Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I Think I Have A Virus And Worm On My Computer


  • Please log in to reply
15 replies to this topic

#1 Omega Knight

Omega Knight

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:05:45 AM

Posted 07 April 2007 - 06:25 PM

After we had a guest over, who I believe has been responsible for similar problems on my computer several times before, I found my computer running very slow and occasionally dead IE windows will be stuck on the desktop. I checked my task manager, and found fsqh.exe, and servic~1.exe. I searched for them, and found that they are listed as versions of a trojan virus, and a worm. I have tried to hunt them down and remove them, with no results. I rebooted into safe mode and ran hijackthis, combofix, and smitfraud (I think they are all up to date), can only find my hijackthis log. Let me know what you need please.

Logfile of HijackThis v1.99.1
Scan saved at 6:57:35 PM, on 4/7/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\Companion\Installs\cpn1\yt.dll
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\6.bin\MWSSRCAS.DLL
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\6.bin\MWSSRCAS.DLL
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Common\Companion\Installs\cpn1\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\6.bin\MWSBAR.DLL
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: Protection Bar - {0D045BAA-4BD3-4C94-BE8B-21536BD6BD9F} - C:\Program Files\Video ActiveX Object\iesplugin.dll (file missing)
O4 - HKLM\..\Run: [News Service] "D:\Charter\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [F-Secure TNB] "D:\Charter\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "D:\Charter\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [F-Secure Manager] "D:\Charter\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [CTSysVol] D:\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "D:\quicktime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Creative Detector] D:\Creative\mediasource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O8 - Extra context menu item: &Block this popup - D:\Charter\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...html?p=ZNfox000
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Web Filter - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - D:\Charter\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - D:\Charter\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Web Filter - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - D:\Charter\FSPC\fspcmsie.dll
O9 - Extra button: IE Shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - D:\Charter\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: IE Shield... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - D:\Charter\Anti-Spyware\ieshield.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1156884357637
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1156884336137
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Charter High-Speed Security Suite (BackWeb Plug-in - 3528733) - BackWeb Technologies Inc. - D:\Charter\backweb\3528733\Program\SERVIC~1.EXE
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - D:\Charter\Anti-Virus\fsgk32st.exe
O23 - Service: FSBWSYS - F-Secure Corp. - D:\Charter\backweb\3528733\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - D:\Charter\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure HTTP Server (fshttps) - F-Secure Corporation - D:\Charter\FSPC\fshttps\fshttps.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - D:\Charter\Common\FSMA32.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

BC AdBot (Login to Remove)

 


m

#2 random/random

random/random

  • Malware Response Team
  • 2,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:45 AM

Posted 11 April 2007 - 06:09 AM

Download SmitfraudFix (by S!Ri) to your Desktop.
http://siri.urz.free.fr/Fix/SmitfraudFix.exe

Double-click SmitfraudFix.exe
Select option #1 - Search by typing 1 and press Enter
This program will scan large amounts of files on your computer for known patterns so please be patient while it works. When it is done, the results of the scan will be displayed and it will create a log named rapport.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.

IMPORTANT: Do NOT run any other options until you are asked to do so!

**If the tool fails to launch from the Desktop, please move SmitfraudFix.exe directly to the root of the system drive (usually C:), and launch from there.

