infected with downloader.nyn and other malware

Need a geek? Geeks to Go offers free, quality tech support -- in terms anyone can understand. Volunteers are waiting to help, friendly, technology experts who have knowledge to share, and enjoy helping others. Feel free to browse the site as a guest. However, you must log in to reply to existing topics, or to start a new topic of your own. Other benefits of joining include richer forum features, and removal of all advertising. Learn more in our Welcome Guide Infected? Malware and Spyware Cleaning Guide. What are you waiting for? Click here to join for free today!

> Geeks to Go! » Security » Virus, Spyware and Trojan Removal

infected with downloader.nyn and other malware, infected with downloader.nyn and need help

Options

llith View Member Profile	Apr 26 2007, 09:18 PM Post #1
New Member Posts: 8 OS: windows98	I've been through so many scans in the past couple days that I'm not quite sure where to begin. Initially my Mcafee virusscan popped up Winfixer which I wasn't able to remove. Hijack this produced errorprotector.com, errorsafe.com, systemdoctor.com and winantivirus.com. I removed these entries. At this point, I realized I had no clue of what I was doing, and decided to follow the instructions posted on this forum in an attempt to finally get my system clean. Here is my most recent Hijack This log: Logfile of HijackThis v1.99.1 Scan saved at 10:15:51 PM, on 26/04/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16414) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\system32\CTsvcCDA.EXE C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe c:\program files\mcafee.com\agent\mcdetect.exe c:\PROGRA~1\mcafee.com\vso\mcshield.exe c:\PROGRA~1\mcafee.com\agent\mctskshd.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe C:\WINDOWS\system32\Rundll32.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\McAfee.com\VSO\mcvsshld.exe C:\Program Files\McAfee.com\VSO\oasclnt.exe c:\progra~1\mcafee.com\vso\mcvsescn.exe C:\Program Files\Microsoft IntelliType Pro\itype.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\WinRAR\WinRAR.exe C:\DOCUME~1\LAURI-~1\LOCALS~1\Temp\Rar$EX00.563\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file) O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file) O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe /r O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe" O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe" O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Digital Line Detect.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Trend Micro ActiveX Scan Agent 6.5) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe Here is my AVG Report: --------------------------------------------------------- AVG Anti-Spyware - Scan Report --------------------------------------------------------- + Created at: 7:26:31 PM 26/04/2007 + Scan result: C:\Documents and Settings\LAR\My Documents\Download.Accelerator.Plus.Ver.8.0.4.4.Premium-By.TXT.rar/Download.Accelerator.Plus.Ver.8.0.4.4.Premium-By.TXT\Patch\DAP.Activation.Patch.exe -> Backdoor.PcClient.gv : Cleaned. C:\Program Files\DAP\DAP.Activation.Patch.exe -> Backdoor.PcClient.gv : Cleaned. C:\temp\dap\Download.Accelerator.Plus.Ver.8.0.4.4.Premium-By.TXT\Patch\DAP.Activation.Patch.exe -> Backdoor.PcClient.gv : Cleaned. C:\Documents and Settings\LAR\Local Settings\Temp\wr-1-2000219.exe -> Downloader.Agent.bls : Cleaned. C:\WINDOWS\retadpu2000219.exe -> Downloader.Agent.bls : Cleaned. :mozilla.151:C:\Documents and Settings\LAR\Application Data\Mozilla\Firefox\Profiles\6kh8neev.Default User\cookies.txt -> TrackingCookie.247realmedia : Cleaned. :mozilla.152:C:\Documents and Settings\LAR\Application Data\Mozilla\Firefox\Profiles\6kh8neev.Default User\cookies.txt -> TrackingCookie.247realmedia : Cleaned. :mozilla.6:C:\Documents and Settings\LAR\Application Data\Mozilla\Firefox\Profiles\8ceoxkcq.