Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Do Not No The Name Of The Thing


  • This topic is locked This topic is locked
31 replies to this topic

#1 livindead

livindead

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Local time:08:27 PM

Posted 22 March 2007 - 02:11 PM

its somethign to do with my incomplete download file for limewire pro found in grahams documents then grahams music. if i move my curser over the file i get the messege 'widows explorer has encounted a proplem and must close' ive clicked both send and dont send and the same thing happens it just closes. so i cant get in to it to delete anyhting and i cant delete the file its self (i also cant access it through limewire its self as limewire just closes) running a virus scan or sum programs tht try to access the file brings up the messege ''what ever program' has encounted an error and must close' and agen the program closes. most of the check i had to run before i could send this post didnt finish because of that exact reason i really dont no wot to do.

Logfile of HijackThis v1.99.1
Scan saved at 19:00:42, on 22/03/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo! UK & Ireland
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Norton Personal Firewall 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Personal Firewall 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
O9 - Extra 'Tools' menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.iqon.ie
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4DC6E731-ED9C-4FD9-938F-F1BEBB275630}: NameServer = 85.255.116.138,85.255.112.19
O17 - HKLM\System\CCS\Services\Tcpip\..\{8D0D3BEF-CEC9-40E9-87A1-BE2225D3DFCE}: NameServer = 85.255.116.138,85.255.112.19
O17 - HKLM\System\CCS\Services\Tcpip\..\{B05DF7CF-DD73-4ABE-8EB3-13C58D8994CF}: NameServer = 85.255.116.138,85.255.112.19
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.138 85.255.112.19
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.116.138 85.255.112.19
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.138 85.255.112.19
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Personal Firewall\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: lxby_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbycoms.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton UnErase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

BC AdBot (Login to Remove)

 


m

#2 htv8

htv8

  • Members
  • 1,694 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:10:27 PM

Posted 27 March 2007 - 11:51 AM

Hello livindead, and welcome to BleepingComputer. I will be handling your log to help you get cleaned up.

Please take note of the following:
1. I will start working on your malware issues, this may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. The process is not instant. Please continue to review my answers until I tell you your machine is clean.
4. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes.
5. Please reply to this thread. Do not start a new topic.

Please give me some time to look over your log and I will get back to you as soon as possible.

Thanks,

htv8
If I have not posted back within 24 hours, feel free to send me a PM with your topic link.

Posted Image

#3 htv8

htv8

  • Members
  • 1,694 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:10:27 PM

Posted 27 March 2007 - 03:28 PM

OK, livindead. Let's get started.

its somethign to do with my incomplete download file for limewire pro found in grahams documents then grahams music

What file? What is the exact file name and path to the file? I need more information about this. :thumbsup:

Please print out or copy this page to Notepad. This will be useful as there is a possibility some of the instructions will need to be carried out where internet access is not available. A print out of the instructions would be a good reference to make sure you don't get lost. You may also like to save these instructions in Word/Notepad to the Desktop where they can be easily found for the same reasons as above.
Also make sure to work through the fixes in the exact order in which they are mentioned below and do not miss any steps out. If you have any queries about the process or just general questions, ask your question(s) before proceeding with the fixes.


You most likely got infected through file sharing. You say that you have LimeWire Pro installed on your computer: a P2P/File Sharing (related) program. Aside from the obvious legal issues, file sharing is one of the primary ways through which people become infected with malware. Anytime you are running any type of P2P application, you are more prone to infection.
I suggest to remove this program. If you agree, go to Start > Control Panel > Add/Remove Programs and remove LimeWire Pro.
If you do not want to uninstall the program, please at least refrain from using any peer-to-peer programs for the remainder of my fix.

Step #1: HijackThis fix
Scan again with HijackThis. Put a checkmark by these entries if they are present, double-checking to be sure that only these entries are checked:
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O17 - HKLM\System\CCS\Services\Tcpip\..\{4DC6E731-ED9C-4FD9-938F-F1BEBB275630}: NameServer = 85.255.116.138,85.255.112.19
O17 - HKLM\System\CCS\Services\Tcpip\..\{8D0D3BEF-CEC9-40E9-87A1-BE2225D3DFCE}: NameServer = 85.255.116.138,85.255.112.19
O17 - HKLM\System\CCS\Services\Tcpip\..\{B05DF7CF-DD73-4ABE-8EB3-13C58D8994CF}: NameServer = 85.255.116.138,85.255.112.19
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.138 85.255.112.19
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.116.138 85.255.112.19
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.138 85.255.112.19


Close all other windows - you should only see HijackThis on your Desktop - and then click the button labelled "Fix checked".

Step #2
Go to Start > Control Panel > Network and Internet Connections > Network Connections.
Right-click on your default connection, usually Local Area Connection or Dial-up Connection if you are using dial-up, and left-click on the Properties option. Double-click on the Internet Protocol (TCP/IP) item and select the radio button labelled "Obtain DNS servers automatically". Click the OK button twice, and restart your computer.

Step #3
Go to Start > Run. In the Run: field type cmd and press the OK button. This will open a Command Prompt.
Type or copy/paste the entire contents inside the QUOTE box below into the command window:

ipconfig /flushdns

Hit Enter and exit the Command Prompt.

Step #4: Fixwareout
Download Fixwareout to your Desktop by clicking the download link below.
Download Fixwareout

Once it is downloaded, launch the Fixwareout Setup Wizard by double-clicking the Fixwareout.exe file. Click Next, then Install. Make sure the option labelled "Run fixit" is checked and click the Finish button.
The fix will begin. If your firewall gives an alert because this tool will download an additional file from the Internet, please do not let your firewall block it, but allow it instead. Follow the on-screen prompts and when you will be asked to reboot your computer, please do so.
NOTE: Your system may take longer than usual to reboot. This is normal.

Once the Desktop loads, a text file called report.txt will open up that is located in C:\Fixwareout. Please post the entire contents of that text file as a reply to this post

Step #5: uninstall list
Please provide me an uninstall list by performing these instructions:
1. Open HijackThis.
2. Click once on the Config... button.
3. Go to the Misc Tools section by clicking on the Misc Tools button on top of the screen.
4. Click on the button labelled "Open Uninstall Manager...". You'll see a list of currently installed programs.
5. Click on the button labelled "Save list..." and specify where you would like to save the uninstall list.

When you press the Save button, Notepad will open up with the contents of that file. Copy and paste the contents of that Notepad file as a reply to this topic.

Step #6: HijackThis scan
Scan with HijackThis again and post a new HijackThis log.

Do not forget to include the Fixwareout report and the uninstall list in your next reply.
If I have not posted back within 24 hours, feel free to send me a PM with your topic link.

Posted Image

#4 livindead

livindead
  • Topic Starter

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Local time:08:27 PM

Posted 28 March 2007 - 02:14 PM

thx m8 and i really hope u can help me heres the three logs u asked me for :D

Fixwareout Last edited 2/11/2007
Post this report in the forums please
...
»»»»»Prerun check

»»»»» System restarted

»»»»» Postrun check
HKLM\SOFTWARE\~\Winlogon\ "system"=""
....
....
»»»»» Misc files.
....
»»»»» Checking for older varients.
....

Search five digit cs, dm, kd, jb, other, files.
The following files NEED TO BE SUBMITTED to one of the following URL'S for further inspection.



Click browse, find the file then click submit.
http://www.virustotal.com/flash/index_en.html
Or http://virusscan.jotti.org/

»»»»» Other
C:\WINDOWS\Temp\kdqoa.ren 63897 04/08/2004



»»»»» Current runs
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"WMPNSCFG"="C:\\Program Files\\Windows Media Player\\WMPNSCFG.exe"
....
Hosts file was reset, If you use a custom hosts file please replace it
»»»»» End report »»»»»


Adobe Flash Player 9 ActiveX
Adobe Photoshop CS2
Adobe Reader 7.0.9
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
BitLord 1.1
BitTorrent 5.0.5
broadband medic
BroadJump Client Foundation
CC_ccProxyExt
ccCommon
CCleaner (remove only)
ccPxyCore
Connection Keep Alive
Crashday
Disc2Phone
EPSON Easy Photo Print
EPSON Printer Software
EPSON Scan
Eraser 5.82
EvilLyrics
FunTalk
Gamepad Pro USB
GTA San Andreas
HijackThis 1.99.1
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Internet Worm Protection
IsoBuster 2.0
iTunes
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 3
Java™ SE Development Kit 6
Java™ SE Runtime Environment 6
Lexmark P910 Series
Lexmark X1100 Series
Lexmark Z600 Series
LiveUpdate 3.0 (Symantec Corporation)
Logitech® Camera Driver
Macromedia Dreamweaver 8
Macromedia Extension Manager
Macromedia Fireworks 8
Magic Online
Magic Workstation 0.94f
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Windows Journal Viewer
Minilyrics(remove only)
Morpheus 5.4 (remove only)
Morpheus Ultra 4.5 (remove only)
Mozilla Firefox (2.0.0.3)
MSRedist
MSRedist
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 6.0 Parser (KB927977)
MSXML 6.0 SDK
NAVShortcut
Norton AntiSpam
Norton AntiVirus 2006
Norton AntiVirus Parent MSI
Norton Cleanup
Norton Internet Security
Norton Internet Security
Norton Personal Firewall
Norton Personal Firewall
Norton Personal Firewall 2006 (Symantec Corporation)
Norton Protection Center
Norton SystemWorks
Norton SystemWorks 2006 Premier
Norton SystemWorks 2006 Premier (Symantec Corporation)
Norton Utilities
Norton WMI Update
Norton WMI Update
NSW_DRM_COLLECTION
NVIDIA Drivers
NVIDIA Photoshop Plug-ins
Pcsx2 0.9.2 Watermoose
PKR
Power2Go 4.0
PowerDVD
PowerStarter
QuickTime
Realtek AC'97 Audio
REALTEK Gigabit and Fast Ethernet NIC Driver
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Smart Link 56K Voice Modem
Sony Ericsson PC Suite 1.20.224
SPBBC
Spybot - Search & Destroy 1.4
SUPERAntiSpyware Professional
Symantec KB-DocID:2003093015493306
Symantec Technical Support Web Controls
TeamSpeak 2 RC2
The Sims 2
The Sims 2 Open For Business
TrackMania Nations ESWC - Update 2
Unreal Tournament G.O.T.Y. Edition
Update for Outlook 2007 Junk Email Filter (KB931766)
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB929338)
Update for Windows XP (KB931836)
VideoLAN VLC media player 0.8.6a
Wildlife Park Gold
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live Messenger
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows Vista Upgrade Advisor
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
WinRAR archiver
Xfire (remove only)
Yahoo! Toolbar


Logfile of HijackThis v1.99.1
Scan saved at 20:11:41, on 28/03/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo! UK & Ireland
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Norton Personal Firewall 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Personal Firewall 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
O9 - Extra 'Tools' menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.iqon.ie
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Personal Firewall\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: lxby_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbycoms.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton UnErase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

i can also get into my incomplete download file now cheers but i cant delete anything from it ;D
cheers LD

Edited by livindead, 28 March 2007 - 02:31 PM.


#5 htv8

htv8

  • Members
  • 1,694 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:10:27 PM

Posted 30 March 2007 - 05:54 PM

Hello, livindead. Sorry for the delay in getting back to you.

Please print out or copy this page to Notepad. This will be useful as there is a possibility some of the instructions will need to be carried out where internet access is not available. A print out of the instructions would be a good reference to make sure you don't get lost. You may also like to save these instructions in Word/Notepad to the Desktop where they can be easily found for the same reasons as above.
Also make sure to work through the fixes in the exact order in which they are mentioned below and do not miss any steps out. If you have any queries about the process or just general questions, ask your question(s) before proceeding with the fixes.


Step #1: ATF Cleaner download
Please download ATF Cleaner from the link below, but do not use the program yet.
Download ATF Cleaner

Step #2: uninstallation of older Java versions
Go to Start > Control Panel > Add/Remove Programs and uninstall the following programs (if they are listed):
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 3


These are older versions of the Sun Java Console. You already have the latest version which is Java Runtime Environment (JRE) 6 at the moment. Older versions have vulnerabilities that malware can and are using to infect systems.

Step #3: optional removals
You most likely got infected through file sharing. The following P2P/File Sharing (related) programs are installed on your machine:
BitLord 1.1
BitTorrent 5.0.5
Morpheus 5.4 (remove only)
Morpheus Ultra 4.5 (remove only)


Aside from the obvious legal issues, file sharing is one of the primary ways through which people become infected with malware. Anytime you are running any type of P2P application, you are more prone to infection.
I strongly suggest to remove these programs. If you agree, go to Start > Control Panel > Add/Remove Programs and remove them.
If you do not want to uninstall the P2P/File Sharing (related) programs, please at least refrain from using any peer-to-peer programs for the remainder of my fix.

