Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Some Kind Of Replicating Virus, Trojan, Worm?


  • This topic is locked This topic is locked
24 replies to this topic

#1 kguilfoy

kguilfoy

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:03:23 PM

Posted 24 May 2007 - 10:36 PM

I received an email from comcast saying that my computer was sending out spam emails. Daughter clicked on a link from AIM a few weeks ago. Pretty sure that is where it came from.
I have run the following programs:
Spybot S&D
Ad-Aware
Stinger
StopZilla
McAfee virus scan

Still have a new executable file show up in my C:\WINDOWS\SYSTEM32 folder every time I restart the computer.

Logfile of HijackThis v1.99.1
Scan saved at 11:25:40 PM, on 5/24/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\Debug\secsrv.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\System32\hphmon04.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Windows\system32\HpSrvUI.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us4.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us4.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.iwon.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ms101.mysearch.com/sa/srchlft.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: ZILLAbar BHO - {1827766B-9F49-4854-8034-F6EE26FCB1EC} - C:\Program Files\STOPzilla!\ZB2.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5a39879e-fac6-42dd-b637-7da9ac352e42} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: STOPzilla - {98828DED-A591-462F-83BA-D2F62A68B8B8} - C:\Program Files\STOPzilla!\ZB2.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\System32\hphmon04.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [checktime] c:\program files\HPSelect\Frontend\ct.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [PreloadApp] c:\hp\drivers\printers\photosmart\hphprld.exe c:\hp\drivers\printers\photosmart\setup.exe -d
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [hp Silent Service] C:\Windows\system32\HpSrvUI.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [qqlfhi] C:\WINDOWS\system32\qqlfhi.exe
O4 - HKLM\..\Run: [ir] C:\WINDOWS\system32\ir.exe
O4 - HKLM\..\Run: [xogmkxlz] C:\WINDOWS\system32\xogmkxlz.exe
O4 - HKLM\..\Run: [xdrqigm] C:\WINDOWS\system32\xdrqigm.exe
O4 - HKLM\..\Run: [xgvlacksxsj] C:\WINDOWS\system32\xgvlacksxsj.exe
O4 - HKLM\..\Run: [pfel] C:\WINDOWS\system32\pfel.exe
O4 - HKLM\..\Run: [gemvctqwu] C:\WINDOWS\system32\gemvctqwu.exe
O4 - HKLM\..\Run: [lpasfnyfxem] C:\WINDOWS\system32\lpasfnyfxem.exe
O4 - HKLM\..\Run: [unl] C:\WINDOWS\system32\unl.exe
O4 - HKLM\..\Run: [aqxuyxmt] C:\WINDOWS\system32\aqxuyxmt.exe
O4 - HKLM\..\Run: [wrphxqe] C:\WINDOWS\system32\wrphxqe.exe
O4 - HKLM\..\Run: [fqdjt] C:\WINDOWS\system32\fqdjt.exe
O4 - HKLM\..\Run: [sftbggw] C:\WINDOWS\system32\sftbggw.exe
O4 - HKLM\..\RunServices: [wrphxqe] C:\WINDOWS\system32\wrphxqe.exe
O4 - HKLM\..\RunServices: [fqdjt] C:\WINDOWS\system32\fqdjt.exe
O4 - HKLM\..\RunServices: [sftbggw] C:\WINDOWS\system32\sftbggw.exe
O4 - HKCU\..\Run: [Microsoft Works Update Detection] c:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...arch.jhtml?p=ZJ
O8 - Extra context menu item: Open Client to Monitor &1 - C:\WINDOWS\web\AOpenClient.htm
O8 - Extra context menu item: Open Client to Monitor &2 - C:\WINDOWS\web\AOpenClient.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Owner\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .morningstarfarms[1]: C:\Program Files\Netscape\Netscape Browser\PLUGINS\npTrident.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://*.windowsupdate.com
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab34120.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab32846.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1408.g.akamai.net/7/1408/9955/2003...iTunesSetup.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://207.188.7.150/026dcdc5f6458f5bc515/netzip/RdxIE2.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab32846.cab
O16 - DPF: {75565ED2-1560-4F15-B841-20358DE6A0D1} (ImageControl Class) - http://content.ancestry.com/asfiles/files/...ll/MFImgVwr.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {95B5D20C-BD31-4489-8ABF-F8C8BE748463} (ZPA_HRTZ Object) - http://zone.msn.com/bingame/zpagames/zpa_hrtz.cab37625.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://zone.msn.com/binGame/ZAxRcMgr.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O16 - DPF: {CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0_01) -
O16 - DPF: {D9EA64B2-B966-E177-332C-78B69886526D} - http://download.newaol.com/bkpromo/downloa...formerSetup.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/binframework/v10/StProxy.cab35645.cab
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zone.msn.com/binary/WoF.cab31267.cab
O16 - DPF: {EDFCDAF5-95D9-40E9-BBE6-10C33190C3EF} (cGameControl Class) - http://zone.msn.com/bingame/rmcb/default/RumbleCube.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe (file missing)
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\System32\HPHipm11.exe
O23 - Service: Provides secure connections to internet and LAN computers. (Security Encryption Server) - Unknown owner - C:\WINDOWS\Debug\secsrv.exe
O23 - Service: STOPzilla Service (szserver) - iS3, Inc. - C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Print Spooler Service (y3rjped3) - Unknown owner - C:\WINDOWS\system32\gqyikxh.exe

BC AdBot (Login to Remove)

 


#2 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:09:23 PM

Posted 25 May 2007 - 04:12 AM

Welcome to the BleepingComputer HijackThis Logs and Analysis forum kguilfoy :thumbsup:

Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad".
This will change from what we know in 2006 read this article:
http://www.clickz.com/news/article.php/3561546

You are well advised to remove the program now.
Go to Start > Settings > Control Panel > Add/Remove Programs and remove the following programs if present:

Viewpoint
Viewpoint Manager
Viewpoint Media Player


Then restart your pc.

**************************

Download SDFix.exe and save it to your desktop:
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe

* Double click on SDFix on your desktop,and install the fix to C:\

Please then reboot your computer into Safe Mode by doing the following:

* Restart your computer
* After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
* Instead of Windows loading as normal, a menu with options should appear;
* Select the first option, to run Windows in Safe Mode, then press "Enter".
* Choose your usual account.

* In Safe Mode,go to and open the C:\SDFix folder,then double click on RunThis.bat to start the script.
* Type Y to begin the script.
* It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
* Press any Key and it will restart the PC.
* Your system will take longer that normal to restart as the fixtool will be running and removing files.
* When the desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons.
* Finally open the SDFix folder on your desktop and copy and paste the contents of the results file Report.txt into your next reply.
* Also post a new Hijackthis log please.

Posted Image
Posted Image

#3 kguilfoy

kguilfoy
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:03:23 PM

Posted 25 May 2007 - 06:26 PM

Hi Richie, thanks for responding so quick. I have followed your directions and here are the 2 reports you requested.


SDFix: Version 1.85

Run by Owner - Fri 05/25/2007 - 18:06:51.29

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:

Name:
y3rjped3

ImagePath:
C:\WINDOWS\system32\witgpq.exe /service

y3rjped3 - Deleted



Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files:

No Trojan Files Found




Removing Temp Files...

ADS Check:

Checking if ADS is attached to system32 Folder
C:\WINDOWS\system32
No streams found.

Checking if ADS is attached to svchost.exe
C:\WINDOWS\system32\svchost.exe
No streams found.