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned. :mozilla.10:C:\Documents and Settings\LAR\Application Data\Mozilla\Firefox\Profiles\8ceoxkcq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.113:C:\Documents and Settings\LAR\Application Data\Mozilla\Firefox\Profiles\8ceoxkcq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.11:C:\Documents and Settings\LAR\Application Data\Mozilla\Firefox\Profiles\8ceoxkcq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.12:C:\Documents and Settings\LAR\Application Data\Mozilla\Firefox\Profiles\8ceoxkcq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.153:C:\Documents and Settings\LAR\Application Data\Mozilla\Firefox\Profiles\6kh8neev.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.154:C:\Documents and Settings\LAR\Application Data\Mozilla\Firefox\Profiles\6kh8neev.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.155:C:\Documents and Settings\LAR\Application Data\Mozilla\Firefox\Profiles\6kh8neev.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.156:C:\Documents and Settings\LAR\Application Data\Mozilla\Firefox\Profiles\6kh8neev.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.157:C:\Documents and Settings\LAR\Application Data\Mozilla\Firefox\Profiles\6kh8neev.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.158:C:\Documents and Settings\LAR\Application Data\Mozilla\Firefox\Profiles\6kh8neev.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.159:C:\Documents and Settings\LAR\Application Data\Mozilla\Firefox\Profiles\6kh8neev.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.160:C:\Documents and Settings\LAR\Application Data\Mozilla\Firefox\Profiles\6kh8neev.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.161:C:\Documents and Settings\LAR\Application Data\Mozilla\Firefox\Profiles\6kh8neev.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.162:C:\Documents and Settings\LAR\Application Data\Mozilla\Firefox\Profiles\6kh8neev.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.163:C:\Documents and Settings\LAR\Application Data\Mozilla\Firefox\Profiles\6kh8neev.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.164:C:\Documents and Settings\LAR\Application Data\Mozilla\Firefox\Profiles\6kh8neev.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.165:C:\Documents and Settings\LAR\Application Data\Mozilla\Firefox\Profiles\6kh8neev.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.166:C:\Documents and Settings\LAR\Application Data\Mozilla\Firefox\Profiles\6kh8neev.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.167:C:\Documents and Settings\LAR\Application Data\Mozilla\Firefox\Profiles\6kh8neev.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.168:C:\Documents and Settings\LAR\Application Data\Mozilla\Firefox\Profiles\6kh8neev.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.169:C:\Documents and Settings\LAR\Application Data\Mozilla\Firefox\Profiles\6kh8neev.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.170:C:\Documents and Settings\LAR\Application Data\Mozilla\Firefox\Profiles\6kh8neev.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.171:C:\Documents and Settings\LAR\Application Data\Mozilla\Firefox\Profiles\6kh8neev.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.172:C:\Documents and Settings\LAR\Application Data\Mozilla\Firefox\Profiles\6kh8neev.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.173:C:\Documents and Settings\LAR\Application Data\Mozilla\Firefox\Profiles\6kh8neev.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.281:C:\Documents and Settings\LAR\Application Data\Mozilla\Firefox\Profiles\6kh8neev.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.283:C:\Documents and Settings\LAR\Application Data\Mozilla\Firefox\Profiles\6kh8neev.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.293:C:\Documents and Settings\LAR\Application Data\Mozilla\Firefox\Profiles\6kh8neev.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.375:C:\Documents and Settings\LAR\Application Data\Mozilla\Firefox\Profiles\6kh8neev.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.411:C:\Documents and Settings\LAR\Application Data\Mozilla\Firefox\Profiles\6kh8neev.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.587:C:\Documents and Settings\LAR\Application Data\Mozilla\Firefox\Profiles\6kh8neev.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.634:C:\Documents and Settings\LAR\Application Data\Mozilla\Firefox\Profiles\6kh8neev.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.717:C:\Documents and Settings\LAR\Application Data\Mozilla\Firefox\Profiles\6kh8neev.