Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I Cant Seem To Get Rid Of Tojan Cyv


  • This topic is locked This topic is locked
14 replies to this topic

#1 anesthesiaman

anesthesiaman

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:23 AM

Posted 06 August 2006 - 08:35 AM

here is my hijack this that i just ran can anyone help me out ..thanks

Logfile of HijackThis v1.99.1
Scan saved at 9:26:35 AM, on 8/6/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\Grxp4exe.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9EA.EXE
C:\Program Files\dvd43\dvd43_tray.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\win32086814839644.exe
C:\WINDOWS\system32\pwinnpez.exe
C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe
C:\Program Files\Common Files\{58738034-086A-1033-0902-040406130001}\Update.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Creative\Shared Files\Media Sniffer\MtdAcq.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/keyword/%s
R3 - URLSearchHook: (no name) - _{EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Trend Micro Antifraud Toolbar - {06647158-359E-4D10-A8DE-E6145DA90BE9} - C:\PROGRA~1\TRENDM~1\INTERN~1\PccIeBar.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Drop Spam Toolbar - {2DEA8791-C2B7-48E1-8992-8E8E6A6FE789} - C:\Program Files\DropSpam\ewwie.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: IeHelper Class - {A491D208-B353-490F-B81A-A8A3DC97042D} - C:\WINDOWS\system32\smiehlp.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file)
O2 - BHO: (no name) - {CE57DA55-F491-45C6-B3DB-6C98E4B17CDC} - C:\Program Files\Secretmaker\secretmakerie.dll (file missing)
O2 - BHO: Ozbyq Class - {D623BC2F-A58D-4A75-A10D-CC244A702A35} - C:\WINDOWS\system32\xeymi.dll
O2 - BHO: (no name) - {E5E2A3E7-00FE-4D31-A030-A10799DDCA66} - (no file)
O3 - Toolbar: SECRETMAKER - {7435856C-6CA1-45CF-A00D-82178387F223} - C:\Program Files\Secretmaker\secretmakerie.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Trend Micro Antifraud Toolbar - {871F91FD-3A92-4988-A842-16AB2CFF5AF1} - C:\PROGRA~1\TRENDM~1\INTERN~1\PccIeBar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Gravis Xperience Driver Support] Grxp4exe.exe /init
O4 - HKLM\..\Run: [BitDefender Antivirus] BITDEFENDERX.EXE
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [EPSON Stylus CX6600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9EA.EXE /P26 "EPSON Stylus CX6600 Series" /O6 "USB001" /M "Stylus CX6600"
O4 - HKLM\..\Run: [ISLP2STA.EXE] ISLP2STA.EXE START
O4 - HKLM\..\Run: [MW1HelperStartUp] C:\PROGRA~1\MAGICW~1\MW1HEL~1.EXE /partner MW1
O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [k6mmN5IOU] "C:\WINDOWS\system32\wfxqhv.exe"
O4 - HKLM\..\Run: [win32086814839644] C:\WINDOWS\win32086814839644.exe
O4 - HKLM\..\Run: [BrowserUpdateSched] C:\WINDOWS\system32\pwinnpez.exe CORN003
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe"
O4 - HKLM\..\RunServices: [p2pnetwork] p2pnetwork.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [MtdAcq] C:\Program Files\Creative\Shared Files\Media Sniffer\MtdAcq.exe /s
O4 - HKCU\..\Run: [Dancer] "C:\Program Files\Microsoft Plus! Digital Media Edition\Dancer\Dancer.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [p2pnetwork] p2pnetwork.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet
O4 - HKCU\..\RunServices: [p2pnetwork] p2pnetwork.exe
O4 - HKCU\..\RunServicesOnce: [washindex] C:\Program Files\Washer\washidx.exe
O4 - Startup: Zeno.lnk = C:\WINDOWS\system32\pwinnpez.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {B6E649FA-5461-40d7-AB4D-54FC3C8DB767} - C:\Program Files\DropSpam\ewwie.dll (file missing)
O9 - Extra 'Tools' menuitem: Looksitup Toolbar - {B6E649FA-5461-40d7-AB4D-54FC3C8DB767} - C:\Program Files\DropSpam\ewwie.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O15 - Trusted Zone: http://free.aol.com
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} -
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1124920855323
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Trend Micro ActiveX Scan Agent 6.5) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{FD4CFC33-EF8B-4F65-B9F8-0C66852B7BD9}: NameServer = 65.24.7.3
O18 - Filter: text/html - {B5F86455-BF18-4E12-965A-6642A0AC0549} - C:\WINDOWS\system32\xeymi.dll
O20 - Winlogon Notify: Telephony - C:\WINDOWS\system32\fn0021dmg.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: FreezeScreenSaver - Unknown owner - C:\WINDOWS\system32\FreezeScreenSaver.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD File System Service (InCDsrv) - Unknown owner - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: WMP54Gv4SVC - Unknown owner - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe" "WMP54Gv4.exe (file missing)

BC AdBot (Login to Remove)

 


#2 anesthesiaman

anesthesiaman
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:23 AM

Posted 06 August 2006 - 10:32 AM

thanks for advice on using hijack this..using that program and trend micro identifying files i was able to fix problem

#3 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:07:23 AM

Posted 06 August 2006 - 10:40 AM

Hello,

Not sure what exactly you have been doing, but hijackthis only removes registry entries, no files;

I don't think that your problem is really solved now though, because you were dealing with a lot of different infections :thumbsup:

So, if you still need help, perform next steps..

It is important you don't miss a step and perform everything in the right order!!

I see you are running Teatimer.
I suggest you to disable it because it can interfere with the changes you'll make on your system.
When everything is done and your log is clean again, you can enable it again.
If teatimer gives you a warning afterwards that some changes were made, allow this instead of blocking it.
How to disable TeaTimer during HijackThis Cleanup
Then, Download ResetTeaTimer.bat.
Double click ResetTeaTimer.bat to remove all entries set by TeaTimer.

* Go to start > controlpanel > software > add/remove programs and uninstall next programs if present:

Quicklinks
Forethought
FreezeScreenSaver (not recommended!)

Reboot aftewards.
After reboot,

* Download Brute Force Uninstaller.
Unzip it to a folder of itís own (c:\BFU).
Read here how to unzip/extract properly:
http://metallica.geekstogo.com/xpcompressedexplanation.html
Start the Brute Force Uninstaller by doubleclicking BFU.exe

Next to the 'scriptfile to execute'-window you'll see a little icon as shown in next picture: Posted Image
When you click that icon, a little window will open that says: 'Please enter the full URL to the sript you want to execute'
In the field, copy and paste next URL:

http://metallica.geekstogo.com/alcanshorty.bfu

Click Ok.
Then click execute in Brute Force Uninstaller.

Extra note:
If nothing happens after pressing the Execute button, this means that the script didn't download. In that case, download the script
( alcanshorty.bfu ) manually from above url ( rightclick on it and choose 'save as' and save it in your BFU-folder). Then start BFU.exe again and click the browse button next to the 'scriptfile to execute'-window
Browse to the script you downloaded and Click Ok and Execute in Brute Force Uninstaller.


Wait for the complete script execution box to popup and press OK.
Press exit to terminate the BFU program.

--------------------

Please download, install, and update Ewido anti-spyware
  • Load Ewido and then click the Update tab at the top. Under Manual Update click Start update.
  • After the update finishes (the status bar at the bottom will display "Update successful")
  • Then click on the Scanner tab at the top. Click the "Settings" tab and then change the recommended action to Quarantine and click Automatically generate report after every scan. Click back to the "Scan" tab and then click on Complete System Scan. This scan can take quite a while to run, so be prepared.
  • Ewido will list any infections found on the left hand side. When the scan has finished, it will automatically set the recommended action. Click the Apply all actions button. Ewido will display "All actions have been applied" on the right hand side.
  • Click on "Save Report", then "Save Report As". This will create a text file. Make sure you know where to find this file again (like on the Desktop).
  • Close Ewido and reboot!!
    I need the log later.
-------------------------

* Download Combofix to your desktop.
Doubleclick combo.exe
Follow the prompts.
Don't click on the window while the fix is running, because that will cause your system to hang.