Final Check:

Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\hp center\\137903\\Program\\BackWeb-137903.exe"="C:\\Program Files\\hp center\\137903\\Program\\BackWeb-137903.exe:*:Disabled:BackWeb-137903"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 7.0"
"C:\\Program Files\\AIM6\\aim6.exe"="C:\\Program Files\\AIM6\\aim6.exe:*:Enabled:AIM"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Netscape\\Netscape Browser\\netscape.exe"="C:\\Program Files\\Netscape\\Netscape Browser\\netscape.exe:*:Enabled:Netscape"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"="C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe:*:Enabled:McAfee Network Agent"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 7.0"

Remaining Files:
---------------


Checking For Files with Hidden Attributes:

C:\Documents and Settings\Owner\NetHood\filetransfer on www.bestenroll.com\Desktop.ini
C:\Documents and Settings\Owner\NetHood\upload.comcast.net\Desktop.ini
C:\Documents and Settings\Owner\NetHood\zg.bfgservers.com\Desktop.ini
C:\Program Files\Common Files\Adobe\ESD\DLMCleanup.exe
C:\WINDOWS\Debug\secsrv.exe
C:\3vzjawja.sys
C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp
C:\Documents and Settings\Owner\Application Data\Microsoft\Office\Shortcut Bar\Off5F6.tmp
C:\Documents and Settings\Owner\Application Data\Microsoft\Word\~WRL0042.tmp
C:\Documents and Settings\Owner\My Documents\Cindy's Files\~WRL0549.tmp
C:\Documents and Settings\Owner\My Documents\Cindy's Files\~WRL1188.tmp
C:\Documents and Settings\Owner\My Documents\Cindy's Files\~WRL1266.tmp
C:\Documents and Settings\Owner\My Documents\Cindy's Files\~WRL2633.tmp
C:\Documents and Settings\Owner\My Documents\Cindy's Files\~WRL3474.tmp
C:\Documents and Settings\Owner\My Documents\Cindy's Files\PaintJOBS\~WRL0003.tmp
C:\Documents and Settings\Owner\My Documents\Cindy's Files\PaintJOBS\~WRL0005.tmp
C:\Documents and Settings\Owner\My Documents\Cindy's Files\PaintJOBS\~WRL0474.tmp
C:\Documents and Settings\Owner\My Documents\Cindy's Files\PaintJOBS\~WRL0992.tmp
C:\Documents and Settings\Owner\My Documents\Cindy's Files\PaintJOBS\~WRL2570.tmp
C:\Documents and Settings\Owner\My Documents\Cindy's Files\PaintJOBS\~WRL3062.tmp
C:\Documents and Settings\Owner\My Documents\Cindy's Files\PaintJOBS\~WRL3466.tmp
C:\~QTWTMP.TMP\QTINSTAL.GID

Finished



Logfile of HijackThis v1.99.1
Scan saved at 7:19:55 PM, on 5/25/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\Debug\secsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\STOPzilla!\STOPzilla.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\WINDOWS\System32\notepad.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
C:\WINDOWS\System32\hphmon04.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Windows\system32\HpSrvUI.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us4.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us4.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.iwon.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ms101.mysearch.com/sa/srchlft.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: ZILLAbar BHO - {1827766B-9F49-4854-8034-F6EE26FCB1EC} - C:\Program Files\STOPzilla!\ZB2.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5a39879e-fac6-42dd-b637-7da9ac352e42} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: STOPzilla - {98828DED-A591-462F-83BA-D2F62A68B8B8} - C:\Program Files\STOPzilla!\ZB2.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\System32\hphmon04.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [checktime] c:\program files\HPSelect\Frontend\ct.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [PreloadApp] c:\hp\drivers\printers\photosmart\hphprld.exe c:\hp\drivers\printers\photosmart\setup.exe -d
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [hp Silent Service] C:\Windows\system32\HpSrvUI.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [qqlfhi] C:\WINDOWS\system32\qqlfhi.exe
O4 - HKLM\..\Run: [ir] C:\WINDOWS\system32\ir.exe
O4 - HKLM\..\Run: [xogmkxlz] C:\WINDOWS\system32\xogmkxlz.exe
O4 - HKLM\..\Run: [xdrqigm] C:\WINDOWS\system32\xdrqigm.exe
O4 - HKLM\..\Run: [xgvlacksxsj] C:\WINDOWS\system32\xgvlacksxsj.exe
O4 - HKLM\..\Run: [pfel] C:\WINDOWS\system32\pfel.exe
O4 - HKLM\..\Run: [gemvctqwu] C:\WINDOWS\system32\gemvctqwu.exe
O4 - HKLM\..\Run: [lpasfnyfxem] C:\WINDOWS\system32\lpasfnyfxem.exe
O4 - HKLM\..\Run: [unl] C:\WINDOWS\system32\unl.exe
O4 - HKLM\..\Run: [aqxuyxmt] C:\WINDOWS\system32\aqxuyxmt.exe
O4 - HKLM\..\Run: [wrphxqe] C:\WINDOWS\system32\wrphxqe.exe
O4 - HKLM\..\Run: [fqdjt] C:\WINDOWS\system32\fqdjt.exe
O4 - HKLM\..\Run: [sftbggw] C:\WINDOWS\system32\sftbggw.exe
O4 - HKLM\..\RunServices: [wrphxqe] C:\WINDOWS\system32\wrphxqe.exe
O4 - HKLM\..\RunServices: [fqdjt] C:\WINDOWS\system32\fqdjt.exe
O4 - HKLM\..\RunServices: [sftbggw] C:\WINDOWS\system32\sftbggw.exe
O4 - HKCU\..\Run: [Microsoft Works Update Detection] c:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...arch.jhtml?p=ZJ
O8 - Extra context menu item: Open Client to Monitor &1 - C:\WINDOWS\web\AOpenClient.htm
O8 - Extra context menu item: Open Client to Monitor &2 - C:\WINDOWS\web\AOpenClient.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Owner\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .morningstarfarms[1]: C:\Program Files\Netscape\Netscape Browser\PLUGINS\npTrident.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://*.windowsupdate.com
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab34120.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab32846.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1408.g.akamai.net/7/1408/9955/2003...iTunesSetup.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://207.188.7.150/026dcdc5f6458f5bc515/netzip/RdxIE2.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab32846.cab
O16 - DPF: {75565ED2-1560-4F15-B841-20358DE6A0D1} (ImageControl Class) - http://content.ancestry.com/asfiles/files/...ll/MFImgVwr.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {95B5D20C-BD31-4489-8ABF-F8C8BE748463} (ZPA_HRTZ Object) - http://zone.msn.com/bingame/zpagames/zpa_hrtz.cab37625.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://zone.msn.com/binGame/ZAxRcMgr.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O16 - DPF: {CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0_01) -
O16 - DPF: {D9EA64B2-B966-E177-332C-78B69886526D} - http://download.newaol.com/bkpromo/downloa...formerSetup.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/binframework/v10/StProxy.cab35645.cab
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zone.msn.com/binary/WoF.cab31267.cab
O16 - DPF: {EDFCDAF5-95D9-40E9-BBE6-10C33190C3EF} (cGameControl Class) - http://zone.msn.com/bingame/rmcb/default/RumbleCube.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe (file missing)
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\System32\HPHipm11.exe
O23 - Service: Provides secure connections to internet and LAN computers. (Security Encryption Server) - Unknown owner - C:\WINDOWS\Debug\secsrv.exe
O23 - Service: STOPzilla Service (szserver) - iS3, Inc. - C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe

#4 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:09:23 PM

Posted 25 May 2007 - 11:28 PM

Please download the OTMoveIt by OldTimer:
http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe

Save it to your desktop.
Please double-click OTMoveIt.exe to run it.
Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

C:\WINDOWS\system32\qqlfhi.exe
C:\WINDOWS\system32\xogmkxlz.exe
C:\WINDOWS\system32\xdrqigm.exe
C:\WINDOWS\system32\xgvlacksxsj.exe
C:\WINDOWS\system32\pfel.exe
C:\WINDOWS\system32\gemvctqwu.exe
C:\WINDOWS\system32\lpasfnyfxem.exe
C:\WINDOWS\system32\unl.exe
C:\WINDOWS\system32\aqxuyxmt.exe
C:\WINDOWS\system32\wrphxqe.exe
C:\WINDOWS\system32\fqdjt.exe
C:\WINDOWS\system32\sftbggw.exe
C:\WINDOWS\system32\wrphxqe.exe
C:\WINDOWS\system32\fqdjt.exe
C:\WINDOWS\system32\sftbggw.exe
C:\WINDOWS\system32\ir.exe


Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.
Click the red Moveit! button.
Close OTMoveIt

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.
If you are asked to reboot the machine choose Yes.

*****************************

Download/install AVG Anti-Spyware 7.5.

Please follow these instructions very carefully.

