Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Farnham's Mess


  • This topic is locked This topic is locked
19 replies to this topic

#1 Farnham

Farnham

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:25 AM

Posted 02 June 2006 - 02:14 PM

I have been having alot of problems, i caught alot of stuff with Ad-Aware and S&D but I still have lots of problems. Please someone help me, thanks in advance, heres a Hijackthis log:

Logfile of HijackThis v1.99.1
Scan saved at 12:02:22 PM, on 6/2/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\QuickTime\qttask.exe
C:\defender23.exe
C:\WINDOWS\fusnakpA.exe
C:\WINDOWS\ms04646462030.exe
C:\Program Files\iciicdgw.exe
C:\WINDOWS\system32\0mcamcap.exe
C:\Program Files\webHancer\Programs\whagent.exe
C:\WINDOWS\STEM32~1\attrib.exe
C:\WINDOWS\system32\?ymantec\w?auclt.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\fusnakp.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.begin2search.com/sidesearch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.google.ca/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - _{5D60FF48-95BE-4956-B4C6-6BB168A70310} - (no file)
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
F2 - REG:system.ini: Shell=explorer.exe "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00003.exe"
F2 - REG:system.ini: UserInit=userinit.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [defender] C:\\defender23.exe
O4 - HKLM\..\Run: [keyboard] c:\\keyboard23.exe
O4 - HKLM\..\Run: [newname] c:\\newname23.exe
O4 - HKLM\..\Run: [fusnakpA] C:\WINDOWS\fusnakpA.exe
O4 - HKLM\..\Run: [TheMonitor] C:\WINDOWS\SYSC00.exe
O4 - HKLM\..\Run: [ms04646462030] C:\WINDOWS\ms04646462030.exe
O4 - HKLM\..\Run: [SysTray] C:\Program Files\iciicdgw.exe
O4 - HKLM\..\Run: [0mcamcap] C:\WINDOWS\system32\0mcamcap.exe
O4 - HKLM\..\Run: [webHancer Agent] C:\Program Files\webHancer\Programs\whagent.exe
O4 - HKLM\..\Run: [webHancer Survey Companion] C:\Program Files\webHancer\Programs\whsurvey.exe
O4 - HKLM\..\RunServices: [0mcamcap] C:\WINDOWS\system32\0mcamcap.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Trust Cleaner] C:\Program Files\Trust Cleaner\TrustCleaner.exe
O4 - HKCU\..\Run: [Smdh] "C:\WINDOWS\STEM32~1\attrib.exe" -vt yazr
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 - HKCU\..\Run: [Asclve] C:\WINDOWS\system32\?ymantec\w?auclt.exe
O4 - HKCU\..\Run: [0mcamcap] C:\WINDOWS\system32\0mcamcap.exe
O4 - HKCU\..\Run: [shell] "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00003.exe"
O4 - HKCU\..\Run: [sys_up1] C:\Program Files\Common Files\svchostsys\svchostsys.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {01347765-1965-426B-91A4-AA6BB342B9A3} (InstallerObj Class) - http://www.1-click.com/common/files/instal...hidden-test.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/MusicAcc...e/bridge-c8.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...tup1.0.0.15.cab
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://miniclips.com/puzzlepirates/miniclipGameLoader.dll
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {52A5CD24-64C6-4BAF-A4EC-4D13F451763F} (CU LiveUpdate Control) - https://www.cuworld.com/PIC/inner_pic/packages/CUworld.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/26714cbd0123f8...ip/RdxIE601.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab
O16 - DPF: {D7BF3304-138B-4DD5-86EE-491BB6A2286C} - http://www.azebar.com/1/sux.cab
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zone.msn.com/binary/WoF.cab31267.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: C:\WINDOWS\system32\taskmgr.dll
O20 - Winlogon Notify: SharedMixed - C:\WINDOWS\system32\k080lalm1dqa.dll
O21 - SSODL: DCOM Server - {2C1CD3D7-86AC-4068-93BC-A02304BB8C34} - C:\WINDOWS\system32\dcom_21.dll
O21 - SSODL: rPehCPWdN - {0C1A8547-A6B0-2FED-7965-E23E4FA34575} - C:\WINDOWS\system32\fyx.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ISEXEng - Unknown owner - C:\WINDOWS\System32\angelex.exe (file missing)
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\fusnakp.exe

BC AdBot (Login to Remove)

 


m

#2 Farnham

Farnham
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:25 AM

Posted 02 June 2006 - 05:05 PM

I seemed to have fixed most of my problems installing Prevx1 i will repost a hijackthis log to find out if there is any other problems, i know when i start windows i get a common/bin folder open and a missing file error, but everything seems to work fine other than that, heres the new log, thanks again:

Logfile of HijackThis v1.99.1
Scan saved at 3:03:00 PM, on 6/2/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Prevx1\PXConsole.exe
C:\Program Files\Prevx1\PXAgent.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.begin2search.com/sidesearch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.google.ca/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - _{5D60FF48-95BE-4956-B4C6-6BB168A70310} - (no file)
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
F2 - REG:system.ini: Shell=explorer.exe "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00003.exe"
F2 - REG:system.ini: UserInit=userinit.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [keyboard] c:\\keyboard23.exe
O4 - HKLM\..\Run: [newname] c:\\newname23.exe
O4 - HKLM\..\Run: [TheMonitor] C:\WINDOWS\SYSC00.exe
O4 - HKLM\..\Run: [webHancer Survey Companion] C:\Program Files\webHancer\Programs\whsurvey.exe
O4 - HKLM\..\Run: [PrevxOne] C:\Program Files\Prevx1\PXConsole.exe
O4 - HKCU\..\Run: [Trust Cleaner] C:\Program Files\Trust Cleaner\TrustCleaner.exe
O4 - HKCU\..\Run: [Smdh] "C:\WINDOWS\STEM32~1\attrib.exe" -vt yazr
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 - HKCU\..\Run: [Asclve] C:\WINDOWS\system32\?ymantec\w?auclt.exe
O4 - HKCU\..\Run: [0mcamcap] C:\WINDOWS\system32\0mcamcap.exe
O4 - HKCU\..\Run: [shell] "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00003.exe"
O4 - HKCU\..\Run: [sys_up1] C:\Program Files\Common Files\svchostsys\svchostsys.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {01347765-1965-426B-91A4-AA6BB342B9A3} (InstallerObj Class) - http://www.1-click.com/common/files/instal...hidden-test.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/MusicAcc...e/bridge-c8.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...tup1.0.0.15.cab
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://miniclips.com/puzzlepirates/miniclipGameLoader.dll
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {52A5CD24-64C6-4BAF-A4EC-4D13F451763F} (CU LiveUpdate Control) - https://www.cuworld.com/PIC/inner_pic/packages/CUworld.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/26714cbd0123f8...ip/RdxIE601.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab
O16 - DPF: {D7BF3304-138B-4DD5-86EE-491BB6A2286C} - http://www.azebar.com/1/sux.cab
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zone.msn.com/binary/WoF.cab31267.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O21 - SSODL: DCOM Server - {2C1CD3D7-86AC-4068-93BC-A02304BB8C34} - (no file)
O21 - SSODL: rPehCPWdN - {0C1A8547-A6B0-2FED-7965-E23E4FA34575} - (no file)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ISEXEng - Unknown owner - C:\WINDOWS\System32\angelex.exe (file missing)
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Prevx Agent (PREVXAgent) - Unknown owner - C:\Program Files\Prevx1\PXAgent.exe" -f (file missing)

#3 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:10:25 AM

Posted 03 June 2006 - 12:25 AM

Hello Farnham,

I'm afraid your mess is worse than you think it is. :thumbsup: You have no AV installed, and your computer has been severely compromised.

I hate to the bearer of bad news but, your log shows a very dangerous Trojan is residing on your PC.
Described here http://www.liutilities.com/products/wintas...brary/ibm00001/ as Trojan.W32.Torpig

Torpig Trojan
The Trojan attempts to steal passwords, as well as logging keypresses and open window titles to text files and periodically sends the collected information to a remote user via HTTP. The Trojan downloads and executes additional files from a remote site. Configuration files may also be downloaded which define further behaviors.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or it if it contains any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the Trojan has been identified and can be killed, because of it's backdoor functionality, Your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of Trojan, the best course of action would be a reformat and reinstall of the OS. If it were on my PC I would not hesitate for a moment to do so. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

Should you decide not to follow that advice, we will of course do our best to clean the computer of any infections that we can see but, as I already stated, we can in no way guarantee it to be trustworthy.

Should you have any questions, please feel free to ask.

Please let us know what you have decided to do.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#4 Farnham

Farnham
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:25 AM

Posted 03 June 2006 - 12:57 PM

Thanks Tea for your "evil" words :thumbsup: I suppose I shall go through my computer and save any information I need to keep, can we clean up what I have for now, or will it be unharmful if I am not connected to the internet? And if I install a new HD would I be ok to access the internet? Thanks again.

#5 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:10:25 AM

Posted 03 June 2006 - 04:13 PM

Hi again,

I'm sorry, but you had to know just how compromised your system is. :thumbsup: This malware IS evil and doesn't care who it infects. :flowers:

We can clean this, if you like, as long as you're aware of just how bad it is, and dangerous it is, if you have sensitive information stored in your computer. If you're able to download tools and ESPECIALLY an AV to a clean computer, save to disk and transfer to the infected one, that would be great. Or, we can continue with this computer if you don't have anything sensitive to protect. It's up to you. :huh:

Just to be on the safe side, I would not recommend adding a new HD to the mix until this one is clean. Is that what you're asking?

AVG, Avira OR Avast are good FREE antivirus.
Never install more than one antivirus scanner or firewall on your system! Several together can give you problems and decrease the reliability of it seriously!

Let me know what you want to do. :huh:

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#6 Farnham

Farnham
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:25 AM

Posted 03 June 2006 - 06:21 PM

I was asking if i could take this one out to put a new one in a computer i dont have internet access on? and yea lets fix this one up for now if we can and ill stick it off to the side when its clean. I will download a AV and did you need a new HJT log?