When finished and after reboot, it should open a log, combofix.txt.
Post this log in your next reply together with a new hijackthislog and the log from Ewido.
You may need several replies to post the logs.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#4 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:07:23 AM

Posted 13 August 2006 - 02:30 AM

Due to the lack of feedback, this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#5 anesthesiaman

anesthesiaman
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:23 AM

Posted 13 August 2006 - 09:22 AM

Logfile of HijackThis v1.99.1
Scan saved at 10:18:18 AM, on 8/13/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Grxp4exe.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9EA.EXE
C:\Program Files\dvd43\dvd43_tray.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\win32074681483964.exe
C:\WINDOWS\Duce6.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Common Files\{58738034-086A-1033-0902-040406130001}\Update.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Creative\Shared Files\Media Sniffer\MtdAcq.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
C:\PROGRA~1\INCRED~1\bin\IncMail.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\HijackThis\HijackThis.exe

F2 - REG:system.ini: UserInit=userinit.exe
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Gravis Xperience Driver Support] Grxp4exe.exe /init
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [EPSON Stylus CX6600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9EA.EXE /P26 "EPSON Stylus CX6600 Series" /O6 "USB001" /M "Stylus CX6600"
O4 - HKLM\..\Run: [ISLP2STA.EXE] ISLP2STA.EXE START
O4 - HKLM\..\Run: [MW1HelperStartUp] C:\PROGRA~1\MAGICW~1\MW1HEL~1.EXE /partner MW1
O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [win32074681483964] C:\WINDOWS\win32074681483964.exe
O4 - HKLM\..\Run: [TheMonitor] C:\WINDOWS\Duce6.exe
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [MtdAcq] C:\Program Files\Creative\Shared Files\Media Sniffer\MtdAcq.exe /s
O4 - HKCU\..\Run: [Dancer] "C:\Program Files\Microsoft Plus! Digital Media Edition\Dancer\Dancer.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\RunServices: [p2pnetwork] p2pnetwork.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} -
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} -
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} -
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} -
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} -
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1124920855323
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Trend Micro ActiveX Scan Agent 6.5) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} -
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD File System Service (InCDsrv) - Unknown owner - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: WMP54Gv4SVC - Unknown owner - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe" "WMP54Gv4.exe (file missing)

---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 9:56:26 AM 8/13/2006

+ Scan result:



C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll -> Adware.Aws : Cleaned with backup (quarantined).
F:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll -> Adware.Aws : Cleaned with backup (quarantined).
C:\Program Files\Common Files\efbjpper\cppneent\bnnnnejn.exe -> Adware.Gator : Cleaned with backup (quarantined).
C:\Program Files\Common Files\efbjpper\elhncnappp\jtnpnflbb.exe -> Adware.Gator : Cleaned with backup (quarantined).
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2DEA8791-C2B7-48E1-8992-8E8E6A6FE789} -> Adware.Generic : Cleaned with backup (quarantined).
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2DEA8791-C2B7-48E1-8992-8E8E6A6FE789} -> Adware.Generic : Cleaned with backup (quarantined).
HKU\S-1-5-21-1085031214-1935655697-1060284298-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2DEA8791-C2B7-48E1-8992-8E8E6A6FE789} -> Adware.Generic : Cleaned with backup (quarantined).
C:\WINDOWS\system32\en44l1hq1.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINDOWS\system32\fn2021fmg.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINDOWS\system32\irn8l55u1.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINDOWS\system32\k0lqla351d.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINDOWS\system32\kjdinmal.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINDOWS\system32\kt0ml7d11.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINDOWS\system32\m428lefu1h28.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINDOWS\system32\mbgina.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINDOWS\system32\mwconf.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINDOWS\system32\q668lgju16o8.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINDOWS\system32\qtsname.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
[1656] C:\WINDOWS\system32\wxhatm.dll -> Adware.Look2Me : Error during cleaning.
[692] C:\WINDOWS\system32\wxhatm.dll -> Adware.Look2Me : Error during cleaning.
C:\WINDOWS\NDNuninstall6_98.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
HKU\.DEFAULT\Software\New.net -> Adware.NewDotNet : Cleaned with backup (quarantined).
HKU\S-1-5-18\Software\New.net -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\Program Files\PSLister\PSLister.exe -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\Program Files\webHancer -> Adware.Webhancer : Cleaned with backup (quarantined).
C:\Program Files\webHancer\Programs -> Adware.Webhancer : Cleaned with backup (quarantined).
C:\Program Files\webHancer\Programs\webhdll.dll_tobedeleted_tobedeleted -> Adware.Webhancer : Cleaned with backup (quarantined).
C:\Documents and Settings\PARENTS\My Documents\Unzipped\ScanSoft PDF Converter for Microsoft Word v.1.0-sn B309D-833-3E2D-34EE-33\ScanSoft PDF Converter for Microsoft Word v.1.0\ScanSoft.PDF.Converter.for.Microsoft.Word.v1.0.CR.part1\CR\shkpc10.exe -> Downloader.Delf.amo : Cleaned with backup (quarantined).
F:\Documents and Settings\PARENTS\My Documents\Unzipped\ScanSoft PDF Converter for Microsoft Word v.1.0-sn B309D-833-3E2D-34EE-33\ScanSoft PDF Converter for Microsoft Word v.1.0\ScanSoft.PDF.Converter.for.Microsoft.Word.v1.0.CR.part1\CR\shkpc10.exe -> Downloader.Delf.amo : Cleaned with backup (quarantined).
C:\WINDOWS\ms0496446814832006.exe -> Downloader.VB.aga : Cleaned with backup (quarantined).
:mozilla.153:C:\Documents and Settings\CONNOR.BASEMENT\Application Data\Mozilla\Firefox\Profiles\9cyhavzp.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.43:F:\Documents and Settings\CONNOR.BASEMENT\Application Data\Mozilla\Firefox\Profiles\9cyhavzp.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.6:C:\Documents and Settings\MORGAN\Application Data\Mozilla\Firefox\Profiles\36lz5yzu.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.6:F:\Documents and Settings\MORGAN\Application Data\Mozilla\Firefox\Profiles\36lz5yzu.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\ALLYSON\Cookies\allyson@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\MORGAN\Cookies\morgan@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.40:C:\Documents and Settings\MORGAN\Application Data\Mozilla\Firefox\Profiles\36lz5yzu.default\cookies.txt -> TrackingCookie.Addynamix : Cleaned with backup (quarantined).
:mozilla.40:F:\Documents and Settings\MORGAN\Application Data\Mozilla\Firefox\Profiles\36lz5yzu.default\cookies.txt -> TrackingCookie.Addynamix : Cleaned with backup (quarantined).
:mozilla.64:C:\Documents and Settings\MORGAN\Application Data\Mozilla\Firefox\Profiles\36lz5yzu.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup (quarantined).
:mozilla.64:F:\Documents and Settings\MORGAN\Application Data\Mozilla\Firefox\Profiles\36lz5yzu.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup (quarantined).
:mozilla.65:C:\Documents and Settings\MORGAN\Application Data\Mozilla\Firefox\Profiles\36lz5yzu.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup (quarantined).
:mozilla.65:F:\Documents and Settings\MORGAN\Application Data\Mozilla\Firefox\Profiles\36lz5yzu.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup (quarantined).
:mozilla.129:C:\Documents and Settings\CONNOR.BASEMENT\Application Data\Mozilla\Firefox\Profiles\9cyhavzp.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.132:C:\Documents and Settings\CONNOR.BASEMENT\Application Data\Mozilla\Firefox\Profiles\9cyhavzp.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.133:C:\Documents and Settings\CONNOR.BASEMENT\Application Data\Mozilla\Firefox\Profiles\9cyhavzp.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.134:C:\Documents and Settings\CONNOR.BASEMENT\Application Data\Mozilla\Firefox\Profiles\9cyhavzp.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.41:C:\Documents and Settings\MORGAN\Application Data\Mozilla\Firefox\Profiles\36lz5yzu.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.41:F:\Documents and Settings\MORGAN\Application Data\Mozilla\Firefox\Profiles\36lz5yzu.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.42:C:\Documents and Settings\MORGAN\Application Data\Mozilla\Firefox\Profiles\36lz5yzu.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.42:F:\Documents and Settings\MORGAN\Application Data\Mozilla\Firefox\Profiles\36lz5yzu.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.43:C:\Documents and Settings\MORGAN\Application Data\Mozilla\Firefox\Profiles\36lz5yzu.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.43:F:\Documents and Settings\MORGAN\Application Data\Mozilla\Firefox\Profiles\36lz5yzu.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.44:C:\Documents and Settings\MORGAN\Application Data\Mozilla\Firefox\Profiles\36lz5yzu.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.44:F:\Documents and Settings\CONNOR.BASEMENT\Application Data\Mozilla\Firefox\Profiles\9cyhavzp.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.44:F:\Documents and Settings\MORGAN\Application Data\Mozilla\Firefox\Profiles\36lz5yzu.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.45:C:\Documents and Settings\MORGAN\Application Data\Mozilla\Firefox\Profiles\36lz5yzu.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.45:F:\Documents and Settings\MORGAN\Application Data\Mozilla\Firefox\Profiles\36lz5yzu.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.46:C:\Documents and Settings\MORGAN\Application Data\Mozilla\Firefox\Profiles\36lz5yzu.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.46:F:\Documents and Settings\CONNOR.BASEMENT\Application Data\Mozilla\Firefox\Profiles\9cyhavzp.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.46:F:\Documents and Settings\MORGAN\Application Data\Mozilla\Firefox\Profiles\36lz5yzu.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.47:C:\Documents and Settings\MORGAN\Application Data\Mozilla\Firefox\Profiles\36lz5yzu.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.47:F:\Documents and Settings\MORGAN\Application Data\Mozilla\Firefox\Profiles\36lz5yzu.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.48:C:\Documents and Settings\MORGAN\Application Data\Mozilla\Firefox\Profiles\36lz5yzu.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.48:F:\Documents and Settings\MORGAN\Application Data\Mozilla\Firefox\Profiles\36lz5yzu.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.10:C:\Documents and Settings\ALLYSON\Application Data\Mozilla\Firefox\Profiles\exkqrxlo.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
:mozilla.10:F:\Documents and Settings\ALLYSON\Application Data\Mozilla\Firefox\Profiles\exkqrxlo.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
:mozilla.15:F:\Documents and Settings\CONNOR.BASEMENT\Application Data\Mozilla\Firefox\Profiles\9cyhavzp.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
:mozilla.60:C:\Documents and Settings\CONNOR.BASEMENT\Application Data\Mozilla\Firefox\Profiles\9cyhavzp.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
:mozilla.62:C:\Documents and Settings\MORGAN\Application Data\Mozilla\Firefox\Profiles\36lz5yzu.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
:mozilla.62:F:\Documents and Settings\MORGAN\Application Data\Mozilla\Firefox\Profiles\36lz5yzu.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
