Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

All Sorts Of Trojans And Obfuskated Is Driving Me Mad!


  • This topic is locked This topic is locked
12 replies to this topic

#1 SamTheMan

SamTheMan

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:36 AM

Posted 25 April 2007 - 05:23 AM

Hello there,

Was in the middle of researching some information for my university dissertation when all of a sudden i was flooded with popups. It appears after running AVG that I have the Obfuskated malaware virus. Oh the joy!

Any help would be greatly appreciated!

Here is my HijackThis log:

Logfile of HijackThis v1.99.1
Scan saved at 11:20:06, on 25/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Lexmark 2300 Series\ezprint.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Common Files\{547DFB1E-07DA-2057-1021-05112304002c}\Update.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\lxcgcoms.exe
C:\Program Files\Valve\Steam\Steam.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Ipwindows\ipwins.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Pop up Blocker\pd.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\Grisoft\AVG7\avgwb.dat
C:\Program Files\Java\jre1.5.0_11\bin\jucheck.exe
C:\WINDOWS\system32\msiexec.exe
C:\DOCUME~1\Sam\LOCALS~1\Temp\Rar$EX00.750\HijackThis.exe
C:\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo! UK & Ireland
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Web Assistant - {04DCB78C-AB45-83AD-A86A-6DFB90277939} - C:\Program Files\psquery\psquery.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [LXCGCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [lxcgmon.exe] "C:\Program Files\Lexmark 2300 Series\lxcgmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2300 Series\ezprint.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [TkBellExe] "realsched.exe" -osboot
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Interborewaydraw] C:\Documents and Settings\All Users\Application Data\Noun Bait Inter Bore\64 Dent.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Valve\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [IpWins] C:\Program Files\Ipwindows\ipwins.exe
O4 - HKCU\..\Run: [Pop up Blocker] "C:\Program Files\Pop up Blocker\pd.exe" Minimize
O4 - HKCU\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE
O4 - HKCU\..\Run: [hold mpeg] C:\DOCUME~1\Sam\APPLIC~1\GLUEPO~1\PureClock.exe
O4 - HKCU\..\RunOnce: [DeleteDLL] cmd.exe /c del C:\PROGRA~1\COMMON~1\{347DF~1\Bar888.dll > nul
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: PD - {5A6AB63C-F0A6-46DA-9C6D-6747A9E90D29} - C:\Program Files\Pop up Blocker\pd.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15026/CTSUEng.cab
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai.net/f/516/25175/7d/ru...cat-no-eula.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{EDE8B47A-8BEF-4835-B9EE-D5BB9744FE3B}: NameServer = 194.168.8.100,194.168.4.100
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Client IP-IPX - Unknown owner - C:\WINDOWS\system32\svchosts.exe" -e mc-110-12-0002239 (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: lxcg_device - - C:\WINDOWS\system32\lxcgcoms.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

BC AdBot (Login to Remove)

 


#2 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:09:36 AM

Posted 25 April 2007 - 05:46 AM

Welcome to the BleepingComputer HijackThis Logs and Analysis forum SamTheMan :thumbsup:

Download SDFix and save it to your desktop.
http://downloads.andymanchesta.com/RemovalTools/SDFix.zip

Please then reboot your computer into Safe Mode by doing the following :

* Restart your computer
* After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
* Instead of Windows loading as normal, a menu with options should appear;
* Select the first option, to run Windows in Safe Mode, then press "Enter".
* Choose your usual account.

* In Safe Mode, right click the SDFix.zip folder and choose Extract All,
* Open the extracted folder and double click RunThis.bat to start the script.
* Type Y to begin the script.
* It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
* Press any Key and it will restart the PC.
* Your system will take longer that normal to restart as the fixtool will be running and removing files.
* When the desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons.
* Finally open the SDFix folder on your desktop and copy and paste the contents of the results file Report.txt into your next reply.

***************************

Click on Start>Control Panel>Add/Remove Programs.
Uninstall/remove any of the following programs if listed:
Netpumper
Bitroll
Bitgrabber
CiD Help / CiD Manager
Download Plugin for Internet Explorer
Zone Media

This is because they are often bundled with the malware you are dealing with.
Don't worry if none of them are present.
If you happened to remove any of them please restart your pc.

******************************

Download NoLop.exe to your desktop.

* First close any other programs you have running as this will require a reboot.
* Double click NoLop.exe to run it.
* Then click the button labelled "Search and Destroy".
* When scanning is finished you will be prompted to reboot only if infected,click 'OK'.
* Now click the "REBOOT" Button.
* A Message should popup from NoLop, if not,double click the program again and it will finish.
Post the contents of C:\NoLop.log,the contents of the results file Report.txt from SDFix, and a new Hijack This log into your next reply.

If you receive the error,that mscomctl.ocx or one of its dependencies are not correctly registered, please download this file to your 'System32' folder then rerun the program: http://www.boletrice.com/downloads/mscomctl.ocx
Posted Image
Posted Image

#3 SamTheMan

SamTheMan
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:36 AM

Posted 25 April 2007 - 06:15 AM

Thanks for the quick reply Richie. You're a top bloke for helping out us muppets!




Heres SDFIX:

SDFix: Version 1.79

Run by Sam - 25/04/2007 - 11:55:51.95

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:

Name:
Client IP-IPX

ImagePath:
"C:\WINDOWS\system32\svchosts.exe" -e mc-110-12-0002239

Client IP-IPX - Deleted



Restoring Windows Registry Values
Restoring Windows Default Hosts File


Rebooting...

Normal Mode:
Checking Files:

Below files will be copied to Backups folder then removed:

C:\WINDOWS\Installer\{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}\_SHCT_Sprint.exe.exe - Deleted
C:\DOCUME~1\Sam\LOCALS~1\Temp\setup.exe - Deleted
C:\WINDOWS\system32\unsvchosts.lzma - Deleted



Removing Temp Files

ADS Check:

Checking if ADS is attached to system32 Folder
C:\WINDOWS\system32
No streams found.

Checking if ADS is attached to svchost.exe
C:\WINDOWS\system32\svchost.exe
No streams found.



