoclean' and delete what it can't clean.
Panda ActiveScan <<<Accept default settings
If there are any files that cannot be automatically disinfected or quarantined then you will need to delete them manually.

Step #7

If you do not already have Ad-Aware SE 1.06 then follow these download and setup instructions: Ad-Aware SE Setup. Otherwise, just check for updates.

Start Ad-aware SE, click the Start button and choose Perform Full System Scan. Click the Next button and wait for the scan to complete. If anything was found, right-click on the list and choose Select All and remove all it finds.

Step #8

OK. Reboot your computer normally, start HijackThis and perform a new scan. Use the Add Reply button to post your new log file back here along with details of any problems you encountered performing the above steps and I will review it when it comes in.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#5 self_tuaght

self_tuaght
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:42 AM

Posted 29 March 2006 - 07:48 PM

Logfile of HijackThis v1.99.1
Scan saved at 4:41:54 PM, on 3/29/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\EARTHL~1\PROTEC~1\ADSSER~1.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\aim\aim.exe
C:\Documents and Settings\bobbie\Desktop\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...er=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...B_PVER}&ar=home
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SPRINT~1\SMARTB~1\SprintDSLAlert.exe
O4 - HKLM\..\Run: [Earthlink Protection Control Center] C:\Program Files\EarthLink\Protection Control Center\elnk_pcc.exe /minimize
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Microsoft Works Update Detection] c:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\aim\aim.exe -cnetwait.odl
O4 - Startup: Zeno.lnk = C:\WINDOWS\system32\swinssap.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\aim\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O10 - Broken Internet access because of LSP provider 'c:\program files\newdotnet\newdotnet7_22.dll' missing
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by7fd.bay7.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1138072001359
O16 - DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} (WildfireActiveXHost Class) - http://aolsvc.aol.com/onlinegames/ghtumblebugs/axhost.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A243F6C2-34D2-4549-BCCD-A7BEF759B236} (Seekford Solutions, Inc.'s ssiPictureUploader Control) - http://img.funtigo.com/images/uploader/ssi...ureUploader.cab
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://download.games.yahoo.com/games/web_...inematycoon.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.iwin.com/global/premium/popcap/...aploader_v6.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: ADSService - Copyrightę Aluria Software, LLC - C:\PROGRA~1\EARTHL~1\PROTEC~1\ADSSER~1.EXE
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: EarthLink Firewall Process Path Service (ElnkFWPPService) - Aluria Software, LLC. - C:\PROGRA~1\EARTHL~1\PROTEC~1\EFWPPS~1.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

#6 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:05:42 AM

Posted 01 April 2006 - 07:42 AM

Hi self_tuaght. That looks better. We still have a couple of left-over items so let's take care of those. Please print these directions and then proceed with the following steps in order.

Step #1

Download Pocket Killbox and unzip it to your desktop.
  • Double-click on KillBox.exe.
  • Click "Delete on Reboot".
  • Paste the line below into the top "Full Path of File to Delete" box.
    • C:\WINDOWS\system32\swinssap.exe
  • Click the "Delete File" button which looks like a stop sign.
  • Click "Yes" at the Delete on Reboot prompt.
  • Click "Yes" at the Delete next Reboot prompt.
  • If you get a "PendingFileRenameOperations Registry Data has been Removed by External Process!" message then just restart manually.
Step #2

Start HijackThis and click the Scan button to perform a scan. Look for the following items and click in the checkbox in front of each item to select it:O4 - Startup: Zeno.lnk = C:\WINDOWS\system32\swinssap.exe
Now close ALL open windows except HijackThis and click the Fix Checked button to finish the repair.

Step #3

Disconnect from the Internet and close all Internet Explorer Windows. Run LspFix.exe and click in the checkbox for I know what I'm doing. Click on each listing of newdotnet7_22.dll and then move it into the Remove section by clicking on the >> button that points to the right. When all instances of this dll are in the Remove section press the Finish button.