:mozilla.67:F:\Documents and Settings\CONNOR.BASEMENT\Application Data\Mozilla\Firefox\Profiles\9cyhavzp.default\cookies.txt -> TrackingCookie.Bfast : Cleaned with backup (quarantined).
:mozilla.83:C:\Documents and Settings\CONNOR.BASEMENT\Application Data\Mozilla\Firefox\Profiles\9cyhavzp.default\cookies.txt -> TrackingCookie.Bfast : Cleaned with backup (quarantined).
:mozilla.49:C:\Documents and Settings\MORGAN\Application Data\Mozilla\Firefox\Profiles\36lz5yzu.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned with backup (quarantined).
:mozilla.49:F:\Documents and Settings\MORGAN\Application Data\Mozilla\Firefox\Profiles\36lz5yzu.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned with backup (quarantined).
C:\Documents and Settings\MORGAN\Cookies\morgan@www.burstbeacon[1].txt -> TrackingCookie.Burstbeacon : Cleaned with backup (quarantined).
C:\Documents and Settings\PARENTS\Local Settings\Temp\Cookies\parents@www.burstbeacon[1].txt -> TrackingCookie.Burstbeacon : Cleaned with backup (quarantined).
F:\Documents and Settings\MORGAN\Cookies\morgan@www.burstbeacon[1].txt -> TrackingCookie.Burstbeacon : Cleaned with backup (quarantined).
:mozilla.50:C:\Documents and Settings\MORGAN\Application Data\Mozilla\Firefox\Profiles\36lz5yzu.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
:mozilla.50:F:\Documents and Settings\MORGAN\Application Data\Mozilla\Firefox\Profiles\36lz5yzu.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
:mozilla.51:C:\Documents and Settings\MORGAN\Application Data\Mozilla\Firefox\Profiles\36lz5yzu.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
:mozilla.51:F:\Documents and Settings\MORGAN\Application Data\Mozilla\Firefox\Profiles\36lz5yzu.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
C:\Documents and Settings\MORGAN\Cookies\morgan@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
C:\Documents and Settings\PARENTS\Local Settings\Temp\Cookies\parents@burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
C:\Documents and Settings\PARENTS\Local Settings\Temp\Cookies\parents@www.burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
F:\Documents and Settings\MORGAN\Cookies\morgan@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
:mozilla.104:C:\Documents and Settings\CONNOR.BASEMENT\Application Data\Mozilla\Firefox\Profiles\9cyhavzp.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.105:C:\Documents and Settings\CONNOR.BASEMENT\Application Data\Mozilla\Firefox\Profiles\9cyhavzp.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.21:C:\Documents and Settings\MORGAN\Application Data\Mozilla\Firefox\Profiles\36lz5yzu.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.21:F:\Documents and Settings\MORGAN\Application Data\Mozilla\Firefox\Profiles\36lz5yzu.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.22:C:\Documents and Settings\MORGAN\Application Data\Mozilla\Firefox\Profiles\36lz5yzu.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.22:F:\Documents and Settings\MORGAN\Application Data\Mozilla\Firefox\Profiles\36lz5yzu.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.23:C:\Documents and Settings\MORGAN\Application Data\Mozilla\Firefox\Profiles\36lz5yzu.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.23:F:\Documents and Settings\MORGAN\Application Data\Mozilla\Firefox\Profiles\36lz5yzu.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.24:C:\Documents and Settings\MORGAN\Application Data\Mozilla\Firefox\Profiles\36lz5yzu.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.24:F:\Documents and Settings\MORGAN\Application Data\Mozilla\Firefox\Profiles\36lz5yzu.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.25:C:\Documents and Settings\MORGAN\Application Data\Mozilla\Firefox\Profiles\36lz5yzu.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.25:F:\Documents and Settings\MORGAN\Application Data\Mozilla\Firefox\Profiles\36lz5yzu.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.39:F:\Documents and Settings\CONNOR.BASEMENT\Application Data\Mozilla\Firefox\Profiles\9cyhavzp.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.40:F:\Documents and Settings\CONNOR.BASEMENT\Application Data\Mozilla\Firefox\Profiles\9cyhavzp.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.41:F:\Documents and Settings\CONNOR.BASEMENT\Application Data\Mozilla\Firefox\Profiles\9cyhavzp.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.42:F:\Documents and Settings\CONNOR.BASEMENT\Application Data\Mozilla\Firefox\Profiles\9cyhavzp.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
C:\Documents and Settings\MORGAN\Cookies\morgan@com[2].txt -> TrackingCookie.Com : Cleaned with backup (quarantined).
F:\Documents and Settings\MORGAN\Cookies\morgan@com[2].txt -> TrackingCookie.Com : Cleaned with backup (quarantined).
C:\Documents and Settings\PARENTS\Cookies\parents@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned with backup (quarantined).
C:\Documents and Settings\PARENTS\Local Settings\Temp\Cookies\parents@cpvfeed[1].txt -> TrackingCookie.Cpvfeed : Cleaned with backup (quarantined).
:mozilla.29:C:\Documents and Settings\MORGAN\Application Data\Mozilla\Firefox\Profiles\bf2kzth0.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
:mozilla.58:C:\Documents and Settings\CONNOR.BASEMENT\Application Data\Mozilla\Firefox\Profiles\9cyhavzp.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
:mozilla.9:C:\Documents and Settings\ALLYSON\Application Data\Mozilla\Firefox\Profiles\exkqrxlo.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
:mozilla.9:F:\Documents and Settings\ALLYSON\Application Data\Mozilla\Firefox\Profiles\exkqrxlo.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Cookies\system@c.enhance[1].txt -> TrackingCookie.Enhance : Cleaned with backup (quarantined).
C:\Documents and Settings\PARENTS\Local Settings\Temp\Cookies\parents@c.enhance[1].txt -> TrackingCookie.Enhance : Cleaned with backup (quarantined).
:mozilla.157:C:\Documents and Settings\CONNOR.BASEMENT\Application Data\Mozilla\Firefox\Profiles\9cyhavzp.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.164:C:\Documents and Settings\CONNOR.BASEMENT\Application Data\Mozilla\Firefox\Profiles\9cyhavzp.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.59:F:\Documents and Settings\CONNOR.BASEMENT\Application Data\Mozilla\Firefox\Profiles\9cyhavzp.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.66:F:\Documents and Settings\CONNOR.BASEMENT\Application Data\Mozilla\Firefox\Profiles\9cyhavzp.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\PARENTS\Cookies\parents@e-2dj6wfkyakc5kbp.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\PARENTS\Cookies\parents@e-2dj6wjk4eoajkdp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\PARENTS\Local Settings\Temp\Cookies\parents@e-2dj6wfl4wjazkgo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\MORGAN\Cookies\morgan@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Cleaned with backup (quarantined).
C:\Documents and Settings\PARENTS\Cookies\parents@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Cleaned with backup (quarantined).
:mozilla.37:F:\Documents and Settings\CONNOR.BASEMENT\Application Data\Mozilla\Firefox\Profiles\9cyhavzp.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.69:C:\Documents and Settings\CONNOR.BASEMENT\Application Data\Mozilla\Firefox\Profiles\9cyhavzp.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.10:F:\Documents and Settings\CONNOR.BASEMENT\Application Data\Mozilla\Firefox\Profiles\9cyhavzp.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
:mozilla.11:F:\Documents and Settings\CONNOR.BASEMENT\Application Data\Mozilla\Firefox\Profiles\9cyhavzp.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
:mozilla.12:F:\Documents and Settings\CONNOR.BASEMENT\Application Data\Mozilla\Firefox\Profiles\9cyhavzp.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
:mozilla.13:F:\Documents and Settings\CONNOR.BASEMENT\Application Data\Mozilla\Firefox\Profiles\9cyhavzp.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
:mozilla.140:C:\Documents and Settings\CONNOR.BASEMENT\Application Data\Mozilla\Firefox\Profiles\9cyhavzp.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
:mozilla.14:F:\Documents and Settings\CONNOR.BASEMENT\Application Data\Mozilla\Firefox\Profiles\9cyhavzp.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
:mozilla.17:F:\Documents and Settings\CONNOR.BASEMENT\Application Data\Mozilla\Firefox\Profiles\9cyhavzp.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
:mozilla.18:F:\Documents and Settings\CONNOR.BASEMENT\Application Data\Mozilla\Firefox\Profiles\9cyhavzp.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
:mozilla.29:C:\Documents and Settings\MORGAN\Application Data\Mozilla\Firefox\Profiles\36lz5yzu.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
:mozilla.29:F:\Documents and Settings\MORGAN\Application Data\Mozilla\Firefox\Profiles\36lz5yzu.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
:mozilla.30:C:\Documents and Settings\MORGAN\Application Data\Mozilla\Firefox\Profiles\36lz5yzu.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
