Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijack This Log


  • Please log in to reply
9 replies to this topic

#1 spongebry

spongebry

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:37 AM

Posted 16 May 2007 - 03:23 AM

I'm new here, but I still hope someone can help me with this! Message me if there are any questions. Thanks.



Logfile of HijackThis v1.99.1
Scan saved at 3:06:40 AM, on 5/16/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\kzsmznr\csrss.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Common Files\AOL\1164769115\ee\AOLSoftware.exe
C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Logitech\QuickCam10\COCIManager.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Java\jre1.5.0_11\bin\jucheck.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Apple Software Update\SoftwareUpdate.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\MSN Messenger\livecall.exe
C:\Documents and Settings\spongebry\Desktop\hijack\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/def.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/def...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virushelpzone.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/def...//www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
F3 - REG:win.ini: load=C:\WINDOWS\system32\kzsmznr\csrss.exe
F3 - REG:win.ini: run=C:\WINDOWS\system32\kzsmznr\csrss.exe
O1 - Hosts: 1.1.1.1 f-secure.com
O1 - Hosts: 1.1.1.1 www.f-secure.com
O1 - Hosts: 1.1.1.1 ftp.f-secure.com
O1 - Hosts: 1.1.1.1 ftp.sophos.com
O1 - Hosts: 1.1.1.1 liveupdate.symantec.com
O1 - Hosts: 1.1.1.1 customer.symantec.com
O1 - Hosts: 1.1.1.1 dispatch.mcafee.com
O1 - Hosts: 1.1.1.1 download.mcafee.com
O1 - Hosts: 1.1.1.1 rads.mcafee.com
O1 - Hosts: 1.1.1.1 mast.mcafee.com
O1 - Hosts: 1.1.1.1 my-etrust.com
O1 - Hosts: 1.1.1.1 www.my-etrust.com
O1 - Hosts: 1.1.1.1 nai.com
O1 - Hosts: 1.1.1.1 www.nai.com
O1 - Hosts: 1.1.1.1 networkassociates.com
O1 - Hosts: 1.1.1.1 secure.nai.com
O1 - Hosts: 1.1.1.1 securityresponse.symantec.com
O1 - Hosts: 1.1.1.1 service1.symantec.com
O1 - Hosts: 1.1.1.1 sophos.com
O1 - Hosts: 1.1.1.1 www.sophos.com
O1 - Hosts: 1.1.1.1 support.microsoft.com
O1 - Hosts: 1.1.1.1 symantec.com
O1 - Hosts: 1.1.1.1 www.symantec.com
O1 - Hosts: 1.1.1.1 update.symantec.com
O1 - Hosts: 1.1.1.1 updates.symantec.com
O1 - Hosts: 1.1.1.1 us.mcafee.com
O1 - Hosts: 1.1.1.1 vil.nai.com
O1 - Hosts: 1.1.1.1 viruslist.com
O1 - Hosts: 1.1.1.1 www.viruslist.com
O1 - Hosts: 1.1.1.1 grisoft.com
O1 - Hosts: 1.1.1.1 www.grisoft.com
O1 - Hosts: 1.1.1.1 free.grisoft.com
O1 - Hosts: 1.1.1.1 trendmicro.com
O1 - Hosts: 1.1.1.1 housecall.trendmicro.com
O1 - Hosts: 1.1.1.1 www.trendmicro.com
O1 - Hosts: 1.1.1.1 pandasoftware.com
O1 - Hosts: 1.1.1.1 www.pandasoftware.com
O1 - Hosts: 1.1.1.1 usa.kaspersky.com
O1 - Hosts: 1.1.1.1 ewido.net
O1 - Hosts: 1.1.1.1 www.ewido.net
O1 - Hosts: 1.1.1.1 zonelabs.com
O1 - Hosts: 1.1.1.1 www.zonelabs.com
O1 - Hosts: 1.1.1.1 bitdefender.com
O1 - Hosts: 1.1.1.1 www.bitdefender.com
O1 - Hosts: 1.1.1.1 download.bitdefender.com
O1 - Hosts: 1.1.1.1 upgrade.bitdefender.com
O1 - Hosts: 1.1.1.1 spywareinfo.com
O1 - Hosts: 1.1.1.1 www.spywareinfo.com
O1 - Hosts: 1.1.1.1 merijn.org
O1 - Hosts: 1.1.1.1 www.merijn.org
O1 - Hosts: 1.1.1.1 sysinternals.com
O1 - Hosts: 1.1.1.1 www.sysinternals.com
O1 - Hosts: 1.1.1.1 onguardonline.gov
O1 - Hosts: 1.1.1.1 www.onguardonline.gov
O1 - Hosts: 1.1.1.1 avast.com
O1 - Hosts: 1.1.1.1 www.avast.com
O1 - Hosts: 1.1.1.1 safety.live.com
O1 - Hosts: 1.1.1.1 www.paretologic.com
O1 - Hosts: 1.1.1.1 paretologic.com
O1 - Hosts: 1.1.1.1 virusscan.jotti.org
O1 - Hosts: 1.1.1.1 services.google.com
O1 - Hosts: 1.1.1.1 www.webroot.com
O1 - Hosts: 1.1.1.1 webroot.com
O2 - BHO: Trend Micro Antifraud Toolbar - {06647158-359E-4D10-A8DE-E6145DA90BE9} - C:\PROGRA~1\TRENDM~1\INTERN~1\PccIeBar.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: Trend Micro Antifraud Toolbar - {871F91FD-3A92-4988-A842-16AB2CFF5AF1} - C:\PROGRA~1\TRENDM~1\INTERN~1\PccIeBar.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [Reminder] C:\Windows\CREATOR\Remind_XP.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1164769115\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - Startup: csrss.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=presario&pf=laptop
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200612...ex/qtplugin.cab
O16 - DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} (Hewlett-Packard Online Support Services) - https://h20364.www2.hp.com/CSMWeb/Customer/...DataManager.CAB
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1151039271375
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx
O16 - DPF: {AED98630-0251-4E83-917D-43A23D66D507} (Download Helper Class) - http://activex.microgaming.com/DLhelper/ve...n7/dlhelper.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {D7BF3304-138B-4DD5-86EE-491BB6A2286C} - http://www.globosoft.info/globobar.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://fortunelounge.microgaming.com/generic/FlashAX.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{29D68056-1AA6-48F7-8025-ED4B2F6A1270}: NameServer = 85.255.114.6,85.255.112.157
O17 - HKLM\System\CCS\Services\Tcpip\..\{395DD324-EC7F-4EFD-B54A-359215B9D929}: NameServer = 85.255.114.84,85.255.112.198
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.6 85.255.112.157
O17 - HKLM\System\CS1\Services\Tcpip\..\{29D68056-1AA6-48F7-8025-ED4B2F6A1270}: NameServer = 85.255.114.6,85.255.112.157
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.114.6 85.255.112.157
O17 - HKLM\System\CS2\Services\Tcpip\..\{29D68056-1AA6-48F7-8025-ED4B2F6A1270}: NameServer = 85.255.114.6,85.255.112.157
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.6 85.255.112.157
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Client IP-IPX - Unknown owner - C:\WINDOWS\system32\svchosts.exe" -e te-110-12-0000282 (file missing)
O23 - Service: COM+ Messages - Unknown owner - C:\WINDOWS\system32\svchosts.exe" -e te-110-12-0000282 (file missing)
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

BC AdBot (Login to Remove)

 


#2 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:04:37 PM

Posted 16 May 2007 - 07:38 AM

Welcome to the BleepingComputer HijackThis Logs and Analysis forum spongebry :thumbsup:

Please download MsnVirRem.exe to your desktop:
http://downloads.malwareremoval.com/MsnVirRem.exe
http://www.thespykiller.co.uk/forum/index....=tpmod;dl=item9
http://www.greyknight17.com/spy/MsnVirRem.exe

* First close any other programs you have running as this will require a reboot
* Double click MsnVirRem.exe to run it
* Once open, click the button labelled "Search and Destroy"
<<Your computer will now be scanned for Infected Files>>
* When scanning is finished you will be prompted to reboot only if infected, Click OK
* Now click the "REBOOT" Button.
* After the Reboot, you WILL receive file not found errors (usually 4) please acknowledge them and continue.
* A Message should popup from MsnVirRem if not, double click the program again and it will finish

Post the contents of C:\msnvirrem.log in your next reply.

