Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijackthis Log Help


  • This topic is locked This topic is locked
47 replies to this topic

#1 smog

smog

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:02:40 AM

Posted 18 July 2006 - 11:32 PM

not sure what the problem is but i am pretty sure i have one


Logfile of HijackThis v1.99.1
Scan saved at 11:30:39 PM, on 7/18/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\cisvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\AOL\1142659333\ee\AOLSoftware.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\f83560ee.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\TEMP\win2FE.tmp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
c:\program files\common files\aol\1142659333\ee\aim6.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\program files\aol\aol toolbar 3.1\aoltbhelper.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by AcademicPlanet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;<local>
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn7\yt.dll
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn7\yt.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1142659333\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [f83560ee.exe] C:\WINDOWS\system32\f83560ee.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [f83560ee.exe] C:\Documents and Settings\Joe.VINCENT\Local Settings\Application Data\f83560ee.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.1\resources\en-US\local\search.html
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Search - http://kl.bar.need2find.com/KL/menusearch.html?p=KL
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyPoker.net\partypokernet.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyPoker.net\partypokernet.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O9 - Extra button: WebMail - {C80430A5-D20F-4ACF-9EF3-36DEE65C6B35} - http://webmail.academicplanet.com (file missing) (HKCU)
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.academicplanet.com
O15 - Trusted Zone: *.musicmatch.com
O15 - Trusted Zone: *.musicmatch.com (HKLM)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...81/mcinsctl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1123
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/.../ymmapi_416.dll
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,19/mcgdmgr.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs:
O21 - SSODL: cinnamomum - {93ac7c30-3878-4eaa-9420-7977285df5b1} - C:\WINDOWS\system32\pmnqguh.dll (file missing)
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: spkrmon - Unknown owner - C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

BC AdBot (Login to Remove)

 


m

#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:02:40 AM

Posted 20 July 2006 - 06:41 PM

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. :thumbsup:

Please download Ewido Anti-spyware and save that file to your desktop.
This is a 30 day trial of the program
  • Once you have downloaded ewido anti-spyware, locate the icon on the desktop and double-click it to launch the set up program.
  • Once the setup is complete you will need run ewido and update the definition files.
  • On the main screen select the icon "Update" then select the "Update now" link.
    • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
  • Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  • Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
  • Under "Reports"
    • Select "Automatically generate report after every scan"
    • Un-Select "Only if threats were found"
Close ewido anti-spyware, Do Not run a scan just yet, we will shortly.
  • Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.
    IMPORTANT: Do not open any other windows or programs while ewido is scanning, it may interfere with the scanning proccess:
  • Lauch ewido-anti-spyware by double-clicking the icon on your desktop.
  • Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
  • ewido will now begin the scanning process, be patient this may take a little time.
    Once the scan is complete do the following:
  • If you have any infections you will prompted, then select "Apply all actions"
  • Next select the "Reports" icon at the top.
  • Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
  • Close ewido and reboot your system back into Normal Mode and post the results of the ewido scan report along with a new hijackthis log.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 smog

smog
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:02:40 AM

Posted 20 July 2006 - 10:55 PM

ok did exactly what you said...

heres Ewido Report:

---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 10:45:42 PM 7/20/2006

+ Scan result:



C:\System Volume Information\_restore{4AD44405-0E5D-4228-8EE7-C88D8D857295}\RP816\A0280023.exe -> Adware.180Solutions : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4AD44405-0E5D-4228-8EE7-C88D8D857295}\RP837\A0284586.exe -> Adware.180Solutions : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4AD44405-0E5D-4228-8EE7-C88D8D857295}\RP841\A0284873.exe -> Adware.180Solutions : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4AD44405-0E5D-4228-8EE7-C88D8D857295}\RP847\A0285358.dll -> Adware.BargainBuddy : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{93ac7c30-3878-4eaa-9420-7977285df5b1} -> Adware.Generic : Cleaned with backup (quarantined).
HKU\S-1-5-21-602162358-1004336348-725345543-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5929CD6E-2062-44A4-B2C5-2C7E78FBAB38} -> Adware.Generic : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4AD44405-0E5D-4228-8EE7-C88D8D857295}\RP847\A0285388.exe -> Adware.MediaTickets : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4AD44405-0E5D-4228-8EE7-C88D8D857295}\RP846\A0285242.exe -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4AD44405-0E5D-4228-8EE7-C88D8D857295}\RP847\A0285284.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4AD44405-0E5D-4228-8EE7-C88D8D857295}\RP847\A0285386.exe -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4AD44405-0E5D-4228-8EE7-C88D8D857295}\RP847\snapshot\MFEX-1.DAT -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4AD44405-0E5D-4228-8EE7-C88D8D857295}\RP847\snapshot\MFEX-10.DAT -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4AD44405-0E5D-4228-8EE7-C88D8D857295}\RP847\snapshot\MFEX-11.DAT -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4AD44405-0E5D-4228-8EE7-C88D8D857295}\RP847\snapshot\MFEX-12.DAT -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4AD44405-0E5D-4228-8EE7-C88D8D857295}\RP847\snapshot\MFEX-13.DAT -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4AD44405-0E5D-4228-8EE7-C88D8D857295}\RP847\snapshot\MFEX-14.DAT -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4AD44405-0E5D-4228-8EE7-C88D8D857295}\RP847\snapshot\MFEX-15.DAT -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4AD44405-0E5D-4228-8EE7-C88D8D857295}\RP847\snapshot\MFEX-16.DAT -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4AD44405-0E5D-4228-8EE7-C88D8D857295}\RP847\snapshot\MFEX-17.DAT -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4AD44405-0E5D-4228-8EE7-C88D8D857295}\RP847\snapshot\MFEX-18.DAT -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4AD44405-0E5D-4228-8EE7-C88D8D857295}\RP847\snapshot\MFEX-19.DAT -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4AD44405-0E5D-4228-8EE7-C88D8D857295}\RP847\snapshot\MFEX-2.DAT -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4AD44405-0E5D-4228-8EE7-C88D8D857295}\RP847\snapshot\MFEX-20.DAT -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4AD44405-0E5D-4228-8EE7-C88D8D857295}\RP847\snapshot\MFEX-21.DAT -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4AD44405-0E5D-4228-8EE7-C88D8D857295}\RP847\snapshot\MFEX-22.DAT -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4AD44405-0E5D-4228-8EE7-C88D8D857295}\RP847\snapshot\MFEX-24.DAT -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4AD44405-0E5D-4228-8EE7-C88D8D857295}\RP847\snapshot\MFEX-25.DAT -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4AD44405-0E5D-4228-8EE7-C88D8D857295}\RP847\snapshot\MFEX-26.DAT -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4AD44405-0E5D-4228-8EE7-C88D8D857295}\RP847\snapshot\MFEX-27.DAT -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4AD44405-0E5D-4228-8EE7-C88D8D857295}\RP847\snapshot\MFEX-28.DAT -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4AD44405-0E5D-4228-8EE7-C88D8D857295}\RP847\snapshot\MFEX-29.DAT -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4AD44405-0E5D-4228-8EE7-C88D8D857295}\RP847\snapshot\MFEX-3.DAT -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4AD44405-0E5D-4228-8EE7-C88D8D857295}\RP847\snapshot\MFEX-30.DAT -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4AD44405-0E5D-4228-8EE7-C88D8D857295}\RP847\snapshot\MFEX-31.DAT -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4AD44405-0E5D-4228-8EE7-C88D8D857295}\RP847\snapshot\MFEX-32.DAT -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4AD44405-0E5D-4228-8EE7-C88D8D857295}\RP847\snapshot\MFEX-33.DAT -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4AD44405-0E5D-4228-8EE7-C88D8D857295}\RP847\snapshot\MFEX-34.DAT -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4AD44405-0E5D-4228-8EE7-C88D8D857295}\RP847\snapshot\MFEX-35.DAT -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4AD44405-0E5D-4228-8EE7-C88D8D857295}\RP847\snapshot\MFEX-36.DAT -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4AD44405-0E5D-4228-8EE7-C88D8D857295}\RP847\snapshot\MFEX-37.DAT -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4AD44405-0E5D-4228-8EE7-C88D8D857295}\RP847\snapshot\MFEX-38.DAT -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4AD44405-0E5D-4228-8EE7-C88D8D857295}\RP847\snapshot\MFEX-39.DAT -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4AD44405-0E5D-4228-8EE7-C88D8D857295}\RP847\snapshot\MFEX-4.DAT -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4AD44405-0E5D-4228-8EE7-C88D8D857295}\RP847\snapshot\MFEX-40.DAT -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4AD44405-0E5D-4228-8EE7-C88D8D857295}\RP847\snapshot\MFEX-41.DAT -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4AD44405-0E5D-4228-8EE7-C88D8D857295}\RP847\snapshot\MFEX-42.DAT -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4AD44405-0E5D-4228-8EE7-C88D8D857295}\RP847\snapshot\MFEX-44.DAT -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4AD44405-0E5D-4228-8EE7-C88D8D857295}\RP847\snapshot\MFEX-45.DAT -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4AD44405-0E5D-4228-8EE7-C88D8D857295}\RP847\snapshot\MFEX-46.DAT -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4AD44405-0E5D-4228-8EE7-C88D8D857295}\RP847\snapshot\MFEX-47.DAT -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4AD44405-0E5D-4228-8EE7-C88D8D857295}\RP847\snapshot\MFEX-48.DAT -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4AD44405-0E5D-4228-8EE7-C88D8D857295}\RP847\snapshot\MFEX-49.DAT -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4AD44405-0E5D-4228-8EE7-C88D8D857295}\RP847\snapshot\MFEX-5.DAT -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4AD44405-0E5D-4228-8EE7-C88D8D857295}\RP847\snapshot\MFEX-57.DAT -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4AD44405-0E5D-4228-8EE7-C88D8D857295}\RP847\snapshot\MFEX-58.DAT -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4AD44405-0E5D-4228-8EE7-C88D8D857295}\RP847\snapshot\MFEX-59.DAT -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4AD44405-0E5D-4228-8EE7-C88D8D857295}\RP847\snapshot\MFEX-6.DAT -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4AD44405-0E5D-4228-8EE7-C88D8D857295}\RP847\snapshot\MFEX-60.DAT -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4AD44405-0E5D-4228-8EE7-C88D8D857295}\RP847\snapshot\MFEX-61.DAT -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4AD44405-0E5D-4228-8EE7-C88D8D857295}\RP847\snapshot\MFEX-62.DAT -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4AD44405-0E5D-4228-8EE7-C88D8D857295}\RP847\snapshot\MFEX-63.DAT -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4AD44405-0E5D-4228-8EE7-C88D8D857295}\RP847\snapshot\MFEX-64.DAT -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4AD44405-0E5D-4228-8EE7-C88D8D857295}\RP847\snapshot\MFEX-65.DAT -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4AD44405-0E5D-4228-8EE7-C88D8D857295}\RP847\snapshot\MFEX-66.DAT -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4AD44405-0E5D-4228-8EE7-C88D8D857295}\RP847\snapshot\MFEX-67.DAT -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4AD44405-0E5D-4228-8EE7-C88D8D857295}\RP847\snapshot\MFEX-68.DAT -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4AD44405-0E5D-4228-8EE7-C88D8D857295}\RP847\snapshot\MFEX-69.DAT -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4AD44405-0E5D-4228-8EE7-C88D8D857295}\RP847\snapshot\MFEX-7.DAT -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4AD44405-0E5D-4228-8EE7-C88D8D857295}\RP847\snapshot\MFEX-70.DAT -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4AD44405-0E5D-4228-8EE7-C88D8D857295}\RP847\snapshot\MFEX-71.DAT -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4AD44405-0E5D-4228-8EE7-C88D8D857295}\RP847\snapshot\MFEX-72.DAT -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4AD44405-0E5D-4228-8EE7-C88D8D857295}\RP847\snapshot\MFEX-73.DAT -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4AD44405-0E5D-4228-8EE7-C88D8D857295}\RP847\snapshot\MFEX-74.DAT -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4AD44405-0E5D-4228-8EE7-C88D8D857295}\RP847\snapshot\MFEX-75.DAT -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4AD44405-0E5D-4228-8EE7-C88D8D857295}\RP847\snapshot\MFEX-76.DAT -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4AD44405-0E5D-4228-8EE7-C88D8D857295}\RP847\snapshot\MFEX-77.DAT -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4AD44405-0E5D-4228-8EE7-C88D8D857295}\RP847\snapshot\MFEX-78.DAT -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4AD44405-0E5D-4228-8EE7-C88D8D857295}\RP847\snapshot\MFEX-79.DAT -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4AD44405-0E5D-4228-8EE7-C88D8D857295}\RP847\snapshot\MFEX-8.DAT -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4AD44405-0E5D-4228-8EE7-C88D8D857295}\RP847\snapshot\MFEX-80.DAT -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4AD44405-0E5D-4228-8EE7-C88D8D857295}\RP847\snapshot\MFEX-81.DAT -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4AD44405-0E5D-4228-8EE7-C88D8D857295}\RP847\snapshot\MFEX-82.DAT -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4AD44405-0E5D-4228-8EE7-C88D8D857295}\RP847\snapshot\MFEX-83.DAT -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4AD44405-0E5D-4228-8EE7-C88D8D857295}\RP847\snapshot\MFEX-85.DAT -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4AD44405-0E5D-4228-8EE7-C88D8D857295}\RP847\snapshot\MFEX-9.DAT -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\Downloads\Wheel_of_Fortune_Setup-dm[1].exe -> Adware.Trymedia : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\BO2802040128.exe -> Adware.VirtualBouncer : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\pmkjj.