Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Fake Spyware Alert! Will Not Go Away,


  • Please log in to reply
30 replies to this topic

#1 MongoJerry36

MongoJerry36

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Location:NJ
  • Local time:08:33 AM

Posted 09 June 2006 - 11:20 PM

Hello,
I just recently on the internet and then all of a sudden a yellow flashing yield sign popped up in the system tray. It says "System Alert: Spyware detected". Then says all this fake stuff. I am also getting pop-ups like a fake symantec scan, and from a casino website. My internet explorer was also hijacked. I turned the computer back on and i had 4 extra icons. one was spyware remover, free games, and two troubleshooters. I deleted them all from the desktop, but the stupid blinking thing wont go away. I scanned ad-aware, and it found something called istbar.
Here is the Hijack this.

Logfile of HijackThis v1.99.1
Scan saved at 12:17:39 AM, on 6/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bluesocket MS IPSec Configuration Tool\BlueService.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\PJ Technologies\GOVsrv\GOVsrv.exe
c:\program files\mcafee.com\agent\mcdetect.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\Program Files\Symantec\Ghost\ngctw32.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SYSTEM32\WISPTIS.EXE
C:\WINDOWS\System32\tabbtnu.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\TCServer.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\TabTip.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\HPQ\Q Menu\CpqMcSrV.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Bluesocket MS IPSec Configuration Tool\Bluesocket MS IPsec Config Tool.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Hewlett-Packard\HP Mobile Printing\HPBMOBIL.EXE
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\DOCUME~1\home\LOCALS~1\Temp\win1326.tmp.exe
C:\WINDOWS\system32\dcomcfg.exe
C:\WINDOWS\system32\atmclk.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\home\Desktop\hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://wa:4100
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Nothing - {686a161d-5bd1-4999-8832-6393f41e564c} - C:\WINDOWS\system32\hp100.tmp
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar V35\ViewBarBHO.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar V35\ViewBar.dll
O4 - HKLM\..\Run: [TabletTip] "C:\Program Files\Common Files\microsoft shared\ink\tabtip.exe" /resume
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] rundll32 nview.dll,nViewLoadHook
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [hpqMcSrv] "C:\Program Files\HPQ\Q Menu\CpqMcSrV.exe" /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [TabletWizard] C:\WINDOWS\help\SplshWrp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Bluesocket] "C:\Program Files\Bluesocket MS IPSec Configuration Tool\Bluesocket MS IPsec Config Tool.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NGClient] C:\Program Files\Symantec\Ghost\ngctw32.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [8fb15ab6.exe] C:\WINDOWS\system32\8fb15ab6.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [HP Mobile Printing] C:\Program Files\Hewlett-Packard\HP Mobile Printing\HPBMOBIL.EXE
O4 - HKCU\..\Run: [Zinio DLM] C:\Program Files\Zinio\ZDLM.exe /hide
O4 - HKCU\..\Run: [8fb15ab6.exe] C:\Documents and Settings\home\Local Settings\Application Data\8fb15ab6.exe
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar V35\ViewBar.dll/CXTSEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://wa:4100
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1129826057280
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ndhs.com
O17 - HKLM\Software\..\Telephony: DomainName = ndhs.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ndhs.com
O20 - Winlogon Notify: loginkey - C:\Program Files\Common Files\Microsoft Shared\Ink\loginkey.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: TabBtnWL - C:\WINDOWS\SYSTEM32\TabBtnWL.dll
O20 - Winlogon Notify: tpgwlnotify - C:\WINDOWS\SYSTEM32\tpgwlnot.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winrzf32 - C:\WINDOWS\SYSTEM32\winrzf32.dll
O23 - Service: Bluesocket IPSec Service (BlueService) - Bluesocket Inc. - C:\Program Files\Bluesocket MS IPSec Configuration Tool\BlueService.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: GoverLAN Service (GOVsrv) - PJ Technologies, Inc. - C:\Program Files\PJ Technologies\GOVsrv\GOVsrv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: Symantec Ghost Win32 Client Agent (NGClient) - Symantec Corporation - C:\Program Files\Symantec\Ghost\ngctw32.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

BC AdBot (Login to Remove)

 


#2 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 10 June 2006 - 05:27 AM

Hi MongoJerry36 and Welcome to the Bleeping Computer!


Download smitRem.exe noahdfear, and save the file to your desktop.
Double click on the file to extract it to it's own folder on the desktop.

Place a shortcut to Panda ActiveScan on your desktop (in Internet Explorer, right click on Panda ActiveScan link select "Copy Shortcut" then right click on your desktop and select "Paste Shortcut" or in FireFox right-click the link and select "Save Link As" and save it to your desktop).

Please download the trial version of ewido anti-malware here:
http://www.ewido.net/en/download/

Please read Ewido Setup Instructions
Install it, and update the definitions to the newest files. Do NOT run a scan yet.

If you have not already installed Ad-Aware SE 1.06, follow these download and setup instructions, otherwise, check for updates:
Ad-Aware SE Setup
Don't run it yet!

Next, please reboot your computer in SafeMode by doing the following:
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
  • Instead of Windows loading as normal, a menu should appear
  • Select the first option, to run Windows in Safe Mode.
Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen.
Wait for the tool to complete and disk cleanup to finish.

The tool will create a log named smitfiles.txt in the root of your drive, eg; Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.


Open Ad-aware and do a full scan. Remove all it finds.


Run Ewido:
  • Click on scanner
  • Click on Complete System Scan and the scan will begin.
  • While the scan is in progress you will be prompted to clean files, click OK
  • When it asks if you want to clean the first file, put a check in the lower left corner of the box that says "Perform action on all infections" then choose clean and click OK.
  • Once the scan has completed, there will be a button located on the bottom of the screen named Save report
  • Click Save report.
  • Save the report .txt file to your desktop.
Close ewido anti-malware.

Next go to Control Panel click Display > Desktop > Customize Desktop > Web > Uncheck "Security Info" if present.

Reboot back into Windows and click the Panda ActiveScan shortcut.
  • Once you are on the Panda site click the Scan your PC button.
  • A new window will open...click the Check Now button.
    • Enter your Country
    • Enter your State/Province
    • Enter your e-mail address and click send
    • Select either Home User or Company
    • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When the download is complete, click on My Computer to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.
Post the contents of the Panda scan report, along with a new HijackThis Log, the contents of smitfiles.txt and the Ewido Log by using Add Reply.
Let us know if any problems persist.

#3 MongoJerry36

MongoJerry36
  • Topic Starter

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Location:NJ

Posted 10 June 2006 - 02:46 PM

Hello,
Thanks for helping. I did all the steps correctly, but i am still getting the fake symantec popups and 2 other ones. The fake symantec is "Auto Protect". MY firewall is constantly blocking an application called "UNIVERSA APPLICATION." The other two windows are blank and are called "UL Window Seek" and "UL WindowURL".
My computer is a Hp Tablet. It also began to make this fast clicking sound.

Panda Scan


Incident Status Location

Dialer:dialer.avv Not disinfected c:\windows\downloaded program files\gdnUS2338.exe
Adware:adware/ist.istbar Not disinfected C:\Documents and Settings\home\Favorites\~ VIP Free Porn ~.url
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\08-092\Application Data\Mozilla\Firefox\Profiles\oxw8kkxl.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\08-092\Application Data\Mozilla\Firefox\Profiles\oxw8kkxl.default\cookies.txt[.apmebf.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\home\Application Data\Mozilla\Firefox\Profiles\kdpk5hyx.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\home\Application Data\Mozilla\Firefox\Profiles\kdpk5hyx.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\home\Application Data\Mozilla\Firefox\Profiles\kdpk5hyx.default\cookies.txt[.go.com/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\home\Application Data\Mozilla\Firefox\Profiles\kdpk5hyx.default\cookies.txt[.atwola.com/]
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\home\Application Data\Mozilla\Firefox\Profiles\kdpk5hyx.default\cookies.txt[.belnk.com/]
Spyware:Cookie/Target Not disinfected C:\Documents and Settings\home\Application Data\Mozilla\Firefox\Profiles\kdpk5hyx.default\cookies.txt[.target.com/]
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\home\Application Data\Mozilla\Firefox\Profiles\kdpk5hyx.default\cookies.txt[.maxserving.com/]
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\home\Application Data\Mozilla\Firefox\Profiles\kdpk5hyx.default\cookies.txt[.apmebf.com/]
Spyware:Cookie/DomainSponsor Not disinfected C:\Documents and Settings\home\Application Data\Mozilla\Firefox\Profiles\kdpk5hyx.default\cookies.txt[landing.domainsponsor.com/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\home\Cookies\home@atwola[1].txt
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\home\Desktop\smitRem\Process.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\home\Desktop\smitRem.exe[smitRem/Process.exe]
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\home\Local Settings\Application Data\Mozilla\Firefox\Profiles\kdpk5hyx.default\Cache\3EFBEAA3d01[smitRem/Process.exe]