:mozilla.30:F:\Documents and Settings\MORGAN\Application Data\Mozilla\Firefox\Profiles\36lz5yzu.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
:mozilla.31:C:\Documents and Settings\MORGAN\Application Data\Mozilla\Firefox\Profiles\36lz5yzu.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
:mozilla.31:F:\Documents and Settings\MORGAN\Application Data\Mozilla\Firefox\Profiles\36lz5yzu.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
:mozilla.32:C:\Documents and Settings\MORGAN\Application Data\Mozilla\Firefox\Profiles\36lz5yzu.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
:mozilla.32:F:\Documents and Settings\MORGAN\Application Data\Mozilla\Firefox\Profiles\36lz5yzu.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
:mozilla.33:C:\Documents and Settings\MORGAN\Application Data\Mozilla\Firefox\Profiles\36lz5yzu.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
:mozilla.33:F:\Documents and Settings\MORGAN\Application Data\Mozilla\Firefox\Profiles\36lz5yzu.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
:mozilla.34:C:\Documents and Settings\MORGAN\Application Data\Mozilla\Firefox\Profiles\36lz5yzu.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
:mozilla.34:F:\Documents and Settings\MORGAN\Application Data\Mozilla\Firefox\Profiles\36lz5yzu.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
:mozilla.35:C:\Documents and Settings\MORGAN\Application Data\Mozilla\Firefox\Profiles\36lz5yzu.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
:mozilla.35:F:\Documents and Settings\MORGAN\Application Data\Mozilla\Firefox\Profiles\36lz5yzu.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
:mozilla.36:C:\Documents and Settings\MORGAN\Application Data\Mozilla\Firefox\Profiles\36lz5yzu.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
:mozilla.36:F:\Documents and Settings\MORGAN\Application Data\Mozilla\Firefox\Profiles\36lz5yzu.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
:mozilla.37:C:\Documents and Settings\MORGAN\Application Data\Mozilla\Firefox\Profiles\36lz5yzu.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
:mozilla.37:F:\Documents and Settings\MORGAN\Application Data\Mozilla\Firefox\Profiles\36lz5yzu.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
:mozilla.38:C:\Documents and Settings\MORGAN\Application Data\Mozilla\Firefox\Profiles\36lz5yzu.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
:mozilla.38:F:\Documents and Settings\MORGAN\Application Data\Mozilla\Firefox\Profiles\36lz5yzu.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Cookies\system@c.goclick[2].txt -> TrackingCookie.Goclick : Cleaned with backup (quarantined).
:mozilla.62:C:\Documents and Settings\CONNOR.BASEMENT\Application Data\Mozilla\Firefox\Profiles\9cyhavzp.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup (quarantined).
:mozilla.123:C:\Documents and Settings\CONNOR.BASEMENT\Application Data\Mozilla\Firefox\Profiles\9cyhavzp.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.124:C:\Documents and Settings\CONNOR.BASEMENT\Application Data\Mozilla\Firefox\Profiles\9cyhavzp.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.125:C:\Documents and Settings\CONNOR.BASEMENT\Application Data\Mozilla\Firefox\Profiles\9cyhavzp.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.21:C:\Documents and Settings\MORGAN\Application Data\Mozilla\Firefox\Profiles\bf2kzth0.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.22:C:\Documents and Settings\MORGAN\Application Data\Mozilla\Firefox\Profiles\bf2kzth0.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.23:C:\Documents and Settings\MORGAN\Application Data\Mozilla\Firefox\Profiles\bf2kzth0.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.24:C:\Documents and Settings\MORGAN\Application Data\Mozilla\Firefox\Profiles\bf2kzth0.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.25:C:\Documents and Settings\MORGAN\Application Data\Mozilla\Firefox\Profiles\bf2kzth0.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.26:C:\Documents and Settings\MORGAN\Application Data\Mozilla\Firefox\Profiles\bf2kzth0.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\Documents and Settings\PARENTS\Local Settings\Temp\Cookies\parents@server.iad.liveperson[1].txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).
C:\Documents and Settings\MORGAN\Cookies\morgan@image.masterstats[1].txt -> TrackingCookie.Masterstats : Cleaned with backup (quarantined).
:mozilla.53:F:\Documents and Settings\CONNOR.BASEMENT\Application Data\Mozilla\Firefox\Profiles\9cyhavzp.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup (quarantined).
:mozilla.55:C:\Documents and Settings\CONNOR.BASEMENT\Application Data\Mozilla\Firefox\Profiles\9cyhavzp.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup (quarantined).
:mozilla.84:C:\Documents and Settings\CONNOR.BASEMENT\Application Data\Mozilla\Firefox\Profiles\9cyhavzp.default\cookies.txt -> TrackingCookie.Paycounter : Cleaned with backup (quarantined).
:mozilla.116:C:\Documents and Settings\CONNOR.BASEMENT\Application Data\Mozilla\Firefox\Profiles\9cyhavzp.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
:mozilla.117:C:\Documents and Settings\CONNOR.BASEMENT\Application Data\Mozilla\Firefox\Profiles\9cyhavzp.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
:mozilla.118:C:\Documents and Settings\CONNOR.BASEMENT\Application Data\Mozilla\Firefox\Profiles\9cyhavzp.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
:mozilla.119:C:\Documents and Settings\CONNOR.BASEMENT\Application Data\Mozilla\Firefox\Profiles\9cyhavzp.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
:mozilla.115:C:\Documents and Settings\CONNOR.BASEMENT\Application Data\Mozilla\Firefox\Profiles\9cyhavzp.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
:mozilla.10:C:\Documents and Settings\CONNOR.BASEMENT\Application Data\Mozilla\Firefox\Profiles\9cyhavzp.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.11:C:\Documents and Settings\CONNOR.BASEMENT\Application Data\Mozilla\Firefox\Profiles\9cyhavzp.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.12:C:\Documents and Settings\CONNOR.BASEMENT\Application Data\Mozilla\Firefox\Profiles\9cyhavzp.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.13:C:\Documents and Settings\CONNOR.BASEMENT\Application Data\Mozilla\Firefox\Profiles\9cyhavzp.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.14:C:\Documents and Settings\CONNOR.BASEMENT\Application Data\Mozilla\Firefox\Profiles\9cyhavzp.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.15:C:\Documents and Settings\CONNOR.BASEMENT\Application Data\Mozilla\Firefox\Profiles\9cyhavzp.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.16:C:\Documents and Settings\CONNOR.BASEMENT\Application Data\Mozilla\Firefox\Profiles\9cyhavzp.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.17:C:\Documents and Settings\CONNOR.BASEMENT\Application Data\Mozilla\Firefox\Profiles\9cyhavzp.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.18:C:\Documents and Settings\CONNOR.BASEMENT\Application Data\Mozilla\Firefox\Profiles\9cyhavzp.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.19:C:\Documents and Settings\CONNOR.BASEMENT\Application Data\Mozilla\Firefox\Profiles\9cyhavzp.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.20:C:\Documents and Settings\CONNOR.BASEMENT\Application Data\Mozilla\Firefox\Profiles\9cyhavzp.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.21:C:\Documents and Settings\CONNOR.BASEMENT\Application Data\Mozilla\Firefox\Profiles\9cyhavzp.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.68:F:\Documents and Settings\CONNOR.BASEMENT\Application Data\Mozilla\Firefox\Profiles\9cyhavzp.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.69:F:\Documents and Settings\CONNOR.BASEMENT\Application Data\Mozilla\Firefox\Profiles\9cyhavzp.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.6:C:\Documents and Settings\CONNOR.BASEMENT\Application Data\Mozilla\Firefox\Profiles\9cyhavzp.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.70:F:\Documents and Settings\CONNOR.BASEMENT\Application Data\Mozilla\Firefox\Profiles\9cyhavzp.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.71:F:\Documents and Settings\CONNOR.BASEMENT\Application Data\Mozilla\Firefox\Profiles\9cyhavzp.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.72:F:\Documents and Settings\CONNOR.BASEMENT\Application Data\Mozilla\Firefox\Profiles\9cyhavzp.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.73:F:\Documents and Settings\CONNOR.BASEMENT\Application Data\Mozilla\Firefox\Profiles\9cyhavzp.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.74:F:\Documents and Settings\CONNOR.BASEMENT\Application Data\Mozilla\Firefox\Profiles\9cyhavzp.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.75:F:\Documents and Settings\CONNOR.BASEMENT\Application Data\Mozilla\Firefox\Profiles\9cyhavzp.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.76:F:\Documents and Settings\CONNOR.BASEMENT\Application Data\Mozilla\Firefox\Profiles\9cyhavzp.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.77:F:\Documents and Settings\CONNOR.BASEMENT\Application Data\Mozilla\Firefox\Profiles\9cyhavzp.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.78:F:\Documents and Settings\CONNOR.BASEMENT\Application Data\Mozilla\Firefox\Profiles\9cyhavzp.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.79:F:\Documents and Settings\CONNOR.BASEMENT\Application Data\Mozilla\Firefox\Profiles\9cyhavzp.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.7:C:\Documents and Settings\CONNOR.BASEMENT\Application Data\Mozilla\Firefox\Profiles\9cyhavzp.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.8:C:\Documents and Settings\CONNOR.BASEMENT\Application Data\Mozilla\Firefox\Profiles\9cyhavzp.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.9:C:\Documents and Settings\CONNOR.BASEMENT\Application Data\Mozilla\Firefox\Profiles\9cyhavzp.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.29:C:\Documents and Settings\CONNOR.BASEMENT\Application Data\Mozilla\Firefox\Profiles\9cyhavzp.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned with backup (quarantined).