I also see PKR installed. If you installed this program yourself, and use it to play poker online, please leave this program alone. However, if you do not use it, I recommend removing the program because in most cases, these programs are supported by malware, getting installed without asking for it. They also lead you to sites where malware is lurking.
I stronly recommend you to get rid of it. If you agree, go to Start > Control Panel > Add/Remove Programs and remove PKR if present.

Step #4: AVG Anti-Spyware scan
Please download AVG Anti-Spyware 7.5 from the link below and save it to your Desktop.
Download AVG Anti-Spyware 7.5

Once downloaded, locate the icon on your Desktop and double-click on it to launch the setup program. Follow the on-screen instructions to install AVG Anti-Spyware.

Before running AVG Anti-Spyware, it is mandatory that you update its definition files. Follow these instructions to update and configure the program:
1. Start AVG Anti-Spyware.
2. Click the Update icon at the top of the screen. On the newly presented screen, click the button labelled "Start Update". The update process will start.
3. Once the update has completed, select the Scanner icon at the top of the screen, followed by clicking the Settings tab.
4. In the newly presented screen, click on the link named "Recommended actions" and then select the Quarantine option.
5. Under Reports, select the radio button labelled "Automatically generate report after every scan". Unselect the checkbox labelled "Only if threats were found".
6. Close AVG Anti-Spyware 7.5.

Now reboot your computer into Safe Mode. Restart your computer and gently tap the F8 key repeatedly on your keyboard while starting up until you are presented with a new menu in which you can select the option for Safe Mode using the arrow keys on your keyboard.
For more information on how to boot your computer into Safe Mode, see this reference: How to start Windows into Safe Mode.

When in Safe Mode, please follow these instructions to run AVG Anti-Spyware:
1. Close all windows so that you have nothing open and lauch AVG Anti-Spyware by double-clicking the icon on your Desktop.
2. Click the Scanner icon at the top of the screen and select the Scan tab.
3. Click on the "Complete System Scan" icon and AVG Anti-Spyware will begin the scanning process. Be patient as this may take some time.
IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess.
4. When the scan has finished, AVG Anti-Spyware will list any infections found on the left-hand side. It should automatically set the recommended action to Quarantine.
5. Click the Apply all actions button. AVG Anti-Spyware will display "All actions have been applied" on the right-hand side.
6. Click on the button labelled "Save Report", followed by pressing the "Save Report As" button. This will create a text file. Make sure you know where to find this file again.
7. Close AVG Anti-Spyware. Do NOT reboot!

Step #5: ATF Cleaner cleanup
You downloaded ATF Cleaner before. When still in Safe Mode, please follow these instructions to run ATF Cleaner:
1. Double-click ATF-Cleaner.exe to run the program.
2. Click once on the Main tab at the top of the screen and put a checkmark in the radiobutton labelled "Select All".
3. Then click on the button labelled "Empty Selected".

If you use the Mozilla Firefox browser, please follow these instructions as well:
1. Click once on the Firefox tab at the top of the screen and put a checkmark in the radiobutton labelled "Select All".
2. Then click on the button labelled "Empty Selected". NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use the Opera browser, please follow these instructions as well:
1. Click once on the Opera tab at the top of the screen and put a checkmark in the radiobutton labelled "Select All".
2. Then click on the button labelled "Empty Selected". NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Now click the Exit button on the Main tab to exit the program.

Reboot your computer to boot back into normal mode and post the entire contents of the saved AVG Anti-Spyware text file in your next reply.

Step #6: Panda's ActiveScan
Please perform an online scan by running Panda's ActiveScan (click).
Follow these instructions:
1. Click on the Scan your PC button once you are on the Panda site. A new window will open.
2. On the newly presented screen, click the Check Now button.
3. Enter your Country.
4. Enter your State/Province.
5. Enter your E-mail Address and click the Send button.
6. Select either Home User or Company.
7. Click the big Scan Now button. If it prompts to install an ActiveX component, allow it.
Panda Software will start downloading the files it requires for the scan. NOTE: This may take a couple of minutes!
8. When the download is complete, click on My Computer to start the scan.
9. When the scan completes - if anything malicious is detected - click the See Report button.
10. Click Save Report and save it to a convenient location easy to remember.
11. Post the entire contents of Panda's ActiveScan report here as a reply to this post.

Step #7: HijackThis scan
Scan with HijackThis again and post a new HijackThis log. Do not forget to include the other requested logs in your next reply as well: the AVG Anti-Spyware and Panda's ActiveScan report.
NOTE: As the Panda ActiveScan and AVG Anti-Spyware log files may be rather large, use several posts if necessary to include everything in the requested logs.

Also let me know how your computer is running.
If I have not posted back within 24 hours, feel free to send me a PM with your topic link.

Posted Image

#6 livindead

livindead
  • Topic Starter

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Local time:08:27 PM

Posted 01 April 2007 - 08:38 AM

hiya m8 chhers for replyin hears the theree logs u wanted

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 23:03:26 31/03/2007

+ Scan result:



C:\System Volume Information\_restore{9AD51B9A-18ED-4476-AF99-D565CEC6CE2E}\RP83\A0022866.DLL -> Adware.IWon : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9AD51B9A-18ED-4476-AF99-D565CEC6CE2E}\RP83\A0022876.EXE -> Adware.MyWebSearch : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9AD51B9A-18ED-4476-AF99-D565CEC6CE2E}\RP83\A0022854.DLL -> Downloader.IstBar : Cleaned with backup (quarantined).
:mozilla.11:C:\Documents and Settings\livindead\Application Data\Mozilla\Firefox\Profiles\6je00485.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.6:C:\RECYCLER\NPROTECT\00034368.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.6:C:\RECYCLER\NPROTECT\00034371.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.6:C:\RECYCLER\NPROTECT\00034374.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.6:C:\RECYCLER\NPROTECT\00034475.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.8:C:\RECYCLER\NPROTECT\00034487.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.9:C:\RECYCLER\NPROTECT\00034504.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.11:C:\RECYCLER\NPROTECT\00034248.MOZ -> TrackingCookie.Atdmt : Cleaned.
:mozilla.11:C:\RECYCLER\NPROTECT\00034278.MOZ -> TrackingCookie.Atdmt : Cleaned.
:mozilla.11:C:\RECYCLER\NPROTECT\00034298.MOZ -> TrackingCookie.Atdmt : Cleaned.
:mozilla.13:C:\Documents and Settings\ken\Application Data\Mozilla\Firefox\Profiles\voqyl1lm.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.13:C:\RECYCLER\NPROTECT\00034250.MOZ -> TrackingCookie.Atdmt : Cleaned.
:mozilla.13:C:\RECYCLER\NPROTECT\00034252.MOZ -> TrackingCookie.Atdmt : Cleaned.
:mozilla.13:C:\RECYCLER\NPROTECT\00034254.MOZ -> TrackingCookie.Atdmt : Cleaned.
:mozilla.13:C:\RECYCLER\NPROTECT\00034256.MOZ -> TrackingCookie.Atdmt : Cleaned.
:mozilla.13:C:\RECYCLER\NPROTECT\00034257.MOZ -> TrackingCookie.Atdmt : Cleaned.
:mozilla.13:C:\RECYCLER\NPROTECT\00034259.MOZ -> TrackingCookie.Atdmt : Cleaned.
:mozilla.13:C:\RECYCLER\NPROTECT\00034262.MOZ -> TrackingCookie.Atdmt : Cleaned.
:mozilla.13:C:\RECYCLER\NPROTECT\00034264.MOZ -> TrackingCookie.Atdmt : Cleaned.
:mozilla.13:C:\RECYCLER\NPROTECT\00034266.MOZ -> TrackingCookie.Atdmt : Cleaned.
:mozilla.13:C:\RECYCLER\NPROTECT\00034268.MOZ -> TrackingCookie.Atdmt : Cleaned.
:mozilla.13:C:\RECYCLER\NPROTECT\00034270.MOZ -> TrackingCookie.Atdmt : Cleaned.
:mozilla.13:C:\RECYCLER\NPROTECT\00034272.MOZ -> TrackingCookie.Atdmt : Cleaned.
:mozilla.13:C:\RECYCLER\NPROTECT\00034274.MOZ -> TrackingCookie.Atdmt : Cleaned.
:mozilla.13:C:\RECYCLER\NPROTECT\00034276.MOZ -> TrackingCookie.Atdmt : Cleaned.
:mozilla.13:C:\RECYCLER\NPROTECT\00034280.MOZ -> TrackingCookie.Atdmt : Cleaned.
:mozilla.13:C:\RECYCLER\NPROTECT\00034282.MOZ -> TrackingCookie.Atdmt : Cleaned.
:mozilla.13:C:\RECYCLER\NPROTECT\00034284.MOZ -> TrackingCookie.Atdmt : Cleaned.
:mozilla.13:C:\RECYCLER\NPROTECT\00034285.MOZ -> TrackingCookie.Atdmt : Cleaned.
:mozilla.13:C:\RECYCLER\NPROTECT\00034287.MOZ -> TrackingCookie.Atdmt : Cleaned.
:mozilla.13:C:\RECYCLER\NPROTECT\00034289.MOZ -> TrackingCookie.Atdmt : Cleaned.
:mozilla.13:C:\RECYCLER\NPROTECT\00034292.MOZ -> TrackingCookie.Atdmt : Cleaned.
:mozilla.13:C:\RECYCLER\NPROTECT\00034294.MOZ -> TrackingCookie.Atdmt : Cleaned.
:mozilla.13:C:\RECYCLER\NPROTECT\00034296.MOZ -> TrackingCookie.Atdmt : Cleaned.
:mozilla.44:C:\Documents and Settings\ken\Application Data\Mozilla\Firefox\Profiles\voqyl1lm.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.44:C:\RECYCLER\NPROTECT\00034248.MOZ -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.44:C:\RECYCLER\NPROTECT\00034250.MOZ -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.44:C:\RECYCLER\NPROTECT\00034252.MOZ -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.44:C:\RECYCLER\NPROTECT\00034254.MOZ -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.44:C:\RECYCLER\NPROTECT\00034256.MOZ -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.44:C:\RECYCLER\NPROTECT\00034257.MOZ -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.44:C:\RECYCLER\NPROTECT\00034259.MOZ -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.44:C:\RECYCLER\NPROTECT\00034262.MOZ -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.44:C:\RECYCLER\NPROTECT\00034264.MOZ -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.44:C:\RECYCLER\NPROTECT\00034266.MOZ -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.44:C:\RECYCLER\NPROTECT\00034268.MOZ -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.44:C:\RECYCLER\NPROTECT\00034270.MOZ -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.44:C:\RECYCLER\NPROTECT\00034272.MOZ -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.44:C:\RECYCLER\NPROTECT\00034274.MOZ -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.44:C:\RECYCLER\NPROTECT\00034276.MOZ -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.44:C:\RECYCLER\NPROTECT\00034278.MOZ -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.44:C:\RECYCLER\NPROTECT\00034280.MOZ -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.44:C:\RECYCLER\NPROTECT\00034282.MOZ -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.44:C:\RECYCLER\NPROTECT\00034284.MOZ -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.44:C:\RECYCLER\NPROTECT\00034285.MOZ -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.44:C:\RECYCLER\NPROTECT\00034287.MOZ -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.44:C:\RECYCLER\NPROTECT\00034289.MOZ -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.44:C:\RECYCLER\NPROTECT\00034292.MOZ -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.44:C:\RECYCLER\NPROTECT\00034294.MOZ -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.44:C:\RECYCLER\NPROTECT\00034296.MOZ -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.44:C:\RECYCLER\NPROTECT\00034298.MOZ -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.71:C:\Documents and Settings\ken\Application Data\Mozilla\Firefox\Profiles\voqyl1lm.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.71:C:\RECYCLER\NPROTECT\00034248.MOZ -> TrackingCookie.Esomniture : Cleaned.
:mozilla.71:C:\RECYCLER\NPROTECT\00034250.MOZ -> TrackingCookie.Esomniture : Cleaned.
:mozilla.71:C:\RECYCLER\NPROTECT\00034252.MOZ -> TrackingCookie.Esomniture : Cleaned.
:mozilla.71:C:\RECYCLER\NPROTECT\00034254.MOZ -> TrackingCookie.Esomniture : Cleaned.
:mozilla.71:C:\RECYCLER\NPROTECT\00034256.MOZ -> TrackingCookie.Esomniture : Cleaned.
:mozilla.71:C:\RECYCLER\NPROTECT\00034257.MOZ -> TrackingCookie.Esomniture : Cleaned.
:mozilla.71:C:\RECYCLER\NPROTECT\00034259.MOZ -> TrackingCookie.Esomniture : Cleaned.
:mozilla.71:C:\RECYCLER\NPROTECT\00034262.MOZ -> TrackingCookie.Esomniture : Cleaned.
:mozilla.71:C:\RECYCLER\NPROTECT\00034264.MOZ -> TrackingCookie.Esomniture : Cleaned.
:mozilla.71:C:\RECYCLER\NPROTECT\00034266.MOZ -> TrackingCookie.Esomniture : Cleaned.
:mozilla.71:C:\RECYCLER\NPROTECT\00034268.MOZ -> TrackingCookie.Esomniture : Cleaned.
:mozilla.71:C:\RECYCLER\NPROTECT\00034270.MOZ -> TrackingCookie.Esomniture : Cleaned.
:mozilla.71:C:\RECYCLER\NPROTECT\00034272.MOZ -> TrackingCookie.Esomniture : Cleaned.
:mozilla.71:C:\RECYCLER\NPROTECT\00034274.MOZ -> TrackingCookie.Esomniture : Cleaned.
:mozilla.71:C:\RECYCLER\NPROTECT\00034276.MOZ -> TrackingCookie.Esomniture : Cleaned.
:mozilla.71:C:\RECYCLER\NPROTECT\00034278.MOZ -> TrackingCookie.Esomniture : Cleaned.
:mozilla.71:C:\RECYCLER\NPROTECT\00034280.MOZ -> TrackingCookie.Esomniture : Cleaned.
:mozilla.71:C:\RECYCLER\NPROTECT\00034282.MOZ -> TrackingCookie.Esomniture : Cleaned.
:mozilla.71:C:\RECYCLER\NPROTECT\00034284.MOZ -> TrackingCookie.Esomniture : Cleaned.
:mozilla.71:C:\RECYCLER\NPROTECT\00034285.MOZ -> TrackingCookie.Esomniture : Cleaned.
:mozilla.71:C:\RECYCLER\NPROTECT\00034287.MOZ -> TrackingCookie.Esomniture : Cleaned.
:mozilla.71:C:\RECYCLER\NPROTECT\00034289.MOZ -> TrackingCookie.Esomniture : Cleaned.
:mozilla.71:C:\RECYCLER\NPROTECT\00034292.MOZ -> TrackingCookie.Esomniture : Cleaned.
:mozilla.71:C:\RECYCLER\NPROTECT\00034294.MOZ -> TrackingCookie.Esomniture : Cleaned.
:mozilla.71:C:\RECYCLER\NPROTECT\00034296.MOZ -> TrackingCookie.Esomniture : Cleaned.
:mozilla.71:C:\RECYCLER\NPROTECT\00034298.MOZ -> TrackingCookie.Esomniture : Cleaned.
:mozilla.72:C:\Documents and Settings\ken\Application Data\Mozilla\Firefox\Profiles\voqyl1lm.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.72:C:\RECYCLER\NPROTECT\00034248.MOZ -> TrackingCookie.Esomniture : Cleaned.
:mozilla.72:C:\RECYCLER\NPROTECT\00034250.MOZ -> TrackingCookie.Esomniture : Cleaned.
:mozilla.72:C:\RECYCLER\NPROTECT\00034252.MOZ -> TrackingCookie.Esomniture : Cleaned.
:mozilla.72:C:\RECYCLER\NPROTECT\00034254.MOZ -> TrackingCookie.Esomniture : Cleaned.
:mozilla.72:C:\RECYCLER\NPROTECT\00034256.MOZ -> TrackingCookie.Esomniture : Cleaned.
:mozilla.72:C:\RECYCLER\NPROTECT\00034257.MOZ -> TrackingCookie.Esomniture : Cleaned.
:mozilla.72:C:\RECYCLER\NPROTECT\00034259.MOZ -> TrackingCookie.Esomniture : Cleaned.
:mozilla.72:C:\RECYCLER\NPROTECT\00034262.MOZ -> TrackingCookie.Esomniture : Cleaned.
:mozilla.72:C:\RECYCLER\NPROTECT\00034264.MOZ -> TrackingCookie.Esomniture : Cleaned.
:mozilla.72:C:\RECYCLER\NPROTECT\00034266.MOZ -> TrackingCookie.Esomniture : Cleaned.
:mozilla.72:C:\RECYCLER\NPROTECT\00034268.MOZ -> TrackingCookie.Esomniture : Cleaned.
:mozilla.72:C:\RECYCLER\NPROTECT\00034270.MOZ -> TrackingCookie.Esomniture : Cleaned.
:mozilla.72:C:\RECYCLER\NPROTECT\00034272.MOZ -> TrackingCookie.Esomniture : Cleaned.
:mozilla.72:C:\RECYCLER\NPROTECT\00034274.MOZ -> TrackingCookie.Esomniture : Cleaned.
:mozilla.72:C:\RECYCLER\NPROTECT\00034276.MOZ -> TrackingCookie.Esomniture : Cleaned.
:mozilla.72:C:\RECYCLER\NPROTECT\00034278.MOZ -> TrackingCookie.Esomniture : Cleaned.
:mozilla.72:C:\RECYCLER\NPROTECT\00034280.MOZ -> TrackingCookie.Esomniture : Cleaned.
:mozilla.72:C:\RECYCLER\NPROTECT\00034282.MOZ -> TrackingCookie.Esomniture : Cleaned.
:mozilla.72:C:\RECYCLER\NPROTECT\00034284.MOZ -> TrackingCookie.Esomniture : Cleaned.
:mozilla.72:C:\RECYCLER\NPROTECT\00034285.MOZ -> TrackingCookie.Esomniture : Cleaned.
:mozilla.72:C:\RECYCLER\NPROTECT\00034287.MOZ -> TrackingCookie.Esomniture : Cleaned.
:mozilla.72:C:\RECYCLER\NPROTECT\00034289.MOZ -> TrackingCookie.Esomniture : Cleaned.
:mozilla.72:C:\RECYCLER\NPROTECT\00034292.MOZ -> TrackingCookie.Esomniture : Cleaned.
:mozilla.72:C:\RECYCLER\NPROTECT\00034294.MOZ -> TrackingCookie.Esomniture : Cleaned.
:mozilla.72:C:\RECYCLER\NPROTECT\00034296.MOZ -> TrackingCookie.Esomniture : Cleaned.
:mozilla.72:C:\RECYCLER\NPROTECT\00034298.MOZ -> TrackingCookie.Esomniture : Cleaned.
:mozilla.22:C:\RECYCLER\NPROTECT\00034315.MOZ -> TrackingCookie.Euroclick : Cleaned.
:mozilla.23:C:\RECYCLER\NPROTECT\00034315.MOZ -> TrackingCookie.Euroclick : Cleaned.
:mozilla.24:C:\RECYCLER\NPROTECT\00034315.MOZ -> TrackingCookie.Euroclick : Cleaned.
:mozilla.25:C:\RECYCLER\NPROTECT\00034315.MOZ -> TrackingCookie.Euroclick : Cleaned.
:mozilla.26:C:\RECYCLER\NPROTECT\00034315.MOZ -> TrackingCookie.Euroclick : Cleaned.
:mozilla.27:C:\RECYCLER\NPROTECT\00034315.MOZ -> TrackingCookie.Euroclick : Cleaned.
:mozilla.33:C:\RECYCLER\NPROTECT\00034345.MOZ -> TrackingCookie.Euroclick : Cleaned.
:mozilla.34:C:\RECYCLER\NPROTECT\00034345.MOZ -> TrackingCookie.Euroclick : Cleaned.
:mozilla.34:C:\RECYCLER\NPROTECT\00034347.MOZ -> TrackingCookie.Euroclick : Cleaned.
:mozilla.35:C:\RECYCLER\NPROTECT\00034345.MOZ -> TrackingCookie.Euroclick : Cleaned.
:mozilla.35:C:\RECYCLER\NPROTECT\00034347.MOZ -> TrackingCookie.Euroclick : Cleaned.
:mozilla.36:C:\RECYCLER\NPROTECT\00034345.MOZ -> TrackingCookie.Euroclick : Cleaned.
:mozilla.36:C:\RECYCLER\NPROTECT\00034347.MOZ -> TrackingCookie.Euroclick : Cleaned.