Now reboot to finish the fix.

Step #4

OK. Start HijackThis and perform a new scan. Use the Add Reply button to post your new log file back here along with details of any problems you encountered performing the above steps and I will review it when it comes in.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#7 self_tuaght

self_tuaght
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:42 AM

Posted 01 April 2006 - 10:38 AM

Logfile of HijackThis v1.99.1
Scan saved at 7:35:24 AM, on 4/1/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\EARTHL~1\PROTEC~1\ADSSER~1.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\aim\aim.exe
C:\Program Files\MessengerDiscovery\msgdiscoveryx.exe
C:\Documents and Settings\bobbie\Desktop\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...er=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...B_PVER}&ar=home
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SPRINT~1\SMARTB~1\SprintDSLAlert.exe
O4 - HKLM\..\Run: [Earthlink Protection Control Center] C:\Program Files\EarthLink\Protection Control Center\elnk_pcc.exe /minimize
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Microsoft Works Update Detection] c:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\aim\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MessengerDiscovery] C:\Program Files\MessengerDiscovery\msgdiscoveryx.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\aim\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by7fd.bay7.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1138072001359
O16 - DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} (WildfireActiveXHost Class) - http://aolsvc.aol.com/onlinegames/ghtumblebugs/axhost.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A243F6C2-34D2-4549-BCCD-A7BEF759B236} (Seekford Solutions, Inc.'s ssiPictureUploader Control) - http://img.funtigo.com/images/uploader/ssi...ureUploader.cab
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://download.games.yahoo.com/games/web_...inematycoon.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.iwin.com/global/premium/popcap/...aploader_v6.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: talkto - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: ADSService - Copyrightę Aluria Software, LLC - C:\PROGRA~1\EARTHL~1\PROTEC~1\ADSSER~1.EXE
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: EarthLink Firewall Process Path Service (ElnkFWPPService) - Aluria Software, LLC. - C:\PROGRA~1\EARTHL~1\PROTEC~1\EFWPPS~1.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

#8 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:05:42 AM

Posted 02 April 2006 - 08:13 AM

Hi self_tuaght. The log is clean. Good job! How are things running? Any more problems?

We have a couple of last steps to perform and then you're all set.

First, let's reset your hidden/system files and folders. System files are hidden for a reason and we don't want to have them openly available and susceptible to accidental deletion.
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View tab.
  • Under the Hidden files and folders heading UNSELECT Show hidden files and folders.
  • CHECK the Hide protected operating system files (recommended) option.
  • Click Yes to confirm.
  • Click OK.
Next, let's clean your restore points and set a new one:

Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs from changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected)
  • Turn off System Restore.
    • On the Desktop, right-click My Computer.
    • Click Properties.
    • Click the System Restore tab.
    • CHECK Turn off System Restore.
    • Click Apply, and then click OK.
  • Restart your computer.
  • Turn ON System Restore.
    • On the Desktop, right-click My Computer.
    • Click Properties.
    • Click the System Restore tab.
    • UN-Check Turn off System Restore.
    • Click Apply, and then click OK.
System Restore will now be active again.

Now that you are clean, to help protect your computer in the future I recommend the following free programs:
  • SpywareBlaster to help prevent spyware from installing in the first place.
  • SpywareGuard to catch and block spyware before it can execute.
  • IESpy-Ad to block access to malicious websites so you cannot be redirected to them from an infected site or email.
You already have a good firewall and a good antivirus application intalled and running. It is important to have both to protect your system, and to keep them updated.

To keep your operating system up to date visit Microsoft Windows Update monthly. Microsoft puts out new updates on the 2nd Tuesday of every month so be sure to check regularly.

And to keep your system clean be aware of what emails you open, what websites you visit, and update and run these free malware scanners once a week:To learn more about how to protect yourself while on the internet read this article by Tony Klien: So how did I get infected in the first place?

Have a safe and happy computing day!

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users