#7 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:10:25 AM

Posted 03 June 2006 - 07:05 PM

Hello,

No, I believe there's enough here for us to get started without a new log. :thumbsup:

Look in your control panel's add/remove programs for PuritySCAN By OIN, OuterInfo, OIN or similar. Click on it and then click remove.

Reboot and if found, delete this folder:

C:\Program Files\PurityScan

If not listed, download and run this uninstaller:
http://www.outerinfo.com/OiUninstaller.exe
http://www.outerinfo.com/howto.html
Tutorial for the uninstaller if needed

Reboot when done and if found, delete this folder:

C:\Program Files\PurityScan

Do not run this unless you lose connectivity from Removing WebHancer
Please download LSPfix from here:
http://www.downloads.subratam.org/lspfix.zip
Unzip it to the desktop and run it, IF necessary. Check "I know what I'm doing", and then select each instance of "BADFILE.dll"(In this case relating to WebHancer) in the left-hand panel and click >> to move it to the right-hand panel. Then click Finish to allow LSPfix to rebuild the LSP chain.

Uninstall via Add/Remove Programs > WebHancer

Please download Brute Force Uninstaller.
Unzip it to its own folder (c:\BFU)

RIGHT-CLICK HERE and choose "Save As" (in IE it's "Save Target As") in order to download Alcra Remover. Save it in the folder you made earlier (c:\BFU).

Open My Computer and navigate to the c:\BFU folder. Start the Brute Force Uninstaller by doubleclicking BFU.exe

In the scriptline to execute field copy and paste c:\bfu\alcanshorty.bfu
Press execute and let it do its job.

Wait for the complete script execution box to pop up and press OK.
Press exit to terminate the BFU program.

That's a start. :flowers: In your reply, post a new HijackThis log, and we'll go to some serious cleaning from there.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#8 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:10:25 AM

Posted 03 June 2006 - 07:21 PM

An additional task, please. You'll be helping in malware analysis here! :thumbsup:

I need to get an export of the files being started via the SharedTaskScheduler registry key.

Please download the following file and save it to your desktop:

getsts.exe

Once it has downloaded, please double-click on the file, which should now be on your desktop. When the program is finished, it will create a text file on your desktop called getsts.txt and open it in notepad.

Please post the contents of this notepad as a reply to this topic.

Thanks again,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#9 Farnham

Farnham
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:25 AM

Posted 03 June 2006 - 08:53 PM

Thanks for your help tea :thumbsup: your great for helping me!

In regards to the situation, I found nothing in the Add/Remove programs list that is PurityScan, OIN, or OuterInfo, and nothing even remotely close, purityscan was not found on my computer's program files folder either, I used the OIUninstaller and rebooted.
I do not believe I was intended to download lspfix or use it, but i did download and look through it, i can tell you that from what your instructions say i was baffled at what to do so i closed the program, when i went to add/remove i found no sign of webhancer anywhere. I used BFU and the .bfu file as it was running AVG found multiple viruses in which i "Heal"ed any i could and "Vault"ed the others. I took the log from the BFU program in case you need it, i will post it in the next reply.

Here is the result from getsts:

(GetSTS.exe) SharedTaskScheduler exporter by Lawrence Abrams (Grinler)
Copyright© 2006 BleepingComputer.com

(HKLM) {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader => %SystemRoot%\System32\browseui.dll

(HKLM) {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon => %SystemRoot%\System32\browseui.dll



And here is the HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 6:49:05 PM, on 6/3/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Prevx1\PXConsole.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Prevx1\PXAgent.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.begin2search.com/sidesearch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.google.ca/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - _{5D60FF48-95BE-4956-B4C6-6BB168A70310} - (no file)
F2 - REG:system.ini: Shell=explorer.exe "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00003.exe"
F2 - REG:system.ini: UserInit=userinit.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PrevxOne] C:\Program Files\Prevx1\PXConsole.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [Trust Cleaner] C:\Program Files\Trust Cleaner\TrustCleaner.exe
O4 - HKCU\..\Run: [0mcamcap] C:\WINDOWS\system32\0mcamcap.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {01347765-1965-426B-91A4-AA6BB342B9A3} (InstallerObj Class) - http://www.1-click.com/common/files/instal...hidden-test.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/MusicAcc...e/bridge-c8.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...tup1.0.0.15.cab
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://miniclips.com/puzzlepirates/miniclipGameLoader.dll
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {52A5CD24-64C6-4BAF-A4EC-4D13F451763F} (CU LiveUpdate Control) - https://www.cuworld.com/PIC/inner_pic/packages/CUworld.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/26714cbd0123f8...ip/RdxIE601.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab
O16 - DPF: {D7BF3304-138B-4DD5-86EE-491BB6A2286C} - http://www.azebar.com/1/sux.cab
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zone.msn.com/binary/WoF.cab31267.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O21 - SSODL: DCOM Server - {2C1CD3D7-86AC-4068-93BC-A02304BB8C34} - (no file)
O21 - SSODL: rPehCPWdN - {0C1A8547-A6B0-2FED-7965-E23E4FA34575} - (no file)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: ISEXEng - Unknown owner - C:\WINDOWS\System32\angelex.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Prevx Agent (PREVXAgent) - Unknown owner - C:\Program Files\Prevx1\PXAgent.exe" -f (file missing)

P.S. this is the first time i have went to anyone for computer help, please bear with me if I do not understand some instructions or screw up in any way :flowers: Also, is there any way of telling how long this security hole has been in my computer?

#10 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:10:25 AM

Posted 03 June 2006 - 09:57 PM

Hello,

You did better than you think you did! :thumbsup: Purity scan is gone from the log, so the uninstaller worked. WebHancer shows also to be gone. You were right not to run the LSP fix. That was a "Just in case" tool anyway. Sometimes when your internet is hijacked like that, the connectivity is broken when you try to remove it. Looks like AVG is doing a good job already!

I really can't tell at a glance how long this has been going on for you. You're doing just fine here, especially as badly as you're infected. :flowers:

I really want to wait for Grinler's reply on the getSTS report before we do anything major, but there is something you can do to help with that.

Please download SmitfraudFix (by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply, along with a new HijackThis log.

We'll get down to serious business next post, so be ready! :huh:

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#11 Farnham

Farnham
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:25 AM

Posted 03 June 2006 - 10:01 PM

SmitFraudFix v2.53

Scan done at 19:56:55.31, Sat 06/03/2006
Run from C:\Documents and Settings\Travis.FARNHAM\Desktop
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix ran in normal mode

C:\


C:\WINDOWS

C:\WINDOWS\azesearch.bmp FOUND !

C:\WINDOWS\system


C:\WINDOWS\Web


C:\WINDOWS\system32

C:\WINDOWS\system32\dcom_18.dll FOUND !

C:\Documents and Settings\Travis.FARNHAM\Application Data

C:\Documents and Settings\Travis.FARNHAM\Application Data\Install.dat FOUND !

Start Menu


C:\DOCUME~1\TRAVIS~1.FAR\FAVORI~1


Desktop


C:\Program Files


Corrupted keys


Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"


Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{2C1CD3D7-86AC-4068-93BC-A02304BB8C34}"="DCOM Server"

[HKEY_CLASSES_ROOT\CLSID\{2C1CD3D7-86AC-4068-93BC-A02304BB8C34}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{2C1CD3D7-86AC-4068-93BC-A02304BB8C34}\InProcServer32]

Scanning wininet.dll infection


End




HJT:


Logfile of HijackThis v1.99.1
Scan saved at 7:58:34 PM, on 6/3/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Prevx1\PXConsole.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Prevx1\PXAgent.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.begin2search.com/sidesearch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.google.ca/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - _{5D60FF48-95BE-4956-B4C6-6BB168A70310} - (no file)
F2 - REG:system.ini: Shell=explorer.exe "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00003.exe"
F2 - REG:system.ini: UserInit=userinit.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PrevxOne] C:\Program Files\Prevx1\PXConsole.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [Trust Cleaner] C:\Program Files\Trust Cleaner\TrustCleaner.exe
O4 - HKCU\..\Run: [0mcamcap] C:\WINDOWS\system32\0mcamcap.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {01347765-1965-426B-91A4-AA6BB342B9A3} (InstallerObj Class) - http://www.1-click.com/common/files/instal...hidden-test.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/MusicAcc...e/bridge-c8.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...tup1.0.0.15.cab
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://miniclips.com/puzzlepirates/miniclipGameLoader.dll
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {52A5CD24-64C6-4BAF-A4EC-4D13F451763F} (CU LiveUpdate Control) - https://www.cuworld.com/PIC/inner_pic/packages/CUworld.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/26714cbd0123f8...ip/RdxIE601.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab
O16 - DPF: {D7BF3304-138B-4DD5-86EE-491BB6A2286C} - http://www.azebar.com/1/sux.cab
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zone.msn.com/binary/WoF.cab31267.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O21 - SSODL: DCOM Server - {2C1CD3D7-86AC-4068-93BC-A02304BB8C34} - (no file)
O21 - SSODL: rPehCPWdN - {0C1A8547-A6B0-2FED-7965-E23E4FA34575} - (no file)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: ISEXEng - Unknown owner - C:\WINDOWS\System32\angelex.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Prevx Agent (PREVXAgent) - Unknown owner - C:\Program Files\Prevx1\PXAgent.exe" -f (file missing)

#12 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:10:25 AM

Posted 03 June 2006 - 11:07 PM

Hello,

Okay, we can do this now! :thumbsup:

Before beginning, you may want to save these instructions to Notepad or print them out for easier reference.