Hi Jack this

Logfile of HijackThis v1.99.1
Scan saved at 3:37:15 PM, on 6/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bluesocket MS IPSec Configuration Tool\BlueService.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\PJ Technologies\GOVsrv\GOVsrv.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\Program Files\Symantec\Ghost\ngctw32.exe
C:\WINDOWS\SYSTEM32\WISPTIS.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\tabbtnu.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\TCServer.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\HPQ\Q Menu\CpqMcSrV.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Bluesocket MS IPSec Configuration Tool\Bluesocket MS IPsec Config Tool.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\TabTip.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\8fb15ab6.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\HP Mobile Printing\HPBMOBIL.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\home\Desktop\hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://wa:4100
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar V35\ViewBarBHO.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar V35\ViewBar.dll
O4 - HKLM\..\Run: [TabletTip] "C:\Program Files\Common Files\microsoft shared\ink\tabtip.exe" /resume
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] rundll32 nview.dll,nViewLoadHook
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [hpqMcSrv] "C:\Program Files\HPQ\Q Menu\CpqMcSrV.exe" /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [TabletWizard] C:\WINDOWS\help\SplshWrp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Bluesocket] "C:\Program Files\Bluesocket MS IPSec Configuration Tool\Bluesocket MS IPsec Config Tool.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NGClient] C:\Program Files\Symantec\Ghost\ngctw32.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [8fb15ab6.exe] C:\WINDOWS\system32\8fb15ab6.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [HP Mobile Printing] C:\Program Files\Hewlett-Packard\HP Mobile Printing\HPBMOBIL.EXE
O4 - HKCU\..\Run: [Zinio DLM] C:\Program Files\Zinio\ZDLM.exe /hide
O4 - HKCU\..\Run: [8fb15ab6.exe] C:\Documents and Settings\home\Local Settings\Application Data\8fb15ab6.exe
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar V35\ViewBar.dll/CXTSEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://wa:4100
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1129826057280
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ndhs.com
O17 - HKLM\Software\..\Telephony: DomainName = ndhs.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ndhs.com
O20 - Winlogon Notify: loginkey - C:\Program Files\Common Files\Microsoft Shared\Ink\loginkey.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: TabBtnWL - C:\WINDOWS\SYSTEM32\TabBtnWL.dll
O20 - Winlogon Notify: tpgwlnotify - C:\WINDOWS\SYSTEM32\tpgwlnot.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winrzf32 - C:\WINDOWS\SYSTEM32\winrzf32.dll
O23 - Service: Bluesocket IPSec Service (BlueService) - Bluesocket Inc. - C:\Program Files\Bluesocket MS IPSec Configuration Tool\BlueService.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: GoverLAN Service (GOVsrv) - PJ Technologies, Inc. - C:\Program Files\PJ Technologies\GOVsrv\GOVsrv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: Symantec Ghost Win32 Client Agent (NGClient) - Symantec Corporation - C:\Program Files\Symantec\Ghost\ngctw32.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe



Smitfiles.txt


smitRem log file
version 3.0

by noahdfear


Microsoft Windows XP [Version 5.1.2600]
"IE"="6.0000"
The current date is: Sat 06/10/2006
The current time is: 10:02:44.47

Running from
C:\Documents and Settings\home\Desktop\smitRem

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Pre-run SharedTask Export

(GetSTS.exe) SharedTaskScheduler exporter by Lawrence Abrams (Grinler)
Copyright© 2006 BleepingComputer.com

Registry Pseudo-Format Mode (Not a valid reg file):

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32]
@="%SystemRoot%\System32\browseui.dll"


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32]
@="%SystemRoot%\System32\browseui.dll"


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

checking for ShudderLTD key

ShudderLTD key not present!

checking for PSGuard.com key


PSGuard.com key not present!


checking for WinHound.com key


WinHound.com key not present!


checking for drsmartload2 key


drsmartload2 key not present!

spyaxe uninstaller NOT present
Winhound uninstaller NOT present
SpywareStrike uninstaller NOT present
AlfaCleaner uninstaller NOT present
SpyFalcon uninstaller NOT present
SpywareQuake uninstaller NOT present
SpywareSheriff uninstaller NOT present

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Existing Pre-run Files


~~~ Program Files ~~~



~~~ Shortcuts ~~~

Online Security Guide.url
Security Troubleshooting.url


~~~ Favorites ~~~

Antivirus Test Online.url


~~~ system32 folder ~~~

regperf.exe
simpole.tlb
stdole3.tlb
atmclk.exe
dcomcfg.exe
amcompat.tlb
nscompat.tlb
1024 dir
ld****.tmp
hp***.tmp
logfiles


~~~ Icons in System32 ~~~

ts.ico
ot.ico


~~~ Windows directory ~~~



~~~ Drive root ~~~


~~~ Miscellaneous Files/folders ~~~




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 860 'explorer.exe'

Starting registry repairs

Registry repairs complete

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

SharedTask Export after registry fix

(GetSTS.exe) SharedTaskScheduler exporter by Lawrence Abrams (Grinler)
Copyright© 2006 BleepingComputer.com

Registry Pseudo-Format Mode (Not a valid reg file):

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32]
@="%SystemRoot%\System32\browseui.dll"


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32]
@="%SystemRoot%\System32\browseui.dll"


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Deleting files

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Remaining Post-run Files


~~~ Program Files ~~~



