Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Zlob And Adware Quake


  • This topic is locked This topic is locked
9 replies to this topic

#1 exuion

exuion

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:22 PM

Posted 12 June 2006 - 11:40 PM

Logfile of HijackThis v1.99.1
Scan saved at 9:34:17 PM, on 6/12/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe
C:\Program Files\Canon\BJPV\TVMon.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Keyboard Mouse Tool\mouse32a.exe
C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\COMPAQ\CPQINET\CPQInet.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\System32\bfcb963e.exe
C:\WINDOWS\System32\68e8f6f7.exe
C:\DOCUME~1\Ex\MYDOCU~1\SKS~1\mshta.exe
C:\WINDOWS\ICROSO~1\POOLSV~1.EXE
C:\Program Files\COMPAQ\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Keyboard Mouse Tool\KbdAp32A.exe
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\WgaTray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\dcomcfg.exe
C:\WINDOWS\System32\atmclk.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\cleanmgr.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://store.presario.net/scripts/redirect...&c=3c01&lc=0409
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Compaq
R3 - URLSearchHook: (no name) - {20929603-21DB-477C-BA6F-0B8E70B3C8A0} - (no file)
N2 - Netscape 6: # Mozilla User Preferences
// This is a generated file!

user_pref("browser.cache.directory", "C:\\Documents and Settings\\Ex\\Application Data\\Mozilla\\Profiles\\default\\c1imlt9m.slt\\Cache");
user_pref("browser.history.last_page_visited", "http://www.bestbuy.com/");
user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%206%5Csearchplugins%5CSBWeb_01.src");
user_pref("browser.startup.homepage_override.1", false);
user_pref("prefs.converted-to-utf8", true);
user_pref("signon.SignonFileName", "95584350.s");
user_pref("timebomb.first_launch_time", "1095528285545000");
user_pref("browser.helperApps.neverAsk.openFile", "application%2Fx-java-jnlp-file");
(C:\Documents and Settings\Ex\Application Data\Mozilla\Profiles\default\c1imlt9m.slt\prefs.js)
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Nothing - {686a161d-5bd1-4999-8832-6393f41e564c} - C:\WINDOWS\System32\hp100.tmp
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\COMPAQ\Coloreal\coloreal.exe"
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [BJPD HID Control] C:\Program Files\Canon\BJPV\TVMon.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Keyboard Mouse Tool\mouse32a.exe
O4 - HKLM\..\Run: [OFFICEKB] C:\Program Files\Keyboard Mouse Tool\MMKEYBD.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Anti-Blaxx Manager] C:\Program Files\Anti-Blaxx\Anti-Blaxx.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [bfcb963e.exe] C:\WINDOWS\System32\bfcb963e.exe
O4 - HKLM\..\Run: [68e8f6f7.exe] C:\WINDOWS\System32\68e8f6f7.exe
O4 - HKLM\..\Run: [SpywareQuake.com] C:\Program Files\SpywareQuake.com\Spyware-Quake.exe /h
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [bfcb963e.exe] C:\Documents and Settings\Ex\Local Settings\Application Data\bfcb963e.exe
O4 - HKCU\..\Run: [Aaou] "C:\DOCUME~1\Ex\MYDOCU~1\SKS~1\mshta.exe" -vt yazr
O4 - HKCU\..\Run: [Vfu] C:\WINDOWS\ICROSO~1\POOLSV~1.EXE
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [68e8f6f7.exe] C:\Documents and Settings\Ex\Local Settings\Application Data\68e8f6f7.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\COMPAQ\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZNxdm117BQUS
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: Support - {530D46E0-764F-4B43-8A2B-43D634AC8E74} - C:\Program Files\Internet Explorer\SIGNUP\Presario.htm (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=3c01&lc=0409
O16 - DPF: Yahoo! Bridge - http://download.games.yahoo.com/games/clients/y/bt1_x.cab
O16 - DPF: Yahoo! Canasta - http://download.games.yahoo.com/games/clients/y/yt1_x.cab
O16 - DPF: Yahoo! Gin - http://download.games.yahoo.com/games/clients/y/nt1_x.cab
O16 - DPF: Yahoo! Graffiti - http://download.games.yahoo.com/games/clients/y/grt5_x.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://www.miniclip.com/ricochet/ReflexiveWebGameLoader.cab
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1123
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab
O16 - DPF: {CFCB7308-782F-11D4-BE27-000102598CE4} (NPX Control) - http://nprotect1.gravity.co.kr/nprotect/npx.cab
O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} (NPKCX Control) - http://nprotect1.gravity.co.kr/nprotect/nPKeyCrypt/npkcx.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/web_...aploader_v6.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4580F45D-D7D4-4A24-B9C2-8CE4A19FA379}: NameServer = 68.94.156.1 68.94.157.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{4580F45D-D7D4-4A24-B9C2-8CE4A19FA379}: NameServer = 68.94.156.1 68.94.157.1
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: C:\WINDOWS\System32\userinit.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winuhl32 - C:\WINDOWS\SYSTEM32\winuhl32.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\System32\npkcsvc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

BC AdBot (Login to Remove)

 


m

#2 Jag11

Jag11

  • Members
  • 1,027 posts
  • OFFLINE
  •  
  • Location:127.0.0.1
  • Local time:04:22 AM

Posted 13 June 2006 - 02:14 AM

Hello,

We can definitely help you, but first you need to help us. The first step in this process is to apply Service Pack 1 for Windows XP. Without this update, you're wide open to re-infection, and we're both just wasting our time.

Click here to get Service Pack 1

Warning: You must only update to Service Pack 1, and not Service Pack 2. Doing this before your computer is clean can cause Windows to become unstable. We will update to SP2 after the log is clean.

After you have updated your computer to SP1, please restart your computer and post a new HJT log.
Posted Image
Proud member of ASAP and UNITE since 2006.
Everyone wants to go to heaven, but no one wants to die.

.

#3 exuion

exuion
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:22 PM

Posted 13 June 2006 - 09:25 PM

I installed WinSP 1, Sorry about that the new log file is here

Logfile of HijackThis v1.99.1
Scan saved at 7:19:54 PM, on 6/13/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\WgaTray.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\devldr32.exe
C:\WINDOWS\System32\msiexec.exe
C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe
C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\COMPAQ\CPQINET\CPQInet.exe
C:\Program Files\Canon\BJPV\TVMon.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Keyboard Mouse Tool\mouse32a.exe
C:\Program Files\Keyboard Mouse Tool\KbdAp32A.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\System32\bfcb963e.exe
C:\WINDOWS\System32\68e8f6f7.exe
C:\Program Files\AIM\aim.exe
C:\DOCUME~1\Ex\MYDOCU~1\SKS~1\mshta.exe
C:\WINDOWS\ICROSO~1\POOLSV~1.EXE
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\COMPAQ\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://store.presario.net/scripts/redirect...&c=3c01&lc=0409
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Compaq
R3 - URLSearchHook: (no name) - {20929603-21DB-477C-BA6F-0B8E70B3C8A0} - (no file)
N2 - Netscape 6: # Mozilla User Preferences
// This is a generated file!