Final Check:

Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\Xfire\\xfire.exe"="C:\\Program Files\\Xfire\\xfire.exe:*:Enabled:Xfire"
"C:\\UT2004\\System\\UT2004.exe"="C:\\UT2004\\System\\UT2004.exe:*:Enabled:UT2004"
"C:\\Program Files\\Valve\\Steam\\SteamApps\\samradders\\counter-strike source\\hl2.exe"="C:\\Program Files\\Valve\\Steam\\SteamApps\\samradders\\counter-strike source\\hl2.exe:*:Enabled:hl2"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\BitLord\\BitLord.exe"="C:\\Program Files\\BitLord\\BitLord.exe:*:Enabled:BitLord"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\\WINDOWS\\system32\\rundll32.exe"="C:\\WINDOWS\\system32\\rundll32.exe:*:Enabled:Run a DLL as an App"
"C:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2main.exe"="C:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2main.exe:*:Enabled:Neverwinter Nights 2 Main"
"C:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2main_amdxp.exe"="C:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2main_amdxp.exe:*:Enabled:Neverwinter Nights 2 AMD"
"C:\\Program Files\\Atari\\Neverwinter Nights 2\\nwupdate.exe"="C:\\Program Files\\Atari\\Neverwinter Nights 2\\nwupdate.exe:*:Enabled:Neverwinter Nights 2 Updater"
"C:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2server.exe"="C:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2server.exe:*:Enabled:Neverwinter Nights 2 Server"
"C:\\StubInstaller.exe"="C:\\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"="C:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe:*:Enabled:Nero ProductSetup"
"C:\\Program Files\\NAMCO BANDAI Games\\Warhammer Mark of Chaos\\Warhammer.exe"="C:\\Program Files\\NAMCO BANDAI Games\\Warhammer Mark of Chaos\\Warhammer.exe:*:Enabled:Warhammer®: Mark of Chaos™"
"C:\\Program Files\\Teamspeak2_RC2\\server_windows.exe"="C:\\Program Files\\Teamspeak2_RC2\\server_windows.exe:*:Enabled:Server"
"C:\\Program Files\\Valve\\Steam\\SteamApps\\samradders\\source sdk base\\hl2.exe"="C:\\Program Files\\Valve\\Steam\\SteamApps\\samradders\\source sdk base\\hl2.exe:*:Enabled:hl2"
"C:\\Program Files\\Kontiki\\KService.exe"="C:\\Program Files\\Kontiki\\KService.exe:*:Enabled:Delivery Manager Service"
"C:\\Program Files\\THQ\\Gas Powered Games\\GPGNet\\GPG.Multiplayer.Client.exe"="C:\\Program Files\\THQ\\Gas Powered Games\\GPGNet\\GPG.Multiplayer.Client.exe:*:Enabled:GPGNet - Supreme Commander"
"C:\\Program Files\\Azureus\\Azureus.exe"="C:\\Program Files\\Azureus\\Azureus.exe:*:Enabled:Azureus"
"C:\\Documents and Settings\\Sam\\Desktop\\utorrent.exe"="C:\\Documents and Settings\\Sam\\Desktop\\utorrent.exe:*:Enabled:µTorrent"
"C:\\WINDOWS\\system32\\rtcshare.exe"="C:\\WINDOWS\\system32\\rtcshare.exe:*:Enabled:RTC App Sharing"
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"="C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe:*:Enabled:Remote Assistance - Windows Messenger and Voice"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Documents and Settings\\Sam\\Local Settings\\Temp\\ElectronicArts_Patcher_000.exe"="C:\\Documents and Settings\\Sam\\Local Settings\\Temp\\ElectronicArts_Patcher_000.exe:*:Enabled:ElectronicArts_Patcher_000"
"C:\\Program Files\\Electronic Arts\\Command & Conquer 3\\RetailExe\\1.0\\cnc3game.dat"="C:\\Program Files\\Electronic Arts\\Command & Conquer 3\\RetailExe\\1.0\\cnc3game.dat:*:Enabled:Command & Conquer 3 Tiberium Wars"
"C:\\Program Files\\Electronic Arts\\Command & Conquer 3\\RetailExe\\1.3\\cnc3game.dat"="C:\\Program Files\\Electronic Arts\\Command & Conquer 3\\RetailExe\\1.3\\cnc3game.dat:*:Enabled:Command & Conquer 3 Tiberium Wars"
"C:\\Program Files\\Electronic Arts\\Command & Conquer 3\\RetailExe\\1.4\\cnc3game.dat"="C:\\Program Files\\Electronic Arts\\Command & Conquer 3\\RetailExe\\1.4\\cnc3game.dat:*:Enabled:Command & Conquer 3 Tiberium Wars"
"C:\\Program Files\\BitComet\\BitComet.exe"="C:\\Program Files\\BitComet\\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe:*:Enabled:avgemc.exe"


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"


Remaining Files:
---------------

Backups Folder: - C:\SDFix\backups\backups.zip

Checking For Files with Hidden Attributes:

C:\Documents and Settings\Sam\Local Settings\Application Data\Microsoft\Messenger\sammowellhung@hotmail.com\Sharing Folders\jameswaythe@hotmail.com\Thumbs.db
C:\Documents and Settings\Sam\Local Settings\Application Data\Microsoft\Messenger\sammowellhung@hotmail.com\Sharing Folders\wheres_lucky@hotmail.com\Thumbs.db
C:\Documents and Settings\Sam\My Documents\Downloads\The.Fountain.2006.DVDSCR.XviD-FiCO.[www.torrentfive.com]\Thumbs.db
C:\Documents and Settings\Sam\My Documents\Downloads\The.Fountain.2006.DVDSCR.XviD-FiCO.[www.torrentfive.com]\Sample\Thumbs.db
C:\Documents and Settings\Sam\My Documents\My Music\George Michael - Twenty Five (2006) - Pop [www.torrentazos.com]\Thumbs.db
C:\Program Files\Common Files\Adobe\ESD\DLMCleanup.exe
C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp
C:\Documents and Settings\Sam\Application Data\Microsoft\Word\~WRL0055.tmp
C:\Documents and Settings\Sam\Application Data\Microsoft\Word\~WRL0103.tmp
C:\Documents and Settings\Sam\Application Data\Microsoft\Word\~WRL0288.tmp
C:\Documents and Settings\Sam\Application Data\Microsoft\Word\~WRL0334.tmp
C:\Documents and Settings\Sam\Application Data\Microsoft\Word\~WRL0776.tmp
C:\Documents and Settings\Sam\Application Data\Microsoft\Word\~WRL1147.tmp
C:\Documents and Settings\Sam\Application Data\Microsoft\Word\~WRL1801.tmp
C:\Documents and Settings\Sam\Application Data\Microsoft\Word\~WRL2195.tmp
C:\Documents and Settings\Sam\Application Data\Microsoft\Word\~WRL3041.tmp
C:\Documents and Settings\Sam\Application Data\Microsoft\Word\~WRL3185.tmp
C:\Documents and Settings\Sam\Application Data\Microsoft\Word\~WRL3697.tmp
C:\Documents and Settings\Sam\Application Data\Microsoft\Word\~WRL3836.tmp
C:\Documents and Settings\Sam\My Documents\~WRL0627.tmp
C:\Documents and Settings\Sam\My Documents\~WRL2441.tmp



And here's NoLop:

NoLop! Log by Skate_Punk_21

Please Note: any existing old logs will have now been renamed to NoLop!OLD.log

Fix running from: C:\Documents and Settings\Sam\Desktop
[25/04/2007]
[12:09:53]

---Infection Files Found/Removed---
NO INFECTION FILES FOUND - Cleaning Aborted.

---Listing AppData sub directories---

C:\Documents and Settings\Administrator\Application Data\Microsoft
C:\Documents and Settings\All Users\Application Data\Adobe
C:\Documents and Settings\All Users\Application Data\Adobe Systems
C:\Documents and Settings\All Users\Application Data\Apple Computer
C:\Documents and Settings\All Users\Application Data\Avg7
C:\Documents and Settings\All Users\Application Data\Documents
C:\Documents and Settings\All Users\Application Data\Faxctr
C:\Documents and Settings\All Users\Application Data\Grisoft
C:\Documents and Settings\All Users\Application Data\Kontiki
C:\Documents and Settings\All Users\Application Data\Microsoft
C:\Documents and Settings\All Users\Application Data\Microsoft Corporation
C:\Documents and Settings\All Users\Application Data\Nero
C:\Documents and Settings\All Users\Application Data\Noun Bait Inter Bore
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
C:\Documents and Settings\Default User\Application Data\Microsoft
C:\Documents and Settings\Localservice\Application Data\Ahead
C:\Documents and Settings\Localservice\Application Data\Avg7 -- EMPTY Directory
C:\Documents and Settings\Localservice\Application Data\Creative
C:\Documents and Settings\Localservice\Application Data\Microsoft
C:\Documents and Settings\Networkservice\Application Data\Microsoft
C:\Documents and Settings\Sam\Application Data\Activision
C:\Documents and Settings\Sam\Application Data\Adobe
C:\Documents and Settings\Sam\Application Data\Adobeum -- EMPTY Directory
C:\Documents and Settings\Sam\Application Data\Ahead
C:\Documents and Settings\Sam\Application Data\Apple Computer
C:\Documents and Settings\Sam\Application Data\Ati
C:\Documents and Settings\Sam\Application Data\Avg7
C:\Documents and Settings\Sam\Application Data\Azureus
C:\Documents and Settings\Sam\Application Data\Command & Conquer 3 Tiberium Wars
C:\Documents and Settings\Sam\Application Data\Command & Conquer 3 Tiberium Wars Demo
C:\Documents and Settings\Sam\Application Data\Creative
C:\Documents and Settings\Sam\Application Data\Faxctr
C:\Documents and Settings\Sam\Application Data\Glue Pop
C:\Documents and Settings\Sam\Application Data\Icaclient -- EMPTY Directory
C:\Documents and Settings\Sam\Application Data\Identities
C:\Documents and Settings\Sam\Application Data\Installshield
C:\Documents and Settings\Sam\Application Data\Lavasoft
C:\Documents and Settings\Sam\Application Data\Macromedia
C:\Documents and Settings\Sam\Application Data\Microsoft
C:\Documents and Settings\Sam\Application Data\Microsoft Web Folders -- EMPTY Directory
C:\Documents and Settings\Sam\Application Data\Mozilla
C:\Documents and Settings\Sam\Application Data\Opera -- EMPTY Directory
C:\Documents and Settings\Sam\Application Data\Real
C:\Documents and Settings\Sam\Application Data\Securom
C:\Documents and Settings\Sam\Application Data\Sun
C:\Documents and Settings\Sam\Application Data\Teamspeak2
C:\Documents and Settings\Sam\Application Data\Utorrent
C:\Documents and Settings\Sam\Application Data\Vlc
C:\Documents and Settings\Sam\Application Data\Xfire

Thanks again Richie.

#4 SamTheMan

SamTheMan
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:36 AM

Posted 25 April 2007 - 06:17 AM

I'm also getting an error message for psquery.exe as it trys opening the popups. Is that a virus that has been deleted? It slows down XP too. Any ideas?

