View Full Version : HijackThis log
Betsy89
08-04-2007, 07:47 PM
My pc at home is having a load of problems. I have Sierra Online and OuterInfo on it and no matter how many programs I run I can't seem to get any of these programs removed. I realized that I still had hijackthis on my computer so I decided to post it. Any suggestions?
Logfile of HijackThis v1.99.1
Scan saved at 6:44:14 PM, on 8/4/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Efficient Networks\Tango Manager\app\TangoService.exe
C:\PROGRA~1\EFFICI~1\TANGOM~1\app\TangoManager.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
C:\Program Files\Outerinfo\OuterinfoUpdate.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Kids Cam Sticker Factory\Photags.exe
C:\Program Files\Kids Cam Sticker Factory\Photags.exe
C:\Program Files\Kids Cam Sticker Factory\Photags.exe
C:\Program Files\Kids Cam Sticker Factory\Photags.exe
C:\Program Files\Kids Cam Sticker Factory\Photags.exe
C:\Program Files\Kids Cam Sticker Factory\Photags.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Prestwood Family\Start Menu\Programs\HijackThis\HijackThis.exe
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar7.dll
O3 - Toolbar: Mirar - {9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\System32\WinNB58.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [TangoManager] C:\PROGRA~1\EFFICI~1\TANGOM~1\app\TANGOM~1.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SystemOptimizer] rundll32.exe "C:\WINDOWS\System32\xtqtfuvq.dll",forkonce
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
O4 - HKCU\..\Run: [Aida] "C:\Program Files\Outerinfo\OuterinfoUpdate.exe" -vt yazb
O4 - HKCU\..\Run: [Dwvpd] C:\WINDOWS\SYSTEM32\?ymantec\wucrtupd.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [Qikhyaqt] "C:\Documents and Settings\Prestwood Family\Application Data\??mantec\javaw.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - [url]http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab[/url]
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - [url]http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab[/url]
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - [url]http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab[/url]
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - [url]http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab[/url]
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - [url]http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab32846.cab[/url]
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - [url]http://upload.facebook.com/controls/FacebookPhotoUploader.cab[/url]
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - [url]http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab[/url]
O16 - DPF: {9A54032D-31F7-400D-B184-83B33BDE65FA} (MSN File Upload Control) - [url]http://sc.groups.msn.com/controls/FileUC/MsnUpld.cab[/url]
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - [url]http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab[/url]
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - [url]http://bmm.imgag.com/imgag/cp/install/crusher-us.cab[/url]
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - [url]http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab[/url]
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - [url]http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab[/url]
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - [url]http://zone.msn.com/binframework/v10/StProxy.cab41227.cab[/url]
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - [url]http://by22fd.bay22.hotmail.msn.com/activex/HMAtchmt.ocx[/url]
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - [url]http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab[/url]
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\System32\qwerty12.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Tango Service (TangoService) - Unknown owner - C:\Program Files\Efficient Networks\Tango Manager\app\TangoService.exe
Budfred
08-04-2007, 08:15 PM
You apparently never finished cleaning up from the last time you were infected and are not adequately protected... If I am going to help you beyond this post, I need some assurance that you will take this to the end and set up protection to avoid getting infected again...
Meanwhile please do this:
1. Combofix:
1. Download this file - combofix.exe (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
2. Double click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall...
If that link doesn't work, use this one:
http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe
Then run this scan:
Download AVG Anti-Spyware from HERE (http://www.ewido.net/en/download/)
Install AVG Anti-Spyware
Double-click the icon on Desktop to launch AVG Anti-Spyware
You will need to update AVG Anti-Spyware to the latest definition files.
On the top of the main screen click Shield and then [active] to change it to inactive
On the top of the main screen click Update and then Start Update.
Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
Close ALL open Windows / Programs / Folders. Run AVG Anti-Spyware with it's updated definitions: (...it's important that all windows must be closed)
* Click Scanner and then the Scan tab
* Click Complete System Scan to begin scanning.
Once the scan is complete do the following:
* If you have any infections you will prompted, then select "Apply all actions"
* Once finished, click the Save report button, then click Save Report As and save it to your Desktop. (make sure to remember where you saved that file, this is important).
Close AVG Anti-Spyware and Reboot.
And then post back with the logs and a fresh HJT log... Please stay off of the internet as much as possible until this computer is clean and avoid installing any programs other than the ones used to clean up and protect...
Betsy89
08-05-2007, 08:47 PM
ComboFix 07-08-04.3 - "Prestwood Family" 2007-08-05 17:45:44.1 [GMT -4:00] - NTFS
Microsoft Windows XP Home Edition 5.1.2600.1.1252.1.1033.18.True
* Created a new restore point
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\DOCUME~1\PRESTW~1\APPLIC~1.\asembl~1
C:\DOCUME~1\PRESTW~1\APPLIC~1.\dobe~1
C:\DOCUME~1\PRESTW~1\APPLIC~1.\mantec~1
C:\DOCUME~1\PRESTW~1\APPLIC~1.\mantec~1\javaw.exe
C:\DOCUME~1\PRESTW~1\APPLIC~1.\mbols~1
C:\DOCUME~1\PRESTW~1\APPLIC~1.\racle~1
C:\DOCUME~1\PRESTW~1\APPLIC~1\..\err.log>>d-delA.cf
C:\DOCUME~1\PRESTW~1\APPLIC~1\install.dat
C:\DOCUME~1\PRESTW~1\MYDOCU~1.\ecurit~1
C:\DOCUME~1\PRESTW~1\MYDOCU~1.\fnts~1
C:\DOCUME~1\PRESTW~1\MYDOCU~1.\icroso~1
C:\DOCUME~1\PRESTW~1\MYDOCU~1.\ppatch~1
C:\DOCUME~1\PRESTW~1\MYDOCU~1.\racle~1
C:\DOCUME~1\PRESTW~1\MYDOCU~1.\ymante~1
C:\Program Files\Common Files\{30858~1
C:\Program Files\Common Files\{C0858~1
C:\Program Files\Common Files\{C0858~2
C:\Program Files\Common Files\dobe~1
C:\Program Files\Common Files\pppatc~1
C:\Program Files\Common Files\stem~1
C:\Program Files\Common Files\Yazzle1281OinUninstaller.exe
C:\Program Files\dns
C:\Program Files\dns\affid.dat
C:\Program Files\dns\cwebpage.dll
C:\Program Files\dns\uid.dat
C:\Program Files\dns\version.txt
C:\Program Files\dns\x.bmp
C:\Program Files\dobe~1
C:\Program Files\inetget2
C:\Program Files\internet explorer\svchost.exe
C:\Program Files\outerinfo
C:\Program Files\outerinfo\OinUninstall.exe
C:\Program Files\outerinfo\OiUninstaller.exe
C:\Program Files\outerinfo\Outerinfo.dll
C:\Program Files\outerinfo\Outerinfo.exe
C:\Program Files\outerinfo\outerinfo.ico
C:\Program Files\outerinfo\OuterinfoUpdate.exe
C:\Program Files\outerinfo\Terms.rtf
C:\Program Files\wnsxs~1
C:\temp\0b9
C:\temp\0b9\tmpTF.log
C:\Temp\aZ001.exe
C:\temp\iee
C:\temp\iee\tmpZTF.log
C:\temp\tn3
C:\WINDOWS\appatc~1
C:\WINDOWS\rau001978.exe
C:\WINDOWS\retadpu2000219.exe
C:\WINDOWS\system32\argkbabj.dll
C:\WINDOWS\system32\cepumcxg.dll
C:\WINDOWS\system32\cuxiamtu.dll
C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\system32\drivers\core.sys
C:\WINDOWS\system32\ewkhmsih.dll
C:\WINDOWS\SYSTEM32\ggjlm.bak1
C:\WINDOWS\SYSTEM32\ggjlm.bak2
C:\WINDOWS\SYSTEM32\ggjlm.ini
C:\WINDOWS\SYSTEM32\ggjlm.ini2
C:\WINDOWS\SYSTEM32\ggjlm.tmp
C:\WINDOWS\SYSTEM32\golvkdhr.ini
C:\WINDOWS\SYSTEM32\hismhkwe.ini
C:\WINDOWS\SYSTEM32\hjkmp.ini
C:\WINDOWS\system32\hwmditvx.dll
C:\WINDOWS\SYSTEM32\jbabkgra.ini
C:\WINDOWS\system32\mljgg.dll
C:\WINDOWS\system32\muehqnhb.dll
C:\WINDOWS\SYSTEM32\nqwcugip.ini
C:\WINDOWS\system32\nxoyvwya.dll
C:\WINDOWS\system32\o02PrEz
C:\WINDOWS\system32\obxysufq.dll
C:\WINDOWS\system32\pigucwqn.dll
C:\WINDOWS\system32\pmkjh.dll
C:\WINDOWS\SYSTEM32\qfusyxbo.ini
C:\WINDOWS\system32\qkqdqxmq.dll
C:\WINDOWS\SYSTEM32\qmxqdqkq.ini
C:\WINDOWS\system32\rhdkvlog.dll
C:\WINDOWS\system32\rikkgyrn.dll
C:\WINDOWS\system32\S10
C:\WINDOWS\system32\S2
C:\WINDOWS\system32\S3
C:\WINDOWS\system32\S4
C:\WINDOWS\system32\S5
C:\WINDOWS\system32\S9
C:\WINDOWS\system32\tqrjbexa.dll
C:\WINDOWS\system32\unsvchosts.lzma
C:\WINDOWS\system32\win
C:\WINDOWS\system32\winnb58.dll
C:\WINDOWS\system32\wintsvcc32.exe
C:\WINDOWS\system32\wyxxaujc.dll
C:\WINDOWS\system32\xcagsota.dll
C:\WINDOWS\system32\xihrhont.dll
C:\WINDOWS\system32\xtrimxhk.dll
C:\WINDOWS\system32\ymante~1
C:\WINDOWS\system32\ymbols~1
C:\WINDOWS\system32\ymsouehu.dll
C:\WINDOWS\system32ghynf.exe
C:\WINDOWS\whcc-giant.exe
C:\WINDOWS\wr.txt
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
-------\LEGACY_COM+_MESSAGES
-------\LEGACY_CORE
-------\LEGACY_DOMAINSERVICE
-------\LEGACY_NET_AGENT
-------\LEGACY_WINDOWS_OVERLAY_COMPONENTS
-------\COM+ Messages
-------\core
-------\DomainService
-------\Net Agent
-------\Windows Overlay Components
((((((((((((((((((((((((( Files Created from 2007-07-05 to 2007-08-05 )))))))))))))))))))))))))))))))
2007-08-05 17:22 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-05 15:43 <DIR> d-------- C:\WINDOWS\LastGood.Tmp
2007-08-05 15:39 125,504 --a------ C:\WINDOWS\SYSTEM32\xrusuyxi.dll
2007-08-05 11:47 60,928 --a------ C:\WINDOWS\SYSTEM32\gzqzgt.dll
2007-08-04 11:28 125,504 --a------ C:\WINDOWS\SYSTEM32\xtqtfuvq.dll
2007-08-03 11:27 125,504 --a------ C:\WINDOWS\SYSTEM32\bcrfnkwe.dll
2007-08-02 09:49 125,504 --a------ C:\WINDOWS\SYSTEM32\nopjymrx.dll
2007-07-31 22:29 125,504 --a------ C:\WINDOWS\SYSTEM32\umxvqjkq.dll
2007-07-31 22:10 <DIR> d-------- C:\Program Files\Mars
2007-07-31 22:07 118,784 --a------ C:\WINDOWS\SYSTEM32\PTTreeIcons.dll
2007-07-28 15:00 126,016 --a------ C:\WINDOWS\SYSTEM32\eyuqsdqe.dll
2007-07-14 22:52 10,872 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\AvgAsCln.sys
2007-07-11 10:33 796,352 -r-hs---- C:\WINDOWS\smncnpiA.exe
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
2007-07-31 22:08 --------- d-------- C:\Program Files\Kids Cam Sticker Factory
2007-07-13 18:23 --------- d-------- C:\DOCUME~1\PRESTW~1\APPLIC~1\AdobeUM
2007-06-19 12:24 43 --a------ C:\WINDOWS\Pt.dll
2006-07-26 18:36 0 --a------ C:\DOCUME~1\PRESTW~1\APPLIC~1\internaldb41.dat
2005-02-22 22:40 0 ---h----- C:\Program Files\AppUpdate.log
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{306B1E89-F441-F99F-1A64-888DB851D7CF}]
C:\WINDOWS\System32\oplzmt.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{31651CDA-A646-A89B-1864-888DB8518E9F}]
C:\WINDOWS\System32\ycpobc.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{37611D8F-F644-F999-1264-888DB851D49C}]
C:\WINDOWS\System32\ajozzjj.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4ED3ACBB-4723-1BFF-7A07-3EB60B3DF1C9}]
2007-08-01 09:43 60928 --a------ C:\WINDOWS\System32\gzqzgt.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{62374B8D-F646-FD90-1864-888DB851D79B}]
C:\WINDOWS\System32\isytjqmw.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D351C8E-F146-FBCD-1864-888DB851819B}]
C:\WINDOWS\System32\edrig.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A293BC78-8970-42E2-984B-DF4A67DA1531}]
C:\Program Files\Common Files\hoke83122.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AFE6CB3B-3058-4086-95B0-DCF93CB48A44}]
C:\Program Files\Internet Explorer\lavufa.dll
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}"= C:\WINDOWS\System32\WinNB58.dll [ ]
[HKEY_CLASSES_ROOT\CLSID\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}]
[HKEY_CLASSES_ROOT\TypeLib\{566DEDE9-9ED8-45DA-9BE6-9B2EEAB17F49}]
Betsy89
08-05-2007, 08:48 PM
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-07-14 22:50]
"TangoManager"="C:\PROGRA~1\EFFICI~1\TANGOM~1\app\TANGOM~1.EXE" [2003-05-06 17:40]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-05-31 23:15]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2004-10-13 16:04]
"IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 21:12]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 05:25]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2007-07-05 09:23]
"Dwvpd"="C:\WINDOWS\SYSTEM32\?ymantec\wucrtupd.exe" []
"MSMSGS"="C:\Program Files\Messenger\MSMSGS.exe" [2004-11-15 17:18]
"Qikhyaqt"="C:\Documents and Settings\Prestwood Family\Application Data\??mantec\javaw.exe" []
C:\Documents and Settings\Prestwood Family\Start Menu\Programs\Startup\
DESKTOP.INI [2002-09-03 10:00:00]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]
DESKTOP.INI [2002-09-03 10:00:00]
Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2004-08-11 03:22:40]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmnljif]
pmnljif.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\27ES3Fl]
mageftp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\WINDOWS]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\WINDOWS\VCMnet11.exe]
C:\WINDOWS\VCMnet11.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cfgmgr52]
RunDLL32.EXE C:\WINDOWS\cfgmgr52.dll,DllRun
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
"C:\Program Files\Dell Support\DSAgnt.exe" /startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DNS]
C:\Program Files\Common Files\mc-58-12-0000079-d.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gcasServ]
"C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
C:\WINDOWS\System32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
C:\WINDOWS\System32\igfxtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelMeM]
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Jwx2RPJqg]
lprpsspc.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X1100 Series]
"C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lgpthx]
c:\windows\system32\ueheoo.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]
???�?�?�?�????