user_pref("browser.cache.directory", "C:\\Documents and Settings\\Ex\\Application Data\\Mozilla\\Profiles\\default\\c1imlt9m.slt\\Cache");
user_pref("browser.history.last_page_visited", "http://www.bestbuy.com/");
user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%206%5Csearchplugins%5CSBWeb_01.src");
user_pref("browser.startup.homepage_override.1", false);
user_pref("prefs.converted-to-utf8", true);
user_pref("signon.SignonFileName", "95584350.s");
user_pref("timebomb.first_launch_time", "1095528285545000");
user_pref("browser.helperApps.neverAsk.openFile", "application%2Fx-java-jnlp-file");
(C:\Documents and Settings\Ex\Application Data\Mozilla\Profiles\default\c1imlt9m.slt\prefs.js)
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Nothing - {686a161d-5bd1-4999-8832-6393f41e564c} - C:\WINDOWS\System32\hp100.tmp
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\COMPAQ\Coloreal\coloreal.exe"
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [BJPD HID Control] C:\Program Files\Canon\BJPV\TVMon.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Keyboard Mouse Tool\mouse32a.exe
O4 - HKLM\..\Run: [OFFICEKB] C:\Program Files\Keyboard Mouse Tool\MMKEYBD.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Anti-Blaxx Manager] C:\Program Files\Anti-Blaxx\Anti-Blaxx.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [bfcb963e.exe] C:\WINDOWS\System32\bfcb963e.exe
O4 - HKLM\..\Run: [68e8f6f7.exe] C:\WINDOWS\System32\68e8f6f7.exe
O4 - HKLM\..\Run: [SpywareQuake.com] C:\Program Files\SpywareQuake.com\Spyware-Quake.exe /h
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [bfcb963e.exe] C:\Documents and Settings\Ex\Local Settings\Application Data\bfcb963e.exe
O4 - HKCU\..\Run: [Aaou] "C:\DOCUME~1\Ex\MYDOCU~1\SKS~1\mshta.exe" -vt yazr
O4 - HKCU\..\Run: [Vfu] C:\WINDOWS\ICROSO~1\POOLSV~1.EXE
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [68e8f6f7.exe] C:\Documents and Settings\Ex\Local Settings\Application Data\68e8f6f7.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\COMPAQ\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZNxdm117BQUS
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: Support - {530D46E0-764F-4B43-8A2B-43D634AC8E74} - C:\Program Files\Internet Explorer\SIGNUP\Presario.htm (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=3c01&lc=0409
O16 - DPF: Yahoo! Bridge - http://download.games.yahoo.com/games/clients/y/bt1_x.cab
O16 - DPF: Yahoo! Canasta - http://download.games.yahoo.com/games/clients/y/yt1_x.cab
O16 - DPF: Yahoo! Gin - http://download.games.yahoo.com/games/clients/y/nt1_x.cab
O16 - DPF: Yahoo! Graffiti - http://download.games.yahoo.com/games/clients/y/grt5_x.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://www.miniclip.com/ricochet/ReflexiveWebGameLoader.cab
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1123
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab
O16 - DPF: {CFCB7308-782F-11D4-BE27-000102598CE4} (NPX Control) - http://nprotect1.gravity.co.kr/nprotect/npx.cab
O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} (NPKCX Control) - http://nprotect1.gravity.co.kr/nprotect/nPKeyCrypt/npkcx.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/web_...aploader_v6.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4580F45D-D7D4-4A24-B9C2-8CE4A19FA379}: NameServer = 68.94.156.1 68.94.157.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{4580F45D-D7D4-4A24-B9C2-8CE4A19FA379}: NameServer = 68.94.156.1 68.94.157.1
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: C:\WINDOWS\System32\userinit.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winuhl32 - C:\WINDOWS\SYSTEM32\winuhl32.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\System32\npkcsvc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

#4 Jag11

Jag11

  • Members
  • 1,027 posts
  • OFFLINE
  •  
  • Location:127.0.0.1
  • Local time:04:22 AM

Posted 14 June 2006 - 03:02 AM

You may want to print out these instructions or save it as a text document, and use them as a reference. If you have any questions regarding the fix, please ask us before proceeding. It is also important for you to don't miss a step and perform everything in the right order.

=====================================

I see that you don't have any Anti-Virus running on your machine. This is very important, because without it, you are like begging for all the viruses to get inside your PC, Anti-Virus softwares will serve as your shield against these bad guys.

Download and install :
AVG ANTIVIRUS FREE EDITION

Configure it how you wish then update it. Next, perform a full system scan. Remove/quarantine everything found. Reboot.

=====================================

Download smitRem.exe
  • Save it to your Desktop.
  • Double-click the file to extract it to it's own folder on the desktop.
Download ATF Cleaner
  • Save it to your Desktop.
  • Do not run it yet. We will use this later.
Download Ewido Anti-Malware
  • Install Ewido.
  • When installing, under Additional Options, uncheck:
    • Install background guard
    • Install scan via context menu
  • Launch Ewido.
  • The program will now open the main screen.
  • You will need to update ewido to the latest definition files
    • On the left hand side of the main screen click update.
    • Then click on the Start Update button.
  • The update will start and a progress bar will show the updates being installed.
  • After it has finished, close Ewido, we will use it later.
  • If you are having problems with the updater, you can use this link to manually update ewido » Ewido manual updates.
=====================================

Uninstall Programs
  • Click Start » Control Panel » Add/Remove Programs
  • Find and remove the following program(s) (if present):

    Viewpoint
    PuritySCAN By OIN
    OIN
    OuterInfo


  • Close Add/Remove Programs window after uninstalling.
  • Then please download and run this uninstaller: OiUninstaller.exe
=====================================

Show Hidden Files and Folders

Click Start » My Computer » Tools » Folder Options. Select the View tab.
  • Check - Show hidden files and folders
  • Uncheck - Hide file extensions for known types
  • Uncheck - Hide protected operating system files
Click Yes to confirm, then OK to exit.

=====================================

Reboot into Safe Mode
  • Restart your computer.
  • Before the Windows logo appear, tap F8 repeatedly.
  • A menu should appear, select Safe Mode from the menu using your arrow keys and then hit Enter on your keyboard.
  • This will take a while than usual, so just wait.
=====================================

Please open HijackThis, click Do a system scan only, and then place a checkmark beside each of these entries:

R3 - URLSearchHook: (no name) - {20929603-21DB-477C-BA6F-0B8E70B3C8A0} - (no file)
O2 - BHO: Nothing - {686a161d-5bd1-4999-8832-6393f41e564c} - C:\WINDOWS\System32\hp100.tmp
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [bfcb963e.exe] C:\WINDOWS\System32\bfcb963e.exe
O4 - HKLM\..\Run: [68e8f6f7.exe] C:\WINDOWS\System32\68e8f6f7.exe
O4 - HKLM\..\Run: [SpywareQuake.com] C:\Program Files\SpywareQuake.com\Spyware-Quake.exe /h
O4 - HKCU\..\Run: [bfcb963e.exe] C:\Documents and Settings\Ex\Local Settings\Application Data\bfcb963e.exe
O4 - HKCU\..\Run: [68f6f7.exe] C:\Documents and Settings\Ex\Local Settings\Application Data\68e8f6f7.exe
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1123
O16 - DPF: {CFCB7308-782F-11D4-BE27-000102598CE4} (NPX Control) - http://nprotect1.gravity.co.kr/nprotect/npx.cab
O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} (NPKCX Control) - http://nprotect1.gravity.co.kr/nprotect/nPKeyCrypt/npkcx.cab
O20 - AppInit_DLLs: C:\WINDOWS\System32\userinit.dll
O20 - Winlogon Notify: winuhl32 - C:\WINDOWS\SYSTEM32\winuhl32.dll

After placing all the checkmarks, close all windows (except HJT), and then hit Fix Checked. When it finishes, exit HJT.

=====================================

Locate and delete the following file(s), if present : C:\WINDOWS\SYSTEM32\winuhl32.dll
C:\WINDOWS\System32\userinit.dll
C:\WINDOWS\System32\bfcb963e.exe
C:\WINDOWS\System32\68e8f6f7.exe
C:\Documents and Settings\Ex\Local Settings\Application Data\68e8f6f7.exe
C:\Documents and Settings\Ex\Local Settings\Application Data\bfcb963e.exe

Locate and delete the following folder(s), if present : C:\Program Files\PurityScan
C:\Program Files\Viewpoint\

=====================================

Run smitRem
  • Open the smitRem folder, then double click the RunThis.bat file to start the tool.
  • Follow the prompts on screen.
  • Wait for the tool to complete and disk cleanup to finish.
  • The tool will create a log found in C:\smitfiles.txt. I will need you to post that later.
=====================================

Run ATF Cleaner
  • Double-click ATF-Cleaner.exe to run the program.
  • Click Select All found at the bottom of the list.
  • Click the Empty Selected button.
If you use Firefox browser, do this also:
  • Click Firefox at the top and choose Select All from the list.
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser, do this also:
  • Click Opera at the top and choose Select All from the list.
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.

=====================================

Run Ewido
  • Please close all Windows, Programs or Browsers.
  • Open Ewido.
  • Click on scanner at the left side, then click on Complete System Scan.
    • Please don't use the computer while scanning
    • If Ewido finds anything, it will pop up a notification. When it asks if you want to clean the first file, put a checkmark in the lower left corner of the box that says Perform action on all infections and put a checkmark in the box next to Create encrypted backup, then choose Clean and click Ok.
  • Once the scan has completed, click the button located on the bottom of the screen named Save report.
  • Save the report to your Desktop.
  • Close Ewido.
=====================================

Go to Start | Control Panel | Display | Desktop tab | Customize Desktop button | Web tab.
  • Under Web Pages you should see a checked entry called Security info or something similar.
  • If it is there, select that entry and click the Delete button.
  • Click OK, then Apply, and lastly OK.
=====================================

Restart your computer

=====================================

Run an online scan at Panda's ActiveScan
  • Please go here using Internet Explorer.
  • Once you are on the Panda site click the Scan your PC button.
  • A new window will open, click the big Check Now button.
    • Enter your Country.
    • Enter your State/Province.
    • Enter your e-mail address and click send.
    • Select either Home User or Company.
    • Click the big Scan Now button.
  • If it wants to install an ActiveX component allow it.
  • It will start downloading the files it requires for the scan.
  • When the download is complete, click on My Computer to start the scan.
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.
NOTE: Please ignore any entry it finds and the offer to buy the program to remove the entry, as we will address this later.