:mozilla.30:C:\Documents and Settings\CONNOR.BASEMENT\Application Data\Mozilla\Firefox\Profiles\9cyhavzp.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned with backup (quarantined).
:mozilla.31:C:\Documents and Settings\CONNOR.BASEMENT\Application Data\Mozilla\Firefox\Profiles\9cyhavzp.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned with backup (quarantined).
:mozilla.32:C:\Documents and Settings\CONNOR.BASEMENT\Application Data\Mozilla\Firefox\Profiles\9cyhavzp.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned with backup (quarantined).
:mozilla.33:C:\Documents and Settings\CONNOR.BASEMENT\Application Data\Mozilla\Firefox\Profiles\9cyhavzp.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned with backup (quarantined).
:mozilla.47:F:\Documents and Settings\CONNOR.BASEMENT\Application Data\Mozilla\Firefox\Profiles\9cyhavzp.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned with backup (quarantined).
:mozilla.48:F:\Documents and Settings\CONNOR.BASEMENT\Application Data\Mozilla\Firefox\Profiles\9cyhavzp.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned with backup (quarantined).
C:\Documents and Settings\MORGAN\Cookies\morgan@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : Cleaned with backup (quarantined).
:mozilla.149:C:\Documents and Settings\CONNOR.BASEMENT\Application Data\Mozilla\Firefox\Profiles\9cyhavzp.default\cookies.txt -> TrackingCookie.Spylog : Cleaned with backup (quarantined).
:mozilla.33:F:\Documents and Settings\CONNOR.BASEMENT\Application Data\Mozilla\Firefox\Profiles\9cyhavzp.default\cookies.txt -> TrackingCookie.Spylog : Cleaned with backup (quarantined).
:mozilla.130:C:\Documents and Settings\CONNOR.BASEMENT\Application Data\Mozilla\Firefox\Profiles\9cyhavzp.default\cookies.txt -> TrackingCookie.Starware : Cleaned with backup (quarantined).
:mozilla.131:C:\Documents and Settings\CONNOR.BASEMENT\Application Data\Mozilla\Firefox\Profiles\9cyhavzp.default\cookies.txt -> TrackingCookie.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\MORGAN\Cookies\morgan@starware[2].txt -> TrackingCookie.Starware : Cleaned with backup (quarantined).
:mozilla.47:C:\Documents and Settings\CONNOR.BASEMENT\Application Data\Mozilla\Firefox\Profiles\9cyhavzp.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
C:\Documents and Settings\PARENTS\Local Settings\Temp\Cookies\parents@statcounter[1].txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
C:\Documents and Settings\MORGAN\Cookies\morgan@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
C:\Documents and Settings\PARENTS\Local Settings\Temp\Cookies\parents@anad.tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
C:\Documents and Settings\PARENTS\Local Settings\Temp\Cookies\parents@anat.tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
C:\Documents and Settings\PARENTS\Local Settings\Temp\Cookies\parents@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
:mozilla.58:C:\Documents and Settings\MORGAN\Application Data\Mozilla\Firefox\Profiles\36lz5yzu.default\cookies.txt -> TrackingCookie.Tracking101 : Cleaned with backup (quarantined).
:mozilla.58:F:\Documents and Settings\MORGAN\Application Data\Mozilla\Firefox\Profiles\36lz5yzu.default\cookies.txt -> TrackingCookie.Tracking101 : Cleaned with backup (quarantined).
:mozilla.59:C:\Documents and Settings\MORGAN\Application Data\Mozilla\Firefox\Profiles\36lz5yzu.default\cookies.txt -> TrackingCookie.Tracking101 : Cleaned with backup (quarantined).
:mozilla.59:F:\Documents and Settings\MORGAN\Application Data\Mozilla\Firefox\Profiles\36lz5yzu.default\cookies.txt -> TrackingCookie.Tracking101 : Cleaned with backup (quarantined).
C:\Documents and Settings\MORGAN\Cookies\morgan@login.tracking101[1].txt -> TrackingCookie.Tracking101 : Cleaned with backup (quarantined).
F:\Documents and Settings\MORGAN\Cookies\morgan@login.tracking101[1].txt -> TrackingCookie.Tracking101 : Cleaned with backup (quarantined).
:mozilla.50:F:\Documents and Settings\CONNOR.BASEMENT\Application Data\Mozilla\Firefox\Profiles\9cyhavzp.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.92:C:\Documents and Settings\CONNOR.BASEMENT\Application Data\Mozilla\Firefox\Profiles\9cyhavzp.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.93:C:\Documents and Settings\CONNOR.BASEMENT\Application Data\Mozilla\Firefox\Profiles\9cyhavzp.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.94:C:\Documents and Settings\CONNOR.BASEMENT\Application Data\Mozilla\Firefox\Profiles\9cyhavzp.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.98:C:\Documents and Settings\CONNOR.BASEMENT\Application Data\Mozilla\Firefox\Profiles\9cyhavzp.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.103:C:\Documents and Settings\CONNOR.BASEMENT\Application Data\Mozilla\Firefox\Profiles\9cyhavzp.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
:mozilla.60:C:\Documents and Settings\MORGAN\Application Data\Mozilla\Firefox\Profiles\36lz5yzu.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup (quarantined).
:mozilla.60:F:\Documents and Settings\MORGAN\Application Data\Mozilla\Firefox\Profiles\36lz5yzu.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup (quarantined).
:mozilla.61:C:\Documents and Settings\MORGAN\Application Data\Mozilla\Firefox\Profiles\36lz5yzu.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup (quarantined).
:mozilla.61:F:\Documents and Settings\MORGAN\Application Data\Mozilla\Firefox\Profiles\36lz5yzu.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup (quarantined).
:mozilla.66:C:\Documents and Settings\MORGAN\Application Data\Mozilla\Firefox\Profiles\36lz5yzu.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.66:F:\Documents and Settings\MORGAN\Application Data\Mozilla\Firefox\Profiles\36lz5yzu.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.67:C:\Documents and Settings\MORGAN\Application Data\Mozilla\Firefox\Profiles\36lz5yzu.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.67:F:\Documents and Settings\MORGAN\Application Data\Mozilla\Firefox\Profiles\36lz5yzu.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.90:C:\Documents and Settings\CONNOR.BASEMENT\Application Data\Mozilla\Firefox\Profiles\9cyhavzp.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.91:C:\Documents and Settings\CONNOR.BASEMENT\Application Data\Mozilla\Firefox\Profiles\9cyhavzp.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.95:C:\Documents and Settings\CONNOR.BASEMENT\Application Data\Mozilla\Firefox\Profiles\9cyhavzp.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.96:C:\Documents and Settings\CONNOR.BASEMENT\Application Data\Mozilla\Firefox\Profiles\9cyhavzp.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.97:C:\Documents and Settings\CONNOR.BASEMENT\Application Data\Mozilla\Firefox\Profiles\9cyhavzp.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\Documents and Settings\ALLYSON\Cookies\allyson@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\Documents and Settings\CONNOR.BASEMENT\Cookies\connor@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\Documents and Settings\MORGAN\Cookies\morgan@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\Documents and Settings\MORGAN\Cookies\morgan@yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\Documents and Settings\PARENTS\Cookies\parents@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\Documents and Settings\PARENTS\Local Settings\Temp\Cookies\parents@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\Documents and Settings\PARENTS\Local Settings\Temp\Cookies\parents@yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
F:\Documents and Settings\CONNOR.BASEMENT\Cookies\connor@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
F:\Documents and Settings\MORGAN\Cookies\morgan@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\Documents and Settings\PARENTS\Shared\Incredimail Xe Premium v3.5.0 build 1787 + Crack.zip/Incredimail Xe Premium v3.5.0 Build 1787/Incredimail Xe Premium Patch.exe -> Trojan.Agent.jh : Error during cleaning.
C:\unzipped\Incredimail Xe Premium v3.5.0 build 1787 + Crack\Incredimail Xe Premium v3.5.0 Build 1787\Incredimail Xe Premium Patch.exe -> Trojan.Agent.jh : Cleaned with backup (quarantined).
C:\WINDOWS\aac.exe -> Trojan.Imis