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\qsnntc]
C:\WINDOWS\System32\qsnntc.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TangoManager]
C:\PROGRA~1\EFFICI~1\TANGOM~1\app\TANGOM~1.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SvcProc"=2 (0x2)
R1 DcCam;Kodak Camera Proxy;C:\WINDOWS\System32\DRIVERS\DcCam.sys
R2 DCFS2K;Kodak DCFS2K Driver;C:\WINDOWS\System32\drivers\dcfs2k.sys
R3 ENDETECT;ENDETECT;\??\C:\PROGRA~1\EFFICI~1\TANGOM~ 1\app\ENDETECT.SYS
R3 ENETNT5;Efficient Networks, tango Access PPPoE WAN Miniport;C:\WINDOWS\System32\DRIVERS\enetnt.sys
R3 IntelC51;IntelC51;C:\WINDOWS\System32\DRIVERS\Inte lC51.sys
R3 IntelC52;IntelC52;C:\WINDOWS\System32\DRIVERS\Inte lC52.sys
R3 IntelC53;IntelC53;C:\WINDOWS\System32\DRIVERS\Inte lC53.sys
R3 mohfilt;mohfilt;C:\WINDOWS\System32\DRIVERS\mohfil t.sys
R3 NTSTPL1;NTSTPL1;\??\C:\PROGRA~1\EFFICI~1\TANGOM~1\ app\NTSTPL1.SYS
R3 RAWESR;RAWESR;\??\C:\PROGRA~1\EFFICI~1\TANGOM~1\ap p\RAWESR.SYS
R3 TAPBIND;TAPBIND;\??\C:\PROGRA~1\EFFICI~1\TANGOM~1\ app\TAPBIND1.SYS
S1 Exportit;Exportit;C:\WINDOWS\System32\DRIVERS\expo rtit.sys
S2 G11AV;Digital Camera - PC Camera;C:\WINDOWS\System32\Drivers\G11av.sys
S3 DcFpoint;DcFpoint;C:\WINDOWS\System32\DRIVERS\DcFp oint.sys
S3 DcLps;Legacy Polling Service;C:\WINDOWS\System32\DRIVERS\DcLps.sys
S3 DcPTP;dcptp;C:\WINDOWS\System32\DRIVERS\DcPTP.sys
S3 hqapyeg.sys;hqapyeg.sys;\??\C:\WINDOWS\System32\hq apyeg.sys
S3 iAimFP0;iAimFP0;C:\WINDOWS\System32\DRIVERS\wADV01 nt.sys
S3 iAimFP1;iAimFP1;C:\WINDOWS\System32\DRIVERS\wADV02 NT.sys
S3 iAimFP2;iAimFP2;C:\WINDOWS\System32\DRIVERS\wADV05 NT.sys
S3 iAimFP3;iAimFP3;C:\WINDOWS\System32\DRIVERS\wSiINT xx.sys
S3 iAimFP4;iAimFP4;C:\WINDOWS\System32\DRIVERS\wVchNT xx.sys
S3 iAimTV0;iAimTV0;C:\WINDOWS\System32\DRIVERS\wATV01 nt.sys
S3 iAimTV1;iAimTV1;C:\WINDOWS\System32\DRIVERS\wATV02 NT.sys
S3 iAimTV2;iAimTV2;C:\WINDOWS\System32\DRIVERS\wATV03 nt.sys
S3 iAimTV3;iAimTV3;C:\WINDOWS\System32\DRIVERS\wATV04 nt.sys
S3 iAimTV4;iAimTV4;C:\WINDOWS\System32\DRIVERS\wCh7xx NT.sys
S3 L2XPSR;L2XPSR;\??\C:\PROGRA~1\EFFICI~1\TANGOM~1\ap p\L2XPSR.SYS
S3 MR97310_VGA_DUAL_CAMERA;VGA Dual-Mode Camera;C:\WINDOWS\System32\DRIVERS\mr97310v.sys
S3 USBCamera;Digital Still Image Capture;C:\WINDOWS\System32\Drivers\Bulk533.sys
S3 wanatw;WAN Miniport (ATW);C:\WINDOWS\System32\DRIVERS\wanatw4.sys
Contents of the 'Scheduled Tasks' folder
2007-08-05 04:00:00 C:\WINDOWS\Tasks\McAfee.com Scan for Viruses - My Computer (1) (PRESTWOOD-Prestwood Family).job - c:\program files\mcafee.com\vso\mcmnhdlr.exe
2007-08-05 22:11:22 C:\WINDOWS\Tasks\Symantec NetDetect.job - C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
************************************************** ************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [url]http://www.gmer.net[/url]
Rootkit scan 2007-08-05 18:07:17
Windows 5.1.2600 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
************************************************** ************************
Completion time: 2007-08-05 18:16:06 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-08-05 18:15
C:\ComboFix.2006-08-08.191339.txt ... 2006-08-07 15:43
C:\ComboFix.2006-08-09.134312.txt ... 2006-08-08 19:14
C:\ComboFix2.txt ... 2006-08-09 13:43
--- E O F ---
Betsy89
08-05-2007, 08:52 PM
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------
+ Created at: 7:25:16 PM 8/5/2007
+ Scan result:
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1024\A0308816.exe -> Adware.Adlog : Cleaned.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1024\A0308792.dll -> Adware.Adstart : Cleaned.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1024\A0308793.dll -> Adware.Adstart : Cleaned.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1024\A0308794.dll -> Adware.Adstart : Cleaned.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1024\A0308798.dll -> Adware.Aws : Cleaned.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1024\A0308817.dll -> Adware.Ipend : Cleaned.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1024\A0308805.exe -> Adware.Maxifiles : Cleaned.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1024\A0308784.dll -> Adware.Mirar : Cleaned.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1024\A0308785.dll -> Adware.Mirar : Cleaned.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1024\A0308786.dll -> Adware.Mirar : Cleaned.
C:\QooBox\Quarantine\C\Program Files\Outerinfo\OiUninstaller.exe.vir -> Adware.PurityScan : Cleaned.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1019\A0306589.dll -> Adware.PurityScan : Cleaned.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1024\A0308783.exe -> Adware.PurityScan : Cleaned.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1024\A0308848.dll -> Adware.PurityScan : Cleaned.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1024\A0308878.exe -> Adware.PurityScan : Cleaned.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1025\A0308918.dll -> Adware.PurityScan : Cleaned.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1025\A0308926.dll -> Adware.PurityScan : Cleaned.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1026\A0308945.exe -> Adware.PurityScan : Cleaned.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1028\A0309119.exe -> Adware.PurityScan : Cleaned.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1029\A0309172.dll -> Adware.PurityScan : Cleaned.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1029\A0309184.exe -> Adware.PurityScan : Cleaned.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1030\A0309210.dll -> Adware.PurityScan : Cleaned.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1030\A0309211.exe -> Adware.PurityScan : Cleaned.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1033\A0309223.dll -> Adware.PurityScan : Cleaned.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1033\A0309224.exe -> Adware.PurityScan : Cleaned.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1034\A0309245.exe -> Adware.PurityScan : Cleaned.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1037\A0310225.dll -> Adware.PurityScan : Cleaned.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1042\A0312249.dll -> Adware.PurityScan : Cleaned.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1042\A0312251.exe -> Adware.PurityScan : Cleaned.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1042\A0312262.dll -> Adware.PurityScan : Cleaned.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1042\A0312263.exe -> Adware.PurityScan : Cleaned.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1045\A0313322.exe -> Adware.PurityScan : Cleaned.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1024\A0308801.DLL -> Adware.Relevance : Cleaned.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1024\A0308815.DLL -> Adware.SafeSurfing : Cleaned.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1024\A0308806.exe -> Adware.SearchAssistant : Cleaned.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1024\A0308807.exe -> Adware.SearchAssistant : Cleaned.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1024\A0308808.exe -> Adware.SearchAssistant : Cleaned.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1024\A0308809.exe -> Adware.SearchAssistant : Cleaned.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1024\A0308810.exe -> Adware.SearchAssistant : Cleaned.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1024\A0308811.exe -> Adware.SearchAssistant : Cleaned.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1024\A0308787.exe -> Adware.Softomate : Cleaned.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1024\A0308788.dll -> Adware.Softomate : Cleaned.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1024\A0308789.exe -> Adware.Softomate : Cleaned.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1024\A0308790.dll -> Adware.Softomate : Cleaned.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1024\A0308791.exe -> Adware.Softomate : Cleaned.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1024\A0308795.dll -> Adware.Suggestor : Cleaned.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1024\A0308796.dll -> Adware.Suggestor : Cleaned.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1024\A0308799.dll -> Adware.TTC : Cleaned.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1024\A0308800.exe -> Adware.TTC : Cleaned.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1024\A0308812.dll -> Adware.Virtumonde : Cleaned.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1024\A0308813.dll -> Adware.Virtumonde : Cleaned.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1024\A0308814.dll -> Adware.Virtumonde : Cleaned.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1025\A0308927.dll -> Adware.Virtumonde : Cleaned.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1024\A0308797.dll -> Adware.WebHancer : Cleaned.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1024\A0308803.DLL -> Adware.WinAD : Cleaned.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1024\A0308804.EXE -> Adware.WinAD : Cleaned.
Betsy89
08-05-2007, 08:53 PM
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1024\A0308802.exe -> Adware.Wintol : Cleaned.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1024\A0308781.exe -> Adware.ZenoSearch : Cleaned.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1024\A0308782.exe -> Adware.ZenoSearch : Cleaned.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1024\A0308780.exe -> Downloader.Agent.om : Cleaned.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1024\A0308778.exe -> Downloader.Mavit : Cleaned.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1024\A0308771.exe -> Downloader.PurityScan.eh : Cleaned.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1024\A0308770.exe -> Downloader.Small.buy : Cleaned.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1024\A0308772.exe -> Dropper.Agent.bfr : Cleaned.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1024\A0308818.dll -> Not-A-Virus.Downloader.Win32.OTXloader : Cleaned.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1024\A0308820.dll -> Not-A-Virus.Downloader.Win32.PopCap.b : Cleaned.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1024\A0308819.dll -> Not-A-Virus.Downloader.Win32.PopCap.c : Cleaned.
C:\QooBox\Quarantine\catchme2007-08-05_180707.12.zip/core.sys -> Rootkit.Agent.eq : Cleaned.
:mozilla.644:C:\Documents and Settings\Prestwood Family\Application Data\Mozilla\Firefox\Profiles\g9nauncu.default\coo kies.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.243:C:\Documents and Settings\Prestwood Family\Application Data\Mozilla\Firefox\Profiles\g9nauncu.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.244:C:\Documents and Settings\Prestwood Family\Application Data\Mozilla\Firefox\Profiles\g9nauncu.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.245:C:\Documents and Settings\Prestwood Family\Application Data\Mozilla\Firefox\Profiles\g9nauncu.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.246:C:\Documents and Settings\Prestwood Family\Application Data\Mozilla\Firefox\Profiles\g9nauncu.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.247:C:\Documents and Settings\Prestwood Family\Application Data\Mozilla\Firefox\Profiles\g9nauncu.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.248:C:\Documents and Settings\Prestwood Family\Application Data\Mozilla\Firefox\Profiles\g9nauncu.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.249:C:\Documents and Settings\Prestwood Family\Application Data\Mozilla\Firefox\Profiles\g9nauncu.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.250:C:\Documents and Settings\Prestwood Family\Application Data\Mozilla\Firefox\Profiles\g9nauncu.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.251:C:\Documents and Settings\Prestwood Family\Application Data\Mozilla\Firefox\Profiles\g9nauncu.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.252:C:\Documents and Settings\Prestwood Family\Application Data\Mozilla\Firefox\Profiles\g9nauncu.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.253:C:\Documents and Settings\Prestwood Family\Application Data\Mozilla\Firefox\Profiles\g9nauncu.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.254:C:\Documents and Settings\Prestwood Family\Application Data\Mozilla\Firefox\Profiles\g9nauncu.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.255:C:\Documents and Settings\Prestwood Family\Application Data\Mozilla\Firefox\Profiles\g9nauncu.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.256:C:\Documents and Settings\Prestwood Family\Application Data\Mozilla\Firefox\Profiles\g9nauncu.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.257:C:\Documents and Settings\Prestwood Family\Application Data\Mozilla\Firefox\Profiles\g9nauncu.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.258:C:\Documents and Settings\Prestwood Family\Application Data\Mozilla\Firefox\Profiles\g9nauncu.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.259:C:\Documents and Settings\Prestwood Family\Application Data\Mozilla\Firefox\Profiles\g9nauncu.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.260:C:\Documents and Settings\Prestwood Family\Application Data\Mozilla\Firefox\Profiles\g9nauncu.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.261:C:\Documents and Settings\Prestwood Family\Application Data\Mozilla\Firefox\Profiles\g9nauncu.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.262:C:\Documents and Settings\Prestwood Family\Application Data\Mozilla\Firefox\Profiles\g9nauncu.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.263:C:\Documents and Settings\Prestwood Family\Application Data\Mozilla\Firefox\Profiles\g9nauncu.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.264:C:\Documents and Settings\Prestwood Family\Application Data\Mozilla\Firefox\Profiles\g9nauncu.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.265:C:\Documents and Settings\Prestwood Family\Application Data\Mozilla\Firefox\Profiles\g9nauncu.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.266:C:\Documents and Settings\Prestwood Family\Application Data\Mozilla\Firefox\Profiles\g9nauncu.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.267:C:\Documents and Settings\Prestwood Family\Application Data\Mozilla\Firefox\Profiles\g9nauncu.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.268:C:\Documents and Settings\Prestwood Family\Application Data\Mozilla\Firefox\Profiles\g9nauncu.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.269:C:\Documents and Settings\Prestwood Family\Application Data\Mozilla\Firefox\Profiles\g9nauncu.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.270:C:\Documents and Settings\Prestwood Family\Application Data\Mozilla\Firefox\Profiles\g9nauncu.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.271:C:\Documents and Settings\Prestwood Family\Application Data\Mozilla\Firefox\Profiles\g9nauncu.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.474:C:\Documents and Settings\Prestwood Family\Application Data\Mozilla\Firefox\Profiles\g9nauncu.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.768:C:\Documents and Settings\Prestwood Family\Application Data\Mozilla\Firefox\Profiles\g9nauncu.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.782:C:\Documents and Settings\Prestwood Family\Application Data\Mozilla\Firefox\Profiles\g9nauncu.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.789:C:\Documents and Settings\Prestwood Family\Application Data\Mozilla\Firefox\Profiles\g9nauncu.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.871:C:\Documents and Settings\Prestwood Family\Application Data\Mozilla\Firefox\Profiles\g9nauncu.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned.
Betsy89
08-05-2007, 08:53 PM
C:\Documents and Settings\Prestwood Family\Cookies\prestwood family@2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Prestwood Family\Cookies\prestwood family@buzznet.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Prestwood Family\Cookies\prestwood family@heavycom.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Prestwood Family\Cookies\prestwood family@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Prestwood Family\Cookies\prestwood family@pch.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.724:C:\Documents and Settings\Prestwood Family\Application Data\Mozilla\Firefox\Profiles\g9nauncu.default\coo kies.txt -> TrackingCookie.Aavalue : Cleaned.