:mozilla.36:C:\RECYCLER\NPROTECT\00034349.MOZ -> TrackingCookie.Euroclick : Cleaned.
:mozilla.36:C:\RECYCLER\NPROTECT\00034351.MOZ -> TrackingCookie.Euroclick : Cleaned.
:mozilla.36:C:\RECYCLER\NPROTECT\00034355.MOZ -> TrackingCookie.Euroclick : Cleaned.
:mozilla.36:C:\RECYCLER\NPROTECT\00034357.MOZ -> TrackingCookie.Euroclick : Cleaned.
:mozilla.36:C:\RECYCLER\NPROTECT\00034360.MOZ -> TrackingCookie.Euroclick : Cleaned.
:mozilla.36:C:\RECYCLER\NPROTECT\00034362.MOZ -> TrackingCookie.Euroclick : Cleaned.
:mozilla.36:C:\RECYCLER\NPROTECT\00034364.MOZ -> TrackingCookie.Euroclick : Cleaned.
:mozilla.37:C:\RECYCLER\NPROTECT\00034345.MOZ -> TrackingCookie.Euroclick : Cleaned.
:mozilla.37:C:\RECYCLER\NPROTECT\00034347.MOZ -> TrackingCookie.Euroclick : Cleaned.
:mozilla.37:C:\RECYCLER\NPROTECT\00034349.MOZ -> TrackingCookie.Euroclick : Cleaned.
:mozilla.37:C:\RECYCLER\NPROTECT\00034351.MOZ -> TrackingCookie.Euroclick : Cleaned.
:mozilla.37:C:\RECYCLER\NPROTECT\00034355.MOZ -> TrackingCookie.Euroclick : Cleaned.
:mozilla.37:C:\RECYCLER\NPROTECT\00034357.MOZ -> TrackingCookie.Euroclick : Cleaned.
:mozilla.37:C:\RECYCLER\NPROTECT\00034360.MOZ -> TrackingCookie.Euroclick : Cleaned.
:mozilla.37:C:\RECYCLER\NPROTECT\00034362.MOZ -> TrackingCookie.Euroclick : Cleaned.
:mozilla.37:C:\RECYCLER\NPROTECT\00034364.MOZ -> TrackingCookie.Euroclick : Cleaned.
:mozilla.38:C:\RECYCLER\NPROTECT\00034345.MOZ -> TrackingCookie.Euroclick : Cleaned.
:mozilla.38:C:\RECYCLER\NPROTECT\00034347.MOZ -> TrackingCookie.Euroclick : Cleaned.
:mozilla.38:C:\RECYCLER\NPROTECT\00034349.MOZ -> TrackingCookie.Euroclick : Cleaned.
:mozilla.38:C:\RECYCLER\NPROTECT\00034351.MOZ -> TrackingCookie.Euroclick : Cleaned.
:mozilla.38:C:\RECYCLER\NPROTECT\00034355.MOZ -> TrackingCookie.Euroclick : Cleaned.
:mozilla.38:C:\RECYCLER\NPROTECT\00034357.MOZ -> TrackingCookie.Euroclick : Cleaned.
:mozilla.38:C:\RECYCLER\NPROTECT\00034360.MOZ -> TrackingCookie.Euroclick : Cleaned.
:mozilla.38:C:\RECYCLER\NPROTECT\00034362.MOZ -> TrackingCookie.Euroclick : Cleaned.
:mozilla.38:C:\RECYCLER\NPROTECT\00034364.MOZ -> TrackingCookie.Euroclick : Cleaned.
:mozilla.39:C:\RECYCLER\NPROTECT\00034347.MOZ -> TrackingCookie.Euroclick : Cleaned.
:mozilla.39:C:\RECYCLER\NPROTECT\00034349.MOZ -> TrackingCookie.Euroclick : Cleaned.
:mozilla.39:C:\RECYCLER\NPROTECT\00034351.MOZ -> TrackingCookie.Euroclick : Cleaned.
:mozilla.39:C:\RECYCLER\NPROTECT\00034355.MOZ -> TrackingCookie.Euroclick : Cleaned.
:mozilla.39:C:\RECYCLER\NPROTECT\00034357.MOZ -> TrackingCookie.Euroclick : Cleaned.
:mozilla.39:C:\RECYCLER\NPROTECT\00034360.MOZ -> TrackingCookie.Euroclick : Cleaned.
:mozilla.39:C:\RECYCLER\NPROTECT\00034362.MOZ -> TrackingCookie.Euroclick : Cleaned.
:mozilla.39:C:\RECYCLER\NPROTECT\00034364.MOZ -> TrackingCookie.Euroclick : Cleaned.
:mozilla.40:C:\RECYCLER\NPROTECT\00034349.MOZ -> TrackingCookie.Euroclick : Cleaned.
:mozilla.40:C:\RECYCLER\NPROTECT\00034351.MOZ -> TrackingCookie.Euroclick : Cleaned.
:mozilla.40:C:\RECYCLER\NPROTECT\00034355.MOZ -> TrackingCookie.Euroclick : Cleaned.
:mozilla.40:C:\RECYCLER\NPROTECT\00034357.MOZ -> TrackingCookie.Euroclick : Cleaned.
:mozilla.40:C:\RECYCLER\NPROTECT\00034360.MOZ -> TrackingCookie.Euroclick : Cleaned.
:mozilla.40:C:\RECYCLER\NPROTECT\00034362.MOZ -> TrackingCookie.Euroclick : Cleaned.
:mozilla.40:C:\RECYCLER\NPROTECT\00034364.MOZ -> TrackingCookie.Euroclick : Cleaned.
:mozilla.40:C:\RECYCLER\NPROTECT\00034368.MOZ -> TrackingCookie.Euroclick : Cleaned.
:mozilla.41:C:\RECYCLER\NPROTECT\00034349.MOZ -> TrackingCookie.Euroclick : Cleaned.
:mozilla.41:C:\RECYCLER\NPROTECT\00034351.MOZ -> TrackingCookie.Euroclick : Cleaned.
:mozilla.41:C:\RECYCLER\NPROTECT\00034355.MOZ -> TrackingCookie.Euroclick : Cleaned.
:mozilla.41:C:\RECYCLER\NPROTECT\00034357.MOZ -> TrackingCookie.Euroclick : Cleaned.
:mozilla.41:C:\RECYCLER\NPROTECT\00034360.MOZ -> TrackingCookie.Euroclick : Cleaned.
:mozilla.41:C:\RECYCLER\NPROTECT\00034362.MOZ -> TrackingCookie.Euroclick : Cleaned.
:mozilla.41:C:\RECYCLER\NPROTECT\00034364.MOZ -> TrackingCookie.Euroclick : Cleaned.
:mozilla.41:C:\RECYCLER\NPROTECT\00034368.MOZ -> TrackingCookie.Euroclick : Cleaned.
:mozilla.41:C:\RECYCLER\NPROTECT\00034371.MOZ -> TrackingCookie.Euroclick : Cleaned.
:mozilla.41:C:\RECYCLER\NPROTECT\00034374.MOZ -> TrackingCookie.Euroclick : Cleaned.
:mozilla.41:C:\RECYCLER\NPROTECT\00034475.MOZ -> TrackingCookie.Euroclick : Cleaned.
:mozilla.41:C:\RECYCLER\NPROTECT\00034487.MOZ -> TrackingCookie.Euroclick : Cleaned.
:mozilla.42:C:\Documents and Settings\livindead\Application Data\Mozilla\Firefox\Profiles\6je00485.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.42:C:\RECYCLER\NPROTECT\00034368.MOZ -> TrackingCookie.Euroclick : Cleaned.
:mozilla.42:C:\RECYCLER\NPROTECT\00034371.MOZ -> TrackingCookie.Euroclick : Cleaned.
:mozilla.42:C:\RECYCLER\NPROTECT\00034374.MOZ -> TrackingCookie.Euroclick : Cleaned.
:mozilla.42:C:\RECYCLER\NPROTECT\00034475.MOZ -> TrackingCookie.Euroclick : Cleaned.
:mozilla.42:C:\RECYCLER\NPROTECT\00034487.MOZ -> TrackingCookie.Euroclick : Cleaned.
:mozilla.42:C:\RECYCLER\NPROTECT\00034504.MOZ -> TrackingCookie.Euroclick : Cleaned.
:mozilla.43:C:\Documents and Settings\livindead\Application Data\Mozilla\Firefox\Profiles\6je00485.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.43:C:\RECYCLER\NPROTECT\00034368.MOZ -> TrackingCookie.Euroclick : Cleaned.
:mozilla.43:C:\RECYCLER\NPROTECT\00034371.MOZ -> TrackingCookie.Euroclick : Cleaned.
:mozilla.43:C:\RECYCLER\NPROTECT\00034374.MOZ -> TrackingCookie.Euroclick : Cleaned.
:mozilla.43:C:\RECYCLER\NPROTECT\00034475.MOZ -> TrackingCookie.Euroclick : Cleaned.
:mozilla.43:C:\RECYCLER\NPROTECT\00034487.MOZ -> TrackingCookie.Euroclick : Cleaned.
:mozilla.43:C:\RECYCLER\NPROTECT\00034504.MOZ -> TrackingCookie.Euroclick : Cleaned.
:mozilla.44:C:\Documents and Settings\livindead\Application Data\Mozilla\Firefox\Profiles\6je00485.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.44:C:\RECYCLER\NPROTECT\00034368.MOZ -> TrackingCookie.Euroclick : Cleaned.
:mozilla.44:C:\RECYCLER\NPROTECT\00034371.MOZ -> TrackingCookie.Euroclick : Cleaned.
:mozilla.44:C:\RECYCLER\NPROTECT\00034374.MOZ -> TrackingCookie.Euroclick : Cleaned.
:mozilla.44:C:\RECYCLER\NPROTECT\00034475.MOZ -> TrackingCookie.Euroclick : Cleaned.
:mozilla.44:C:\RECYCLER\NPROTECT\00034487.MOZ -> TrackingCookie.Euroclick : Cleaned.
:mozilla.44:C:\RECYCLER\NPROTECT\00034504.MOZ -> TrackingCookie.Euroclick : Cleaned.
:mozilla.45:C:\Documents and Settings\livindead\Application Data\Mozilla\Firefox\Profiles\6je00485.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.45:C:\RECYCLER\NPROTECT\00034368.MOZ -> TrackingCookie.Euroclick : Cleaned.
:mozilla.45:C:\RECYCLER\NPROTECT\00034371.MOZ -> TrackingCookie.Euroclick : Cleaned.
:mozilla.45:C:\RECYCLER\NPROTECT\00034374.MOZ -> TrackingCookie.Euroclick : Cleaned.
:mozilla.45:C:\RECYCLER\NPROTECT\00034475.MOZ -> TrackingCookie.Euroclick : Cleaned.
:mozilla.45:C:\RECYCLER\NPROTECT\00034487.MOZ -> TrackingCookie.Euroclick : Cleaned.
:mozilla.45:C:\RECYCLER\NPROTECT\00034504.MOZ -> TrackingCookie.Euroclick : Cleaned.
:mozilla.46:C:\Documents and Settings\livindead\Application Data\Mozilla\Firefox\Profiles\6je00485.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.46:C:\RECYCLER\NPROTECT\00034371.MOZ -> TrackingCookie.Euroclick : Cleaned.
:mozilla.46:C:\RECYCLER\NPROTECT\00034374.MOZ -> TrackingCookie.Euroclick : Cleaned.
:mozilla.46:C:\RECYCLER\NPROTECT\00034475.MOZ -> TrackingCookie.Euroclick : Cleaned.
:mozilla.46:C:\RECYCLER\NPROTECT\00034487.MOZ -> TrackingCookie.Euroclick : Cleaned.
:mozilla.46:C:\RECYCLER\NPROTECT\00034504.MOZ -> TrackingCookie.Euroclick : Cleaned.
:mozilla.47:C:\Documents and Settings\livindead\Application Data\Mozilla\Firefox\Profiles\6je00485.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.47:C:\RECYCLER\NPROTECT\00034504.MOZ -> TrackingCookie.Euroclick : Cleaned.
:mozilla.28:C:\RECYCLER\NPROTECT\00034315.MOZ -> TrackingCookie.Fastclick : Cleaned.
:mozilla.39:C:\RECYCLER\NPROTECT\00034345.MOZ -> TrackingCookie.Fastclick : Cleaned.
:mozilla.40:C:\RECYCLER\NPROTECT\00034347.MOZ -> TrackingCookie.Fastclick : Cleaned.
:mozilla.42:C:\RECYCLER\NPROTECT\00034349.MOZ -> TrackingCookie.Fastclick : Cleaned.
:mozilla.42:C:\RECYCLER\NPROTECT\00034351.MOZ -> TrackingCookie.Fastclick : Cleaned.
:mozilla.42:C:\RECYCLER\NPROTECT\00034355.MOZ -> TrackingCookie.Fastclick : Cleaned.
:mozilla.42:C:\RECYCLER\NPROTECT\00034357.MOZ -> TrackingCookie.Fastclick : Cleaned.
:mozilla.42:C:\RECYCLER\NPROTECT\00034360.MOZ -> TrackingCookie.Fastclick : Cleaned.
:mozilla.42:C:\RECYCLER\NPROTECT\00034362.MOZ -> TrackingCookie.Fastclick : Cleaned.
:mozilla.42:C:\RECYCLER\NPROTECT\00034364.MOZ -> TrackingCookie.Fastclick : Cleaned.
:mozilla.46:C:\RECYCLER\NPROTECT\00034368.MOZ -> TrackingCookie.Fastclick : Cleaned.
:mozilla.47:C:\RECYCLER\NPROTECT\00034371.MOZ -> TrackingCookie.Fastclick : Cleaned.
:mozilla.47:C:\RECYCLER\NPROTECT\00034374.MOZ -> TrackingCookie.Fastclick : Cleaned.
:mozilla.47:C:\RECYCLER\NPROTECT\00034475.MOZ -> TrackingCookie.Fastclick : Cleaned.
:mozilla.47:C:\RECYCLER\NPROTECT\00034487.MOZ -> TrackingCookie.Fastclick : Cleaned.
:mozilla.48:C:\Documents and Settings\livindead\Application Data\Mozilla\Firefox\Profiles\6je00485.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.48:C:\RECYCLER\NPROTECT\00034504.MOZ -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\livindead\Cookies\livindead@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.45:C:\Documents and Settings\ken\Application Data\Mozilla\Firefox\Profiles\voqyl1lm.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.45:C:\RECYCLER\NPROTECT\00034248.MOZ -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.45:C:\RECYCLER\NPROTECT\00034250.MOZ -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.45:C:\RECYCLER\NPROTECT\00034252.MOZ -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.45:C:\RECYCLER\NPROTECT\00034254.MOZ -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.45:C:\RECYCLER\NPROTECT\00034256.MOZ -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.45:C:\RECYCLER\NPROTECT\00034257.MOZ -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.45:C:\RECYCLER\NPROTECT\00034259.MOZ -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.45:C:\RECYCLER\NPROTECT\00034262.MOZ -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.45:C:\RECYCLER\NPROTECT\00034264.MOZ -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.45:C:\RECYCLER\NPROTECT\00034266.MOZ -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.45:C:\RECYCLER\NPROTECT\00034268.MOZ -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.45:C:\RECYCLER\NPROTECT\00034270.MOZ -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.45:C:\RECYCLER\NPROTECT\00034272.MOZ -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.45:C:\RECYCLER\NPROTECT\00034274.MOZ -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.45:C:\RECYCLER\NPROTECT\00034276.MOZ -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.45:C:\RECYCLER\NPROTECT\00034278.MOZ -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.45:C:\RECYCLER\NPROTECT\00034280.MOZ -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.45:C:\RECYCLER\NPROTECT\00034282.MOZ -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.45:C:\RECYCLER\NPROTECT\00034284.MOZ -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.45:C:\RECYCLER\NPROTECT\00034285.MOZ -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.45:C:\RECYCLER\NPROTECT\00034287.MOZ -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.45:C:\RECYCLER\NPROTECT\00034289.MOZ -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.45:C:\RECYCLER\NPROTECT\00034292.MOZ -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.45:C:\RECYCLER\NPROTECT\00034294.MOZ -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.45:C:\RECYCLER\NPROTECT\00034296.MOZ -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.45:C:\RECYCLER\NPROTECT\00034298.MOZ -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.46:C:\Documents and Settings\ken\Application Data\Mozilla\Firefox\Profiles\voqyl1lm.