=====================================

In your next reply, please include these log(s):
  • HijackThis log (new)
  • C:\smitfiles.txt
  • Ewido
  • Panda

Posted Image
Proud member of ASAP and UNITE since 2006.
Everyone wants to go to heaven, but no one wants to die.

.

#5 exuion

exuion
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:22 PM

Posted 15 June 2006 - 02:07 AM

Logfile of HijackThis v1.99.1
Scan saved at 12:02:25 AM, on 6/15/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe
C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\COMPAQ\CPQINET\CPQInet.exe
C:\Program Files\Canon\BJPV\TVMon.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
C:\Program Files\Keyboard Mouse Tool\mouse32a.exe
C:\Program Files\Keyboard Mouse Tool\KbdAp32A.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\System32\bfcb963e.exe
C:\WINDOWS\System32\68e8f6f7.exe
C:\DOCUME~1\Ex\MYDOCU~1\SKS~1\mshta.exe
C:\WINDOWS\ICROSO~1\POOLSV~1.EXE
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\COMPAQ\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\WgaTray.exe
C:\Program Files\AIM\aim.exe
c:\progra~1\common~1\instal~1\update~1\isuspm.exe
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\agent.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://store.presario.net/scripts/redirect...&c=3c01&lc=0409
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Compaq
R3 - URLSearchHook: (no name) - {20929603-21DB-477C-BA6F-0B8E70B3C8A0} - (no file)
N2 - Netscape 6: # Mozilla User Preferences
// This is a generated file!

user_pref("browser.cache.directory", "C:\\Documents and Settings\\Ex\\Application Data\\Mozilla\\Profiles\\default\\c1imlt9m.slt\\Cache");
user_pref("browser.history.last_page_visited", "http://www.bestbuy.com/");
user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%206%5Csearchplugins%5CSBWeb_01.src");
user_pref("browser.startup.homepage_override.1", false);
user_pref("prefs.converted-to-utf8", true);
user_pref("signon.SignonFileName", "95584350.s");
user_pref("timebomb.first_launch_time", "1095528285545000");
user_pref("browser.helperApps.neverAsk.openFile", "application%2Fx-java-jnlp-file");
(C:\Documents and Settings\Ex\Application Data\Mozilla\Profiles\default\c1imlt9m.slt\prefs.js)
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Nothing - {686a161d-5bd1-4999-8832-6393f41e564c} - C:\WINDOWS\System32\hp100.tmp
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\COMPAQ\Coloreal\coloreal.exe"
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [BJPD HID Control] C:\Program Files\Canon\BJPV\TVMon.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Keyboard Mouse Tool\mouse32a.exe
O4 - HKLM\..\Run: [OFFICEKB] C:\Program Files\Keyboard Mouse Tool\MMKEYBD.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Anti-Blaxx Manager] C:\Program Files\Anti-Blaxx\Anti-Blaxx.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [bfcb963e.exe] C:\WINDOWS\System32\bfcb963e.exe
O4 - HKLM\..\Run: [68e8f6f7.exe] C:\WINDOWS\System32\68e8f6f7.exe
O4 - HKLM\..\Run: [SpywareQuake.com] C:\Program Files\SpywareQuake.com\Spyware-Quake.exe /h
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [bfcb963e.exe] C:\Documents and Settings\Ex\Local Settings\Application Data\bfcb963e.exe
O4 - HKCU\..\Run: [Aaou] "C:\DOCUME~1\Ex\MYDOCU~1\SKS~1\mshta.exe" -vt yazr
O4 - HKCU\..\Run: [Vfu] C:\WINDOWS\ICROSO~1\POOLSV~1.EXE
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [68e8f6f7.exe] C:\Documents and Settings\Ex\Local Settings\Application Data\68e8f6f7.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\COMPAQ\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZNxdm117BQUS
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: Support - {530D46E0-764F-4B43-8A2B-43D634AC8E74} - C:\Program Files\Internet Explorer\SIGNUP\Presario.htm (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=3c01&lc=0409
O16 - DPF: Yahoo! Bridge - http://download.games.yahoo.com/games/clients/y/bt1_x.cab
O16 - DPF: Yahoo! Canasta - http://download.games.yahoo.com/games/clients/y/yt1_x.cab
O16 - DPF: Yahoo! Gin - http://download.games.yahoo.com/games/clients/y/nt1_x.cab
O16 - DPF: Yahoo! Graffiti - http://download.games.yahoo.com/games/clients/y/grt5_x.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://www.miniclip.com/ricochet/ReflexiveWebGameLoader.cab
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1123
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab
O16 - DPF: {CFCB7308-782F-11D4-BE27-000102598CE4} (NPX Control) - http://nprotect1.gravity.co.kr/nprotect/npx.cab
O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} (NPKCX Control) - http://nprotect1.gravity.co.kr/nprotect/nPKeyCrypt/npkcx.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/web_...aploader_v6.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4580F45D-D7D4-4A24-B9C2-8CE4A19FA379}: NameServer = 68.94.156.1 68.94.157.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{4580F45D-D7D4-4A24-B9C2-8CE4A19FA379}: NameServer = 68.94.156.1 68.94.157.1
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: C:\WINDOWS\System32\userinit.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winuhl32 - C:\WINDOWS\SYSTEM32\winuhl32.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\System32\npkcsvc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

#6 exuion

exuion
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:22 PM

Posted 20 June 2006 - 06:18 PM

:huh: Yes! problem solved, thanks for all the help Jag11!! :thumbsup: :flowers: :huh:

#7 Jag11

Jag11

  • Members
  • 1,027 posts
  • OFFLINE
  •  
  • Location:127.0.0.1
  • Local time:04:22 AM

Posted 21 June 2006 - 03:38 AM

It looks like nothing have changed in the log. Are you sure you followed all of my instructions?

Also, can I see these logs :thumbsup: ?

# C:\smitfiles.txt
# Ewido
# Panda
Posted Image
Proud member of ASAP and UNITE since 2006.
Everyone wants to go to heaven, but no one wants to die.

.

#8 exuion

exuion
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:22 PM

Posted 22 June 2006 - 01:36 AM

oh sorry that was a post from some wierd lag... didnt mean to post it
i cleaned the cookies later so dont mind the cookies
And panda was Really really slow... so i gave up on it around 30% -- 3Hr time elapsed
---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 8:28:26 PM, 6/16/2006
+ Report-Checksum: 4B12BA2

+ Scan result:

HKLM\SOFTWARE\Clickspring -> Adware.PurityScan : Cleaned with backup
:mozilla.17:C:\Documents and Settings\Ex\Application Data\Mozilla\Firefox\Profiles\iu6rutu5.ex\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.23:C:\Documents and Settings\Ex\Application Data\Mozilla\Firefox\Profiles\iu6rutu5.ex\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.24:C:\Documents and Settings\Ex\Application Data\Mozilla\Firefox\Profiles\iu6rutu5.ex\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.25:C:\Documents and Settings\Ex\Application Data\Mozilla\Firefox\Profiles\iu6rutu5.ex\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.26:C:\Documents and Settings\Ex\Application Data\Mozilla\Firefox\Profiles\iu6rutu5.ex\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.27:C:\Documents and Settings\Ex\Application Data\Mozilla\Firefox\Profiles\iu6rutu5.ex\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.28:C:\Documents and Settings\Ex\Application Data\Mozilla\Firefox\Profiles\iu6rutu5.ex\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.29:C:\Documents and Settings\Ex\Application Data\Mozilla\Firefox\Profiles\iu6rutu5.ex\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.30:C:\Documents and Settings\Ex\Application Data\Mozilla\Firefox\Profiles\iu6rutu5.ex\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.31:C:\Documents and Settings\Ex\Application Data\Mozilla\Firefox\Profiles\iu6rutu5.ex\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.35:C:\Documents and Settings\Ex\Application Data\Mozilla\Firefox\Profiles\iu6rutu5.ex\cookies.txt -> TrackingCookie.Addynamix : Cleaned with backup
:mozilla.36:C:\Documents and Settings\Ex\Application Data\Mozilla\Firefox\Profiles\iu6rutu5.ex\cookies.txt -> TrackingCookie.Addynamix : Cleaned with backup
:mozilla.37:C:\Documents and Settings\Ex\Application Data\Mozilla\Firefox\Profiles\iu6rutu5.ex\cookies.txt -> TrackingCookie.Addynamix : Cleaned with backup
:mozilla.45:C:\Documents and Settings\Ex\Application Data\Mozilla\Firefox\Profiles\iu6rutu5.ex\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup
:mozilla.46:C:\Documents and Settings\Ex\Application Data\Mozilla\Firefox\Profiles\iu6rutu5.ex\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup
:mozilla.47:C:\Documents and Settings\Ex\Application Data\Mozilla\Firefox\Profiles\iu6rutu5.ex\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup
:mozilla.48:C:\Documents and Settings\Ex\Application Data\Mozilla\Firefox\Profiles\iu6rutu5.ex\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup
:mozilla.49:C:\Documents and Settings\Ex\Application Data\Mozilla\Firefox\Profiles\iu6rutu5.ex\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup
:mozilla.54:C:\Documents and Settings\Ex\Application Data\Mozilla\Firefox\Profiles\iu6rutu5.ex\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.55:C:\Documents and Settings\Ex\Application Data\Mozilla\Firefox\Profiles\iu6rutu5.ex\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.66:C:\Documents and Settings\Ex\Application Data\Mozilla\Firefox\Profiles\iu6rutu5.ex\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.67:C:\Documents and Settings\Ex\Application Data\Mozilla\Firefox\Profiles\iu6rutu5.ex\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.68:C:\Documents and Settings\Ex\Application Data\Mozilla\Firefox\Profiles\iu6rutu5.ex\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.69:C:\Documents and Settings\Ex\Application Data\Mozilla\Firefox\Profiles\iu6rutu5.ex\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.70:C:\Documents and Settings\Ex\Application Data\Mozilla\Firefox\Profiles\iu6rutu5.ex\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.71:C:\Documents and Settings\Ex\Application Data\Mozilla\Firefox\Profiles\iu6rutu5.ex\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.72:C:\Documents and Settings\Ex\Application Data\Mozilla\Firefox\Profiles\iu6rutu5.ex\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.73:C:\Documents and Settings\Ex\Application Data\Mozilla\Firefox\Profiles\iu6rutu5.ex\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.74:C:\Documents and Settings\Ex\Application Data\Mozilla\Firefox\Profiles\iu6rutu5.ex\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.75:C:\Documents and Settings\Ex\Application Data\Mozilla\Firefox\Profiles\iu6rutu5.ex\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.76:C:\Documents and Settings\Ex\Application Data\Mozilla\Firefox\Profiles\iu6rutu5.ex\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.77:C:\Documents and Settings\Ex\Application Data\Mozilla\Firefox\Profiles\iu6rutu5.ex\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.78:C:\Documents and Settings\Ex\Application Data\Mozilla\Firefox\Profiles\iu6rutu5.ex\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.79:C:\Documents and Settings\Ex\Application Data\Mozilla\Firefox\Profiles\iu6rutu5.ex\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.80:C:\Documents and Settings\Ex\Application Data\Mozilla\Firefox\Profiles\iu6rutu5.ex\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.81:C:\Documents and Settings\Ex\Application Data\Mozilla\Firefox\Profiles\iu6rutu5.ex\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.82:C:\Documents and Settings\Ex\Application Data\Mozilla\Firefox\Profiles\iu6rutu5.ex\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.96:C:\Documents and Settings\Ex\Application Data\Mozilla\Firefox\Profiles\iu6rutu5.ex\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup
:mozilla.97:C:\Documents and Settings\Ex\Application Data\Mozilla\Firefox\Profiles\iu6rutu5.ex\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup
:mozilla.102:C:\Documents and Settings\Ex\Application Data\Mozilla\Firefox\Profiles\iu6rutu5.ex\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.103:C:\Documents and Settings\Ex\Application Data\Mozilla\Firefox\Profiles\iu6rutu5.ex\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.104:C:\Documents and Settings\Ex\Application Data\Mozilla\Firefox\Profiles\iu6rutu5.ex\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.106:C:\Documents and Settings\Ex\Application Data\Mozilla\Firefox\Profiles\iu6rutu5.ex\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.107:C:\Documents and Settings\Ex\Application Data\Mozilla\Firefox\Profiles\iu6rutu5.ex\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.108:C:\Documents and Settings\Ex\Application Data\Mozilla\Firefox\Profiles\iu6rutu5.ex\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.109:C:\Documents and Settings\Ex\Application Data\Mozilla\Firefox\Profiles\iu6rutu5.ex\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.110:C:\Documents and Settings\Ex\Application Data\Mozilla\Firefox\Profiles\iu6rutu5.ex\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup
:mozilla.111:C:\Documents and Settings\Ex\Application Data\Mozilla\Firefox\Profiles\iu6rutu5.ex\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup
:mozilla.142:C:\Documents and Settings\Ex\Application Data\Mozilla\Firefox\Profiles\iu6rutu5.ex\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.143:C:\Documents and Settings\Ex\Application Data\Mozilla\Firefox\Profiles\iu6rutu5.ex\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.144:C:\Documents and Settings\Ex\Application Data\Mozilla\Firefox\Profiles\iu6rutu5.ex\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.145:C:\Documents and Settings\Ex\Application Data\Mozilla\Firefox\Profiles\iu6rutu5.ex\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.158:C:\Documents and Settings\Ex\Application Data\Mozilla\Firefox\Profiles\iu6rutu5.ex\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.173:C:\Documents and Settings\Ex\Application Data\Mozilla\Firefox\Profiles\iu6rutu5.ex\cookies.txt -> TrackingCookie.Clickbank : Cleaned with backup
:mozilla.176:C:\Documents and Settings\Ex\Application Data\Mozilla\Firefox\Profiles\iu6rutu5.ex\cookies.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.201:C:\Documents and Settings\Ex\Application Data\Mozilla\Firefox\Profiles\iu6rutu5.ex\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.202:C:\Documents and Settings\Ex\Application Data\Mozilla\Firefox\Profiles\iu6rutu5.ex\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.213:C:\Documents and Settings\Ex\Application Data\Mozilla\Firefox\Profiles\iu6rutu5.ex\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.214:C:\Documents and Settings\Ex\Application Data\Mozilla\Firefox\Profiles\iu6rutu5.ex\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.215:C:\Documents and Settings\Ex\Application Data\Mozilla\Firefox\Profiles\iu6rutu5.ex\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.216:C:\Documents and Settings\Ex\Application Data\Mozilla\Firefox\Profiles\iu6rutu5.ex\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.217:C:\Documents and Settings\Ex\Application Data\Mozilla\Firefox\Profiles\iu6rutu5.ex\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.223:C:\Documents and Settings\Ex\Application Data\Mozilla\Firefox\Profiles\iu6rutu5.ex\cookies.txt -> TrackingCookie.Findwhat : Cleaned with backup
:mozilla.263:C:\Documents and Settings\Ex\Application Data\Mozilla\Firefox\Profiles\iu6rutu5.ex\cookies.txt -> TrackingCookie.Hotlog : Cleaned with backup