#5 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:09:36 AM

Posted 25 April 2007 - 06:22 AM

Can you post the new Hijackthis log please :thumbsup:
Posted Image
Posted Image

#6 SamTheMan

SamTheMan
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:36 AM

Posted 25 April 2007 - 06:25 AM

Ooops :thumbsup:)


Logfile of HijackThis v1.99.1
Scan saved at 12:22:39, on 25/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Lexmark 2300 Series\ezprint.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Valve\Steam\Steam.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Pop up Blocker\pd.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\lxcgcoms.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo! UK & Ireland
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Web Assistant - {04DCB78C-AB45-83AD-A86A-6DFB90277939} - C:\Program Files\psquery\psquery.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [LXCGCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [lxcgmon.exe] "C:\Program Files\Lexmark 2300 Series\lxcgmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2300 Series\ezprint.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [TkBellExe] "realsched.exe" -osboot
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Interborewaydraw] C:\Documents and Settings\All Users\Application Data\Noun Bait Inter Bore\64 Dent.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Valve\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [IpWins] C:\Program Files\Ipwindows\ipwins.exe
O4 - HKCU\..\Run: [Pop up Blocker] "C:\Program Files\Pop up Blocker\pd.exe" Minimize
O4 - HKCU\..\Run: [hold mpeg] C:\DOCUME~1\Sam\APPLIC~1\GLUEPO~1\PureClock.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: PD - {5A6AB63C-F0A6-46DA-9C6D-6747A9E90D29} - C:\Program Files\Pop up Blocker\pd.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15026/CTSUEng.cab
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai.net/f/516/25175/7d/ru...cat-no-eula.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{EDE8B47A-8BEF-4835-B9EE-D5BB9744FE3B}: NameServer = 194.168.8.100,194.168.4.100
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: lxcg_device - - C:\WINDOWS\system32\lxcgcoms.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

#7 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:09:36 AM

Posted 25 April 2007 - 06:33 AM

Please make sure all hidden files are showing:

* Click 'Start'.
* Open 'My Computer'.
* Select the 'Tools' menu and click 'Folder Options'.
* Select the 'View' tab.
* Under the 'Hidden files and folders' heading select 'Show hidden files and folders'.
* Uncheck the 'Hide file extensions for known types' option.
* Uncheck the 'Hide protected operating system files (recommended)' option.
* Click Yes to confirm.
* Click OK.

*******************************

Download/install AVG Anti-Spyware 7.5.

Please follow these instructions very carefully.

Launch/start up AVG Anti-Spyware.
On the main page click the 'Update' tab,and then 'Start Update'.
Note:
If you have any problems running the update process prior to running the scan,download/install the 'Full Database' from here:
http://download.ewido.net/avgas-signatures-full-current.exe

Once the updates have been installed,do the following:
Select the 'Scanner' icon at the top of the screen, then select the 'Settings' tab.
Once in the 'Settings' screen,under 'How to act?',then under 'Set default action for detected malware to:', click on 'Recommended actions',then click on 'Quarantine'.
Under 'Reports' select 'Automatically generate report after every scan' and unselect 'Only if threats were found'.
Exit AVG Anti-Spyware,don't run the scan just yet.

You might want to print/copy the following as you need to be in Safe Mode from here on.

Reboot your computer into SAFE MODE using the F8 method.
To do this,restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly.
A menu will appear with several options.
Use the arrow keys on your keyboard to navigate and select the option to run Windows in "Safe Mode".

Have Hijack This fix the following [If still present], by placing a check in the appropriate boxes and selecting 'Fix checked'.
Make sure all browser and all Windows Explorer windows are closed before fixing:

O2 - BHO: Web Assistant - {04DCB78C-AB45-83AD-A86A-6DFB90277939} - C:\Program Files\psquery\psquery.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [Interborewaydraw] C:\Documents and Settings\All Users\Application Data\Noun Bait Inter Bore\64 Dent.exe
O4 - HKCU\..\Run: [IpWins] C:\Program Files\Ipwindows\ipwins.exe
O4 - HKCU\..\Run: [hold mpeg] C:\DOCUME~1\Sam\APPLIC~1\GLUEPO~1\PureClock.exe


Find and delete if present:
C:\Program Files\psquery
C:\Program Files\Ipwindows
C:\Documents and Settings\All Users\Application Data\Noun Bait Inter Bore
C:\Documents and Settings\Sam\Application Data\Glue Pop


Still in Safe Mode launch AVG Anti-Spyware.
Click the 'Scanner' icon at the top.
To start the scan click on 'Complete System Scan'.
Please be patient,it takes a while for the scan to finish.

Once the scan is complete,do the following.
If AVG Anti-Spyware detected any infected objects:,click on 'Apply All Actions'.

Next click on 'Save Report'.
Copy and paste that report into your next reply.
The report can be found under the 'Reports' tab at the top.
Close AVG Anti-Spyware when you've done.
Reboot normally.

Post the AVG Anti Spyware report and a new Hijackthis log into your next reply.
Let me know how your pc is running now please.
Posted Image
Posted Image

#8 SamTheMan

SamTheMan
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:36 AM

Posted 25 April 2007 - 07:20 AM

Hello again, i did all that but it wouldnt allow me to delete C:\Program Files\psquery for some reason.

But here are the logs: Anti Spy First

+ Created at: 13:10:42 25/04/2007

+ Scan result:



C:\Program Files\psquery\psquery.sys -> Adware.Agent : Cleaned with backup (quarantined).
C:\Program Files\psquery\psquery.exe -> Adware.CASClient : Cleaned with backup (quarantined).
[1116] C:\Program Files\psquery\psquery.exe -> Adware.CASClient : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3E26CB82-EE13-4A13-994D-C5E82D403F1A}\RP125\A0026004.dll -> Adware.CommAd : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-1547161642-308236825-725345543-1004\Dc41\PeDev.dll -> Adware.Delfin : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3E26CB82-EE13-4A13-994D-C5E82D403F1A}\RP183\A0043263.exe -> Adware.DelphinMediaViewer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3E26CB82-EE13-4A13-994D-C5E82D403F1A}\RP183\A0043264.exe -> Adware.DelphinMediaViewer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3E26CB82-EE13-4A13-994D-C5E82D403F1A}\RP183\A0043265.exe -> Adware.DelphinMediaViewer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3E26CB82-EE13-4A13-994D-C5E82D403F1A}\RP183\A0043266.ocx -> Adware.DelphinMediaViewer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3E26CB82-EE13-4A13-994D-C5E82D403F1A}\RP183\A0043267.dll -> Adware.DelphinMediaViewer : Cleaned with backup (quarantined).
HKU\S-1-5-21-1547161642-308236825-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E1412445-4FF8-410E-8D24-F2CF86B171A4} -> Adware.Generic : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3E26CB82-EE13-4A13-994D-C5E82D403F1A}\RP185\A0043525.exe -> Adware.IWantSearch : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3E26CB82-EE13-4A13-994D-C5E82D403F1A}\RP189\A0045101.dll -> Adware.Lucky : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3E26CB82-EE13-4A13-994D-C5E82D403F1A}\RP185\A0043524.dll -> Adware.MaxSearch : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3E26CB82-EE13-4A13-994D-C5E82D403F1A}\RP125\A0026007.exe -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\Program Files\DAEMON Tools\SetupDTSB.exe -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\Program Files\Common Files\{547DFB1E-07D9-2057-1021-05112304002c}\system.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-18\Dc10\system.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-18\Dc11\system.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-18\Dc1\system.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-18\Dc2\system.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-18\Dc3\system.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-18\Dc4\system.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-18\Dc5\system.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-18\Dc6\system.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-18\Dc7\system.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-18\Dc8\system.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-18\Dc9\system.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3E26CB82-EE13-4A13-994D-C5E82D403F1A}\RP126\A0026300.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3E26CB82-EE13-4A13-994D-C5E82D403F1A}\RP133\A0028267.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3E26CB82-EE13-4A13-994D-C5E82D403F1A}\RP133\A0028268.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3E26CB82-EE13-4A13-994D-C5E82D403F1A}\RP137\A0031597.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3E26CB82-EE13-4A13-994D-C5E82D403F1A}\RP148\A0035811.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3E26CB82-EE13-4A13-994D-C5E82D403F1A}\RP148\A0035812.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3E26CB82-EE13-4A13-994D-C5E82D403F1A}\RP149\A0036244.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3E26CB82-EE13-4A13-994D-C5E82D403F1A}\RP171\A0040653.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3E26CB82-EE13-4A13-994D-C5E82D403F1A}\RP183\A0042873.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3E26CB82-EE13-4A13-994D-C5E82D403F1A}\RP185\A0043529.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3E26CB82-EE13-4A13-994D-C5E82D403F1A}\RP125\A0026005.exe -> Adware.ValueAd : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3E26CB82-EE13-4A13-994D-C5E82D403F1A}\RP148\A0035692.exe -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3E26CB82-EE13-4A13-994D-C5E82D403F1A}\RP148\A0035693.dll -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3E26CB82-EE13-4A13-994D-C5E82D403F1A}\RP148\A0035694.dll -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3E26CB82-EE13-4A13-994D-C5E82D403F1A}\RP148\A0035695.exe -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3E26CB82-EE13-4A13-994D-C5E82D403F1A}\RP148\A0035892.exe -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3E26CB82-EE13-4A13-994D-C5E82D403F1A}\RP148\A0035893.dll -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3E26CB82-EE13-4A13-994D-C5E82D403F1A}\RP148\A0035894.dll -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3E26CB82-EE13-4A13-994D-C5E82D403F1A}\RP164\A0038771.exe -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3E26CB82-EE13-4A13-994D-C5E82D403F1A}\RP164\A0038772.dll -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3E26CB82-EE13-4A13-994D-C5E82D403F1A}\RP164\A0038773.dll -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3E26CB82-EE13-4A13-994D-C5E82D403F1A}\RP164\A0038774.exe -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3E26CB82-EE13-4A13-994D-C5E82D403F1A}\RP165\snapshot\MFEX-3.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3E26CB82-EE13-4A13-994D-C5E82D403F1A}\RP165\snapshot\MFEX-4.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3E26CB82-EE13-4A13-994D-C5E82D403F1A}\RP165\snapshot\MFEX-5.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3E26CB82-EE13-4A13-994D-C5E82D403F1A}\RP166\A0038886.exe -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3E26CB82-EE13-4A13-994D-C5E82D403F1A}\RP166\A0038887.dll -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3E26CB82-EE13-4A13-994D-C5E82D403F1A}\RP166\A0038888.dll -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3E26CB82-EE13-4A13-994D-C5E82D403F1A}\RP166\snapshot\MFEX-3.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3E26CB82-EE13-4A13-994D-C5E82D403F1A}\RP166\snapshot\MFEX-4.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3E26CB82-EE13-4A13-994D-C5E82D403F1A}\RP166\snapshot\MFEX-5.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3E26CB82-EE13-4A13-994D-C5E82D403F1A}\RP178\A0042474.exe -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3E26CB82-EE13-4A13-994D-C5E82D403F1A}\RP178\A0042475.dll -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3E26CB82-EE13-4A13-994D-C5E82D403F1A}\RP178\A0042476.dll -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3E26CB82-EE13-4A13-994D-C5E82D403F1A}\RP178\A0042477.exe -> Adware.WebHancer : Cleaned with backup (quarantined).
HKU\S-1-5-21-1547161642-308236825-725345543-1004\Software\ToolBar -> Adware.WebSearch : Cleaned with backup (quarantined).
HKU\S-1-5-21-1547161642-308236825-725345543-1004\Software\ToolBar\all -> Adware.WebSearch : Cleaned with backup (quarantined).
HKU\S-1-5-21-1547161642-308236825-725345543-1004\Software\ToolBar\all\History -> Adware.WebSearch : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3E26CB82-EE13-4A13-994D-C5E82D403F1A}\RP125\A0026006.exe -> Downloader.Age : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3E26CB82-EE13-4A13-994D-C5E82D403F1A}\RP183\A0043270.exe -> Downloader.Agent.bca : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3E26CB82-EE13-4A13-994D-C5E82D403F1A}\RP189\A0044603.exe -> Downloader.Agent.bca : Cleaned with backup (quarantined).
C:\WINDOWS\system32\drivers\core.sys -> Rootkit.Agent.eq : Cleaned with backup (quarantined).
:mozilla.691:C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\bl6v7qin.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.692:C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\bl6v7qin.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.693:C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\bl6v7qin.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.192:C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\bl6v7qin.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.193:C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\bl6v7qin.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.194:C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\bl6v7qin.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.195:C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\bl6v7qin.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.196:C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\bl6v7qin.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.197:C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\bl6v7qin.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.198:C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\bl6v7qin.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.199:C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\bl6v7qin.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.200:C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\bl6v7qin.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.201:C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\bl6v7qin.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.202:C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\bl6v7qin.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.203:C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\bl6v7qin.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.204:C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\bl6v7qin.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.205:C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\bl6v7qin.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.206:C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\bl6v7qin.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.207:C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\bl6v7qin.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.208:C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\bl6v7qin.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.209:C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\bl6v7qin.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.210:C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\bl6v7qin.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.211:C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\bl6v7qin.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.212:C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\bl6v7qin.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.213:C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\bl6v7qin.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.214:C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\bl6v7qin.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.215:C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\bl6v7qin.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.216:C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\bl6v7qin.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.217:C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\bl6v7qin.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.218:C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\bl6v7qin.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.219:C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\bl6v7qin.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.220:C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\bl6v7qin.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.221:C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\bl6v7qin.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.222:C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\bl6v7qin.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.223:C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\bl6v7qin.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.224:C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\bl6v7qin.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.225:C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\bl6v7qin.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.226:C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\bl6v7qin.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.689:C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\bl6v7qin.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.690:C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\bl6v7qin.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.732:C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\bl6v7qin.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Sam\Cookies\sam@partygaming.