*************************************

Download HostsXpert 3.8:
http://www.funkytoad.com/download/HostsXpert.zip
1. Extract the zip file to your desktop or a permanent folder on your hard drive.
2. Open the folder and double-click on the Hoster.exe
3. Press "Restore Microsofts Original Hosts File"
4. Press "OK" and exit the program.

Go to:
C:\WINDOWS\System32\drivers\etc\HOSTS.
1) Right-click on the HOSTS file
2) Click Properties
3) You will see a window open,at the bottom of the window to the right of Attributes,check the box that says 'Read-only'.
4) Click Apply/OK.

*************************************

Download and run Fixwareout from the link below:
http://www.bleepingcomputer.com/files/lonny/Fixwareout.exe
After the reboot post the contents of the logfile C:\fixwareout\report.txt in your next reply.

*************************************

Download SDFix.exe and save it to your desktop:
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe

* Double click on SDFix on your desktop,and install the fix to C:\

Please then reboot your computer into Safe Mode by doing the following:

* Restart your computer
* After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
* Instead of Windows loading as normal, a menu with options should appear;
* Select the first option, to run Windows in Safe Mode, then press "Enter".
* Choose your usual account.

* In Safe Mode,go to and open the C:\SDFix folder,then double click on RunThis.bat to start the script.
* Type Y to begin the script.
* It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
* Press any Key and it will restart the PC.
* Your system will take longer that normal to restart as the fixtool will be running and removing files.
* When the desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons.
* Finally open the SDFix folder on your desktop and copy and paste the contents of the results file Report.txt into your next reply.
* Also post a new Hijackthis log please.

Edited by RichieUK, 16 May 2007 - 07:38 AM.

Posted Image
Posted Image

#3 spongebry

spongebry
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:37 AM

Posted 17 May 2007 - 03:00 AM

I've got all the reports listed in order as you specified by download. First it is the MSNVirRem log, then it is the Fixwareout log, then the SDFix log, and finally the HijackThis log. Let me know if you need anything else. Thanks!




MsnVirRem Log by Skate_Punk_21

Please Note: any existing old logs will have now been renamed to msnvirremOLD.log

Fix running from: C:\Documents and Settings\spongebry\Desktop
5/16/2007
11:31:12 PM

---Infection Files Found---
C:\Documents and Settings\spongebry\Start Menu\Programs\Startup\csrss.lnk

Rebooting...
Fixing Registry Permissions...
Editing Registry...
Fixing Host File...
**Fix Complete!**

--------------------------------------------------------------------------------
Fixwareout Last edited 5/15/2007
Post this report in the forums please
...
»»»»»Prerun check
HKLM\SOFTWARE\~\Winlogon\ "System"="kdlhw.exe"

»»»»»

»»»»» Postrun check
HKLM\SOFTWARE\~\Winlogon\ "system"=""
....
....
»»»»» Misc files.
....
»»»»» Checking for older varients.
....

Search five digit cs, dm, kd, jb, other, files.
The following files NEED TO BE SUBMITTED to one of the following URL'S for further inspection.


Click browse, find the file then click submit.
http://www.virustotal.com/flash/index_en.html
Or http://virusscan.jotti.org/

»»»»» Other

»»»»» Current runs
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="\"C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe\""
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_11\\bin\\jusched.exe\""
"HP Software Update"="C:\\Program Files\\Hp\\HP Software Update\\HPWuSchd2.exe"
"SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
"QPService"="\"C:\\Program Files\\HP\\QuickPlay\\QPService.exe\""
"eabconfg.cpl"="C:\\Program Files\\HPQ\\Quick Launch Buttons\\EabServr.exe /Start"
"Cpqset"="C:\\Program Files\\HPQ\\Default Settings\\cpqset.exe"
"RecGuard"="C:\\Windows\\SMINST\\RecGuard.exe"
"Reminder"="C:\\Windows\\CREATOR\\Remind_XP.exe"
"hpWirelessAssistant"="C:\\Program Files\\hpq\\HP Wireless Assistant\\HP Wireless Assistant.exe"
"pccguide.exe"="\"C:\\Program Files\\Trend Micro\\Internet Security 2006\\pccguide.exe\""
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"HostManager"="C:\\Program Files\\Common Files\\AOL\\1164769115\\ee\\AOLSoftware.exe"
"IPHSend"="C:\\Program Files\\Common Files\\AOL\\IPHSend\\IPHSend.exe"
"LogitechCommunicationsManager"="\"C:\\Program Files\\Common

Files\\Logitech\\LComMgr\\Communications_Helper.exe\""
"LogitechQuickCamRibbon"="\"C:\\Program Files\\Logitech\\QuickCam10\\QuickCam10.exe\" /hide"
"LVCOMSX"="\"C:\\Program Files\\Common Files\\Logitech\\LComMgr\\LVComSX.exe\""
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"csrss"=""
"ISUSPM Startup"="C:\\PROGRA~1\\COMMON~1\\INSTAL~1\\UPDATE~1\\ISUSPM.exe -startup"
"ISUSScheduler"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -

start"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Program Files\\Common

Files\\Ahead\\lib\\NMBgMonitor.exe\""
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"MessengerPlus3"="\"C:\\Program Files\\MessengerPlus! 3\\MsgPlus.exe\" /WinStart"
"msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
"Aim6"="\"C:\\Program Files\\Common Files\\AOL\\Launch\\AOLLaunch.exe\" /d locale=en-US

ee://aol/imApp"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"LDM"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480

\\Program\\LogitechDesktopMessenger.exe"
"csrss"=""
@=""
"StartCCC"="C:\\Program Files\\ATI Technologies\\ATI.ACE\\Core-Static\\CLIStart.exe"
....
Hosts file was reset, If you use a custom hosts file please replace it
»»»»» End report »»»»»
---------------------------------------------------------------------------------------

SDFix: Version 1.84

Run by spongebry - Thu 05/17/2007 - 1:05:08.34

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:

Name:
Client IP-IPX
COM+ Messages

ImagePath:
"C:\WINDOWS\system32\svchosts.exe" -e te-110-12-0000282
"C:\WINDOWS\system32\svchosts.exe" -e te-110-12-0000282

Client IP-IPX - Deleted
COM+ Messages - Deleted



Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files:

Below files will be copied to Backups folder then removed:

C:\WINDOWS\system32\unsvchosts.exe - Deleted
C:\WINDOWS\system32\unsvchosts.lzma - Deleted



Removing Temp Files...

ADS Check:

Checking if ADS is attached to system32 Folder
C:\WINDOWS\system32
No streams found.

Checking if ADS is attached to svchost.exe
C:\WINDOWS\system32\svchost.exe
No streams found.