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.46:C:\RECYCLER\NPROTECT\00034248.MOZ -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.46:C:\RECYCLER\NPROTECT\00034250.MOZ -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.46:C:\RECYCLER\NPROTECT\00034252.MOZ -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.46:C:\RECYCLER\NPROTECT\00034254.MOZ -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.46:C:\RECYCLER\NPROTECT\00034256.MOZ -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.46:C:\RECYCLER\NPROTECT\00034257.MOZ -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.46:C:\RECYCLER\NPROTECT\00034259.MOZ -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.46:C:\RECYCLER\NPROTECT\00034262.MOZ -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.46:C:\RECYCLER\NPROTECT\00034264.MOZ -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.46:C:\RECYCLER\NPROTECT\00034266.MOZ -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.46:C:\RECYCLER\NPROTECT\00034268.MOZ -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.46:C:\RECYCLER\NPROTECT\00034270.MOZ -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.46:C:\RECYCLER\NPROTECT\00034272.MOZ -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.46:C:\RECYCLER\NPROTECT\00034274.MOZ -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.46:C:\RECYCLER\NPROTECT\00034276.MOZ -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.46:C:\RECYCLER\NPROTECT\00034278.MOZ -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.46:C:\RECYCLER\NPROTECT\00034280.MOZ -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.46:C:\RECYCLER\NPROTECT\00034282.MOZ -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.46:C:\RECYCLER\NPROTECT\00034284.MOZ -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.46:C:\RECYCLER\NPROTECT\00034285.MOZ -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.46:C:\RECYCLER\NPROTECT\00034287.MOZ -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.46:C:\RECYCLER\NPROTECT\00034289.MOZ -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.46:C:\RECYCLER\NPROTECT\00034292.MOZ -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.46:C:\RECYCLER\NPROTECT\00034294.MOZ -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.46:C:\RECYCLER\NPROTECT\00034296.MOZ -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.46:C:\RECYCLER\NPROTECT\00034298.MOZ -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.24:C:\Documents and Settings\ken\Application Data\Mozilla\Firefox\Profiles\voqyl1lm.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.24:C:\RECYCLER\NPROTECT\00034248.MOZ -> TrackingCookie.Sitestat : Cleaned.
:mozilla.24:C:\RECYCLER\NPROTECT\00034250.MOZ -> TrackingCookie.Sitestat : Cleaned.
:mozilla.24:C:\RECYCLER\NPROTECT\00034252.MOZ -> TrackingCookie.Sitestat : Cleaned.
:mozilla.24:C:\RECYCLER\NPROTECT\00034254.MOZ -> TrackingCookie.Sitestat : Cleaned.
:mozilla.24:C:\RECYCLER\NPROTECT\00034256.MOZ -> TrackingCookie.Sitestat : Cleaned.
:mozilla.24:C:\RECYCLER\NPROTECT\00034257.MOZ -> TrackingCookie.Sitestat : Cleaned.
:mozilla.24:C:\RECYCLER\NPROTECT\00034259.MOZ -> TrackingCookie.Sitestat : Cleaned.
:mozilla.24:C:\RECYCLER\NPROTECT\00034262.MOZ -> TrackingCookie.Sitestat : Cleaned.
:mozilla.24:C:\RECYCLER\NPROTECT\00034264.MOZ -> TrackingCookie.Sitestat : Cleaned.
:mozilla.24:C:\RECYCLER\NPROTECT\00034266.MOZ -> TrackingCookie.Sitestat : Cleaned.
:mozilla.24:C:\RECYCLER\NPROTECT\00034268.MOZ -> TrackingCookie.Sitestat : Cleaned.
:mozilla.24:C:\RECYCLER\NPROTECT\00034270.MOZ -> TrackingCookie.Sitestat : Cleaned.
:mozilla.24:C:\RECYCLER\NPROTECT\00034272.MOZ -> TrackingCookie.Sitestat : Cleaned.
:mozilla.24:C:\RECYCLER\NPROTECT\00034274.MOZ -> TrackingCookie.Sitestat : Cleaned.
:mozilla.24:C:\RECYCLER\NPROTECT\00034276.MOZ -> TrackingCookie.Sitestat : Cleaned.
:mozilla.24:C:\RECYCLER\NPROTECT\00034278.MOZ -> TrackingCookie.Sitestat : Cleaned.
:mozilla.24:C:\RECYCLER\NPROTECT\00034280.MOZ -> TrackingCookie.Sitestat : Cleaned.
:mozilla.24:C:\RECYCLER\NPROTECT\00034282.MOZ -> TrackingCookie.Sitestat : Cleaned.
:mozilla.24:C:\RECYCLER\NPROTECT\00034284.MOZ -> TrackingCookie.Sitestat : Cleaned.
:mozilla.24:C:\RECYCLER\NPROTECT\00034285.MOZ -> TrackingCookie.Sitestat : Cleaned.
:mozilla.24:C:\RECYCLER\NPROTECT\00034287.MOZ -> TrackingCookie.Sitestat : Cleaned.
:mozilla.24:C:\RECYCLER\NPROTECT\00034289.MOZ -> TrackingCookie.Sitestat : Cleaned.
:mozilla.24:C:\RECYCLER\NPROTECT\00034292.MOZ -> TrackingCookie.Sitestat : Cleaned.
:mozilla.24:C:\RECYCLER\NPROTECT\00034294.MOZ -> TrackingCookie.Sitestat : Cleaned.
:mozilla.24:C:\RECYCLER\NPROTECT\00034296.MOZ -> TrackingCookie.Sitestat : Cleaned.
:mozilla.24:C:\RECYCLER\NPROTECT\00034298.MOZ -> TrackingCookie.Sitestat : Cleaned.
:mozilla.25:C:\Documents and Settings\ken\Application Data\Mozilla\Firefox\Profiles\voqyl1lm.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.25:C:\RECYCLER\NPROTECT\00034248.MOZ -> TrackingCookie.Sitestat : Cleaned.
:mozilla.25:C:\RECYCLER\NPROTECT\00034250.MOZ -> TrackingCookie.Sitestat : Cleaned.
:mozilla.25:C:\RECYCLER\NPROTECT\00034252.MOZ -> TrackingCookie.Sitestat : Cleaned.
:mozilla.25:C:\RECYCLER\NPROTECT\00034254.MOZ -> TrackingCookie.Sitestat : Cleaned.
:mozilla.25:C:\RECYCLER\NPROTECT\00034256.MOZ -> TrackingCookie.Sitestat : Cleaned.
:mozilla.25:C:\RECYCLER\NPROTECT\00034257.MOZ -> TrackingCookie.Sitestat : Cleaned.
:mozilla.25:C:\RECYCLER\NPROTECT\00034259.MOZ -> TrackingCookie.Sitestat : Cleaned.
:mozilla.25:C:\RECYCLER\NPROTECT\00034262.MOZ -> TrackingCookie.Sitestat : Cleaned.
:mozilla.25:C:\RECYCLER\NPROTECT\00034264.MOZ -> TrackingCookie.Sitestat : Cleaned.
:mozilla.25:C:\RECYCLER\NPROTECT\00034266.MOZ -> TrackingCookie.Sitestat : Cleaned.
:mozilla.25:C:\RECYCLER\NPROTECT\00034268.MOZ -> TrackingCookie.Sitestat : Cleaned.
:mozilla.25:C:\RECYCLER\NPROTECT\00034270.MOZ -> TrackingCookie.Sitestat : Cleaned.
:mozilla.25:C:\RECYCLER\NPROTECT\00034272.MOZ -> TrackingCookie.Sitestat : Cleaned.
:mozilla.25:C:\RECYCLER\NPROTECT\00034274.MOZ -> TrackingCookie.Sitestat : Cleaned.
:mozilla.25:C:\RECYCLER\NPROTECT\00034276.MOZ -> TrackingCookie.Sitestat : Cleaned.
:mozilla.25:C:\RECYCLER\NPROTECT\00034278.MOZ -> TrackingCookie.Sitestat : Cleaned.
:mozilla.25:C:\RECYCLER\NPROTECT\00034280.MOZ -> TrackingCookie.Sitestat : Cleaned.
:mozilla.25:C:\RECYCLER\NPROTECT\00034282.MOZ -> TrackingCookie.Sitestat : Cleaned.
:mozilla.25:C:\RECYCLER\NPROTECT\00034284.MOZ -> TrackingCookie.Sitestat : Cleaned.
:mozilla.25:C:\RECYCLER\NPROTECT\00034285.MOZ -> TrackingCookie.Sitestat : Cleaned.
:mozilla.25:C:\RECYCLER\NPROTECT\00034287.MOZ -> TrackingCookie.Sitestat : Cleaned.
:mozilla.25:C:\RECYCLER\NPROTECT\00034289.MOZ -> TrackingCookie.Sitestat : Cleaned.
:mozilla.25:C:\RECYCLER\NPROTECT\00034292.MOZ -> TrackingCookie.Sitestat : Cleaned.
:mozilla.25:C:\RECYCLER\NPROTECT\00034294.MOZ -> TrackingCookie.Sitestat : Cleaned.
:mozilla.25:C:\RECYCLER\NPROTECT\00034296.MOZ -> TrackingCookie.Sitestat : Cleaned.
:mozilla.25:C:\RECYCLER\NPROTECT\00034298.MOZ -> TrackingCookie.Sitestat : Cleaned.
C:\Documents and Settings\livindead\Cookies\livindead@statcounter[1].txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.38:C:\Documents and Settings\ken\Application Data\Mozilla\Firefox\Profiles\voqyl1lm.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.38:C:\RECYCLER\NPROTECT\00034248.MOZ -> TrackingCookie.Tacoda : Cleaned.
:mozilla.38:C:\RECYCLER\NPROTECT\00034250.MOZ -> TrackingCookie.Tacoda : Cleaned.
:mozilla.38:C:\RECYCLER\NPROTECT\00034252.MOZ -> TrackingCookie.Tacoda : Cleaned.
:mozilla.38:C:\RECYCLER\NPROTECT\00034254.MOZ -> TrackingCookie.Tacoda : Cleaned.
:mozilla.38:C:\RECYCLER\NPROTECT\00034256.MOZ -> TrackingCookie.Tacoda : Cleaned.
:mozilla.38:C:\RECYCLER\NPROTECT\00034257.MOZ -> TrackingCookie.Tacoda : Cleaned.
:mozilla.38:C:\RECYCLER\NPROTECT\00034259.MOZ -> TrackingCookie.Tacoda : Cleaned.
:mozilla.38:C:\RECYCLER\NPROTECT\00034262.MOZ -> TrackingCookie.Tacoda : Cleaned.
:mozilla.38:C:\RECYCLER\NPROTECT\00034264.MOZ -> TrackingCookie.Tacoda : Cleaned.
:mozilla.38:C:\RECYCLER\NPROTECT\00034266.MOZ -> TrackingCookie.Tacoda : Cleaned.
:mozilla.38:C:\RECYCLER\NPROTECT\00034268.MOZ -> TrackingCookie.Tacoda : Cleaned.
:mozilla.38:C:\RECYCLER\NPROTECT\00034270.MOZ -> TrackingCookie.Tacoda : Cleaned.
:mozilla.38:C:\RECYCLER\NPROTECT\00034272.MOZ -> TrackingCookie.Tacoda : Cleaned.
:mozilla.38:C:\RECYCLER\NPROTECT\00034274.MOZ -> TrackingCookie.Tacoda : Cleaned.
:mozilla.38:C:\RECYCLER\NPROTECT\00034276.MOZ -> TrackingCookie.Tacoda : Cleaned.
:mozilla.38:C:\RECYCLER\NPROTECT\00034278.MOZ -> TrackingCookie.Tacoda : Cleaned.
:mozilla.38:C:\RECYCLER\NPROTECT\00034280.MOZ -> TrackingCookie.Tacoda : Cleaned.
:mozilla.38:C:\RECYCLER\NPROTECT\00034282.MOZ -> TrackingCookie.Tacoda : Cleaned.
:mozilla.38:C:\RECYCLER\NPROTECT\00034284.MOZ -> TrackingCookie.Tacoda : Cleaned.
:mozilla.38:C:\RECYCLER\NPROTECT\00034285.MOZ -> TrackingCookie.Tacoda : Cleaned.
:mozilla.38:C:\RECYCLER\NPROTECT\00034287.MOZ -> TrackingCookie.Tacoda : Cleaned.
:mozilla.38:C:\RECYCLER\NPROTECT\00034289.MOZ -> TrackingCookie.Tacoda : Cleaned.
:mozilla.38:C:\RECYCLER\NPROTECT\00034292.MOZ -> TrackingCookie.Tacoda : Cleaned.
:mozilla.38:C:\RECYCLER\NPROTECT\00034294.MOZ -> TrackingCookie.Tacoda : Cleaned.
:mozilla.38:C:\RECYCLER\NPROTECT\00034296.MOZ -> TrackingCookie.Tacoda : Cleaned.
:mozilla.38:C:\RECYCLER\NPROTECT\00034298.MOZ -> TrackingCookie.Tacoda : Cleaned.
:mozilla.39:C:\Documents and Settings\ken\Application Data\Mozilla\Firefox\Profiles\voqyl1lm.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.39:C:\RECYCLER\NPROTECT\00034248.MOZ -> TrackingCookie.Tacoda : Cleaned.
:mozilla.39:C:\RECYCLER\NPROTECT\00034250.MOZ -> TrackingCookie.Tacoda : Cleaned.
:mozilla.39:C:\RECYCLER\NPROTECT\00034252.MOZ -> TrackingCookie.Tacoda : Cleaned.
:mozilla.39:C:\RECYCLER\NPROTECT\00034254.MOZ -> TrackingCookie.Tacoda : Cleaned.
:mozilla.39:C:\RECYCLER\NPROTECT\00034256.MOZ -> TrackingCookie.Tacoda : Cleaned.
:mozilla.39:C:\RECYCLER\NPROTECT\00034257.MOZ -> TrackingCookie.Tacoda : Cleaned.
:mozilla.39:C:\RECYCLER\NPROTECT\00034259.MOZ -> TrackingCookie.Tacoda : Cleaned.
:mozilla.39:C:\RECYCLER\NPROTECT\00034262.MOZ -> TrackingCookie.Tacoda : Cleaned.
:mozilla.39:C:\RECYCLER\NPROTECT\00034264.MOZ -> TrackingCookie.Tacoda : Cleaned.
:mozilla.39:C:\RECYCLER\NPROTECT\00034266.MOZ -> TrackingCookie.Tacoda : Cleaned.
:mozilla.39:C:\RECYCLER\NPROTECT\00034268.MOZ -> TrackingCookie.Tacoda : Cleaned.
:mozilla.39:C:\RECYCLER\NPROTECT\00034270.MOZ -> TrackingCookie.Tacoda : Cleaned.
:mozilla.39:C:\RECYCLER\NPROTECT\00034272.MOZ -> TrackingCookie.Tacoda : Cleaned.
:mozilla.39:C:\RECYCLER\NPROTECT\00034274.MOZ -> TrackingCookie.Tacoda : Cleaned.
:mozilla.39:C:\RECYCLER\NPROTECT\00034276.MOZ -> TrackingCookie.Tacoda : Cleaned.
:mozilla.39:C:\RECYCLER\NPROTECT\00034278.MOZ -> TrackingCookie.Tacoda : Cleaned.
:mozilla.39:C:\RECYCLER\NPROTECT\00034280.MOZ -> TrackingCookie.Tacoda : Cleaned.
:mozilla.39:C:\RECYCLER\NPROTECT\00034282.MOZ -> TrackingCookie.Tacoda : Cleaned.
:mozilla.39:C:\RECYCLER\NPROTECT\00034284.MOZ -> TrackingCookie.Tacoda : Cleaned.
:mozilla.39:C:\RECYCLER\NPROTECT\00034285.MOZ -> TrackingCookie.Tacoda : Cleaned.