Post back with the smitfraudfix log and a new HijackThis log

#3 Omega Knight

Omega Knight
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:05:45 AM

Posted 11 April 2007 - 07:39 AM

Hijack this log
Logfile of HijackThis v1.99.1
Scan saved at 8:34:54 AM, on 4/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
D:\Charter\backweb\3528733\Program\SERVIC~1.EXE
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\ewido anti-spyware 4.0\guard.exe
D:\Charter\Anti-Virus\fsgk32st.exe
D:\Charter\backweb\3528733\program\fsbwsys.exe
D:\Charter\Anti-Virus\FSGK32.EXE
D:\Charter\Common\FSMA32.EXE
D:\Charter\backweb\3528733\Program\fspex.exe
D:\Charter\FSGUI\ispnews.exe
C:\WINDOWS\system32\nvsvc32.exe
D:\Charter\Common\FSMB32.EXE
D:\Charter\Common\FSM32.EXE
D:\Charter\Anti-Virus\fssm32.exe
D:\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
D:\quicktime\qttask.exe
D:\Creative\mediasource\Detector\CTDetect.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
D:\Charter\Common\FCH32.EXE
C:\Program Files\Logitech\Video\FxSvr2.exe
D:\Charter\Common\FAMEH32.EXE
D:\Charter\Anti-Virus\fsqh.exe
D:\Charter\FSPC\fspc.exe
D:\Charter\Anti-Virus\fsrw.exe
D:\Charter\Anti-Virus\fsav32.exe
D:\Charter\FWES\Program\fsdfwd.exe
D:\Charter\ANTI-S~1\fsaw.exe
D:\Charter\FSGUI\fsguidll.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\winlogon.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\Companion\Installs\cpn1\yt.dll
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\6.bin\MWSSRCAS.DLL
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\6.bin\MWSSRCAS.DLL
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Common\Companion\Installs\cpn1\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\6.bin\MWSBAR.DLL
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [News Service] "D:\Charter\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [F-Secure TNB] "D:\Charter\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "D:\Charter\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [F-Secure Manager] "D:\Charter\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [CTSysVol] D:\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "D:\quicktime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Creative Detector] D:\Creative\mediasource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: Charter High-Speed Security Suite.lnk = D:\Charter\backweb\3528733\Program\fspex.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O8 - Extra context menu item: &Block this popup - D:\Charter\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...html?p=ZNfox000
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Web Filter - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - D:\Charter\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - D:\Charter\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Web Filter - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - D:\Charter\FSPC\fspcmsie.dll
O9 - Extra button: IE Shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - D:\Charter\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: IE Shield... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - D:\Charter\Anti-Spyware\ieshield.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1156884357637
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1156884336137
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Charter High-Speed Security Suite (BackWeb Plug-in - 3528733) - BackWeb Technologies Inc. - D:\Charter\backweb\3528733\Program\SERVIC~1.EXE
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - D:\Charter\Anti-Virus\fsgk32st.exe
O23 - Service: FSBWSYS - F-Secure Corp. - D:\Charter\backweb\3528733\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - D:\Charter\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure HTTP Server (fshttps) - F-Secure Corporation - D:\Charter\FSPC\fshttps\fshttps.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - D:\Charter\Common\FSMA32.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

Smitfraud log
SmitFraudFix v2.131

Scan done at 8:33:15.84, Wed 04/11/2007
Run from C:\Program Files\Mozilla Firefox\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Owner


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Owner\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Owner\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components



»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32


»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End

#4 random/random

random/random

  • Malware Response Team
  • 2,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:45 AM

Posted 11 April 2007 - 08:48 AM

To assist diagnosis I would like a list of installed programs.
  • Open HijackThis and select Open the Misc Tools section
  • Click on the Open Uninstall Manager…
  • Select the Save List button
  • I suggest that you accept the default name of uninstall_list.txt and save the file to your desktop
  • Close HijackThis
Post back with the uninstall list and a new HijackThis log