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\xxyawvt.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4AD44405-0E5D-4228-8EE7-C88D8D857295}\RP817\A0280112.dll -> Adware.Zango : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4AD44405-0E5D-4228-8EE7-C88D8D857295}\RP841\A0284768.dll -> Adware.Zango : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4AD44405-0E5D-4228-8EE7-C88D8D857295}\RP841\A0284884.dll -> Adware.Zango : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4AD44405-0E5D-4228-8EE7-C88D8D857295}\RP847\A0285360.exe -> Backdoor.VB.oq : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-602162358-1004336348-725345543-1005\Dc13\110094.dlr -> Dialer.Tibs.c : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\gdnUS2339.exe -> Downloader.Obfuscated.n : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4AD44405-0E5D-4228-8EE7-C88D8D857295}\RP847\A0285387.exe -> Downloader.PurityScan.cu : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4AD44405-0E5D-4228-8EE7-C88D8D857295}\RP847\A0285363.exe -> Downloader.VB.em : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4AD44405-0E5D-4228-8EE7-C88D8D857295}\RP847\A0285365.exe -> Downloader.VB.em : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4AD44405-0E5D-4228-8EE7-C88D8D857295}\RP847\A0285366.exe -> Downloader.VB.em : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4AD44405-0E5D-4228-8EE7-C88D8D857295}\RP847\A0285368.exe -> Downloader.VB.em : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4AD44405-0E5D-4228-8EE7-C88D8D857295}\RP847\A0285369.exe -> Downloader.VB.em : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4AD44405-0E5D-4228-8EE7-C88D8D857295}\RP847\A0285367.exe -> Downloader.Zlob.yu : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4AD44405-0E5D-4228-8EE7-C88D8D857295}\RP847\A0285361.exe -> Downloader.Zlob.zd : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4AD44405-0E5D-4228-8EE7-C88D8D857295}\RP847\A0285362.exe -> Downloader.Zlob.zd : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4AD44405-0E5D-4228-8EE7-C88D8D857295}\RP849\A0285562.dll -> Downloader.Zlob.zd : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\__delete_on_reboot__i_x_t_0_._d_l_l_ -> Downloader.Zlob.zd : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\ishost.exe -> Downloader.Zlob.zh : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\ismon.exe -> Downloader.Zlob.zh : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4AD44405-0E5D-4228-8EE7-C88D8D857295}\RP847\A0285364.exe -> Dropper.Small : Cleaned with backup (quarantined).
C:\WINDOWS\browser.exe -> Hijacker.Small : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\gsda.dll -> Not-A-Virus.Downloader.Win32.SpyGame : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4AD44405-0E5D-4228-8EE7-C88D8D857295}\RP847\A0285359.dll -> Not-A-Virus.Hoax.Win32.Renos.dw : Cleaned with backup (quarantined).
:mozilla.441:C:\Documents and Settings\Charlie\Application Data\Mozilla\Firefox\Profiles\6veil4hc.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned with backup (quarantined).
:mozilla.10:C:\Documents and Settings\Charlie\Application Data\Netscape\NSB\Profiles\iivxvk4d.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.11:C:\Documents and Settings\Charlie\Application Data\Netscape\NSB\Profiles\iivxvk4d.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.144:C:\Documents and Settings\Charlie\Application Data\Mozilla\Firefox\Profiles\6veil4hc.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.145:C:\Documents and Settings\Charlie\Application Data\Mozilla\Firefox\Profiles\6veil4hc.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.146:C:\Documents and Settings\Charlie\Application Data\Mozilla\Firefox\Profiles\6veil4hc.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.147:C:\Documents and Settings\Charlie\Application Data\Mozilla\Firefox\Profiles\6veil4hc.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.148:C:\Documents and Settings\Charlie\Application Data\Mozilla\Firefox\Profiles\6veil4hc.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.149:C:\Documents and Settings\Charlie\Application Data\Mozilla\Firefox\Profiles\6veil4hc.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.150:C:\Documents and Settings\Charlie\Application Data\Mozilla\Firefox\Profiles\6veil4hc.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.151:C:\Documents and Settings\Charlie\Application Data\Mozilla\Firefox\Profiles\6veil4hc.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.152:C:\Documents and Settings\Charlie\Application Data\Mozilla\Firefox\Profiles\6veil4hc.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.153:C:\Documents and Settings\Charlie\Application Data\Mozilla\Firefox\Profiles\6veil4hc.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.253:C:\Documents and Settings\Charlie\Application Data\Mozilla\Firefox\Profiles\6veil4hc.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.298:C:\Documents and Settings\Charlie\Application Data\Mozilla\Firefox\Profiles\6veil4hc.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.448:C:\Documents and Settings\Charlie\Application Data\Mozilla\Firefox\Profiles\6veil4hc.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.70:C:\Documents and Settings\Joe.VINCENT\Application Data\Mozilla\Firefox\Profiles\ghllmtk4.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.8:C:\Documents and Settings\Charlie\Application Data\Netscape\NSB\Profiles\iivxvk4d.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.9:C:\Documents and Settings\Charlie\Application Data\Netscape\NSB\Profiles\iivxvk4d.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Joe.VINCENT\Cookies\joe@2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.188:C:\Documents and Settings\Charlie\Application Data\Mozilla\Firefox\Profiles\6veil4hc.default\cookies.txt -> TrackingCookie.Addynamix : Cleaned with backup (quarantined).
:mozilla.319:C:\Documents and Settings\Charlie\Application Data\Mozilla\Firefox\Profiles\6veil4hc.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned with backup (quarantined).
C:\Documents and Settings\Charlie\Cookies\charlie@rotator.adjuggler[1].txt -> TrackingCookie.Adjuggler : Cleaned with backup (quarantined).
:mozilla.241:C:\Documents and Settings\Charlie\Application Data\Mozilla\Firefox\Profiles\6veil4hc.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.242:C:\Documents and Settings\Charlie\Application Data\Mozilla\Firefox\Profiles\6veil4hc.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.243:C:\Documents and Settings\Charlie\Application Data\Mozilla\Firefox\Profiles\6veil4hc.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.244:C:\Documents and Settings\Charlie\Application Data\Mozilla\Firefox\Profiles\6veil4hc.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.245:C:\Documents and Settings\Charlie\Application Data\Mozilla\Firefox\Profiles\6veil4hc.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.10:C:\Documents and Settings\Joe.VINCENT\Application Data\Mozilla\Firefox\Profiles\ghllmtk4.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup (quarantined).
:mozilla.11:C:\Documents and Settings\Joe.VINCENT\Application Data\Mozilla\Firefox\Profiles\ghllmtk4.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup (quarantined).
:mozilla.12:C:\Documents and Settings\Joe.VINCENT\Application Data\Mozilla\Firefox\Profiles\ghllmtk4.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup (quarantined).
:mozilla.135:C:\Documents and Settings\Charlie\Application Data\Mozilla\Firefox\Profiles\6veil4hc.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup (quarantined).
:mozilla.136:C:\Documents and Settings\Charlie\Application Data\Mozilla\Firefox\Profiles\6veil4hc.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup (quarantined).
:mozilla.137:C:\Documents and Settings\Charlie\Application Data\Mozilla\Firefox\Profiles\6veil4hc.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup (quarantined).
:mozilla.13:C:\Documents and Settings\Joe.VINCENT\Application Data\Mozilla\Firefox\Profiles\ghllmtk4.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup (quarantined).
:mozilla.13:C:\Documents and Settings\Charlie\Application Data\Netscape\NSB\Profiles\iivxvk4d.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.14:C:\Documents and Settings\Charlie\Application Data\Netscape\NSB\Profiles\iivxvk4d.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.15:C:\Documents and Settings\Charlie\Application Data\Netscape\NSB\Profiles\iivxvk4d.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.16:C:\Documents and Settings\Charlie\Application Data\Netscape\NSB\Profiles\iivxvk4d.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.33:C:\Documents and Settings\Joe.VINCENT\Application Data\Mozilla\Firefox\Profiles\ghllmtk4.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.34:C:\Documents and Settings\Joe.VINCENT\Application Data\Mozilla\Firefox\Profiles\ghllmtk4.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.35:C:\Documents and Settings\Joe.VINCENT\Application Data\Mozilla\Firefox\Profiles\ghllmtk4.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.36:C:\Documents and Settings\Joe.VINCENT\Application Data\Mozilla\Firefox\Profiles\ghllmtk4.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.37:C:\Documents and Settings\Joe.VINCENT\Application Data\Mozilla\Firefox\Profiles\ghllmtk4.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.38:C:\Documents and Settings\Joe.VINCENT\Application Data\Mozilla\Firefox\Profiles\ghllmtk4.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.39:C:\Documents and Settings\Joe.VINCENT\Application Data\Mozilla\Firefox\Profiles\ghllmtk4.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.40:C:\Documents and Settings\Joe.VINCENT\Application Data\Mozilla\Firefox\Profiles\ghllmtk4.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.41:C:\Documents and Settings\Charlie\Application Data\Mozilla\Firefox\Profiles\6veil4hc.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.41:C:\Documents and Settings\Joe.VINCENT\Application Data\Mozilla\Firefox\Profiles\ghllmtk4.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.42:C:\Documents and Settings\Charlie\Application Data\Mozilla\Firefox\Profiles\6veil4hc.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.43:C:\Documents and Settings\Charlie\Application Data\Mozilla\Firefox\Profiles\6veil4hc.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.44:C:\Documents and Settings\Charlie\Application Data\Mozilla\Firefox\Profiles\6veil4hc.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.47:C:\Documents and Settings\Charlie\Application Data\Mozilla\Firefox\Profiles\6veil4hc.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.49:C:\Documents and Settings\Charlie\Application Data\Mozilla\Firefox\Profiles\6veil4hc.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