Launch/start up AVG Anti-Spyware.
On the main page click the 'Update' tab,and then 'Start Update'.
Note:
If you have any problems running the update process prior to running the scan,download/install the 'Full Database' from here:
http://download.ewido.net/avgas-signatures-full-current.exe

Once the updates have been installed,do the following:
Select the 'Scanner' icon at the top of the screen, then select the 'Settings' tab.
Once in the 'Settings' screen,under 'How to act?',then under 'Set default action for detected malware to:', click on 'Recommended actions',then click on 'Quarantine'.
Under 'Reports' select 'Automatically generate report after every scan' and unselect 'Only if threats were found'.
Exit AVG Anti-Spyware,don't run the scan just yet.

You might want to print/copy the following as you need to be in Safe Mode from here on.

Reboot your computer into SAFE MODE using the F8 method.
To do this,restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly.
A menu will appear with several options.
Use the arrow keys on your keyboard to navigate and select the option to run Windows in "Safe Mode".

Have Hijack This fix the following [If still present], by placing a check in the appropriate boxes and selecting 'Fix checked'.
Make sure all browser and all Windows Explorer windows are closed before fixing:

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ms101.mysearch.com/sa/srchlft.html
O2 - BHO: (no name) - {5a39879e-fac6-42dd-b637-7da9ac352e42} - (no file)
O4 - HKLM\..\Run: [qqlfhi] C:\WINDOWS\system32\qqlfhi.exe
O4 - HKLM\..\Run: [ir] C:\WINDOWS\system32\ir.exe
O4 - HKLM\..\Run: [xogmkxlz] C:\WINDOWS\system32\xogmkxlz.exe
O4 - HKLM\..\Run: [xdrqigm] C:\WINDOWS\system32\xdrqigm.exe
O4 - HKLM\..\Run: [xgvlacksxsj] C:\WINDOWS\system32\xgvlacksxsj.exe
O4 - HKLM\..\Run: [pfel] C:\WINDOWS\system32\pfel.exe
O4 - HKLM\..\Run: [gemvctqwu] C:\WINDOWS\system32\gemvctqwu.exe
O4 - HKLM\..\Run: [lpasfnyfxem] C:\WINDOWS\system32\lpasfnyfxem.exe
O4 - HKLM\..\Run: [unl] C:\WINDOWS\system32\unl.exe
O4 - HKLM\..\Run: [aqxuyxmt] C:\WINDOWS\system32\aqxuyxmt.exe
O4 - HKLM\..\Run: [wrphxqe] C:\WINDOWS\system32\wrphxqe.exe
O4 - HKLM\..\Run: [fqdjt] C:\WINDOWS\system32\fqdjt.exe
O4 - HKLM\..\Run: [sftbggw] C:\WINDOWS\system32\sftbggw.exe
O4 - HKLM\..\RunServices: [wrphxqe] C:\WINDOWS\system32\wrphxqe.exe
O4 - HKLM\..\RunServices: [fqdjt] C:\WINDOWS\system32\fqdjt.exe
O4 - HKLM\..\RunServices: [sftbggw] C:\WINDOWS\system32\sftbggw.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...arch.jhtml?p=ZJ
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Owner\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1408.g.akamai.net/7/1408/9955/2003...iTunesSetup.exe


Exit Hijackthis.

Still in Safe Mode launch AVG Anti-Spyware.
Click the 'Scanner' icon at the top.
To start the scan click on 'Complete System Scan'.
Please be patient,it takes a while for the scan to finish.

Once the scan is complete,do the following.
If AVG Anti-Spyware detected any infected objects:,click on 'Apply All Actions'.

Next click on 'Save Report'.
Copy and paste that report into your next reply.
The report can be found under the 'Reports' tab at the top.
Close AVG Anti-Spyware when you've done.
Reboot normally.

******************************

Run 'BitDefender Online Scanner' using Internet Explorer:
http://www.bitdefender.com/scan8/ie.html
Read the 'END USER SOFTWARE LICENSE AGREEMENT' then click 'I agree'.
You'll be prompted to install the activex control,please do so.
Once installed,disable your current antivirus program,then click the 'Click here to scan' button.
The virus signatures will then load.
Once loaded the scan will start.
The scan will take quite some time so please be patient.
Once the scan has finished select the 'Detected Problems' tab.
Click on 'Click here to export scan'.
Save the file as an HTML file to your desktop.
Then click on the saved file and allow it to open with your browser.
Go to 'Edit'/'Select All' then copy and paste that log into your next reply.
*Note*
Don't forget to re-enable your antivirus program.

Post the AVG Anti Spyware report,the BitDefender Online Scanner log,and a new Hijackthis log into your next reply.
Posted Image
Posted Image

#5 kguilfoy

kguilfoy
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:03:23 PM

Posted 26 May 2007 - 01:16 PM

I did most of what was asked. The BitDefender online scanner did not work for me even though I told IE to download the Active X control. So I have the Hijackthis log and the AVG anti spyware report to post. Oh and McAfee finally found a virus and removed it.

AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 1:42:54 PM 5/26/2007

+ Scan result:



:mozilla.114:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\xxcphrzf\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.693:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\z4r1c0m2.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@247realmedia[1].txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.136:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\z4r1c0m2.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.137:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\z4r1c0m2.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.138:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\z4r1c0m2.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.139:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\z4r1c0m2.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.140:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\z4r1c0m2.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.141:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\z4r1c0m2.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.142:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\z4r1c0m2.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.143:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\z4r1c0m2.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.144:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\z4r1c0m2.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.145:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\z4r1c0m2.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.146:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\z4r1c0m2.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.147:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\z4r1c0m2.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.148:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\z4r1c0m2.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.149:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\z4r1c0m2.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.150:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\xxcphrzf\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.150:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\z4r1c0m2.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.151:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\z4r1c0m2.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.152:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\z4r1c0m2.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.153:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\z4r1c0m2.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.154:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\z4r1c0m2.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.155:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\z4r1c0m2.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.156:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\z4r1c0m2.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.157:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\z4r1c0m2.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.158:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\z4r1c0m2.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.159:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\z4r1c0m2.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.160:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\z4r1c0m2.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.161:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\z4r1c0m2.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.162:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\z4r1c0m2.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.163:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\z4r1c0m2.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.164:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\xxcphrzf\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.164:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\z4r1c0m2.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.165:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\z4r1c0m2.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.166:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\z4r1c0m2.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.167:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\z4r1c0m2.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.168:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\b9now2oo\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.168:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\z4r1c0m2.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.169:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\b9now2oo\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.169:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\z4r1c0m2.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.170:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\b9now2oo\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.170:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\z4r1c0m2.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.171:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\b9now2oo\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.171:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\z4r1c0m2.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.172:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\b9now2oo\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.172:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\z4r1c0m2.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.173:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\z4r1c0m2.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.174:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\z4r1c0m2.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.175:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\z4r1c0m2.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.176:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\z4r1c0m2.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.177:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\z4r1c0m2.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.178:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\z4r1c0m2.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.179:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\z4r1c0m2.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.180:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\z4r1c0m2.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.181:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\z4r1c0m2.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.182:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\z4r1c0m2.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.183:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\z4r1c0m2.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.184:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\z4r1c0m2.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.196:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\z4r1c0m2.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.28:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\6mafgcik\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.29:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\6mafgcik\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.34:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\xxcphrzf\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.355:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\z4r1c0m2.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.35:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\xxcphrzf\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.36:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\xxcphrzf\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.38:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\xxcphrzf\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.39:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\xxcphrzf\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.403:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\z4r1c0m2.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.40:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\xxcphrzf\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.458:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\z4r1c0m2.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.46:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\xxcphrzf\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.593:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\z4r1c0m2.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.606:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\z4r1c0m2.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.687:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\z4r1c0m2.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.707:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\z4r1c0m2.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.737:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\z4r1c0m2.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.750:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\z4r1c0m2.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.782:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\z4r1c0m2.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.803:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\z4r1c0m2.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.818:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\z4r1c0m2.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.874:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\z4r1c0m2.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.880:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\z4r1c0m2.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@incisivemedia.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@smartmoney.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.191:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\b9now2oo\cookies.txt -> TrackingCookie.Abcsearch : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@www.abcsearch[1].txt -> TrackingCookie.Abcsearch : Cleaned.
:mozilla.328:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\z4r1c0m2.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.329:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\z4r1c0m2.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.330:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\z4r1c0m2.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.57:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\b9now2oo\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.58:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\b9now2oo\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.59:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\b9now2oo\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@ads.adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.584:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\z4r1c0m2.default\cookies.txt -> TrackingCookie.Addynamix : Cleaned.
:mozilla.682:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\z4r1c0m2.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.683:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\z4r1c0m2.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.684:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\z4r1c0m2.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.25:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\6mafgcik\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.56:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\b9now2oo\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.76:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\z4r1c0m2.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.77:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\z4r1c0m2.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.78:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\z4r1c0m2.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.79:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\z4r1c0m2.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.80:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\z4r1c0m2.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.81:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\z4r1c0m2.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.82:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\z4r1c0m2.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.124:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\xxcphrzf\cookies.txt -> TrackingCookie.Adserver : Cleaned.
:mozilla.125:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\xxcphrzf\cookies.txt -> TrackingCookie.Adserver : Cleaned.
:mozilla.126:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\xxcphrzf\cookies.txt -> TrackingCookie.Adserver : Cleaned.
:mozilla.127:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\xxcphrzf\cookies.txt -> TrackingCookie.Adserver : Cleaned.
:mozilla.369:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\z4r1c0m2.default\cookies.txt -> TrackingCookie.Adserver : Cleaned.
:mozilla.370:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\z4r1c0m2.default\cookies.txt -> TrackingCookie.Adserver : Cleaned.
:mozilla.371:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\z4r1c0m2.default\cookies.txt -> TrackingCookie.Adserver : Cleaned.
:mozilla.372:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\z4r1c0m2.default\cookies.txt -> TrackingCookie.Adserver : Cleaned.
:mozilla.373:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\z4r1c0m2.default\cookies.txt -> TrackingCookie.Adserver : Cleaned.
:mozilla.23:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\6mafgcik\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.24:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\6mafgcik\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.25:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\xxcphrzf\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.26:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\6mafgcik\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.26:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\xxcphrzf\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.27:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\xxcphrzf\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.28:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\xxcphrzf\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.29:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\xxcphrzf\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.71:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\b9now2oo\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.72:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\b9now2oo\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.73:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\b9now2oo\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.74:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\b9now2oo\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.75:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\b9now2oo\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.88:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\z4r1c0m2.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.91:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\z4r1c0m2.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.92:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\z4r1c0m2.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.93:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\z4r1c0m2.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.95:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\z4r1c0m2.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@advertising[2].txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.39:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\b9now2oo\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.48:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\z4r1c0m2.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.61:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\xxcphrzf\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.8:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\6mafgcik\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.137:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\xxcphrzf\cookies.txt -> TrackingCookie.Bfast : Cleaned.
:mozilla.859:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\z4r1c0m2.default\cookies.txt -> TrackingCookie.Bfast : Cleaned.
:mozilla.125:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\z4r1c0m2.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned.
:mozilla.156:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\xxcphrzf\cookies.txt -> TrackingCookie.Bluestreak : Cleaned.
:mozilla.418:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\z4r1c0m2.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@www.burstbeacon[1].txt -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.464:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\z4r1c0m2.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.465:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\z4r1c0m2.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.466:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\z4r1c0m2.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.89:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\xxcphrzf\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.90:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\xxcphrzf\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.257:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\z4r1c0m2.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.93:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\xxcphrzf\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.575:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\z4r1c0m2.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned.
:mozilla.576:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\z4r1c0m2.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned.
:mozilla.462:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\z4r1c0m2.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.691:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\z4r1c0m2.default\cookies.txt -> TrackingCookie.Connextra : Cleaned.
:mozilla.692:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\z4r1c0m2.default\cookies.txt -> TrackingCookie.Connextra : Cleaned.
:mozilla.207:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\z4r1c0m2.default\cookies.txt -> TrackingCookie.Coremetrics : Cleaned.
:mozilla.65:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\z4r1c0m2.default\cookies.txt -> TrackingCookie.Coremetrics : Cleaned.
:mozilla.196:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\b9now2oo\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.198:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\b9now2oo\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.201:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\b9now2oo\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.202:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\b9now2oo\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.490:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\z4r1c0m2.default\cookies.txt -> TrackingCookie.Dealtime : Cleaned.
:mozilla.491:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\z4r1c0m2.default\cookies.txt -> TrackingCookie.Dealtime : Cleaned.
:mozilla.23:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\b9now2oo\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.31:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\6mafgcik\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.31:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\xxcphrzf\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.47:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\z4r1c0m2.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.203:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\b9now2oo\cookies.txt -> TrackingCookie.Enhance : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@enhance[1].txt -> TrackingCookie.Enhance : Cleaned.
:mozilla.571:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\z4r1c0m2.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.572:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\z4r1c0m2.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.573:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\z4r1c0m2.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.574:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\z4r1c0m2.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.718:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\z4r1c0m2.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.719:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\z4r1c0m2.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.367:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\z4r1c0m2.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.94:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\xxcphrzf\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.229:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\z4r1c0m2.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.111:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\b9now2oo\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.27:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\6mafgcik\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.66:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\xxcphrzf\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.66:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\z4r1c0m2.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.67:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\xxcphrzf\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.67:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\z4r1c0m2.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.200:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\b9now2oo\cookies.txt -> TrackingCookie.Findwhat : Cleaned.
:mozilla.68:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\z4r1c0m2.default\cookies.txt -> TrackingCookie.Fortunecity : Cleaned.
:mozilla.197:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\b9now2oo\cookies.txt -> TrackingCookie.Goclick : Cleaned.
:mozilla.199:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\b9now2oo\cookies.txt -> TrackingCookie.Goclick : Cleaned.
:mozilla.739:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\z4r1c0m2.default\cookies.txt -> TrackingCookie.Goclick : Cleaned.
:mozilla.740:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\z4r1c0m2.default\cookies.txt -> TrackingCookie.Goclick : Cleaned.
:mozilla.270:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\z4r1c0m2.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.271:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\z4r1c0m2.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.272:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\z4r1c0m2.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.273:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\z4r1c0m2.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.473:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\z4r1c0m2.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.647:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\z4r1c0m2.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.701:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\z4r1c0m2.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.747:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\z4r1c0m2.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.769:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\z4r1c0m2.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.784:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\z4r1c0m2.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.785:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\z4r1c0m2.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.830:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\z4r1c0m2.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.832:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\z4r1c0m2.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.421:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\z4r1c0m2.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.422:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\z4r1c0m2.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.522:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\z4r1c0m2.default\cookies.txt -> TrackingCookie.Information : Cleaned.
:mozilla.115:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\z4r1c0m2.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.116:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\z4r1c0m2.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.117:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\z4r1c0m2.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.263:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\z4r1c0m2.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.264:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\z4r1c0m2.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.398:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\z4r1c0m2.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.399:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\z4r1c0m2.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.400:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\z4r1c0m2.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.605:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\z4r1c0m2.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.607:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\z4r1c0m2.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.68:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\xxcphrzf\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.69:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\xxcphrzf\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.76:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\b9now2oo\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.96:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\z4r1c0m2.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.97:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\z4r1c0m2.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@mediaplex[2].txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.240:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\z4r1c0m2.default\cookies.txt -> TrackingCookie.Msn : Cleaned.
:mozilla.241:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\z4r1c0m2.default\cookies.txt -> TrackingCookie.Msn : Cleaned.
:mozilla.242:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\z4r1c0m2.default\cookies.txt -> TrackingCookie.Msn : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@search.msn[1].txt -> TrackingCookie.Msn : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@ssl-hints.netflame[1].txt -> TrackingCookie.Netflame : Cleaned.
:mozilla.176:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\b9now2oo\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.239:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\z4r1c0m2.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.88:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\xxcphrzf\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.89:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\z4r1c0m2.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.90:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\z4r1c0m2.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.94:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\z4r1c0m2.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@overture[1].txt -> TrackingCookie.Overture : Cleaned.
:mozilla.160:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\xxcphrzf\cookies.txt -> TrackingCookie.Paypal : Cleaned.
:mozilla.706:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\z4r1c0m2.default\cookies.txt -> TrackingCookie.Paypal : Cleaned.
:mozilla.79:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\b9now2oo\cookies.txt -> TrackingCookie.Paypal : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@www.paypal[1].txt -> TrackingCookie.Paypal : Cleaned.
:mozilla.121:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\b9now2oo\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.122:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\b9now2oo\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.123:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\b9now2oo\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.124:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\b9now2oo\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.125:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\b9now2oo\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.184:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\xxcphrzf\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.185:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\xxcphrzf\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.186:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\xxcphrzf\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.187:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\xxcphrzf\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.69:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\z4r1c0m2.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.71:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\z4r1c0m2.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.73:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\z4r1c0m2.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.74:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\z4r1c0m2.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.856:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\z4r1c0m2.default\cookies.txt -> TrackingCookie.Pro-market : Cleaned.
:mozilla.21:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\xxcphrzf\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.22:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\xxcphrzf\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.23:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\xxcphrzf\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.54:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\z4r1c0m2.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.55:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\z4r1c0m2.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.81:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\b9now2oo\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.82:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\b9now2oo\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.689:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\z4r1c0m2.default\cookies.txt -> TrackingCookie.Real : Cleaned.
:mozilla.50:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\z4r1c0m2.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.51:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\z4r1c0m2.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.52:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\z4r1c0m2.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.53:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\z4r1c0m2.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.59:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\xxcphrzf\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.60:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\xxcphrzf\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.864:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\z4r1c0m2.default\cookies.txt -> TrackingCookie.Realtracker : Cleaned.
:mozilla.520:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\z4r1c0m2.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.521:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\z4r1c0m2.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.116:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\xxcphrzf\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.117:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\xxcphrzf\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.140:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\b9now2oo\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.17:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\b9now2oo\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.18:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\b9now2oo\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.190:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\z4r1c0m2.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.191:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\z4r1c0m2.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.192:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\z4r1c0m2.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.193:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\z4r1c0m2.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.194:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\z4r1c0m2.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.19:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\b9now2oo\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.20:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\b9now2oo\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.21:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\b9now2oo\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.22:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\b9now2oo\cookies.txt -> TrackingCookie.Revsci : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@revsci[2].txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.119:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\xxcphrzf\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.255:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\z4r1c0m2.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.256:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\z4r1c0m2.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.206:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\b9now2oo\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.207:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\b9now2oo\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.208:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\b9now2oo\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.209:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\b9now2oo\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.210:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\b9now2oo\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.211:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\b9now2oo\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.233:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\z4r1c0m2.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.234:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\z4r1c0m2.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.235:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\z4r1c0m2.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.236:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\z4r1c0m2.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.237:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\z4r1c0m2.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.238:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\z4r1c0m2.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@bs.serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.70:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\z4r1c0m2.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.72:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\z4r1c0m2.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.75:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\z4r1c0m2.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.180:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\xxcphrzf\cookies.txt -> TrackingCookie.Starware : Cleaned.
:mozilla.181:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\xxcphrzf\cookies.txt -> TrackingCookie.Starware : Cleaned.
:mozilla.182:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\xxcphrzf\cookies.txt -> TrackingCookie.Starware : Cleaned.
:mozilla.711:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\z4r1c0m2.default\cookies.txt -> TrackingCookie.Starware : Cleaned.
:mozilla.135:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\b9now2oo\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.138:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\b9now2oo\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.139:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\b9now2oo\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.337:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\z4r1c0m2.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.339:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\z4r1c0m2.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.340:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\z4r1c0m2.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.341:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\z4r1c0m2.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.342:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\z4r1c0m2.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.343:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\z4r1c0m2.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.344:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\z4r1c0m2.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.345:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\z4r1c0m2.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.346:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\z4r1c0m2.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.117:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\b9now2oo\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.118:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\b9now2oo\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.120:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\b9now2oo\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.185:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\z4r1c0m2.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.186:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\z4r1c0m2.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.80:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\xxcphrzf\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.81:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\xxcphrzf\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.178:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\xxcphrzf\cookies.txt -> TrackingCookie.Targetnet : Cleaned.
:mozilla.179:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\xxcphrzf\cookies.txt -> TrackingCookie.Targetnet : Cleaned.
:mozilla.128:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\xxcphrzf\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.129:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\xxcphrzf\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.185:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\b9now2oo\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.186:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\b9now2oo\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.187:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\b9now2oo\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.188:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\b9now2oo\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.189:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\b9now2oo\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.190:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\b9now2oo\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.252:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\z4r1c0m2.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.253:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\z4r1c0m2.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.254:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\z4r1c0m2.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.223:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\b9now2oo\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.62:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\z4r1c0m2.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.64:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\xxcphrzf\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.728:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\z4r1c0m2.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned.
:mozilla.861:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\z4r1c0m2.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@m.webtrends[2].txt -> TrackingCookie.Webtrends : Cleaned.
:mozilla.115:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\b9now2oo\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.274:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\z4r1c0m2.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.790:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\z4r1c0m2.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@statse.webtrendslive[1].txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.153:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\xxcphrzf\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.154:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\xxcphrzf\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.155:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\xxcphrzf\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.26:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\b9now2oo\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.27:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\b9now2oo\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.28:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\b9now2oo\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.57:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\z4r1c0m2.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.58:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\z4r1c0m2.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.59:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\z4r1c0m2.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.100:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\b9now2oo\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.101:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\b9now2oo\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.102:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\b9now2oo\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.103:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\b9now2oo\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.258:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\z4r1c0m2.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.259:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\z4r1c0m2.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.70:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\xxcphrzf\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.71:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\xxcphrzf\cookies.txt -> TrackingCookie.Zedo : Cleaned.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\M7U6JBYW\three[1].exe -> Trojan.Agent.ame : Cleaned with backup (quarantined).