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.282:C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\bl6v7qin.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.286:C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\bl6v7qin.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.287:C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\bl6v7qin.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.288:C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\bl6v7qin.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.289:C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\bl6v7qin.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.290:C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\bl6v7qin.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.291:C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\bl6v7qin.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.292:C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\bl6v7qin.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.293:C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\bl6v7qin.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.294:C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\bl6v7qin.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.295:C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\bl6v7qin.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.296:C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\bl6v7qin.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.297:C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\bl6v7qin.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.298:C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\bl6v7qin.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.299:C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\bl6v7qin.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.300:C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\bl6v7qin.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.301:C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\bl6v7qin.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.302:C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\bl6v7qin.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.303:C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\bl6v7qin.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.304:C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\bl6v7qin.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.305:C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\bl6v7qin.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.306:C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\bl6v7qin.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.307:C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\bl6v7qin.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.308:C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\bl6v7qin.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.319:C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\bl6v7qin.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.320:C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\bl6v7qin.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.321:C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\bl6v7qin.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.322:C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\bl6v7qin.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.323:C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\bl6v7qin.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.513:C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\bl6v7qin.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.514:C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\bl6v7qin.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.697:C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\bl6v7qin.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.698:C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\bl6v7qin.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Sam\Cookies\sam@ads.addynamix[1].txt -> TrackingCookie.Addynamix : Cleaned.
:mozilla.509:C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\bl6v7qin.default\cookies.txt -> TrackingCookie.Adengage : Cleaned.
:mozilla.35:C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\bl6v7qin.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.36:C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\bl6v7qin.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.38:C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\bl6v7qin.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.39:C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\bl6v7qin.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.41:C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\bl6v7qin.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.42:C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\bl6v7qin.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.665:C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\bl6v7qin.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.666:C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\bl6v7qin.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.667:C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\bl6v7qin.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
C:\Documents and Settings\Sam\Cookies\sam@adrevolver[2].txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.164:C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\bl6v7qin.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.165:C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\bl6v7qin.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.31:C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\bl6v7qin.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.32:C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\bl6v7qin.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.33:C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\bl6v7qin.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.34:C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\bl6v7qin.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\Sam\Cookies\sam@advertising[2].txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.663:C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\bl6v7qin.default\cookies.txt -> TrackingCookie.Adviva : Cleaned.
:mozilla.160:C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\bl6v7qin.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Sam\Cookies\sam@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.664:C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\bl6v7qin.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned.
:mozilla.104:C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\bl6v7qin.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.105:C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\bl6v7qin.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.106:C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\bl6v7qin.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Sam\Cookies\sam@casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.438:C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\bl6v7qin.default\cookies.txt -> TrackingCookie.Clickhype : Cleaned.
:mozilla.439:C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\bl6v7qin.default\cookies.txt -> TrackingCookie.Clickhype : Cleaned.
C:\Documents and Settings\Sam\Cookies\sam@ad1.clickhype[2].txt -> TrackingCookie.Clickhype : Cleaned.
:mozilla.908:C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\bl6v7qin.default\cookies.txt -> TrackingCookie.Cnn : Cleaned.
:mozilla.114:C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\bl6v7qin.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.115:C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\bl6v7qin.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.116:C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\bl6v7qin.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.117:C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\bl6v7qin.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.938:C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\bl6v7qin.default\cookies.txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\Sam\Cookies\sam@com[1].txt -> TrackingCookie.Com : Cleaned.
:mozilla.410:C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\bl6v7qin.default\cookies.txt -> TrackingCookie.Connextra : Cleaned.
:mozilla.411:C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\bl6v7qin.default\cookies.txt -> TrackingCookie.Connextra : Cleaned.
:mozilla.412:C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\bl6v7qin.default\cookies.txt -> TrackingCookie.Connextra : Cleaned.
:mozilla.413:C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\bl6v7qin.default\cookies.txt -> TrackingCookie.Connextra : Cleaned.
:mozilla.414:C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\bl6v7qin.default\cookies.txt -> TrackingCookie.Connextra : Cleaned.
:mozilla.415:C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\bl6v7qin.default\cookies.txt -> TrackingCookie.Connextra : Cleaned.
:mozilla.416:C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\bl6v7qin.default\cookies.txt -> TrackingCookie.Connextra : Cleaned.
:mozilla.417:C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\bl6v7qin.default\cookies.txt -> TrackingCookie.Connextra : Cleaned.
C:\Documents and Settings\Sam\Cookies\sam@connextra[3].txt -> TrackingCookie.Connextra : Cleaned.
C:\Documents and Settings\Sam\Cookies\sam@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.8:C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\bl6v7qin.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Sam\Cookies\sam@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Sam\Cookies\sam@www.epilot[1].txt -> TrackingCookie.Epilot : Cleaned.
:mozilla.766:C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\bl6v7qin.default\cookies.txt -> TrackingCookie.Estat : Cleaned.
:mozilla.26:C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\bl6v7qin.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.27:C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\bl6v7qin.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.28:C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\bl6v7qin.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.29:C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\bl6v7qin.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.30:C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\bl6v7qin.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
C:\Documents and Settings\Sam\Cookies\sam@adopt.euroclick[1].txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.615:C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\bl6v7qin.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.616:C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\bl6v7qin.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.617:C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\bl6v7qin.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.618:C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\bl6v7qin.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.619:C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\bl6v7qin.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.555:C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\bl6v7qin.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.556:C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\bl6v7qin.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.11:C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\bl6v7qin.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.13:C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\bl6v7qin.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.946:C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\bl6v7qin.default\cookies.txt -> TrackingCookie.Information : Cleaned.
:mozilla.816:C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\bl6v7qin.default\cookies.txt -> TrackingCookie.Ivwbox : Cleaned.
:mozilla.947:C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\bl6v7qin.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.948:C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\bl6v7qin.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.949:C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\bl6v7qin.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.508:C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\bl6v7qin.default\cookies.txt -> TrackingCookie.Masterstats : Cleaned.