C:\Documents and Settings\Joe.VINCENT\Cookies\joe@advertising[2].txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.14:C:\Documents and Settings\Joe.VINCENT\Application Data\Mozilla\Firefox\Profiles\ghllmtk4.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
:mozilla.263:C:\Documents and Settings\Charlie\Application Data\Mozilla\Firefox\Profiles\6veil4hc.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
:mozilla.63:C:\Documents and Settings\Charlie\Application Data\Mozilla\Firefox\Profiles\6veil4hc.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
C:\Documents and Settings\Joe.VINCENT\Cookies\joe@atdmt[1].txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
:mozilla.202:C:\Documents and Settings\Charlie\Application Data\Mozilla\Firefox\Profiles\6veil4hc.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned with backup (quarantined).
:mozilla.369:C:\Documents and Settings\Charlie\Application Data\Mozilla\Firefox\Profiles\6veil4hc.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup (quarantined).
:mozilla.9:C:\Documents and Settings\Joe.VINCENT\Application Data\Mozilla\Firefox\Profiles\ghllmtk4.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned with backup (quarantined).
:mozilla.15:C:\Documents and Settings\Joe.VINCENT\Application Data\Mozilla\Firefox\Profiles\ghllmtk4.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
:mozilla.16:C:\Documents and Settings\Joe.VINCENT\Application Data\Mozilla\Firefox\Profiles\ghllmtk4.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
:mozilla.259:C:\Documents and Settings\Charlie\Application Data\Mozilla\Firefox\Profiles\6veil4hc.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
:mozilla.260:C:\Documents and Settings\Charlie\Application Data\Mozilla\Firefox\Profiles\6veil4hc.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
C:\Documents and Settings\Charlie\Cookies\charlie@www.burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
:mozilla.55:C:\Documents and Settings\Charlie\Application Data\Mozilla\Firefox\Profiles\6veil4hc.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.56:C:\Documents and Settings\Charlie\Application Data\Mozilla\Firefox\Profiles\6veil4hc.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.57:C:\Documents and Settings\Charlie\Application Data\Mozilla\Firefox\Profiles\6veil4hc.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.58:C:\Documents and Settings\Charlie\Application Data\Mozilla\Firefox\Profiles\6veil4hc.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.61:C:\Documents and Settings\Charlie\Application Data\Mozilla\Firefox\Profiles\6veil4hc.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.62:C:\Documents and Settings\Charlie\Application Data\Mozilla\Firefox\Profiles\6veil4hc.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
C:\Documents and Settings\Charlie\Cookies\charlie@as.casalemedia[2].txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.334:C:\Documents and Settings\Charlie\Application Data\Mozilla\Firefox\Profiles\6veil4hc.default\cookies.txt -> TrackingCookie.Centrport : Cleaned with backup (quarantined).
:mozilla.456:C:\Documents and Settings\Charlie\Application Data\Mozilla\Firefox\Profiles\6veil4hc.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup (quarantined).
:mozilla.457:C:\Documents and Settings\Charlie\Application Data\Mozilla\Firefox\Profiles\6veil4hc.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup (quarantined).
:mozilla.15:C:\Documents and Settings\Charlie\Application Data\Mozilla\Firefox\Profiles\6veil4hc.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
:mozilla.17:C:\Documents and Settings\Charlie\Application Data\Netscape\NSB\Profiles\iivxvk4d.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
:mozilla.19:C:\Documents and Settings\Charlie\Application Data\Netscape\NSB\Profiles\iivxvk4d.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
:mozilla.20:C:\Documents and Settings\Joe.VINCENT\Application Data\Mozilla\Firefox\Profiles\ghllmtk4.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
:mozilla.368:C:\Documents and Settings\Charlie\Application Data\Mozilla\Firefox\Profiles\6veil4hc.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
C:\Documents and Settings\Joe.VINCENT\Cookies\joe@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
C:\Documents and Settings\Charlie\Cookies\charlie@e-2dj6wfliaoczcbq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\Charlie\Cookies\charlie@e-2dj6wflyelc5ofq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\Charlie\Cookies\charlie@e-2dj6wjk4sgazsep.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\Charlie\Cookies\charlie@e-2dj6wjkosnczcep.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\Charlie\Cookies\charlie@e-2dj6wjliojd5kdp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\Charlie\Cookies\charlie@e-2dj6wjny-1pcpka.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.271:C:\Documents and Settings\Charlie\Application Data\Mozilla\Firefox\Profiles\6veil4hc.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup (quarantined).
:mozilla.272:C:\Documents and Settings\Charlie\Application Data\Mozilla\Firefox\Profiles\6veil4hc.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup (quarantined).
:mozilla.258:C:\Documents and Settings\Charlie\Application Data\Mozilla\Firefox\Profiles\6veil4hc.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.127:C:\Documents and Settings\Charlie\Application Data\Mozilla\Firefox\Profiles\6veil4hc.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
:mozilla.128:C:\Documents and Settings\Charlie\Application Data\Mozilla\Firefox\Profiles\6veil4hc.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
:mozilla.129:C:\Documents and Settings\Charlie\Application Data\Mozilla\Firefox\Profiles\6veil4hc.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
:mozilla.18:C:\Documents and Settings\Joe.VINCENT\Application Data\Mozilla\Firefox\Profiles\ghllmtk4.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
:mozilla.19:C:\Documents and Settings\Joe.VINCENT\Application Data\Mozilla\Firefox\Profiles\ghllmtk4.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
:mozilla.25:C:\Documents and Settings\Joe.VINCENT\Application Data\Mozilla\Firefox\Profiles\ghllmtk4.default\cookies.txt -> TrackingCookie.Goclick : Cleaned with backup (quarantined).
:mozilla.267:C:\Documents and Settings\Charlie\Application Data\Mozilla\Firefox\Profiles\6veil4hc.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.268:C:\Documents and Settings\Charlie\Application Data\Mozilla\Firefox\Profiles\6veil4hc.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.396:C:\Documents and Settings\Charlie\Application Data\Mozilla\Firefox\Profiles\6veil4hc.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned with backup (quarantined).
:mozilla.397:C:\Documents and Settings\Charlie\Application Data\Mozilla\Firefox\Profiles\6veil4hc.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned with backup (quarantined).
:mozilla.398:C:\Documents and Settings\Charlie\Application Data\Mozilla\Firefox\Profiles\6veil4hc.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned with backup (quarantined).
:mozilla.399:C:\Documents and Settings\Charlie\Application Data\Mozilla\Firefox\Profiles\6veil4hc.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned with backup (quarantined).
:mozilla.92:C:\Documents and Settings\Charlie\Application Data\Mozilla\Firefox\Profiles\6veil4hc.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup (quarantined).
:mozilla.93:C:\Documents and Settings\Charlie\Application Data\Mozilla\Firefox\Profiles\6veil4hc.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup (quarantined).
:mozilla.433:C:\Documents and Settings\Charlie\Application Data\Mozilla\Firefox\Profiles\6veil4hc.default\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup (quarantined).
:mozilla.436:C:\Documents and Settings\Charlie\Application Data\Mozilla\Firefox\Profiles\6veil4hc.default\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup (quarantined).
:mozilla.162:C:\Documents and Settings\Charlie\Application Data\Mozilla\Firefox\Profiles\6veil4hc.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
:mozilla.163:C:\Documents and Settings\Charlie\Application Data\Mozilla\Firefox\Profiles\6veil4hc.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
:mozilla.300:C:\Documents and Settings\Charlie\Application Data\Mozilla\Firefox\Profiles\6veil4hc.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
C:\Documents and Settings\Charlie\Cookies\charlie@data4.perf.overture[2].txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
:mozilla.221:C:\Documents and Settings\Charlie\Application Data\Mozilla\Firefox\Profiles\6veil4hc.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
:mozilla.222:C:\Documents and Settings\Charlie\Application Data\Mozilla\Firefox\Profiles\6veil4hc.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
:mozilla.223:C:\Documents and Settings\Charlie\Application Data\Mozilla\Firefox\Profiles\6veil4hc.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
:mozilla.224:C:\Documents and Settings\Charlie\Application Data\Mozilla\Firefox\Profiles\6veil4hc.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
:mozilla.371:C:\Documents and Settings\Charlie\Application Data\Mozilla\Firefox\Profiles\6veil4hc.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned with backup (quarantined).
:mozilla.372:C:\Documents and Settings\Charlie\Application Data\Mozilla\Firefox\Profiles\6veil4hc.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned with backup (quarantined).
:mozilla.131:C:\Documents and Settings\Charlie\Application Data\Mozilla\Firefox\Profiles\6veil4hc.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