#5 Omega Knight

Omega Knight
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:05:45 AM

Posted 11 April 2007 - 09:46 AM

7 Wonders
ABBYY FineReader 5.0 Sprint
Ad-Aware SE Personal
Adobe Flash Player 9 ActiveX
Adobe Photoshop Album Starter Edition
Adobe Reader 7.0.8
Adobe Shockwave Player
AutoREALM Version 2.1
Before You Know It 3.6
Bejeweled 2 Deluxe 1.0
Blackhawk Striker from Compaq (remove only)
Blasterball 2 from Compaq (remove only)
Bonjour
Bounce Symphony from Compaq (remove only)
CCScore
Charter High-Speed Security Suite
Chuzzle Deluxe 1.0
Compaq Connections
Compaq Instant Support
Conquer 2.0
Creative MediaSource
Creative System Information
Cubis Gold 2
Diablo II
Digital Camera
EQWatcher Evolution (remove only)
ESSBrwr
ESSCDBK
ESScore
ESSgui
ESShelp
ESSini
ESSPCD
ESSPDock
ESSSONIC
ESSTOOLS
essvatgt
essvcpt
Europa 1400 - The Guild
ewido anti-spyware 4.0
Excavation from Compaq (remove only)
Fable - The Lost Chapters
Five Card Frenzy from Compaq (remove only)
Form Fill (Windows Live Toolbar)
free2Design
Grand Theft Auto Vice City
HijackThis 1.99.1
HLPPDOCK
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows XP (KB926239)
HP Deskjet Preloaded Printer Drivers
HP Photo & Imaging 3.1
HP Photo and Imaging 2.0 - Photosmart Cameras
HP PSC & OfficeJet 3.0
HP Software Update
Industry Giant 2
Intel® Extreme Graphics Driver
IntelliMover Data Transfer Demo
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 9
Java 2 Runtime Environment, SE v1.4.2
JumpStart Preschool 2001
KBD
kgcbaby
kgcbase
kgchday
kgchlwn
kgcinvt
kgckids
kgcmove
kgcvday
Kodak EasyShare software
KSU
Labtec WebCam Software
Labtec® Camera Driver
Lexmark X1100 Series
Mad About Cats
Mahjongg Master 5
Memories Disc Creator 2.0
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft .NET Framework 2.0
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Money 2004
Microsoft Money 2004 System Pack
Microsoft Office Standard Edition 2003
Microsoft Plus! Digital Media Edition
Microsoft Reader
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Works 7.0
mIRC
Morrowind
Mozilla Firefox (1.5.0.11)
MS Access 97 SP2
MS XML parser 4.0 sp2
MSXML 4.0 SP2 (KB927978)
MUSICMATCH® Jukebox
My Web Search (Smiley Central)
Notifier
NVIDIA Drivers
NVIDIA GART Driver
OfotoXMI
OneCare Advisor (Windows Live Toolbar)
OpenOffice.org 2.0
Orbital from Compaq (remove only)
OTtBP
OTtBPSDK
Otto from Compaq (remove only)
Overball from Compaq (remove only)
Paint.NET v3.0
PC-Doctor for Windows
Photosmart 140,240,7200,7600,7700,7900 Series
Polar Bowler from Compaq (remove only)
PS2
Python 2.2 combined Win32 extensions
Python 2.2.1
Quicken 2004
QuickTime
Random Dice Roller
RealPlayer
RecordNow!
Rhapsody Player Engine
Rome - Total War™
Rome Total War - patch 1.3
Security Update for Microsoft .NET Framework 2.0 (KB917283)
Security Update for Microsoft .NET Framework 2.0 (KB922770)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913433)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929969)
SFR
SHASTA
Sid Meier's Alpha Centauri
Sid Meier's Alpha Centauri 2000/XP Compatibility Update
SimCity 3000 Unlimited
SKIN0001
SKINXSDK
Slyder from Compaq (remove only)
Smart Menus (Windows Live Toolbar)
Sonic Update Manager
Sound Blaster Audigy
SpamSubtract
SquareOff® Gold
Star Wars®: Knights of the Old Republic ™
staticcr
System Alert Popup
System Requirements Lab
Tabbed Browsing (Windows Live Toolbar)
TES Construction Set
The Guild 2
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB929338)
Update for Windows XP (KB931836)
Ventrilo Client
Viewpoint Media Player (Remove Only)
VPRINTOL
Winamp (remove only)
Windows Installer 3.1 (KB893803)
Windows Live Messenger
Windows Live Outlook Toolbar (Windows Live Toolbar)
Windows Live Sign-in Assistant
Windows Live Toolbar
Windows Live Toolbar
Windows Live Toolbar Extension (Windows Live Toolbar)
Windows Live Toolbar Feed Detector (Windows Live Toolbar)
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Service Pack 2
WIRELESS
Yahoo! Browser Services
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Messenger
Yahoo! Toolbar
Zone Deluxe Games
Zuma Deluxe 1.0

Logfile of HijackThis v1.99.1
Scan saved at 10:43:37 AM, on 4/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
D:\Charter\backweb\3528733\Program\SERVIC~1.EXE
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\ewido anti-spyware 4.0\guard.exe
D:\Charter\Anti-Virus\fsgk32st.exe
D:\Charter\backweb\3528733\program\fsbwsys.exe
D:\Charter\Anti-Virus\FSGK32.EXE
D:\Charter\Common\FSMA32.EXE
D:\Charter\backweb\3528733\Program\fspex.exe
D:\Charter\FSGUI\ispnews.exe
C:\WINDOWS\system32\nvsvc32.exe
D:\Charter\Common\FSMB32.EXE
D:\Charter\Common\FSM32.EXE
D:\Charter\Anti-Virus\fssm32.exe
D:\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
D:\quicktime\qttask.exe
D:\Creative\mediasource\Detector\CTDetect.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
D:\Charter\Common\FCH32.EXE
C:\Program Files\Logitech\Video\FxSvr2.exe
D:\Charter\Common\FAMEH32.EXE
D:\Charter\Anti-Virus\fsqh.exe
D:\Charter\FSPC\fspc.exe
D:\Charter\Anti-Virus\fsrw.exe
D:\Charter\Anti-Virus\fsav32.exe
D:\Charter\FWES\Program\fsdfwd.exe
D:\Charter\ANTI-S~1\fsaw.exe
D:\Charter\FSGUI\fsguidll.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
D:\Winamp\Winamp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\Companion\Installs\cpn1\yt.dll
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\6.bin\MWSSRCAS.DLL
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\6.bin\MWSSRCAS.DLL
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Common\Companion\Installs\cpn1\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\6.bin\MWSBAR.DLL
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [News Service] "D:\Charter\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [F-Secure TNB] "D:\Charter\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "D:\Charter\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [F-Secure Manager] "D:\Charter\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [CTSysVol] D:\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "D:\quicktime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Creative Detector] D:\Creative\mediasource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: Charter High-Speed Security Suite.lnk = D:\Charter\backweb\3528733\Program\fspex.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O8 - Extra context menu item: &Block this popup - D:\Charter\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...html?p=ZNfox000
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Web Filter - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - D:\Charter\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - D:\Charter\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Web Filter - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - D:\Charter\FSPC\fspcmsie.dll
O9 - Extra button: IE Shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - D:\Charter\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: IE Shield... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - D:\Charter\Anti-Spyware\ieshield.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1156884357637
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1156884336137
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Charter High-Speed Security Suite (BackWeb Plug-in - 3528733) - BackWeb Technologies Inc. - D:\Charter\backweb\3528733\Program\SERVIC~1.EXE
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - D:\Charter\Anti-Virus\fsgk32st.exe
O23 - Service: FSBWSYS - F-Secure Corp. - D:\Charter\backweb\3528733\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - D:\Charter\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure HTTP Server (fshttps) - F-Secure Corporation - D:\Charter\FSPC\fshttps\fshttps.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - D:\Charter\Common\FSMA32.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