:mozilla.305:C:\Documents and Settings\Ex\Application Data\Mozilla\Firefox\Profiles\iu6rutu5.ex\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.317:C:\Documents and Settings\Ex\Application Data\Mozilla\Firefox\Profiles\iu6rutu5.ex\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.329:C:\Documents and Settings\Ex\Application Data\Mozilla\Firefox\Profiles\iu6rutu5.ex\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.346:C:\Documents and Settings\Ex\Application Data\Mozilla\Firefox\Profiles\iu6rutu5.ex\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.355:C:\Documents and Settings\Ex\Application Data\Mozilla\Firefox\Profiles\iu6rutu5.ex\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.356:C:\Documents and Settings\Ex\Application Data\Mozilla\Firefox\Profiles\iu6rutu5.ex\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.357:C:\Documents and Settings\Ex\Application Data\Mozilla\Firefox\Profiles\iu6rutu5.ex\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.361:C:\Documents and Settings\Ex\Application Data\Mozilla\Firefox\Profiles\iu6rutu5.ex\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.362:C:\Documents and Settings\Ex\Application Data\Mozilla\Firefox\Profiles\iu6rutu5.ex\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.363:C:\Documents and Settings\Ex\Application Data\Mozilla\Firefox\Profiles\iu6rutu5.ex\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.364:C:\Documents and Settings\Ex\Application Data\Mozilla\Firefox\Profiles\iu6rutu5.ex\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.365:C:\Documents and Settings\Ex\Application Data\Mozilla\Firefox\Profiles\iu6rutu5.ex\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.383:C:\Documents and Settings\Ex\Application Data\Mozilla\Firefox\Profiles\iu6rutu5.ex\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.384:C:\Documents and Settings\Ex\Application Data\Mozilla\Firefox\Profiles\iu6rutu5.ex\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.385:C:\Documents and Settings\Ex\Application Data\Mozilla\Firefox\Profiles\iu6rutu5.ex\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.386:C:\Documents and Settings\Ex\Application Data\Mozilla\Firefox\Profiles\iu6rutu5.ex\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.394:C:\Documents and Settings\Ex\Application Data\Mozilla\Firefox\Profiles\iu6rutu5.ex\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.411:C:\Documents and Settings\Ex\Application Data\Mozilla\Firefox\Profiles\iu6rutu5.ex\cookies.txt -> TrackingCookie.Spylog : Cleaned with backup
:mozilla.412:C:\Documents and Settings\Ex\Application Data\Mozilla\Firefox\Profiles\iu6rutu5.ex\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.413:C:\Documents and Settings\Ex\Application Data\Mozilla\Firefox\Profiles\iu6rutu5.ex\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.414:C:\Documents and Settings\Ex\Application Data\Mozilla\Firefox\Profiles\iu6rutu5.ex\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup
:mozilla.416:C:\Documents and Settings\Ex\Application Data\Mozilla\Firefox\Profiles\iu6rutu5.ex\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.417:C:\Documents and Settings\Ex\Application Data\Mozilla\Firefox\Profiles\iu6rutu5.ex\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.438:C:\Documents and Settings\Ex\Application Data\Mozilla\Firefox\Profiles\iu6rutu5.ex\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.439:C:\Documents and Settings\Ex\Application Data\Mozilla\Firefox\Profiles\iu6rutu5.ex\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.440:C:\Documents and Settings\Ex\Application Data\Mozilla\Firefox\Profiles\iu6rutu5.ex\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.441:C:\Documents and Settings\Ex\Application Data\Mozilla\Firefox\Profiles\iu6rutu5.ex\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.442:C:\Documents and Settings\Ex\Application Data\Mozilla\Firefox\Profiles\iu6rutu5.ex\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.443:C:\Documents and Settings\Ex\Application Data\Mozilla\Firefox\Profiles\iu6rutu5.ex\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.444:C:\Documents and Settings\Ex\Application Data\Mozilla\Firefox\Profiles\iu6rutu5.ex\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.445:C:\Documents and Settings\Ex\Application Data\Mozilla\Firefox\Profiles\iu6rutu5.ex\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.446:C:\Documents and Settings\Ex\Application Data\Mozilla\Firefox\Profiles\iu6rutu5.ex\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.447:C:\Documents and Settings\Ex\Application Data\Mozilla\Firefox\Profiles\iu6rutu5.ex\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.448:C:\Documents and Settings\Ex\Application Data\Mozilla\Firefox\Profiles\iu6rutu5.ex\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.449:C:\Documents and Settings\Ex\Application Data\Mozilla\Firefox\Profiles\iu6rutu5.ex\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.450:C:\Documents and Settings\Ex\Application Data\Mozilla\Firefox\Profiles\iu6rutu5.ex\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.474:C:\Documents and Settings\Ex\Application Data\Mozilla\Firefox\Profiles\iu6rutu5.ex\cookies.txt -> TrackingCookie.Yadro : Cleaned with backup
:mozilla.475:C:\Documents and Settings\Ex\Application Data\Mozilla\Firefox\Profiles\iu6rutu5.ex\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.476:C:\Documents and Settings\Ex\Application Data\Mozilla\Firefox\Profiles\iu6rutu5.ex\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.477:C:\Documents and Settings\Ex\Application Data\Mozilla\Firefox\Profiles\iu6rutu5.ex\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.482:C:\Documents and Settings\Ex\Application Data\Mozilla\Firefox\Profiles\iu6rutu5.ex\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.483:C:\Documents and Settings\Ex\Application Data\Mozilla\Firefox\Profiles\iu6rutu5.ex\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.484:C:\Documents and Settings\Ex\Application Data\Mozilla\Firefox\Profiles\iu6rutu5.ex\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.486:C:\Documents and Settings\Ex\Application Data\Mozilla\Firefox\Profiles\iu6rutu5.ex\cookies.txt -> TrackingCookie.Clickhype : Cleaned with backup
:mozilla.505:C:\Documents and Settings\Ex\Application Data\Mozilla\Firefox\Profiles\iu6rutu5.ex\cookies.txt -> TrackingCookie.Enhance : Cleaned with backup
:mozilla.510:C:\Documents and Settings\Ex\Application Data\Mozilla\Firefox\Profiles\iu6rutu5.ex\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup
:mozilla.511:C:\Documents and Settings\Ex\Application Data\Mozilla\Firefox\Profiles\iu6rutu5.ex\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup
:mozilla.515:C:\Documents and Settings\Ex\Application Data\Mozilla\Firefox\Profiles\iu6rutu5.ex\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.545:C:\Documents and Settings\Ex\Application Data\Mozilla\Firefox\Profiles\iu6rutu5.ex\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.546:C:\Documents and Settings\Ex\Application Data\Mozilla\Firefox\Profiles\iu6rutu5.ex\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.547:C:\Documents and Settings\Ex\Application Data\Mozilla\Firefox\Profiles\iu6rutu5.ex\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.548:C:\Documents and Settings\Ex\Application Data\Mozilla\Firefox\Profiles\iu6rutu5.ex\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.571:C:\Documents and Settings\Ex\Application Data\Mozilla\Firefox\Profiles\iu6rutu5.ex\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup
:mozilla.572:C:\Documents and Settings\Ex\Application Data\Mozilla\Firefox\Profiles\iu6rutu5.ex\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup
:mozilla.573:C:\Documents and Settings\Ex\Application Data\Mozilla\Firefox\Profiles\iu6rutu5.ex\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup
:mozilla.578:C:\Documents and Settings\Ex\Application Data\Mozilla\Firefox\Profiles\iu6rutu5.ex\cookies.txt -> TrackingCookie.Realtracker : Cleaned with backup
:mozilla.591:C:\Documents and Settings\Ex\Application Data\Mozilla\Firefox\Profiles\iu6rutu5.ex\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned with backup
:mozilla.625:C:\Documents and Settings\Ex\Application Data\Mozilla\Firefox\Profiles\iu6rutu5.ex\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.626:C:\Documents and Settings\Ex\Application Data\Mozilla\Firefox\Profiles\iu6rutu5.ex\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.6:C:\Documents and Settings\Ex\Application Data\Mozilla\Firefox\Profiles\ozmmkgyw.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.7:C:\Documents and Settings\Ex\Application Data\Mozilla\Firefox\Profiles\ozmmkgyw.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.8:C:\Documents and Settings\Ex\Application Data\Mozilla\Firefox\Profiles\ozmmkgyw.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.9:C:\Documents and Settings\Ex\Application Data\Mozilla\Firefox\Profiles\ozmmkgyw.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.10:C:\Documents and Settings\Ex\Application Data\Mozilla\Firefox\Profiles\ozmmkgyw.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.11:C:\Documents and Settings\Ex\Application Data\Mozilla\Firefox\Profiles\ozmmkgyw.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.12:C:\Documents and Settings\Ex\Application Data\Mozilla\Firefox\Profiles\ozmmkgyw.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.13:C:\Documents and Settings\Ex\Application Data\Mozilla\Firefox\Profiles\ozmmkgyw.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.14:C:\Documents and Settings\Ex\Application Data\Mozilla\Firefox\Profiles\ozmmkgyw.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.15:C:\Documents and Settings\Ex\Application Data\Mozilla\Firefox\Profiles\ozmmkgyw.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.16:C:\Documents and Settings\Ex\Application Data\Mozilla\Firefox\Profiles\ozmmkgyw.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.17:C:\Documents and Settings\Ex\Application Data\Mozilla\Firefox\Profiles\ozmmkgyw.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.44:C:\Documents and Settings\Ex\Application Data\Mozilla\Firefox\Profiles\ozmmkgyw.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup
:mozilla.45:C:\Documents and Settings\Ex\Application Data\Mozilla\Firefox\Profiles\ozmmkgyw.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup
:mozilla.48:C:\Documents and Settings\Ex\Application Data\Mozilla\Firefox\Profiles\ozmmkgyw.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.49:C:\Documents and Settings\Ex\Application Data\Mozilla\Firefox\Profiles\ozmmkgyw.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.50:C:\Documents and Settings\Ex\Application Data\Mozilla\Firefox\Profiles\ozmmkgyw.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.51:C:\Documents and Settings\Ex\Application Data\Mozilla\Firefox\Profiles\ozmmkgyw.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.52:C:\Documents and Settings\Ex\Application Data\Mozilla\Firefox\Profiles\ozmmkgyw.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.53:C:\Documents and Settings\Ex\Application Data\Mozilla\Firefox\Profiles\ozmmkgyw.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.55:C:\Documents and Settings\Ex\Application Data\Mozilla\Firefox\Profiles\ozmmkgyw.default\cookies.txt -> TrackingCookie.Addynamix : Cleaned with backup
:mozilla.56:C:\Documents and Settings\Ex\Application Data\Mozilla\Firefox\Profiles\ozmmkgyw.default\cookies.txt -> TrackingCookie.Addynamix : Cleaned with backup