:mozilla.132:C:\Documents and Settings\Charlie\Application Data\Mozilla\Firefox\Profiles\6veil4hc.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
:mozilla.133:C:\Documents and Settings\Charlie\Application Data\Mozilla\Firefox\Profiles\6veil4hc.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
:mozilla.134:C:\Documents and Settings\Charlie\Application Data\Mozilla\Firefox\Profiles\6veil4hc.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
:mozilla.392:C:\Documents and Settings\Charlie\Application Data\Mozilla\Firefox\Profiles\6veil4hc.default\cookies.txt -> TrackingCookie.Realtracker : Cleaned with backup (quarantined).
:mozilla.393:C:\Documents and Settings\Charlie\Application Data\Mozilla\Firefox\Profiles\6veil4hc.default\cookies.txt -> TrackingCookie.Realtracker : Cleaned with backup (quarantined).
C:\Documents and Settings\Joe.VINCENT\Cookies\joe@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
:mozilla.345:C:\Documents and Settings\Charlie\Application Data\Mozilla\Firefox\Profiles\6veil4hc.default\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup (quarantined).
:mozilla.20:C:\Documents and Settings\Charlie\Application Data\Netscape\NSB\Profiles\iivxvk4d.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup (quarantined).
:mozilla.21:C:\Documents and Settings\Charlie\Application Data\Netscape\NSB\Profiles\iivxvk4d.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup (quarantined).
:mozilla.22:C:\Documents and Settings\Charlie\Application Data\Netscape\NSB\Profiles\iivxvk4d.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup (quarantined).
:mozilla.347:C:\Documents and Settings\Charlie\Application Data\Mozilla\Firefox\Profiles\6veil4hc.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup (quarantined).
:mozilla.348:C:\Documents and Settings\Charlie\Application Data\Mozilla\Firefox\Profiles\6veil4hc.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup (quarantined).
C:\Documents and Settings\Joe.VINCENT\Cookies\joe@edge.ru4[2].txt -> TrackingCookie.Ru4 : Cleaned with backup (quarantined).
:mozilla.190:C:\Documents and Settings\Charlie\Application Data\Mozilla\Firefox\Profiles\6veil4hc.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.191:C:\Documents and Settings\Charlie\Application Data\Mozilla\Firefox\Profiles\6veil4hc.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.192:C:\Documents and Settings\Charlie\Application Data\Mozilla\Firefox\Profiles\6veil4hc.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.193:C:\Documents and Settings\Charlie\Application Data\Mozilla\Firefox\Profiles\6veil4hc.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.194:C:\Documents and Settings\Charlie\Application Data\Mozilla\Firefox\Profiles\6veil4hc.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.276:C:\Documents and Settings\Charlie\Application Data\Mozilla\Firefox\Profiles\6veil4hc.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup (quarantined).
:mozilla.286:C:\Documents and Settings\Charlie\Application Data\Mozilla\Firefox\Profiles\6veil4hc.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup (quarantined).
:mozilla.246:C:\Documents and Settings\Charlie\Application Data\Mozilla\Firefox\Profiles\6veil4hc.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.261:C:\Documents and Settings\Charlie\Application Data\Mozilla\Firefox\Profiles\6veil4hc.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
:mozilla.262:C:\Documents and Settings\Charlie\Application Data\Mozilla\Firefox\Profiles\6veil4hc.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
:mozilla.356:C:\Documents and Settings\Charlie\Application Data\Mozilla\Firefox\Profiles\6veil4hc.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
C:\Documents and Settings\Charlie\Cookies\charlie@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
:mozilla.46:C:\Documents and Settings\Joe.VINCENT\Application Data\Mozilla\Firefox\Profiles\ghllmtk4.default\cookies.txt -> TrackingCookie.Targetnet : Cleaned with backup (quarantined).
:mozilla.47:C:\Documents and Settings\Joe.VINCENT\Application Data\Mozilla\Firefox\Profiles\ghllmtk4.default\cookies.txt -> TrackingCookie.Targetnet : Cleaned with backup (quarantined).
:mozilla.48:C:\Documents and Settings\Joe.VINCENT\Application Data\Mozilla\Firefox\Profiles\ghllmtk4.default\cookies.txt -> TrackingCookie.Targetnet : Cleaned with backup (quarantined).
:mozilla.213:C:\Documents and Settings\Charlie\Application Data\Mozilla\Firefox\Profiles\6veil4hc.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup (quarantined).
:mozilla.100:C:\Documents and Settings\Charlie\Application Data\Mozilla\Firefox\Profiles\6veil4hc.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.101:C:\Documents and Settings\Charlie\Application Data\Mozilla\Firefox\Profiles\6veil4hc.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.102:C:\Documents and Settings\Charlie\Application Data\Mozilla\Firefox\Profiles\6veil4hc.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.103:C:\Documents and Settings\Charlie\Application Data\Mozilla\Firefox\Profiles\6veil4hc.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.104:C:\Documents and Settings\Charlie\Application Data\Mozilla\Firefox\Profiles\6veil4hc.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.53:C:\Documents and Settings\Joe.VINCENT\Application Data\Mozilla\Firefox\Profiles\ghllmtk4.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.54:C:\Documents and Settings\Joe.VINCENT\Application Data\Mozilla\Firefox\Profiles\ghllmtk4.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.55:C:\Documents and Settings\Joe.VINCENT\Application Data\Mozilla\Firefox\Profiles\ghllmtk4.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.56:C:\Documents and Settings\Joe.VINCENT\Application Data\Mozilla\Firefox\Profiles\ghllmtk4.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.57:C:\Documents and Settings\Joe.VINCENT\Application Data\Mozilla\Firefox\Profiles\ghllmtk4.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.58:C:\Documents and Settings\Joe.VINCENT\Application Data\Mozilla\Firefox\Profiles\ghllmtk4.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.96:C:\Documents and Settings\Charlie\Application Data\Mozilla\Firefox\Profiles\6veil4hc.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.97:C:\Documents and Settings\Charlie\Application Data\Mozilla\Firefox\Profiles\6veil4hc.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.98:C:\Documents and Settings\Charlie\Application Data\Mozilla\Firefox\Profiles\6veil4hc.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.99:C:\Documents and Settings\Charlie\Application Data\Mozilla\Firefox\Profiles\6veil4hc.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.53:C:\Documents and Settings\Charlie\Application Data\Mozilla\Firefox\Profiles\6veil4hc.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
:mozilla.54:C:\Documents and Settings\Charlie\Application Data\Mozilla\Firefox\Profiles\6veil4hc.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
:mozilla.59:C:\Documents and Settings\Charlie\Application Data\Mozilla\Firefox\Profiles\6veil4hc.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
:mozilla.60:C:\Documents and Settings\Charlie\Application Data\Mozilla\Firefox\Profiles\6veil4hc.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
:mozilla.361:C:\Documents and Settings\Charlie\Application Data\Mozilla\Firefox\Profiles\6veil4hc.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup (quarantined).
:mozilla.362:C:\Documents and Settings\Charlie\Application Data\Mozilla\Firefox\Profiles\6veil4hc.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup (quarantined).
:mozilla.363:C:\Documents and Settings\Charlie\Application Data\Mozilla\Firefox\Profiles\6veil4hc.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup (quarantined).
:mozilla.216:C:\Documents and Settings\Charlie\Application Data\Mozilla\Firefox\Profiles\6veil4hc.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup (quarantined).
:mozilla.217:C:\Documents and Settings\Charlie\Application Data\Mozilla\Firefox\Profiles\6veil4hc.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup (quarantined).
:mozilla.430:C:\Documents and Settings\Charlie\Application Data\Mozilla\Firefox\Profiles\6veil4hc.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup (quarantined).
:mozilla.154:C:\Documents and Settings\Charlie\Application Data\Mozilla\Firefox\Profiles\6veil4hc.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.155:C:\Documents and Settings\Charlie\Application Data\Mozilla\Firefox\Profiles\6veil4hc.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.156:C:\Documents and Settings\Charlie\Application Data\Mozilla\Firefox\Profiles\6veil4hc.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.157:C:\Documents and Settings\Charlie\Application Data\Mozilla\Firefox\Profiles\6veil4hc.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.158:C:\Documents and Settings\Charlie\Application Data\Mozilla\Firefox\Profiles\6veil4hc.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.159:C:\Documents and Settings\Charlie\Application Data\Mozilla\Firefox\Profiles\6veil4hc.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\Documents and Settings\Charlie\Cookies\charlie@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.185:C:\Documents and Settings\Charlie\Application Data\Mozilla\Firefox\Profiles\6veil4hc.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
:mozilla.186:C:\Documents and Settings\Charlie\Application Data\Mozilla\Firefox\Profiles\6veil4hc.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
:mozilla.187:C:\Documents and Settings\Charlie\Application Data\Mozilla\Firefox\Profiles\6veil4hc.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
C:\Documents and Settings\Joe.VINCENT\Local Settings\Temporary Internet Files\Content.IE5\PU6BI00K\bgates[1].exe -> Trojan.Dialer.pz : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\win2FE.tmp.exe -> Trojan.Dialer.u : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\win2BB.tmp.exe -> Trojan.Pakes : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\win2BD.tmp.exe -> Trojan.Pakes : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\win2F1.tmp.exe -> Trojan.Pakes : Cleaned with backup (quarantined).
C:\Documents and Settings\Joe.VINCENT\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\arc.zip-6c522c5b-5991daeb.zip/web.exe -> Trojan.Revop.e : Cleaned with backup (quarantined).