:mozilla.37:C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\bl6v7qin.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.40:C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\bl6v7qin.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.679:C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\bl6v7qin.default\cookies.txt -> TrackingCookie.Myaffiliateprogram : Cleaned.
:mozilla.7:C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\bl6v7qin.default\cookies.txt -> TrackingCookie.Netflame : Cleaned.
:mozilla.478:C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\bl6v7qin.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.480:C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\bl6v7qin.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.481:C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\bl6v7qin.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.482:C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\bl6v7qin.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.483:C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\bl6v7qin.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.484:C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\bl6v7qin.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.485:C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\bl6v7qin.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.486:C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\bl6v7qin.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.487:C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\bl6v7qin.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.488:C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\bl6v7qin.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.489:C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\bl6v7qin.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.490:C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\bl6v7qin.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.491:C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\bl6v7qin.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.843:C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\bl6v7qin.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.112:C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\bl6v7qin.default\cookies.txt -> TrackingCookie.Paypal : Cleaned.
C:\Documents and Settings\Sam\Cookies\sam@ads.pointroll[1].txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.156:C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\bl6v7qin.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.157:C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\bl6v7qin.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.158:C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\bl6v7qin.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.159:C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\bl6v7qin.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.859:C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\bl6v7qin.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.860:C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\bl6v7qin.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.861:C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\bl6v7qin.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.118:C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\bl6v7qin.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.119:C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\bl6v7qin.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.120:C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\bl6v7qin.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.121:C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\bl6v7qin.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.122:C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\bl6v7qin.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.123:C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\bl6v7qin.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.124:C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\bl6v7qin.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.125:C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\bl6v7qin.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.126:C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\bl6v7qin.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.128:C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\bl6v7qin.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.129:C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\bl6v7qin.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.19:C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\bl6v7qin.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.20:C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\bl6v7qin.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.21:C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\bl6v7qin.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.22:C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\bl6v7qin.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.23:C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\bl6v7qin.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.25:C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\bl6v7qin.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\Sam\Cookies\sam@bs.serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\Sam\Cookies\sam@serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.445:C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\bl6v7qin.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.446:C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\bl6v7qin.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.434:C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\bl6v7qin.default\cookies.txt -> TrackingCookie.Sextracker : Cleaned.
:mozilla.435:C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\bl6v7qin.default\cookies.txt -> TrackingCookie.Sextracker : Cleaned.
:mozilla.436:C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\bl6v7qin.default\cookies.txt -> TrackingCookie.Sextracker : Cleaned.
:mozilla.437:C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\bl6v7qin.default\cookies.txt -> TrackingCookie.Sextracker : Cleaned.
:mozilla.457:C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\bl6v7qin.default\cookies.txt -> TrackingCookie.Sextracker : Cleaned.
:mozilla.504:C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\bl6v7qin.default\cookies.txt -> TrackingCookie.Sextracker : Cleaned.
:mozilla.603:C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\bl6v7qin.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.604:C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\bl6v7qin.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.605:C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\bl6v7qin.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.606:C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\bl6v7qin.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.607:C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\bl6v7qin.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.610:C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\bl6v7qin.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.611:C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\bl6v7qin.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.612:C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\bl6v7qin.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.613:C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\bl6v7qin.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
C:\Documents and Settings\Sam\Cookies\sam@adopt.specificclick[1].txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.268:C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\bl6v7qin.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.273:C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\bl6v7qin.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.275:C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\bl6v7qin.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.276:C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\bl6v7qin.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.418:C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\bl6v7qin.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.419:C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\bl6v7qin.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.420:C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\bl6v7qin.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.421:C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\bl6v7qin.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.422:C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\bl6v7qin.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.335:C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\bl6v7qin.default\cookies.txt -> TrackingCookie.Toplist : Cleaned.
C:\Documents and Settings\Sam\Cookies\sam@toplist[1].txt -> TrackingCookie.Toplist : Cleaned.
:mozilla.107:C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\bl6v7qin.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.108:C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\bl6v7qin.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.151:C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\bl6v7qin.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.173:C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\bl6v7qin.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.53:C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\bl6v7qin.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.674:C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\bl6v7qin.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
C:\Documents and Settings\Sam\Cookies\sam@statse.webtrendslive[2].txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.90:C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\bl6v7qin.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.91:C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\bl6v7qin.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.92:C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\bl6v7qin.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.93:C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\bl6v7qin.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.94:C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\bl6v7qin.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.95:C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\bl6v7qin.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.96:C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\bl6v7qin.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.97:C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\bl6v7qin.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.98:C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\bl6v7qin.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Sam\Cookies\sam@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.521:C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\bl6v7qin.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.523:C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\bl6v7qin.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.524:C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\bl6v7qin.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.525:C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\bl6v7qin.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
C:\Documents and Settings\Sam\Cookies\sam@zedo[2].txt -> TrackingCookie.Zedo : Cleaned.
C:\RECYCLER\S-1-5-21-1547161642-308236825-725345543-1004\Dc63\64 Dent.exe -> Trojan.Obfuscated.en : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-1547161642-308236825-725345543-1004\Dc64\tbyawbid.exe -> Trojan.Obfuscated.en : Cleaned with backup (quarantined).
C:\Program Files\Ipwindows\UnInstall.exe -> Trojan.Rond : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3E26CB82-EE13-4A13-994D-C5E82D403F1A}\RP169\A0039268.exe -> Trojan.Rond : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3E26CB82-EE13-4A13-994D-C5E82D403F1A}\RP178\A0042306.exe -> Trojan.Rond : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3E26CB82-EE13-4A13-994D-C5E82D403F1A}\RP125\A0026021.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3E26CB82-EE13-4A13-994D-C5E82D403F1A}\RP183\A0043268.vbs -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\Li4\M2b.vbs -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3E26CB82-EE13-4A13-994D-C5E82D403F1A}\RP189\A0045059.exe -> Trojan.Small.mf : Cleaned with backup (quarantined).