#6 random/random

random/random

  • Malware Response Team
  • 2,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:45 AM

Posted 11 April 2007 - 09:51 AM

Go to Start> Control Panel> Add or Remove Programs.

Remove the following programs, if they are present.My Web Search (Smiley Central)
Go here to run an online scannner from Kaspersky.
  • Click on "Kaspersky Online Scanner"
  • A new smaller window will pop up. Press on "Accept". After reading the contents.
  • Now Kaspersky will update the anti-virus database. Let it run.
  • Click on "Next">"Scan Settings", and make sure the database is set to "extended". And check both the scan options. Then click OK.
  • Then click on "My Computer", and the scan will start.
  • Once finished, save the log as "KAV.txt" to the desktop.
Post back with the Kaspersky log and a new HijackThis log

#7 Omega Knight

Omega Knight
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:05:45 AM

Posted 11 April 2007 - 08:45 PM

I click on accept, and nothing seems to happen....

#8 random/random

random/random

  • Malware Response Team
  • 2,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:45 AM

Posted 12 April 2007 - 04:59 AM

Ewido is now AVG-antispyware which we are going to install, please uninstall Ewido

Please print out or copy these instructions/tutorial to Notepad as the internet will not be (while in Safe Mode) available to you at certain points of the removal process. Make sure to work through all the Steps in the exact order in which they are listed below. If there's anything that you don't understand, ask your question(s) before moving on with the fixes.

Please download AVG Anti-Spyware to your Desktop or to your usual Download Folder.
http://www.ewido.net/en/download/
  • Install AVG Anti-Spyware by double clicking the installer.
  • Follow the prompts. Make sure that Launch AVG Anti-Spyware is checked.
  • On the main screen under Your Computer's security.
    • Click on Change state next to Resident shield. It should now change to inactive.
    • Click on Change state next to Automatic updates. It should now change to inactive.
    • Next to Last Update, click on Update now. (You will need an active internet connection to perform this)
    • Wait until you see the Update succesfull message.
  • Right-click the AVG Anti-Spyware Tray Icon and uncheck Start with Windows.
  • Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
If you are having problems with the updater, you can use this link to manually update AVG anti-spyware.
AVG Anti-Spyware manual updates.
Download the Full database to your Desktop or to your usual Download Folder and install it by double clicking the file. Make sure that AVG Anti-Spyware is closed before installing the update.
______________________________

Reboot your computer in Safe Mode.
  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • Login on your usual account.
______________________________

Close ALL open Windows / Programs / Folders. Please start AVG Anti-Spyware and run a full scan.
  • Click on Scanner on the toolbar.
  • Click on the Settings tab.
    • Under How to act?
      • Click on Recommended Action and choose Quarantine from the popup menu.
    • Under How to scan?
      • All checkboxes should be ticked.
    • Under Possibly unwanted software:
      • All checkboxes should be ticked.
    • Under Reports:
      • Select Automatically generate report after every scan and uncheck Only if threats were found.
    • Under What to scan?
      • Select Scan every file.
  • Click on the Scan tab.
  • Click on Complete System Scan to start the scan process.
  • Let the program scan the machine.
  • When the scan has finished, follow the instructions below.
    IMPORTANT : Don't click on the "Save Scan Report" button before you did hit the "Apply all Actions" button.
    • Make sure that Set all elements to: shows Quarantine (1), if not click on the link and choose Quarantine from the popup menu. (2)
    • At the bottom of the window click on the Apply all Actions button. (3)
      Posted Image
  • When done, click the Save Scan Report button. (4)
    • Click the Save Report as button.
    • Save the report to your Desktop.
  • Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
Reboot in Normal Mode.