We need to uninstall these programs first to make it easier to get rid of leftovers later.
To do this : Click start > controlpanel > add/remove Programs and uninstall the following, if present :

TrustCleaner
begin2search
sidesearch


Please run HijackThis! and click "Scan." Place checks next to the following entries, if present:

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.begin2search.com/sidesearch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R3 - URLSearchHook: (no name) - _{5D60FF48-95BE-4956-B4C6-6BB168A70310} - (no file)
F2 - REG:system.ini: Shell=explorer.exe "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00003.exe"
O4 - HKCU\..\Run: [Trust Cleaner] C:\Program Files\Trust Cleaner\TrustCleaner.exe
O4 - HKCU\..\Run: [0mcamcap] C:\WINDOWS\system32\0mcamcap.exe
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/MusicAcc...e/bridge-c8.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...tup1.0.0.15.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/26714cbd0123f8...ip/RdxIE601.cab
O16 - DPF: {D7BF3304-138B-4DD5-86EE-491BB6A2286C} - http://www.azebar.com/1/sux.cab
O21 - SSODL: DCOM Server - {2C1CD3D7-86AC-4068-93BC-A02304BB8C34} - (no file)
O21 - SSODL: rPehCPWdN - {0C1A8547-A6B0-2FED-7965-E23E4FA34575} - (no file)
O23 - Service: ISEXEng - Unknown owner - C:\WINDOWS\System32\angelex.exe (file missing)


Close all browser and other windows except for HijackThis!, and click "Fix Checked".

Also, delete the following files (if they exist):

c:\secure32.html <-----you'll have to use search for this one
C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00003.exe
C:\Program Files\Trust Cleaner <---this folder
C:\WINDOWS\system32\0mcamcap.exe

Reboot your computer.

* Clean your Cache and Cookies in IE:
  • Close all instances of Outlook Express and Internet Explorer
  • Go to Control Panel > Internet Options > General tab
  • Click the "Delete Cookies" button
  • Next to it, Click the "Delete Files" button
  • When prompted, place a check in: "Delete all offline content", click OK
* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):
  • Go to Tools > Options.
  • Click Privacy in the menu on the left side of the Options window.
  • Click the Clear button located to the right of each option (History, Cookies, Cache).
  • Click OK to close the Options window
    Alternatively, you can clear all information stored while browsing by clicking Clear All.
    A confirmation dialog box will be shown before clearing the information.
* Clean other Temporary files + Recycle bin
  • Go to start > run and type: cleanmgr and click ok.
  • Let it scan your system for files to remove.
  • Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.
  • Press OK to remove them.
* Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
  • Doubleclick the drweb-cureit.exe file and Allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, mark the drives that you want to scan.
  • Select all drives. A red dot shows which drives have been chosen.
  • Click the green arrow at the right, and the scan will start.
  • Click 'Yes to all' if it asks if you want to cure/move the file.
  • When the scan has finished, look if you can click next icon next to the files found: Posted Image
  • If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
    Posted Image
    This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
  • After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
  • Save the report to your desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit.
  • Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web you saved previously in your next reply, along with a new HijackThis log.
Let me know how it's running now. :flowers:

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#13 Farnham

Farnham
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:25 AM

Posted 04 June 2006 - 01:11 PM

Wow tea, just wow, when i ran ran Dr. Web I was suprised at the amount of viruses it picked up, supremely excellent work :huh: Thanks so much for helping me. :flowers: :huh:


Back to business, here is the Dr. Web log you requested:

FamilyFeudSetup-dm.exe;C:\Backup CD's\Games;Adware.TryMedia;Incurable.Moved.;
raven_t4cS.exe;C:\DaS\Travis\Local Settings\Temp\EACDownload;Probably DLOADER.Trojan;Incurable.Moved.;
16846[1].htm;C:\DaS\Travis\Local Settings\Temporary Internet Files\Content.IE5\PNV31DOE;Exploit.CodeBase;Deleted.;
Dummy.class-393d648-388d5cd0.class;C:\Documents and Settings\Travis.FARNHAM\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file;Trojan.NoCheat.240;Deleted.;
Dummy.class-7e4442f4-31540fb7.class;C:\Documents and Settings\Travis.FARNHAM\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file;Trojan.NoCheat.240;Deleted.;
ququc.dll;C:\Program Files\Common Files\ququ\ququd;Adware.TargetServer;Incurable.Moved.;
wuninst.exe;C:\Program Files\SiSLan;Trojan.DownLoader.9894;Deleted.;
A0050434.dll;C:\System Volume Information\_restore{26EC15EC-D178-4031-BAF5-5CD2ED8E5968}\RP91;Probably DLOADER.Trojan;Incurable.Moved.;
A0050435.dll;C:\System Volume Information\_restore{26EC15EC-D178-4031-BAF5-5CD2ED8E5968}\RP91;Probably DLOADER.Trojan;Incurable.Moved.;
A0140425.dll;C:\System Volume Information\_restore{6234EDDA-D27C-4868-988C-64EAF1B4959E}\RP569;Probably STPAGE.Trojan;Incurable.Moved.;
A0145369.DLL;C:\System Volume Information\_restore{6234EDDA-D27C-4868-988C-64EAF1B4959E}\RP607;Trojan.Funweb;Deleted.;
A0145370.DLL;C:\System Volume Information\_restore{6234EDDA-D27C-4868-988C-64EAF1B4959E}\RP607;Adware.MWS;Incurable.Moved.;
A0145372.DLL;C:\System Volume Information\_restore{6234EDDA-D27C-4868-988C-64EAF1B4959E}\RP607;Adware.Websearch;Incurable.Moved.;
A0145373.EXE;C:\System Volume Information\_restore{6234EDDA-D27C-4868-988C-64EAF1B4959E}\RP607;Adware.Websearch;Incurable.Moved.;
A0145379.dll;C:\System Volume Information\_restore{6234EDDA-D27C-4868-988C-64EAF1B4959E}\RP607;Adware.Websearch;Incurable.Moved.;
A0145881.exe;C:\System Volume Information\_restore{6234EDDA-D27C-4868-988C-64EAF1B4959E}\RP614;Trojan.DownLoader.10320;Incurable.Moved.;
A0145886.exe;C:\System Volume Information\_restore{6234EDDA-D27C-4868-988C-64EAF1B4959E}\RP614;Trojan.DownLoader.10205;Deleted.;
A0145889.exe;C:\System Volume Information\_restore{6234EDDA-D27C-4868-988C-64EAF1B4959E}\RP614;Adware.Look2me;Incurable.Moved.;
A0145930.dll;C:\System Volume Information\_restore{6234EDDA-D27C-4868-988C-64EAF1B4959E}\RP614;Adware.Look2me;Incurable.Moved.;
A0145931.exe\data001;C:\System Volume Information\_restore{6234EDDA-D27C-4868-988C-64EAF1B4959E}\RP614\A0145931.exe;Trojan.Fakealert;;
A0145931.exe;C:\System Volume Information\_restore{6234EDDA-D27C-4868-988C-64EAF1B4959E}\RP614;Archive contains infected objects;Moved.;
A0145935.exe;C:\System Volume Information\_restore{6234EDDA-D27C-4868-988C-64EAF1B4959E}\RP614;Adware.WebHancer;Incurable.Moved.;
A0145936.dll;C:\System Volume Information\_restore{6234EDDA-D27C-4868-988C-64EAF1B4959E}\RP614;Adware.WebHancer;Incurable.Moved.;
A0145937.dll;C:\System Volume Information\_restore{6234EDDA-D27C-4868-988C-64EAF1B4959E}\RP614;Adware.WebHancer;Incurable.Moved.;
A0145942.exe;C:\System Volume Information\_restore{6234EDDA-D27C-4868-988C-64EAF1B4959E}\RP614;Trojan.DownLoader.9894;Deleted.;
A0145943.ocx;C:\System Volume Information\_restore{6234EDDA-D27C-4868-988C-64EAF1B4959E}\RP614;Adware.AzeSearch;Incurable.Moved.;
MFEX-3.DAT;C:\System Volume Information\_restore{6234EDDA-D27C-4868-988C-64EAF1B4959E}\RP614\snapshot;Probably DLOADER.Trojan;Incurable.Moved.;
MFEX-4.DAT;C:\System Volume Information\_restore{6234EDDA-D27C-4868-988C-64EAF1B4959E}\RP614\snapshot;Adware.WebHancer;Incurable.Moved.;
MFEX-5.DAT;C:\System Volume Information\_restore{6234EDDA-D27C-4868-988C-64EAF1B4959E}\RP614\snapshot;Adware.WebHancer;Incurable.Moved.;
A0146219.dll;C:\System Volume Information\_restore{6234EDDA-D27C-4868-988C-64EAF1B4959E}\RP615;Adware.Look2me;Incurable.Moved.;
A0146225.exe;C:\System Volume Information\_restore{6234EDDA-D27C-4868-988C-64EAF1B4959E}\RP615;Adware.WebHancer;Incurable.Moved.;
A0146232.ocx;C:\System Volume Information\_restore{6234EDDA-D27C-4868-988C-64EAF1B4959E}\RP615;Adware.AzeSearch;Incurable.Moved.;
A0146233.dll;C:\System Volume Information\_restore{6234EDDA-D27C-4868-988C-64EAF1B4959E}\RP615;Adware.AzeSearch;Incurable.Moved.;
A0146235.exe;C:\System Volume Information\_restore{6234EDDA-D27C-4868-988C-64EAF1B4959E}\RP615;Probably DLOADER.Trojan;Incurable.Moved.;
A0146237.dll;C:\System Volume Information\_restore{6234EDDA-D27C-4868-988C-64EAF1B4959E}\RP615;Adware.WebHancer;Incurable.Moved.;
A0146239.dll;C:\System Volume Information\_restore{6234EDDA-D27C-4868-988C-64EAF1B4959E}\RP615;Adware.WebHancer;Incurable.Moved.;
A0146242.dll;C:\System Volume Information\_restore{6234EDDA-D27C-4868-988C-64EAF1B4959E}\RP615;Adware.Look2me;Incurable.Moved.;
A0146243.dll;C:\System Volume Information\_restore{6234EDDA-D27C-4868-988C-64EAF1B4959E}\RP615;Trojan.Proxy.493;Deleted.;
A0146244.exe;C:\System Volume Information\_restore{6234EDDA-D27C-4868-988C-64EAF1B4959E}\RP615;Trojan.Proxy.493;Deleted.;
A0146245.exe;C:\System Volume Information\_restore{6234EDDA-D27C-4868-988C-64EAF1B4959E}\RP615;Trojan.DnsChange;Deleted.;
A0146250.exe;C:\System Volume Information\_restore{6234EDDA-D27C-4868-988C-64EAF1B4959E}\RP615;Trojan.DownLoader.9894;Deleted.;
A0146259.exe;C:\System Volume Information\_restore{6234EDDA-D27C-4868-988C-64EAF1B4959E}\RP616;Trojan.Click.1211;Deleted.;
A0146270.exe;C:\System Volume Information\_restore{6234EDDA-D27C-4868-988C-64EAF1B4959E}\RP616;Adware.Spysheriff;Incurable.Moved.;
A0146274.exe;C:\System Volume Information\_restore{6234EDDA-D27C-4868-988C-64EAF1B4959E}\RP616;Trojan.Popuper;Deleted.;
A0147501.exe;C:\System Volume Information\_restore{6234EDDA-D27C-4868-988C-64EAF1B4959E}\RP619;Trojan.PWS.Snap;Deleted.;
A0148497.exe;C:\System Volume Information\_restore{6234EDDA-D27C-4868-988C-64EAF1B4959E}\RP619;Adware.WebHancer;Incurable.Moved.;
A0148498.dll;C:\System Volume Information\_restore{6234EDDA-D27C-4868-988C-64EAF1B4959E}\RP619;Adware.WebHancer;Incurable.Moved.;
A0148499.dll;C:\System Volume Information\_restore{6234EDDA-D27C-4868-988C-64EAF1B4959E}\RP619;Adware.WebHancer;Incurable.Moved.;
A0148663.exe;C:\System Volume Information\_restore{6234EDDA-D27C-4868-988C-64EAF1B4959E}\RP620;Probably DLOADER.Trojan;Incurable.Moved.;
A0148665.exe;C:\System Volume Information\_restore{6234EDDA-D27C-4868-988C-64EAF1B4959E}\RP620;Adware.Etan;Incurable.Moved.;
A0148666.exe;C:\System Volume Information\_restore{6234EDDA-D27C-4868-988C-64EAF1B4959E}\RP620;Trojan.PWS.Snap;Deleted.;
A0148669.dll;C:\System Volume Information\_restore{6234EDDA-D27C-4868-988C-64EAF1B4959E}\RP620;Adware.WebHancer;Incurable.Moved.;
A0148674.dll;C:\System Volume Information\_restore{6234EDDA-D27C-4868-988C-64EAF1B4959E}\RP620;Probably DLOADER.PWS.Trojan;Incurable.Moved.;
A0148743.exe;C:\System Volume Information\_restore{6234EDDA-D27C-4868-988C-64EAF1B4959E}\RP621;Adware.WebHancer;Incurable.Moved.;
A0148747.dll;C:\System Volume Information\_restore{6234EDDA-D27C-4868-988C-64EAF1B4959E}\RP621;Adware.WebHancer;Incurable.Moved.;
A0148764.exe;C:\System Volume Information\_restore{6234EDDA-D27C-4868-988C-64EAF1B4959E}\RP621;Trojan.DownLoader.10155;Incurable.Moved.;
A0148766.exe;C:\System Volume Information\_restore{6234EDDA-D27C-4868-988C-64EAF1B4959E}\RP621;Trojan.DownLoader.10155;Incurable.Moved.;
A0148907.exe;C:\System Volume Information\_restore{6234EDDA-D27C-4868-988C-64EAF1B4959E}\RP621;Trojan.DownLoader.9894;Deleted.;