#6 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:06:23 AM

Posted 13 August 2006 - 01:07 PM

I have reopened this thread and merged you new post here.
Please continue your replies in this thread.
Thanks

#7 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:07:23 AM

Posted 13 August 2006 - 01:22 PM

Hello,

Not sure if you performed my instructions though...
So please look at my previous post and perform the intructions I posted. No need to post the Ewido log anymore. What I need is the log from combofix and a new hijackthislog in your next reply.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#8 anesthesiaman

anesthesiaman
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:23 AM

Posted 13 August 2006 - 01:28 PM

yes i followed your instructions and that is new hijack log and combfix. i will redo hijack and combofix

#9 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:07:23 AM

Posted 13 August 2006 - 01:39 PM

I don't see any combofix log posted though... maybe your post got cut off, so post it again :thumbsup:
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#10 anesthesiaman

anesthesiaman
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:23 AM

Posted 13 August 2006 - 03:30 PM

i'm still getting spyware popups..here is my combofix log
Start Time= Sun 08/13/2006 16:27:31.73
Running from: C:\Documents and Settings\PARENTS\Desktop

QuickScan did not find any signs of infected files

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-08-13 02:30:24 ( .D... ) "C:\Program Files\ewido anti-spyware 4.0"
2006-08-12 15:37:10 821 ( A.... ) "C:\WINDOWS\system32\nt68rrtc12.sys"
2006-08-12 15:37:10 821 ( A.... ) "C:\WINDOWS\system32\nt68rrtc12.sys"
2006-08-12 15:32:58 234143 ( ..S.R ) "C:\WINDOWS\system32\kt80l7lm1.dll"
2006-08-12 12:19:18 106496 ( A.... ) "C:\WINDOWS\Duce6.exe"
2006-08-12 12:18:18 155648 ( A.... ) "C:\WINDOWS\win32074681483964.exe"
2006-08-06 09:16:50 ( .D... ) "C:\Program Files\HijackThis"
2006-08-05 02:30:40 ( .D... ) "C:\Program Files\Trend Micro"
2006-08-04 00:16:16 1167 ( A.... ) "C:\WINDOWS\system32\gtu88878.sys"
2006-08-04 00:16:16 1167 ( A.... ) "C:\WINDOWS\system32\gtu88878.sys"
2006-08-03 16:16:34 0 ( A.... ) "C:\Documents and Settings\PARENTS\Application Data\internaldb41.dat"
2006-08-03 16:16:18 ( .D... ) "C:\Program Files\PSLister"
2006-08-03 16:16:12 61952 ( A.... ) "C:\WINDOWS\system32\gtu88878.dll"
2006-08-03 16:16:10 184829 ( A.... ) "C:\WINDOWS\srvzzmxcso.exe"
2006-08-03 16:16:08 235134 ( A.... ) "C:\WINDOWS\srvtfpnzqd.exe"
2006-08-03 16:15:54 ( .D... ) "C:\Program Files\System Icons"
2006-08-03 16:15:12 ( .D... ) "C:\Program Files\Common Files\qquz"
2006-08-03 16:13:30 ( .D... ) "C:\Program Files\Common Files\{58738034-086A-1033-0902-040406130001}"
2006-07-30 00:06:54 1783 ( A.... ) "C:\Documents and Settings\PARENTS\Application Data\AdobeDLM.log"
2006-07-30 00:06:54 0 ( A.... ) "C:\Documents and Settings\PARENTS\Application Data\dm.ini"
2006-07-27 09:24:46 679424 ( A.... ) "C:\WINDOWS\system32\inetcomm.dll"
2006-07-21 18:55:38 127578 ( A.... ) "C:\WINDOWS\system32\tsuninst.exe"
2006-07-21 04:24:44 72704 ( A.... ) "C:\WINDOWS\system32\hlink.dll"
2006-07-15 12:36:58 ( .D... ) "C:\Program Files\FAST Defrag"
2006-07-14 11:31:40 332288 ( A.... ) "C:\WINDOWS\system32\netapi32.dll"
2006-07-13 09:33:28 8453632 ( A.... ) "C:\WINDOWS\system32\shell32.dll"
2006-07-12 19:16:28 ( .D... ) "C:\Documents and Settings\PARENTS\Application Data\Yahoo!"
2006-07-05 06:55:02 984064 ( A.... ) "C:\WINDOWS\system32\kernel32.dll"
2006-06-26 21:36:26 ( .D... ) "C:\Program Files\Microsoft Money 2005"
2006-06-26 20:40:22 ( .D... ) "C:\Program Files\Common Files\Palo Alto Software"
2006-06-26 20:40:18 ( .D... ) "C:\Program Files\Common Files\Intuit"
2006-06-26 20:40:08 ( .D... ) "C:\Program Files\Quicken"
2006-06-26 13:37:10 148480 ( A.... ) "C:\WINDOWS\system32\dnsapi.dll"
2006-06-26 13:37:10 8192 ( A.... ) "C:\WINDOWS\system32\rasadhlp.dll"
2006-06-19 16:20:42 702768 ( A.... ) "C:\WINDOWS\system32\WgaLogon.dll"
2006-06-18 17:59:04 ( .D... ) "C:\Program Files\iPod"
2006-05-19 08:59:42 111616 ( A.... ) "C:\WINDOWS\system32\dhcpcsvc.dll"
2006-05-19 08:59:42 94720 ( A.... ) "C:\WINDOWS\system32\iphlpapi.dll"


(((((((((((((((((((((((((((((((((((((( Files Created - Last 30days )))))))))))))))))))))))))))))))))))))))))))


2006-08-12 15:37 821 C:\WINDOWS\system32\nt68rrtc12.sys
2006-08-12 15:35 234,143 C:\WINDOWS\system32\kt80l7lm1.dll
2006-08-12 12:19 106,496 C:\WINDOWS\Duce6.exe
2006-08-12 12:18 155,648 C:\WINDOWS\win32074681483964.exe
2006-08-03 16:16 61,952 C:\WINDOWS\system32\gtu88878.dll
2006-08-03 16:16 235,134 C:\WINDOWS\srvtfpnzqd.exe
2006-08-03 16:16 184,829 C:\WINDOWS\srvzzmxcso.exe
2006-08-03 16:16 1,167 C:\WINDOWS\system32\gtu88878.sys
2006-08-03 16:15 127,578 C:\WINDOWS\system32\tsuninst.exe


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"InCD"="C:\\Program Files\\Ahead\\InCD\\InCD.exe"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"Gravis Xperience Driver Support"="Grxp4exe.exe /init"
"RoxioEngineUtility"="\"C:\\Program Files\\Common Files\\Roxio Shared\\System\\EngUtil.exe\""
"RemoteControl"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\""
"EPSON Stylus CX6600 Series"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_FATI9EA.EXE /P26 \"EPSON Stylus CX6600 Series\" /O6 \"USB001\" /M \"Stylus CX6600\""
"ISLP2STA.EXE"="ISLP2STA.EXE START"
"MW1HelperStartUp"="C:\\PROGRA~1\\MAGICW~1\\MW1HEL~1.EXE /partner MW1"
"dvd43"="C:\\Program Files\\dvd43\\dvd43_tray.exe"
"Adobe Photo Downloader"="\"C:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\""
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE"
"Smapp"="C:\\Program Files\\Analog Devices\\SoundMAX\\SMTray.exe"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"UserFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,65,\
6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,75,00
"win32074681483964"="C:\\WINDOWS\\win32074681483964.exe"
"TheMonitor"="C:\\WINDOWS\\Duce6.exe"
"!ewido"="\"C:\\Program Files\\ewido anti-spyware 4.0\\ewido.exe\" /minimized"
"pccguide.exe"="\"C:\\Program Files\\Trend Micro\\Internet Security 2006\\pccguide.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NVMCTRAY.DLL,NvTaskbarInit"
"Creative Detector"="C:\\Program Files\\Creative\\MediaSource\\Detector\\CTDetect.exe /R"
"MtdAcq"="C:\\Program Files\\Creative\\Shared Files\\Media Sniffer\\MtdAcq.exe /s"
"Dancer"="\"C:\\Program Files\\Microsoft Plus! Digital Media Edition\\Dancer\\Dancer.exe\""
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"IncrediMail"="C:\\Program Files\\IncrediMail\\bin\\IncMail.exe /c"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runservices]
"p2pnetwork"="p2pnetwork.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]
"{58738034-086A-1033-0902-040406130001}"="\"C:\\Program Files\\Common Files\\{58738034-086A-1033-0902-040406130001}\\Update.exe\" mc-110-12-0000140"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="C:\\Program Files\\Internet Explorer\\pojohaz.html"
"SubscribedURL"=""
"FriendlyName"=""
"Flags"=dword:00002000
"Position"=hex:2c,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,00,00,e8,\
03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,14,00,00,00,14,00,00,00
"CurrentState"=dword:40000001
"OriginalStateInfo"=hex:18,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,\
00,00,01,00,00,00
"RestoredStateInfo"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1]
"Source"="C:\\Program Files\\MSN Gaming Zone\\megefuwyw.html"
"SubscribedURL"=""
"FriendlyName"=""
"Flags"=dword:00002000
"Position"=hex:2c,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,00,00,ea,\
03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,14,00,00,00,14,00,00,00
"CurrentState"=dword:40000001
"OriginalStateInfo"=hex:18,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,\
00,00,01,00,00,00
"RestoredStateInfo"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\2]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,de,02,00,00,ec,\
03,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=dword:40000004
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=dword:00000000

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="ewido anti-spyware 4.0"

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system
DisableRegistryTools REG_DWORD 0 (0x0)



Contents of the 'Scheduled Tasks' folder

Completion time: Sun 08/13/2006 16:27:57.61
ComboFix ver 06.07.15/30 - This logfile is located at C:\ComboFix.txt

ComboFix.2006-08-13.143024.txt
ComboFix.2006-08-13.162731.txt

#11 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:07:23 AM

Posted 13 August 2006 - 03:37 PM

And a new hijackthislog please?
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#12 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:07:23 AM

Posted 13 August 2006 - 03:51 PM

Anyway, leave the hijackthislog for now.

It's better to save next instructions in notepad or print them out, because you alos have to work in safe mode with networking support and this page won't be available.
I also want you perform the next instructions in exactly the same order as I describe without missing any step!