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.783:C:\Documents and Settings\LAR\Application Data\Mozilla\Firefox\Profiles\6kh8neev.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.7:C:\Documents and Settings\LAR\Application Data\Mozilla\Firefox\Profiles\8ceoxkcq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.821:C:\Documents and Settings\LAR\Application Data\Mozilla\Firefox\Profiles\6kh8neev.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.848:C:\Documents and Settings\LAR\Application Data\Mozilla\Firefox\Profiles\6kh8neev.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.867:C:\Documents and Settings\LAR\Application Data\Mozilla\Firefox\Profiles\6kh8neev.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.890:C:\Documents and Settings\LAR\Application Data\Mozilla\Firefox\Profiles\6kh8neev.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.8:C:\Documents and Settings\LAR\Application Data\Mozilla\Firefox\Profiles\8ceoxkcq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.910:C:\Documents and Settings\LAR\Application Data\Mozilla\Firefox\Profiles\6kh8neev.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.9:C:\Documents and Settings\LAR\Application Data\Mozilla\Firefox\Profiles\8ceoxkcq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.16:C:\Documents and Settings\LAR\Application Data\Mozilla\Firefox\Profiles\6kh8neev.Default User\cookies.txt -> TrackingCookie.Adbrite : Cleaned. :mozilla.17:C:\Documents and Settings\LAR\Application Data\Mozilla\Firefox\Profiles\6kh8neev.Default User\cookies.txt -> TrackingCookie.Adbrite : Cleaned. :mozilla.18:C:\Documents and Settings\LAR\Application Data\Mozilla\Firefox\Profiles\6kh8neev.Default User\cookies.txt -> TrackingCookie.Adbrite : Cleaned. :mozilla.21:C:\Documents and Settings\LAR\Application Data\Mozilla\Firefox\Profiles\6kh8neev.Default User\cookies.txt -> TrackingCookie.Adbrite : Cleaned. :mozilla.227:C:\Documents and Settings\LAR\Application Data\Mozilla\Firefox\Profiles\8ceoxkcq.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned. :mozilla.789:C:\Documents and Settings\LAR\Application Data\Mozilla\Firefox\Profiles\6kh8neev.Default User\cookies.txt -> TrackingCookie.Adrevolver : Cleaned. :mozilla.469:C:\Documents and Settings\LAR\Application Data\Mozilla\Firefox\Profiles\6kh8neev.Default User\cookies.txt -> TrackingCookie.Adtech : Cleaned. :mozilla.470:C:\Documents and Settings\LAR\Application Data\Mozilla\Firefox\Profiles\6kh8neev.Default User\cookies.txt -> TrackingCookie.Adtech : Cleaned. :mozilla.258:C:\Documents and Settings\LAR\Application Data\Mozilla\Firefox\Profiles\6kh8neev.Default User\cookies.txt -> TrackingCookie.Advertising : Cleaned. :mozilla.259:C:\Documents and Settings\LAR\Application Data\Mozilla\Firefox\Profiles\6kh8neev.Default User\cookies.txt -> TrackingCookie.Advertising : Cleaned. :mozilla.260:C:\Documents and Settings\LAR\Application Data\Mozilla\Firefox\Profiles\6kh8neev.Default User\cookies.txt -> TrackingCookie.Advertising : Cleaned. :mozilla.261:C:\Documents and Settings\LAR\Application Data\Mozilla\Firefox\Profiles\6kh8neev.Default User\cookies.txt -> TrackingCookie.Advertising : Cleaned. :mozilla.262:C:\Documents and Settings\LAR\Application Data\Mozilla\Firefox\Profiles\6kh8neev.Default User\cookies.txt -> TrackingCookie.Advertising : Cleaned. :mozilla.11:C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\ra8he8fk.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned. :mozilla.14:C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\j6vno9bb.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned. :mozilla.99:C:\Documents and Settings\LAR\Application Data\Mozilla\Firefox\Profiles\6kh8neev.Default User\cookies.txt -> TrackingCookie.Atdmt : Cleaned. :mozilla.320:C:\Documents and Settings\LAR\Application Data\Mozilla\Firefox\Profiles\6kh8neev.Default User\cookies.txt -> TrackingCookie.Bfast : Cleaned. :mozilla.544:C:\Documents and Settings\LAR\Application Data\Mozilla\Firefox\Profiles\6kh8neev.Default User\cookies.txt -> TrackingCookie.Bluestreak : Cleaned. :mozilla.201:C:\Documents and Settings\LAR\Application Data\Mozilla\Firefox\Profiles\8ceoxkcq.