:mozilla.725:C:\Documents and Settings\Prestwood Family\Application Data\Mozilla\Firefox\Profiles\g9nauncu.default\coo kies.txt -> TrackingCookie.Aavalue : Cleaned.
:mozilla.726:C:\Documents and Settings\Prestwood Family\Application Data\Mozilla\Firefox\Profiles\g9nauncu.default\coo kies.txt -> TrackingCookie.Aavalue : Cleaned.
:mozilla.727:C:\Documents and Settings\Prestwood Family\Application Data\Mozilla\Firefox\Profiles\g9nauncu.default\coo kies.txt -> TrackingCookie.Aavalue : Cleaned.
:mozilla.728:C:\Documents and Settings\Prestwood Family\Application Data\Mozilla\Firefox\Profiles\g9nauncu.default\coo kies.txt -> TrackingCookie.Aavalue : Cleaned.
:mozilla.729:C:\Documents and Settings\Prestwood Family\Application Data\Mozilla\Firefox\Profiles\g9nauncu.default\coo kies.txt -> TrackingCookie.Aavalue : Cleaned.
:mozilla.730:C:\Documents and Settings\Prestwood Family\Application Data\Mozilla\Firefox\Profiles\g9nauncu.default\coo kies.txt -> TrackingCookie.Aavalue : Cleaned.
:mozilla.739:C:\Documents and Settings\Prestwood Family\Application Data\Mozilla\Firefox\Profiles\g9nauncu.default\coo kies.txt -> TrackingCookie.Aavalue : Cleaned.
:mozilla.740:C:\Documents and Settings\Prestwood Family\Application Data\Mozilla\Firefox\Profiles\g9nauncu.default\coo kies.txt -> TrackingCookie.Aavalue : Cleaned.
:mozilla.741:C:\Documents and Settings\Prestwood Family\Application Data\Mozilla\Firefox\Profiles\g9nauncu.default\coo kies.txt -> TrackingCookie.Aavalue : Cleaned.
:mozilla.742:C:\Documents and Settings\Prestwood Family\Application Data\Mozilla\Firefox\Profiles\g9nauncu.default\coo kies.txt -> TrackingCookie.Aavalue : Cleaned.
:mozilla.743:C:\Documents and Settings\Prestwood Family\Application Data\Mozilla\Firefox\Profiles\g9nauncu.default\coo kies.txt -> TrackingCookie.Aavalue : Cleaned.
:mozilla.744:C:\Documents and Settings\Prestwood Family\Application Data\Mozilla\Firefox\Profiles\g9nauncu.default\coo kies.txt -> TrackingCookie.Aavalue : Cleaned.
C:\Documents and Settings\Prestwood Family\Cookies\prestwood family@aavalue[1].txt -> TrackingCookie.Aavalue : Cleaned.
C:\Documents and Settings\Prestwood Family\Cookies\prestwood family@arn.aavalue[2].txt -> TrackingCookie.Aavalue : Cleaned.
C:\Documents and Settings\Prestwood Family\Cookies\prestwood family@getmusicfree.aavalue[1].txt -> TrackingCookie.Aavalue : Cleaned.
C:\Documents and Settings\Prestwood Family\Cookies\prestwood family@pan.aavalue[1].txt -> TrackingCookie.Aavalue : Cleaned.
C:\Documents and Settings\Prestwood Family\Cookies\prestwood family@www.abcsearch[1].txt -> TrackingCookie.Abcsearch : Cleaned.
:mozilla.398:C:\Documents and Settings\Prestwood Family\Application Data\Mozilla\Firefox\Profiles\g9nauncu.default\coo kies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.399:C:\Documents and Settings\Prestwood Family\Application Data\Mozilla\Firefox\Profiles\g9nauncu.default\coo kies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.400:C:\Documents and Settings\Prestwood Family\Application Data\Mozilla\Firefox\Profiles\g9nauncu.default\coo kies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.805:C:\Documents and Settings\Prestwood Family\Application Data\Mozilla\Firefox\Profiles\g9nauncu.default\coo kies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.850:C:\Documents and Settings\Prestwood Family\Application Data\Mozilla\Firefox\Profiles\g9nauncu.default\coo kies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.861:C:\Documents and Settings\Prestwood Family\Application Data\Mozilla\Firefox\Profiles\g9nauncu.default\coo kies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.905:C:\Documents and Settings\Prestwood Family\Application Data\Mozilla\Firefox\Profiles\g9nauncu.default\coo kies.txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Prestwood Family\Cookies\prestwood family@adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Prestwood Family\Cookies\prestwood family@ads.adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.548:C:\Documents and Settings\Prestwood Family\Application Data\Mozilla\Firefox\Profiles\g9nauncu.default\coo kies.txt -> TrackingCookie.Addynamix : Cleaned.
C:\Documents and Settings\Prestwood Family\Cookies\prestwood family@ads.addynamix[1].txt -> TrackingCookie.Addynamix : Cleaned.
:mozilla.300:C:\Documents and Settings\Prestwood Family\Application Data\Mozilla\Firefox\Profiles\g9nauncu.default\coo kies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.301:C:\Documents and Settings\Prestwood Family\Application Data\Mozilla\Firefox\Profiles\g9nauncu.default\coo kies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.302:C:\Documents and Settings\Prestwood Family\Application Data\Mozilla\Firefox\Profiles\g9nauncu.default\coo kies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.303:C:\Documents and Settings\Prestwood Family\Application Data\Mozilla\Firefox\Profiles\g9nauncu.default\coo kies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.304:C:\Documents and Settings\Prestwood Family\Application Data\Mozilla\Firefox\Profiles\g9nauncu.default\coo kies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.305:C:\Documents and Settings\Prestwood Family\Application Data\Mozilla\Firefox\Profiles\g9nauncu.default\coo kies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.306:C:\Documents and Settings\Prestwood Family\Application Data\Mozilla\Firefox\Profiles\g9nauncu.default\coo kies.txt -> TrackingCookie.Adrevolver : Cleaned.
C:\Documents and Settings\Prestwood Family\Cookies\prestwood family@adrevolver[1].txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.70:C:\Documents and Settings\Prestwood Family\Application Data\Mozilla\Firefox\Profiles\g9nauncu.default\coo kies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.71:C:\Documents and Settings\Prestwood Family\Application Data\Mozilla\Firefox\Profiles\g9nauncu.default\coo kies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.72:C:\Documents and Settings\Prestwood Family\Application Data\Mozilla\Firefox\Profiles\g9nauncu.default\coo kies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.73:C:\Documents and Settings\Prestwood Family\Application Data\Mozilla\Firefox\Profiles\g9nauncu.default\coo kies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.74:C:\Documents and Settings\Prestwood Family\Application Data\Mozilla\Firefox\Profiles\g9nauncu.default\coo kies.txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\Prestwood Family\Cookies\prestwood family@advertising[1].txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.115:C:\Documents and Settings\Prestwood Family\Application Data\Mozilla\Firefox\Profiles\g9nauncu.default\coo kies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.589:C:\Documents and Settings\Prestwood Family\Application Data\Mozilla\Firefox\Profiles\g9nauncu.default\coo kies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.682:C:\Documents and Settings\Prestwood Family\Application Data\Mozilla\Firefox\Profiles\g9nauncu.default\coo kies.txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Prestwood Family\Cookies\prestwood family@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.853:C:\Documents and Settings\Prestwood Family\Application Data\Mozilla\Firefox\Profiles\g9nauncu.default\coo kies.txt -> TrackingCookie.Bfast : Cleaned.
:mozilla.112:C:\Documents and Settings\Prestwood Family\Application Data\Mozilla\Firefox\Profiles\g9nauncu.default\coo kies.txt -> TrackingCookie.Bluestreak : Cleaned.
C:\Documents and Settings\Prestwood Family\Cookies\prestwood family@bluestreak[2].txt -> TrackingCookie.Bluestreak : Cleaned.
:mozilla.317:C:\Documents and Settings\Prestwood Family\Application Data\Mozilla\Firefox\Profiles\g9nauncu.default\coo kies.txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.318:C:\Documents and Settings\Prestwood Family\Application Data\Mozilla\Firefox\Profiles\g9nauncu.default\coo kies.txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.319:C:\Documents and Settings\Prestwood Family\Application Data\Mozilla\Firefox\Profiles\g9nauncu.default\coo kies.txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.402:C:\Documents and Settings\Prestwood Family\Application Data\Mozilla\Firefox\Profiles\g9nauncu.default\coo kies.txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.403:C:\Documents and Settings\Prestwood Family\Application Data\Mozilla\Firefox\Profiles\g9nauncu.default\coo kies.txt -> TrackingCookie.Bridgetrack : Cleaned.
Betsy89
08-05-2007, 08:54 PM
:mozilla.404:C:\Documents and Settings\Prestwood Family\Application Data\Mozilla\Firefox\Profiles\g9nauncu.default\coo kies.txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.333:C:\Documents and Settings\Prestwood Family\Application Data\Mozilla\Firefox\Profiles\g9nauncu.default\coo kies.txt -> TrackingCookie.Burstbeacon : Cleaned.
C:\Documents and Settings\Prestwood Family\Cookies\prestwood family@www.burstbeacon[2].txt -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.332:C:\Documents and Settings\Prestwood Family\Application Data\Mozilla\Firefox\Profiles\g9nauncu.default\coo kies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.336:C:\Documents and Settings\Prestwood Family\Application Data\Mozilla\Firefox\Profiles\g9nauncu.default\coo kies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.338:C:\Documents and Settings\Prestwood Family\Application Data\Mozilla\Firefox\Profiles\g9nauncu.default\coo kies.txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Prestwood Family\Cookies\prestwood family@burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Prestwood Family\Cookies\prestwood family@www.burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.346:C:\Documents and Settings\Prestwood Family\Application Data\Mozilla\Firefox\Profiles\g9nauncu.default\coo kies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.347:C:\Documents and Settings\Prestwood Family\Application Data\Mozilla\Firefox\Profiles\g9nauncu.default\coo kies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.348:C:\Documents and Settings\Prestwood Family\Application Data\Mozilla\Firefox\Profiles\g9nauncu.default\coo kies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.349:C:\Documents and Settings\Prestwood Family\Application Data\Mozilla\Firefox\Profiles\g9nauncu.default\coo kies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.350:C:\Documents and Settings\Prestwood Family\Application Data\Mozilla\Firefox\Profiles\g9nauncu.default\coo kies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.351:C:\Documents and Settings\Prestwood Family\Application Data\Mozilla\Firefox\Profiles\g9nauncu.default\coo kies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.352:C:\Documents and Settings\Prestwood Family\Application Data\Mozilla\Firefox\Profiles\g9nauncu.default\coo kies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.353:C:\Documents and Settings\Prestwood Family\Application Data\Mozilla\Firefox\Profiles\g9nauncu.default\coo kies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.354:C:\Documents and Settings\Prestwood Family\Application Data\Mozilla\Firefox\Profiles\g9nauncu.default\coo kies.txt -> TrackingCookie.Casalemedia : Cleaned.
C:\Documents and Settings\Prestwood Family\Cookies\prestwood family@casalemedia[2].txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.471:C:\Documents and Settings\Prestwood Family\Application Data\Mozilla\Firefox\Profiles\g9nauncu.default\coo kies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.558:C:\Documents and Settings\Prestwood Family\Application Data\Mozilla\Firefox\Profiles\g9nauncu.default\coo kies.txt -> TrackingCookie.Coremetrics : Cleaned.
:mozilla.615:C:\Documents and Settings\Prestwood Family\Application Data\Mozilla\Firefox\Profiles\g9nauncu.default\coo kies.txt -> TrackingCookie.Coremetrics : Cleaned.
:mozilla.220:C:\Documents and Settings\Prestwood Family\Application Data\Mozilla\Firefox\Profiles\g9nauncu.default\coo kies.txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.221:C:\Documents and Settings\Prestwood Family\Application Data\Mozilla\Firefox\Profiles\g9nauncu.default\coo kies.txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.222:C:\Documents and Settings\Prestwood Family\Application Data\Mozilla\Firefox\Profiles\g9nauncu.default\coo kies.txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.223:C:\Documents and Settings\Prestwood Family\Application Data\Mozilla\Firefox\Profiles\g9nauncu.default\coo kies.txt -> TrackingCookie.Cpvfeed : Cleaned.
C:\Documents and Settings\Prestwood Family\Cookies\prestwood family@cpvfeed[1].txt -> TrackingCookie.Cpvfeed : Cleaned.
C:\Documents and Settings\Prestwood Family\Cookies\prestwood family@cpvfeed[3].txt -> TrackingCookie.Cpvfeed : Cleaned.
C:\Documents and Settings\Prestwood Family\Cookies\prestwood family@dealtime[1].txt -> TrackingCookie.Dealtime : Cleaned.
C:\Documents and Settings\Prestwood Family\Cookies\prestwood family@stat.dealtime[2].txt -> TrackingCookie.Dealtime : Cleaned.
:mozilla.56:C:\Documents and Settings\Prestwood Family\Application Data\Mozilla\Firefox\Profiles\g9nauncu.default\coo kies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.57:C:\Documents and Settings\Prestwood Family\Application Data\Mozilla\Firefox\Profiles\g9nauncu.default\coo kies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.767:C:\Documents and Settings\Prestwood Family\Application Data\Mozilla\Firefox\Profiles\g9nauncu.default\coo kies.txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Prestwood Family\Cookies\prestwood family@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.753:C:\Documents and Settings\Prestwood Family\Application Data\Mozilla\Firefox\Profiles\g9nauncu.default\coo kies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.754:C:\Documents and Settings\Prestwood Family\Application Data\Mozilla\Firefox\Profiles\g9nauncu.default\coo kies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.755:C:\Documents and Settings\Prestwood Family\Application Data\Mozilla\Firefox\Profiles\g9nauncu.default\coo kies.txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Prestwood Family\Cookies\prestwood family@e-2dj6wfkiojc5slp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.424:C:\Documents and Settings\Prestwood Family\Application Data\Mozilla\Firefox\Profiles\g9nauncu.default\coo kies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.425:C:\Documents and Settings\Prestwood Family\Application Data\Mozilla\Firefox\Profiles\g9nauncu.default\coo kies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.426:C:\Documents and Settings\Prestwood Family\Application Data\Mozilla\Firefox\Profiles\g9nauncu.default\coo kies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.427:C:\Documents and Settings\Prestwood Family\Application Data\Mozilla\Firefox\Profiles\g9nauncu.default\coo kies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.428:C:\Documents and Settings\Prestwood Family\Application Data\Mozilla\Firefox\Profiles\g9nauncu.default\coo kies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.75:C:\Documents and Settings\Prestwood Family\Application Data\Mozilla\Firefox\Profiles\g9nauncu.default\coo kies.txt -> TrackingCookie.Fastclick : Cleaned.