~~~ Shortcuts ~~~



~~~ Favorites ~~~



~~~ system32 folder ~~~



~~~ Icons in System32 ~~~



~~~ Windows directory ~~~



~~~ Drive root ~~~


~~~ Miscellaneous Files/folders ~~~


~~~ Wininet.dll ~~~

CLEAN! :thumbsup:

Ewido Log

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 2:31:01 PM, 6/10/2006
+ Report-Checksum: E7EF5D3D

+ Scan result:

:mozilla.6:C:\Documents and Settings\08-092\Application Data\Mozilla\Firefox\Profiles\oxw8kkxl.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.7:C:\Documents and Settings\08-092\Application Data\Mozilla\Firefox\Profiles\oxw8kkxl.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.8:C:\Documents and Settings\08-092\Application Data\Mozilla\Firefox\Profiles\oxw8kkxl.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.9:C:\Documents and Settings\08-092\Application Data\Mozilla\Firefox\Profiles\oxw8kkxl.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.10:C:\Documents and Settings\08-092\Application Data\Mozilla\Firefox\Profiles\oxw8kkxl.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.11:C:\Documents and Settings\08-092\Application Data\Mozilla\Firefox\Profiles\oxw8kkxl.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.12:C:\Documents and Settings\08-092\Application Data\Mozilla\Firefox\Profiles\oxw8kkxl.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.13:C:\Documents and Settings\08-092\Application Data\Mozilla\Firefox\Profiles\oxw8kkxl.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.14:C:\Documents and Settings\08-092\Application Data\Mozilla\Firefox\Profiles\oxw8kkxl.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.15:C:\Documents and Settings\08-092\Application Data\Mozilla\Firefox\Profiles\oxw8kkxl.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.16:C:\Documents and Settings\08-092\Application Data\Mozilla\Firefox\Profiles\oxw8kkxl.default\cookies.txt -> TrackingCookie.2o7 : Cleaned without backup
:mozilla.17:C:\Documents and Settings\08-092\Application Data\Mozilla\Firefox\Profiles\oxw8kkxl.default\cookies.txt -> TrackingCookie.2o7 : Cleaned without backup
:mozilla.18:C:\Documents and Settings\08-092\Application Data\Mozilla\Firefox\Profiles\oxw8kkxl.default\cookies.txt -> TrackingCookie.2o7 : Cleaned without backup
:mozilla.19:C:\Documents and Settings\08-092\Application Data\Mozilla\Firefox\Profiles\oxw8kkxl.default\cookies.txt -> TrackingCookie.2o7 : Cleaned without backup
:mozilla.20:C:\Documents and Settings\08-092\Application Data\Mozilla\Firefox\Profiles\oxw8kkxl.default\cookies.txt -> TrackingCookie.2o7 : Cleaned without backup
:mozilla.21:C:\Documents and Settings\08-092\Application Data\Mozilla\Firefox\Profiles\oxw8kkxl.default\cookies.txt -> TrackingCookie.2o7 : Cleaned without backup
:mozilla.22:C:\Documents and Settings\08-092\Application Data\Mozilla\Firefox\Profiles\oxw8kkxl.default\cookies.txt -> TrackingCookie.2o7 : Cleaned without backup
:mozilla.23:C:\Documents and Settings\08-092\Application Data\Mozilla\Firefox\Profiles\oxw8kkxl.default\cookies.txt -> TrackingCookie.2o7 : Cleaned without backup
:mozilla.24:C:\Documents and Settings\08-092\Application Data\Mozilla\Firefox\Profiles\oxw8kkxl.default\cookies.txt -> TrackingCookie.2o7 : Cleaned without backup
:mozilla.25:C:\Documents and Settings\08-092\Application Data\Mozilla\Firefox\Profiles\oxw8kkxl.default\cookies.txt -> TrackingCookie.2o7 : Cleaned without backup
:mozilla.26:C:\Documents and Settings\08-092\Application Data\Mozilla\Firefox\Profiles\oxw8kkxl.default\cookies.txt -> TrackingCookie.2o7 : Cleaned without backup
:mozilla.27:C:\Documents and Settings\08-092\Application Data\Mozilla\Firefox\Profiles\oxw8kkxl.default\cookies.txt -> TrackingCookie.2o7 : Cleaned without backup
:mozilla.28:C:\Documents and Settings\08-092\Application Data\Mozilla\Firefox\Profiles\oxw8kkxl.default\cookies.txt -> TrackingCookie.2o7 : Cleaned without backup
:mozilla.29:C:\Documents and Settings\08-092\Application Data\Mozilla\Firefox\Profiles\oxw8kkxl.default\cookies.txt -> TrackingCookie.2o7 : Cleaned without backup
:mozilla.32:C:\Documents and Settings\08-092\Application Data\Mozilla\Firefox\Profiles\oxw8kkxl.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned without backup
:mozilla.33:C:\Documents and Settings\08-092\Application Data\Mozilla\Firefox\Profiles\oxw8kkxl.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned without backup
:mozilla.34:C:\Documents and Settings\08-092\Application Data\Mozilla\Firefox\Profiles\oxw8kkxl.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned without backup
:mozilla.40:C:\Documents and Settings\08-092\Application Data\Mozilla\Firefox\Profiles\oxw8kkxl.default\cookies.txt -> TrackingCookie.Advertising : Cleaned without backup
:mozilla.41:C:\Documents and Settings\08-092\Application Data\Mozilla\Firefox\Profiles\oxw8kkxl.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned without backup
:mozilla.42:C:\Documents and Settings\08-092\Application Data\Mozilla\Firefox\Profiles\oxw8kkxl.default\cookies.txt -> TrackingCookie.Advertising : Cleaned without backup
:mozilla.43:C:\Documents and Settings\08-092\Application Data\Mozilla\Firefox\Profiles\oxw8kkxl.default\cookies.txt -> TrackingCookie.Advertising : Cleaned without backup
:mozilla.44:C:\Documents and Settings\08-092\Application Data\Mozilla\Firefox\Profiles\oxw8kkxl.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned without backup
:mozilla.46:C:\Documents and Settings\08-092\Application Data\Mozilla\Firefox\Profiles\oxw8kkxl.default\cookies.txt -> TrackingCookie.Advertising : Cleaned without backup
:mozilla.47:C:\Documents and Settings\08-092\Application Data\Mozilla\Firefox\Profiles\oxw8kkxl.default\cookies.txt -> TrackingCookie.Advertising : Cleaned without backup
:mozilla.50:C:\Documents and Settings\08-092\Application Data\Mozilla\Firefox\Profiles\oxw8kkxl.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned without backup
:mozilla.51:C:\Documents and Settings\08-092\Application Data\Mozilla\Firefox\Profiles\oxw8kkxl.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned without backup
:mozilla.52:C:\Documents and Settings\08-092\Application Data\Mozilla\Firefox\Profiles\oxw8kkxl.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned without backup
:mozilla.53:C:\Documents and Settings\08-092\Application Data\Mozilla\Firefox\Profiles\oxw8kkxl.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned without backup
:mozilla.54:C:\Documents and Settings\08-092\Application Data\Mozilla\Firefox\Profiles\oxw8kkxl.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned without backup
:mozilla.57:C:\Documents and Settings\08-092\Application Data\Mozilla\Firefox\Profiles\oxw8kkxl.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned without backup
:mozilla.58:C:\Documents and Settings\08-092\Application Data\Mozilla\Firefox\Profiles\oxw8kkxl.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned without backup
:mozilla.59:C:\Documents and Settings\08-092\Application Data\Mozilla\Firefox\Profiles\oxw8kkxl.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned without backup
:mozilla.66:C:\Documents and Settings\08-092\Application Data\Mozilla\Firefox\Profiles\oxw8kkxl.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned without backup
:mozilla.68:C:\Documents and Settings\08-092\Application Data\Mozilla\Firefox\Profiles\oxw8kkxl.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned without backup
:mozilla.69:C:\Documents and Settings\08-092\Application Data\Mozilla\Firefox\Profiles\oxw8kkxl.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned without backup
:mozilla.70:C:\Documents and Settings\08-092\Application Data\Mozilla\Firefox\Profiles\oxw8kkxl.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned without backup
:mozilla.71:C:\Documents and Settings\08-092\Application Data\Mozilla\Firefox\Profiles\oxw8kkxl.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned without backup
:mozilla.72:C:\Documents and Settings\08-092\Application Data\Mozilla\Firefox\Profiles\oxw8kkxl.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned without backup
:mozilla.78:C:\Documents and Settings\08-092\Application Data\Mozilla\Firefox\Profiles\oxw8kkxl.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned without backup
:mozilla.82:C:\Documents and Settings\08-092\Application Data\Mozilla\Firefox\Profiles\oxw8kkxl.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned without backup
:mozilla.83:C:\Documents and Settings\08-092\Application Data\Mozilla\Firefox\Profiles\oxw8kkxl.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned without backup
:mozilla.84:C:\Documents and Settings\08-092\Application Data\Mozilla\Firefox\Profiles\oxw8kkxl.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned without backup
:mozilla.85:C:\Documents and Settings\08-092\Application Data\Mozilla\Firefox\Profiles\oxw8kkxl.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned without backup
:mozilla.86:C:\Documents and Settings\08-092\Application Data\Mozilla\Firefox\Profiles\oxw8kkxl.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned without backup
:mozilla.87:C:\Documents and Settings\08-092\Application Data\Mozilla\Firefox\Profiles\oxw8kkxl.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned without backup
:mozilla.89:C:\Documents and Settings\08-092\Application Data\Mozilla\Firefox\Profiles\oxw8kkxl.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned without backup
:mozilla.90:C:\Documents and Settings\08-092\Application Data\Mozilla\Firefox\Profiles\oxw8kkxl.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned without backup
:mozilla.91:C:\Documents and Settings\08-092\Application Data\Mozilla\Firefox\Profiles\oxw8kkxl.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned without backup
:mozilla.92:C:\Documents and Settings\08-092\Application Data\Mozilla\Firefox\Profiles\oxw8kkxl.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned without backup
:mozilla.95:C:\Documents and Settings\08-092\Application Data\Mozilla\Firefox\Profiles\oxw8kkxl.default\cookies.txt -> TrackingCookie.Adserver : Cleaned without backup
:mozilla.96:C:\Documents and Settings\08-092\Application Data\Mozilla\Firefox\Profiles\oxw8kkxl.default\cookies.txt -> TrackingCookie.Adserver : Cleaned without backup
:mozilla.117:C:\Documents and Settings\08-092\Application Data\Mozilla\Firefox\Profiles\oxw8kkxl.default\cookies.txt -> TrackingCookie.Targetnet : Cleaned without backup
:mozilla.118:C:\Documents and Settings\08-092\Application Data\Mozilla\Firefox\Profiles\oxw8kkxl.default\cookies.txt -> TrackingCookie.Targetnet : Cleaned without backup