::Report end




Logfile of HijackThis v1.99.1
Scan saved at 2:08:48 PM, on 5/26/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\Debug\secsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\System32\hphmon04.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Windows\system32\HpSrvUI.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us4.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us4.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.iwon.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: ZILLAbar BHO - {1827766B-9F49-4854-8034-F6EE26FCB1EC} - C:\Program Files\STOPzilla!\ZB2.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: STOPzilla - {98828DED-A591-462F-83BA-D2F62A68B8B8} - C:\Program Files\STOPzilla!\ZB2.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\System32\hphmon04.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [checktime] c:\program files\HPSelect\Frontend\ct.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [PreloadApp] c:\hp\drivers\printers\photosmart\hphprld.exe c:\hp\drivers\printers\photosmart\setup.exe -d
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [hp Silent Service] C:\Windows\system32\HpSrvUI.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Microsoft Works Update Detection] c:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Open Client to Monitor &1 - C:\WINDOWS\web\AOpenClient.htm
O8 - Extra context menu item: Open Client to Monitor &2 - C:\WINDOWS\web\AOpenClient.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .morningstarfarms[1]: C:\Program Files\Netscape\Netscape Browser\PLUGINS\npTrident.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://*.windowsupdate.com
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab34120.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab32846.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://207.188.7.150/026dcdc5f6458f5bc515/netzip/RdxIE2.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab32846.cab
O16 - DPF: {75565ED2-1560-4F15-B841-20358DE6A0D1} (ImageControl Class) - http://content.ancestry.com/asfiles/files/...ll/MFImgVwr.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {95B5D20C-BD31-4489-8ABF-F8C8BE748463} (ZPA_HRTZ Object) - http://zone.msn.com/bingame/zpagames/zpa_hrtz.cab37625.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://zone.msn.com/binGame/ZAxRcMgr.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O16 - DPF: {CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0_01) -
O16 - DPF: {D9EA64B2-B966-E177-332C-78B69886526D} - http://download.newaol.com/bkpromo/downloa...formerSetup.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/binframework/v10/StProxy.cab35645.cab
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zone.msn.com/binary/WoF.cab31267.cab
O16 - DPF: {EDFCDAF5-95D9-40E9-BBE6-10C33190C3EF} (cGameControl Class) - http://zone.msn.com/bingame/rmcb/default/RumbleCube.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\System32\HPHipm11.exe
O23 - Service: Provides secure connections to internet and LAN computers. (Security Encryption Server) - Unknown owner - C:\WINDOWS\Debug\secsrv.exe
O23 - Service: STOPzilla Service (szserver) - iS3, Inc. - C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe

#6 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:09:23 PM

Posted 26 May 2007 - 02:32 PM

Download DrWeb-CureIt & save it to your desktop. DO NOT perform a scan yet.