Betsy89
08-05-2007, 08:54 PM
:mozilla.76:C:\Documents and Settings\Prestwood Family\Application Data\Mozilla\Firefox\Profiles\g9nauncu.default\coo kies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.77:C:\Documents and Settings\Prestwood Family\Application Data\Mozilla\Firefox\Profiles\g9nauncu.default\coo kies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.78:C:\Documents and Settings\Prestwood Family\Application Data\Mozilla\Firefox\Profiles\g9nauncu.default\coo kies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.79:C:\Documents and Settings\Prestwood Family\Application Data\Mozilla\Firefox\Profiles\g9nauncu.default\coo kies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.80:C:\Documents and Settings\Prestwood Family\Application Data\Mozilla\Firefox\Profiles\g9nauncu.default\coo kies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.81:C:\Documents and Settings\Prestwood Family\Application Data\Mozilla\Firefox\Profiles\g9nauncu.default\coo kies.txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\Prestwood Family\Cookies\prestwood family@fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\Prestwood Family\Cookies\prestwood family@goclick[2].txt -> TrackingCookie.Goclick : Cleaned.
:mozilla.607:C:\Documents and Settings\Prestwood Family\Application Data\Mozilla\Firefox\Profiles\g9nauncu.default\coo kies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.414:C:\Documents and Settings\Prestwood Family\Application Data\Mozilla\Firefox\Profiles\g9nauncu.default\coo kies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.415:C:\Documents and Settings\Prestwood Family\Application Data\Mozilla\Firefox\Profiles\g9nauncu.default\coo kies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.605:C:\Documents and Settings\Prestwood Family\Application Data\Mozilla\Firefox\Profiles\g9nauncu.default\coo kies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.701:C:\Documents and Settings\Prestwood Family\Application Data\Mozilla\Firefox\Profiles\g9nauncu.default\coo kies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.709:C:\Documents and Settings\Prestwood Family\Application Data\Mozilla\Firefox\Profiles\g9nauncu.default\coo kies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.710:C:\Documents and Settings\Prestwood Family\Application Data\Mozilla\Firefox\Profiles\g9nauncu.default\coo kies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.711:C:\Documents and Settings\Prestwood Family\Application Data\Mozilla\Firefox\Profiles\g9nauncu.default\coo kies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.712:C:\Documents and Settings\Prestwood Family\Application Data\Mozilla\Firefox\Profiles\g9nauncu.default\coo kies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.713:C:\Documents and Settings\Prestwood Family\Application Data\Mozilla\Firefox\Profiles\g9nauncu.default\coo kies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.714:C:\Documents and Settings\Prestwood Family\Application Data\Mozilla\Firefox\Profiles\g9nauncu.default\coo kies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.715:C:\Documents and Settings\Prestwood Family\Application Data\Mozilla\Firefox\Profiles\g9nauncu.default\coo kies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.808:C:\Documents and Settings\Prestwood Family\Application Data\Mozilla\Firefox\Profiles\g9nauncu.default\coo kies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.827:C:\Documents and Settings\Prestwood Family\Application Data\Mozilla\Firefox\Profiles\g9nauncu.default\coo kies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.868:C:\Documents and Settings\Prestwood Family\Application Data\Mozilla\Firefox\Profiles\g9nauncu.default\coo kies.txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Prestwood Family\Cookies\prestwood family@ehg-hollywood.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Prestwood Family\Cookies\prestwood family@ehg-hollywoodmedia.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Prestwood Family\Cookies\prestwood family@ehg-meevee.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Prestwood Family\Cookies\prestwood family@ehg-reddoorinteractive.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Prestwood Family\Cookies\prestwood family@hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Prestwood Family\Cookies\prestwood family@hypertracker[1].txt -> TrackingCookie.Hypertracker : Cleaned.
:mozilla.800:C:\Documents and Settings\Prestwood Family\Application Data\Mozilla\Firefox\Profiles\g9nauncu.default\coo kies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.450:C:\Documents and Settings\Prestwood Family\Application Data\Mozilla\Firefox\Profiles\g9nauncu.default\coo kies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.452:C:\Documents and Settings\Prestwood Family\Application Data\Mozilla\Firefox\Profiles\g9nauncu.default\coo kies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.818:C:\Documents and Settings\Prestwood Family\Application Data\Mozilla\Firefox\Profiles\g9nauncu.default\coo kies.txt -> TrackingCookie.Liveperson : Cleaned.
C:\Documents and Settings\Prestwood Family\Cookies\prestwood family@server.iad.liveperson[2].txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.96:C:\Documents and Settings\Prestwood Family\Application Data\Mozilla\Firefox\Profiles\g9nauncu.default\coo kies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.97:C:\Documents and Settings\Prestwood Family\Application Data\Mozilla\Firefox\Profiles\g9nauncu.default\coo kies.txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\Prestwood Family\Cookies\prestwood family@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\Prestwood Family\Cookies\prestwood family@auto.search.msn[1].txt -> TrackingCookie.Msn : Cleaned.
:mozilla.113:C:\Documents and Settings\Prestwood Family\Application Data\Mozilla\Firefox\Profiles\g9nauncu.default\coo kies.txt -> TrackingCookie.Netflame : Cleaned.
:mozilla.114:C:\Documents and Settings\Prestwood Family\Application Data\Mozilla\Firefox\Profiles\g9nauncu.default\coo kies.txt -> TrackingCookie.Netflame : Cleaned.
:mozilla.316:C:\Documents and Settings\Prestwood Family\Application Data\Mozilla\Firefox\Profiles\g9nauncu.default\coo kies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.793:C:\Documents and Settings\Prestwood Family\Application Data\Mozilla\Firefox\Profiles\g9nauncu.default\coo kies.txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Prestwood Family\Cookies\prestwood family@overture[1].txt -> TrackingCookie.Overture : Cleaned.
Betsy89
08-05-2007, 08:55 PM
C:\Documents and Settings\Prestwood Family\Cookies\prestwood family@perf.overture[1].txt -> TrackingCookie.Overture : Cleaned.
:mozilla.330:C:\Documents and Settings\Prestwood Family\Application Data\Mozilla\Firefox\Profiles\g9nauncu.default\coo kies.txt -> TrackingCookie.Paypal : Cleaned.
:mozilla.102:C:\Documents and Settings\Prestwood Family\Application Data\Mozilla\Firefox\Profiles\g9nauncu.default\coo kies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.103:C:\Documents and Settings\Prestwood Family\Application Data\Mozilla\Firefox\Profiles\g9nauncu.default\coo kies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.104:C:\Documents and Settings\Prestwood Family\Application Data\Mozilla\Firefox\Profiles\g9nauncu.default\coo kies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.105:C:\Documents and Settings\Prestwood Family\Application Data\Mozilla\Firefox\Profiles\g9nauncu.default\coo kies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.106:C:\Documents and Settings\Prestwood Family\Application Data\Mozilla\Firefox\Profiles\g9nauncu.default\coo kies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.107:C:\Documents and Settings\Prestwood Family\Application Data\Mozilla\Firefox\Profiles\g9nauncu.default\coo kies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.108:C:\Documents and Settings\Prestwood Family\Application Data\Mozilla\Firefox\Profiles\g9nauncu.default\coo kies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.109:C:\Documents and Settings\Prestwood Family\Application Data\Mozilla\Firefox\Profiles\g9nauncu.default\coo kies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.110:C:\Documents and Settings\Prestwood Family\Application Data\Mozilla\Firefox\Profiles\g9nauncu.default\coo kies.txt -> TrackingCookie.Pointroll : Cleaned.
C:\Documents and Settings\Prestwood Family\Cookies\prestwood family@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.826:C:\Documents and Settings\Prestwood Family\Application Data\Mozilla\Firefox\Profiles\g9nauncu.default\coo kies.txt -> TrackingCookie.Pro-market : Cleaned.
C:\Documents and Settings\Prestwood Family\Cookies\prestwood family@pro-market[2].txt -> TrackingCookie.Pro-market : Cleaned.
:mozilla.447:C:\Documents and Settings\Prestwood Family\Application Data\Mozilla\Firefox\Profiles\g9nauncu.default\coo kies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.448:C:\Documents and Settings\Prestwood Family\Application Data\Mozilla\Firefox\Profiles\g9nauncu.default\coo kies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.449:C:\Documents and Settings\Prestwood Family\Application Data\Mozilla\Firefox\Profiles\g9nauncu.default\coo kies.txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\Prestwood Family\Cookies\prestwood family@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.116:C:\Documents and Settings\Prestwood Family\Application Data\Mozilla\Firefox\Profiles\g9nauncu.default\coo kies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.117:C:\Documents and Settings\Prestwood Family\Application Data\Mozilla\Firefox\Profiles\g9nauncu.default\coo kies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.118:C:\Documents and Settings\Prestwood Family\Application Data\Mozilla\Firefox\Profiles\g9nauncu.default\coo kies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.119:C:\Documents and Settings\Prestwood Family\Application Data\Mozilla\Firefox\Profiles\g9nauncu.default\coo kies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.120:C:\Documents and Settings\Prestwood Family\Application Data\Mozilla\Firefox\Profiles\g9nauncu.default\coo kies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.121:C:\Documents and Settings\Prestwood Family\Application Data\Mozilla\Firefox\Profiles\g9nauncu.default\coo kies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.122:C:\Documents and Settings\Prestwood Family\Application Data\Mozilla\Firefox\Profiles\g9nauncu.default\coo kies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.123:C:\Documents and Settings\Prestwood Family\Application Data\Mozilla\Firefox\Profiles\g9nauncu.default\coo kies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.124:C:\Documents and Settings\Prestwood Family\Application Data\Mozilla\Firefox\Profiles\g9nauncu.default\coo kies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.125:C:\Documents and Settings\Prestwood Family\Application Data\Mozilla\Firefox\Profiles\g9nauncu.default\coo kies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.126:C:\Documents and Settings\Prestwood Family\Application Data\Mozilla\Firefox\Profiles\g9nauncu.default\coo kies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.127:C:\Documents and Settings\Prestwood Family\Application Data\Mozilla\Firefox\Profiles\g9nauncu.default\coo kies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.128:C:\Documents and Settings\Prestwood Family\Application Data\Mozilla\Firefox\Profiles\g9nauncu.default\coo kies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.129:C:\Documents and Settings\Prestwood Family\Application Data\Mozilla\Firefox\Profiles\g9nauncu.default\coo kies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.130:C:\Documents and Settings\Prestwood Family\Application Data\Mozilla\Firefox\Profiles\g9nauncu.default\coo kies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.131:C:\Documents and Settings\Prestwood Family\Application Data\Mozilla\Firefox\Profiles\g9nauncu.default\coo kies.txt -> TrackingCookie.Realmedia : Cleaned.
C:\Documents and Settings\Prestwood Family\Cookies\prestwood family@realmedia[1].txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.369:C:\Documents and Settings\Prestwood Family\Application Data\Mozilla\Firefox\Profiles\g9nauncu.default\coo kies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.370:C:\Documents and Settings\Prestwood Family\Application Data\Mozilla\Firefox\Profiles\g9nauncu.default\coo kies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.371:C:\Documents and Settings\Prestwood Family\Application Data\Mozilla\Firefox\Profiles\g9nauncu.default\coo kies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.381:C:\Documents and Settings\Prestwood Family\Application Data\Mozilla\Firefox\Profiles\g9nauncu.default\coo kies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.382:C:\Documents and Settings\Prestwood Family\Application Data\Mozilla\Firefox\Profiles\g9nauncu.default\coo kies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.383:C:\Documents and Settings\Prestwood Family\Application Data\Mozilla\Firefox\Profiles\g9nauncu.default\coo kies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.384:C:\Documents and Settings\Prestwood Family\Application Data\Mozilla\Firefox\Profiles\g9nauncu.default\coo kies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.385:C:\Documents and Settings\Prestwood Family\Application Data\Mozilla\Firefox\Profiles\g9nauncu.default\coo kies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.386:C:\Documents and Settings\Prestwood Family\Application Data\Mozilla\Firefox\Profiles\g9nauncu.default\coo kies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.387:C:\Documents and Settings\Prestwood Family\Application Data\Mozilla\Firefox\Profiles\g9nauncu.default\coo kies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.388:C:\Documents and Settings\Prestwood Family\Application Data\Mozilla\Firefox\Profiles\g9nauncu.default\coo kies.txt -> TrackingCookie.Reliablestats : Cleaned.
C:\Documents and Settings\Prestwood Family\Cookies\prestwood family@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Cleaned.
C:\Documents and Settings\Prestwood Family\Cookies\prestwood family@revenue[1].txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.136:C:\Documents and Settings\Prestwood Family\Application Data\Mozilla\Firefox\Profiles\g9nauncu.default\coo kies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.137:C:\Documents and Settings\Prestwood Family\Application Data\Mozilla\Firefox\Profiles\g9nauncu.default\coo kies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.138:C:\Documents and Settings\Prestwood Family\Application Data\Mozilla\Firefox\Profiles\g9nauncu.default\coo kies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.139:C:\Documents and Settings\Prestwood Family\Application Data\Mozilla\Firefox\Profiles\g9nauncu.default\coo kies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.140:C:\Documents and Settings\Prestwood Family\Application Data\Mozilla\Firefox\Profiles\g9nauncu.default\coo kies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.141:C:\Documents and Settings\Prestwood Family\Application Data\Mozilla\Firefox\Profiles\g9nauncu.default\coo kies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.142:C:\Documents and Settings\Prestwood Family\Application Data\Mozilla\Firefox\Profiles\g9nauncu.default\coo kies.txt -> TrackingCookie.Revsci : Cleaned.
C:\Documents and Settings\Prestwood Family\Cookies\prestwood family@revsci[1].txt -> TrackingCookie.Revsci : Cleaned.
Betsy89
08-05-2007, 08:56 PM
:mozilla.418:C:\Documents and Settings\Prestwood Family\Application Data\Mozilla\Firefox\Profiles\g9nauncu.default\coo kies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.421:C:\Documents and Settings\Prestwood Family\Application Data\Mozilla\Firefox\Profiles\g9nauncu.default\coo kies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.422:C:\Documents and Settings\Prestwood Family\Application Data\Mozilla\Firefox\Profiles\g9nauncu.default\coo kies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.423:C:\Documents and Settings\Prestwood Family\Application Data\Mozilla\Firefox\Profiles\g9nauncu.default\coo kies.txt -> TrackingCookie.Ru4 : Cleaned.