And the new HJT log:


Logfile of HijackThis v1.99.1
Scan saved at 11:04:35 AM, on 6/4/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Prevx1\PXConsole.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Prevx1\PXAgent.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.google.ca/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PrevxOne] C:\Program Files\Prevx1\PXConsole.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {01347765-1965-426B-91A4-AA6BB342B9A3} (InstallerObj Class) - http://www.1-click.com/common/files/instal...hidden-test.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://miniclips.com/puzzlepirates/miniclipGameLoader.dll
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {52A5CD24-64C6-4BAF-A4EC-4D13F451763F} (CU LiveUpdate Control) - https://www.cuworld.com/PIC/inner_pic/packages/CUworld.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zone.msn.com/binary/WoF.cab31267.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Prevx Agent (PREVXAgent) - Unknown owner - C:\Program Files\Prevx1\PXAgent.exe" -f (file missing)



I'd just like to note through your whole walkthrough on guiding me that most of the stuff that was not there is because i did not recognize them and deleted them myself, ive almost done everything you guided me to do here, except a few things, I even had BFU just didn't have the alcanshorty.bfu file to do anything with the program :huh:

So like i said heres what happened today, i went to add/remove and of course could not find any of those programs, as I'm not terribly fluent with HJT i seen you posted which files to check and delete, so i did my own version first to just see which ones i could get right, i missed 7 of the ones you checked and got the others correct :huh: I then proceeded with a reboot and deleted cookies, cache, etc. etc. I've never had to delete them from Firefox before, but i think i dit it right :huh: Then onto the wonderful world of Dr. Web which scanned every file on my computer, as seen in the log there was an impressive amount of stuff that was picked up, anything that was noticed by AVG i "Heal"ed and the ones that couldn't were "Vault"ed. So as it seems were looking alot better.

Now onto the current problems my system still has (that I know of):

Uninstall Aze Bar is still in my Add/Remove programs list, I don't know if it is still on my computer or not, or how to get rid of this from the list.

Ontop of that I have a program I used to use call CUWorld on that same list that when i do click to remove it, it seems to pop up a uninstaller for a different program and then looks for a .cab file which i don't have. It seems there is something in the HJT log about CUWorld, could that be my problem?

And thats it, thanks again tea, looking forward to your next post :thumbsup:

#14 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:10:25 AM

Posted 04 June 2006 - 08:36 PM

Hi there,

Wow...even I'm surprised here! :thumbsup: Your log is clean except for a couple of 016 entries. How is it running??

Let's take care of those entries and see what's left to do. :flowers:

Please run HijackThis! and click "Scan." Place checks next to the following entries, if present:

O16 - DPF: {01347765-1965-426B-91A4-AA6BB342B9A3} (InstallerObj Class) - http://www.1-click.com/common/files/instal...hidden-test.cab
O16 - DPF: {52A5CD24-64C6-4BAF-A4EC-4D13F451763F} (CU LiveUpdate Control) - https://www.cuworld.com/PIC/inner_pic/packages/CUworld.cab


Close all browser and other windows except for HijackThis!, and click "Fix Checked".

* Clean your Cache and Cookies in IE:
  • Close all instances of Outlook Express and Internet Explorer
  • Go to Control Panel > Internet Options > General tab
  • Click the "Delete Cookies" button
  • Next to it, Click the "Delete Files" button
  • When prompted, place a check in: "Delete all offline content", click OK
* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):
  • Go to Tools > Options.
  • Click Privacy in the menu on the left side of the Options window.
  • Click the Clear button located to the right of each option (History, Cookies, Cache).
  • Click OK to close the Options window
    Alternatively, you can clear all information stored while browsing by clicking Clear All.
    A confirmation dialog box will be shown before clearing the information.
* Clean other Temporary files + Recycle bin
  • Go to start > run and type: cleanmgr and click ok.
  • Let it scan your system for files to remove.
  • Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.
  • Press OK to remove them.
Navigate to your Prefetch folder and empty everything in there. Not the folder itself!

Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs changing those files.This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected)

1. Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

2. Reboot.

3. Turn ON System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.

Now let's see what Ewido picks up.

Please download, install, and update the free version of Ewido Anti-Malware:
  • When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
  • When you run Ewido for the first time, you might get a warning "Database could not be found!". Click OK. We will fix this in a moment.
  • From the main Ewido screen, click on update in the left menu, then click the Start update button.
  • After the update finishes, the status bar at the bottom will display "Update successful"
  • Click on Scanner
  • Click on Complete System Scan and the scan will begin.
  • If ewido finds anything, it will pop up a notification. You can select "clean" and check the boxes "Perform action with all infections" and "Create encrypted backup" before clicking on OK.
  • When the scan is finished, click the Save report button at the bottom of the screen.
  • Save the report to your desktop
  • Close Ewido
In your reply, please post the report from Ewido and a new HijackThis log. Let me know how your computer is running now!

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#15 Farnham

Farnham
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:25 AM

Posted 04 June 2006 - 10:41 PM

Heres the ewido report, again, surprised at what it found, although it seems most of it is cookies.
I thought we deleted the cookies though :thumbsup: oh well. :flowers:

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 8:35:13 PM, 6/4/2006
+ Report-Checksum: 136D4DDB

+ Scan result:

HKLM\SOFTWARE\Classes\ImgConv.clsImgConv -> Adware.WebRebates : Cleaned with backup
HKLM\SOFTWARE\Classes\ImgConv.clsImgConv\Clsid -> Adware.WebRebates : Cleaned with backup
HKLM\SOFTWARE\Classes\MediaAccX.Installer -> Adware.WinAd : Cleaned with backup
HKLM\SOFTWARE\Classes\MediaAccX.Installer\CLSID -> Adware.WinAd : Cleaned with backup
HKLM\SOFTWARE\Classes\PROTOCOLS\Name-Space Handler\res -> Adware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\Clickspring -> Adware.PurityScan : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins -> Adware.WebRebates : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Windows SR 3.0 -> Adware.BlazeFind : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Windows SR 3.0\- -> Adware.BlazeFind : Cleaned with backup
HKLM\SOFTWARE\SearchRelevancy -> Adware.SearchRelevancy : Cleaned with backup
HKLM\SOFTWARE\SearchRelevancy\Update -> Adware.SearchRelevancy : Cleaned with backup
HKLM\SOFTWARE\SurfSideKick3 -> Adware.SurfSide : Cleaned with backup
HKLM\SOFTWARE\SurfSideKick3\Internet Explorer -> Adware.SurfSide : Cleaned with backup
HKLM\SOFTWARE\webhancer -> Adware.WebHancer : Cleaned with backup
HKLM\SOFTWARE\webhancer\CC -> Adware.WebHancer : Cleaned with backup
HKLM\SOFTWARE\Windows ServeAd -> Adware.BlazeFind : Cleaned with backup
HKLM\SYSTEM\CurrentControlSet\Services\ISEXEng -> Adware.BargainBuddy : Cleaned with backup
HKLM\SYSTEM\CurrentControlSet\Services\ISEXEng\Security -> Adware.BargainBuddy : Cleaned with backup
HKLM\SYSTEM\CurrentControlSet\Services\ISEXEng\Enum -> Adware.BargainBuddy : Cleaned with backup
HKU\S-1-5-21-1644491937-1580818891-1343024091-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A19EF336-01D4-48E6-926A-FE7E1C747AED} -> Adware.MWSearch : Cleaned with backup
HKU\S-1-5-21-1644491937-1580818891-1343024091-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DA7FF3F8-08BE-4CAC-BC00-94D91C6AE7F4} -> Adware.MWSearch : Cleaned with backup
HKU\S-1-5-21-1644491937-1580818891-1343024091-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F65B197F-8260-4D52-909A-F70118E646EB} -> Adware.MWSearch : Cleaned with backup
:mozilla.10:C:\Documents and Settings\Travis\Application Data\Mozilla\Profiles\Travis\2jcrahfa.slt\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\Travis\Cookies\travis@112.2o7[2].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Travis\Cookies\travis@ad.adition[2].txt -> TrackingCookie.Adition : Cleaned with backup
C:\Documents and Settings\Travis\Cookies\travis@adorigin[1].txt -> TrackingCookie.Adorigin : Cleaned with backup
C:\Documents and Settings\Travis\Cookies\travis@ads14.hyperbanner[2].txt -> TrackingCookie.Hyperbanner : Cleaned with backup
C:\Documents and Settings\Travis\Cookies\travis@ads15.bpath[1].txt -> TrackingCookie.Bpath : Cleaned with backup
C:\Documents and Settings\Travis\Cookies\travis@ads18.bpath[1].txt -> TrackingCookie.Bpath : Cleaned with backup
C:\Documents and Settings\Travis\Cookies\travis@banner.casinosolei[2].txt -> TrackingCookie.Casinosolei : Cleaned with backup
C:\Documents and Settings\Travis\Cookies\travis@c.enhance[1].txt -> TrackingCookie.Enhance : Cleaned with backup
C:\Documents and Settings\Travis\Cookies\travis@casinosolei[1].txt -> TrackingCookie.Casinosolei : Cleaned with backup
C:\Documents and Settings\Travis\Cookies\travis@cliks[1].txt -> TrackingCookie.Cliks : Cleaned with backup
C:\Documents and Settings\Travis\Cookies\travis@com[2].txt -> TrackingCookie.Com : Cleaned with backup
C:\Documents and Settings\Travis\Cookies\travis@cz4.clickzs[1].txt -> TrackingCookie.Clickzs : Cleaned with backup
C:\Documents and Settings\Travis\Cookies\travis@cz7.clickzs[1].txt -> TrackingCookie.Clickzs : Cleaned with backup
C:\Documents and Settings\Travis\Cookies\travis@cz8.clickzs[1].txt -> TrackingCookie.Clickzs : Cleaned with backup
C:\Documents and Settings\Travis\Cookies\travis@download.com[1].txt -> TrackingCookie.Com : Cleaned with backup
C:\Documents and Settings\Travis\Cookies\travis@goldenpalace[2].txt -> TrackingCookie.Goldenpalace : Cleaned with backup
C:\Documents and Settings\Travis\Cookies\travis@krone.oewabox[1].txt -> TrackingCookie.Oewabox : Cleaned with backup
C:\Documents and Settings\Travis\Cookies\travis@oxcash[1].txt -> TrackingCookie.Oxcash : Cleaned with backup
C:\Documents and Settings\Travis\Cookies\travis@starware[2].txt -> TrackingCookie.Starware : Cleaned with backup
C:\Documents and Settings\Travis\Cookies\travis@www.myaffiliateprogram[1].txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup
C:\Documents and Settings\Travis\Cookies\travis@yadro[2].txt -> TrackingCookie.Yadro : Cleaned with backup
:mozilla.11:C:\Documents and Settings\Travis.FARNHAM\Application Data\Mozilla\Firefox\Profiles\ykqy1olh.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.13:C:\Documents and Settings\Travis.FARNHAM\Application Data\Mozilla\Firefox\Profiles\ykqy1olh.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.14:C:\Documents and Settings\Travis.FARNHAM\Application Data\Mozilla\Firefox\Profiles\ykqy1olh.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.15:C:\Documents and Settings\Travis.FARNHAM\Application Data\Mozilla\Firefox\Profiles\ykqy1olh.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.16:C:\Documents and Settings\Travis.FARNHAM\Application Data\Mozilla\Firefox\Profiles\ykqy1olh.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.17:C:\Documents and Settings\Travis.FARNHAM\Application Data\Mozilla\Firefox\Profiles\ykqy1olh.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.18:C:\Documents and Settings\Travis.FARNHAM\Application Data\Mozilla\Firefox\Profiles\ykqy1olh.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.19:C:\Documents and Settings\Travis.FARNHAM\Application Data\Mozilla\Firefox\Profiles\ykqy1olh.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.25:C:\Documents and Settings\Travis.FARNHAM\Application Data\Mozilla\Firefox\Profiles\ykqy1olh.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned with backup
:mozilla.26:C:\Documents and Settings\Travis.FARNHAM\Application Data\Mozilla\Firefox\Profiles\ykqy1olh.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.27:C:\Documents and Settings\Travis.FARNHAM\Application Data\Mozilla\Firefox\Profiles\ykqy1olh.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.28:C:\Documents and Settings\Travis.FARNHAM\Application Data\Mozilla\Firefox\Profiles\ykqy1olh.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.34:C:\Documents and Settings\Travis.FARNHAM\Application Data\Mozilla\Firefox\Profiles\ykqy1olh.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.36:C:\Documents and Settings\Travis.FARNHAM\Application Data\Mozilla\Firefox\Profiles\ykqy1olh.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.40:C:\Documents and Settings\Travis.FARNHAM\Application Data\Mozilla\Firefox\Profiles\ykqy1olh.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.41:C:\Documents and Settings\Travis.FARNHAM\Application Data\Mozilla\Firefox\Profiles\ykqy1olh.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.42:C:\Documents and Settings\Travis.FARNHAM\Application Data\Mozilla\Firefox\Profiles\ykqy1olh.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.43:C:\Documents and Settings\Travis.FARNHAM\Application Data\Mozilla\Firefox\Profiles\ykqy1olh.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.44:C:\Documents and Settings\Travis.FARNHAM\Application Data\Mozilla\Firefox\Profiles\ykqy1olh.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.45:C:\Documents and Settings\Travis.FARNHAM\Application Data\Mozilla\Firefox\Profiles\ykqy1olh.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.46:C:\Documents and Settings\Travis.FARNHAM\Application Data\Mozilla\Firefox\Profiles\ykqy1olh.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.47:C:\Documents and Settings\Travis.FARNHAM\Application Data\Mozilla\Firefox\Profiles\ykqy1olh.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.48:C:\Documents and Settings\Travis.FARNHAM\Application Data\Mozilla\Firefox\Profiles\ykqy1olh.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.49:C:\Documents and Settings\Travis.FARNHAM\Application Data\Mozilla\Firefox\Profiles\ykqy1olh.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.50:C:\Documents and Settings\Travis.FARNHAM\Application Data\Mozilla\Firefox\Profiles\ykqy1olh.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.51:C:\Documents and Settings\Travis.FARNHAM\Application Data\Mozilla\Firefox\Profiles\ykqy1olh.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.52:C:\Documents and Settings\Travis.FARNHAM\Application Data\Mozilla\Firefox\Profiles\ykqy1olh.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.54:C:\Documents and Settings\Travis.FARNHAM\Application Data\Mozilla\Firefox\Profiles\ykqy1olh.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.55:C:\Documents and Settings\Travis.FARNHAM\Application Data\Mozilla\Firefox\Profiles\ykqy1olh.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.56:C:\Documents and Settings\Travis.FARNHAM\Application Data\Mozilla\Firefox\Profiles\ykqy1olh.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.57:C:\Documents and Settings\Travis.FARNHAM\Application Data\Mozilla\Firefox\Profiles\ykqy1olh.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.58:C:\Documents and Settings\Travis.FARNHAM\Application Data\Mozilla\Firefox\Profiles\ykqy1olh.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.59:C:\Documents and Settings\Travis.FARNHAM\Application Data\Mozilla\Firefox\Profiles\ykqy1olh.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.60:C:\Documents and Settings\Travis.FARNHAM\Application Data\Mozilla\Firefox\Profiles\ykqy1olh.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.62:C:\Documents and Settings\Travis.FARNHAM\Application Data\Mozilla\Firefox\Profiles\ykqy1olh.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.63:C:\Documents and Settings\Travis.FARNHAM\Application Data\Mozilla\Firefox\Profiles\ykqy1olh.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.64:C:\Documents and Settings\Travis.FARNHAM\Application Data\Mozilla\Firefox\Profiles\ykqy1olh.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.65:C:\Documents and Settings\Travis.FARNHAM\Application Data\Mozilla\Firefox\Profiles\ykqy1olh.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.67:C:\Documents and Settings\Travis.FARNHAM\Application Data\Mozilla\Firefox\Profiles\ykqy1olh.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.68:C:\Documents and Settings\Travis.FARNHAM\Application Data\Mozilla\Firefox\Profiles\ykqy1olh.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.69:C:\Documents and Settings\Travis.FARNHAM\Application Data\Mozilla\Firefox\Profiles\ykqy1olh.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.70:C:\Documents and Settings\Travis.FARNHAM\Application Data\Mozilla\Firefox\Profiles\ykqy1olh.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.71:C:\Documents and Settings\Travis.FARNHAM\Application Data\Mozilla\Firefox\Profiles\ykqy1olh.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.72:C:\Documents and Settings\Travis.FARNHAM\Application Data\Mozilla\Firefox\Profiles\ykqy1olh.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.73:C:\Documents and Settings\Travis.FARNHAM\Application Data\Mozilla\Firefox\Profiles\ykqy1olh.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.74:C:\Documents and Settings\Travis.FARNHAM\Application Data\Mozilla\Firefox\Profiles\ykqy1olh.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.75:C:\Documents and Settings\Travis.FARNHAM\Application Data\Mozilla\Firefox\Profiles\ykqy1olh.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.76:C:\Documents and Settings\Travis.FARNHAM\Application Data\Mozilla\Firefox\Profiles\ykqy1olh.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned with backup