:mozilla.131:C:\Documents and Settings\08-092\Application Data\Mozilla\Firefox\Profiles\oxw8kkxl.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned without backup
:mozilla.132:C:\Documents and Settings\08-092\Application Data\Mozilla\Firefox\Profiles\oxw8kkxl.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned without backup
:mozilla.133:C:\Documents and Settings\08-092\Application Data\Mozilla\Firefox\Profiles\oxw8kkxl.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned without backup
:mozilla.134:C:\Documents and Settings\08-092\Application Data\Mozilla\Firefox\Profiles\oxw8kkxl.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned without backup
:mozilla.135:C:\Documents and Settings\08-092\Application Data\Mozilla\Firefox\Profiles\oxw8kkxl.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned without backup
:mozilla.136:C:\Documents and Settings\08-092\Application Data\Mozilla\Firefox\Profiles\oxw8kkxl.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned without backup
:mozilla.141:C:\Documents and Settings\08-092\Application Data\Mozilla\Firefox\Profiles\oxw8kkxl.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned without backup
:mozilla.142:C:\Documents and Settings\08-092\Application Data\Mozilla\Firefox\Profiles\oxw8kkxl.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned without backup
:mozilla.143:C:\Documents and Settings\08-092\Application Data\Mozilla\Firefox\Profiles\oxw8kkxl.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned without backup
:mozilla.144:C:\Documents and Settings\08-092\Application Data\Mozilla\Firefox\Profiles\oxw8kkxl.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned without backup
:mozilla.146:C:\Documents and Settings\08-092\Application Data\Mozilla\Firefox\Profiles\oxw8kkxl.default\cookies.txt -> TrackingCookie.Zedo : Cleaned without backup
:mozilla.147:C:\Documents and Settings\08-092\Application Data\Mozilla\Firefox\Profiles\oxw8kkxl.default\cookies.txt -> TrackingCookie.Zedo : Cleaned without backup
:mozilla.149:C:\Documents and Settings\08-092\Application Data\Mozilla\Firefox\Profiles\oxw8kkxl.default\cookies.txt -> TrackingCookie.Zedo : Cleaned without backup
:mozilla.161:C:\Documents and Settings\08-092\Application Data\Mozilla\Firefox\Profiles\oxw8kkxl.default\cookies.txt -> TrackingCookie.Falkag : Cleaned without backup
:mozilla.162:C:\Documents and Settings\08-092\Application Data\Mozilla\Firefox\Profiles\oxw8kkxl.default\cookies.txt -> TrackingCookie.Falkag : Cleaned without backup
:mozilla.163:C:\Documents and Settings\08-092\Application Data\Mozilla\Firefox\Profiles\oxw8kkxl.default\cookies.txt -> TrackingCookie.Falkag : Cleaned without backup
:mozilla.164:C:\Documents and Settings\08-092\Application Data\Mozilla\Firefox\Profiles\oxw8kkxl.default\cookies.txt -> TrackingCookie.Falkag : Cleaned without backup
:mozilla.165:C:\Documents and Settings\08-092\Application Data\Mozilla\Firefox\Profiles\oxw8kkxl.default\cookies.txt -> TrackingCookie.Falkag : Cleaned without backup
:mozilla.166:C:\Documents and Settings\08-092\Application Data\Mozilla\Firefox\Profiles\oxw8kkxl.default\cookies.txt -> TrackingCookie.Falkag : Cleaned without backup
:mozilla.167:C:\Documents and Settings\08-092\Application Data\Mozilla\Firefox\Profiles\oxw8kkxl.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned without backup
:mozilla.168:C:\Documents and Settings\08-092\Application Data\Mozilla\Firefox\Profiles\oxw8kkxl.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned without backup
:mozilla.169:C:\Documents and Settings\08-092\Application Data\Mozilla\Firefox\Profiles\oxw8kkxl.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned without backup
:mozilla.181:C:\Documents and Settings\08-092\Application Data\Mozilla\Firefox\Profiles\oxw8kkxl.default\cookies.txt -> TrackingCookie.Com : Cleaned without backup
:mozilla.182:C:\Documents and Settings\08-092\Application Data\Mozilla\Firefox\Profiles\oxw8kkxl.default\cookies.txt -> TrackingCookie.Com : Cleaned without backup
:mozilla.189:C:\Documents and Settings\08-092\Application Data\Mozilla\Firefox\Profiles\oxw8kkxl.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned without backup
:mozilla.193:C:\Documents and Settings\08-092\Application Data\Mozilla\Firefox\Profiles\oxw8kkxl.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned without backup
:mozilla.194:C:\Documents and Settings\08-092\Application Data\Mozilla\Firefox\Profiles\oxw8kkxl.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned without backup
:mozilla.202:C:\Documents and Settings\08-092\Application Data\Mozilla\Firefox\Profiles\oxw8kkxl.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned without backup
:mozilla.204:C:\Documents and Settings\08-092\Application Data\Mozilla\Firefox\Profiles\oxw8kkxl.default\cookies.txt -> TrackingCookie.Addynamix : Cleaned without backup
:mozilla.216:C:\Documents and Settings\08-092\Application Data\Mozilla\Firefox\Profiles\oxw8kkxl.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned without backup
:mozilla.217:C:\Documents and Settings\08-092\Application Data\Mozilla\Firefox\Profiles\oxw8kkxl.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned without backup
:mozilla.218:C:\Documents and Settings\08-092\Application Data\Mozilla\Firefox\Profiles\oxw8kkxl.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned without backup
:mozilla.231:C:\Documents and Settings\08-092\Application Data\Mozilla\Firefox\Profiles\oxw8kkxl.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned without backup
:mozilla.249:C:\Documents and Settings\08-092\Application Data\Mozilla\Firefox\Profiles\oxw8kkxl.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned without backup
:mozilla.250:C:\Documents and Settings\08-092\Application Data\Mozilla\Firefox\Profiles\oxw8kkxl.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned without backup
:mozilla.251:C:\Documents and Settings\08-092\Application Data\Mozilla\Firefox\Profiles\oxw8kkxl.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned without backup
:mozilla.252:C:\Documents and Settings\08-092\Application Data\Mozilla\Firefox\Profiles\oxw8kkxl.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned without backup
:mozilla.254:C:\Documents and Settings\08-092\Application Data\Mozilla\Firefox\Profiles\oxw8kkxl.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned without backup
:mozilla.255:C:\Documents and Settings\08-092\Application Data\Mozilla\Firefox\Profiles\oxw8kkxl.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned without backup
:mozilla.261:C:\Documents and Settings\08-092\Application Data\Mozilla\Firefox\Profiles\oxw8kkxl.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned without backup
:mozilla.263:C:\Documents and Settings\08-092\Application Data\Mozilla\Firefox\Profiles\oxw8kkxl.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned without backup
:mozilla.264:C:\Documents and Settings\08-092\Application Data\Mozilla\Firefox\Profiles\oxw8kkxl.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned without backup
:mozilla.265:C:\Documents and Settings\08-092\Application Data\Mozilla\Firefox\Profiles\oxw8kkxl.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned without backup
:mozilla.270:C:\Documents and Settings\08-092\Application Data\Mozilla\Firefox\Profiles\oxw8kkxl.default\cookies.txt -> TrackingCookie.2o7 : Cleaned without backup
:mozilla.274:C:\Documents and Settings\08-092\Application Data\Mozilla\Firefox\Profiles\oxw8kkxl.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned without backup
:mozilla.275:C:\Documents and Settings\08-092\Application Data\Mozilla\Firefox\Profiles\oxw8kkxl.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned without backup
:mozilla.276:C:\Documents and Settings\08-092\Application Data\Mozilla\Firefox\Profiles\oxw8kkxl.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned without backup
:mozilla.277:C:\Documents and Settings\08-092\Application Data\Mozilla\Firefox\Profiles\oxw8kkxl.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned without backup
:mozilla.279:C:\Documents and Settings\08-092\Application Data\Mozilla\Firefox\Profiles\oxw8kkxl.default\cookies.txt -> TrackingCookie.Adtech : Cleaned without backup
:mozilla.280:C:\Documents and Settings\08-092\Application Data\Mozilla\Firefox\Profiles\oxw8kkxl.default\cookies.txt -> TrackingCookie.Adtech : Cleaned without backup
:mozilla.288:C:\Documents and Settings\08-092\Application Data\Mozilla\Firefox\Profiles\oxw8kkxl.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned without backup
:mozilla.290:C:\Documents and Settings\08-092\Application Data\Mozilla\Firefox\Profiles\oxw8kkxl.default\cookies.txt -> TrackingCookie.Pro-market : Cleaned without backup
:mozilla.291:C:\Documents and Settings\08-092\Application Data\Mozilla\Firefox\Profiles\oxw8kkxl.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned without backup
:mozilla.292:C:\Documents and Settings\08-092\Application Data\Mozilla\Firefox\Profiles\oxw8kkxl.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned without backup
:mozilla.293:C:\Documents and Settings\08-092\Application Data\Mozilla\Firefox\Profiles\oxw8kkxl.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned without backup
:mozilla.294:C:\Documents and Settings\08-092\Application Data\Mozilla\Firefox\Profiles\oxw8kkxl.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned without backup
:mozilla.295:C:\Documents and Settings\08-092\Application Data\Mozilla\Firefox\Profiles\oxw8kkxl.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned without backup
:mozilla.301:C:\Documents and Settings\08-092\Application Data\Mozilla\Firefox\Profiles\oxw8kkxl.default\cookies.txt -> TrackingCookie.2o7 : Cleaned without backup
:mozilla.309:C:\Documents and Settings\08-092\Application Data\Mozilla\Firefox\Profiles\oxw8kkxl.default\cookies.txt -> TrackingCookie.Bfast : Cleaned without backup
:mozilla.311:C:\Documents and Settings\08-092\Application Data\Mozilla\Firefox\Profiles\oxw8kkxl.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned without backup
:mozilla.312:C:\Documents and Settings\08-092\Application Data\Mozilla\Firefox\Profiles\oxw8kkxl.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned without backup
:mozilla.313:C:\Documents and Settings\08-092\Application Data\Mozilla\Firefox\Profiles\oxw8kkxl.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned without backup
:mozilla.337:C:\Documents and Settings\08-092\Application Data\Mozilla\Firefox\Profiles\oxw8kkxl.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned without backup