:mozilla.39:C:\RECYCLER\NPROTECT\00034287.MOZ -> TrackingCookie.Tacoda : Cleaned.
:mozilla.39:C:\RECYCLER\NPROTECT\00034289.MOZ -> TrackingCookie.Tacoda : Cleaned.
:mozilla.39:C:\RECYCLER\NPROTECT\00034292.MOZ -> TrackingCookie.Tacoda : Cleaned.
:mozilla.39:C:\RECYCLER\NPROTECT\00034294.MOZ -> TrackingCookie.Tacoda : Cleaned.
:mozilla.39:C:\RECYCLER\NPROTECT\00034296.MOZ -> TrackingCookie.Tacoda : Cleaned.
:mozilla.39:C:\RECYCLER\NPROTECT\00034298.MOZ -> TrackingCookie.Tacoda : Cleaned.
:mozilla.40:C:\Documents and Settings\ken\Application Data\Mozilla\Firefox\Profiles\voqyl1lm.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.40:C:\RECYCLER\NPROTECT\00034248.MOZ -> TrackingCookie.Tacoda : Cleaned.
:mozilla.40:C:\RECYCLER\NPROTECT\00034250.MOZ -> TrackingCookie.Tacoda : Cleaned.
:mozilla.40:C:\RECYCLER\NPROTECT\00034252.MOZ -> TrackingCookie.Tacoda : Cleaned.
:mozilla.40:C:\RECYCLER\NPROTECT\00034254.MOZ -> TrackingCookie.Tacoda : Cleaned.
:mozilla.40:C:\RECYCLER\NPROTECT\00034256.MOZ -> TrackingCookie.Tacoda : Cleaned.
:mozilla.40:C:\RECYCLER\NPROTECT\00034257.MOZ -> TrackingCookie.Tacoda : Cleaned.
:mozilla.40:C:\RECYCLER\NPROTECT\00034259.MOZ -> TrackingCookie.Tacoda : Cleaned.
:mozilla.40:C:\RECYCLER\NPROTECT\00034262.MOZ -> TrackingCookie.Tacoda : Cleaned.
:mozilla.40:C:\RECYCLER\NPROTECT\00034264.MOZ -> TrackingCookie.Tacoda : Cleaned.
:mozilla.40:C:\RECYCLER\NPROTECT\00034266.MOZ -> TrackingCookie.Tacoda : Cleaned.
:mozilla.40:C:\RECYCLER\NPROTECT\00034268.MOZ -> TrackingCookie.Tacoda : Cleaned.
:mozilla.40:C:\RECYCLER\NPROTECT\00034270.MOZ -> TrackingCookie.Tacoda : Cleaned.
:mozilla.40:C:\RECYCLER\NPROTECT\00034272.MOZ -> TrackingCookie.Tacoda : Cleaned.
:mozilla.40:C:\RECYCLER\NPROTECT\00034274.MOZ -> TrackingCookie.Tacoda : Cleaned.
:mozilla.40:C:\RECYCLER\NPROTECT\00034276.MOZ -> TrackingCookie.Tacoda : Cleaned.
:mozilla.40:C:\RECYCLER\NPROTECT\00034278.MOZ -> TrackingCookie.Tacoda : Cleaned.
:mozilla.40:C:\RECYCLER\NPROTECT\00034280.MOZ -> TrackingCookie.Tacoda : Cleaned.
:mozilla.40:C:\RECYCLER\NPROTECT\00034282.MOZ -> TrackingCookie.Tacoda : Cleaned.
:mozilla.40:C:\RECYCLER\NPROTECT\00034284.MOZ -> TrackingCookie.Tacoda : Cleaned.
:mozilla.40:C:\RECYCLER\NPROTECT\00034285.MOZ -> TrackingCookie.Tacoda : Cleaned.
:mozilla.40:C:\RECYCLER\NPROTECT\00034287.MOZ -> TrackingCookie.Tacoda : Cleaned.
:mozilla.40:C:\RECYCLER\NPROTECT\00034289.MOZ -> TrackingCookie.Tacoda : Cleaned.
:mozilla.40:C:\RECYCLER\NPROTECT\00034292.MOZ -> TrackingCookie.Tacoda : Cleaned.
:mozilla.40:C:\RECYCLER\NPROTECT\00034294.MOZ -> TrackingCookie.Tacoda : Cleaned.
:mozilla.40:C:\RECYCLER\NPROTECT\00034296.MOZ -> TrackingCookie.Tacoda : Cleaned.
:mozilla.40:C:\RECYCLER\NPROTECT\00034298.MOZ -> TrackingCookie.Tacoda : Cleaned.
:mozilla.41:C:\Documents and Settings\ken\Application Data\Mozilla\Firefox\Profiles\voqyl1lm.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.41:C:\RECYCLER\NPROTECT\00034248.MOZ -> TrackingCookie.Tacoda : Cleaned.
:mozilla.41:C:\RECYCLER\NPROTECT\00034250.MOZ -> TrackingCookie.Tacoda : Cleaned.
:mozilla.41:C:\RECYCLER\NPROTECT\00034252.MOZ -> TrackingCookie.Tacoda : Cleaned.
:mozilla.41:C:\RECYCLER\NPROTECT\00034254.MOZ -> TrackingCookie.Tacoda : Cleaned.
:mozilla.41:C:\RECYCLER\NPROTECT\00034256.MOZ -> TrackingCookie.Tacoda : Cleaned.
:mozilla.41:C:\RECYCLER\NPROTECT\00034257.MOZ -> TrackingCookie.Tacoda : Cleaned.
:mozilla.41:C:\RECYCLER\NPROTECT\00034259.MOZ -> TrackingCookie.Tacoda : Cleaned.
:mozilla.41:C:\RECYCLER\NPROTECT\00034262.MOZ -> TrackingCookie.Tacoda : Cleaned.
:mozilla.41:C:\RECYCLER\NPROTECT\00034264.MOZ -> TrackingCookie.Tacoda : Cleaned.
:mozilla.41:C:\RECYCLER\NPROTECT\00034266.MOZ -> TrackingCookie.Tacoda : Cleaned.
:mozilla.41:C:\RECYCLER\NPROTECT\00034268.MOZ -> TrackingCookie.Tacoda : Cleaned.
:mozilla.41:C:\RECYCLER\NPROTECT\00034270.MOZ -> TrackingCookie.Tacoda : Cleaned.
:mozilla.41:C:\RECYCLER\NPROTECT\00034272.MOZ -> TrackingCookie.Tacoda : Cleaned.
:mozilla.41:C:\RECYCLER\NPROTECT\00034274.MOZ -> TrackingCookie.Tacoda : Cleaned.
:mozilla.41:C:\RECYCLER\NPROTECT\00034276.MOZ -> TrackingCookie.Tacoda : Cleaned.
:mozilla.41:C:\RECYCLER\NPROTECT\00034278.MOZ -> TrackingCookie.Tacoda : Cleaned.
:mozilla.41:C:\RECYCLER\NPROTECT\00034280.MOZ -> TrackingCookie.Tacoda : Cleaned.
:mozilla.41:C:\RECYCLER\NPROTECT\00034282.MOZ -> TrackingCookie.Tacoda : Cleaned.
:mozilla.41:C:\RECYCLER\NPROTECT\00034284.MOZ -> TrackingCookie.Tacoda : Cleaned.
:mozilla.41:C:\RECYCLER\NPROTECT\00034285.MOZ -> TrackingCookie.Tacoda : Cleaned.
:mozilla.41:C:\RECYCLER\NPROTECT\00034287.MOZ -> TrackingCookie.Tacoda : Cleaned.
:mozilla.41:C:\RECYCLER\NPROTECT\00034289.MOZ -> TrackingCookie.Tacoda : Cleaned.
:mozilla.41:C:\RECYCLER\NPROTECT\00034292.MOZ -> TrackingCookie.Tacoda : Cleaned.
:mozilla.41:C:\RECYCLER\NPROTECT\00034294.MOZ -> TrackingCookie.Tacoda : Cleaned.
:mozilla.41:C:\RECYCLER\NPROTECT\00034296.MOZ -> TrackingCookie.Tacoda : Cleaned.
:mozilla.41:C:\RECYCLER\NPROTECT\00034298.MOZ -> TrackingCookie.Tacoda : Cleaned.
:mozilla.50:C:\Documents and Settings\ken\Application Data\Mozilla\Firefox\Profiles\voqyl1lm.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.50:C:\RECYCLER\NPROTECT\00034248.MOZ -> TrackingCookie.Zedo : Cleaned.
:mozilla.50:C:\RECYCLER\NPROTECT\00034250.MOZ -> TrackingCookie.Zedo : Cleaned.
:mozilla.50:C:\RECYCLER\NPROTECT\00034252.MOZ -> TrackingCookie.Zedo : Cleaned.
:mozilla.50:C:\RECYCLER\NPROTECT\00034254.MOZ -> TrackingCookie.Zedo : Cleaned.
:mozilla.50:C:\RECYCLER\NPROTECT\00034256.MOZ -> TrackingCookie.Zedo : Cleaned.
:mozilla.50:C:\RECYCLER\NPROTECT\00034257.MOZ -> TrackingCookie.Zedo : Cleaned.
:mozilla.50:C:\RECYCLER\NPROTECT\00034259.MOZ -> TrackingCookie.Zedo : Cleaned.
:mozilla.50:C:\RECYCLER\NPROTECT\00034262.MOZ -> TrackingCookie.Zedo : Cleaned.
:mozilla.50:C:\RECYCLER\NPROTECT\00034264.MOZ -> TrackingCookie.Zedo : Cleaned.
:mozilla.50:C:\RECYCLER\NPROTECT\00034266.MOZ -> TrackingCookie.Zedo : Cleaned.
:mozilla.50:C:\RECYCLER\NPROTECT\00034268.MOZ -> TrackingCookie.Zedo : Cleaned.
:mozilla.50:C:\RECYCLER\NPROTECT\00034270.MOZ -> TrackingCookie.Zedo : Cleaned.
:mozilla.50:C:\RECYCLER\NPROTECT\00034272.MOZ -> TrackingCookie.Zedo : Cleaned.
:mozilla.50:C:\RECYCLER\NPROTECT\00034274.MOZ -> TrackingCookie.Zedo : Cleaned.
:mozilla.50:C:\RECYCLER\NPROTECT\00034276.MOZ -> TrackingCookie.Zedo : Cleaned.
:mozilla.50:C:\RECYCLER\NPROTECT\00034278.MOZ -> TrackingCookie.Zedo : Cleaned.
:mozilla.50:C:\RECYCLER\NPROTECT\00034280.MOZ -> TrackingCookie.Zedo : Cleaned.
:mozilla.50:C:\RECYCLER\NPROTECT\00034282.MOZ -> TrackingCookie.Zedo : Cleaned.
:mozilla.50:C:\RECYCLER\NPROTECT\00034284.MOZ -> TrackingCookie.Zedo : Cleaned.
:mozilla.50:C:\RECYCLER\NPROTECT\00034285.MOZ -> TrackingCookie.Zedo : Cleaned.
:mozilla.50:C:\RECYCLER\NPROTECT\00034287.MOZ -> TrackingCookie.Zedo : Cleaned.
:mozilla.50:C:\RECYCLER\NPROTECT\00034289.MOZ -> TrackingCookie.Zedo : Cleaned.
:mozilla.50:C:\RECYCLER\NPROTECT\00034292.MOZ -> TrackingCookie.Zedo : Cleaned.
:mozilla.50:C:\RECYCLER\NPROTECT\00034294.MOZ -> TrackingCookie.Zedo : Cleaned.
:mozilla.50:C:\RECYCLER\NPROTECT\00034296.MOZ -> TrackingCookie.Zedo : Cleaned.
:mozilla.50:C:\RECYCLER\NPROTECT\00034298.MOZ -> TrackingCookie.Zedo : Cleaned.
:mozilla.51:C:\Documents and Settings\ken\Application Data\Mozilla\Firefox\Profiles\voqyl1lm.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.51:C:\RECYCLER\NPROTECT\00034248.MOZ -> TrackingCookie.Zedo : Cleaned.
:mozilla.51:C:\RECYCLER\NPROTECT\00034250.MOZ -> TrackingCookie.Zedo : Cleaned.
:mozilla.51:C:\RECYCLER\NPROTECT\00034252.MOZ -> TrackingCookie.Zedo : Cleaned.
:mozilla.51:C:\RECYCLER\NPROTECT\00034254.MOZ -> TrackingCookie.Zedo : Cleaned.
:mozilla.51:C:\RECYCLER\NPROTECT\00034256.MOZ -> TrackingCookie.Zedo : Cleaned.
:mozilla.51:C:\RECYCLER\NPROTECT\00034257.MOZ -> TrackingCookie.Zedo : Cleaned.
:mozilla.51:C:\RECYCLER\NPROTECT\00034259.MOZ -> TrackingCookie.Zedo : Cleaned.
:mozilla.51:C:\RECYCLER\NPROTECT\00034262.MOZ -> TrackingCookie.Zedo : Cleaned.
:mozilla.51:C:\RECYCLER\NPROTECT\00034264.MOZ -> TrackingCookie.Zedo : Cleaned.
:mozilla.51:C:\RECYCLER\NPROTECT\00034266.MOZ -> TrackingCookie.Zedo : Cleaned.
:mozilla.51:C:\RECYCLER\NPROTECT\00034268.MOZ -> TrackingCookie.Zedo : Cleaned.
:mozilla.51:C:\RECYCLER\NPROTECT\00034270.MOZ -> TrackingCookie.Zedo : Cleaned.
:mozilla.51:C:\RECYCLER\NPROTECT\00034272.MOZ -> TrackingCookie.Zedo : Cleaned.
:mozilla.51:C:\RECYCLER\NPROTECT\00034274.MOZ -> TrackingCookie.Zedo : Cleaned.
:mozilla.51:C:\RECYCLER\NPROTECT\00034276.MOZ -> TrackingCookie.Zedo : Cleaned.
:mozilla.51:C:\RECYCLER\NPROTECT\00034278.MOZ -> TrackingCookie.Zedo : Cleaned.
:mozilla.51:C:\RECYCLER\NPROTECT\00034280.MOZ -> TrackingCookie.Zedo : Cleaned.
:mozilla.51:C:\RECYCLER\NPROTECT\00034282.MOZ -> TrackingCookie.Zedo : Cleaned.
:mozilla.51:C:\RECYCLER\NPROTECT\00034284.MOZ -> TrackingCookie.Zedo : Cleaned.
:mozilla.51:C:\RECYCLER\NPROTECT\00034285.MOZ -> TrackingCookie.Zedo : Cleaned.
:mozilla.51:C:\RECYCLER\NPROTECT\00034287.MOZ -> TrackingCookie.Zedo : Cleaned.
:mozilla.51:C:\RECYCLER\NPROTECT\00034289.MOZ -> TrackingCookie.Zedo : Cleaned.
:mozilla.51:C:\RECYCLER\NPROTECT\00034292.MOZ -> TrackingCookie.Zedo : Cleaned.
:mozilla.51:C:\RECYCLER\NPROTECT\00034294.MOZ -> TrackingCookie.Zedo : Cleaned.
:mozilla.51:C:\RECYCLER\NPROTECT\00034296.MOZ -> TrackingCookie.Zedo : Cleaned.
:mozilla.51:C:\RECYCLER\NPROTECT\00034298.MOZ -> TrackingCookie.Zedo : Cleaned.
:mozilla.52:C:\Documents and Settings\ken\Application Data\Mozilla\Firefox\Profiles\voqyl1lm.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.52:C:\RECYCLER\NPROTECT\00034248.MOZ -> TrackingCookie.Zedo : Cleaned.
:mozilla.52:C:\RECYCLER\NPROTECT\00034250.MOZ -> TrackingCookie.Zedo : Cleaned.
:mozilla.52:C:\RECYCLER\NPROTECT\00034252.MOZ -> TrackingCookie.Zedo : Cleaned.
:mozilla.52:C:\RECYCLER\NPROTECT\00034254.MOZ -> TrackingCookie.Zedo : Cleaned.
:mozilla.52:C:\RECYCLER\NPROTECT\00034256.MOZ -> TrackingCookie.Zedo : Cleaned.
:mozilla.52:C:\RECYCLER\NPROTECT\00034257.MOZ -> TrackingCookie.Zedo : Cleaned.
:mozilla.52:C:\RECYCLER\NPROTECT\00034259.MOZ -> TrackingCookie.Zedo : Cleaned.
:mozilla.52:C:\RECYCLER\NPROTECT\00034262.MOZ -> TrackingCookie.Zedo : Cleaned.
:mozilla.52:C:\RECYCLER\NPROTECT\00034264.MOZ -> TrackingCookie.Zedo : Cleaned.
:mozilla.52:C:\RECYCLER\NPROTECT\00034266.MOZ -> TrackingCookie.Zedo : Cleaned.
:mozilla.52:C:\RECYCLER\NPROTECT\00034268.MOZ -> TrackingCookie.Zedo : Cleaned.
:mozilla.52:C:\RECYCLER\NPROTECT\00034270.MOZ -> TrackingCookie.Zedo : Cleaned.
:mozilla.52:C:\RECYCLER\NPROTECT\00034272.MOZ -> TrackingCookie.Zedo : Cleaned.
:mozilla.52:C:\RECYCLER\NPROTECT\00034274.MOZ -> TrackingCookie.Zedo : Cleaned.
:mozilla.52:C:\RECYCLER\NPROTECT\00034276.MOZ -> TrackingCookie.Zedo : Cleaned.
:mozilla.52:C:\RECYCLER\NPROTECT\00034278.MOZ -> TrackingCookie.Zedo : Cleaned.
:mozilla.52:C:\RECYCLER\NPROTECT\00034280.MOZ -> TrackingCookie.Zedo : Cleaned.
:mozilla.52:C:\RECYCLER\NPROTECT\00034282.MOZ -> TrackingCookie.Zedo : Cleaned.
:mozilla.52:C:\RECYCLER\NPROTECT\00034284.MOZ -> TrackingCookie.Zedo : Cleaned.
:mozilla.52:C:\RECYCLER\NPROTECT\00034285.MOZ -> TrackingCookie.Zedo : Cleaned.
:mozilla.52:C:\RECYCLER\NPROTECT\00034287.MOZ -> TrackingCookie.Zedo : Cleaned.
:mozilla.52:C:\RECYCLER\NPROTECT\00034289.MOZ -> TrackingCookie.Zedo : Cleaned.
:mozilla.52:C:\RECYCLER\NPROTECT\00034292.MOZ -> TrackingCookie.Zedo : Cleaned.
:mozilla.52:C:\RECYCLER\NPROTECT\00034294.MOZ -> TrackingCookie.Zedo : Cleaned.
:mozilla.52:C:\RECYCLER\NPROTECT\00034296.MOZ -> TrackingCookie.Zedo : Cleaned.
:mozilla.52:C:\RECYCLER\NPROTECT\00034298.MOZ -> TrackingCookie.Zedo : Cleaned.