C:\Documents and Settings\Prestwood Family\Cookies\prestwood family@edge.ru4[1].txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.294:C:\Documents and Settings\Prestwood Family\Application Data\Mozilla\Firefox\Profiles\g9nauncu.default\coo kies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.295:C:\Documents and Settings\Prestwood Family\Application Data\Mozilla\Firefox\Profiles\g9nauncu.default\coo kies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.296:C:\Documents and Settings\Prestwood Family\Application Data\Mozilla\Firefox\Profiles\g9nauncu.default\coo kies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.297:C:\Documents and Settings\Prestwood Family\Application Data\Mozilla\Firefox\Profiles\g9nauncu.default\coo kies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.298:C:\Documents and Settings\Prestwood Family\Application Data\Mozilla\Firefox\Profiles\g9nauncu.default\coo kies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.299:C:\Documents and Settings\Prestwood Family\Application Data\Mozilla\Firefox\Profiles\g9nauncu.default\coo kies.txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\Prestwood Family\Cookies\prestwood family@bs.serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\Prestwood Family\Cookies\prestwood family@serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.552:C:\Documents and Settings\Prestwood Family\Application Data\Mozilla\Firefox\Profiles\g9nauncu.default\coo kies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.553:C:\Documents and Settings\Prestwood Family\Application Data\Mozilla\Firefox\Profiles\g9nauncu.default\coo kies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.554:C:\Documents and Settings\Prestwood Family\Application Data\Mozilla\Firefox\Profiles\g9nauncu.default\coo kies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.555:C:\Documents and Settings\Prestwood Family\Application Data\Mozilla\Firefox\Profiles\g9nauncu.default\coo kies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.556:C:\Documents and Settings\Prestwood Family\Application Data\Mozilla\Firefox\Profiles\g9nauncu.default\coo kies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.557:C:\Documents and Settings\Prestwood Family\Application Data\Mozilla\Firefox\Profiles\g9nauncu.default\coo kies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.675:C:\Documents and Settings\Prestwood Family\Application Data\Mozilla\Firefox\Profiles\g9nauncu.default\coo kies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.676:C:\Documents and Settings\Prestwood Family\Application Data\Mozilla\Firefox\Profiles\g9nauncu.default\coo kies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.677:C:\Documents and Settings\Prestwood Family\Application Data\Mozilla\Firefox\Profiles\g9nauncu.default\coo kies.txt -> TrackingCookie.Specificclick : Cleaned.
C:\Documents and Settings\Prestwood Family\Cookies\prestwood family@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : Cleaned.
C:\Documents and Settings\Prestwood Family\Cookies\prestwood family@specificclick[1].txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.326:C:\Documents and Settings\Prestwood Family\Application Data\Mozilla\Firefox\Profiles\g9nauncu.default\coo kies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.327:C:\Documents and Settings\Prestwood Family\Application Data\Mozilla\Firefox\Profiles\g9nauncu.default\coo kies.txt -> TrackingCookie.Statcounter : Cleaned.
C:\Documents and Settings\Prestwood Family\Cookies\prestwood family@statcounter[2].txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.334:C:\Documents and Settings\Prestwood Family\Application Data\Mozilla\Firefox\Profiles\g9nauncu.default\coo kies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.335:C:\Documents and Settings\Prestwood Family\Application Data\Mozilla\Firefox\Profiles\g9nauncu.default\coo kies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.337:C:\Documents and Settings\Prestwood Family\Application Data\Mozilla\Firefox\Profiles\g9nauncu.default\coo kies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.339:C:\Documents and Settings\Prestwood Family\Application Data\Mozilla\Firefox\Profiles\g9nauncu.default\coo kies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.775:C:\Documents and Settings\Prestwood Family\Application Data\Mozilla\Firefox\Profiles\g9nauncu.default\coo kies.txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Prestwood Family\Cookies\prestwood family@anad.tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Prestwood Family\Cookies\prestwood family@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
Betsy89
08-05-2007, 08:56 PM
C:\Documents and Settings\Prestwood Family\Cookies\prestwood family@login.tracking101[2].txt -> TrackingCookie.Tracking101 : Cleaned.
:mozilla.702:C:\Documents and Settings\Prestwood Family\Application Data\Mozilla\Firefox\Profiles\g9nauncu.default\coo kies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.58:C:\Documents and Settings\Prestwood Family\Application Data\Mozilla\Firefox\Profiles\g9nauncu.default\coo kies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.59:C:\Documents and Settings\Prestwood Family\Application Data\Mozilla\Firefox\Profiles\g9nauncu.default\coo kies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.60:C:\Documents and Settings\Prestwood Family\Application Data\Mozilla\Firefox\Profiles\g9nauncu.default\coo kies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.61:C:\Documents and Settings\Prestwood Family\Application Data\Mozilla\Firefox\Profiles\g9nauncu.default\coo kies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.62:C:\Documents and Settings\Prestwood Family\Application Data\Mozilla\Firefox\Profiles\g9nauncu.default\coo kies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.63:C:\Documents and Settings\Prestwood Family\Application Data\Mozilla\Firefox\Profiles\g9nauncu.default\coo kies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.64:C:\Documents and Settings\Prestwood Family\Application Data\Mozilla\Firefox\Profiles\g9nauncu.default\coo kies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.65:C:\Documents and Settings\Prestwood Family\Application Data\Mozilla\Firefox\Profiles\g9nauncu.default\coo kies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.66:C:\Documents and Settings\Prestwood Family\Application Data\Mozilla\Firefox\Profiles\g9nauncu.default\coo kies.txt -> TrackingCookie.Trafficmp : Cleaned.
C:\Documents and Settings\Prestwood Family\Cookies\prestwood family@trafficmp[1].txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.98:C:\Documents and Settings\Prestwood Family\Application Data\Mozilla\Firefox\Profiles\g9nauncu.default\coo kies.txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\Prestwood Family\Cookies\prestwood family@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\Prestwood Family\Cookies\prestwood family@reduxads.valuead[2].txt -> TrackingCookie.Valuead : Cleaned.
C:\Documents and Settings\Prestwood Family\Cookies\prestwood family@m.webtrends[1].txt -> TrackingCookie.Webtrends : Cleaned.
:mozilla.894:C:\Documents and Settings\Prestwood Family\Application Data\Mozilla\Firefox\Profiles\g9nauncu.default\coo kies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.21:C:\Documents and Settings\Prestwood Family\Application Data\Mozilla\Firefox\Profiles\g9nauncu.default\coo kies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.22:C:\Documents and Settings\Prestwood Family\Application Data\Mozilla\Firefox\Profiles\g9nauncu.default\coo kies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.23:C:\Documents and Settings\Prestwood Family\Application Data\Mozilla\Firefox\Profiles\g9nauncu.default\coo kies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.24:C:\Documents and Settings\Prestwood Family\Application Data\Mozilla\Firefox\Profiles\g9nauncu.default\coo kies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.25:C:\Documents and Settings\Prestwood Family\Application Data\Mozilla\Firefox\Profiles\g9nauncu.default\coo kies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.26:C:\Documents and Settings\Prestwood Family\Application Data\Mozilla\Firefox\Profiles\g9nauncu.default\coo kies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.27:C:\Documents and Settings\Prestwood Family\Application Data\Mozilla\Firefox\Profiles\g9nauncu.default\coo kies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.28:C:\Documents and Settings\Prestwood Family\Application Data\Mozilla\Firefox\Profiles\g9nauncu.default\coo kies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.33:C:\Documents and Settings\Prestwood Family\Application Data\Mozilla\Firefox\Profiles\g9nauncu.default\coo kies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.34:C:\Documents and Settings\Prestwood Family\Application Data\Mozilla\Firefox\Profiles\g9nauncu.default\coo kies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.40:C:\Documents and Settings\Prestwood Family\Application Data\Mozilla\Firefox\Profiles\g9nauncu.default\coo kies.txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Prestwood Family\Cookies\prestwood family@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.502:C:\Documents and Settings\Prestwood Family\Application Data\Mozilla\Firefox\Profiles\g9nauncu.default\coo kies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.503:C:\Documents and Settings\Prestwood Family\Application Data\Mozilla\Firefox\Profiles\g9nauncu.default\coo kies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.504:C:\Documents and Settings\Prestwood Family\Application Data\Mozilla\Firefox\Profiles\g9nauncu.default\coo kies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.505:C:\Documents and Settings\Prestwood Family\Application Data\Mozilla\Firefox\Profiles\g9nauncu.default\coo kies.txt -> TrackingCookie.Zedo : Cleaned.
C:\Documents and Settings\Prestwood Family\Cookies\prestwood family@zedo[1].txt -> TrackingCookie.Zedo : Cleaned.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1024\A0308773.exe -> Trojan.Kolweb.a : Cleaned.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1024\A0308774.sys -> Trojan.Kolweb.a : Cleaned.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1024\A0308775.exe -> Trojan.Kolweb.a : Cleaned.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1024\A0308776.dll -> Trojan.Kolweb.a : Cleaned.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1024\A0308777.sys -> Trojan.Kolweb.a : Cleaned.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1024\A0308767.dll -> Trojan.LuckyBar888.a : Cleaned.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1024\A0308779.vxd -> Trojan.Painwin.a : Cleaned.
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\wintsvcc32 .exe.vir -> Trojan.Small : Cleaned.
C:\QooBox\Quarantine\C\WINDOWS\rau001978.exe.vir -> Trojan.Small : Cleaned.
Betsy89
08-05-2007, 08:57 PM
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1024\A0308768.exe -> Trojan.Small : Cleaned.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1024\A0308769.exe -> Trojan.Small : Cleaned.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1025\A0308921.exe -> Trojan.Small : Cleaned.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1026\A0308948.exe -> Trojan.Small : Cleaned.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1028\A0309123.exe -> Trojan.Small : Cleaned.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1029\A0309187.exe -> Trojan.Small : Cleaned.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1030\A0309214.exe -> Trojan.Small : Cleaned.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1033\A0309241.exe -> Trojan.Small : Cleaned.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1034\A0309248.exe -> Trojan.Small : Cleaned.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1039\A0311355.exe -> Trojan.Small : Cleaned.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1042\A0312266.exe -> Trojan.Small : Cleaned.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1043\A0312276.exe -> Trojan.Small : Cleaned.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1045\A0313291.exe -> Trojan.Small : Cleaned.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1045\A0313329.exe -> Trojan.Small : Cleaned.
::Report end
Betsy89
08-05-2007, 08:58 PM
Logfile of HijackThis v1.99.1
Scan saved at 7:58:16 PM, on 8/5/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Efficient Networks\Tango Manager\app\TangoService.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\EFFICI~1\TANGOM~1\app\TangoManager.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Prestwood Family\Start Menu\Programs\HijackThis\HijackThis.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {306B1E89-F441-F99F-1A64-888DB851D7CF} - C:\WINDOWS\System32\oplzmt.dll (file missing)
O2 - BHO: (no name) - {31651CDA-A646-A89B-1864-888DB8518E9F} - C:\WINDOWS\System32\ycpobc.dll (file missing)
O2 - BHO: (no name) - {37611D8F-F644-F999-1264-888DB851D49C} - C:\WINDOWS\System32\ajozzjj.dll (file missing)
O2 - BHO: (no name) - {4ED3ACBB-4723-1BFF-7A07-3EB60B3DF1C9} - C:\WINDOWS\System32\gzqzgt.dll
O2 - BHO: (no name) - {62374B8D-F646-FD90-1864-888DB851D79B} - C:\WINDOWS\System32\isytjqmw.dll (file missing)
O2 - BHO: (no name) - {6D351C8E-F146-FBCD-1864-888DB851819B} - C:\WINDOWS\System32\edrig.dll (file missing)
O2 - BHO: (no name) - {A293BC78-8970-42E2-984B-DF4A67DA1531} - C:\Program Files\Common Files\hoke83122.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar7.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\sw g.dll
O2 - BHO: 0 - {AFE6CB3B-3058-4086-95B0-DCF93CB48A44} - C:\Program Files\Internet Explorer\lavufa.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar7.dll
O3 - Toolbar: Mirar - {9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\System32\WinNB58.dll (file missing)
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [TangoManager] C:\PROGRA~1\EFFICI~1\TANGOM~1\app\TANGOM~1.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
O4 - HKCU\..\Run: [Dwvpd] C:\WINDOWS\SYSTEM32\?ymantec\wucrtupd.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [Qikhyaqt] "C:\Documents and Settings\Prestwood Family\Application Data\??mantec\javaw.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - [url]http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab[/url]
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - [url]http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab[/url]
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - [url]http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab[/url]
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - [url]http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab[/url]
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - [url]http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab32846.cab[/url]
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - [url]http://upload.facebook.com/controls/FacebookPhotoUploader.cab[/url]
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - [url]http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab[/url]
O16 - DPF: {9A54032D-31F7-400D-B184-83B33BDE65FA} (MSN File Upload Control) - [url]http://sc.groups.msn.com/controls/FileUC/MsnUpld.cab[/url]
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - [url]http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab[/url]
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - [url]http://bmm.imgag.com/imgag/cp/install/crusher-us.cab[/url]
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - [url]http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab[/url]
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - [url]http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab[/url]
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - [url]http://zone.msn.com/binframework/v10/StProxy.cab41227.cab[/url]
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - [url]http://by22fd.bay22.hotmail.msn.com/activex/HMAtchmt.ocx[/url]
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - [url]http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab[/url]
O20 - Winlogon Notify: pmnljif - pmnljif.dll (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Tango Service (TangoService) - Unknown owner - C:\Program Files\Efficient Networks\Tango Manager\app\TangoService.exe
Budfred
08-05-2007, 11:16 PM
You apparently never finished cleaning up from the last time you were infected and are not adequately protected... If I am going to help you beyond this post, I need some assurance that you will take this to the end and set up protection to avoid getting infected again...
As I said last time...
Betsy89
08-06-2007, 12:39 PM
Yes, I actually have time to finish this go round. If you'll suggest something to buy, I'll buy it. I'm pretty focused on getting this fixed.
Budfred
08-07-2007, 01:03 AM
Yes, I actually have time to finish this go round. If you'll suggest something to buy, I'll buy it. I'm pretty focused on getting this fixed.
I very rarely suggest buying anything since most of the protection software you need is available in free versions... I just don't like fixing the same computer several times because the owner of the computer doesn't secure it... While we are working on it, please stay offline as much as possible and avoid installing any programs other than the tools needed to clean it up...
Please download the latest version of ComboFix - it is updated almost daily - and run it again...
Then run this:
Download SDFix (http://downloads.andymanchesta.com/RemovalTools/SDFix.exe) and save it to your Desktop.
Please then reboot your computer in Safe Mode by doing the following :
Restart your computer
Just before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, a menu with options should appear;
Select the first option, to run Windows in Safe Mode, then press "Enter".
Choose your usual account.
In Safe Mode, right click the SDFix.zip folder and choose Extract All,
Open the extracted folder and double click RunThis.bat to start the script.
Type Y to begin the script.
It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
Your system will take longer that normal to restart as the fixtool will be running and removing files.
When the desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons.
Finally open the SDFix folder on your desktop and copy and paste the contents of the results file Report.txt back onto the forum with a new HijackThis log
Post each of the logs when you are finished and let me know how your computer is running...
Betsy89
08-07-2007, 10:31 PM
SDFix: Version 1.96
Run by Prestwood Family on Tue 08/07/2007 at 09:05 PM
Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix
Safe Mode:
Checking Services:
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting...
Normal Mode:
Checking Files:
Trojan Files Found:
C:\WINDOWS\tcb.pmw - Deleted
Removing Temp Files...
ADS Check:
C:\WINDOWS
No streams found.
C:\WINDOWS\system32
No streams found.
C:\WINDOWS\system32\svchost.exe
No streams found.
C:\WINDOWS\system32\ntoskrnl.exe
No streams found.