Post back with the AVG-antispyware log and a new HijackThis log

#9 Omega Knight

Omega Knight
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:05:45 AM

Posted 13 April 2007 - 08:14 AM

not trying to be a pain or anything, but last time I had AVG and F-secure on my computer there were massive conflict issues. Is this going to be a problem?

#10 random/random

random/random

  • Malware Response Team
  • 2,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:45 AM

Posted 13 April 2007 - 08:17 AM

Was that with AVG-antivirus?

#11 Omega Knight

Omega Knight
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:05:45 AM

Posted 13 April 2007 - 11:23 AM

I'm pretty sure it was, I had been using AVG anti-virus for a long time until my ISP started carrying f-secure. When I tried to install F-secure in addtion to AVG my computer had a major malfunction. When I checked into it, it turned out that F-secure doesn't like other anti-virus's...

#12 random/random

random/random

  • Malware Response Team
  • 2,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:45 AM

Posted 13 April 2007 - 11:26 AM

AVG-antispyware is a completely different product to AVG-antivirus and it is not an antivirus program, so there should not be any conflicts

Edited by random/random, 13 April 2007 - 11:30 AM.


#13 Omega Knight

Omega Knight
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:05:45 AM

Posted 13 April 2007 - 11:34 AM

ok, hadn't caught on to the difference. thanks, I'll get right onto it.
the link you gave me for getting avg-antispyware didn't work. I went to Grisoft main, and downloaded it from there, hope that isn't different.

Edited by Omega Knight, 13 April 2007 - 11:36 AM.


#14 Omega Knight

Omega Knight
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:05:45 AM

Posted 13 April 2007 - 03:29 PM

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 4:14:57 PM 4/13/2007

+ Scan result:



C:\Documents and Settings\Family\Desktop\SmileyCentralPFSetup2.1.50.3-3.ZNfox000.exe/mwsSrcSp.CommonCodebase.exe -> Adware.FunWeb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP338\A0050143.exe/mwsSrcSp.CommonCodebase.exe -> Adware.FunWeb : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{0D045BAA-4BD3-4C94-BE8B-21536BD6BD9F} -> Adware.Generic : Cleaned with backup (quarantined).
:mozilla.331:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\di94p03y.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.332:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\di94p03y.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.333:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\di94p03y.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.334:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\di94p03y.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.335:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\di94p03y.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.336:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\di94p03y.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.337:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\di94p03y.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.338:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\di94p03y.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.357:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\di94p03y.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.388:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\di94p03y.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.405:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\di94p03y.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.465:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\di94p03y.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned.
:mozilla.466:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\di94p03y.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned.
:mozilla.467:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\di94p03y.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned.
:mozilla.468:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\di94p03y.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned.
:mozilla.469:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\di94p03y.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned.
:mozilla.470:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\di94p03y.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned.
:mozilla.471:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\di94p03y.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned.
:mozilla.472:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\di94p03y.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned.
:mozilla.473:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\di94p03y.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned.
:mozilla.474:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\di94p03y.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned.
:mozilla.22:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\di94p03y.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.23:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\di94p03y.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.24:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\di94p03y.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.28:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\di94p03y.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.29:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\di94p03y.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.259:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\di94p03y.default\cookies.txt -> TrackingCookie.Addynamix : Cleaned.
:mozilla.260:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\di94p03y.default\cookies.txt -> TrackingCookie.Addynamix : Cleaned.
:mozilla.634:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\di94p03y.default\cookies.txt -> TrackingCookie.Adengage : Cleaned.
:mozilla.643:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\di94p03y.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.644:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\di94p03y.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.233:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\di94p03y.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.234:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\di94p03y.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.235:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\di94p03y.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.236:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\di94p03y.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.237:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\di94p03y.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.238:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\di94p03y.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.239:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\di94p03y.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.10:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\di94p03y.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.13:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\di94p03y.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.14:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\di94p03y.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.8:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\di94p03y.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.9:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\di94p03y.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.70:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\di94p03y.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.249:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\di94p03y.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned.
:mozilla.583:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\di94p03y.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.584:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\di94p03y.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.585:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\di94p03y.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.71:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\di94p03y.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.72:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\di94p03y.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.73:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\di94p03y.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.74:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\di94p03y.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.75:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\di94p03y.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.76:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\di94p03y.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.77:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\di94p03y.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.291:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\di94p03y.default\cookies.txt -> TrackingCookie.Centrport : Cleaned.
:mozilla.614:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\di94p03y.default\cookies.txt -> TrackingCookie.Clickhype : Cleaned.
:mozilla.358:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\di94p03y.default\cookies.txt -> TrackingCookie.Cnn : Cleaned.
:mozilla.389:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\di94p03y.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.454:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\di94p03y.default\cookies.txt -> TrackingCookie.Dealtime : Cleaned.
:mozilla.455:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\di94p03y.default\cookies.txt -> TrackingCookie.Dealtime : Cleaned.
:mozilla.11:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\di94p03y.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.502:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\di94p03y.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.240:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\di94p03y.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.241:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\di94p03y.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.242:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\di94p03y.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.243:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\di94p03y.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.244:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\di94p03y.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.221:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\di94p03y.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.222:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\di94p03y.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.223:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\di94p03y.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.224:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\di94p03y.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.225:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\di94p03y.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.226:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\di94p03y.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.227:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\di94p03y.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.387:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\di94p03y.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.397:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\di94p03y.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.403:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\di94p03y.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.414:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\di94p03y.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.453:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\di94p03y.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.492:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\di94p03y.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.689:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\di94p03y.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.699:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\di94p03y.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.134:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\di94p03y.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.135:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\di94p03y.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.17:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\di94p03y.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.18:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\di94p03y.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.19:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\di94p03y.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.20:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\di94p03y.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.526:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\di94p03y.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.703:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\di94p03y.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned.
:mozilla.415:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\di94p03y.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.416:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\di94p03y.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.660:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\di94p03y.default\cookies.txt -> TrackingCookie.Inet-cash : Cleaned.
:mozilla.425:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\di94p03y.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.427:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\di94p03y.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.445:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\di94p03y.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.446:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\di94p03y.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.447:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\di94p03y.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.510:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\di94p03y.default\cookies.txt -> TrackingCookie.Masterstats : Cleaned.
:mozilla.207:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\di94p03y.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.208:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\di94p03y.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.392:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\di94p03y.default\cookies.txt -> TrackingCookie.Navrcholu : Cleaned.
:mozilla.292:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\di94p03y.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.293:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\di94p03y.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.620:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\di94p03y.default\cookies.txt -> TrackingCookie.Paycounter : Cleaned.
:mozilla.559:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\di94p03y.default\cookies.txt -> TrackingCookie.Paypal : Cleaned.
:mozilla.79:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\di94p03y.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.80:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\di94p03y.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.81:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\di94p03y.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.82:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\di94p03y.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.83:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\di94p03y.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.272:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\di94p03y.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.273:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\di94p03y.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.274:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\di94p03y.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.275:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\di94p03y.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.78:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\di94p03y.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.84:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\di94p03y.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.85:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\di94p03y.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.86:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\di94p03y.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.87:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\di94p03y.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.88:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\di94p03y.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.89:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\di94p03y.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.90:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\di94p03y.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.91:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\di94p03y.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.92:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\di94p03y.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.255:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\di94p03y.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.256:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\di94p03y.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.257:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\di94p03y.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.258:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\di94p03y.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.276:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\di94p03y.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.277:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\di94p03y.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.359:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\di94p03y.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.360:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\di94p03y.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.361:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\di94p03y.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.362:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\di94p03y.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.363:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\di94p03y.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.364:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\di94p03y.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.303:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\di94p03y.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.304:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\di94p03y.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.305:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\di94p03y.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.306:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\di94p03y.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.307:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\di94p03y.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.308:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\di94p03y.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.309:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\di94p03y.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.310:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\di94p03y.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.311:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\di94p03y.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.312:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\di94p03y.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.313:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\di94p03y.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.314:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\di94p03y.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.315:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\di94p03y.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.316:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\di94p03y.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.609:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\di94p03y.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned.
:mozilla.167:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\di94p03y.default\cookies.txt -> TrackingCookie.Sextracker : Cleaned.
:mozilla.168:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\di94p03y.default\cookies.txt -> TrackingCookie.Sextracker : Cleaned.
:mozilla.169:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\di94p03y.default\cookies.txt -> TrackingCookie.Sextracker : Cleaned.
:mozilla.172:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\di94p03y.default\cookies.txt -> TrackingCookie.Sextracker : Cleaned.
:mozilla.261:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\di94p03y.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.262:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\di94p03y.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.263:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\di94p03y.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.264:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\di94p03y.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.265:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\di94p03y.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.266:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\di94p03y.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.267:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\di94p03y.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.268:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\di94p03y.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.269:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\di94p03y.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.270:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\di94p03y.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.271:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\di94p03y.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
C:\Documents and Settings\Family\Cookies\family@adopt.specificclick[1].txt -> TrackingCookie.Specificclick : Cleaned.
C:\Documents and Settings\Family\Cookies\family@h.starware[2].txt -> TrackingCookie.Starware : Cleaned.
C:\Documents and Settings\Family\Cookies\family@try.starware[1].txt -> TrackingCookie.Starware : Cleaned.
:mozilla.561:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\di94p03y.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.562:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\di94p03y.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.563:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\di94p03y.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.564:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\di94p03y.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.565:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\di94p03y.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.566:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\di94p03y.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.567:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\di94p03y.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.568:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\di94p03y.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.569:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\di94p03y.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.228:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\di94p03y.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.229:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\di94p03y.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.230:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\di94p03y.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.231:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\di94p03y.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.232:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\di94p03y.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.393:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\di94p03y.default\cookies.txt -> TrackingCookie.Toplist : Cleaned.
:mozilla.406:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\di94p03y.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.185:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\di94p03y.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.186:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\di94p03y.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.187:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\di94p03y.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.188:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\di94p03y.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.189:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\di94p03y.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.190:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\di94p03y.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.191:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\di94p03y.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.192:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\di94p03y.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.216:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\di94p03y.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.707:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\di94p03y.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.54:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\di94p03y.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.55:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\di94p03y.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.56:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\di94p03y.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.57:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\di94p03y.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.58:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\di94p03y.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.59:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\di94p03y.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.60:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\di94p03y.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.61:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\di94p03y.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.62:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\di94p03y.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.63:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\di94p03y.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.282:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\di94p03y.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.283:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\di94p03y.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.284:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\di94p03y.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
C:\Documents and Settings\Family\Local Settings\Temp\LQPMRDHR.0XE -> Trojan.Agent.rx : Cleaned with backup (quarantined).
C:\Documents and Settings\Family\Desktop\SmileyCentralPFSetup2.1.50.3-3.ZNfox000.exe/mwsSetup.CommonCodebase.exe -> Trojan.Isbar.s : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP338\A0050143.exe/mwsSetup.CommonCodebase.exe -> Trojan.Isbar.s : Cleaned with backup (quarantined).