:mozilla.350:C:\Documents and Settings\08-092\Application Data\Mozilla\Firefox\Profiles\oxw8kkxl.default\cookies.txt -> TrackingCookie.Overture : Cleaned without backup
:mozilla.351:C:\Documents and Settings\08-092\Application Data\Mozilla\Firefox\Profiles\oxw8kkxl.default\cookies.txt -> TrackingCookie.Com : Cleaned without backup
:mozilla.353:C:\Documents and Settings\08-092\Application Data\Mozilla\Firefox\Profiles\oxw8kkxl.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned without backup
:mozilla.355:C:\Documents and Settings\08-092\Application Data\Mozilla\Firefox\Profiles\oxw8kkxl.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned without backup
:mozilla.356:C:\Documents and Settings\08-092\Application Data\Mozilla\Firefox\Profiles\oxw8kkxl.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned without backup
:mozilla.357:C:\Documents and Settings\08-092\Application Data\Mozilla\Firefox\Profiles\oxw8kkxl.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned without backup
:mozilla.358:C:\Documents and Settings\08-092\Application Data\Mozilla\Firefox\Profiles\oxw8kkxl.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned without backup
:mozilla.359:C:\Documents and Settings\08-092\Application Data\Mozilla\Firefox\Profiles\oxw8kkxl.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned without backup
:mozilla.360:C:\Documents and Settings\08-092\Application Data\Mozilla\Firefox\Profiles\oxw8kkxl.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned without backup
:mozilla.361:C:\Documents and Settings\08-092\Application Data\Mozilla\Firefox\Profiles\oxw8kkxl.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned without backup
:mozilla.365:C:\Documents and Settings\08-092\Application Data\Mozilla\Firefox\Profiles\oxw8kkxl.default\cookies.txt -> TrackingCookie.Trafic : Cleaned without backup
:mozilla.368:C:\Documents and Settings\08-092\Application Data\Mozilla\Firefox\Profiles\oxw8kkxl.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned without backup
:mozilla.369:C:\Documents and Settings\08-092\Application Data\Mozilla\Firefox\Profiles\oxw8kkxl.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned without backup
:mozilla.370:C:\Documents and Settings\08-092\Application Data\Mozilla\Firefox\Profiles\oxw8kkxl.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned without backup
:mozilla.371:C:\Documents and Settings\08-092\Application Data\Mozilla\Firefox\Profiles\oxw8kkxl.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned without backup
:mozilla.372:C:\Documents and Settings\08-092\Application Data\Mozilla\Firefox\Profiles\oxw8kkxl.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned without backup
:mozilla.373:C:\Documents and Settings\08-092\Application Data\Mozilla\Firefox\Profiles\oxw8kkxl.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned without backup
:mozilla.379:C:\Documents and Settings\08-092\Application Data\Mozilla\Firefox\Profiles\oxw8kkxl.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned without backup
:mozilla.380:C:\Documents and Settings\08-092\Application Data\Mozilla\Firefox\Profiles\oxw8kkxl.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned without backup
:mozilla.382:C:\Documents and Settings\08-092\Application Data\Mozilla\Firefox\Profiles\oxw8kkxl.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned without backup
:mozilla.384:C:\Documents and Settings\08-092\Application Data\Mozilla\Firefox\Profiles\oxw8kkxl.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned without backup
:mozilla.387:C:\Documents and Settings\08-092\Application Data\Mozilla\Firefox\Profiles\oxw8kkxl.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned without backup
:mozilla.388:C:\Documents and Settings\08-092\Application Data\Mozilla\Firefox\Profiles\oxw8kkxl.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned without backup
:mozilla.405:C:\Documents and Settings\08-092\Application Data\Mozilla\Firefox\Profiles\oxw8kkxl.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned without backup
:mozilla.410:C:\Documents and Settings\08-092\Application Data\Mozilla\Firefox\Profiles\oxw8kkxl.default\cookies.txt -> TrackingCookie.2o7 : Cleaned without backup
:mozilla.416:C:\Documents and Settings\08-092\Application Data\Mozilla\Firefox\Profiles\oxw8kkxl.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned without backup
:mozilla.417:C:\Documents and Settings\08-092\Application Data\Mozilla\Firefox\Profiles\oxw8kkxl.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned without backup
:mozilla.420:C:\Documents and Settings\08-092\Application Data\Mozilla\Firefox\Profiles\oxw8kkxl.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned without backup
:mozilla.421:C:\Documents and Settings\08-092\Application Data\Mozilla\Firefox\Profiles\oxw8kkxl.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned without backup
:mozilla.422:C:\Documents and Settings\08-092\Application Data\Mozilla\Firefox\Profiles\oxw8kkxl.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned without backup
:mozilla.423:C:\Documents and Settings\08-092\Application Data\Mozilla\Firefox\Profiles\oxw8kkxl.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned without backup
:mozilla.424:C:\Documents and Settings\08-092\Application Data\Mozilla\Firefox\Profiles\oxw8kkxl.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned without backup
:mozilla.425:C:\Documents and Settings\08-092\Application Data\Mozilla\Firefox\Profiles\oxw8kkxl.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned without backup
:mozilla.426:C:\Documents and Settings\08-092\Application Data\Mozilla\Firefox\Profiles\oxw8kkxl.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned without backup
:mozilla.427:C:\Documents and Settings\08-092\Application Data\Mozilla\Firefox\Profiles\oxw8kkxl.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned without backup
:mozilla.445:C:\Documents and Settings\08-092\Application Data\Mozilla\Firefox\Profiles\oxw8kkxl.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned without backup
:mozilla.451:C:\Documents and Settings\08-092\Application Data\Mozilla\Firefox\Profiles\oxw8kkxl.default\cookies.txt -> TrackingCookie.Hotlog : Cleaned without backup
:mozilla.452:C:\Documents and Settings\08-092\Application Data\Mozilla\Firefox\Profiles\oxw8kkxl.default\cookies.txt -> TrackingCookie.Spylog : Cleaned without backup
:mozilla.463:C:\Documents and Settings\08-092\Application Data\Mozilla\Firefox\Profiles\oxw8kkxl.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned without backup
:mozilla.467:C:\Documents and Settings\08-092\Application Data\Mozilla\Firefox\Profiles\oxw8kkxl.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned without backup
:mozilla.468:C:\Documents and Settings\08-092\Application Data\Mozilla\Firefox\Profiles\oxw8kkxl.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned without backup
:mozilla.495:C:\Documents and Settings\08-092\Application Data\Mozilla\Firefox\Profiles\oxw8kkxl.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned without backup
:mozilla.498:C:\Documents and Settings\08-092\Application Data\Mozilla\Firefox\Profiles\oxw8kkxl.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned without backup
:mozilla.499:C:\Documents and Settings\08-092\Application Data\Mozilla\Firefox\Profiles\oxw8kkxl.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned without backup
:mozilla.500:C:\Documents and Settings\08-092\Application Data\Mozilla\Firefox\Profiles\oxw8kkxl.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned without backup
:mozilla.504:C:\Documents and Settings\08-092\Application Data\Mozilla\Firefox\Profiles\oxw8kkxl.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned without backup
:mozilla.505:C:\Documents and Settings\08-092\Application Data\Mozilla\Firefox\Profiles\oxw8kkxl.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned without backup
:mozilla.507:C:\Documents and Settings\08-092\Application Data\Mozilla\Firefox\Profiles\oxw8kkxl.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned without backup
:mozilla.514:C:\Documents and Settings\08-092\Application Data\Mozilla\F

#4 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 10 June 2006 - 03:23 PM

Looks like the Ewido log got cut off.

Open FireFox-> Click Tools-> Options-> Privacy-> Clear All


Download WinPFind to your C Drive.
http://www.bleepingcomputer.com/files/winpfind.php

Right Click the Zip Folder and Select "Extract All"

Don't use it yet


Open HijackThis-> Click "Do a System Scan Only" and put a check by these but DO NOT hit the Fix Checked button yet

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://wa:4100

O4 - HKLM\..\Run: [8fb15ab6.exe] C:\WINDOWS\system32\8fb15ab6.exe

O4 - HKCU\..\Run: [8fb15ab6.exe] C:\Documents and Settings\home\Local Settings\Application Data\8fb15ab6.exe

O14 - IERESET.INF: START_PAGE_URL=http://wa:4100

O20 - Winlogon Notify: winrzf32 - C:\WINDOWS\SYSTEM32\winrzf32.dll

Now Make sure ALL WINDOWS and BROWSERS are CLOSED and hit the Fix Checked Button


Please download the Killbox by Option^Explicit.

Note: In the event you already have Killbox, this is a new version that I need you to download.
  • Save it to your desktop.
  • Please double-click Killbox.exe to run it.
  • Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

    C:\WINDOWS\SYSTEM32\winrzf32.dll
    C:\WINDOWS\system32\8fb15ab6.exe
    C:\Documents and Settings\home\Local Settings\Application Data\8fb15ab6.exe
    c:\windows\downloaded program files\gdnUS2338.exe
    C:\Documents and Settings\home\Favorites\~ VIP Free Porn ~.url


  • Return to Killbox, go to the File menu, and choose Paste from Clipboard.
  • Select Delete on Reboot and Unregister .dll before Deleting
  • then Click on the All Files button.
  • Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).
If your computer does not restart automatically, please restart it manually.

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run Killbox, click here to download and run missingfilesetup.exe. Then try Killbox again.


Reboot into SAFE MODE(Tap F8 when restarting)

From the WinPFind folder-> Doubleclick WinPFind.exe and Click "Start Scan"

It will scan the entire System, so please be patient

Once you see "Scan Complete"-> a log (WinPFind.txt) will be automatically generated in the WinPFind folder


Restart the Machine and Please run the F-Secure Online Scanner
  • Follow the directions in the F-Secure page for proper Installation.