:mozilla.61:C:\Documents and Settings\Ex\Application Data\Mozilla\Firefox\Profiles\ozmmkgyw.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.62:C:\Documents and Settings\Ex\Application Data\Mozilla\Firefox\Profiles\ozmmkgyw.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.63:C:\Documents and Settings\Ex\Application Data\Mozilla\Firefox\Profiles\ozmmkgyw.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.64:C:\Documents and Settings\Ex\Application Data\Mozilla\Firefox\Profiles\ozmmkgyw.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.88:C:\Documents and Settings\Ex\Application Data\Mozilla\Firefox\Profiles\ozmmkgyw.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.100:C:\Documents and Settings\Ex\Application Data\Mozilla\Firefox\Profiles\ozmmkgyw.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.101:C:\Documents and Settings\Ex\Application Data\Mozilla\Firefox\Profiles\ozmmkgyw.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.102:C:\Documents and Settings\Ex\Application Data\Mozilla\Firefox\Profiles\ozmmkgyw.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.103:C:\Documents and Settings\Ex\Application Data\Mozilla\Firefox\Profiles\ozmmkgyw.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.104:C:\Documents and Settings\Ex\Application Data\Mozilla\Firefox\Profiles\ozmmkgyw.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.105:C:\Documents and Settings\Ex\Application Data\Mozilla\Firefox\Profiles\ozmmkgyw.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.106:C:\Documents and Settings\Ex\Application Data\Mozilla\Firefox\Profiles\ozmmkgyw.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.125:C:\Documents and Settings\Ex\Application Data\Mozilla\Firefox\Profiles\ozmmkgyw.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.126:C:\Documents and Settings\Ex\Application Data\Mozilla\Firefox\Profiles\ozmmkgyw.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.127:C:\Documents and Settings\Ex\Application Data\Mozilla\Firefox\Profiles\ozmmkgyw.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.132:C:\Documents and Settings\Ex\Application Data\Mozilla\Firefox\Profiles\ozmmkgyw.default\cookies.txt -> TrackingCookie.Centrport : Cleaned with backup
:mozilla.149:C:\Documents and Settings\Ex\Application Data\Mozilla\Firefox\Profiles\ozmmkgyw.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.150:C:\Documents and Settings\Ex\Application Data\Mozilla\Firefox\Profiles\ozmmkgyw.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.186:C:\Documents and Settings\Ex\Application Data\Mozilla\Firefox\Profiles\ozmmkgyw.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.187:C:\Documents and Settings\Ex\Application Data\Mozilla\Firefox\Profiles\ozmmkgyw.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.188:C:\Documents and Settings\Ex\Application Data\Mozilla\Firefox\Profiles\ozmmkgyw.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.189:C:\Documents and Settings\Ex\Application Data\Mozilla\Firefox\Profiles\ozmmkgyw.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.190:C:\Documents and Settings\Ex\Application Data\Mozilla\Firefox\Profiles\ozmmkgyw.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.191:C:\Documents and Settings\Ex\Application Data\Mozilla\Firefox\Profiles\ozmmkgyw.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.192:C:\Documents and Settings\Ex\Application Data\Mozilla\Firefox\Profiles\ozmmkgyw.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.193:C:\Documents and Settings\Ex\Application Data\Mozilla\Firefox\Profiles\ozmmkgyw.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.194:C:\Documents and Settings\Ex\Application Data\Mozilla\Firefox\Profiles\ozmmkgyw.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.200:C:\Documents and Settings\Ex\Application Data\Mozilla\Firefox\Profiles\ozmmkgyw.default\cookies.txt -> TrackingCookie.Euniverseads : Cleaned with backup
:mozilla.267:C:\Documents and Settings\Ex\Application Data\Mozilla\Firefox\Profiles\ozmmkgyw.default\cookies.txt -> TrackingCookie.Hotlog : Cleaned with backup
:mozilla.275:C:\Documents and Settings\Ex\Application Data\Mozilla\Firefox\Profiles\ozmmkgyw.default\cookies.txt -> TrackingCookie.Hypertracker : Cleaned with backup
:mozilla.336:C:\Documents and Settings\Ex\Application Data\Mozilla\Firefox\Profiles\ozmmkgyw.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.369:C:\Documents and Settings\Ex\Application Data\Mozilla\Firefox\Profiles\ozmmkgyw.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.373:C:\Documents and Settings\Ex\Application Data\Mozilla\Firefox\Profiles\ozmmkgyw.default\cookies.txt -> TrackingCookie.Paypopup : Cleaned with backup
:mozilla.377:C:\Documents and Settings\Ex\Application Data\Mozilla\Firefox\Profiles\ozmmkgyw.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.387:C:\Documents and Settings\Ex\Application Data\Mozilla\Firefox\Profiles\ozmmkgyw.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned with backup
:mozilla.388:C:\Documents and Settings\Ex\Application Data\Mozilla\Firefox\Profiles\ozmmkgyw.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned with backup
:mozilla.391:C:\Documents and Settings\Ex\Application Data\Mozilla\Firefox\Profiles\ozmmkgyw.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.392:C:\Documents and Settings\Ex\Application Data\Mozilla\Firefox\Profiles\ozmmkgyw.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.405:C:\Documents and Settings\Ex\Application Data\Mozilla\Firefox\Profiles\ozmmkgyw.default\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup
:mozilla.406:C:\Documents and Settings\Ex\Application Data\Mozilla\Firefox\Profiles\ozmmkgyw.default\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup
:mozilla.423:C:\Documents and Settings\Ex\Application Data\Mozilla\Firefox\Profiles\ozmmkgyw.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.424:C:\Documents and Settings\Ex\Application Data\Mozilla\Firefox\Profiles\ozmmkgyw.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.425:C:\Documents and Settings\Ex\Application Data\Mozilla\Firefox\Profiles\ozmmkgyw.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.426:C:\Documents and Settings\Ex\Application Data\Mozilla\Firefox\Profiles\ozmmkgyw.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.452:C:\Documents and Settings\Ex\Application Data\Mozilla\Firefox\Profiles\ozmmkgyw.default\cookies.txt -> TrackingCookie.Spylog : Cleaned with backup
:mozilla.455:C:\Documents and Settings\Ex\Application Data\Mozilla\Firefox\Profiles\ozmmkgyw.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.456:C:\Documents and Settings\Ex\Application Data\Mozilla\Firefox\Profiles\ozmmkgyw.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.457:C:\Documents and Settings\Ex\Application Data\Mozilla\Firefox\Profiles\ozmmkgyw.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.458:C:\Documents and Settings\Ex\Application Data\Mozilla\Firefox\Profiles\ozmmkgyw.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.459:C:\Documents and Settings\Ex\Application Data\Mozilla\Firefox\Profiles\ozmmkgyw.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.464:C:\Documents and Settings\Ex\Application Data\Mozilla\Firefox\Profiles\ozmmkgyw.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.465:C:\Documents and Settings\Ex\Application Data\Mozilla\Firefox\Profiles\ozmmkgyw.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.480:C:\Documents and Settings\Ex\Application Data\Mozilla\Firefox\Profiles\ozmmkgyw.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup
:mozilla.481:C:\Documents and Settings\Ex\Application Data\Mozilla\Firefox\Profiles\ozmmkgyw.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.482:C:\Documents and Settings\Ex\Application Data\Mozilla\Firefox\Profiles\ozmmkgyw.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.483:C:\Documents and Settings\Ex\Application Data\Mozilla\Firefox\Profiles\ozmmkgyw.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.484:C:\Documents and Settings\Ex\Application Data\Mozilla\Firefox\Profiles\ozmmkgyw.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.485:C:\Documents and Settings\Ex\Application Data\Mozilla\Firefox\Profiles\ozmmkgyw.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.486:C:\Documents and Settings\Ex\Application Data\Mozilla\Firefox\Profiles\ozmmkgyw.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.487:C:\Documents and Settings\Ex\Application Data\Mozilla\Firefox\Profiles\ozmmkgyw.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.488:C:\Documents and Settings\Ex\Application Data\Mozilla\Firefox\Profiles\ozmmkgyw.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.489:C:\Documents and Settings\Ex\Application Data\Mozilla\Firefox\Profiles\ozmmkgyw.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.490:C:\Documents and Settings\Ex\Application Data\Mozilla\Firefox\Profiles\ozmmkgyw.default\cookies.txt -> TrackingCookie.Trafic : Cleaned with backup
:mozilla.491:C:\Documents and Settings\Ex\Application Data\Mozilla\Firefox\Profiles\ozmmkgyw.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.492:C:\Documents and Settings\Ex\Application Data\Mozilla\Firefox\Profiles\ozmmkgyw.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.493:C:\Documents and Settings\Ex\Application Data\Mozilla\Firefox\Profiles\ozmmkgyw.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.494:C:\Documents and Settings\Ex\Application Data\Mozilla\Firefox\Profiles\ozmmkgyw.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.537:C:\Documents and Settings\Ex\Application Data\Mozilla\Firefox\Profiles\ozmmkgyw.default\cookies.txt -> TrackingCookie.Yadro : Cleaned with backup