::Report end



heres HJT LOG:

Logfile of HijackThis v1.99.1
Scan saved at 10:52:42 PM, on 7/20/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\cisvc.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\AOL\1142659333\ee\AOLSoftware.exe
C:\WINDOW

#4 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:02:40 AM

Posted 21 July 2006 - 03:11 PM

Please download VundoFix.exe to your desktop.
  • Double-click VundoFix.exe to run it.
  • Put a check next to Run VundoFix as a task.
  • You will receive a message saying vundofix will close and re-open in a minute or less. Click OK
  • When VundoFix re-opens, click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will shutdown your computer, click OK.
  • Turn your computer back on.
  • Please post the contents of C:\vundofix.txt and a new HiJackThis log.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#5 smog

smog
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:02:40 AM

Posted 21 July 2006 - 04:06 PM

ok i downloaded that but it didn't find anything

Logfile of HijackThis v1.99.1
Scan saved at 4:04:10 PM, on 7/21/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\cisvc.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\AOL\1142659333\ee\AOLSoftware.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\f83560ee.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\WINDOWS\system32\lexpps.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
c:\program files\common files\aol\1142659333\ee\aim6.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?p=1153437291
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by AcademicPlanet
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn7\yt.dll
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn7\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1142659333\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [f83560ee.exe] C:\WINDOWS\system32\f83560ee.exe
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [f83560ee.exe] C:\Documents and Settings\Joe.VINCENT\Local Settings\Application Data\f83560ee.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.1\resources\en-US\local\search.html
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyPoker.net\partypokernet.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyPoker.net\partypokernet.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WebMail - {C80430A5-D20F-4ACF-9EF3-36DEE65C6B35} - http://webmail.academicplanet.com (file missing) (HKCU)
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.academicplanet.com
O15 - Trusted Zone: *.musicmatch.com
O15 - Trusted Zone: *.musicmatch.com (HKLM)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...81/mcinsctl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1123
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/.../ymmapi_416.dll
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,19/mcgdmgr.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs:
O21 - SSODL: cinnamomum - {93ac7c30-3878-4eaa-9420-7977285df5b1} - (no file)
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: spkrmon - Unknown owner - C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

#6 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:02:40 AM

Posted 21 July 2006 - 04:11 PM

Please follow these steps:
  • Please make sure that you can View Hidden Files
    • Click Start -> My Computer
    • Select Tools -> Folder options
    • Select the View tab and make sure that 'Show hidden files and folders' (or 'Show all files') is enabled.
    • Also make sure that 'Display the contents of system folders' is checked.
    • Make sure "Hide extensions for known file types" is unchecked
    • Make sure "Hide protected operating system files (recommended)" is unchecked
    • For more info on how to show hidden files click here.
  • Run Hijackthis again, click scan, and Put a checkmark next to each of these. Then close all other windows--you should only see HijackThis on your Desktop--and click the Fix Checked button.