::Report end

Edited by livindead, 01 April 2007 - 08:40 AM.


#7 livindead

livindead
  • Topic Starter

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Local time:08:27 PM

Posted 01 April 2007 - 08:42 AM

Incident Status Location

Potentially unwanted tool:application/mywebsearch Not disinfected hkey_classes_root\clsid\{147A976F-EEE1-4377-8EA7-4716E4CDD239}
Potentially unwanted tool:application/funweb Not disinfected HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9FF05104-B030-46FC-94B8-81276E4E27DF}
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\livindead\Cookies\livindead@doubleclick[1].txt
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\fixwareout\FindT\nircmd.exe
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\Uninstall Fun Web Products.dll
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\Uninstall Morpheus Toolbar.dll
Spyware:Cookie/Mysearch Not disinfected C:\RECYCLER\NPROTECT\00034315.MOZ[.mysearch.com/]
Spyware:Cookie/Mysearch Not disinfected C:\RECYCLER\NPROTECT\00034345.MOZ[.mysearch.com/]
Spyware:Cookie/Mysearch Not disinfected C:\RECYCLER\NPROTECT\00034347.MOZ[.mysearch.com/]
Spyware:Cookie/Mysearch Not disinfected C:\RECYCLER\NPROTECT\00034349.MOZ[.mysearch.com/]
Spyware:Cookie/Mysearch Not disinfected C:\RECYCLER\NPROTECT\00034351.MOZ[.mysearch.com/]
Spyware:Cookie/Mysearch Not disinfected C:\RECYCLER\NPROTECT\00034355.MOZ[.mysearch.com/]
Spyware:Cookie/Mysearch Not disinfected C:\RECYCLER\NPROTECT\00034357.MOZ[.mysearch.com/]
Spyware:Cookie/Mysearch Not disinfected C:\RECYCLER\NPROTECT\00034360.MOZ[.mysearch.com/]
Spyware:Cookie/Mysearch Not disinfected C:\RECYCLER\NPROTECT\00034362.MOZ[.mysearch.com/]
Spyware:Cookie/Mysearch Not disinfected C:\RECYCLER\NPROTECT\00034364.MOZ[.mysearch.com/]
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\RECYCLER\NPROTECT\00035869.dll
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\RECYCLER\NPROTECT\00035876.DLL
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\RECYCLER\NPROTECT\00035877.DLL
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\RECYCLER\NPROTECT\00035878.DLL


Logfile of HijackThis v1.99.1
Scan saved at 14:32:54, on 01/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo! UK & Ireland
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Norton Personal Firewall 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Personal Firewall 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0\bin\jusched.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...html?p=ZJfox000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
O9 - Extra 'Tools' menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.iqon.ie
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Personal Firewall\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: lxby_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbycoms.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton UnErase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

cheers m8 my comps runnin fine bit slow at times but its fine cheers agen LD.

#8 htv8

htv8

  • Members
  • 1,694 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:10:27 PM

Posted 02 April 2007 - 12:12 PM

OK. Good job so far! We are almost done.

Please print out or copy this page to Notepad.
Make sure to work through the fixes in the exact order in which they are mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes.


Step #1: generating a fresh uninstall list
Please provide me a fresh uninstall list by performing these instructions:
1. Open HijackThis.
2. Click once on the Config... button.
3. Go to the Misc Tools section by clicking on the Misc Tools button on top of the screen.
4. Click on the button labelled "Open Uninstall Manager...". You'll see a list of currently installed programs.
5. Click on the button labelled "Save list..." and specify where you would like to save the uninstall list.

When you press the Save button, Notepad will open up with the contents of that file. Copy and paste the contents of that Notepad file as a reply to this topic.