:mozilla.77:C:\Documents and Settings\Travis.FARNHAM\Application Data\Mozilla\Firefox\Profiles\ykqy1olh.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.78:C:\Documents and Settings\Travis.FARNHAM\Application Data\Mozilla\Firefox\Profiles\ykqy1olh.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.80:C:\Documents and Settings\Travis.FARNHAM\Application Data\Mozilla\Firefox\Profiles\ykqy1olh.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.81:C:\Documents and Settings\Travis.FARNHAM\Application Data\Mozilla\Firefox\Profiles\ykqy1olh.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.82:C:\Documents and Settings\Travis.FARNHAM\Application Data\Mozilla\Firefox\Profiles\ykqy1olh.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.88:C:\Documents and Settings\Travis.FARNHAM\Application Data\Mozilla\Firefox\Profiles\ykqy1olh.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.100:C:\Documents and Settings\Travis.FARNHAM\Application Data\Mozilla\Firefox\Profiles\ykqy1olh.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.101:C:\Documents and Settings\Travis.FARNHAM\Application Data\Mozilla\Firefox\Profiles\ykqy1olh.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.102:C:\Documents and Settings\Travis.FARNHAM\Application Data\Mozilla\Firefox\Profiles\ykqy1olh.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.122:C:\Documents and Settings\Travis.FARNHAM\Application Data\Mozilla\Firefox\Profiles\ykqy1olh.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.123:C:\Documents and Settings\Travis.FARNHAM\Application Data\Mozilla\Firefox\Profiles\ykqy1olh.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.126:C:\Documents and Settings\Travis.FARNHAM\Application Data\Mozilla\Firefox\Profiles\ykqy1olh.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.127:C:\Documents and Settings\Travis.FARNHAM\Application Data\Mozilla\Firefox\Profiles\ykqy1olh.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.128:C:\Documents and Settings\Travis.FARNHAM\Application Data\Mozilla\Firefox\Profiles\ykqy1olh.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.145:C:\Documents and Settings\Travis.FARNHAM\Application Data\Mozilla\Firefox\Profiles\ykqy1olh.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.146:C:\Documents and Settings\Travis.FARNHAM\Application Data\Mozilla\Firefox\Profiles\ykqy1olh.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.148:C:\Documents and Settings\Travis.FARNHAM\Application Data\Mozilla\Firefox\Profiles\ykqy1olh.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
:mozilla.150:C:\Documents and Settings\Travis.FARNHAM\Application Data\Mozilla\Firefox\Profiles\ykqy1olh.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
:mozilla.155:C:\Documents and Settings\Travis.FARNHAM\Application Data\Mozilla\Firefox\Profiles\ykqy1olh.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.156:C:\Documents and Settings\Travis.FARNHAM\Application Data\Mozilla\Firefox\Profiles\ykqy1olh.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.157:C:\Documents and Settings\Travis.FARNHAM\Application Data\Mozilla\Firefox\Profiles\ykqy1olh.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.159:C:\Documents and Settings\Travis.FARNHAM\Application Data\Mozilla\Firefox\Profiles\ykqy1olh.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.160:C:\Documents and Settings\Travis.FARNHAM\Application Data\Mozilla\Firefox\Profiles\ykqy1olh.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.162:C:\Documents and Settings\Travis.FARNHAM\Application Data\Mozilla\Firefox\Profiles\ykqy1olh.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup
:mozilla.163:C:\Documents and Settings\Travis.FARNHAM\Application Data\Mozilla\Firefox\Profiles\ykqy1olh.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup
:mozilla.173:C:\Documents and Settings\Travis.FARNHAM\Application Data\Mozilla\Firefox\Profiles\ykqy1olh.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.174:C:\Documents and Settings\Travis.FARNHAM\Application Data\Mozilla\Firefox\Profiles\ykqy1olh.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.175:C:\Documents and Settings\Travis.FARNHAM\Application Data\Mozilla\Firefox\Profiles\ykqy1olh.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.176:C:\Documents and Settings\Travis.FARNHAM\Application Data\Mozilla\Firefox\Profiles\ykqy1olh.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.177:C:\Documents and Settings\Travis.FARNHAM\Application Data\Mozilla\Firefox\Profiles\ykqy1olh.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.178:C:\Documents and Settings\Travis.FARNHAM\Application Data\Mozilla\Firefox\Profiles\ykqy1olh.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.179:C:\Documents and Settings\Travis.FARNHAM\Application Data\Mozilla\Firefox\Profiles\ykqy1olh.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.180:C:\Documents and Settings\Travis.FARNHAM\Application Data\Mozilla\Firefox\Profiles\ykqy1olh.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.181:C:\Documents and Settings\Travis.FARNHAM\Application Data\Mozilla\Firefox\Profiles\ykqy1olh.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.182:C:\Documents and Settings\Travis.FARNHAM\Application Data\Mozilla\Firefox\Profiles\ykqy1olh.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.183:C:\Documents and Settings\Travis.FARNHAM\Application Data\Mozilla\Firefox\Profiles\ykqy1olh.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.184:C:\Documents and Settings\Travis.FARNHAM\Application Data\Mozilla\Firefox\Profiles\ykqy1olh.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.185:C:\Documents and Settings\Travis.FARNHAM\Application Data\Mozilla\Firefox\Profiles\ykqy1olh.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.186:C:\Documents and Settings\Travis.FARNHAM\Application Data\Mozilla\Firefox\Profiles\ykqy1olh.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.188:C:\Documents and Settings\Travis.FARNHAM\Application Data\Mozilla\Firefox\Profiles\ykqy1olh.default\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup
:mozilla.191:C:\Documents and Settings\Travis.FARNHAM\Application Data\Mozilla\Firefox\Profiles\ykqy1olh.default\cookies.txt -> TrackingCookie.Bfast : Cleaned with backup
:mozilla.192:C:\Documents and Settings\Travis.FARNHAM\Application Data\Mozilla\Firefox\Profiles\ykqy1olh.default\cookies.txt -> TrackingCookie.Targetnet : Cleaned with backup
:mozilla.193:C:\Documents and Settings\Travis.FARNHAM\Application Data\Mozilla\Firefox\Profiles\ykqy1olh.default\cookies.txt -> TrackingCookie.Targetnet : Cleaned with backup
:mozilla.216:C:\Documents and Settings\Travis.FARNHAM\Application Data\Mozilla\Firefox\Profiles\ykqy1olh.default\cookies.txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup
:mozilla.238:C:\Documents and Settings\Travis.FARNHAM\Application Data\Mozilla\Firefox\Profiles\ykqy1olh.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.248:C:\Documents and Settings\Travis.FARNHAM\Application Data\Mozilla\Firefox\Profiles\ykqy1olh.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.251:C:\Documents and Settings\Travis.FARNHAM\Application Data\Mozilla\Firefox\Profiles\ykqy1olh.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.256:C:\Documents and Settings\Travis.FARNHAM\Application Data\Mozilla\Firefox\Profiles\ykqy1olh.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.263:C:\Documents and Settings\Travis.FARNHAM\Application Data\Mozilla\Firefox\Profiles\ykqy1olh.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned with backup
:mozilla.264:C:\Documents and Settings\Travis.FARNHAM\Application Data\Mozilla\Firefox\Profiles\ykqy1olh.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned with backup
:mozilla.265:C:\Documents and Settings\Travis.FARNHAM\Application Data\Mozilla\Firefox\Profiles\ykqy1olh.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned with backup
:mozilla.271:C:\Documents and Settings\Travis.FARNHAM\Application Data\Mozilla\Firefox\Profiles\ykqy1olh.default\cookies.txt -> TrackingCookie.Hypertracker : Cleaned with backup
:mozilla.272:C:\Documents and Settings\Travis.FARNHAM\Application Data\Mozilla\Firefox\Profiles\ykqy1olh.default\cookies.txt -> TrackingCookie.Hypertracker : Cleaned with backup