You should copy/print the following because you need to be in Safe Mode from here on.

Reboot your computer into SAFE MODE" using the F8 method.
To do this,restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly.
A menu will appear with several options.
Use the arrow keys on your keyboard to navigate and select the option to run Windows in "Safe Mode".

Scan with DrWeb-CureIt as follows:
* Double-click on drweb-cureit.exe to start the program. An "Express Scan of your PC" notice will appear.
* Under "Start the Express Scan Now", Click "OK" to start. This is a short scan that will scan the files currently running in memory and when something is found, click the Yes button when it asks you if you want to cure it.
* Once the short scan has finished, Click Options > Change settings
* Choose the "Scan tab" and UNcheck "Heuristic analysis"
* Back at the main window, click "Select drives" (a red dot will show which drives have been chosen)
* Then click the "Start/Stop Scanning" button (green arrow on the right) and the scan will start.
* When done, a message will be displayed at the bottom advising if any viruses were found.
* Click "Yes to all" if it asks if you want to cure/move the file.
* When the scan has finished, look if you can see the icon next to the files found. If so, click it, then click the next icon right below and select "Move incurable".
(This will move it to the C:\Documents and Settings\userprofile\DoctorWeb\Quarantine folder if it can't be cured)
* Next, in the Dr.Web CureIt menu on top, click file and choose save report list.
* Save the DrWeb.csv report to your desktop.
* Exit Dr.Web Cureit when done.
* Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
* After reboot, post the contents of the log from Dr.Web in your next reply. (You can use Notepad to open the DrWeb.cvs report)

Also post a new Hijackthis log please.
Let me know how your pc is running now please.

Posted Image
Posted Image

#7 kguilfoy

kguilfoy
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:03:23 PM

Posted 27 May 2007 - 09:04 AM

The Dr Web messed up my mcafee, but I got the files back into the folders they belong. Computer seems to be good now. Not noticing any problems, but it amazes me that every time I run another scan, more files are found. Hopefully, we have taken care of everything. Here are my logs:

Dr.Web csv file:
mps.exe;c:\program files\mcafee\mps;Probably BACKDOOR.Trojan;Incurable.Moved.;
mcupdmgr.exe;c:\program files\mcafee\msc;Probably DLOADER.Trojan;Incurable.Moved.;
license[1].rt;C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\CZRLM30P;Trojan.Spambot;Deleted.;
en_ca-IE.reg;C:\hp\REGION;Trojan.StartPage.1505;Deleted.;
WxBug.EXE;C:\Program Files\AIM95\Sysfiles;Adware.Aws;Incurable.Moved.;
rebootnt.exe;C:\Program Files\HPSelect\frontend\thirdparty\qt5;Tool.Reboot;Incurable.Moved.;
Process.exe;C:\SDFix\apps;Tool.Prockill;Incurable.Moved.;
uinst_cp.exe;C:\WINDOWS\SYSTEM32;Adware.CasProg;Incurable.Moved.;



Logfile of HijackThis v1.99.1
Scan saved at 9:53:17 AM, on 5/27/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\STOPzilla!\STOPzilla.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\Debug\secsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\System32\hphmon04.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Windows\system32\HpSrvUI.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us4.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us4.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.iwon.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: ZILLAbar BHO - {1827766B-9F49-4854-8034-F6EE26FCB1EC} - C:\Program Files\STOPzilla!\ZB2.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: STOPzilla - {98828DED-A591-462F-83BA-D2F62A68B8B8} - C:\Program Files\STOPzilla!\ZB2.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\System32\hphmon04.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [checktime] c:\program files\HPSelect\Frontend\ct.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [PreloadApp] c:\hp\drivers\printers\photosmart\hphprld.exe c:\hp\drivers\printers\photosmart\setup.exe -d
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [hp Silent Service] C:\Windows\system32\HpSrvUI.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Microsoft Works Update Detection] c:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Open Client to Monitor &1 - C:\WINDOWS\web\AOpenClient.htm
O8 - Extra context menu item: Open Client to Monitor &2 - C:\WINDOWS\web\AOpenClient.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .morningstarfarms[1]: C:\Program Files\Netscape\Netscape Browser\PLUGINS\npTrident.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://*.windowsupdate.com
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab34120.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab32846.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://207.188.7.150/026dcdc5f6458f5bc515/netzip/RdxIE2.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab32846.cab
O16 - DPF: {75565ED2-1560-4F15-B841-20358DE6A0D1} (ImageControl Class) - http://content.ancestry.com/asfiles/files/...ll/MFImgVwr.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {95B5D20C-BD31-4489-8ABF-F8C8BE748463} (ZPA_HRTZ Object) - http://zone.msn.com/bingame/zpagames/zpa_hrtz.cab37625.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://zone.msn.com/binGame/ZAxRcMgr.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O16 - DPF: {CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0_01) -
O16 - DPF: {D9EA64B2-B966-E177-332C-78B69886526D} - http://download.newaol.com/bkpromo/downloa...formerSetup.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/binframework/v10/StProxy.cab35645.cab
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zone.msn.com/binary/WoF.cab31267.cab
O16 - DPF: {EDFCDAF5-95D9-40E9-BBE6-10C33190C3EF} (cGameControl Class) - http://zone.msn.com/bingame/rmcb/default/RumbleCube.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\System32\HPHipm11.exe
O23 - Service: Provides secure connections to internet and LAN computers. (Security Encryption Server) - Unknown owner - C:\WINDOWS\Debug\secsrv.exe
O23 - Service: STOPzilla Service (szserver) - iS3, Inc. - C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe

#8 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:09:23 PM

Posted 27 May 2007 - 09:20 AM

Your log is clean :thumbsup:
If all's ok,please do the following:

Find and delete:
SDFix.exe
OTMoveIt by OldTimer

c:\SDFix
c:\OTMoveIt

Click on Start/All Programs/Accessories/System Tools/System Restore.
In the 'System Restore' window,click on the 'Create a Restore Point' button,then click 'Next'.
In the window that appears,enter a description\name for the Restore Point,then click on 'Create',wait,then click 'Close'.
The date and time will be created automatically.

Next click on Start/All Programs/Accessories/System Tools/Disk Cleanup.
The 'Select Drive' box will appear,click on Ok.
The 'Disk Cleanup for [C:]' box will appear,click on the 'More Options' tab.
At the bottom in the 'System Restore' window,click on the 'Clean up...' button.
A box will pop up 'Are you sure you want to delete all but the most recent restore point?',click on 'Yes'.
Click on 'Yes' at 'Are you sure you want to perform these actions?'.
Now wait until 'Disk Cleanup' finishes and the box disappears.

Read through the information found here,to help you prevent any possible future infections.
'How to prevent Malware' by miekiemoes:
http://users.telenet.be/bluepatchy/miekiem...prevention.html

Please Note:
Your version of Sun Java is out of date.
Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older versions of Sun Java,and then update.
1. Download the latest version of Java Runtime Environment (JRE)
2. Scroll down to where it says 'Java Runtime Environment (JRE) 6u1'.
3. Click the "Download" button to the right.
4. Check the box that says: "Accept License Agreement".
5. The page will refresh.
6. Click on the link to download 'Windows Offline Installation, Multi-language' and save to your desktop.
7. Close any programs you may have running - especially your web browser.
8. Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
9. Check any item with Java Runtime Environment (JRE or J2SE) in the name.
10. Click the Change/Remove button.
11. Repeat as many times as necessary to remove each Java versions.
12. Reboot your computer once all Java components are removed.
13. Then from your desktop double-click on jre-6u1-windows-i586-p.exe to install the newest version.
Posted Image
Posted Image

#9 kguilfoy

kguilfoy
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:03:23 PM

Posted 27 May 2007 - 01:52 PM

:thumbsup: Thanks so much Richie. You have been very helpful. So glad that I could finally get this computer cleaned up. I will follow your advice and download the latest Java Runtime environment.

#10 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:09:23 PM

Posted 27 May 2007 - 02:31 PM

*Topic reopened at the request of kguilfoy*.