Step #2: HijackThis scan
Scan with HijackThis again and post a new HijackThis log.
If I have not posted back within 24 hours, feel free to send me a PM with your topic link.

Posted Image

#9 livindead

livindead
  • Topic Starter

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Local time:08:27 PM

Posted 02 April 2007 - 12:58 PM

hi m8 thanks for all this i have bin able to delete tht file no :D although my comp does seem to berunnin abit slow and the internet is abit slow at times to any way less about tht heres the list:

Adobe Flash Player 9 ActiveX
Adobe Photoshop CS2
Adobe Reader 7.0.9
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
AVG Anti-Spyware 7.5
BitLord 1.1
broadband medic
BroadJump Client Foundation
CC_ccProxyExt
ccCommon
CCleaner (remove only)
ccPxyCore
Connection Keep Alive
Crashday
Disc2Phone
EPSON Easy Photo Print
EPSON Printer Software
EPSON Scan
Eraser 5.82
EvilLyrics
FunTalk
Gamepad Pro USB
GTA San Andreas
HijackThis 1.99.1
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Internet Worm Protection
IsoBuster 2.0
iTunes
Java™ SE Development Kit 6
Java™ SE Runtime Environment 6
Lexmark P910 Series
Lexmark X1100 Series
Lexmark Z600 Series
LiveUpdate 3.0 (Symantec Corporation)
Logitech® Camera Driver
Macromedia Dreamweaver 8
Macromedia Extension Manager
Macromedia Fireworks 8
Magic Online
Magic Workstation 0.94f
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Windows Journal Viewer
Minilyrics(remove only)
Morpheus 5.3 (remove only)
Morpheus Toolbar
Mozilla Firefox (2.0.0.3)
MSRedist
MSRedist
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 6.0 Parser (KB927977)
MSXML 6.0 SDK
NAVShortcut
Norton AntiSpam
Norton AntiVirus 2006
Norton AntiVirus Parent MSI
Norton Cleanup
Norton Internet Security
Norton Internet Security
Norton Personal Firewall
Norton Personal Firewall
Norton Personal Firewall 2006 (Symantec Corporation)
Norton Protection Center
Norton SystemWorks
Norton SystemWorks 2006 Premier
Norton SystemWorks 2006 Premier (Symantec Corporation)
Norton Utilities
Norton WMI Update
Norton WMI Update
NSW_DRM_COLLECTION
NVIDIA Drivers
NVIDIA Photoshop Plug-ins
Panda ActiveScan
Pcsx2 0.9.2 Watermoose
PKR
Power2Go 4.0
PowerDVD
PowerStarter
QuickTime
Realtek AC'97 Audio
REALTEK Gigabit and Fast Ethernet NIC Driver
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Smart Link 56K Voice Modem
Sony Ericsson PC Suite 1.20.224
SPBBC
Spybot - Search & Destroy 1.4
SUPERAntiSpyware Professional
Symantec KB-DocID:2003093015493306
Symantec Technical Support Web Controls
TeamSpeak 2 RC2
The Sims 2
The Sims 2 Open For Business
TrackMania Nations ESWC - Update 2
Unreal Tournament G.O.T.Y. Edition
Update for Outlook 2007 Junk Email Filter (KB931766)
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB929338)
Update for Windows XP (KB931836)
VideoLAN VLC media player 0.8.6a
Wildlife Park Gold
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live Messenger
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows Vista Upgrade Advisor
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
WinRAR archiver
Xfire (remove only)
Yahoo! Toolbar

#10 htv8

htv8

  • Members
  • 1,694 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:10:27 PM

Posted 03 April 2007 - 09:26 AM

Please print out or copy this page to Notepad. This will be useful as there is a possibility some of the instructions will need to be carried out where internet access is not available. A print out of the instructions would be a good reference to make sure you don't get lost. You may also like to save these instructions in Word/Notepad to the Desktop where they can be easily found for the same reasons as above.
Also make sure to work through the fixes in the exact order in which they are mentioned below and do not miss any steps out. If you have any queries about the process or just general questions, ask your question(s) before proceeding with the fixes.


Step #1: ATF Cleaner download
If not already downloaded, please download ATF Cleaner by clicking the download link below, but do not use the program yet.
Download ATF Cleaner

Step #2: cleaning up potentially unwanted applications (PUAs)
In comparison to the previous uninstall log you posted, I see that you have installed the optional peer-to-peer Morpheus Toolbar (maybe without your own conscience), a potentially unwanted application (PUA).
Morpheus Toolbar is an Internet Explorer and Firefox web browser add-on/plug-in web search toolbar that enables end users to conduct web searches. This PUA is considered as Adware. For more information, see this reference: Morpheus Toolbar - Potentially unwanted application.
That being said, I would strongly recommend uninstalling the Morpheus Toolbar, but it's up to you if you uninstall the searchbar or not. If you agree, go to Start > Control Panel > Add/Remove Programs and uninstall Morpheus Toolbar if present.

You downgraded from the current version of Morpheus (version 5.4) to the previous version (version 5.3). Although this product version does not claim to install adware or spyware to your computer, it does install some Desktop shortcuts to adware websites. When Morpheus is open, the interface is cluttered with online advertisements (ads), because adware is still present in current versions. To remove the Desktop shortcuts, right-click and delete the items. Upon installation, adware is installed against your will, which is difficult to uninstall. A lot of Morpheus users recommend that you do not install Morpheus due to adware/spyware presence.
Although I told you my opinion about the program once before, I still recommend uninstalling Morpheus. However, the choice is up to you. If you agree, go to Start > Control Panel > Add/Remove Programs and uninstall Morpheus 5.3 (remove only) if present.

Aside from the obvious legal issues, file sharing is one of the primary ways through which people become infected with malware. As BitLord 1.1 is a P2P/File Sharing (related) program as well, I still recommend getting rid of this one too by uninstalling it from Add/Remove Programs.

If you do not want to uninstall the programs listed above, please at least refrain from using any peer-to-peer programs for the remainder of my fix.

Step #3: HijackThis fix
Scan again with HijackThis. Put a checkmark by this entry if it is present, double-checking to be sure that only this entry is checked:
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...html?p=ZJfox000

Close all other windows - you should only see HijackThis on your Desktop - and then click the button labelled "Fix checked".

Step #4: file/folder deletion
First enable the viewing of hidden files in Windows XP by following these steps:
1. Close all programs so that you are at your Desktop.
2. Double-click on the My Computer icon.
3. Select the Tools menu and then click on the menu option labelled "Folder Options".
4. After the new window appears select the View tab.
5. Remove the checkmark from the checkbox labelled "Hide file extensions for known file types".
6. Remove the checkmark from the checkbox labelled "Hide protected operating system files".
7. Select the radio button labelled "Show hidden files and folders".
8. Press the Apply button and then press the OK button and shutdown My Computer.

Your computer is now configured to show all hidden system files and folders.

Reboot your computer into Safe Mode. Restart your computer and gently tap the F8 key repeatedly on your keyboard while starting up until you are presented with a new menu in which you can select the option for Safe Mode using the arrow keys on your keyboard.
For more information on how to boot your computer into Safe Mode, see this reference: How to start Windows into Safe Mode.

Now delete the following file (do not be concerned if it does not exist):
C:\Program Files\Uninstall Fun Web Products.dll

If you uninstalled Morpheus Toolbar as recommended, please delete these folder(s)/file(s) as well if they are present:
C:\Program Files\Uninstall Morpheus Toolbar.dll
C:\Program Files\Morpheus Toolbar <-- this folder

Step #5: ATF Cleaner cleanup
You downloaded ATF Cleaner before. When still in Safe Mode, please follow these instructions to run ATF Cleaner:
1. Double-click ATF-Cleaner.exe to run the program.
2. Click once on the Main tab at the top of the screen and put a checkmark in the radiobutton labelled "Select All".
3. Then click on the button labelled "Empty Selected".

If you use the Mozilla Firefox browser, please follow these instructions as well:
1. Click once on the Firefox tab at the top of the screen and put a checkmark in the radiobutton labelled "Select All".
2. Then click on the button labelled "Empty Selected". NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use the Opera browser, please follow these instructions as well:
1. Click once on the Opera tab at the top of the screen and put a checkmark in the radiobutton labelled "Select All".
2. Then click on the button labelled "Empty Selected". NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Now click the Exit button on the Main tab to exit the program.

Reboot your computer to boot back into normal mode.

Step #6: registry fix
I want you to back up the registry, because we are going to make a few changes to it. Please follow these steps to export the registry keys we want to back up to a .reg file:
1. Close all programs so that you have nothing open and are at the Desktop.
2. Go to Start > Run.
3. Copy/Paste each of the following lines in the QUOTE boxes below in the Run: field, followed by pressing the Enter key after each line:

regedit /e registry.reg "HKEY_CLASSES_ROOT\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239}"

regedit /e registry2.reg "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9FF05104-B030-46FC-94B8-81276E4E27DF}"

Now a secure backup copy has been made, I want you to download the attached file called regfix.reg. Please download it and save the file to your Desktop.
Attached File  regfix.reg   192bytes   14 downloads
Now go to the Desktop and double-click regfix.reg. When prompted to merge its contents to the registry, click the Yes button.

Step #7: HijackThis scan
Scan with HijackThis again and post a new HijackThis log, please. :thumbsup:

Edited by htv8, 03 April 2007 - 09:27 AM.

If I have not posted back within 24 hours, feel free to send me a PM with your topic link.

Posted Image

#11 livindead

livindead
  • Topic Starter

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Local time:08:27 PM

Posted 03 April 2007 - 10:11 AM

hello agen thx for the reply bothe th unistall thig u asked me to remove were not there so i couldnt delete thm everything else went to plan although my comp still seems slower thn usual cheers and heres the log

Logfile of HijackThis v1.99.1
Scan saved at 16:08:47, on 03/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo! UK & Ireland
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Norton Personal Firewall 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Personal Firewall 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0\bin\jusched.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
O9 - Extra 'Tools' menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.iqon.ie
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Personal Firewall\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: lxby_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbycoms.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton UnErase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

cheers agen LD

#12 htv8

htv8

  • Members
  • 1,694 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:10:27 PM

Posted 03 April 2007 - 10:46 AM

Your log looks clean now. Good work! :thumbsup: Any other problems you experience are likely NOT malware related.
However, if you experience any more problems, please report back.

Now please follow the simple steps below in order to keep your computer clean and secure.

Step #1: re-hide hidden system files and folders
Re-hide your hidden system files and folders again, because above instructions to set your system to show all files, unhide legit files and folders as well, and I don't want you to delete them because they may look suspicious. To hide them again, just perform these instructions:
1. Close all programs so that you are at your Desktop.
2. Double-click on the My Computer icon.
3. Select the Tools menu and then click on the menu option labelled "Folder Options".
4. After the new window appears select the View tab.
5. Place a checkmark in the checkbox labelled "Hide file extensions for known file types".
6. Place a checkmark in the checkbox labelled "Hide protected operating system files".
7. Deselect the radio button labelled "Show hidden files and folders".
8. Press the Apply button and then press the OK button and shutdown My Computer.

Now your computer is configured to hide all hidden system files and folders.

Step #2: reset and re-enable System Restore
Reset and re-enable System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs from changing those files. This is the only way to clean these files:
1. Close all programs so that you are at your Desktop.
2. Go to Start > Run.
3. In the Run: field type SYSDM.CPL and press the OK button.
4. Click the System Restore tab.
5. Place a checkmark in the checkbox labelled "Turn off System Restore" to disable System Restore.
6. Click the Apply button.
7. Uncheck the option labelled "Turn off System Restore" to turn System Restore back on.
8. Click the OK button.
9. Reboot.

Step #3
Finally, and definitely the MOST IMPORTANT step, click on this tutorial and follow each step listed here:

Simple and easy ways to keep your computer safe and secure on the Internet

Glad I was able to help and if there are any other problems related to your computer please feel free to post them in the appropriate forum. Do not forget to tell your friends about us.
If I have not posted back within 24 hours, feel free to send me a PM with your topic link.

Posted Image

#13 livindead

livindead
  • Topic Starter

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Local time:08:27 PM

Posted 03 April 2007 - 01:04 PM

i dont no how much i can thank you cheers for all ur help and i now no wear t cum wen i need help agen :thumbsup:

#14 htv8

htv8

  • Members
  • 1,694 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:10:27 PM

Posted 05 April 2007 - 12:38 PM

Thanks. :thumbsup: You're welcome.
If I have not posted back within 24 hours, feel free to send me a PM with your topic link.

Posted Image

#15 livindead

livindead
  • Topic Starter

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Local time:08:27 PM

Posted 10 April 2007 - 10:01 AM

since my fix my computer has started running really slow i dont have a clue y i was wondering if u could tell me ???




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users