    O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    O4 - HKLM\..\Run: [f83560ee.exe] C:\WINDOWS\system32\f83560ee.exe
    O4 - HKCU\..\Run: [f83560ee.exe] C:\Documents and Settings\Joe.VINCENT\Local Settings\Application Data\f83560ee.exe
    O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1123
    O20 - AppInit_DLLs:
    O21 - SSODL: cinnamomum - {93ac7c30-3878-4eaa-9420-7977285df5b1} - (no file)



  • Please reboot your computer in SafeMode by doing the following:
    • Restart your computer
    • After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
    • Instead of Windows loading as normal, a menu should appear
    • Select the first option, to run Windows in Safe Mode.
    • If you have trouble getting into Safe mode go here for more info.
  • Once in Safe mode, delete these files or directories (Do not be concerned if they do not exist):


    C:\WINDOWS\system32\f83560ee.exe
    C:\Documents and Settings\Joe.VINCENT\Local Settings\Application Data\f83560ee.exe
Reboot your computer to go back to normal mode and post a new log.


I also need to see a different type of log from Hijackthis
  • Run Hijackthis.
  • Click on "Open the Misc Tools section".
  • Next click on "Open uninstall manager".
  • Press the button 'save list'. It will open a Notepad file.
  • Place the content of that file here in your in your next reply.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#7 smog

smog
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:02:40 AM

Posted 22 July 2006 - 06:05 PM

sorry it took so long to reply i had to work all day

k i deleted both those files in Safe mode they appear to have stayed gone

um ok when i click "save list" it just closes HJT and does nothing is a file saving somewere ? or am i doing somethan wrong?

heres a regular HJT list

Logfile of HijackThis v1.99.1
Scan saved at 5:59:36 PM, on 7/22/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\cisvc.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\AOL\1142659333\ee\AOLSoftware.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?p=1153437291
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by AcademicPlanet
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn7\yt.dll
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn7\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1142659333\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.1\resources\en-US\local\search.html
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyPoker.net\partypokernet.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyPoker.net\partypokernet.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WebMail - {C80430A5-D20F-4ACF-9EF3-36DEE65C6B35} - http://webmail.academicplanet.com (file missing) (HKCU)
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.academicplanet.com
O15 - Trusted Zone: *.musicmatch.com
O15 - Trusted Zone: *.musicmatch.com (HKLM)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...81/mcinsctl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/.../ymmapi_416.dll
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,19/mcgdmgr.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: spkrmon - Unknown owner - C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

#8 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:02:40 AM

Posted 22 July 2006 - 10:16 PM

um ok when i click "save list" it just closes HJT and does nothing is a file saving somewere ? or am i doing somethan wrong?

It should be a text file named uninstall_list.txt in the same folder as Hijackthis.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#9 smog

smog
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:02:40 AM

Posted 23 July 2006 - 12:24 AM

..... ok im doing somethan wrong i am in the folder that its in on C:/program files/hjt
and that file isn't there ...i have searched for it and not found it.....

Edited by smog, 23 July 2006 - 01:10 AM.


#10 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:02:40 AM

Posted 23 July 2006 - 01:49 PM

How about in this folder?

C:\Program Files\Hijackthis


No matter, we'll work around it for now.

Look in your control panels add/remove programs for any of these and uninstall them:

Oin
Yazzle by Oin
Purityscan by Oin
Snowballwars by Oin
or anything similar with Oin or Outerinfo in it.
Zolero
Tizzletalk
MediaTickets



Let me know if any of these were present and removed.

Reboot and post a new hijackthis log.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#11 smog

smog
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:02:40 AM

Posted 23 July 2006 - 10:22 PM

ok i looked real thoroughly and found none of those... but for the record in case it matter i noticed yazzle a while back but i knew what is was and removed it.

also i know somethan is still wrong because somethan keeps trying to use active x

heres the log

Logfile of HijackThis v1.99.1
Scan saved at 10:19:42 PM, on 7/23/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\cisvc.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\AOL\1142659333\ee\AOLSoftware.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\DAEMON Tools\daemon.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\WINDOWS\system32\f83560ee.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\program files\aol\aol toolbar 3.1\aoltbhelper.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?p=1153437291
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by AcademicPlanet
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn7\yt.dll
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn7\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1142659333\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [f83560ee.exe] C:\WINDOWS\system32\f83560ee.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [f83560ee.exe] C:\Documents and Settings\Joe.VINCENT\Local Settings\Application Data\f83560ee.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.1\resources\en-US\local\search.html
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyPoker.net\partypokernet.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyPoker.net\partypokernet.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WebMail - {C80430A5-D20F-4ACF-9EF3-36DEE65C6B35} - http://webmail.academicplanet.com (file missing) (HKCU)
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.academicplanet.com
O15 - Trusted Zone: *.musicmatch.com
O15 - Trusted Zone: *.musicmatch.com (HKLM)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...81/mcinsctl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/.../ymmapi_416.dll
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,19/mcgdmgr.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: spkrmon - Unknown owner - C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

#12 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:02:40 AM

Posted 24 July 2006 - 04:02 PM

Run Hijackthis again, click scan, and Put a checkmark next to each of the lines listed below. Then close all other windows--you should only see HijackThis on your Desktop--and click the Fix Checked button.

O4 - HKLM\..\Run: [f83560ee.exe] C:\WINDOWS\system32\f83560ee.exe
O4 - HKCU\..\Run: [f83560ee.exe] C:\Documents and Settings\Joe.VINCENT\Local Settings\Application Data\f83560ee.exe



Delete these files.

C:\WINDOWS\system32\f83560ee.exe
C:\Documents and Settings\Joe.VINCENT\Local Settings\Application Data\f83560ee.exe



Reboot and post a new hijackthis log.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#13 smog

smog
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:02:40 AM

Posted 25 July 2006 - 12:50 PM

that file was a pain i have deleted it like 8 times..... i finally took the time to look for more than just those 2 files... for the record there was another i think i got it now

heres the HJT

Logfile of HijackThis v1.99.1
Scan saved at 12:48:16 PM, on 7/25/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\cisvc.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\AOL\1142659333\ee\AOLSoftware.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?p=1153437291
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by AcademicPlanet
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn7\yt.dll
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn7\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1142659333\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.1\resources\en-US\local\search.html
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyPoker.net\partypokernet.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyPoker.net\partypokernet.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WebMail - {C80430A5-D20F-4ACF-9EF3-36DEE65C6B35} - http://webmail.academicplanet.com (file missing) (HKCU)
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.academicplanet.com
O15 - Trusted Zone: *.musicmatch.com
O15 - Trusted Zone: *.musicmatch.com (HKLM)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...81/mcinsctl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/.../ymmapi_416.dll
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,19/mcgdmgr.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: spkrmon - Unknown owner - C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

#14 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:02:40 AM

Posted 25 July 2006 - 06:10 PM

Your log looks pretty good, but I'm afraid there may be a few leftovers. Let's see what Panda picks up for us.