Final Check:

Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\Standa

rdProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program

Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"="C:\\Program Files\\EarthLink

TotalAccess\\TaskPanl.exe:*:Disabled:Earthlink"
"C:\\Program Files\\BearShare\\BearShare.exe"="C:\\Program

Files\\BearShare\\BearShare.exe:*:Enabled:BearShare"
"C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\\Program Files\\Atari\\Civilization III\\Civ3PTW\\Civilization3X.exe"="C:\\Program

Files\\Atari\\Civilization III\\Civ3PTW\\Civilization3X.exe:*:Enabled:Civilization3X"
"C:\\WINDOWS\\system32\\dpnsvr.exe"="C:\\WINDOWS\\system32\\dpnsvr.exe:*:Enabled:Microsoft

DirectPlay8 Server"
"C:\\WINDOWS\\system32\\dxdiag.exe"="C:\\WINDOWS\\system32\\dxdiag.exe:*:Enabled:Microsoft DirectX

Diagnostic Tool"
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"="C:\\Program Files\\Internet

Explorer\\IEXPLORE.EXE:*:Enabled:Internet Explorer"
"C:\\Program Files\\BearFlix\\bearflix.exe"="C:\\Program

Files\\BearFlix\\bearflix.exe:*:Enabled:BearFlix"
"C:\\WINDOWS\\system32\\LEXPPS.EXE"="C:\\WINDOWS\\system32\\LEXPPS.EXE:*:Enabled:LEXPPS.EXE"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!

\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!

\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN

Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe"="C:\\Program Files\\BearShare

Applications\\BearShare\\BearShare.exe:*:Enabled:BearShare"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common

Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\Common Files\\AOL\\1164769115\\ee\\aolsoftware.exe"="C:\\Program Files\\Common

Files\\AOL\\1164769115\\ee\\aolsoftware.exe:*:Enabled:AOL Services"
"C:\\Program Files\\Common Files\\AOL\\1164769115\\ee\\aim6.exe"="C:\\Program Files\\Common

Files\\AOL\\1164769115\\ee\\aim6.exe:*:Enabled:AIM"
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480

\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480

\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\\Documents and Settings\\spongebry\\My Documents\\PS2

junk\\flashfxp\\FlashFXP.exe"="C:\\Documents and Settings\\spongebry\\My Documents\\PS2

junk\\flashfxp\\FlashFXP.exe:*:Enabled:FlashFXP v3"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network

Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN

Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN

Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\Domain

Profile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN

Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480

\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480

\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\\Documents and Settings\\spongebry\\My Documents\\PS2

junk\\flashfxp\\FlashFXP.exe"="C:\\Documents and Settings\\spongebry\\My Documents\\PS2

junk\\flashfxp\\FlashFXP.exe:*:Enabled:FlashFXP v3"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network

Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN

Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN

Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"


Remaining Files:
---------------

Backups Folder: - C:\SDFix\backups\backups.zip

Checking For Files with Hidden Attributes:

C:\Documents and Settings\spongebry\My Documents\20th & Gowin\www.twentiethandgowin.com\Thumbs.db
C:\Documents and Settings\spongebry\SendTo\WLM -

spongebry@hotmail.com\banana_anna75@hotmail.com.lnk
C:\Documents and Settings\spongebry\SendTo\WLM - spongebry@hotmail.com\Desktop.ini
C:\Documents and Settings\spongebry\SendTo\WLM - spongebry@hotmail.com\sk8rgrl167@hotmail.com.lnk
C:\Documents and Settings\spongebry\SendTo\WLM - spongebry@hotmail.com\uuu222333@hotmail.com.lnk
C:\Documents and Settings\spongebry\SendTo\WLM -

spongebry@hotmail.com\votava_tasha88@hotmail.com.lnk
C:\Program Files\Ipswitch\WS_FTP Home\wsftpgui.exe-CommandBars
C:\Documents and Settings\spongebry\My Documents\spongebry's documents\~WRL0003.tmp

Finished
------------------------------------------------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 2:52:40 AM, on 5/17/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PccGuide.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Common Files\AOL\1164769115\ee\AOLSoftware.exe
C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Logitech\QuickCam10\COCIManager.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Java\jre1.5.0_11\bin\jucheck.exe
C:\Documents and Settings\spongebry\Desktop\hijack\HijackThis.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TSC.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =

http://us.rd.yahoo.com/customize/ycomp/def.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =

http://us.rd.yahoo.com/customize/ycomp/def...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/firefox
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?

LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?

LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =

http://us.rd.yahoo.com/customize/ycomp/def...//www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Trend Micro Antifraud Toolbar - {06647158-359E-4D10-A8DE-E6145DA90BE9} - C:\PROGRA~1

\TRENDM~1\INTERN~1\PccIeBar.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program

Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program

Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: Trend Micro Antifraud Toolbar - {871F91FD-3A92-4988-A842-16AB2CFF5AF1} - C:\PROGRA~1

\TRENDM~1\INTERN~1\PccIeBar.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [Reminder] C:\Windows\CREATOR\Remind_XP.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless

Assistant.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1164769115\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common

Files\Logitech\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe"

/hide
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common

Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common

Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US

ee://aol/imApp
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480

\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe

Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0

\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\LogitechDesktopMessenger.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11

\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4

\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network

Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %

windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?

TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=presario&pf=laptop
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) -

http://a1540.g.akamai.net/7/1540/52/200612...ex/qtplugin.cab
O16 - DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} (Hewlett-Packard Online Support Services) -

https://h20364.www2.hp.com/CSMWeb/Customer/...DataManager.CAB
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!

\Common\yinsthelper.dll
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) -

http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -

http://update.microsoft.com/microsoftupdat.../muweb_site.cab?

1151039271375
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) -

https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx
O16 - DPF: {AED98630-0251-4E83-917D-43A23D66D507} (Download Helper Class) -

http://activex.microgaming.com/DLhelper/ve...n7/dlhelper.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -

http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {D7BF3304-138B-4DD5-86EE-491BB6A2286C} - http://www.globosoft.info/globobar.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) -

https://fortunelounge.microgaming.com/generic/FlashAX.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) -

http://driveragent.com/files/driveragent.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1

\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common

Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems

Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-

Packard\Shared\hpqwmiex.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32

\LEXBCES.EXE
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common

files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common

Files\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. -

C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1

\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1

\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1

\INTERN~1\tmproxy.exe

#4 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:04:37 PM

Posted 17 May 2007 - 04:49 AM

The current formatting of your log makes it difficult to read/evaluate.
Open 'Notepad',click on 'Format' at the top,then uncheck 'Word Wrap' if it's checked.

Then post a new Hijackthis log please.
Posted Image
Posted Image

#5 spongebry

spongebry
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:37 AM

Posted 17 May 2007 - 01:55 PM

Here are all the reports with word wrap off. Hope this helps better.


MsnVirRem Log by Skate_Punk_21

Please Note: any existing old logs will have now been renamed to msnvirremOLD.log

Fix running from: C:\Documents and Settings\spongebry\Desktop
5/16/2007
11:31:12 PM

---Infection Files Found---
C:\Documents and Settings\spongebry\Start Menu\Programs\Startup\csrss.lnk

Rebooting...
Fixing Registry Permissions...
Editing Registry...
Fixing Host File...
**Fix Complete!**

--------------------------------------------------------------------------------
Fixwareout Last edited 5/15/2007
Post this report in the forums please
...
»»»»»Prerun check
HKLM\SOFTWARE\~\Winlogon\ "System"="kdlhw.exe"

»»»»»

»»»»» Postrun check
HKLM\SOFTWARE\~\Winlogon\ "system"=""
....
....
»»»»» Misc files.
....
»»»»» Checking for older varients.
....

Search five digit cs, dm, kd, jb, other, files.
The following files NEED TO BE SUBMITTED to one of the following URL'S for further inspection.