::Report end

Logfile of HijackThis v1.99.1
Scan saved at 4:25:06 PM, on 4/13/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\LEXPPS.EXE
D:\Charter\backweb\3528733\Program\SERVIC~1.EXE
C:\WINDOWS\system32\CTsvcCDA.EXE
D:\Charter\Anti-Virus\fsgk32st.exe
D:\Charter\Anti-Virus\FSGK32.EXE
D:\Charter\backweb\3528733\program\fsbwsys.exe
D:\Charter\Common\FSMA32.EXE
C:\WINDOWS\system32\nvsvc32.exe
D:\Charter\Anti-Virus\fssm32.exe
D:\Charter\Common\FSMB32.EXE
C:\WINDOWS\System32\svchost.exe
D:\Charter\Common\FCH32.EXE
D:\Charter\Common\FAMEH32.EXE
D:\Charter\Anti-Virus\fsqh.exe
D:\Charter\Anti-Virus\fsrw.exe
D:\Charter\FSPC\fspc.exe
C:\WINDOWS\Explorer.EXE
D:\Charter\FSGUI\ispnews.exe
D:\Charter\Common\FSM32.EXE
D:\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
D:\quicktime\qttask.exe
D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
D:\Creative\mediasource\Detector\CTDetect.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
D:\Charter\backweb\3528733\Program\fspex.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\WINDOWS\system32\wuauclt.exe
D:\Charter\Anti-Virus\fsav32.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\system32\wuauclt.exe
D:\Charter\FWES\Program\fsdfwd.exe
D:\Charter\ANTI-S~1\fsaw.exe
D:\Charter\FSGUI\fsguidll.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\Companion\Installs\cpn1\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Common\Companion\Installs\cpn1\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [News Service] "D:\Charter\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [F-Secure TNB] "D:\Charter\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "D:\Charter\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [F-Secure Manager] "D:\Charter\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [CTSysVol] D:\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "D:\quicktime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Creative Detector] D:\Creative\mediasource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: Charter High-Speed Security Suite.lnk = D:\Charter\backweb\3528733\Program\fspex.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O8 - Extra context menu item: &Block this popup - D:\Charter\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Web Filter - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - D:\Charter\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - D:\Charter\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Web Filter - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - D:\Charter\FSPC\fspcmsie.dll
O9 - Extra button: IE Shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - D:\Charter\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: IE Shield... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - D:\Charter\Anti-Spyware\ieshield.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1156884357637
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1156884336137
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Charter High-Speed Security Suite (BackWeb Plug-in - 3528733) - BackWeb Technologies Inc. - D:\Charter\backweb\3528733\Program\SERVIC~1.EXE
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - D:\Charter\Anti-Virus\fsgk32st.exe
O23 - Service: FSBWSYS - F-Secure Corp. - D:\Charter\backweb\3528733\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - D:\Charter\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure HTTP Server (fshttps) - F-Secure Corporation - D:\Charter\FSPC\fshttps\fshttps.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - D:\Charter\Common\FSMA32.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

#15 random/random

random/random

  • Malware Response Team
  • 2,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:45 AM

Posted 13 April 2007 - 03:31 PM

You now appear to be clean. Congratulations!