Final Check:
Remaining Services:
------------------
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\standard profile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\domainpr ofile\authorizedapplications\list]
Remaining Files:
---------------
Backups Folder: - C:\SDFix\backups\backups.zip
Files with Hidden Attributes:
C:\Program Files\Kids Cam Sticker Factory\_Setupx.dll
C:\Program Files\Kids Cam Sticker Factory\Setup.exe
C:\WINDOWS\smncnpiA.exe
C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\lock.tmp
C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch2\lock.tmp
C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch3\lock.tmp
C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch4\lock.tmp
C:\Documents and Settings\Prestwood Family\My Documents\~WRL0240.tmp
C:\Documents and Settings\Prestwood Family\My Documents\~WRL2671.tmp
C:\Documents and Settings\Prestwood Family\My Documents\~WRL3246.tmp
C:\Documents and Settings\Prestwood Family\My Documents\~WRL3527.tmp
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.tmp.LOG
C:\WINDOWS\SYSTEM32\CONFIG\SAM.tmp.LOG
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.tmp.LOG
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.tmp.LOG
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.tmp.LOG
Finished
Betsy89
08-07-2007, 10:32 PM
ComboFix 07-08-07.6 - "Prestwood Family" 2007-08-07 20:19:56.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.1.1252.1.1033.18.13 [GMT -4:00]
* Created a new restore point
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINDOWS\system32\bcrfnkwe.dll
C:\WINDOWS\SYSTEM32\ewknfrcb.ini
C:\WINDOWS\system32\gzqzgt.dll
C:\WINDOWS\SYSTEM32\ixyusurx.ini
C:\WINDOWS\system32\nopjymrx.dll
C:\WINDOWS\SYSTEM32\qkjqvxmu.ini
C:\WINDOWS\SYSTEM32\qvuftqtx.ini
C:\WINDOWS\system32\umxvqjkq.dll
C:\WINDOWS\SYSTEM32\xrmyjpon.ini
C:\WINDOWS\system32\xrusuyxi.dll
C:\WINDOWS\system32\xtqtfuvq.dll
((((((((((((((((((((((((( Files Created from 2007-07-08 to 2007-08-08 )))))))))))))))))))))))))))))))
2007-08-07 19:50 <DIR> d-------- C:\WINDOWS\LastGood.Tmp
2007-08-05 17:22 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-31 22:10 <DIR> d-------- C:\Program Files\Mars
2007-07-31 22:07 118,784 --a------ C:\WINDOWS\SYSTEM32\PTTreeIcons.dll
2007-07-28 15:00 126,016 --a------ C:\WINDOWS\SYSTEM32\eyuqsdqe.dll
2007-07-14 22:52 10,872 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\AvgAsCln.sys
2007-07-11 10:33 796,352 -r-hs---- C:\WINDOWS\smncnpiA.exe
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
2007-07-31 22:08 --------- d-------- C:\Program Files\Kids Cam Sticker Factory
2007-07-13 18:23 --------- d-------- C:\DOCUME~1\PRESTW~1\APPLIC~1\AdobeUM
2007-06-19 12:24 43 --a------ C:\WINDOWS\Pt.dll
2006-07-26 18:36 0 --a------ C:\DOCUME~1\PRESTW~1\APPLIC~1\internaldb41.dat
2005-02-22 22:40 0 ---h----- C:\Program Files\AppUpdate.log
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{306B1E89-F441-F99F-1A64-888DB851D7CF}]
C:\WINDOWS\System32\oplzmt.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{31651CDA-A646-A89B-1864-888DB8518E9F}]
C:\WINDOWS\System32\ycpobc.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{37611D8F-F644-F999-1264-888DB851D49C}]
C:\WINDOWS\System32\ajozzjj.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{62374B8D-F646-FD90-1864-888DB851D79B}]
C:\WINDOWS\System32\isytjqmw.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D351C8E-F146-FBCD-1864-888DB851819B}]
C:\WINDOWS\System32\edrig.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A293BC78-8970-42E2-984B-DF4A67DA1531}]
C:\Program Files\Common Files\hoke83122.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AFE6CB3B-3058-4086-95B0-DCF93CB48A44}]
C:\Program Files\Internet Explorer\lavufa.dll
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}"= C:\WINDOWS\System32\WinNB58.dll [ ]
[HKEY_CLASSES_ROOT\CLSID\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}]
[HKEY_CLASSES_ROOT\TypeLib\{566DEDE9-9ED8-45DA-9BE6-9B2EEAB17F49}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-07-14 22:50]
"TangoManager"="C:\PROGRA~1\EFFICI~1\TANGOM~1\app\TANGOM~1.EXE" [2003-05-06 17:40]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-05-31 23:15]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2004-10-13 16:04]
"IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 21:12]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 05:25]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2007-07-05 09:23]
"Dwvpd"="C:\WINDOWS\SYSTEM32\?ymantec\wucrtupd.exe" []
"MSMSGS"="C:\Program Files\Messenger\MSMSGS.exe" [2004-11-15 17:18]
"Qikhyaqt"="C:\Documents and Settings\Prestwood Family\Application Data\??mantec\javaw.exe" []
C:\Documents and Settings\Prestwood Family\Start Menu\Programs\Startup\
DESKTOP.INI [2002-09-03 10:00:00]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]
DESKTOP.INI [2002-09-03 10:00:00]
Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2004-08-11 03:22:40]
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\system]
"DisableRegistryTools"=0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmnljif]
pmnljif.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\27ES3Fl]
mageftp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\WINDOWS]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\WINDOWS\VCMnet11.exe]
C:\WINDOWS\VCMnet11.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cfgmgr52]
RunDLL32.EXE C:\WINDOWS\cfgmgr52.dll,DllRun
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
"C:\Program Files\Dell Support\DSAgnt.exe" /startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DNS]
C:\Program Files\Common Files\mc-58-12-0000079-d.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gcasServ]
"C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
C:\WINDOWS\System32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
C:\WINDOWS\System32\igfxtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelMeM]
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Jwx2RPJqg]
lprpsspc.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X1100 Series]
"C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lgpthx]
c:\windows\system32\ueheoo.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]
???�?�?�?�????
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\qsnntc]
C:\WINDOWS\System32\qsnntc.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TangoManager]
C:\PROGRA~1\EFFICI~1\TANGOM~1\app\TANGOM~1.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SvcProc"=2 (0x2)
R1 DcCam;Kodak Camera Proxy;C:\WINDOWS\System32\DRIVERS\DcCam.sys
R2 DCFS2K;Kodak DCFS2K Driver;C:\WINDOWS\System32\drivers\dcfs2k.sys
R3 ENDETECT;ENDETECT;\??\C:\PROGRA~1\EFFICI~1\TANGOM~ 1\app\ENDETECT.SYS
R3 ENETNT5;Efficient Networks, tango Access PPPoE WAN Miniport;C:\WINDOWS\System32\DRIVERS\enetnt.sys
R3 IntelC51;IntelC51;C:\WINDOWS\System32\DRIVERS\Inte lC51.sys
R3 IntelC52;IntelC52;C:\WINDOWS\System32\DRIVERS\Inte lC52.sys
R3 IntelC53;IntelC53;C:\WINDOWS\System32\DRIVERS\Inte lC53.sys
R3 mohfilt;mohfilt;C:\WINDOWS\System32\DRIVERS\mohfil t.sys
R3 NTSTPL1;NTSTPL1;\??\C:\PROGRA~1\EFFICI~1\TANGOM~1\ app\NTSTPL1.SYS
R3 RAWESR;RAWESR;\??\C:\PROGRA~1\EFFICI~1\TANGOM~1\ap p\RAWESR.SYS
R3 TAPBIND;TAPBIND;\??\C:\PROGRA~1\EFFICI~1\TANGOM~1\ app\TAPBIND1.SYS
S1 Exportit;Exportit;C:\WINDOWS\System32\DRIVERS\expo rtit.sys
S2 G11AV;Digital Camera - PC Camera;C:\WINDOWS\System32\Drivers\G11av.sys
S3 DcFpoint;DcFpoint;C:\WINDOWS\System32\DRIVERS\DcFp oint.sys
S3 DcLps;Legacy Polling Service;C:\WINDOWS\System32\DRIVERS\DcLps.sys
S3 DcPTP;dcptp;C:\WINDOWS\System32\DRIVERS\DcPTP.sys
S3 hqapyeg.sys;hqapyeg.sys;\??\C:\WINDOWS\System32\hq apyeg.sys
S3 L2XPSR;L2XPSR;\??\C:\PROGRA~1\EFFICI~1\TANGOM~1\ap p\L2XPSR.SYS
S3 MR97310_VGA_DUAL_CAMERA;VGA Dual-Mode Camera;C:\WINDOWS\System32\DRIVERS\mr97310v.sys
S3 USBCamera;Digital Still Image Capture;C:\WINDOWS\System32\Drivers\Bulk533.sys
S3 wanatw;WAN Miniport (ATW);C:\WINDOWS\System32\DRIVERS\wanatw4.sys
Contents of the 'Scheduled Tasks' folder
2007-08-07 04:00:00 C:\WINDOWS\Tasks\McAfee.com Scan for Viruses - My Computer (1) (PRESTWOOD-Prestwood Family).job - c:\program files\mcafee.com\vso\mcmnhdlr.exe
2007-08-08 00:31:44 C:\WINDOWS\Tasks\Symantec NetDetect.job - C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
************************************************** ************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [url]http://www.gmer.net[/url]
Rootkit scan 2007-08-07 20:28:57
Windows 5.1.2600 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
************************************************** ************************
Completion time: 2007-08-07 20:36:09 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-08-07 20:35
C:\ComboFix.2006-08-08.191339.txt ... 2006-08-07 15:43
C:\ComboFix.2006-08-09.134312.txt ... 2006-08-08 19:14
C:\ComboFix2.txt ... 2007-08-05 18:16
C:\ComboFix3.txt ... 2006-08-09 13:43
--- E O F ---
Betsy89
08-07-2007, 10:33 PM
Logfile of HijackThis v1.99.1
Scan saved at 9:29:44 PM, on 8/7/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Efficient Networks\Tango Manager\app\TangoService.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\PROGRA~1\EFFICI~1\TANGOM~1\app\TangoManager.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Documents and Settings\Prestwood Family\Start Menu\Programs\HijackThis\HijackThis.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {306B1E89-F441-F99F-1A64-888DB851D7CF} - C:\WINDOWS\System32\oplzmt.dll (file missing)
O2 - BHO: (no name) - {31651CDA-A646-A89B-1864-888DB8518E9F} - C:\WINDOWS\System32\ycpobc.dll (file missing)
O2 - BHO: (no name) - {37611D8F-F644-F999-1264-888DB851D49C} - C:\WINDOWS\System32\ajozzjj.dll (file missing)
O2 - BHO: (no name) - {62374B8D-F646-FD90-1864-888DB851D79B} - C:\WINDOWS\System32\isytjqmw.dll (file missing)
O2 - BHO: (no name) - {6D351C8E-F146-FBCD-1864-888DB851819B} - C:\WINDOWS\System32\edrig.dll (file missing)
O2 - BHO: (no name) - {A293BC78-8970-42E2-984B-DF4A67DA1531} - C:\Program Files\Common Files\hoke83122.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar7.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\sw g.dll
O2 - BHO: 0 - {AFE6CB3B-3058-4086-95B0-DCF93CB48A44} - C:\Program Files\Internet Explorer\lavufa.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar7.dll
O3 - Toolbar: Mirar - {9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\System32\WinNB58.dll (file missing)
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [TangoManager] C:\PROGRA~1\EFFICI~1\TANGOM~1\app\TANGOM~1.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
O4 - HKCU\..\Run: [Dwvpd] C:\WINDOWS\SYSTEM32\?ymantec\wucrtupd.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [Qikhyaqt] "C:\Documents and Settings\Prestwood Family\Application Data\??mantec\javaw.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - [url]http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab[/url]
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - [url]http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab[/url]
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - [url]http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab[/url]
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - [url]http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab[/url]
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - [url]http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab32846.cab[/url]
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - [url]http://upload.facebook.com/controls/FacebookPhotoUploader.cab[/url]
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - [url]http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab[/url]
O16 - DPF: {9A54032D-31F7-400D-B184-83B33BDE65FA} (MSN File Upload Control) - [url]http://sc.groups.msn.com/controls/FileUC/MsnUpld.cab[/url]
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - [url]http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab[/url]
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - [url]http://bmm.imgag.com/imgag/cp/install/crusher-us.cab[/url]
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - [url]http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab[/url]
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - [url]http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab[/url]
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - [url]http://zone.msn.com/binframework/v10/StProxy.cab41227.cab[/url]
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - [url]http://by22fd.bay22.hotmail.msn.com/activex/HMAtchmt.ocx[/url]
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - [url]http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab[/url]
O20 - Winlogon Notify: pmnljif - pmnljif.dll (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Tango Service (TangoService) - Unknown owner - C:\Program Files\Efficient Networks\Tango Manager\app\TangoService.exe
Betsy89
08-07-2007, 10:35 PM
Mozilla is coming up alot quicker. Sierra and OuterInfo are still on my programs list. I have been cutting off the internet during the day when I'm gone and it seems that no more programs have been downloaded. I can definitely tell a difference. Thank you for your help and thank you for the time you put into this!
Ready for whatever is next...
Budfred
08-07-2007, 11:14 PM
Do a little cleanup in the HJT log and then some more scans... Open a HJT scan and put checks by:
O2 - BHO: (no name) - {306B1E89-F441-F99F-1A64-888DB851D7CF} - C:\WINDOWS\System32\oplzmt.dll (file missing)
O2 - BHO: (no name) - {31651CDA-A646-A89B-1864-888DB8518E9F} - C:\WINDOWS\System32\ycpobc.dll (file missing)
O2 - BHO: (no name) - {37611D8F-F644-F999-1264-888DB851D49C} - C:\WINDOWS\System32\ajozzjj.dll (file missing)
O2 - BHO: (no name) - {62374B8D-F646-FD90-1864-888DB851D79B} - C:\WINDOWS\System32\isytjqmw.dll (file missing)
O2 - BHO: (no name) - {6D351C8E-F146-FBCD-1864-888DB851819B} - C:\WINDOWS\System32\edrig.dll (file missing)
O2 - BHO: (no name) - {A293BC78-8970-42E2-984B-DF4A67DA1531} - C:\Program Files\Common Files\hoke83122.dll (file missing)
O2 - BHO: 0 - {AFE6CB3B-3058-4086-95B0-DCF93CB48A44} - C:\Program Files\Internet Explorer\lavufa.dll (file missing)
O3 - Toolbar: Mirar - {9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\System32\WinNB58.dll (file missing)
O4 - HKCU\..\Run: [Dwvpd] C:\WINDOWS\SYSTEM32\?ymantec\wucrtupd.exe
O4 - HKCU\..\Run: [Qikhyaqt] "C:\Documents and Settings\Prestwood Family\Application Data\??mantec\javaw.exe"
O20 - Winlogon Notify: pmnljif - pmnljif.dll (file missing)
Close all open windows except HJT and press Fix checked...
Find and delete this folder... The ? will be a symbol that looks like a "S", but is not an "S":
C:\WINDOWS\SYSTEM32\?ymantec
Sierra and OuterInfo are still on my programs list. What programs list are you referring to?? If you mean Start, you can simply delete them... If you mean Add or Remove Programs, it is harder to remove them...
Run these scans:
* Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
Doubleclick the drweb-cureit.exe file and Allow to run the express scan
This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
Once the short scan has finished, mark the drives that you want to scan.
Select all drives. A red dot shows which drives have been chosen.