Click browse, find the file then click submit.
http://www.virustotal.com/flash/index_en.html
Or http://virusscan.jotti.org/

»»»»» Other

»»»»» Current runs
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="\"C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe\""
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_11\\bin\\jusched.exe\""
"HP Software Update"="C:\\Program Files\\Hp\\HP Software Update\\HPWuSchd2.exe"
"SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
"QPService"="\"C:\\Program Files\\HP\\QuickPlay\\QPService.exe\""
"eabconfg.cpl"="C:\\Program Files\\HPQ\\Quick Launch Buttons\\EabServr.exe /Start"
"Cpqset"="C:\\Program Files\\HPQ\\Default Settings\\cpqset.exe"
"RecGuard"="C:\\Windows\\SMINST\\RecGuard.exe"
"Reminder"="C:\\Windows\\CREATOR\\Remind_XP.exe"
"hpWirelessAssistant"="C:\\Program Files\\hpq\\HP Wireless Assistant\\HP Wireless Assistant.exe"
"pccguide.exe"="\"C:\\Program Files\\Trend Micro\\Internet Security 2006\\pccguide.exe\""
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"HostManager"="C:\\Program Files\\Common Files\\AOL\\1164769115\\ee\\AOLSoftware.exe"
"IPHSend"="C:\\Program Files\\Common Files\\AOL\\IPHSend\\IPHSend.exe"
"LogitechCommunicationsManager"="\"C:\\Program Files\\Common Files\\Logitech\\LComMgr\\Communications_Helper.exe\""
"LogitechQuickCamRibbon"="\"C:\\Program Files\\Logitech\\QuickCam10\\QuickCam10.exe\" /hide"
"LVCOMSX"="\"C:\\Program Files\\Common Files\\Logitech\\LComMgr\\LVComSX.exe\""
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"csrss"=""
"ISUSPM Startup"="C:\\PROGRA~1\\COMMON~1\\INSTAL~1\\UPDATE~1\\ISUSPM.exe -startup"
"ISUSScheduler"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Program Files\\Common Files\\Ahead\\lib\\NMBgMonitor.exe\""
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"MessengerPlus3"="\"C:\\Program Files\\MessengerPlus! 3\\MsgPlus.exe\" /WinStart"
"msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
"Aim6"="\"C:\\Program Files\\Common Files\\AOL\\Launch\\AOLLaunch.exe\" /d locale=en-US ee://aol/imApp"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"LDM"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"
"csrss"=""
@=""
"StartCCC"="C:\\Program Files\\ATI Technologies\\ATI.ACE\\Core-Static\\CLIStart.exe"
....
Hosts file was reset, If you use a custom hosts file please replace it
»»»»» End report »»»»»
---------------------------------------------------------------------------------------

SDFix: Version 1.84

Run by spongebry - Thu 05/17/2007 - 1:05:08.34

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:

Name:
Client IP-IPX
COM+ Messages

ImagePath:
"C:\WINDOWS\system32\svchosts.exe" -e te-110-12-0000282
"C:\WINDOWS\system32\svchosts.exe" -e te-110-12-0000282

Client IP-IPX - Deleted
COM+ Messages - Deleted



Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files:

Below files will be copied to Backups folder then removed:

C:\WINDOWS\system32\unsvchosts.exe - Deleted
C:\WINDOWS\system32\unsvchosts.lzma - Deleted



Removing Temp Files...

ADS Check:

Checking if ADS is attached to system32 Folder
C:\WINDOWS\system32
No streams found.

Checking if ADS is attached to svchost.exe
C:\WINDOWS\system32\svchost.exe
No streams found.



Final Check:

Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"="C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe:*:Disabled:Earthlink"
"C:\\Program Files\\BearShare\\BearShare.exe"="C:\\Program Files\\BearShare\\BearShare.exe:*:Enabled:BearShare"
"C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\\Program Files\\Atari\\Civilization III\\Civ3PTW\\Civilization3X.exe"="C:\\Program Files\\Atari\\Civilization III\\Civ3PTW\\Civilization3X.exe:*:Enabled:Civilization3X"
"C:\\WINDOWS\\system32\\dpnsvr.exe"="C:\\WINDOWS\\system32\\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server"
"C:\\WINDOWS\\system32\\dxdiag.exe"="C:\\WINDOWS\\system32\\dxdiag.exe:*:Enabled:Microsoft DirectX Diagnostic Tool"
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"="C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE:*:Enabled:Internet Explorer"
"C:\\Program Files\\BearFlix\\bearflix.exe"="C:\\Program Files\\BearFlix\\bearflix.exe:*:Enabled:BearFlix"
"C:\\WINDOWS\\system32\\LEXPPS.EXE"="C:\\WINDOWS\\system32\\LEXPPS.EXE:*:Enabled:LEXPPS.EXE"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe"="C:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe:*:Enabled:BearShare"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\Common Files\\AOL\\1164769115\\ee\\aolsoftware.exe"="C:\\Program Files\\Common Files\\AOL\\1164769115\\ee\\aolsoftware.exe:*:Enabled:AOL Services"
"C:\\Program Files\\Common Files\\AOL\\1164769115\\ee\\aim6.exe"="C:\\Program Files\\Common Files\\AOL\\1164769115\\ee\\aim6.exe:*:Enabled:AIM"
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\\Documents and Settings\\spongebry\\My Documents\\PS2 junk\\flashfxp\\FlashFXP.exe"="C:\\Documents and Settings\\spongebry\\My Documents\\PS2 junk\\flashfxp\\FlashFXP.exe:*:Enabled:FlashFXP v3"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\\Documents and Settings\\spongebry\\My Documents\\PS2 junk\\flashfxp\\FlashFXP.exe"="C:\\Documents and Settings\\spongebry\\My Documents\\PS2 junk\\flashfxp\\FlashFXP.exe:*:Enabled:FlashFXP v3"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"


Remaining Files:
---------------

Backups Folder: - C:\SDFix\backups\backups.zip

Checking For Files with Hidden Attributes:

C:\Documents and Settings\spongebry\My Documents\20th & Gowin\www.twentiethandgowin.com\Thumbs.db
C:\Documents and Settings\spongebry\SendTo\WLM - spongebry@hotmail.com\banana_anna75@hotmail.com.lnk
C:\Documents and Settings\spongebry\SendTo\WLM - spongebry@hotmail.com\Desktop.ini
C:\Documents and Settings\spongebry\SendTo\WLM - spongebry@hotmail.com\sk8rgrl167@hotmail.com.lnk
C:\Documents and Settings\spongebry\SendTo\WLM - spongebry@hotmail.com\uuu222333@hotmail.com.lnk
C:\Documents and Settings\spongebry\SendTo\WLM - spongebry@hotmail.com\votava_tasha88@hotmail.com.lnk
C:\Program Files\Ipswitch\WS_FTP Home\wsftpgui.exe-CommandBars
C:\Documents and Settings\spongebry\My Documents\spongebry's documents\~WRL0003.tmp

Finished
------------------------------------------------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 2:52:40 AM, on 5/17/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PccGuide.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Common Files\AOL\1164769115\ee\AOLSoftware.exe
C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Logitech\QuickCam10\COCIManager.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Java\jre1.5.0_11\bin\jucheck.exe
C:\Documents and Settings\spongebry\Desktop\hijack\HijackThis.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TSC.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/def.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/def...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/firefox
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/def...//www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Trend Micro Antifraud Toolbar - {06647158-359E-4D10-A8DE-E6145DA90BE9} - C:\PROGRA~1\TRENDM~1\INTERN~1\PccIeBar.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: Trend Micro Antifraud Toolbar - {871F91FD-3A92-4988-A842-16AB2CFF5AF1} - C:\PROGRA~1\TRENDM~1\INTERN~1\PccIeBar.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [Reminder] C:\Windows\CREATOR\Remind_XP.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1164769115\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=presario&pf=laptop
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200612...ex/qtplugin.cab
O16 - DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} (Hewlett-Packard Online Support Services) - https://h20364.www2.hp.com/CSMWeb/Customer/...DataManager.CAB
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1151039271375
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx
O16 - DPF: {AED98630-0251-4E83-917D-43A23D66D507} (Download Helper Class) - http://activex.microgaming.com/DLhelper/ve...n7/dlhelper.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {D7BF3304-138B-4DD5-86EE-491BB6A2286C} - http://www.globosoft.info/globobar.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://fortunelounge.microgaming.com/generic/FlashAX.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

#6 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:04:37 PM

Posted 17 May 2007 - 02:38 PM

Download/install AVG Anti-Spyware 7.5.