* Reboot into Safe Mode`: ( without networking support !)
įTo get into the Windows XP Safe Mode, restart your computer and, just before Windows starts to load, tap the F8 key a few times.
Choose Safe Mode from the menu that will appear and press Enter.

Please set your system to show all files.
Click Start.
Open My Computer.
Select the Tools menu and click Folder Options.
Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
Uncheck: Hide file extensions for known file types
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm.
Click OK.

Please hide your hidden files and folders afterwards again, when we are done with this thread and your problems are solved, because above instructions to set your system to show all files, unhide legit files and folders as well.
And I don't want you to delete them because they may look suspicious. To hide them again, just perform the above instructions in the opposite way.


Delete next folders and files:

C:\Documents and Settings\PARENTS\Application Data\internaldb41.dat
C:\Program Files\PSLister <== folder
C:\Program Files\System Icon <== folder
C:\Program Files\Common Files\qquz <== folder
C:\Program Files\Common Files\{58738034-086A-1033-0902-040406130001} <== folder
C:\WINDOWS\system32\nt68rrtc12.sys
C:\WINDOWS\system32\kt80l7lm1.dll
C:\WINDOWS\Duce6.exe
C:\WINDOWS\win32074681483964.exe
C:\WINDOWS\system32\gtu88878.dll
C:\WINDOWS\srvtfpnzqd.exe
C:\WINDOWS\srvzzmxcso.exe
C:\WINDOWS\system32\gtu88878.sys
C:\WINDOWS\system32\tsuninst.exe
C:\Program Files\Internet Explorer\pojohaz.html
C:\Program Files\MSN Gaming Zone\megefuwyw.html

* Go to start > control panel > Display properties > Desktop > Customize Desktop... > Web tab
Uncheck and delete everything you find in there. (except for "My current home page")
Hit ok below > apply in previous window.

* Clean your Cache and Cookies in IE:
  • Close all instances of Outlook Express and Internet Explorer
  • Go to Control Panel > Internet Options > General tab
  • Click the "Delete Cookies" button
  • Next to it, Click the "Delete Files" button
  • When prompted, place a check in: "Delete all offline content", click OK
* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):
  • Go to Tools > Options.
  • Click Privacy in the menu on the left side of the Options window.
  • Click the Clear button located to the right of each option (History, Cookies, Cache).
  • Click OK to close the Options window
    Alternatively, you can clear all information stored while browsing by clicking Clear All.
    A confirmation dialog box will be shown before clearing the information.
* Clean other Temporary files + Recycle bin
  • Go to start > run and type: cleanmgr and click ok.
  • Let it scan your system for files to remove.
  • Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.
  • Press OK to remove them.
Reboot back to normal mode.

Open notepad and copy and paste next present in the quotebox below in it:
(don't forget to copy and paste REGEDIT4)

REGEDIT4

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runservices]
"p2pnetwork"=-

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"Dancer"=-

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"UserFaultCheck"=-
"win32074681483964"=-
"TheMonitor"=-

Save this as fix.reg Choose to save as *all files and place it on your desktop.
It should look like this: Posted Image
Doubleclick on it and when it asks you if you want to merge the contents to the registry, click yes/ok.
(In case you are unsure how to create a reg file, take a look here with screenshots.)

* Perform an onlinescan with panda: (please use this scanner instead of any other scanner!)
Panda Online
- Once you are on the Panda site click the Scan your PC button
- A new window will open...click the Check Now button
- Enter your Country
- Enter your State/Province
- Enter your e-mail address and click send
- Select either Home User or Company
- Click the big Scan Now button
- If it wants to install an ActiveX component allow it
- It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
- When download is complete, click on Local Disks to start the scan
- When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.
Post the contents of the Panda scan report together with a new hijackthislog.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#13 anesthesiaman

anesthesiaman
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:23 AM

Posted 14 August 2006 - 08:20 PM

i attempted to use fix.reg file i put together in notebook but computer wouldnt let me merge it in registery becuase it said it could only do it in binary form.

Panda report:


Incident Status Location

Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\ALLYSON\Cookies\allyson@atwola[1].txt
Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\CONNOR.BASEMENT\Application Data\Mozilla\Firefox\Profiles\9cyhavzp.default\cookies.txt[.adultfriendfinder.com/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\CONNOR.BASEMENT\Cookies\connor@atwola[1].txt
Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\LocalService\Cookies\system@adultfriendfinder[2].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\MORGAN\Cookies\morgan@atwola[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\MORGAN\Cookies\morgan@belnk[2].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\MORGAN\Cookies\morgan@cgi-bin[1].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\MORGAN\Cookies\morgan@cgi-bin[2].txt
Spyware:Cookie/360i Not disinfected C:\Documents and Settings\MORGAN\Cookies\morgan@ct.360i[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\MORGAN\Cookies\morgan@dist.belnk[2].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\MORGAN\Cookies\morgan@go[1].txt
Spyware:Cookie/Screensavers Not disinfected C:\Documents and Settings\MORGAN\Cookies\morgan@i.screensavers[2].txt
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\MORGAN\Cookies\morgan@searchportal.information[1].txt
Spyware:Cookie/Target Not disinfected C:\Documents and Settings\MORGAN\Cookies\morgan@target[1].txt
Spyware:Cookie/Affiliate fuel Not disinfected C:\Documents and Settings\MORGAN\Cookies\morgan@www.affiliatefuel[2].txt
Hijack this report:

Logfile of HijackThis v1.99.1
Scan saved at 9:09:03 PM, on 8/14/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\TRENDM~1\INTERN~1\PccGuide.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\Grxp4exe.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9EA.EXE
C:\Program Files\dvd43\dvd43_tray.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Creative\Shared Files\Media Sniffer\MtdAcq.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\HijackThis\HijackThis.exe

F2 - REG:system.ini: UserInit=userinit.exe
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Gravis Xperience Driver Support] Grxp4exe.exe /init
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [EPSON Stylus CX6600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9EA.EXE /P26 "EPSON Stylus CX6600 Series" /O6 "USB001" /M "Stylus CX6600"
O4 - HKLM\..\Run: [ISLP2STA.EXE] ISLP2STA.EXE START
O4 - HKLM\..\Run: [MW1HelperStartUp] C:\PROGRA~1\MAGICW~1\MW1HEL~1.EXE /partner MW1
O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [win32074681483964] C:\WINDOWS\win32074681483964.exe
O4 - HKLM\..\Run: [TheMonitor] C:\WINDOWS\Duce6.exe
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe"
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [MtdAcq] C:\Program Files\Creative\Shared Files\Media Sniffer\MtdAcq.exe /s
O4 - HKCU\..\Run: [Dancer] "C:\Program Files\Microsoft Plus! Digital Media Edition\Dancer\Dancer.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\RunServices: [p2pnetwork] p2pnetwork.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} -
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} -
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} -
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} -
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} -
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1124920855323
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Trend Micro ActiveX Scan Agent 6.5) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} -
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD File System Service (InCDsrv) - Unknown owner - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: WMP54Gv4SVC - Unknown owner - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe" "WMP54Gv4.exe (file missing)

#14 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:07:23 AM

Posted 15 August 2006 - 01:58 AM

i attempted to use fix.reg file i put together in notebook but computer wouldnt let me merge it in registery becuase it said it could only do it in binary form.


That's because you didn't use notepad to create the fix.reg, or you forgot to add REGEDIT4 on top. Just read through my instructions again how to create a regfix properly.* Start HijackThis, close all open windows leaving only HijackThis running. Place a check against each of the following:

O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [win32074681483964] C:\WINDOWS\win32074681483964.exe
O4 - HKLM\..\Run: [TheMonitor] C:\WINDOWS\Duce6.exe
O4 - HKCU\..\RunServices: [p2pnetwork] p2pnetwork.exe
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} -
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} -
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} -
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} -
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} -
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} -


* Click on Fix Checked when finished and exit HijackThis.
Make sure your Internet Explorer is closed when you click Fix Checked!

Post a new hijackthislog in your next reply and let me know how things are running now.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#15 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:07:23 AM

Posted 21 August 2006 - 01:22 AM

Due to the lack of feedback, this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users