Click the green arrow at the right, and the scan will start.
Click 'Yes to all' if it asks if you want to cure/move the file.
When the scan has finished, look if you can click next icon next to the files found: http://users.telenet.be/bluepatchy/miekiemoes/images/check.gif
If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
http://users.telenet.be/bluepatchy/miekiemoes/images/move.gif
This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
Save the report to your desktop. The report will be called DrWeb.csv
Close Dr.Web Cureit.
Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.
After reboot, post the contents of the log from Dr.Web you saved previously in your next reply.
and..............
* Click here (http://support.f-secure.com/enu/home/ols.shtml) to use the F-Secure Online Scanner
Then click the Start Scanning button below.
You should get a notification (bar on top) to install the activeX. Click on it and select to install the ActiveX.
Once the ActiveX is installed, you should accept the License terms by clicking OK below to start the scan.
In case you are having problems with installing the ActiveX/starting the scan, please read here (http://support.f-secure.com/enu/home/ols-faq.shtml).
Click the Full System Scan button.
It will start to download scanner components and databases. This can take a while.
The main scan will start.
Once the scan finished scanning, click the Automatic cleaning (recommended) button
It could be possible that your firewall gives an alert - allow it, because that's a connection you establish to submit infected files to F-Secure.
The cleaning can take a while, so please be patient.
Then click the Show report button and copy and paste what's present under results in your next reply.
Then reboot and post a fresh HJT log with the other logs... Let me know if you had any problems with the scans and deletion...
Betsy89
08-15-2007, 12:29 AM
I deleted the HJT files but couldn't find C:\WINDOWS\SYSTEM32\?ymantec
Dr. Web CureIt! is running right now. The first scan came up completely clear and the 2nd one is still going. I will post the new logs as soon as they finish.
Budfred
08-15-2007, 01:18 AM
You are going to need to show hidden and system files to find that folder:
In Windows XP, on the taskbar, click Start > My Computer.
On the Tools menu, click Folder Options.
On the View tab, uncheck Hide file extensions for known file types.
Uncheck Hide protected operating system files. It will ask if you are sure and click "Yes"
Then, under the "Hidden files" folder, click Show hidden files and folders.
Click Apply.
Click OK.
Betsy89
08-22-2007, 11:02 AM
WxBug.EXE;C:\Program Files\AIM\Sysfiles;Adware.Aws;Moved.;
OuterinfoUpdate.exe.vir;C:\QooBox\Quarantine\C\Pro gram Files\Outerinfo;Adware.ClickSpring;Moved.;
argkbabj.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\SY STEM32;Trojan.Virtumod;Deleted.;
bcrfnkwe.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\SY STEM32;Trojan.Virtumod;Deleted.;
cepumcxg.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\SY STEM32;Trojan.Virtumod;Deleted.;
cuxiamtu.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\SY STEM32;Trojan.Virtumod;Deleted.;
ewkhmsih.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\SY STEM32;Trojan.Virtumod;Deleted.;
hwmditvx.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\SY STEM32;Trojan.Virtumod;Deleted.;
muehqnhb.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\SY STEM32;Trojan.Virtumod;Deleted.;
nopjymrx.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\SY STEM32;Trojan.Virtumod;Deleted.;
nxoyvwya.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\SY STEM32;Trojan.Virtumod;Deleted.;
obxysufq.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\SY STEM32;Trojan.Virtumod;Deleted.;
pigucwqn.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\SY STEM32;Trojan.Virtumod;Deleted.;
pmkjh.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\SYSTE M32;Trojan.Virtumod;Deleted.;
qkqdqxmq.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\SY STEM32;Trojan.Virtumod;Deleted.;
rhdkvlog.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\SY STEM32;Trojan.Virtumod;Deleted.;
rikkgyrn.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\SY STEM32;Trojan.Virtumod;Deleted.;
tqrjbexa.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\SY STEM32;Trojan.Virtumod;Deleted.;
umxvqjkq.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\SY STEM32;Trojan.Virtumod;Deleted.;
WinNB58.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\SYS TEM32;Adware.Mirarbar;Moved.;
wyxxaujc.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\SY STEM32;Trojan.Virtumod;Deleted.;
xcagsota.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\SY STEM32;Trojan.Virtumod;Deleted.;
xihrhont.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\SY STEM32;Trojan.Virtumod;Deleted.;
xrusuyxi.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\SY STEM32;Trojan.Virtumod;Deleted.;
xtqtfuvq.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\SY STEM32;Trojan.Virtumod;Deleted.;
xtrimxhk.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\SY STEM32;Trojan.Virtumod;Deleted.;
ymsouehu.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\SY STEM32;Trojan.Virtumod;Deleted.;
Process.exe;C:\SDFix\apps;Tool.Prockill;Moved.;
A0306575.dll;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1019;Trojan.Virtumod;Deleted.;
A0306576.dll;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1019;Trojan.Virtumod;Deleted.;
A0307705.dll;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1021;Trojan.Virtumod;Deleted.;
A0307718.dll;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1022;Adware.WebBuying;Moved.;
A0307719.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1022;Adware.WebBuying;Moved.;
A0308824.dll;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1024;Trojan.Virtumod;Deleted.;
A0308928.dll;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1025;Trojan.Virtumod;Deleted.;
A0309108.dll;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1028;Trojan.Virtumod;Deleted.;
A0309109.dll;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1028;Trojan.Virtumod;Deleted.;
A0309197.dll;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1030;Trojan.Virtumod;Deleted.;
A0309225.dll;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1033;Trojan.Virtumod;Deleted.;
A0309226.dll;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1033;Trojan.Virtumod;Deleted.;
A0310223.dll;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1037;Trojan.Virtumod;Deleted.;
A0310224.dll;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1037;Trojan.Virtumod;Deleted.;
A0311223.dll;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1037;Trojan.Virtumod;Deleted.;
A0311249.dll;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1038;Trojan.Virtumod;Deleted.;
A0312250.dll;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1042;Trojan.Virtumod;Deleted.;
A0312252.dll;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1042;Trojan.Virtumod;Deleted.;
A0313249.dll;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1044;Trojan.Virtumod;Deleted.;
A0313250.dll;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1044;Trojan.Virtumod;Deleted.;
A0313292.dll;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1045;Trojan.Virtumod;Deleted.;
A0313293.dll;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1045;Trojan.Virtumod;Deleted.;
A0313294.dll;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1045;Trojan.Virtumod;Deleted.;
A0313295.dll;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1045;Trojan.Virtumod;Deleted.;
A0313296.dll;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1045;Trojan.Virtumod;Deleted.;
A0313297.dll;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1045;Trojan.Virtumod;Deleted.;
A0313298.dll;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1045;Trojan.Virtumod;Deleted.;
A0313299.dll;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1045;Trojan.Virtumod;Deleted.;
A0313300.dll;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1045;Trojan.Virtumod;Deleted.;
A0313301.dll;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1045;Trojan.Virtumod;Deleted.;
A0313302.dll;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1045;Trojan.Virtumod;Deleted.;
A0313303.dll;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1045;Trojan.Virtumod;Deleted.;
A0313304.dll;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1045;Trojan.Virtumod;Deleted.;
A0313305.dll;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1045;Trojan.Virtumod;Deleted.;
A0313306.dll;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1045;Trojan.Virtumod;Deleted.;
A0313307.dll;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1045;Trojan.Virtumod;Deleted.;
A0313308.dll;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1045;Trojan.Virtumod;Deleted.;
A0313309.dll;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1045;Trojan.Virtumod;Deleted.;
A0313310.dll;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1045;Trojan.Virtumod;Deleted.;
A0313326.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1045;Adware.ClickSpring;Moved.;
A0313328.dll;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1045;Adware.Mirarbar;Moved.;
A0313345.dll;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1045;Trojan.Virtumod;Deleted.;
A0314482.dll;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1047;Trojan.Virtumod;Deleted.;
A0314483.dll;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1047;Trojan.Virtumod;Deleted.;
A0314484.dll;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1047;Trojan.Virtumod;Deleted.;
A0314485.dll;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1047;Trojan.Virtumod;Deleted.;
A0314486.dll;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1047;Trojan.Virtumod;Deleted.;
eyuqsdqe.dll;C:\WINDOWS\SYSTEM32;Trojan.Virtumod;D eleted.;
GTDownDE_87.ocx;C:\WINDOWS\SYSTEM32;Adware.Gdown;M oved.;
Process.exe;C:\WINDOWS\SYSTEM32;Tool.Prockill;Move d.;
Betsy89
08-22-2007, 11:06 AM
That was the Dr. Web report file. I have tried running the F-Secure scan all last night and I tried again this morning and everytime it says, "error, (ID:24)" - one time last night it scanned like 15,000 files before it quit and said it found 61 spyware.
I allowed the hidden files to be seen but still can't find that symantec file?
Betsy89
08-22-2007, 11:07 AM
Logfile of HijackThis v1.99.1
Scan saved at 10:06:16 AM, on 8/22/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Efficient Networks\Tango Manager\app\TangoService.exe
C:\PROGRA~1\EFFICI~1\TANGOM~1\app\TangoManager.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE
C:\Documents and Settings\Prestwood Family\Start Menu\Programs\HijackThis\HijackThis.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar7.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\sw g.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar7.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [TangoManager] C:\PROGRA~1\EFFICI~1\TANGOM~1\app\TANGOM~1.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - [url]http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab[/url]
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - [url]http://support.f-secure.com/ols/fscax.cab[/url]
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - [url]http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab[/url]
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - [url]http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab[/url]
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - [url]http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab[/url]
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - [url]http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab32846.cab[/url]
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - [url]http://upload.facebook.com/controls/FacebookPhotoUploader.cab[/url]
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - [url]http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab[/url]
O16 - DPF: {9A54032D-31F7-400D-B184-83B33BDE65FA} (MSN File Upload Control) - [url]http://sc.groups.msn.com/controls/FileUC/MsnUpld.cab[/url]
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - [url]http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab[/url]
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - [url]http://bmm.imgag.com/imgag/cp/install/crusher-us.cab[/url]
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - [url]http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab[/url]
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - [url]http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab[/url]
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - [url]http://zone.msn.com/binframework/v10/StProxy.cab41227.cab[/url]
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - [url]http://by22fd.bay22.hotmail.msn.com/activex/HMAtchmt.ocx[/url]
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - [url]http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab[/url]
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Tango Service (TangoService) - Unknown owner - C:\Program Files\Efficient Networks\Tango Manager\app\TangoService.exe
Budfred
08-22-2007, 09:33 PM
Ok... If you can't get F-Secure to work, please do this:
Try running an MWavScan... It will produce a log in the lower window that has the bad list and you will need to use Ctrl-C to copy it and then paste it here for review.... If the list is extremely long, you can just paste the lines that begin with the word "File" since those are the ones we need to be most concerned about...
DO NOT post the upper window which contains everything that was scanned...
http://www.mwti.net/products/mwav/mwav.asp
It will suggest that you buy the product to fix what it finds, but that is not necessary... Just post the bad part of the scan and we will deal with it...
Betsy89
08-25-2007, 11:47 AM
This is the MWav scan...hope you're having a good morning.
File C:\Documents and Settings\Prestwood Family\Desktop\Betsy!\SmitfraudFix.exe//PE_Patch.UPX/SmitfraudFix\Reboot.exe tagged as "not-a-virus:RiskTool.Win32.Reboot.f". Action Taken: No Action Taken.
Object "minibug Adware" found in File System! Action Taken: No Action Taken.
Object "nn_bar Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "nn_bar Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "mirar Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "nn_bar Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "nn_bar Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "nn_bar Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "nn_bar Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "dope wars Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "gain.gator Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "websearch Toolbar" found in File System! Action Taken: No Action Taken.
Object "qabar Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "bookedspace Adware" found in File System! Action Taken: No Action Taken.
Object "perfwo Trojan" found in File System! Action Taken: No Action Taken.
Object "wareout Adware" found in File System! Action Taken: No Action Taken.
Object "bookedspace Adware" found in File System! Action Taken: No Action Taken.
Object "adrotator Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "trojan-downloader.bat.ftp.ab Trojan-Downloader" found in File System! Action Taken: No Action Taken.
Object "trojan-downloader.bat.ftp.ab Trojan-Downloader" found in File System! Action Taken: No Action Taken.
Object "smitfraud Browser Hijacker" found in File System! Action Taken: No Action Taken.
Object "broadcastpc Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "dope wars Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "dope wars Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "spypal Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "medload Browser Hijacker" found in File System! Action Taken: No Action Taken.
Object "medload Browser Hijacker" found in File System! Action Taken: No Action Taken.
Entry "HKCR\CoachDM.WebCoachDownload" refers to invalid object "{E04EAE82-14AD-41CB-BF5A-45556ABB8347}". Action Taken: No Action Taken.
Entry "HKCR\CoachDM.WebCoachDownload.1" refers to invalid object "{E04EAE82-14AD-41CB-BF5A-45556ABB8347}". Action Taken: No Action Taken.
Entry "HKCR\ComPlusMetaData.MsCorHost" refers to invalid object "{727CDF4F-3BA0-11D3-8738-00C04F79ED0D}". Action Taken: No Action Taken.
Entry "HKCR\ComPlusMetaData.MsCorHost.2" refers to invalid object "{727CDF4F-3BA0-11D3-8738-00C04F79ED0D}". Action Taken: No Action Taken.
Entry "HKCR\LREGameLoader2.LREGameLoaderCtrl" refers to invalid object "{AB1AB4F8-C30F-4FB4-A030-1C9F5513831F}". Action Taken: No Action Taken.
Entry "HKCR\LREGameLoader2.LREGameLoaderCtrl.1" refers to invalid object "{AB1AB4F8-C30F-4FB4-A030-1C9F5513831F}". Action Taken: No Action Taken.
Entry "HKCR\MailFileAtt" refers to invalid object "{00020D05-0000-0000-C000-000000000046}". Action Taken: No Action Taken.
Entry "HKCR\mapifvbx.object" refers to invalid object "{41116C00-8B90-101B-96CD-00AA003B14FC}". Action Taken: No Action Taken.
Betsy89
08-25-2007, 11:48 AM
Entry "HKCR\mapifvbx.object.1" refers to invalid object "{41116C00-8B90-101B-96CD-00AA003B14FC}". Action Taken: No Action Taken.
Entry "HKCR\MsnPhotoUpload.PhotoUploadCtl" refers to invalid object "{4F1E5B1A-2A80-42ca-8532-2D05CB959537}". Action Taken: No Action Taken.
Entry "HKCR\MsnPhotoUpload.PhotoUploadCtl.1" refers to invalid object "{4F1E5B1A-2A80-42ca-8532-2D05CB959537}". Action Taken: No Action Taken.
Entry "HKCR\Plenoptic.Plenoptic" refers to invalid object "{607C27E9-AB27-11d3-A116-A0EA50C10801}". Action Taken: No Action Taken.
Entry "HKCR\Plenoptic.Plenoptic.1" refers to invalid object "{607C27E9-AB27-11d3-A116-A0EA50C10801}". Action Taken: No Action Taken.
Entry "HKCR\pool.DocHostUIHandler" refers to invalid object "{3F2BBC05-40DF-11D2-9455-00104BC936FF}". Action Taken: No Action Taken.