Edited by RichieUK, 03 June 2007 - 06:53 PM.

Posted Image
Posted Image

#11 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:09:23 PM

Posted 03 June 2007 - 06:54 PM

What exactly is the problem,post a new Hijackthis log into your next reply.
Posted Image
Posted Image

#12 kguilfoy

kguilfoy
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:03:23 PM

Posted 04 June 2007 - 06:12 PM

The problem is that every time the computer is restarted or comes out of sleep mode a new exe is created in the C:\WINDOWS\SYSTEM32 folder. McAfee pops up a message about the executables trying to access the internet, but does nothing to remove the problem. As you can see from the HJT log there are about 4 or 5 of them there now.



Logfile of HijackThis v1.99.1
Scan saved at 7:08:00 PM, on 6/4/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\Debug\secsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\zgbp.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\System32\hphmon04.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Windows\system32\HpSrvUI.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us4.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us4.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.iwon.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: ZILLAbar BHO - {1827766B-9F49-4854-8034-F6EE26FCB1EC} - C:\Program Files\STOPzilla!\ZB2.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: STOPzilla - {98828DED-A591-462F-83BA-D2F62A68B8B8} - C:\Program Files\STOPzilla!\ZB2.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\System32\hphmon04.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [checktime] c:\program files\HPSelect\Frontend\ct.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [PreloadApp] c:\hp\drivers\printers\photosmart\hphprld.exe c:\hp\drivers\printers\photosmart\setup.exe -d
O4 - HKLM\..\Run: [hp Silent Service] C:\Windows\system32\HpSrvUI.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [l] C:\WINDOWS\system32\l.exe
O4 - HKLM\..\Run: [ypltouxtkqun] C:\WINDOWS\system32\ypltouxtkqun.exe
O4 - HKLM\..\Run: [qvuvo] C:\WINDOWS\system32\qvuvo.exe
O4 - HKLM\..\Run: [zaeg] C:\WINDOWS\system32\zaeg.exe
O4 - HKLM\..\RunServices: [l] C:\WINDOWS\system32\l.exe
O4 - HKLM\..\RunServices: [ypltouxtkqun] C:\WINDOWS\system32\ypltouxtkqun.exe
O4 - HKLM\..\RunServices: [qvuvo] C:\WINDOWS\system32\qvuvo.exe
O4 - HKLM\..\RunServices: [zaeg] C:\WINDOWS\system32\zaeg.exe
O4 - HKCU\..\Run: [Microsoft Works Update Detection] c:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Open Client to Monitor &1 - C:\WINDOWS\web\AOpenClient.htm
O8 - Extra context menu item: Open Client to Monitor &2 - C:\WINDOWS\web\AOpenClient.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .morningstarfarms[1]: C:\Program Files\Netscape\Netscape Browser\PLUGINS\npTrident.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://*.windowsupdate.com
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab34120.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab32846.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://207.188.7.150/026dcdc5f6458f5bc515/netzip/RdxIE2.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab32846.cab
O16 - DPF: {75565ED2-1560-4F15-B841-20358DE6A0D1} (ImageControl Class) - http://content.ancestry.com/asfiles/files/...ll/MFImgVwr.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {95B5D20C-BD31-4489-8ABF-F8C8BE748463} (ZPA_HRTZ Object) - http://zone.msn.com/bingame/zpagames/zpa_hrtz.cab37625.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://zone.msn.com/binGame/ZAxRcMgr.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O16 - DPF: {CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0_01) -
O16 - DPF: {D9EA64B2-B966-E177-332C-78B69886526D} - http://download.newaol.com/bkpromo/downloa...formerSetup.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/binframework/v10/StProxy.cab35645.cab
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zone.msn.com/binary/WoF.cab31267.cab
O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} (Domino Web Access 7 Control) - http://proxy17.usi.biz/dwa7W.cab
O16 - DPF: {EDFCDAF5-95D9-40E9-BBE6-10C33190C3EF} (cGameControl Class) - http://zone.msn.com/bingame/rmcb/default/RumbleCube.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\System32\HPHipm11.exe
O23 - Service: Provides secure connections to internet and LAN computers. (Security Encryption Server) - Unknown owner - C:\WINDOWS\Debug\secsrv.exe
O23 - Service: STOPzilla Service (szserver) - iS3, Inc. - C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
O23 - Service: Print Spooler Service (y3rjped3) - Unknown owner - C:\WINDOWS\system32\zaeg.exe

#13 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:09:23 PM

Posted 05 June 2007 - 06:40 AM

Download SDFix.exe and save it to your desktop:
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe

* Double click on SDFix on your desktop,and install the fix to C:\

Please then reboot your computer into Safe Mode by doing the following:

* Restart your computer
* After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
* Instead of Windows loading as normal, a menu with options should appear;
* Select the first option, to run Windows in Safe Mode, then press "Enter".
* Choose your usual account.

* In Safe Mode,go to and open the C:\SDFix folder,then double click on RunThis.bat to start the script.
* Type Y to begin the script.
* It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
* Press any Key and it will restart the PC.
* Your system will take longer that normal to restart as the fixtool will be running and removing files.
* When the desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons.
* Finally open the SDFix folder on your desktop and copy and paste the contents of the results file Report.txt into your next reply.
* Also post a new Hijackthis log please.

Posted Image
Posted Image

#14 kguilfoy

kguilfoy
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:03:23 PM

Posted 05 June 2007 - 05:36 PM

SDFix: Version 1.85

Run by Owner - Tue 06/05/2007 - 8:16:18.21

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:

Name:
y3rjped3

ImagePath:
C:\WINDOWS\system32\zaeg.exe /service

y3rjped3 - Deleted



Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...

Service y3rjped3 - Deleted after Reboot

Normal Mode:
Checking Files:

No Trojan Files Found




Removing Temp Files...

ADS Check:

Checking if ADS is attached to system32 Folder
C:\WINDOWS\system32
No streams found.

Checking if ADS is attached to svchost.exe
C:\WINDOWS\system32\svchost.exe
No streams found.



Final Check:

Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\hp center\\137903\\Program\\BackWeb-137903.exe"="C:\\Program Files\\hp center\\137903\\Program\\BackWeb-137903.exe:*:Disabled:BackWeb-137903"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 7.0"
"C:\\Program Files\\AIM6\\aim6.exe"="C:\\Program Files\\AIM6\\aim6.exe:*:Enabled:AIM"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Netscape\\Netscape Browser\\netscape.exe"="C:\\Program Files\\Netscape\\Netscape Browser\\netscape.exe:*:Enabled:Netscape"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"="C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe:*:Enabled:McAfee Network Agent"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 7.0"

Remaining Files:
---------------


Checking For Files with Hidden Attributes:

C:\Documents and Settings\Owner\NetHood\filetransfer on www.bestenroll.com\Desktop.ini
C:\Documents and Settings\Owner\NetHood\upload.comcast.net\Desktop.ini
C:\Documents and Settings\Owner\NetHood\zg.bfgservers.com\Desktop.ini
C:\Program Files\Common Files\Adobe\ESD\DLMCleanup.exe
C:\WINDOWS\Debug\secsrv.exe
C:\3vzjawja.sys
C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp
C:\Documents and Settings\Owner\Application Data\Microsoft\Office\Shortcut Bar\Off5F6.tmp
C:\Documents and Settings\Owner\Application Data\Microsoft\Word\~WRL0042.tmp
C:\Documents and Settings\Owner\My Documents\Cindy's Files\~WRL0549.tmp
C:\Documents and Settings\Owner\My Documents\Cindy's Files\~WRL1188.tmp
C:\Documents and Settings\Owner\My Documents\Cindy's Files\~WRL1266.tmp
C:\Documents and Settings\Owner\My Documents\Cindy's Files\~WRL2633.tmp
C:\Documents and Settings\Owner\My Documents\Cindy's Files\~WRL3474.tmp
C:\Documents and Settings\Owner\My Documents\Cindy's Files\PaintJOBS\~WRL0003.tmp
C:\Documents and Settings\Owner\My Documents\Cindy's Files\PaintJOBS\~WRL0005.tmp
C:\Documents and Settings\Owner\My Documents\Cindy's Files\PaintJOBS\~WRL0474.tmp
C:\Documents and Settings\Owner\My Documents\Cindy's Files\PaintJOBS\~WRL0992.tmp
C:\Documents and Settings\Owner\My Documents\Cindy's Files\PaintJOBS\~WRL2570.tmp
C:\Documents and Settings\Owner\My Documents\Cindy's Files\PaintJOBS\~WRL3062.tmp
C:\Documents and Settings\Owner\My Documents\Cindy's Files\PaintJOBS\~WRL3466.tmp
C:\~QTWTMP.TMP\QTINSTAL.GID