:mozilla.543:C:\Documents and Settings\Ex\Application Data\Mozilla\Firefox\Profiles\ozmmkgyw.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.544:C:\Documents and Settings\Ex\Application Data\Mozilla\Firefox\Profiles\ozmmkgyw.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.545:C:\Documents and Settings\Ex\Application Data\Mozilla\Firefox\Profiles\ozmmkgyw.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.546:C:\Documents and Settings\Ex\Application Data\Mozilla\Firefox\Profiles\ozmmkgyw.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.550:C:\Documents and Settings\Ex\Application Data\Mozilla\Firefox\Profiles\ozmmkgyw.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.551:C:\Documents and Settings\Ex\Application Data\Mozilla\Firefox\Profiles\ozmmkgyw.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.552:C:\Documents and Settings\Ex\Application Data\Mozilla\Firefox\Profiles\ozmmkgyw.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.553:C:\Documents and Settings\Ex\Application Data\Mozilla\Firefox\Profiles\ozmmkgyw.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.554:C:\Documents and Settings\Ex\Application Data\Mozilla\Firefox\Profiles\ozmmkgyw.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.555:C:\Documents and Settings\Ex\Application Data\Mozilla\Firefox\Profiles\ozmmkgyw.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.556:C:\Documents and Settings\Ex\Application Data\Mozilla\Firefox\Profiles\ozmmkgyw.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.568:C:\Documents and Settings\Ex\Application Data\Mozilla\Firefox\Profiles\ozmmkgyw.default\cookies.txt -> TrackingCookie.Adition : Cleaned with backup
:mozilla.569:C:\Documents and Settings\Ex\Application Data\Mozilla\Firefox\Profiles\ozmmkgyw.default\cookies.txt -> TrackingCookie.Adition : Cleaned with backup
:mozilla.570:C:\Documents and Settings\Ex\Application Data\Mozilla\Firefox\Profiles\ozmmkgyw.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.571:C:\Documents and Settings\Ex\Application Data\Mozilla\Firefox\Profiles\ozmmkgyw.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.572:C:\Documents and Settings\Ex\Application Data\Mozilla\Firefox\Profiles\ozmmkgyw.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.573:C:\Documents and Settings\Ex\Application Data\Mozilla\Firefox\Profiles\ozmmkgyw.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.574:C:\Documents and Settings\Ex\Application Data\Mozilla\Firefox\Profiles\ozmmkgyw.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.575:C:\Documents and Settings\Ex\Application Data\Mozilla\Firefox\Profiles\ozmmkgyw.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.576:C:\Documents and Settings\Ex\Application Data\Mozilla\Firefox\Profiles\ozmmkgyw.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.579:C:\Documents and Settings\Ex\Application Data\Mozilla\Firefox\Profiles\ozmmkgyw.default\cookies.txt -> TrackingCookie.Clickhype : Cleaned with backup
:mozilla.604:C:\Documents and Settings\Ex\Application Data\Mozilla\Firefox\Profiles\ozmmkgyw.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.607:C:\Documents and Settings\Ex\Application Data\Mozilla\Firefox\Profiles\ozmmkgyw.default\cookies.txt -> TrackingCookie.Goclick : Cleaned with backup
:mozilla.608:C:\Documents and Settings\Ex\Application Data\Mozilla\Firefox\Profiles\ozmmkgyw.default\cookies.txt -> TrackingCookie.Goclick : Cleaned with backup
:mozilla.612:C:\Documents and Settings\Ex\Application Data\Mozilla\Firefox\Profiles\ozmmkgyw.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup
:mozilla.613:C:\Documents and Settings\Ex\Application Data\Mozilla\Firefox\Profiles\ozmmkgyw.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup
:mozilla.614:C:\Documents and Settings\Ex\Application Data\Mozilla\Firefox\Profiles\ozmmkgyw.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup
:mozilla.640:C:\Documents and Settings\Ex\Application Data\Mozilla\Firefox\Profiles\ozmmkgyw.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.641:C:\Documents and Settings\Ex\Application Data\Mozilla\Firefox\Profiles\ozmmkgyw.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.642:C:\Documents and Settings\Ex\Application Data\Mozilla\Firefox\Profiles\ozmmkgyw.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.643:C:\Documents and Settings\Ex\Application Data\Mozilla\Firefox\Profiles\ozmmkgyw.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.644:C:\Documents and Settings\Ex\Application Data\Mozilla\Firefox\Profiles\ozmmkgyw.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.716:C:\Documents and Settings\Ex\Application Data\Mozilla\Firefox\Profiles\ozmmkgyw.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned with backup
:mozilla.747:C:\Documents and Settings\Ex\Application Data\Mozilla\Firefox\Profiles\ozmmkgyw.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
C:\Documents and Settings\Ex\Cookies\ex@aavalue[2].txt -> TrackingCookie.Aavalue : Cleaned with backup
C:\Documents and Settings\Ex\Cookies\ex@ad.adition[2].txt -> TrackingCookie.Adition : Cleaned with backup
C:\Documents and Settings\Ex\Cookies\ex@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Ex\Cookies\ex@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Cleaned with backup
C:\Documents and Settings\Ex\Cookies\ex@adopt.specificclick[1].txt -> TrackingCookie.Specificclick : Cleaned with backup
C:\Documents and Settings\Ex\Cookies\ex@ads.addynamix[1].txt -> TrackingCookie.Addynamix : Cleaned with backup
C:\Documents and Settings\Ex\Cookies\ex@ads.realcastmedia[2].txt -> TrackingCookie.Realcastmedia : Cleaned with backup
C:\Documents and Settings\Ex\Cookies\ex@ads1.revenue[1].txt -> TrackingCookie.Revenue : Cleaned with backup
C:\Documents and Settings\Ex\Cookies\ex@anad.tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned with backup
C:\Documents and Settings\Ex\Cookies\ex@anat.tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned with backup
C:\Documents and Settings\Ex\Cookies\ex@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned with backup
C:\Documents and Settings\Ex\Cookies\ex@com[2].txt -> TrackingCookie.Com : Cleaned with backup
C:\Documents and Settings\Ex\Cookies\ex@cpvfeed[1].txt -> TrackingCookie.Cpvfeed : Cleaned with backup
C:\Documents and Settings\Ex\Cookies\ex@data4.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\Ex\Cookies\ex@e-2dj6wjkychc5ifp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Ex\Cookies\ex@e-2dj6wjkychdpkap.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Ex\Cookies\ex@e-2dj6wjnyckcpoco.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Ex\Cookies\ex@e-2dj6wjnygpazeho.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Ex\Cookies\ex@entrepreneur.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Ex\Cookies\ex@h.starware[1].txt -> TrackingCookie.Starware : Cleaned with backup
C:\Documents and Settings\Ex\Cookies\ex@kmpads[1].txt -> TrackingCookie.Kmpads : Cleaned with backup
C:\Documents and Settings\Ex\Cookies\ex@lovefreegames.aavalue[1].txt -> TrackingCookie.Aavalue : Cleaned with backup
C:\Documents and Settings\Ex\Cookies\ex@microsofteup.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Ex\Cookies\ex@partygaming.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Ex\Cookies\ex@ppms.popularix[1].txt -> TrackingCookie.Popularix : Cleaned with backup
C:\Documents and Settings\Ex\Cookies\ex@prizeamerica.aavalue[2].txt -> TrackingCookie.Aavalue : Cleaned with backup
C:\Documents and Settings\Ex\Cookies\ex@reduxads.valuead[2].txt -> TrackingCookie.Valuead : Cleaned with backup
C:\Documents and Settings\Ex\Cookies\ex@rotator.adjuggler[2].txt -> TrackingCookie.Adjuggler : Cleaned with backup
C:\Documents and Settings\Ex\Cookies\ex@starware[2].txt -> TrackingCookie.Starware : Cleaned with backup
C:\Documents and Settings\Ex\Cookies\ex@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Cleaned with backup
C:\Documents and Settings\Ex\Cookies\ex@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned with backup
C:\Documents and Settings\Ex\Cookies\ex@www.burstbeacon[2].txt -> TrackingCookie.Burstbeacon : Cleaned with backup
C:\Documents and Settings\Ex\Cookies\ex@y-1shz2prbmdj6wvny-1sez2pra2dj6wjk4clc5ebpq6dj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Ex\Cookies\ex@y-1shz2prbmdj6wvny-1sez2pra2dj6wjkospdjcboaidj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Ex\Cookies\ex@y-1shz2prbmdj6wvny-1sez2pra2dj6wjkouocjeloasdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Ex\Cookies\ex@y-1shz2prbmdj6wvny-1sez2pra2dj6wjlogiajelqaudj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Ex\Cookies\ex@yadro[2].txt -> TrackingCookie.Yadro : Cleaned with backup
C:\Documents and Settings\Ex\Cookies\ex@yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Ex\Cookies\ex@zedo[2].txt -> TrackingCookie.Zedo : Cleaned with backup
C:\Documents and Settings\Ex\Local Settings\Temporary Internet Files\Content.IE5\8LUFOPYJ\download[1].htm -> Adware.DealHelper : Cleaned with backup
C:\Documents and Settings\Ex\Local Settings\Temporary Internet Files\Content.IE5\K1IJO5UZ\download[1].htm -> Adware.DealHelper : Cleaned with backup
C:\Documents and Settings\Ex\Local Settings\Temporary Internet Files\Content.IE5\K5GHEN4H\ysb_prompt[1].htm -> Downloader.IstBar.j : Cleaned with backup
C:\Documents and Settings\Ex\Local Settings\Temporary Internet Files\Content.IE5\O523STIJ\drsmartload_js[1].htm -> Downloader.IstBar.j : Cleaned with backup
C:\Documents and Settings\Ex\Local Settings\Temporary Internet Files\Content.IE5\O523STIJ\drsmartload_js[2].htm -> Downloader.IstBar.j : Cleaned with backup
C:\Documents and Settings\Ex\Local Settings\Temporary Internet Files\Content.IE5\O523STIJ\prompt[2].php -> Downloader.IstBar.j : Cleaned with backup
C:\Documents and Settings\Ex\Local Settings\Temporary Internet Files\Content.IE5\O523STIJ\prompt[3].php -> Downloader.IstBar.j : Cleaned with backup
C:\Documents and Settings\Ex\Local Settings\Temporary Internet Files\Content.IE5\O5EV8XAF\AutoUpdaterInstaller[1].exe -> Downloader.Apropo.g : Cleaned with backup
C:\Documents and Settings\Ex\Local Settings\Temporary Internet Files\Content.IE5\QFCNIR6T\send_ocx_sof[1].htm -> Not-A-Virus.Exploit.HTML.CodeBaseExec : Cleaned with backup
C:\Program Files\Aprps -> Adware.Apropos : Cleaned with backup
C:\Program Files\Aprps\AI_08-08-2005.log -> Adware.Apropos : Cleaned with backup
C:\Program Files\Aprps\atl.dll -> Adware.Apropos : Cleaned with backup
C:\Program Files\Aprps\data.bin -> Adware.Apropos : Cleaned with backup
C:\Program Files\Aprps\ProxyStub.dll -> Adware.Apropos : Cleaned with backup
C:\Program Files\DAEMON Tools\SetupDTSB.exe -> Adware.SaveNow : Cleaned with backup
C:\WINDOWS\oeunist.exe -> Downloader.IstBar.er : Cleaned with backup
C:\WINDOWS\system32\dun.exe -> Adware.DealHelper : Cleaned with backup
C:\WINDOWS\system32\Iotlkb.exe -> Adware.DealHelper : Cleaned with backup
C:\WINDOWS\system32\Uilewh.exe -> Adware.DealHelper : Cleaned with backup
C:\WINDOWS\system32\YazzleActiveX.oc$ -> Adware.MediaTickets : Cleaned with backup