Please follow these instructions very carefully.

Launch/start up AVG Anti-Spyware.
On the main page click the 'Update' tab,and then 'Start Update'.
Note:
If you have any problems running the update process prior to running the scan,download/install the 'Full Database' from here:
http://download.ewido.net/avgas-signatures-full-current.exe

Once the updates have been installed,do the following:
Select the 'Scanner' icon at the top of the screen, then select the 'Settings' tab.
Once in the 'Settings' screen,under 'How to act?',then under 'Set default action for detected malware to:', click on 'Recommended actions',then click on 'Quarantine'.
Under 'Reports' select 'Automatically generate report after every scan' and unselect 'Only if threats were found'.
Exit AVG Anti-Spyware,don't run the scan just yet.

You might want to print/copy the following as you need to be in Safe Mode from here on.

Reboot your computer into SAFE MODE using the F8 method.
To do this,restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly.
A menu will appear with several options.
Use the arrow keys on your keyboard to navigate and select the option to run Windows in "Safe Mode".

Have Hijack This fix the following [If still present], by placing a check in the appropriate boxes and selecting 'Fix checked'.
Make sure all browser and all Windows Explorer windows are closed before fixing:

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O16 - DPF: {AED98630-0251-4E83-917D-43A23D66D507} (Download Helper Class) - http://activex.microgaming.com/DLhelper/ve...n7/dlhelper.cab
O16 - DPF: {D7BF3304-138B-4DD5-86EE-491BB6A2286C} - http://www.globosoft.info/globobar.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://fortunelounge.microgaming.com/generic/FlashAX.cab


Still in Safe Mode launch AVG Anti-Spyware.
Click the 'Scanner' icon at the top.
To start the scan click on 'Complete System Scan'.
Please be patient,it takes a while for the scan to finish.

Once the scan is complete,do the following.
If AVG Anti-Spyware detected any infected objects:,click on 'Apply All Actions'.

Next click on 'Save Report'.
Copy and paste that report into your next reply.
The report can be found under the 'Reports' tab at the top.
Close AVG Anti-Spyware when you've done.
Reboot normally.

Post the AVG Anti Spyware report and a new Hijackthis log into your next reply.
Let me know how your pc is running now please.
Posted Image
Posted Image

#7 spongebry

spongebry
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:37 AM

Posted 19 May 2007 - 01:41 AM

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 2:58:58 AM 5/18/2007

+ Scan result:



C:\Program Files\BearShare\BearShareZangoInstaller.exe/clientax.dll -> Adware.180Solutions : Cleaned with backup (quarantined).
HKU\S-1-5-21-3769626710-3017242760-3309119716-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{202A961F-23AE-42B1-9505-FFE3C818D717} -> Adware.Generic : Cleaned with backup (quarantined).
HKLM\SOFTWARE\New.net -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\Documents and Settings\spongebry\My Documents\spongebry's programs\Nero 7.0.1.2 Ultra Edition with Keygen - English.zip/Nero 7 Keygen from Paradox/Nero7Keygen.exe -> Backdoor.Hupigon : Cleaned with backup (quarantined).
C:\WINDOWS\system32\drivers\nwlnknt.sys -> Not-A-Virus.Monitor.Win32.EliteKeylogger.30 : Cleaned with backup (quarantined).
C:\Documents and Settings\spongebry\Cookies\spongebry@247realmedia[1].txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.135:C:\Documents and Settings\spongebry\Application Data\Mozilla\Firefox\Profiles\ehboo5l9.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.136:C:\Documents and Settings\spongebry\Application Data\Mozilla\Firefox\Profiles\ehboo5l9.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.137:C:\Documents and Settings\spongebry\Application Data\Mozilla\Firefox\Profiles\ehboo5l9.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.897:C:\Documents and Settings\spongebry\Application Data\Mozilla\Firefox\Profiles\ehboo5l9.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\spongebry\Cookies\spongebry@2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\spongebry\Cookies\spongebry@boostmobile.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\spongebry\Cookies\spongebry@canadapost.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\spongebry\Cookies\spongebry@cartoonnetwork.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\spongebry\Cookies\spongebry@cbs.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\spongebry\Cookies\spongebry@metacafe.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\spongebry\Cookies\spongebry@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\spongebry\Cookies\spongebry@netgear.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\spongebry\Cookies\spongebry@paypal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\spongebry\Cookies\spongebry@snagajob.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\spongebry\Cookies\spongebry@aavalue[2].txt -> TrackingCookie.Aavalue : Cleaned.
C:\Documents and Settings\spongebry\Cookies\spongebry@adc.aavalue[2].txt -> TrackingCookie.Aavalue : Cleaned.
C:\Documents and Settings\spongebry\Cookies\spongebry@freemusicconnection.aavalue[1].txt -> TrackingCookie.Aavalue : Cleaned.
C:\Documents and Settings\spongebry\Cookies\spongebry@www.abcsearch[1].txt -> TrackingCookie.Abcsearch : Cleaned.
C:\Documents and Settings\spongebry\Cookies\spongebry@adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\spongebry\Cookies\spongebry@ads.addynamix[1].txt -> TrackingCookie.Addynamix : Cleaned.
:mozilla.776:C:\Documents and Settings\spongebry\Application Data\Mozilla\Firefox\Profiles\ehboo5l9.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.777:C:\Documents and Settings\spongebry\Application Data\Mozilla\Firefox\Profiles\ehboo5l9.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
C:\Documents and Settings\spongebry\Cookies\spongebry@adjuggler[1].txt -> TrackingCookie.Adjuggler : Cleaned.
C:\Documents and Settings\spongebry\Cookies\spongebry@rotator.adjuggler[2].txt -> TrackingCookie.Adjuggler : Cleaned.
C:\Documents and Settings\spongebry\Cookies\spongebry@admarketplace[2].txt -> TrackingCookie.Admarketplace : Cleaned.
:mozilla.184:C:\Documents and Settings\spongebry\Application Data\Mozilla\Firefox\Profiles\ehboo5l9.default\cookies.txt -> TrackingCookie.Adobe : Cleaned.
C:\Documents and Settings\spongebry\Cookies\spongebry@www.adobe[1].txt -> TrackingCookie.Adobe : Cleaned.
C:\Documents and Settings\spongebry\Cookies\spongebry@adrevolver[1].txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.10:C:\Documents and Settings\spongebry\Application Data\Mozilla\Firefox\Profiles\ehboo5l9.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.11:C:\Documents and Settings\spongebry\Application Data\Mozilla\Firefox\Profiles\ehboo5l9.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.12:C:\Documents and Settings\spongebry\Application Data\Mozilla\Firefox\Profiles\ehboo5l9.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.13:C:\Documents and Settings\spongebry\Application Data\Mozilla\Firefox\Profiles\ehboo5l9.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.14:C:\Documents and Settings\spongebry\Application Data\Mozilla\Firefox\Profiles\ehboo5l9.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\spongebry\Cookies\spongebry@advertising[1].txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.183:C:\Documents and Settings\spongebry\Application Data\Mozilla\Firefox\Profiles\ehboo5l9.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.8:C:\Documents and Settings\spongebry\Application Data\Mozilla\Firefox\Profiles\ehboo5l9.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\spongebry\Cookies\spongebry@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\spongebry\Cookies\spongebry@bluestreak[2].txt -> TrackingCookie.Bluestreak : Cleaned.
C:\Documents and Settings\spongebry\Cookies\spongebry@citi.bridgetrack[1].txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.480:C:\Documents and Settings\spongebry\Application Data\Mozilla\Firefox\Profiles\ehboo5l9.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned.
C:\Documents and Settings\spongebry\Cookies\spongebry@www.burstbeacon[1].txt -> TrackingCookie.Burstbeacon : Cleaned.
C:\Documents and Settings\spongebry\Cookies\spongebry@burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.39:C:\Documents and Settings\spongebry\Application Data\Mozilla\Firefox\Profiles\ehboo5l9.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.40:C:\Documents and Settings\spongebry\Application Data\Mozilla\Firefox\Profiles\ehboo5l9.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.41:C:\Documents and Settings\spongebry\Application Data\Mozilla\Firefox\Profiles\ehboo5l9.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.42:C:\Documents and Settings\spongebry\Application Data\Mozilla\Firefox\Profiles\ehboo5l9.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.43:C:\Documents and Settings\spongebry\Application Data\Mozilla\Firefox\Profiles\ehboo5l9.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
C:\Documents and Settings\spongebry\Cookies\spongebry@casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned.
C:\Documents and Settings\spongebry\Cookies\spongebry@ads.cnn[1].txt -> TrackingCookie.Cnn : Cleaned.
C:\Documents and Settings\spongebry\Cookies\spongebry@com[1].txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\spongebry\Cookies\spongebry@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.98:C:\Documents and Settings\spongebry\Application Data\Mozilla\Firefox\Profiles\ehboo5l9.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\spongebry\Cookies\spongebry@doubleclick[2].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\spongebry\Cookies\spongebry@enhance[2].txt -> TrackingCookie.Enhance : Cleaned.
C:\Documents and Settings\spongebry\Cookies\spongebry@e-2dj6wakoqjcpebp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\spongebry\Cookies\spongebry@e-2dj6wbkispcjkap.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\spongebry\Cookies\spongebry@e-2dj6wbkyuocjieo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\spongebry\Cookies\spongebry@e-2dj6wbliuldzwbq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\spongebry\Cookies\spongebry@e-2dj6wfk4uhcpceo.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\spongebry\Cookies\spongebry@e-2dj6wfkykjd5acp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\spongebry\Cookies\spongebry@e-2dj6wfliahajggo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\spongebry\Cookies\spongebry@e-2dj6wgmiepdzsfo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\spongebry\Cookies\spongebry@e-2dj6wjk4gpdjmeq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\spongebry\Cookies\spongebry@e-2dj6wjkoqkd5clp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\spongebry\Cookies\spongebry@e-2dj6wjkygoc5ceq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\spongebry\Cookies\spongebry@e-2dj6wjkyooajcaq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\spongebry\Cookies\spongebry@e-2dj6wjloqiajgkp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\spongebry\Cookies\spongebry@e-2dj6wjlosoazsep.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\spongebry\Cookies\spongebry@e-2dj6wjlyqmazmhq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\spongebry\Cookies\spongebry@e-2dj6wjmiahczsbp.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\spongebry\Cookies\spongebry@e-2dj6wjmismd5wco.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\spongebry\Cookies\spongebry@e-2dj6wjmychd5ofo.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\spongebry\Cookies\spongebry@e-2dj6wjmyolazwhq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\spongebry\Cookies\spongebry@e-2dj6wjny-1mczah.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\spongebry\Cookies\spongebry@e-2dj6wjnycgcpcao.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\spongebry\Cookies\spongebry@adopt.euroclick[1].txt -> TrackingCookie.Euroclick : Cleaned.
C:\Documents and Settings\spongebry\Cookies\spongebry@as-us.falkag[1].txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.123:C:\Documents and Settings\spongebry\Application Data\Mozilla\Firefox\Profiles\ehboo5l9.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.124:C:\Documents and Settings\spongebry\Application Data\Mozilla\Firefox\Profiles\ehboo5l9.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.125:C:\Documents and Settings\spongebry\Application Data\Mozilla\Firefox\Profiles\ehboo5l9.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.126:C:\Documents and Settings\spongebry\Application Data\Mozilla\Firefox\Profiles\ehboo5l9.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\spongebry\Cookies\spongebry@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\spongebry\Cookies\spongebry@hit.gemius[1].txt -> TrackingCookie.Gemius : Cleaned.
C:\Documents and Settings\spongebry\Cookies\spongebry@goclick[2].txt -> TrackingCookie.Goclick : Cleaned.
C:\Documents and Settings\spongebry\Cookies\spongebry@ehg-ati.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\spongebry\Cookies\spongebry@ehg-findlaw.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\spongebry\Cookies\spongebry@ehg-melbourneit.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\spongebry\Cookies\spongebry@hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\spongebry\Cookies\spongebry@hotlog[1].txt -> TrackingCookie.Hotlog : Cleaned.
:mozilla.188:C:\Documents and Settings\spongebry\Application Data\Mozilla\Firefox\Profiles\ehboo5l9.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.189:C:\Documents and Settings\spongebry\Application Data\Mozilla\Firefox\Profiles\ehboo5l9.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
C:\Documents and Settings\spongebry\Cookies\spongebry@info[1].txt -> TrackingCookie.Info : Cleaned.
:mozilla.796:C:\Documents and Settings\spongebry\Application Data\Mozilla\Firefox\Profiles\ehboo5l9.default\cookies.txt -> TrackingCookie.Information : Cleaned.
C:\Documents and Settings\spongebry\Cookies\spongebry@searchportal.information[1].txt -> TrackingCookie.Information : Cleaned.
C:\Documents and Settings\spongebry\Cookies\spongebry@kmpads[2].txt -> TrackingCookie.Kmpads : Cleaned.
:mozilla.788:C:\Documents and Settings\spongebry\Application Data\Mozilla\Firefox\Profiles\ehboo5l9.default\cookies.txt -> TrackingCookie.Live : Cleaned.
:mozilla.789:C:\Documents and Settings\spongebry\Application Data\Mozilla\Firefox\Profiles\ehboo5l9.default\cookies.txt -> TrackingCookie.Live : Cleaned.
:mozilla.790:C:\Documents and Settings\spongebry\Application Data\Mozilla\Firefox\Profiles\ehboo5l9.default\cookies.txt -> TrackingCookie.Live : Cleaned.
C:\Documents and Settings\spongebry\Cookies\spongebry@search.live[2].txt -> TrackingCookie.Live : Cleaned.
:mozilla.799:C:\Documents and Settings\spongebry\Application Data\Mozilla\Firefox\Profiles\ehboo5l9.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.800:C:\Documents and Settings\spongebry\Application Data\Mozilla\Firefox\Profiles\ehboo5l9.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.801:C:\Documents and Settings\spongebry\Application Data\Mozilla\Firefox\Profiles\ehboo5l9.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.816:C:\Documents and Settings\spongebry\Application Data\Mozilla\Firefox\Profiles\ehboo5l9.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.827:C:\Documents and Settings\spongebry\Application Data\Mozilla\Firefox\Profiles\ehboo5l9.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.828:C:\Documents and Settings\spongebry\Application Data\Mozilla\Firefox\Profiles\ehboo5l9.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