Logfile of HijackThis v1.99.1
Scan saved at 13:16:10, on 25/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Lexmark 2300 Series\ezprint.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\system32\lxcgcoms.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Valve\Steam\Steam.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Pop up Blocker\pd.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo! UK & Ireland
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [LXCGCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [lxcgmon.exe] "C:\Program Files\Lexmark 2300 Series\lxcgmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2300 Series\ezprint.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [TkBellExe] "realsched.exe" -osboot
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE]

#9 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:09:36 AM

Posted 25 April 2007 - 07:26 AM

Download Avenger from the link below:
http://swandog46.geekstogo.com/avenger.zip
Unzip/extract it to your desktop.

Start up Avenger.
Check the 'Input script manually' option.
Click the Magnifying Glass icon.
In the box that opens,copy and paste ALL the following bold blue text in the Quote box below:

Folders to delete:
C:\Program Files\psquery

Then click on 'Done'.
Click the Traffic Light icon to start the program.
Then press OK at the prompts to reboot your PC.

Post the Avenger output.txt, which you can find at C:\Avenger\.txt into your next reply.
Also post a new Hijackthis log please.
Posted Image
Posted Image

#10 SamTheMan

SamTheMan
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:36 AM

Posted 25 April 2007 - 07:32 AM

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\mcyqldyb

*******************

Script file located at: \??\C:\Documents and Settings\jyvwmskc.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:



Folder C:\Program Files\psquery not found!
Deletion of folder C:\Program Files\psquery failed!

Could not process line:
C:\Program Files\psquery
Status: 0xc0000034


Completed script processing.

*******************

Finished! Terminate.



Logfile of HijackThis v1.99.1
Scan saved at 13:29:12, on 25/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Lexmark 2300 Series\lxcgmon.exe
C:\Program Files\Lexmark 2300 Series\ezprint.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\lxcgcoms.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Valve\Steam\Steam.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Pop up Blocker\pd.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo! UK & Ireland
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [LXCGCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [lxcgmon.exe] "C:\Program Files\Lexmark 2300 Series\lxcgmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2300 Series\ezprint.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [TkBellExe] "realsched.exe" -osboot
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Valve\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Pop up Blocker] "C:\Program Files\Pop up Blocker\pd.exe" Minimize
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: PD - {5A6AB63C-F0A6-46DA-9C6D-6747A9E90D29} - C:\Program Files\Pop up Blocker\pd.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15026/CTSUEng.cab
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai.net/f/516/25175/7d/ru...cat-no-eula.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{EDE8B47A-8BEF-4835-B9EE-D5BB9744FE3B}: NameServer = 194.168.8.100,194.168.4.100
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: lxcg_device - - C:\WINDOWS\system32\lxcgcoms.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

Hows it looking old boy?

#11 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:09:36 AM

Posted 25 April 2007 - 07:48 AM

Your log is clean :thumbsup:
If all's ok,please do the following:

Find and delete:
C:\SDFix
C:\Avenger

* Click 'Start'.
* Open 'My Computer'.
* Select the 'Tools' menu and click 'Folder Options'.
* Select the 'View' tab.
* Under the 'Hidden files and folders' heading unselect 'Show hidden files and folders'.
* Re-check the 'Hide file extensions for known types' option.
* Re-check the 'Hide protected operating system files (recommended)' option.
* Click Yes to confirm.
* Click OK.

Click on Start/All Programs/Accessories/System Tools/System Restore.
In the 'System Restore' window,click on the 'Create a Restore Point' button,then click 'Next'.
In the window that appears,enter a description\name for the Restore Point,then click on 'Create',wait,then click 'Close'.
The date and time will be created automatically.

Next click on Start/All Programs/Accessories/System Tools/Disk Cleanup.
The 'Select Drive' box will appear,click on Ok.
The 'Disk Cleanup for [C:]' box will appear,click on the 'More Options' tab.
At the bottom in the 'System Restore' window,click on the 'Clean up...' button.
A box will pop up 'Are you sure you want to delete all but the most recent restore point?',click on 'Yes'.
Click on 'Yes' at 'Are you sure you want to perform these actions?'.
Now wait until 'Disk Cleanup' finishes and the box disappears.

Read through the information found here,to help you prevent any possible future infections.
'How to prevent Malware' by miekiemoes:
http://users.telenet.be/bluepatchy/miekiem...prevention.html
Posted Image
Posted Image

#12 SamTheMan

SamTheMan
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:36 AM

Posted 25 April 2007 - 08:52 AM

Thanks Richie. Its good to know folk like you are out on the net helping novices like us! :thumbsup:

#13 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:09:36 AM

Posted 25 April 2007 - 09:52 AM

You're most welcome SamTheMan :thumbsup:

Since your problem appears to be resolved, this thread will now be closed.
If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request. If you should have a new issue, please start a new topic. This applies only to the original topic starter.
Everyone else please begin a New Topic.
Posted Image
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users