::Report End


smitRem © log file
version 3.0

by noahdfear


Microsoft Windows XP [Version 5.1.2600]
"IE"="6.0000"
The current date is: Fri 06/16/2006
The current time is: 18:32:45.96

Running from
C:\Documents and Settings\Ex\Desktop\smitRem

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Pre-run SharedTask Export

(GetSTS.exe) SharedTaskScheduler exporter by Lawrence Abrams (Grinler)
Copyright© 2006 BleepingComputer.com

Registry Pseudo-Format Mode (Not a valid reg file):

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
"{315f73fc-a7b1-49e6-a3c4-cc00cf8a3fdb}"="fossilage"
"{9ae613a2-a13b-4379-8d0e-86a1a78476ec}"="corindon"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32]
@="%SystemRoot%\System32\browseui.dll"


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32]
@="%SystemRoot%\System32\browseui.dll"


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

checking for ShudderLTD key

ShudderLTD key not present!

checking for PSGuard.com key


PSGuard.com key not present!


checking for WinHound.com key


WinHound.com key not present!


checking for drsmartload2 key


drsmartload2 key not present!

spyaxe uninstaller NOT present
Winhound uninstaller NOT present
SpywareStrike uninstaller NOT present
AlfaCleaner uninstaller NOT present
SpyFalcon uninstaller NOT present
SpywareQuake uninstaller NOT present
SpywareSheriff uninstaller NOT present

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Existing Pre-run Files


~~~ Program Files ~~~



~~~ Shortcuts ~~~

Online Security Guide.url
Security Troubleshooting.url
Security Troubleshooting.url


~~~ Favorites ~~~



~~~ system32 folder ~~~

rmzdzx.dll
erxbx.dll
regperf.exe
stdole3.tlb
amcompat.tlb
nscompat.tlb
1024 dir
ld****.tmp


~~~ Icons in System32 ~~~

ot.ico


~~~ Windows directory ~~~



~~~ Drive root ~~~


~~~ Miscellaneous Files/folders ~~~




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 792 'explorer.exe'

Starting registry repairs

Registry repairs complete

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

SharedTask Export after registry fix

(GetSTS.exe) SharedTaskScheduler exporter by Lawrence Abrams (Grinler)
Copyright© 2006 BleepingComputer.com

Registry Pseudo-Format Mode (Not a valid reg file):

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
"{9ae613a2-a13b-4379-8d0e-86a1a78476ec}"="corindon"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32]
@="%SystemRoot%\System32\browseui.dll"


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32]
@="%SystemRoot%\System32\browseui.dll"


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Deleting files

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Remaining Post-run Files


~~~ Program Files ~~~



~~~ Shortcuts ~~~



~~~ Favorites ~~~



~~~ system32 folder ~~~



~~~ Icons in System32 ~~~



~~~ Windows directory ~~~



Edited by exuion, 22 June 2006 - 01:37 AM.


#9 Jag11

Jag11

  • Members
  • 1,027 posts
  • OFFLINE
  •  
  • Location:127.0.0.1
  • Local time:04:22 AM

Posted 22 June 2006 - 04:17 AM

Please download AproposFix from here
  • Save it to your Desktop.
  • Do not run it yet.
We will need to boot into Safe Mode:
  • Restart your computer.
  • As soon as it starts to boot, tap F8 repeatedly.
  • Select Safe Mode from the menu and then hit Enter.
  • If that doesn't work, click here.
Once you're in Safe Mode:
  • Double-click aproposfix.exe and unzip it to the Desktop.
  • Open the aproposfix folder on your Desktop.
  • Double-click RunThis.bat.
  • Follow the prompts.
When the tool is finished:
  • Reboot back into normal mode.
  • Post a new HijackThis log, along with the entire contents of the log.txt file in the aproposfix folder.

Posted Image
Proud member of ASAP and UNITE since 2006.
Everyone wants to go to heaven, but no one wants to die.

.

#10 Jag11

Jag11

  • Members
  • 1,027 posts
  • OFFLINE
  •  
  • Location:127.0.0.1
  • Local time:04:22 AM

Posted 30 June 2006 - 03:46 AM

Due to the lack of feedback, this topic is closed.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.

Regards,
Jet Ian

Posted Image
Proud member of ASAP and UNITE since 2006.
Everyone wants to go to heaven, but no one wants to die.

.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users