C:\Documents and Settings\spongebry\Cookies\spongebry@sec1.liveperson[1].txt -> TrackingCookie.Liveperson : Cleaned.
C:\Documents and Settings\spongebry\Cookies\spongebry@server.iad.liveperson[1].txt -> TrackingCookie.Liveperson : Cleaned.
C:\Documents and Settings\spongebry\Cookies\spongebry@server.lon.liveperson[3].txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.133:C:\Documents and Settings\spongebry\Application Data\Mozilla\Firefox\Profiles\ehboo5l9.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\spongebry\Cookies\spongebry@mediaplex[2].txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.810:C:\Documents and Settings\spongebry\Application Data\Mozilla\Firefox\Profiles\ehboo5l9.default\cookies.txt -> TrackingCookie.Msn : Cleaned.
:mozilla.811:C:\Documents and Settings\spongebry\Application Data\Mozilla\Firefox\Profiles\ehboo5l9.default\cookies.txt -> TrackingCookie.Msn : Cleaned.
:mozilla.812:C:\Documents and Settings\spongebry\Application Data\Mozilla\Firefox\Profiles\ehboo5l9.default\cookies.txt -> TrackingCookie.Msn : Cleaned.
C:\Documents and Settings\spongebry\Cookies\spongebry@search.msn[2].txt -> TrackingCookie.Msn : Cleaned.
:mozilla.72:C:\Documents and Settings\spongebry\Application Data\Mozilla\Firefox\Profiles\ehboo5l9.default\cookies.txt -> TrackingCookie.Netflame : Cleaned.
C:\Documents and Settings\spongebry\Cookies\spongebry@ssl-hints.netflame[1].txt -> TrackingCookie.Netflame : Cleaned.
:mozilla.911:C:\Documents and Settings\spongebry\Application Data\Mozilla\Firefox\Profiles\ehboo5l9.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.938:C:\Documents and Settings\spongebry\Application Data\Mozilla\Firefox\Profiles\ehboo5l9.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\spongebry\Cookies\spongebry@data2.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\spongebry\Cookies\spongebry@overture[2].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\spongebry\Cookies\spongebry@perf.overture[1].txt -> TrackingCookie.Overture : Cleaned.
:mozilla.311:C:\Documents and Settings\spongebry\Application Data\Mozilla\Firefox\Profiles\ehboo5l9.default\cookies.txt -> TrackingCookie.Paypal : Cleaned.
C:\Documents and Settings\spongebry\Cookies\spongebry@www.paypal[1].txt -> TrackingCookie.Paypal : Cleaned.
C:\Documents and Settings\spongebry\Cookies\spongebry@ads.pointroll[1].txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.862:C:\Documents and Settings\spongebry\Application Data\Mozilla\Firefox\Profiles\ehboo5l9.default\cookies.txt -> TrackingCookie.Pro-market : Cleaned.
:mozilla.894:C:\Documents and Settings\spongebry\Application Data\Mozilla\Firefox\Profiles\ehboo5l9.default\cookies.txt -> TrackingCookie.Pro-market : Cleaned.
C:\Documents and Settings\spongebry\Cookies\spongebry@pro-market[2].txt -> TrackingCookie.Pro-market : Cleaned.
:mozilla.200:C:\Documents and Settings\spongebry\Application Data\Mozilla\Firefox\Profiles\ehboo5l9.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.201:C:\Documents and Settings\spongebry\Application Data\Mozilla\Firefox\Profiles\ehboo5l9.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\spongebry\Cookies\spongebry@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.157:C:\Documents and Settings\spongebry\Application Data\Mozilla\Firefox\Profiles\ehboo5l9.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.158:C:\Documents and Settings\spongebry\Application Data\Mozilla\Firefox\Profiles\ehboo5l9.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
C:\Documents and Settings\spongebry\Cookies\spongebry@realmedia[2].txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.682:C:\Documents and Settings\spongebry\Application Data\Mozilla\Firefox\Profiles\ehboo5l9.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.718:C:\Documents and Settings\spongebry\Application Data\Mozilla\Firefox\Profiles\ehboo5l9.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.719:C:\Documents and Settings\spongebry\Application Data\Mozilla\Firefox\Profiles\ehboo5l9.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.723:C:\Documents and Settings\spongebry\Application Data\Mozilla\Firefox\Profiles\ehboo5l9.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.724:C:\Documents and Settings\spongebry\Application Data\Mozilla\Firefox\Profiles\ehboo5l9.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
C:\Documents and Settings\spongebry\Cookies\spongebry@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.73:C:\Documents and Settings\spongebry\Application Data\Mozilla\Firefox\Profiles\ehboo5l9.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.74:C:\Documents and Settings\spongebry\Application Data\Mozilla\Firefox\Profiles\ehboo5l9.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.75:C:\Documents and Settings\spongebry\Application Data\Mozilla\Firefox\Profiles\ehboo5l9.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.76:C:\Documents and Settings\spongebry\Application Data\Mozilla\Firefox\Profiles\ehboo5l9.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.77:C:\Documents and Settings\spongebry\Application Data\Mozilla\Firefox\Profiles\ehboo5l9.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.78:C:\Documents and Settings\spongebry\Application Data\Mozilla\Firefox\Profiles\ehboo5l9.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
C:\Documents and Settings\spongebry\Cookies\spongebry@revsci[2].txt -> TrackingCookie.Revsci : Cleaned.
C:\Documents and Settings\spongebry\Cookies\spongebry@edge.ru4[1].txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.829:C:\Documents and Settings\spongebry\Application Data\Mozilla\Firefox\Profiles\ehboo5l9.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.830:C:\Documents and Settings\spongebry\Application Data\Mozilla\Firefox\Profiles\ehboo5l9.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.831:C:\Documents and Settings\spongebry\Application Data\Mozilla\Firefox\Profiles\ehboo5l9.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.833:C:\Documents and Settings\spongebry\Application Data\Mozilla\Firefox\Profiles\ehboo5l9.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.834:C:\Documents and Settings\spongebry\Application Data\Mozilla\Firefox\Profiles\ehboo5l9.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\spongebry\Cookies\spongebry@bs.serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\spongebry\Cookies\spongebry@serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.660:C:\Documents and Settings\spongebry\Application Data\Mozilla\Firefox\Profiles\ehboo5l9.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.722:C:\Documents and Settings\spongebry\Application Data\Mozilla\Firefox\Profiles\ehboo5l9.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.731:C:\Documents and Settings\spongebry\Application Data\Mozilla\Firefox\Profiles\ehboo5l9.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.755:C:\Documents and Settings\spongebry\Application Data\Mozilla\Firefox\Profiles\ehboo5l9.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
C:\Documents and Settings\spongebry\Cookies\spongebry@adopt.specificclick[1].txt -> TrackingCookie.Specificclick : Cleaned.
C:\Documents and Settings\spongebry\Cookies\spongebry@specificclick[2].txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.648:C:\Documents and Settings\spongebry\Application Data\Mozilla\Firefox\Profiles\ehboo5l9.default\cookies.txt -> TrackingCookie.Starware : Cleaned.
C:\Documents and Settings\spongebry\Cookies\spongebry@h.starware[1].txt -> TrackingCookie.Starware : Cleaned.
C:\Documents and Settings\spongebry\Cookies\spongebry@try.starware[1].txt -> TrackingCookie.Starware : Cleaned.
:mozilla.736:C:\Documents and Settings\spongebry\Application Data\Mozilla\Firefox\Profiles\ehboo5l9.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.737:C:\Documents and Settings\spongebry\Application Data\Mozilla\Firefox\Profiles\ehboo5l9.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.738:C:\Documents and Settings\spongebry\Application Data\Mozilla\Firefox\Profiles\ehboo5l9.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\spongebry\Cookies\spongebry@anat.tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\spongebry\Cookies\spongebry@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.580:C:\Documents and Settings\spongebry\Application Data\Mozilla\Firefox\Profiles\ehboo5l9.default\cookies.txt -> TrackingCookie.Toplist : Cleaned.
C:\Documents and Settings\spongebry\Cookies\spongebry@toplist[1].txt -> TrackingCookie.Toplist : Cleaned.
C:\Documents and Settings\spongebry\Cookies\spongebry@login.tracking101[1].txt -> TrackingCookie.Tracking101 : Cleaned.
:mozilla.586:C:\Documents and Settings\spongebry\Application Data\Mozilla\Firefox\Profiles\ehboo5l9.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
C:\Documents and Settings\spongebry\Cookies\spongebry@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.146:C:\Documents and Settings\spongebry\Application Data\Mozilla\Firefox\Profiles\ehboo5l9.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.147:C:\Documents and Settings\spongebry\Application Data\Mozilla\Firefox\Profiles\ehboo5l9.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.148:C:\Documents and Settings\spongebry\Application Data\Mozilla\Firefox\Profiles\ehboo5l9.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.149:C:\Documents and Settings\spongebry\Application Data\Mozilla\Firefox\Profiles\ehboo5l9.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.150:C:\Documents and Settings\spongebry\Application Data\Mozilla\Firefox\Profiles\ehboo5l9.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.151:C:\Documents and Settings\spongebry\Application Data\Mozilla\Firefox\Profiles\ehboo5l9.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.152:C:\Documents and Settings\spongebry\Application Data\Mozilla\Firefox\Profiles\ehboo5l9.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
C:\Documents and Settings\spongebry\Cookies\spongebry@trafficmp[2].txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.127:C:\Documents and Settings\spongebry\Application Data\Mozilla\Firefox\Profiles\ehboo5l9.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.128:C:\Documents and Settings\spongebry\Application Data\Mozilla\Firefox\Profiles\ehboo5l9.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\spongebry\Cookies\spongebry@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\spongebry\Cookies\spongebry@reduxads.valuead[1].txt -> TrackingCookie.Valuead : Cleaned.
C:\Documents and Settings\spongebry\Cookies\spongebry@web-stat[1].txt -> TrackingCookie.Web-stat : Cleaned.
C:\Documents and Settings\spongebry\Cookies\spongebry@m.webtrends[1].txt -> TrackingCookie.Webtrends : Cleaned.
C:\Documents and Settings\spongebry\Cookies\spongebry@statse.webtrendslive[2].txt -> TrackingCookie.Webtrendslive : Cleaned.
C:\Documents and Settings\spongebry\Cookies\spongebry@clickthrough.wegcash[2].txt -> TrackingCookie.Wegcash : Cleaned.
C:\Documents and Settings\spongebry\Cookies\spongebry@yadro[2].txt -> TrackingCookie.Yadro : Cleaned.
:mozilla.117:C:\Documents and Settings\spongebry\Application Data\Mozilla\Firefox\Profiles\ehboo5l9.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.118:C:\Documents and Settings\spongebry\Application Data\Mozilla\Firefox\Profiles\ehboo5l9.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.119:C:\Documents and Settings\spongebry\Application Data\Mozilla\Firefox\Profiles\ehboo5l9.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\spongebry\Cookies\spongebry@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.175:C:\Documents and Settings\spongebry\Application Data\Mozilla\Firefox\Profiles\ehboo5l9.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.176:C:\Documents and Settings\spongebry\Application Data\Mozilla\Firefox\Profiles\ehboo5l9.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.177:C:\Documents and Settings\spongebry\Application Data\Mozilla\Firefox\Profiles\ehboo5l9.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.178:C:\Documents and Settings\spongebry\Application Data\Mozilla\Firefox\Profiles\ehboo5l9.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
C:\Documents and Settings\spongebry\Cookies\spongebry@zedo[1].txt -> TrackingCookie.Zedo : Cleaned.