  • Accept the License Agreement.
  • Once the ActiveX installs,Click Custom Scan and be sure the following are checked.
    • Scan whole System
    • Scan all files
    • Scan whole system for rootkits
    • Scan whole system for spyware
    • Scan inside archives
    • Use advanced heuristics
  • Once the download completes,the scan will begin automatically.
  • The scan will take some time to finish,so please be patient.
  • When the scan completes, click the I want to decide item by item button.
  • For each item found,Select Disinfect and Click Next
  • Click the Show Report button and Copy&Paste the entire report in your next reply.
Post back with a fresh HijackThis log and the reports from WinPFind and F-Secure

#5 MongoJerry36

MongoJerry36
  • Topic Starter

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Location:NJ
  • Local time:08:33 AM

Posted 10 June 2006 - 08:08 PM

Hello,
I followed all of the instructions and i think that they have worked. Can I delete the reports, ewido, smit, killbox, winpfind and the reports? Also, my in my internet explorer dropdown bar, there are like 50 sites that wont go away, i used the disk cleanup, and tried to delete it while not running internet explorer, but they wont go away.
I also do not see any more pop ups. But when i ran the F-Secure scan, along with the Panda, they quit in the middle and I had to restart. The second time through on both worked.

Also how many process should there be runnin, should there be more because this is a tablet, but on my home there is 40 and on my tablet there is 58-60. The tablet is the one that we are working on.

Here are the hijack this, winpfind and F-secure, please let me know if there is something wrong.

Thanks,
Rick

F-Secure

Scanning Report
Saturday, June 10, 2006 18:19:19 - 20:50:42

Computer name: KRD52505H0
Scanning type: Scan system for viruses, rootkits, spyware
Target: C:\
Result: 1 malware found
Trojan-Downloader.Win32.Small.dag (virus)

* C:\!KillBox\gdnUS2338.exe (Renamed & Submitted)

Statistics
Scanned:

* Files: 164274
* System: 4427
* Not scanned: 26

Actions:

* Disinfected: 0
* Renamed: 1
* Deleted: 0
* None: 0
* Submitted: 1

Files not scanned:

* C:\HIBERFIL.SYS
* C:\PAGEFILE.SYS
* C:\VIRTPART.DAT
* C:\WINDOWS\SYSTEM32\BIOS1.ROM
* C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
* C:\WINDOWS\SYSTEM32\CONFIG\SAM
* C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
* C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM
* C:\WINDOWS\SYSTEM32\CATROOT2\EDB.LOG
* C:\WINDOWS\SYSTEM32\CATROOT2\TMP.EDB
* C:\PROGRAM FILES\PROJECT64 1.6\SAVE\POKEMON STADIUM.FLA
* C:\Program Files\McAfee.com\Agent\Uninst\mpfrem.ui\appconst.vbs
* C:\Program Files\McAfee.com\Agent\Uninst\screm.ui\agntcons.vbs
* C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\Ad-Aware SE Default.skn
* C:\Program Files\Bluesocket MS IPSec Configuration Tool\MDAC.MSM\stream 2
* C:\I386\BIOS1.RO_
* C:\DOCUMENTS AND SETTINGS\US\APPLICATION DATA\MICROSOFT\CLR SECURITY CONFIG\V1.0.3705\SECURITY.CONFIG
* C:\DOCUMENTS AND SETTINGS\US\APPLICATION DATA\MACROMEDIA\SHOCKWAVE PLAYER\DIRAPI.MCH
* C:\DOCUMENTS AND SETTINGS\US\APPLICATION DATA\MACROMEDIA\SHOCKWAVE PLAYER\SHOCKWAVE LOG
* C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\NTUSER.DAT
* C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\LOCAL SETTINGS\APPLICATION DATA\MICROSOFT\WINDOWS\USRCLASS.DAT
* C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\NTUSER.DAT
* C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\LOCAL SETTINGS\APPLICATION DATA\MICROSOFT\WINDOWS\USRCLASS.DAT
* C:\DOCUMENTS AND SETTINGS\HOME\NTUSER.DAT
* C:\DOCUMENTS AND SETTINGS\HOME\LOCAL SETTINGS\APPLICATION DATA\MICROSOFT\WINDOWS\USRCLASS.DAT
* C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\NETWORK\DOWNLOADER\QMGR0.BAK

WinPFind
WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

Windows OS and Versions
Product Name: Microsoft Windows XP Current Build: Service Pack 2 Current Build Number: 2600
Internet Explorer Version: 6.0.2900.2180

Checking Selected Standard Folders

Checking %SystemDrive% folder...

Checking %ProgramFilesDir% folder...

Checking %WinDir% folder...

Checking %System% folder...
PEC2 3/30/2003 10:00:00 PM 41397 C:\WINDOWS\SYSTEM32\dfrg.msc
PTech 4/10/2006 1:00:34 PM 555824 C:\WINDOWS\SYSTEM32\LegitCheckControl.dll
UPX! 12/10/2004 7:53:58 AM 70144 C:\WINDOWS\SYSTEM32\MODSource.ax
PECompact2 5/3/2006 9:26:24 PM 5818784 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 5/3/2006 9:26:24 PM 5818784 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 8/4/2004 12:56:38 AM 708096 C:\WINDOWS\SYSTEM32\ntdll.dll
Umonitor 8/4/2004 12:56:46 AM 657920 C:\WINDOWS\SYSTEM32\rasdlg.dll
winsync 3/30/2003 10:00:00 PM 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu

Checking %System%\Drivers folder and sub-folders...
PTech 8/3/2004 10:41:38 PM 1309184 C:\WINDOWS\SYSTEM32\drivers\mtlstrm.sys

Items found in C:\WINDOWS\SYSTEM32\drivers\etc\hosts


Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
6/10/2006 4:40:16 PM S 2048 C:\WINDOWS\bootstat.dat
6/4/2006 12:58:36 AM H 54156 C:\WINDOWS\QTFont.qfn
5/22/2006 5:56:36 PM RH 0 C:\WINDOWS\assembly\PublisherPolicy.tme
5/22/2006 5:56:36 PM RH 0 C:\WINDOWS\assembly\pubpol1.dat
5/22/2006 6:04:20 PM RH 0 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\index1b.dat
5/22/2006 6:04:26 PM RH 0 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\index1c.dat
6/10/2006 4:39:06 PM S 64 C:\WINDOWS\CSC\00000001
4/18/2006 3:17:08 AM S 14054 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB908531.cat
6/10/2006 4:40:02 PM H 8192 C:\WINDOWS\system32\config\default.LOG
6/10/2006 4:40:28 PM H 1024 C:\WINDOWS\system32\config\SAM.LOG
6/10/2006 4:40:18 PM H 16384 C:\WINDOWS\system32\config\SECURITY.LOG
6/10/2006 4:40:30 PM H 77824 C:\WINDOWS\system32\config\software.LOG
6/10/2006 4:40:22 PM H 1105920 C:\WINDOWS\system32\config\system.LOG
5/29/2006 12:14:34 AM H 1024 C:\WINDOWS\system32\config\systemprofile\NTUSER.DAT.LOG
4/28/2006 6:15:42 PM S 688 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\60E31627FDA0A46932B0E5948949F2A5
5/29/2006 10:59:18 AM S 558 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\E6024EAC88E6B6165D49FE3C95ADD735
4/28/2006 6:15:42 PM S 70226 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\F482C95F83F1B59228F1B1E720F2EDF1
4/28/2006 6:15:42 PM S 94 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\60E31627FDA0A46932B0E5948949F2A5
5/29/2006 10:59:18 AM S 144 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\E6024EAC88E6B6165D49FE3C95ADD735
4/28/2006 6:15:42 PM S 128 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\F482C95F83F1B59228F1B1E720F2EDF1
5/22/2006 3:30:02 PM HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\ed261dc2-b31a-43b8-af02-cacdd8be79c7
5/22/2006 3:30:02 PM HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\Preferred
6/10/2006 4:39:08 PM H 6 C:\WINDOWS\Tasks\SA.DAT
6/10/2006 2:40:58 PM HS 113 C:\WINDOWS\temp\History\History.IE5\desktop.ini
6/10/2006 2:40:58 PM HS 67 C:\WINDOWS\temp\Temporary Internet Files\Content.IE5\desktop.ini
6/10/2006 2:40:58 PM HS 67 C:\WINDOWS\temp\Temporary Internet Files\Content.IE5\F921YB1M\desktop.ini
6/10/2006 2:40:58 PM HS 67 C:\WINDOWS\temp\Temporary Internet Files\Content.IE5\KIRELLCJ\desktop.ini
6/10/2006 2:40:58 PM HS 67 C:\WINDOWS\temp\Temporary Internet Files\Content.IE5\TOLDK8I3\desktop.ini
6/10/2006 2:40:58 PM HS 67 C:\WINDOWS\temp\Temporary Internet Files\Content.IE5\UJSZEH4X\desktop.ini

Checking for CPL files...
5/25/2004 12:06:58 PM 417792 C:\WINDOWS\SYSTEM32\ac3filter.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 68608 C:\WINDOWS\SYSTEM32\access.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 549888 C:\WINDOWS\SYSTEM32\appwiz.cpl
WIDCOMM, Inc. 9/12/2003 11:43:12 AM 245819 C:\WINDOWS\SYSTEM32\btcpl.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 135168 C:\WINDOWS\SYSTEM32\desk.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 80384 C:\WINDOWS\SYSTEM32\firewall.cpl
9/27/2004 11:15:56 AM 86016 C:\WINDOWS\SYSTEM32\GovCPL.CPL
Microsoft Corporation 8/4/2004 12:56:58 AM 155136 C:\WINDOWS\SYSTEM32\hdwwiz.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 358400 C:\WINDOWS\SYSTEM32\inetcpl.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 129536 C:\WINDOWS\SYSTEM32\intl.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 380416 C:\WINDOWS\SYSTEM32\irprops.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 68608 C:\WINDOWS\SYSTEM32\joy.cpl
Sun Microsystems, Inc. 11/10/2005 2:03:50 PM 49265 C:\WINDOWS\SYSTEM32\jpicpl32.cpl
Microsoft Corporation 3/30/2003 10:00:00 PM 187904 C:\WINDOWS\SYSTEM32\main.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 618496 C:\WINDOWS\SYSTEM32\mmsys.cpl
Microsoft Corporation 3/30/2003 10:00:00 PM 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 25600 C:\WINDOWS\SYSTEM32\netsetup.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 257024 C:\WINDOWS\SYSTEM32\nusrmgr.cpl
NVIDIA Corporation 9/22/2003 12:10:00 PM 143360 C:\WINDOWS\SYSTEM32\nvtuicpl.cpl
Microsoft Corporation 3/30/2003 10:00:00 PM 36864 C:\WINDOWS\SYSTEM32\nwc.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 32768 C:\WINDOWS\SYSTEM32\odbccp32.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 114688 C:\WINDOWS\SYSTEM32\powercfg.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 298496 C:\WINDOWS\SYSTEM32\sysdm.cpl
Microsoft Corporation 8/29/2002 1:41:28 AM 148992 C:\WINDOWS\SYSTEM32\tabletpc.cpl
Microsoft Corporation 3/30/2003 10:00:00 PM 28160 C:\WINDOWS\SYSTEM32\telephon.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 94208 C:\WINDOWS\SYSTEM32\timedate.cpl
2/17/2004 6:11:00 AM 53248 C:\WINDOWS\SYSTEM32\vp6dec_settings.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 148480 C:\WINDOWS\SYSTEM32\wscui.cpl
Microsoft Corporation 5/26/2005 4:16:30 AM 174360 C:\WINDOWS\SYSTEM32\wuaucpl.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 155648 C:\WINDOWS\SYSTEM32\dllcache\sapi.cpl
Microsoft Corporation 5/26/2005 4:16:30 AM 174360 C:\WINDOWS\SYSTEM32\dllcache\wuaucpl.cpl

Checking Selected Startup Folders

Checking files in %ALLUSERSPROFILE%\Startup folder...
5/4/2006 11:40:54 AM 681 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BTTray.lnk
5/21/2003 8:48:20 AM HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini

Checking files in %ALLUSERSPROFILE%\Application Data folder...
5/21/2003 1:32:10 AM HS 62 C:\Documents and Settings\All Users\Application Data\desktop.ini

Checking files in %USERPROFILE%\Startup folder...