Finished


Logfile of HijackThis v1.99.1
Scan saved at 6:33:09 PM, on 6/5/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\Debug\secsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\gjvcomhhkyw.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\WINDOWS\System32\notepad.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\System32\hphmon04.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Windows\system32\HpSrvUI.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us4.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us4.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.iwon.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: ZILLAbar BHO - {1827766B-9F49-4854-8034-F6EE26FCB1EC} - C:\Program Files\STOPzilla!\ZB2.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: STOPzilla - {98828DED-A591-462F-83BA-D2F62A68B8B8} - C:\Program Files\STOPzilla!\ZB2.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\System32\hphmon04.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [checktime] c:\program files\HPSelect\Frontend\ct.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [PreloadApp] c:\hp\drivers\printers\photosmart\hphprld.exe c:\hp\drivers\printers\photosmart\setup.exe -d
O4 - HKLM\..\Run: [hp Silent Service] C:\Windows\system32\HpSrvUI.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [l] C:\WINDOWS\system32\l.exe
O4 - HKLM\..\Run: [ypltouxtkqun] C:\WINDOWS\system32\ypltouxtkqun.exe
O4 - HKLM\..\Run: [qvuvo] C:\WINDOWS\system32\qvuvo.exe
O4 - HKLM\..\Run: [zaeg] C:\WINDOWS\system32\zaeg.exe
O4 - HKLM\..\Run: [gjvcomhhkyw] C:\WINDOWS\system32\gjvcomhhkyw.exe
O4 - HKLM\..\RunServices: [l] C:\WINDOWS\system32\l.exe
O4 - HKLM\..\RunServices: [ypltouxtkqun] C:\WINDOWS\system32\ypltouxtkqun.exe
O4 - HKLM\..\RunServices: [qvuvo] C:\WINDOWS\system32\qvuvo.exe
O4 - HKLM\..\RunServices: [zaeg] C:\WINDOWS\system32\zaeg.exe
O4 - HKLM\..\RunServices: [gjvcomhhkyw] C:\WINDOWS\system32\gjvcomhhkyw.exe
O4 - HKCU\..\Run: [Microsoft Works Update Detection] c:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Open Client to Monitor &1 - C:\WINDOWS\web\AOpenClient.htm
O8 - Extra context menu item: Open Client to Monitor &2 - C:\WINDOWS\web\AOpenClient.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .morningstarfarms[1]: C:\Program Files\Netscape\Netscape Browser\PLUGINS\npTrident.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://*.windowsupdate.com
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab34120.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab32846.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://207.188.7.150/026dcdc5f6458f5bc515/netzip/RdxIE2.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab32846.cab
O16 - DPF: {75565ED2-1560-4F15-B841-20358DE6A0D1} (ImageControl Class) - http://content.ancestry.com/asfiles/files/...ll/MFImgVwr.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {95B5D20C-BD31-4489-8ABF-F8C8BE748463} (ZPA_HRTZ Object) - http://zone.msn.com/bingame/zpagames/zpa_hrtz.cab37625.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://zone.msn.com/binGame/ZAxRcMgr.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O16 - DPF: {CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0_01) -
O16 - DPF: {D9EA64B2-B966-E177-332C-78B69886526D} - http://download.newaol.com/bkpromo/downloa...formerSetup.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/binframework/v10/StProxy.cab35645.cab
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zone.msn.com/binary/WoF.cab31267.cab
O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} (Domino Web Access 7 Control) - http://proxy17.usi.biz/dwa7W.cab
O16 - DPF: {EDFCDAF5-95D9-40E9-BBE6-10C33190C3EF} (cGameControl Class) - http://zone.msn.com/bingame/rmcb/default/RumbleCube.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\System32\HPHipm11.exe
O23 - Service: Provides secure connections to internet and LAN computers. (Security Encryption Server) - Unknown owner - C:\WINDOWS\Debug\secsrv.exe
O23 - Service: STOPzilla Service (szserver) - iS3, Inc. - C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
O23 - Service: Print Spooler Service (y3rjped3) - Unknown owner - C:\WINDOWS\system32\lowoud.exe

#15 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:09:23 PM

Posted 05 June 2007 - 06:03 PM

Click on Start>Run and type Services.msc then hit Ok.
Scroll down and find the service called:
Print Spooler Service (y3rjped3)
When you find it, double-click on it.
In the next window that opens, click the 'Stop' button.
Then change the 'Startup Type:' to 'Disabled'.
Now press Apply and then Ok and close any open windows.

********************

Download Avenger from the link below:
http://swandog46.geekstogo.com/avenger.zip
Unzip/extract it to your desktop.

Start up Avenger.
Check the 'Input script manually' option.
Click the Magnifying Glass icon.
In the box that opens,copy and paste ALL the following bold blue text in the Quote box below:

Files to delete:
C:\3vzjawja.sys
C:\WINDOWS\system32\l.exe
C:\WINDOWS\system32\gjvcomhhkyw.exe
C:\WINDOWS\system32\ypltouxtkqun.exe
C:\WINDOWS\system32\qvuvo.exe
C:\WINDOWS\system32\zaeg.exe
C:\WINDOWS\system32\lowoud.exe

Then click on 'Done'.
Click the Traffic Light icon to start the program.
Then press OK at the prompts to reboot your PC.

Post the Avenger output.txt, which you can find at C:\Avenger\.txt into your next reply.

********************

Have Hijack This fix the following by placing a check in the appropriate boxes and selecting 'Fix checked'.
Make sure all browser and all Windows Explorer windows are closed before fixing:
O4 - HKLM\..\Run: [l] C:\WINDOWS\system32\l.exe
O4 - HKLM\..\Run: [ypltouxtkqun] C:\WINDOWS\system32\ypltouxtkqun.exe
O4 - HKLM\..\Run: [qvuvo] C:\WINDOWS\system32\qvuvo.exe
O4 - HKLM\..\Run: [zaeg] C:\WINDOWS\system32\zaeg.exe
O4 - HKLM\..\Run: [gjvcomhhkyw] C:\WINDOWS\system32\gjvcomhhkyw.exe
O4 - HKLM\..\RunServices: [l] C:\WINDOWS\system32\l.exe
O4 - HKLM\..\RunServices: [ypltouxtkqun] C:\WINDOWS\system32\ypltouxtkqun.exe
O4 - HKLM\..\RunServices: [qvuvo] C:\WINDOWS\system32\qvuvo.exe
O4 - HKLM\..\RunServices: [zaeg] C:\WINDOWS\system32\zaeg.exe
O4 - HKLM\..\RunServices: [gjvcomhhkyw] C:\WINDOWS\system32\gjvcomhhkyw.exe
O23 - Service: Print Spooler Service (y3rjped3) - Unknown owner - C:\WINDOWS\system32\lowoud.exe

Exit Hijackthis.

********************

Run 'BitDefender Online Scanner' using Internet Explorer:
http://www.bitdefender.com/scan8/ie.html
Read the 'END USER SOFTWARE LICENSE AGREEMENT' then click 'I agree'.
You'll be prompted to install the activex control,please do so.
Once installed,disable your current antivirus program,then click the 'Click here to scan' button.
The virus signatures will then load.
Once loaded the scan will start.
The scan will take quite some time so please be patient.
Once the scan has finished select the 'Detected Problems' tab.
Click on 'Click here to export scan'.
Save the file as an HTML file to your desktop.
Then click on the saved file and allow it to open with your browser.
Go to 'Edit'/'Select All' then copy and paste that log into your next reply.
*Note*
Don't forget to re-enable your antivirus program.

Restart your pc.
Post the BitDefender Online Scanner log,and a new Hijackthis log into your next reply.

Posted Image
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users