::Report end






Logfile of HijackThis v1.99.1
Scan saved at 1:36:50 AM, on 5/19/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe
C:\Program Files\Common Files\AOL\1164769115\ee\AOLSoftware.exe
C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Logitech\QuickCam10\COCIManager.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\MSN Messenger\livecall.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\spongebry\Desktop\Other Things\hijack\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/def.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/def...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/firefox
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/def...//www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Trend Micro Antifraud Toolbar - {06647158-359E-4D10-A8DE-E6145DA90BE9} - C:\PROGRA~1\TRENDM~1\INTERN~1\PccIeBar.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O3 - Toolbar: Trend Micro Antifraud Toolbar - {871F91FD-3A92-4988-A842-16AB2CFF5AF1} - C:\PROGRA~1\TRENDM~1\INTERN~1\PccIeBar.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [Reminder] C:\Windows\CREATOR\Remind_XP.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1164769115\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=presario&pf=laptop
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200612...ex/qtplugin.cab
O16 - DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} (Hewlett-Packard Online Support Services) - https://h20364.www2.hp.com/CSMWeb/Customer/...DataManager.CAB
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1151039271375
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

#8 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:04:37 PM

Posted 19 May 2007 - 01:54 AM

You're log is clean,hows your pc running now.
Posted Image
Posted Image

#9 spongebry

spongebry
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:37 AM

Posted 20 May 2007 - 10:13 PM

Well it is kinda fine now. Firefox has now rid itself of the www.virushelpzone.com homepage, and I can finally set it to Google or whatever. IE7 now accepts Google as my homepage as well. There are still a couple minor bugs and tweaks, as to why my USB ports suddenly decide to rebel against me while working everyday previous to that incident, but that fix will have to wait until a later time, like when I've become 50 points smarter in the computer realm. :D

So far everything is fine and I am glad that you were able to help me out, even with all my massive amounts of syntax and data I had to send to you. Thanks a BUNNNNNNNNNNNNCH!!!

#10 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:04:37 PM

Posted 21 May 2007 - 01:58 AM

Your log is clean :thumbsup:
If all's ok,please do the following:

You can now delete all the tools we've used,you're done with those now.

Click on Start/All Programs/Accessories/System Tools/System Restore.
In the 'System Restore' window,click on the 'Create a Restore Point' button,then click 'Next'.
In the window that appears,enter a description\name for the Restore Point,then click on 'Create',wait,then click 'Close'.
The date and time will be created automatically.

Next click on Start/All Programs/Accessories/System Tools/Disk Cleanup.
The 'Select Drive' box will appear,click on Ok.
The 'Disk Cleanup for [C:]' box will appear,click on the 'More Options' tab.
At the bottom in the 'System Restore' window,click on the 'Clean up...' button.
A box will pop up 'Are you sure you want to delete all but the most recent restore point?',click on 'Yes'.
Click on 'Yes' at 'Are you sure you want to perform these actions?'.
Now wait until 'Disk Cleanup' finishes and the box disappears.

Read through the information found here,to help you prevent any possible future infections.
'How to prevent Malware' by miekiemoes:
http://users.telenet.be/bluepatchy/miekiem...prevention.html
Posted Image
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users