5/21/2003 8:48:20 AM HS 84 C:\Documents and Settings\home\Start Menu\Programs\Startup\desktop.ini

Checking files in %USERPROFILE%\Application Data folder...
5/21/2003 1:32:10 AM HS 62 C:\Documents and Settings\home\Application Data\desktop.ini
6/3/2004 5:23:04 PM 0 C:\Documents and Settings\home\Application Data\dm.ini

Checking Selected Registry Keys

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
SV1 =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
=

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\LDVPMenu
{BDA77241-42F6-11d0-85E2-00AA001FE28C} = C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\ViewpointPhotosExt
{28710882-150A-48A6-A858-2FC774BA822E} = C:\Program Files\Viewpoint\Viewpoint Toolbar V35\ViewpointPhotosShellExt.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Start Menu Pin = %SystemRoot%\system32\SHELL32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\LDVPMenu
{BDA77241-42F6-11d0-85E2-00AA001FE28C} = C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\ViewpointPhotosExt
{28710882-150A-48A6-A858-2FC774BA822E} = C:\Program Files\Viewpoint\Viewpoint Toolbar V35\ViewpointPhotosShellExt.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{A9AACA72-1C51-4F84-804D-90EDBA0D58F4}
= C:\Program Files\Common Files\Zinio\ZSHExt.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{F9DB5320-233E-11D1-9F84-707F02C10627}
= C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
AcroIEHlprObj Class = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
SSVHelper Class = C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A7327C09-B521-4EDB-8509-7D2660C9EC98}
Viewpoint Toolbar BHO = C:\Program Files\Viewpoint\Viewpoint Toolbar V35\ViewBarBHO.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Tip of the Day = %SystemRoot%\System32\shdocvw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
{F8AD5AA5-D966-4667-9DAF-2561D68B2012} = Viewpoint Toolbar : C:\Program Files\Viewpoint\Viewpoint Toolbar V35\ViewBar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
MenuText = Sun Java Console : C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{92780B25-18CC-41C8-B9BE-3C9C571A8263}
ButtonText = Research :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}
ButtonText = AIM : C:\Program Files\AIM\aim.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{CCA281CA-C863-46ef-9331-5C8D4460577F}
ButtonText = @btrez.dll,-4015 :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}
ButtonText = Messenger : C:\Program Files\Messenger\msmsgs.exe

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}
=
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E64-B078-11D0-89E4-00C04FC9E26E}
Explorer Band = %SystemRoot%\System32\shdocvw.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\System32\browseui.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\System32\browseui.dll
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
TabletTip "C:\Program Files\Common Files\microsoft shared\ink\tabtip.exe" /resume
NvCplDaemon RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
nwiz rundll32 nview.dll,nViewLoadHook
AGRSMMSG AGRSMMSG.exe
IMJPMIG8.1 "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
MSPY2002 C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
PHIME2002ASync C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
PHIME2002A C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
hpqMcSrv "C:\Program Files\HPQ\Q Menu\CpqMcSrV.exe" /Start
Cpqset C:\Program Files\HPQ\Default Settings\cpqset.exe
TabletWizard C:\WINDOWS\help\SplshWrp.exe
SunJavaUpdateSched C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
Bluesocket "C:\Program Files\Bluesocket MS IPSec Configuration Tool\Bluesocket MS IPsec Config Tool.exe"
ccApp "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
vptray C:\PROGRA~1\SYMANT~1\VPTray.exe
iTunesHelper "C:\Program Files\iTunes\iTunesHelper.exe"
QuickTime Task "C:\Program Files\QuickTime\qttask.exe" -atboottime
NGClient C:\Program Files\Symantec\Ghost\ngctw32.exe
ViewMgr C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
MPFExe C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
MCAgentExe c:\PROGRA~1\mcafee.com\agent\mcagent.exe
MCUpdateExe C:\PROGRA~1\mcafee.com\agent\mcupdate.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
IMAIL Installed = 1
MAPI Installed = 1
MSFS Installed = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
ctfmon.exe C:\WINDOWS\system32\ctfmon.exe
HP Mobile Printing C:\Program Files\Hewlett-Packard\HP Mobile Printing\HPBMOBIL.EXE
Zinio DLM C:\Program Files\Zinio\ZDLM.exe /hide

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Q Menu
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item QICON
hkey HKLM
command C:\Program Files\HPQ\Q Menu\QICON.EXE -QICON
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state
system.ini 0
win.ini 0
bootini 0
services 0
startup 2


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer
NoActiveDesktopChanges 0


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID
{17492023-C23A-453E-A040-C7C580BBF700} 1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} =
{0DF44EAA-FF21-4412-828E-260A8728E7F1} =


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings
Key qSvi&k
FileName0 C:\WINDOWS\System32\RSACi.rat
WarnOnOff 1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\.Default
Allow_Unknowns 0
PleaseMom 1
Enabled 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
dontdisplaylastusername 0
legalnoticecaption
legalnoticetext
shutdownwithoutlogon 1
undockwithoutlogon 1
DisableTaskMgr 0


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop
NoChangingWallPaper 0
NoAddingComponents 0
NoComponents 0
NoDeletingComponents 0
NoEditingComponents 0
NoCloseDragDropBands 0
NoMovingBands 0
NoHTMLWallPaper 0

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun 145
NoActiveDesktop 0
NoSaveSettings 0
ClassicShell 0
NoThemesTab 0
ForceActiveDesktopOn 0

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
DisableTaskMgr 0
NoDispAppearancePage 0
NoColorChoice 0
NoSizeChoice 0
NoDispBackgroundPage 0
NoDispScrSavPage 0
NoDispCPL 0
NoVisualStyleChoice 0
NoDispSettingsPage 0


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
PostBootReminder {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
CDBurn {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll
WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll
SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,
Shell = Explorer.exe
System =

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
= crypt32.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
= cryptnet.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
= cscdll.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\loginkey
= C:\Program Files\Common Files\Microsoft Shared\Ink\loginkey.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon
= C:\WINDOWS\system32\NavLogon.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
= sclgntfy.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
= WlNotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\TabBtnWL
= TabBtnWL.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tpgwlnotify
= tpgwlnot.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon
= WgaLogon.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winrzf32
= winrzf32.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
= wlnotify.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
Debugger = ntsd -d

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLs


Scan Complete
WinPFind v1.4.1 - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 6/10/2006 4:49:37 PM


HiJack This


Logfile of HijackThis v1.99.1
Scan saved at 9:05:10 PM, on 6/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bluesocket MS IPSec Configuration Tool\BlueService.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\PJ Technologies\GOVsrv\GOVsrv.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\Program Files\Symantec\Ghost\ngctw32.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\SYSTEM32\WISPTIS.EXE
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\tabbtnu.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\TCServer.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\TabTip.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\HPQ\Q Menu\CpqMcSrV.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Bluesocket MS IPSec Configuration Tool\Bluesocket MS IPsec Config Tool.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\HP Mobile Printing\HPBMOBIL.EXE
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\home\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar V35\ViewBarBHO.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar V35\ViewBar.dll
O4 - HKLM\..\Run: [TabletTip] "C:\Program Files\Common Files\microsoft shared\ink\tabtip.exe" /resume
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] rundll32 nview.dll,nViewLoadHook
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [hpqMcSrv] "C:\Program Files\HPQ\Q Menu\CpqMcSrV.exe" /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [TabletWizard] C:\WINDOWS\help\SplshWrp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Bluesocket] "C:\Program Files\Bluesocket MS IPSec Configuration Tool\Bluesocket MS IPsec Config Tool.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NGClient] C:\Program Files\Symantec\Ghost\ngctw32.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [HP Mobile Printing] C:\Program Files\Hewlett-Packard\HP Mobile Printing\HPBMOBIL.EXE
O4 - HKCU\..\Run: [Zinio DLM] C:\Program Files\Zinio\ZDLM.exe /hide
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar V35\ViewBar.dll/CXTSEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1129826057280
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols3/fscax.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ndhs.com
O17 - HKLM\Software\..\Telephony: DomainName = ndhs.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ndhs.com
O20 - Winlogon Notify: loginkey - C:\Program Files\Common Files\Microsoft Shared\Ink\loginkey.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: TabBtnWL - C:\WINDOWS\SYSTEM32\TabBtnWL.dll
O20 - Winlogon Notify: tpgwlnotify - C:\WINDOWS\SYSTEM32\tpgwlnot.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winrzf32 - winrzf32.dll (file missing)
O23 - Service: Bluesocket IPSec Service (BlueService) - Bluesocket Inc. - C:\Program Files\Bluesocket MS IPSec Configuration Tool\BlueService.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: GoverLAN Service (GOVsrv) - PJ Technologies, Inc. - C:\Program Files\PJ Technologies\GOVsrv\GOVsrv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: Symantec Ghost Win32 Client Agent (NGClient) - Symantec Corporation - C:\Program Files\Symantec\Ghost\ngctw32.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