:mozilla.282:C:\Documents and Settings\Travis.FARNHAM\Application Data\Mozilla\Firefox\Profiles\ykqy1olh.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.283:C:\Documents and Settings\Travis.FARNHAM\Application Data\Mozilla\Firefox\Profiles\ykqy1olh.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.284:C:\Documents and Settings\Travis.FARNHAM\Application Data\Mozilla\Firefox\Profiles\ykqy1olh.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.285:C:\Documents and Settings\Travis.FARNHAM\Application Data\Mozilla\Firefox\Profiles\ykqy1olh.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.286:C:\Documents and Settings\Travis.FARNHAM\Application Data\Mozilla\Firefox\Profiles\ykqy1olh.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.288:C:\Documents and Settings\Travis.FARNHAM\Application Data\Mozilla\Firefox\Profiles\ykqy1olh.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.291:C:\Documents and Settings\Travis.FARNHAM\Application Data\Mozilla\Firefox\Profiles\ykqy1olh.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.292:C:\Documents and Settings\Travis.FARNHAM\Application Data\Mozilla\Firefox\Profiles\ykqy1olh.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.293:C:\Documents and Settings\Travis.FARNHAM\Application Data\Mozilla\Firefox\Profiles\ykqy1olh.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.294:C:\Documents and Settings\Travis.FARNHAM\Application Data\Mozilla\Firefox\Profiles\ykqy1olh.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.295:C:\Documents and Settings\Travis.FARNHAM\Application Data\Mozilla\Firefox\Profiles\ykqy1olh.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.296:C:\Documents and Settings\Travis.FARNHAM\Application Data\Mozilla\Firefox\Profiles\ykqy1olh.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.298:C:\Documents and Settings\Travis.FARNHAM\Application Data\Mozilla\Firefox\Profiles\ykqy1olh.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.299:C:\Documents and Settings\Travis.FARNHAM\Application Data\Mozilla\Firefox\Profiles\ykqy1olh.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.309:C:\Documents and Settings\Travis.FARNHAM\Application Data\Mozilla\Firefox\Profiles\ykqy1olh.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.322:C:\Documents and Settings\Travis.FARNHAM\Application Data\Mozilla\Firefox\Profiles\ykqy1olh.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.323:C:\Documents and Settings\Travis.FARNHAM\Application Data\Mozilla\Firefox\Profiles\ykqy1olh.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.324:C:\Documents and Settings\Travis.FARNHAM\Application Data\Mozilla\Firefox\Profiles\ykqy1olh.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.325:C:\Documents and Settings\Travis.FARNHAM\Application Data\Mozilla\Firefox\Profiles\ykqy1olh.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.354:C:\Documents and Settings\Travis.FARNHAM\Application Data\Mozilla\Firefox\Profiles\ykqy1olh.default\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup
:mozilla.355:C:\Documents and Settings\Travis.FARNHAM\Application Data\Mozilla\Firefox\Profiles\ykqy1olh.default\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup
:mozilla.356:C:\Documents and Settings\Travis.FARNHAM\Application Data\Mozilla\Firefox\Profiles\ykqy1olh.default\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup
:mozilla.366:C:\Documents and Settings\Travis.FARNHAM\Application Data\Mozilla\Firefox\Profiles\ykqy1olh.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.367:C:\Documents and Settings\Travis.FARNHAM\Application Data\Mozilla\Firefox\Profiles\ykqy1olh.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.385:C:\Documents and Settings\Travis.FARNHAM\Application Data\Mozilla\Firefox\Profiles\ykqy1olh.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.388:C:\Documents and Settings\Travis.FARNHAM\Application Data\Mozilla\Firefox\Profiles\ykqy1olh.default\cookies.txt -> TrackingCookie.Casinotropez : Cleaned with backup
:mozilla.389:C:\Documents and Settings\Travis.FARNHAM\Application Data\Mozilla\Firefox\Profiles\ykqy1olh.default\cookies.txt -> TrackingCookie.Casinotropez : Cleaned with backup
:mozilla.390:C:\Documents and Settings\Travis.FARNHAM\Application Data\Mozilla\Firefox\Profiles\ykqy1olh.default\cookies.txt -> TrackingCookie.Casinotropez : Cleaned with backup
:mozilla.391:C:\Documents and Settings\Travis.FARNHAM\Application Data\Mozilla\Firefox\Profiles\ykqy1olh.default\cookies.txt -> TrackingCookie.Casinotropez : Cleaned with backup
:mozilla.392:C:\Documents and Settings\Travis.FARNHAM\Application Data\Mozilla\Firefox\Profiles\ykqy1olh.default\cookies.txt -> TrackingCookie.Casinotropez : Cleaned with backup
:mozilla.393:C:\Documents and Settings\Travis.FARNHAM\Application Data\Mozilla\Firefox\Profiles\ykqy1olh.default\cookies.txt -> TrackingCookie.Casinotropez : Cleaned with backup
:mozilla.394:C:\Documents and Settings\Travis.FARNHAM\Application Data\Mozilla\Firefox\Profiles\ykqy1olh.default\cookies.txt -> TrackingCookie.Casinotropez : Cleaned with backup
:mozilla.395:C:\Documents and Settings\Travis.FARNHAM\Application Data\Mozilla\Firefox\Profiles\ykqy1olh.default\cookies.txt -> TrackingCookie.Casinotropez : Cleaned with backup
:mozilla.396:C:\Documents and Settings\Travis.FARNHAM\Application Data\Mozilla\Firefox\Profiles\ykqy1olh.default\cookies.txt -> TrackingCookie.Casinotropez : Cleaned with backup
:mozilla.411:C:\Documents and Settings\Travis.FARNHAM\Application Data\Mozilla\Firefox\Profiles\ykqy1olh.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.484:C:\Documents and Settings\Travis.FARNHAM\Application Data\Mozilla\Firefox\Profiles\ykqy1olh.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.485:C:\Documents and Settings\Travis.FARNHAM\Application Data\Mozilla\Firefox\Profiles\ykqy1olh.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.486:C:\Documents and Settings\Travis.FARNHAM\Application Data\Mozilla\Firefox\Profiles\ykqy1olh.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.487:C:\Documents and Settings\Travis.FARNHAM\Application Data\Mozilla\Firefox\Profiles\ykqy1olh.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.488:C:\Documents and Settings\Travis.FARNHAM\Application Data\Mozilla\Firefox\Profiles\ykqy1olh.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.489:C:\Documents and Settings\Travis.FARNHAM\Application Data\Mozilla\Firefox\Profiles\ykqy1olh.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.490:C:\Documents and Settings\Travis.FARNHAM\Application Data\Mozilla\Firefox\Profiles\ykqy1olh.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.492:C:\Documents and Settings\Travis.FARNHAM\Application Data\Mozilla\Firefox\Profiles\ykqy1olh.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned with backup
:mozilla.493:C:\Documents and Settings\Travis.FARNHAM\Application Data\Mozilla\Firefox\Profiles\ykqy1olh.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned with backup
:mozilla.534:C:\Documents and Settings\Travis.FARNHAM\Application Data\Mozilla\Firefox\Profiles\ykqy1olh.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup
:mozilla.557:C:\Documents and Settings\Travis.FARNHAM\Application Data\Mozilla\Firefox\Profiles\ykqy1olh.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.558:C:\Documents and Settings\Travis.FARNHAM\Application Data\Mozilla\Firefox\Profiles\ykqy1olh.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.559:C:\Documents and Settings\Travis.FARNHAM\Application Data\Mozilla\Firefox\Profiles\ykqy1olh.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.562:C:\Documents and Settings\Travis.FARNHAM\Application Data\Mozilla\Firefox\Profiles\ykqy1olh.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.563:C:\Documents and Settings\Travis.FARNHAM\Application Data\Mozilla\Firefox\Profiles\ykqy1olh.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.564:C:\Documents and Settings\Travis.FARNHAM\Application Data\Mozilla\Firefox\Profiles\ykqy1olh.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.648:C:\Documents and Settings\Travis.FARNHAM\Application Data\Mozilla\Firefox\Profiles\ykqy1olh.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.655:C:\Documents and Settings\Travis.FARNHAM\Application Data\Mozilla\Firefox\Profiles\ykqy1olh.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned with backup
:mozilla.667:C:\Documents and Settings\Travis.FARNHAM\Application Data\Mozilla\Firefox\Profiles\ykqy1olh.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.672:C:\Documents and Settings\Travis.FARNHAM\Application Data\Mozilla\Firefox\Profiles\ykqy1olh.default\cookies.txt -> TrackingCookie.Findwhat : Cleaned with backup
:mozilla.673:C:\Documents and Settings\Travis.FARNHAM\Application Data\Mozilla\Firefox\Profiles\ykqy1olh.default\cookies.txt -> TrackingCookie.Realtracker : Cleaned with backup
:mozilla.674:C:\Documents and Settings\Travis.FARNHAM\Application Data\Mozilla\Firefox\Profiles\ykqy1olh.default\cookies.txt -> TrackingCookie.Realtracker : Cleaned with backup
:mozilla.677:C:\Documents and Settings\Travis.FARNHAM\Application Data\Mozilla\Firefox\Profiles\ykqy1olh.default\cookies.txt -> TrackingCookie.Paycounter : Cleaned with backup
:mozilla.710:C:\Documents and Settings\Travis.FARNHAM\Application Data\Mozilla\Firefox\Profiles\ykqy1olh.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup
:mozilla.711:C:\Documents and Settings\Travis.FARNHAM\Application Data\Mozilla\Firefox\Profiles\ykqy1olh.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup
:mozilla.724:C:\Documents and Settings\Travis.FARNHAM\Application Data\Mozilla\Firefox\Profiles\ykqy1olh.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.725:C:\Documents and Settings\Travis.FARNHAM\Application Data\Mozilla\Firefox\Profiles\ykqy1olh.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.730:C:\Documents and Settings\Travis.FARNHAM\Application Data\Mozilla\Firefox\Profiles\ykqy1olh.default\cookies.txt -> TrackingCookie.Shopathomeselect : Cleaned with backup
:mozilla.731:C:\Documents and Settings\Travis.FARNHAM\Application Data\Mozilla\Firefox\Profiles\ykqy1olh.default\cookies.txt -> TrackingCookie.Shopathomeselect : Cleaned with backup
:mozilla.761:C:\Documents and Settings\Travis.FARNHAM\Application Data\Mozilla\Firefox\Profiles\ykqy1olh.default\cookies.txt -> TrackingCookie.Pro-market : Cleaned with backup
:mozilla.771:C:\Documents and Settings\Travis.FARNHAM\Application Data\Mozilla\Firefox\Profiles\ykqy1olh.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned with backup
:mozilla.772:C:\Documents and Settings\Travis.FARNHAM\Application Data\Mozilla\Firefox\Profiles\ykqy1olh.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned with backup
:mozilla.795:C:\Documents and Settings\Travis.FARNHAM\Application Data\Mozilla\Firefox\Profiles\ykqy1olh.default\cookies.txt -> TrackingCookie.Comclick : Cleaned with backup