Please take the time to tell us what you would like to be done about the people who are behind all the problems you have had. We can only get something done about this if the people that we help, like you, are prepared to complain. We have a dedicated forum for collecting these complaints Malware Complaints, you need to be registered to post as unfortunately we were hit with too many spam posting to allow guest posting to continue just find your country room and register your complaint.


Below are some steps to follow in order to dramatically lower the chances of reinfection
You may have already implemented some of the steps below, however you should follow any steps that you have not already implemented
  • Turn off System Restore.
    On the Desktop, right-click My Computer.
    Click Properties.
    Click the System Restore tab.
    Check Turn off System Restore.
    Click Apply, and then click OK.

    Reboot.

    Turn ON System Restore.
    On the Desktop, right-click My Computer.
    Click Properties.
    Click the System Restore tab.
    UN-Check *Turn off System Restore*.
    Click Apply, and then click OK.
    NOTE: only do this ONCE,NOT on a regular basis
  • Keep your antivirus and firewall updated
  • Keep windows up to date with the latest patches


    IMPORTANT: You Need to Update Windows and Internet Explorer to protect your computer from the malware that is around on the Internet. Please go to the windows update site to get the critical updates.

    If you are running Microsoft Office, or any portion thereof, go to the Microsoft's Office Update site and make sure you have at least all the critical updates installed (Free) Microsoft Office Update.
  • Install spywareblaster
    Spyware blaster is a program that stops known malicious activex controls from installing on your computer. It works by changing settings in your registry. It makes
    kill bits
    in the registry, so that certain activex controls can't install.
    If you don't know what activex controls are, see here
    You can download SpywareBlaster here here
    Make sure to update it on a regular basis
  • Install IE-SPYAD
    Dowload and instructions located here
    Make sure to update it on a regular basis
  • Use a HOSTS file
    • Every version of windows has a hosts file as part of them.
    • In a very basic sense, they are used to locate webpages.
    • We can customize a hosts file so that it blocks certain webpages.
    • However, it can slow down certain computers.
    • This is why using a hosts file is optional!!
    Download it here. Make sure you read the instructions on how to install the hosts file. There is a good tutorial here
    If you decide to download the hosts file, the slowdown problems can usually be avoided by following these steps:
    • Click the start button (at the lower left hand corner of your screen)
    • Click run
    • In the dialog box, type services.msc
    • hit enter, then locate dns client
    • Highlight it, then double-click it.
    • On the dropdown box, change the setting from automatic to manual.
    • Click ok
  • Install and use Ad-aware & Spybot search & destroy
    Instructions are located here
    Make sure to update them on a regular basis
  • Most exploits are aimed at internet explorer, so I recommend you switch to an altenative browser
    Two good alternative browsers are
    Firefox
    Opera
    It is essential to update to the latest version of your browser, as the updates fix known security holes
  • Even if you do decide to switch to another browser, it is still a good idea to lock down Internet explorer
    This can be done by following these simple instructions:
    From within Internet Explorer click on the Tools menu and then click on Options.
    Click once on the Security tab
    Click once on the Internet icon so it becomes highlighted.
    Click once on the Custom Level button.
    Change the Download signed ActiveX controls to Prompt
    Change the Download unsigned ActiveX controls to Disable
    Change the Initialize and script ActiveX controls not marked as safe to Disable
    Change the Installation of desktop items to Prompt
    Change the Launching programs and files in an IFRAME to Prompt
    Change the Navigate sub-frames across different domains to Prompt
    Change the allow paste operations via script to Disable
    When all these settings have been made, click on the OK button.
    If it prompts you as to whether or not you want to save the settings, press the Yes button.
    Next press the Apply button and then the OK to exit the Internet Properties page.
  • Clean out you temp file on a regular basis
    I use and recommend ATF Cleaner by Attribune
    To use it, follow these instructions
    • Double-click ATF-Cleaner.exe to run the program.
    • Click Main at the top and choose Select All from the list.
    • Click the Empty Selected button.
    If you use Firefox browser:
    • Click Firefox at the top and choose Select All from the list.
    • Click the Empty Selected button.
    • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
    If you use Opera browser:
    • Click Opera at the top and choose Select All from the list.
    • Click the Empty Selected button.
    • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
    Click Exit on the Main menu to close the program.
  • Finally I am trying to make one point very clear. It is absolutely essential to keep all of your security programs up to date





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users