Please go HERE to run Panda's ActiveScan
  • Once you are on the Panda site click the Scan your PC button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When download is complete, click on My Computer to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report along with a new hijackthis log.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#15 smog

smog
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:02:40 AM

Posted 28 July 2006 - 11:23 PM

ok i tried that scan like 8 times it keeps crashing IE but i did get this partial report


Incident Status Location

Adware:Adware/SystemDoctor Not disinfected c:\windows\system32\f83560ee.exe
Adware:Adware/Miamore Not disinfected C:\WINDOWS\g3884390.dll
Adware:Adware/SuperSpider Not disinfected C:\WINDOWS\system32\winrvc32.dll
Virus:Trj/Delf.MH Disinfected Operating system
Adware:Adware/CWS Not disinfected C:\WINDOWS\g24885250.dll
Adware:adware/clicker.b Not disinfected c:\windows\system32\clbcatix.dll
Adware:adware/securityerror Not disinfected c:\windows\system32\ot.ico
Dialer:dialer.no Not disinfected c:\windows\downloaded program files\rdgUS2404.exe
Spyware:spyware/surfsidekick Not disinfected C:\Documents and Settings\Joe.VINCENT\Local Settings\Temporary Internet Files\Ssk.log
Adware:adware/iemenuextension Not disinfected c:\windows\IEMenuExtension.exe
Potentially unwanted tool:application/bestoffer Not disinfected c:\windows\smdat32m.sys
Adware:adware/cws Not disinfected C:\Documents and Settings\Joe.VINCENT\Favorites\Going Places
Adware:adware/miamore Not disinfected Windows Registry
Potentially unwanted tool:application/need2find Not disinfected hkey_current_user\software\Need2Find
Adware:adware/psic Not disinfected Windows Registry
Potentially unwanted tool:application/altnet Not disinfected hkey_local_machine\software\microsoft\windows\currentversion\app management\arpcache\AltnetDM
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Charlie\Application Data\Mozilla\Firefox\Profiles\6veil4hc.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Charlie\Application Data\Mozilla\Firefox\Profiles\6veil4hc.default\cookies.txt[.advertising.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Charlie\Application Data\Mozilla\Firefox\Profiles\6veil4hc.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Charlie\Application Data\Mozilla\Firefox\Profiles\6veil4hc.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Charlie\Application Data\Mozilla\Firefox\Profiles\6veil4hc.default\cookies.txt[.serving-sys.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Charlie\Application Data\Mozilla\Firefox\Profiles\6veil4hc.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Charlie\Application Data\Mozilla\Firefox\Profiles\6veil4hc.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Charlie\Application Data\Mozilla\Firefox\Profiles\6veil4hc.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Charlie\Application Data\Mozilla\Firefox\Profiles\6veil4hc.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Charlie\Application Data\Mozilla\Firefox\Profiles\6veil4hc.default\cookies.txt[.as-us.falkag.net/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Charlie\Application Data\Mozilla\Firefox\Profiles\6veil4hc.default\cookies.txt[.mediaplex.com/]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Charlie\Application Data\Mozilla\Firefox\Profiles\6veil4hc.default\cookies.txt[.trafficmp.com/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Charlie\Application Data\Mozilla\Firefox\Profiles\6veil4hc.default\cookies.txt[.ads.pointroll.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Charlie\Application Data\Mozilla\Firefox\Profiles\6veil4hc.default\cookies.txt[.questionmarket.com/]
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\Charlie\Application Data\Mozilla\Firefox\Profiles\6veil4hc.default\cookies.txt[.z1.adserver.com/]
Spyware:Cookie/Peel Not disinfected C:\Documents and Settings\Charlie\Application Data\Mozilla\Firefox\Profiles\6veil4hc.default\cookies.txt[.peel.com/]
Spyware:Cookie/OfferOptimizer Not disinfected C:\Documents and Settings\Charlie\Application Data\Mozilla\Firefox\Profiles\6veil4hc.default\cookies.txt[.offeroptimizer.com/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Charlie\Application Data\Mozilla\Firefox\Profiles\6veil4hc.default\cookies.txt[.hitbox.com/]
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Charlie\Application Data\Mozilla\Firefox\Profiles\6veil4hc.default\cookies.txt[.belnk.com/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Charlie\Application Data\Mozilla\Firefox\Profiles\6veil4hc.default\cookies.txt[.atwola.com/]
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Charlie\Application Data\Mozilla\Firefox\Profiles\6veil4hc.default\cookies.txt[.apmebf.com/]
Spyware:Cookie/Tickle Not disinfected C:\Documents and Settings\Charlie\Application Data\Mozilla\Firefox\Profiles\6veil4hc.default\cookies.txt[.tickle.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Charlie\Cookies\charlie@2o7[2].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Charlie\Cookies\charlie@advertising[1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Charlie\Cookies\charlie@atdmt[2].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Charlie\Cookies\charlie@atwola[1].txt
Spyware:Cookie/Banner Not disinfected C:\Documents and Settings\Charlie\Cookies\charlie@banner[1].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Charlie\Cookies\charlie@doubleclick[1].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Charlie\Cookies\charlie@mediaplex[1].txt
Adware:Adware/SystemDoctor Not disinfected C:\Documents and Settings\Charlie\Local Settings\Application Data\f83560ee.exe


hjt log

Logfile of HijackThis v1.99.1
Scan saved at 11:22:33 PM, on 7/28/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\cisvc.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\AOL\1142659333\ee\AOLSoftware.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\WINDOWS\system32\f83560ee.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\TEMP\winE2B.tmp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.academicplanet.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.academicplanet.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by AcademicPlanet
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn7\yt.dll
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn7\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1142659333\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [f83560ee.exe] C:\WINDOWS\system32\f83560ee.exe
O4 - HKLM\..\RunOnce: [Panda_cleaner_193074] C:\WINDOWS\system32\ActiveScan\pavdr.exe xPanda ActiveScan 193074
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [f83560ee.exe] C:\Documents and Settings\Joe.VINCENT\Local Settings\Application Data\f83560ee.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.1\resources\en-US\local\search.html
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\clbcatix.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\clbcatix.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\WINDOWS\system32\clbcatix.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\WINDOWS\system32\clbcatix.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyPoker.net\partypokernet.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyPoker.net\partypokernet.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WebMail - {C80430A5-D20F-4ACF-9EF3-36DEE65C6B35} - http://webmail.academicplanet.com (file missing) (HKCU)
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.academicplanet.com
O15 - Trusted Zone: *.musicmatch.com
O15 - Trusted Zone: *.musicmatch.com (HKLM)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...81/mcinsctl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {97B79133-88F0-45F0-8D57-0F2EF27D9C66} - http://85.255.114.166/1/rdgUS2404.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/.../ymmapi_416.dll
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,19/mcgdmgr.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: spkrmon - Unknown owner - C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users