:mozilla.796:C:\Documents and Settings\Travis.FARNHAM\Application Data\Mozilla\Firefox\Profiles\ykqy1olh.default\cookies.txt -> TrackingCookie.Comclick : Cleaned with backup
:mozilla.797:C:\Documents and Settings\Travis.FARNHAM\Application Data\Mozilla\Firefox\Profiles\ykqy1olh.default\cookies.txt -> TrackingCookie.Comclick : Cleaned with backup
:mozilla.798:C:\Documents and Settings\Travis.FARNHAM\Application Data\Mozilla\Firefox\Profiles\ykqy1olh.default\cookies.txt -> TrackingCookie.Comclick : Cleaned with backup
:mozilla.808:C:\Documents and Settings\Travis.FARNHAM\Application Data\Mozilla\Firefox\Profiles\ykqy1olh.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.809:C:\Documents and Settings\Travis.FARNHAM\Application Data\Mozilla\Firefox\Profiles\ykqy1olh.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup
:mozilla.810:C:\Documents and Settings\Travis.FARNHAM\Application Data\Mozilla\Firefox\Profiles\ykqy1olh.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.811:C:\Documents and Settings\Travis.FARNHAM\Application Data\Mozilla\Firefox\Profiles\ykqy1olh.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.821:C:\Documents and Settings\Travis.FARNHAM\Application Data\Mozilla\Firefox\Profiles\ykqy1olh.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.822:C:\Documents and Settings\Travis.FARNHAM\Application Data\Mozilla\Firefox\Profiles\ykqy1olh.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup
:mozilla.823:C:\Documents and Settings\Travis.FARNHAM\Application Data\Mozilla\Firefox\Profiles\ykqy1olh.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup
:mozilla.826:C:\Documents and Settings\Travis.FARNHAM\Application Data\Mozilla\Firefox\Profiles\ykqy1olh.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned with backup
:mozilla.827:C:\Documents and Settings\Travis.FARNHAM\Application Data\Mozilla\Firefox\Profiles\ykqy1olh.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned with backup
:mozilla.829:C:\Documents and Settings\Travis.FARNHAM\Application Data\Mozilla\Firefox\Profiles\ykqy1olh.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned with backup
:mozilla.830:C:\Documents and Settings\Travis.FARNHAM\Application Data\Mozilla\Firefox\Profiles\ykqy1olh.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned with backup
:mozilla.843:C:\Documents and Settings\Travis.FARNHAM\Application Data\Mozilla\Firefox\Profiles\ykqy1olh.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.844:C:\Documents and Settings\Travis.FARNHAM\Application Data\Mozilla\Firefox\Profiles\ykqy1olh.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.857:C:\Documents and Settings\Travis.FARNHAM\Application Data\Mozilla\Firefox\Profiles\ykqy1olh.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.874:C:\Documents and Settings\Travis.FARNHAM\Application Data\Mozilla\Firefox\Profiles\ykqy1olh.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned with backup
:mozilla.882:C:\Documents and Settings\Travis.FARNHAM\Application Data\Mozilla\Firefox\Profiles\ykqy1olh.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.886:C:\Documents and Settings\Travis.FARNHAM\Application Data\Mozilla\Firefox\Profiles\ykqy1olh.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.896:C:\Documents and Settings\Travis.FARNHAM\Application Data\Mozilla\Firefox\Profiles\ykqy1olh.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned with backup
:mozilla.897:C:\Documents and Settings\Travis.FARNHAM\Application Data\Mozilla\Firefox\Profiles\ykqy1olh.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned with backup
:mozilla.898:C:\Documents and Settings\Travis.FARNHAM\Application Data\Mozilla\Firefox\Profiles\ykqy1olh.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned with backup
:mozilla.899:C:\Documents and Settings\Travis.FARNHAM\Application Data\Mozilla\Firefox\Profiles\ykqy1olh.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned with backup
:mozilla.900:C:\Documents and Settings\Travis.FARNHAM\Application Data\Mozilla\Firefox\Profiles\ykqy1olh.default\cookies.txt -> TrackingCookie.Centrport : Cleaned with backup
:mozilla.905:C:\Documents and Settings\Travis.FARNHAM\Application Data\Mozilla\Firefox\Profiles\ykqy1olh.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.906:C:\Documents and Settings\Travis.FARNHAM\Application Data\Mozilla\Firefox\Profiles\ykqy1olh.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.907:C:\Documents and Settings\Travis.FARNHAM\Application Data\Mozilla\Firefox\Profiles\ykqy1olh.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.908:C:\Documents and Settings\Travis.FARNHAM\Application Data\Mozilla\Firefox\Profiles\ykqy1olh.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.909:C:\Documents and Settings\Travis.FARNHAM\Application Data\Mozilla\Firefox\Profiles\ykqy1olh.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.921:C:\Documents and Settings\Travis.FARNHAM\Application Data\Mozilla\Firefox\Profiles\ykqy1olh.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.923:C:\Documents and Settings\Travis.FARNHAM\Application Data\Mozilla\Firefox\Profiles\ykqy1olh.default\cookies.txt -> TrackingCookie.Clickhype : Cleaned with backup
:mozilla.939:C:\Documents and Settings\Travis.FARNHAM\Application Data\Mozilla\Firefox\Profiles\ykqy1olh.default\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup
:mozilla.940:C:\Documents and Settings\Travis.FARNHAM\Application Data\Mozilla\Firefox\Profiles\ykqy1olh.default\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup
C:\Documents and Settings\Travis.FARNHAM\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\arc.zip-1ed99aad-18337902.zip/Beyond.class -> Trojan.Femad : Cleaned with backup
C:\Documents and Settings\Travis.FARNHAM\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\Counters.jar-12e338d1-5f6f42c9.zip/Xeyond.class -> Trojan.Femad : Cleaned with backup
C:\Documents and Settings\Travis.FARNHAM\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\Counters.jar-12e338d1-5f6f42c9.zip/web.exe -> Downloader.Small.acw : Cleaned with backup
C:\Documents and Settings\Travis.FARNHAM\Cookies\travis@2o7[2].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Travis.FARNHAM\Cookies\travis@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Travis.FARNHAM\DoctorWeb\Quarantine\A0145889.exe -> Adware.Look2Me : Cleaned with backup
C:\Documents and Settings\Travis.FARNHAM\DoctorWeb\Quarantine\A0145930.dll -> Adware.Look2Me : Cleaned with backup
C:\Documents and Settings\Travis.FARNHAM\DoctorWeb\Quarantine\A0145935.exe -> Adware.WebHancer : Cleaned with backup
C:\Documents and Settings\Travis.FARNHAM\DoctorWeb\Quarantine\A0145936.dll -> Adware.WebHancer : Cleaned with backup
C:\Documents and Settings\Travis.FARNHAM\DoctorWeb\Quarantine\A0145937.dll -> Adware.WebHancer : Cleaned with backup
C:\Documents and Settings\Travis.FARNHAM\DoctorWeb\Quarantine\A0145943.ocx -> Adware.AzSearch : Cleaned with backup
C:\Documents and Settings\Travis.FARNHAM\DoctorWeb\Quarantine\A0146219.dll -> Adware.Look2Me : Cleaned with backup
C:\Documents and Settings\Travis.FARNHAM\DoctorWeb\Quarantine\A0146225.exe -> Adware.WebHancer : Cleaned with backup
C:\Documents and Settings\Travis.FARNHAM\DoctorWeb\Quarantine\A0146232.ocx -> Adware.AzSearch : Cleaned with backup
C:\Documents and Settings\Travis.FARNHAM\DoctorWeb\Quarantine\A0146233.dll -> Adware.AzSearch : Cleaned with backup
C:\Documents and Settings\Travis.FARNHAM\DoctorWeb\Quarantine\A0146242.dll -> Adware.Look2Me : Cleaned with backup
C:\Documents and Settings\Travis.FARNHAM\DoctorWeb\Quarantine\A0148497.exe -> Adware.WebHancer : Cleaned with backup
C:\Documents and Settings\Travis.FARNHAM\DoctorWeb\Quarantine\A0148498.dll -> Adware.WebHancer : Cleaned with backup
C:\Documents and Settings\Travis.FARNHAM\DoctorWeb\Quarantine\A0148499.dll -> Adware.WebHancer : Cleaned with backup
C:\Documents and Settings\Travis.FARNHAM\DoctorWeb\Quarantine\A0148743.exe -> Adware.WebHancer : Cleaned with backup
C:\Documents and Settings\Travis.FARNHAM\DoctorWeb\Quarantine\FamilyFeudSetup-dm.exe -> Adware.Trymedia : Cleaned with backup
C:\Documents and Settings\Travis.FARNHAM\DoctorWeb\Quarantine\guard.tmp -> Adware.Look2Me : Cleaned with backup
C:\Documents and Settings\Travis.FARNHAM\Local Settings\Application Data\Mozilla\Firefox\Profiles\ykqy1olh.default\Cache\D536F5C1d01 -> Not-A-Virus.Exploit.HTML.CodeBaseExec : Cleaned with backup
C:\Documents and Settings\Travis.FARNHAM\Local Settings\Application Data\Mozilla\Firefox\Profiles\ykqy1olh.default\Cache\D536F5C8d01 -> Not-A-Virus.Exploit.HTML.CodeBaseExec : Cleaned with backup
C:\Program Files\Common Files\misc001\webhc1.exe/whAgent.exe -> Adware.WebHancer : Cleaned with backup
C:\WINDOWS\azesearch.bmp -> Adware.Azesearch : Cleaned with backup
C:\WINDOWS\system32\javex80.vxd/C:/Program Files/NaviSearch/bin/nls.exe -> Adware.BargainBuddy : Cleaned with backup
C:\WINDOWS\system32\psis80ex.ax/C:/Program Files/CashBack/bin/cashback.exe -> Adware.BargainBuddy : Cleaned with backup
C:\WINDOWS\system32\psis80ex.ax/C:/Program Files/CashBack/bin/cb.exe -> Adware.BargainBuddy : Cleaned with backup
C:\WINDOWS\system32\psis80ex.ax/C:/Program Files/CashBack/bin/flash.exe -> Adware.BargainBuddy : Cleaned with backup


::Report End


P.S. I never received this.

When you run Ewido for the first time, you might get a warning "Database could not be found!". Click OK. We will fix this in a moment.


Edit: forgot HJT log and those 2 problems listed above are still in the add/remove programs list

Logfile of HijackThis v1.99.1
Scan saved at 8:57:07 PM, on 6/4/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Prevx1\PXConsole.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Prevx1\PXAgent.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Ewido\ewidoctrl.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.google.ca/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PrevxOne] C:\Program Files\Prevx1\PXConsole.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://miniclips.com/puzzlepirates/miniclipGameLoader.dll
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zone.msn.com/binary/WoF.cab31267.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\Ewido\ewidoctrl.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pr

Edited by Farnham, 04 June 2006 - 11:32 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users