Entry "HKCR\SymWriter.pdb" refers to invalid object "{520DC67A-752E-11D3-8D56-00C04F680B2B}". Action Taken: No Action Taken.
Entry "HKCR\WinCtlAdX.Installer" refers to invalid object "{15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6}". Action Taken: No Action Taken.
Entry "HKCR\WMPPublsihCntr.WMPPublsihCntr" refers to invalid object "{939438A9-CF0F-44d8-9140-599736F0D3A2}". Action Taken: No Action Taken.
Entry "HKCR\WMPPublsihCntr.WMPPublsihCntr.1" refers to invalid object "{939438A9-CF0F-44d8-9140-599736F0D3A2}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Mod uleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\amm06.ocx". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Mod uleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\axofupld.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Mod uleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\Banksht2.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Mod uleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\bitdefender.ocx". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Mod uleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\Chess.ocx". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Mod uleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\CLOActiveXInstallerProj1.ocx". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Mod uleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\CONFLICT.1\popcaploader.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Mod uleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\CONFLICT.2\MsnPUpld.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Mod uleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\GrooveAX.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Mod uleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\hrtbeat.ocx". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Mod uleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\ICSScan.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Mod uleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\ipixx.ocx". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Mod uleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\MediaGatewayX.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Mod uleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\miniclipGameLoader.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Mod uleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\mjolauncher.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Mod uleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\MsnInstC.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Mod uleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\MsnMessengerSetupDownloader.ocx". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Mod uleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\pandaonline.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Mod uleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\popcaploader.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Mod uleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\Preloader.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Mod uleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\ReflexiveWebGameLoader.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Mod uleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program
Betsy89
08-25-2007, 11:49 AM
Files\solitaireshowdown.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Mod uleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\SproutWebLauncher.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Mod uleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\StagingUI.ocx". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Mod uleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\ttinst.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Mod uleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\Upwords.ocx". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Mod uleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\USDR6_0001_D08M0404NetInstaller.exe". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Mod uleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\WinCtlAdX.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Mod uleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\WoF.ocx". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Mod uleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\ZAxRcMgr.ocx". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Mod uleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\ZPAChat.ocx". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Mod uleUsage" refers to invalid object "C:\WINDOWS\System32\ACNePlayer.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Mod uleUsage" refers to invalid object "C:\WINDOWS\System32\LegitCheckControl.DLL". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Mod uleUsage" refers to invalid object "C:\WINDOWS\System32\safe.tlb". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Mod uleUsage" refers to invalid object "C:\WINDOWS\System32\WinATS.dll". Action Taken: No Action Taken.
Entry "HKCU\Software\Netscape\Netscape Navigator\User Trusted External Applications" refers to invalid object "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmjblaunch.exe". Action Taken: No Action Taken.
Entry "HKCU\Software\Netscape\Netscape Navigator\User Trusted External Applications" refers to invalid object "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmfwlaunch.exe". Action Taken: No Action Taken.
Entry "HKCU\Software\Netscape\Netscape Navigator\User Trusted External Applications" refers to invalid object "C:\Program Files\Kodak\Kodak Software Updater\7288971\6.3.2.62-7288971L\Program\PrvCnt.exe". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Sha redDlls" refers to invalid object "C:\DOCUME~1\PRESTW~1\LOCALS~1\Temp\_ISTMP2.DIR\_IS TMP0.DIR\FileGrp\Dext533.ax". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Sha redDlls" refers to invalid object "C:\DOCUME~1\PRESTW~1\LOCALS~1\Temp\_ISTMP2.DIR\_IS TMP0.DIR\FileGrp\Sp5x_32.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Sha redDlls" refers to invalid object "C:\DOCUME~1\PRESTW~1\LOCALS~1\Temp\_ISTMP2.DIR\_IS TMP0.DIR\FileGrp\System32\Drivers\Bulk533.sys". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Sha redDlls" refers to invalid object "C:\DOCUME~1\PRESTW~1\LOCALS~1\Temp\_ISTMP2.DIR\_IS TMP0.DIR\FileGrp\System32\Drivers\G11AV.SYS". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Sha redDlls" refers to invalid object "C:\WINDOWS\Downloaded Program Files\GrooveAX.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Sha redDlls" refers to invalid object "C:\WINDOWS\Downloaded Program Files\solitaireshowdown.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Sha redDlls" refers to invalid object "C:\WINDOWS\Downloaded Program Files\ZAxRcMgr.ocx". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Sha redDlls" refers to invalid object "C:\WINDOWS\Downloaded Program Files\WoF.ocx". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Sha redDlls" refers to invalid object "C:\WINDOWS\Downloaded Program Files\actsetup.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Sha redDlls" refers to invalid object "C:\WINDOWS\System32\ACNePlayer.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Sha redDlls" refers to invalid object "C:\WINDOWS\Downloaded Program Files\ttinst.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Sha redDlls" refers to invalid object "C:\WINDOWS\Downloaded Program Files\hrtbeat.ocx". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Sha redDlls" refers to invalid object "C:\WINDOWS\Downloaded Program Files\ReflexiveWebGameLoader.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Sha redDlls" refers to invalid object "C:\WINDOWS\Downloaded Program Files\popcaploader.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Sha redDlls" refers to invalid object "C:\WINDOWS\Downloaded Program Files\Preloader.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Sha redDlls" refers to invalid object "C:\WINDOWS\Downloaded Program Files\bitdefender.ocx". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Sha redDlls" refers to invalid object "C:\WINDOWS\Downloaded Program Files\WinCtlAdX.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Sha redDlls" refers to invalid object "C:\WINDOWS\Downloaded Program Files\MsnMessengerSetupDownloader.ocx". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Sha redDlls" refers to invalid object "C:\WINDOWS\Downloaded Program Files\axofupld.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Sha redDlls" refers to invalid object "C:\WINDOWS\Downloaded Program Files\ipixx.ocx". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Sha redDlls" refers to invalid object "C:\WINDOWS\Downloaded Program Files\Banksht2.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Sha redDlls" refers to invalid object "C:\Program Files\Common Files\Real\Update_OB\realsched.exe". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Sha redDlls" refers to invalid object "C:\WINDOWS\Downloaded Program Files\Chess.ocx". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Sha redDlls" refers to invalid object "C:\WINDOWS\System32\LegitCheckControl.DLL". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Sha redDlls" refers to invalid object "C:\WINDOWS\Downloaded Program Files\SproutWebLauncher.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Sha redDlls" refers to invalid object "C:\WINDOWS\Downloaded Program Files\CONFLICT.2\MsnPUpld.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Sha redDlls" refers to invalid object "C:\WINDOWS\Downloaded Program Files\pandaonline.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Sha redDlls" refers to invalid object "C:\WINDOWS\Downloaded Program Files\CONFLICT.1\popcaploader.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Sha redDlls" refers to invalid object "C:\WINDOWS\Downloaded Program Files\Upwords.ocx". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Sha redDlls" refers to invalid object "C:\WINDOWS\Downloaded Program Files\CLOActiveXInstallerProj1.ocx". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Sha redDlls" refers to invalid object "C:\WINDOWS\Downloaded Program Files\ZPAChat.ocx". Action Taken: No Action Taken.
Betsy89
08-25-2007, 11:49 AM
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Sha redDlls" refers to invalid object "C:\WINDOWS\Downloaded Program Files\StagingUI.ocx". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Sha redDlls" refers to invalid object "C:\WINDOWS\Downloaded Program Files\mjolauncher.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Sha redDlls" refers to invalid object "C:\WINDOWS\Downloaded Program Files\miniclipGameLoader.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Sha redDlls" refers to invalid object "C:\WINDOWS\Downloaded Program Files\MsnInstC.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Sha redDlls" refers to invalid object "C:\WINDOWS\Downloaded Program Files\ICSScan.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Sha redDlls" refers to invalid object "C:\WINDOWS\Downloaded Program Files\MediaGatewayX.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Sha redDlls" refers to invalid object "C:\WINDOWS\System32\safe.tlb". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Sha redDlls" refers to invalid object "C:\WINDOWS\Downloaded Program Files\amm06.ocx". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Sha redDlls" refers to invalid object "C:\WINDOWS\Downloaded Program Files\USDR6_0001_D08M0404NetInstaller.exe". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Sha redDlls" refers to invalid object "C:\WINDOWS\System32\WinATS.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Ins taller\Folders" refers to invalid object "C:\Documents and Settings\Owner\Favorites\Financial Links\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Ins taller\Folders" refers to invalid object "c:\Program Files\Dell\Support\bin\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Ins taller\Folders" refers to invalid object "c:\Program Files\Dell\Support\Alert\bin\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Ins taller\Folders" refers to invalid object "c:\Program Files\Dell\Support\Alert\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Ins taller\Folders" refers to invalid object "c:\Documents and Settings\All Users\Application Data\Dell\DSLogDB\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Ins taller\Folders" refers to invalid object "c:\Documents and Settings\All Users\Application Data\Dell\Support\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Ins taller\Folders" refers to invalid object "c:\Documents and Settings\All Users\Application Data\Dell\Alert\0\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Ins taller\Folders" refers to invalid object "c:\Documents and Settings\All Users\Application Data\Dell\Alert\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Ins taller\Folders" refers to invalid object "C:\Documents and Settings\Owner\Application Data\Jasc Software Inc\Paint Shop Pro 8\Cache\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Ins taller\Folders" refers to invalid object "C:\Documents and Settings\Owner\Application Data\Jasc Software Inc\Paint Shop Pro 8\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Ins taller\Folders" refers to invalid object "C:\Documents and Settings\Owner\Application Data\Jasc Software Inc\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Ins taller\Folders" refers to invalid object "C:\Documents and Settings\Owner\My Documents\My PSP8 Files\Scripts-Restricted\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Ins taller\Folders" refers to invalid object "C:\Program Files\Your Company Name\Your Product Name\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Ins taller\Folders" refers to invalid object "C:\Program Files\Your Company Name\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Ins taller\Folders" refers to invalid object "C:\Program Files\Adobe\Acrobat 6.0\Reader\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Ins taller\Folders" refers to invalid object "C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Ins taller\Folders" refers to invalid object "C:\Program Files\Norton SystemWorks\Norton AntiVirus\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Ins taller\Folders" refers to invalid object "C:\Program Files\Common Files\Symantec Shared\Script Blocking\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Ins taller\Folders" refers to invalid object "C:\Program Files\Ringtone Ripper\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Ins taller\Folders" refers to invalid object "C:\Program Files\Ringtone Ripper\CurrentVersion\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Ins taller\Folders" refers to invalid object "C:\Documents and Settings\Betsy!\Local Settings\Application Data\Microsoft\OFFICE\". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts" refers to invalid object ".". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts" refers to invalid object ".89P". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts" refers to invalid object ".ABK". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts" refers to invalid object ".amys". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts" refers to invalid object ".exe_tobedeleted". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts" refers to invalid object ".FIL". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts" refers to invalid object ".ht_". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts" refers to invalid object ".MCO". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts" refers to invalid object ".ogg". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts" refers to invalid object ".pf". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts" refers to invalid object ".sav". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts" refers to invalid object ".SV4". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts" refers to invalid object ".SV5". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts" refers to invalid object ".TMP". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts" refers to invalid object ".wps". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts" refers to invalid object ".{PB". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "bridge". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Dope Wars 2.2 for Windows". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App
Betsy89
08-25-2007, 11:50 AM
Management\ARPCache" refers to invalid object "Icons". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "ieupdate". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Mozilla Firefox (2.0.0.1)". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Mozilla Firefox (2.0.0.2)". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Mozilla Firefox (2.0.0.3)". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Mozilla Firefox (2.0.0.4)". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "OfotoEZUpload". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "WAFAIE". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{11B569C2-4BF6-4ED0-9D17-A4273943CB24}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{3EE9EB18-62AD-4F68-AD11-2DF358CBDCA2}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{43C3D832-AC96-463A-8FE4-1B8D1BFA2FAS}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{43FCA273-9534-40DB-B7C5-D7758875616A}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{8C64E145-54BA-11D6-91B1-00500462BE80}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{ABEB838C-A1A7-4C5D-B7E1-8B4314600133}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{ABEB838C-A1A7-4C5D-B7E1-8B4314600137}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{ABEB838C-A1A7-4C5D-B7E1-8B4314600205}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{ABEB838C-A1A7-4C5D-B7E1-8B4314600813}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{AC76BA86-7AD7-1033-7B44-A00000000001}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{AC76BA86-7AD7-1033-7B44-A70000000000}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{AC76BA86-7AD7-1033-7B44-A70500000002}". Action Taken: No Action Taken.
File C:\WINDOWS\smncnpiA.exe//PE_Patch//TeLock infected by "Trojan-Downloader.Win32.VB.ang" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\1setup.exe//data0006 infected by "Trojan-Downloader.Win32.Adload.a" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\msfdje.gif//PE_Patch//TeLock tagged as "not-a-virus:AdWare.Win32.ClientMan". Action Taken: No Action Taken.
File C:\WINDOWS\System32\msglji.gif//PE_Patch//TeLock tagged as "not-a-virus:AdWare.Win32.SearchAssistant.d". Action Taken: No Action Taken.
File C:\WINDOWS\System32\mshon.dll//PE_Patch//TeLock tagged as "not-a-virus:AdWare.Win32.ClientMan". Action Taken: No Action Taken.
Budfred
08-25-2007, 03:05 PM
Looks like a few more to clean up, but nothing too bad... Please do the following... Please download a new copy of ComboFix since it has been updated a number of times since you first used it:
Open notepad and copy/paste the text in the quotebox below into it:
File::
C:\WINDOWS\smncnpiA.exe
C:\WINDOWS\System32\1setup.exe
C:\WINDOWS\System32\msfdje.gif
C:\WINDOWS\System32\msglji.gif
C:\WINDOWS\System32\mshon.dll
Save this as ComboFix-Do.txt
http://img.photobucket.com/albums/v666/sUBs/Combo-Do.gif
Referring to the picture above, drag ComboFix-Do.txt into ComboFix.exe
ComboFix will run and produce a new log... Please post that in your reply... Let me know how your computer is running...
Betsy89
09-10-2007, 11:06 AM
I just tried to run the combofix and a window came up saying, "Were you trying to run the CFScript? If so, it's incorrectly spelled." Combofix quit running. I'm pretty sure I followed all of your instructions.
Budfred
09-10-2007, 08:38 PM
Yes, it has been renamed, so please rename the file: CFScript.txt...
Also, please download a fresh copy of ComboFix before you do anything since it has been updated a number of times since you were last here...
Betsy89
09-10-2007, 11:01 PM
I downloaded a new copy, ran it with the updated file name, and it went through a series of creating a back up point and doing something to the registry and then on the blue command screen it was saying, "completed stage #" and it got through with 1-25 and then it quit. It didn't save a log or ask if I wanted to.
The computer is, however, performing better. I'm not home on this one too much but I have been today and it's been going a lot faster.
Budfred
09-11-2007, 12:24 AM
How long did you let it run and were you doing anything else on the computer while it was running??
Either way, please post a HJT log and run a new ComboFix log so I can see if you got it all...
vBulletin v3.6.1, Copyright ©2000-2012, Jelsoft Enterprises Ltd.