#6 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 10 June 2006 - 08:43 PM

Allrighty,have HijackThis fix this entry

O20 - Winlogon Notify: winrzf32 - winrzf32.dll (file missing)


Click Start-> Run-> Type in Services.msc and Click OK

Scroll that list and locate this entry

Machine Debug Manager (MDM)

Right Click that entry and Select Properties-> Click Stop-> Go up and change the Startup Type to Manual

Click Apply-> OK and Exit the Services Page


If you dont use it,remove ViewPoint from Add\Remove Programs.


You can also go through all your 04s in HijackThis and google the filename,read some of the returns and youll see whats needed and not.

You can disable much of this through Msconfig

Before getting rid of the ewido log,can you repost the log so I can see the entire thing.



Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.


#7 MongoJerry36

MongoJerry36
  • Topic Starter

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Location:NJ

Posted 10 June 2006 - 10:31 PM

KASPERSKY ON-LINE SCANNER REPORT
Saturday, June 10, 2006 11:25:53 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.78.0
Kaspersky Anti-Virus database last update: 11/06/2006
Kaspersky Anti-Virus database records: 199794
Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
C:\
Scan Statistics
Total number of scanned objects 69007
Number of viruses found 4
Number of infected objects 5
Number of suspicious objects 0
Duration of the scan process 01:11:40

Infected Object Name Virus Name Last Action
C:\!KillBox\gdnUS2338.0xe Infected: Trojan-Downloader.Win32.Small.dag skipped
C:\System Volume Information\_restore{5C698C25-75B8-408B-9541-16068DBADF18}\RP32\A0000688.exe Infected: Trojan-Downloader.Win32.Zlob.obfuscated skipped
C:\System Volume Information\_restore{5C698C25-75B8-408B-9541-16068DBADF18}\RP32\A0000756.dll Infected: Trojan-Downloader.Win32.IstBar.ff skipped
C:\System Volume Information\_restore{5C698C25-75B8-408B-9541-16068DBADF18}\RP32\A0000771.dll Infected: Trojan.Win32.Agent.vg skipped
C:\System Volume Information\_restore{5C698C25-75B8-408B-9541-16068DBADF18}\RP33\A0000790.exe Infected: Trojan-Downloader.Win32.Small.dag skipped
Scan process completed.


Logfile of HijackThis v1.99.1
Scan saved at 11:29:01 PM, on 6/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bluesocket MS IPSec Configuration Tool\BlueService.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\PJ Technologies\GOVsrv\GOVsrv.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\Program Files\Symantec\Ghost\ngctw32.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\SYSTEM32\WISPTIS.EXE
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\tabbtnu.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\TCServer.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\TabTip.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\HPQ\Q Menu\CpqMcSrV.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Bluesocket MS IPSec Configuration Tool\Bluesocket MS IPsec Config Tool.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\HP Mobile Printing\HPBMOBIL.EXE
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\home\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [TabletTip] "C:\Program Files\Common Files\microsoft shared\ink\tabtip.exe" /resume
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] rundll32 nview.dll,nViewLoadHook
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [hpqMcSrv] "C:\Program Files\HPQ\Q Menu\CpqMcSrV.exe" /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [TabletWizard] C:\WINDOWS\help\SplshWrp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Bluesocket] "C:\Program Files\Bluesocket MS IPSec Configuration Tool\Bluesocket MS IPsec Config Tool.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NGClient] C:\Program Files\Symantec\Ghost\ngctw32.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [HP Mobile Printing] C:\Program Files\Hewlett-Packard\HP Mobile Printing\HPBMOBIL.EXE
O4 - HKCU\..\Run: [Zinio DLM] C:\Program Files\Zinio\ZDLM.exe /hide
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1129826057280
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols3/fscax.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ndhs.com
O17 - HKLM\Software\..\Telephony: DomainName = ndhs.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ndhs.com
O20 - Winlogon Notify: loginkey - C:\Program Files\Common Files\Microsoft Shared\Ink\loginkey.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: TabBtnWL - C:\WINDOWS\SYSTEM32\TabBtnWL.dll
O20 - Winlogon Notify: tpgwlnotify - C:\WINDOWS\SYSTEM32\tpgwlnot.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Bluesocket IPSec Service (BlueService) - Bluesocket Inc. - C:\Program Files\Bluesocket MS IPSec Configuration Tool\BlueService.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: GoverLAN Service (GOVsrv) - PJ Technologies, Inc. - C:\Program Files\PJ Technologies\GOVsrv\GOVsrv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: Symantec Ghost Win32 Client Agent (NGClient) - Symantec Corporation - C:\Program Files\Symantec\Ghost\ngctw32.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

#8 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 11 June 2006 - 06:32 AM

Check out the theeldergeek for a XP services guide.

You may find some services that are uneeded.


Please Install these 2 to add to the Security of the PC!

SpywareBlaster:
http://www.javacoolsoftware.com/downloads.html
Update Immediatly!

WinHelp2002 Hosts File
http://www.mvps.org/winhelp2002/hosts2.htm

Disable System Restore
http://service1.symantec.com/SUPPORT/tsgen...src=sec_doc_nam

Go ahead and Reconfigure Msconfig the way you like the PC to Startup

Go ahead and remove any of the tools downloaded that are of no use anymore

Post back and let me know how things are?

#9 MongoJerry36

MongoJerry36
  • Topic Starter

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Location:NJ
  • Local time:08:33 AM

Posted 11 June 2006 - 11:45 AM

Everything seems to be working pretty good, exept for one thing. In my internet explorer dropdown bar, there are like 50 sites that wont go away, i used the disk cleanup, and tried to delete it while not running internet explorer, but they wont go away. Is my Log clean??

Thanks
Rick

Logfile of HijackThis v1.99.1
Scan saved at 12:42:24 PM, on 6/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bluesocket MS IPSec Configuration Tool\BlueService.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\PJ Technologies\GOVsrv\GOVsrv.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\Program Files\Symantec\Ghost\ngctw32.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SYSTEM32\WISPTIS.EXE
C:\WINDOWS\System32\tabbtnu.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\TCServer.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\TabTip.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\HPQ\Q Menu\CpqMcSrV.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Bluesocket MS IPSec Configuration Tool\Bluesocket MS IPsec Config Tool.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\home\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [TabletTip] "C:\Program Files\Common Files\microsoft shared\ink\tabtip.exe" /resume
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] rundll32 nview.dll,nViewLoadHook
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [hpqMcSrv] "C:\Program Files\HPQ\Q Menu\CpqMcSrV.exe" /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [TabletWizard] C:\WINDOWS\help\SplshWrp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Bluesocket] "C:\Program Files\Bluesocket MS IPSec Configuration Tool\Bluesocket MS IPsec Config Tool.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1129826057280
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols3/fscax.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ndhs.com
O17 - HKLM\Software\..\Telephony: DomainName = ndhs.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ndhs.com
O20 - Winlogon Notify: loginkey - C:\Program Files\Common Files\Microsoft Shared\Ink\loginkey.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: TabBtnWL - C:\WINDOWS\SYSTEM32\TabBtnWL.dll
O20 - Winlogon Notify: tpgwlnotify - C:\WINDOWS\SYSTEM32\tpgwlnot.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Bluesocket IPSec Service (BlueService) - Bluesocket Inc. - C:\Program Files\Bluesocket MS IPSec Configuration Tool\BlueService.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: GoverLAN Service (GOVsrv) - PJ Technologies, Inc. - C:\Program Files\PJ Technologies\GOVsrv\GOVsrv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: Symantec Ghost Win32 Client Agent (NGClient) - Symantec Corporation - C:\Program Files\Symantec\Ghost\ngctw32.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

#10 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 11 June 2006 - 12:12 PM

Open Internet Explorer--> Click Tools--> Internet Options

Click On Clear History--> Delete Files--> Delete Cookies

Close out IE

Re Open IE

See if the address bar is cleared?

Edited by Cretemonster, 11 June 2006 - 12:12 PM.


#11 MongoJerry36

MongoJerry36
  • Topic Starter

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Location:NJ

Posted 11 June 2006 - 02:09 PM

It is still there, is there a way that i can uninstal and reinstall internet explorer. THe sites just wont go away. I also tried to delete them by going to control panel and internet options. and nothing worked.

#12 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 11 June 2006 - 02:49 PM

Hmmm,let me look around and bit and see what I find.


Have you checked in Internet Options,the Trusted and Restricted Zones?

#13 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 11 June 2006 - 02:56 PM

Lets give this tool a run.


Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

#14 MongoJerry36

MongoJerry36
  • Topic Starter

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Location:NJ
  • Local time:08:33 AM

Posted 11 June 2006 - 03:39 PM

It deleted all of the online content with all the sites, but the offline content is still there.

#15 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 11 June 2006 - 03:44 PM

The offline content didnt get cleaned up with Disk Cleanup or was that option available?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users