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned. :mozilla.202:C:\Documents and Settings\LAR\Application Data\Mozilla\Firefox\Profiles\8ceoxkcq.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned. :mozilla.203:C:\Documents and Settings\LAR\Application Data\Mozilla\Firefox\Profiles\8ceoxkcq.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned. :mozilla.206:C:\Documents and Settings\LAR\Application Data\Mozilla\Firefox\Profiles\6kh8neev.Default User\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned. :mozilla.207:C:\Documents and Settings\LAR\Application Data\Mozilla\Firefox\Profiles\6kh8neev.Default User\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned. :mozilla.208:C:\Documents and Settings\LAR\Application Data\Mozilla\Firefox\Profiles\6kh8neev.Default User\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned. :mozilla.275:C:\Documents and Settings\LAR\Application Data\Mozilla\Firefox\Profiles\6kh8neev.Default User\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned. :mozilla.276:C:\Documents and Settings\LAR\Application Data\Mozilla\Firefox\Profiles\6kh8neev.Default User\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned. :mozilla.277:C:\Documents and Settings\LAR\Application Data\Mozilla\Firefox\Profiles\6kh8neev.Default User\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned. :mozilla.545:C:\Documents and Settings\LAR\Application Data\Mozilla\Firefox\Profiles\6kh8neev.Default User\cookies.txt -> TrackingCookie.Burstnet : Cleaned. :mozilla.546:C:\Documents and Settings\LAR\Application Data\Mozilla\Firefox\Profiles\6kh8neev.Default User\cookies.txt -> TrackingCookie.Burstnet : Cleaned. :mozilla.440:C:\Documents and Settings\LAR\Application Data\Mozilla\Firefox\Profiles\6kh8neev.Default User\cookies.txt -> TrackingCookie.Casalemedia : Cleaned. :mozilla.441:C:\Documents and Settings\LAR\Application Data\Mozilla\Firefox\Profiles\6kh8neev.Default User\cookies.txt -> TrackingCookie.Casalemedia : Cleaned. :mozilla.442:C:\Documents and Settings\LAR\Application Data\Mozilla\Firefox\Profiles\6kh8neev.Default User\cookies.txt -> TrackingCookie.Casalemedia : Cleaned. :mozilla.443:C:\Documents and Settings\LAR\Application Data\Mozilla\Firefox\Profiles\6kh8neev.Default User\cookies.txt -> TrackingCookie.Casalemedia : Cleaned. :mozilla.444:C:\Documents and Settings\LAR\Application Data\Mozilla\Firefox\Profiles\6kh8neev.Default User\cookies.txt -> TrackingCookie.Casalemedia : Cleaned. :mozilla.445:C:\Documents and Settings\LAR\Application Data\Mozilla\Firefox\Profiles\6kh8neev.Default User\cookies.txt -> TrackingCookie.Casalemedia : Cleaned. :mozilla.332:C:\Documents and Settings\LAR\Application Data\Mozilla\Firefox\Profiles\6kh8neev.Default User\cookies.txt -> TrackingCookie.Com : Cleaned. :mozilla.486:C:\Documents and Settings\LAR\Application Data\Mozilla\Firefox\Profiles\6kh8neev.Default User\cookies.txt -> TrackingCookie.Coremetrics : Cleaned. :mozilla.16:C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\j6vno9bb.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned. :mozilla.20:C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\ra8he8fk.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned. :mozilla.80:C:\Documents and Settings\LAR\Application Data\Mozilla\Firefox\Profiles\6kh8neev.Default User\cookies.txt -> TrackingCookie.Doubleclick : Cleaned. :mozilla.724:C:\Documents and Settings\LAR\Application Data\Mozilla\Firefox\Profiles\6kh8neev.Default User\cookies.txt -> TrackingCookie.Euroclick : Cleaned. :mozilla.30:C:\Documents and Settings\LAR\Application Data\Mozilla\Firefox\Profiles\8ceoxkcq.default\cookies.txt -> TrackingCookie.Falkag : Cleaned. :mozilla.769:C:\Documents and Settings\LAR\Application Data\Mozilla\Firefox\Profiles\6kh8neev.Default User\cookies.txt -> TrackingCookie.Falkag : Cleaned. :mozilla.132:C:\Documents and Settings\LAR\Application Data\Mozilla\Firefox\Profiles\6kh8neev.Default User\cookies.txt -> TrackingCookie.Fastclick : Cleaned. :mozilla.134:C:\Documents and Settings\LAR\Application Data\Mozilla\Firefox\Profiles\6kh8neev.Default User\cookies.txt -> TrackingCookie.Fastclick : Cleaned. :mozilla.135:C:\Documents and Settings\LAR\Application Data\Mozilla\Firefox\Profiles\6kh8neev.Default User\cookies.txt -> TrackingCookie.Fastclick : Cleaned. :mozilla.136:C:\Documents and Settings\LAR\Application Data\Mozilla\Firefox\Profiles\6kh8neev.Default User\cookies.txt -> TrackingCookie.Fastclick : Cleaned. :mozilla.137:C:\Documents and Settings\LAR\Application Data\Mozilla\Firefox\Profiles\6kh8neev.Default User\cookies.txt -> TrackingCookie.Fastclick : Cleaned. :mozilla.138:C:\Documents and Settings\LAR\Application Data\Mozilla\Firefox\Profiles\6kh8neev.Default User\cookies.txt -> TrackingCookie.Fastclick : Cleaned. :mozilla.139:C:\Documents and Settings\LAR\Application Data\Mozilla\Firefox\Profiles\6kh8neev.Default User\cookies.txt -> TrackingCookie.Fastclick : Cleaned. :mozilla.903:C:\Documents and Settings\LAR\Application Data\Mozilla\Firefox\Profiles\6kh8neev.Default User\cookies.txt -> TrackingCookie.Fortunecity : Cleaned. :mozilla.904:C:\Documents and Settings\LAR\Application Data\Mozilla\Firefox\Profiles\6kh8neev.Default User\cookies.txt -> TrackingCookie.Fortunecity : Cleaned. :mozilla.269:C:\Documents and Settings\LAR\Application Data\Mozilla\Firefox\Profiles\6kh8neev.Default User\cookies.txt -> TrackingCookie.Gemius : Cleaned. :mozilla.271:C:\Documents and Settings\LAR\Application Data\Mozilla\Firefox\Profiles\6kh8neev.Default User\cookies.txt -> TrackingCookie.Gemius : Cleaned. :mozilla.118:C:\Documents and Settings\LAR\Application Data\Mozilla\Firefox\Profiles\6kh8neev.Default User\cookies.txt -> TrackingCookie.Googleadservices : Cleaned. :mozilla.18:C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\j6vno9bb.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned. :mozilla.19:C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\j6vno9bb.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned. :mozilla.20:C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\j6vno9bb.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned. :mozilla.21:C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\j6vno9bb.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned. :mozilla.27:C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\ra8he8fk.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned. :mozilla.28:C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\ra8he8fk.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned. :mozilla.295:C:\Documents and Settings\LAR\Application Data\Mozilla\Firefox\Profiles\6kh8neev.Default User\cookies.txt -> TrackingCookie.Hitbox : Cleaned. :mozilla.296:C:\Documents and Settings\LAR\Application Data\Mozilla\Firefox\Profiles\6kh8neev.Default User\cookies.txt -> TrackingCookie.Hitbox : Cleaned. :mozilla.297:C:\Documents and Settings\LAR\Application Data\Mozilla\Firefox\Profiles\6kh8neev.Default User\cookies.txt -> TrackingCookie.Hitbox : Cleaned. :mozilla.298:C:\Documents and Settings\LAR\Application Data\Mozilla\Firefox\Profiles\6kh8neev.Default User\cookies.txt -> TrackingCookie.Hitbox : Cleaned. :mozilla.30:C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\ra8he8fk.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned. :mozilla.31:C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\ra8he8fk.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned. :mozilla.383:C:\Documents and Settings\LAR\Application Data\Mozilla\Firefox\Profiles\6kh8neev.Default User\cookies.txt -> TrackingCookie.Hitbox : Cleaned. :mozilla.384:C:\Documents and Settings\LAR\Application Data\Mozilla\Firefox\Profiles\6kh8neev.Default User\cookies.txt -> TrackingCookie.Hitbox : Cleaned. :mozilla.385:C:\Documents and Settings\LAR\Application Data\Mozilla\Firefox\Profiles\6kh8neev.Default User\cookies.txt -> TrackingCookie.Hitbox : Cleaned. :mozilla.628:C:\Documents and Settings\LAR\Application Data\Mozilla\Firefox\Profiles\6kh8neev.Default User\cookies.txt -> TrackingCookie.Hitbox : Cleaned. :mozilla.693:C:\Documents and Settings\LAR\Application Data\Mozilla\Firefox\Profiles\6kh8neev.Default User\cookies.txt -> TrackingCookie.Hitbox : Cleaned. :mozilla.819:C:\Documents and Settings\LAR\Application Data\Mozilla\Firefox\Profiles\6kh8neev.Default User\cookies.txt -> TrackingCookie.Hitbox : Cleaned. :mozilla.857:C:\Documents and Settings\LAR\Application Data\Mozilla\Firefox\Profiles\6kh8neev.Default User\cookies.txt -> TrackingCookie.Hitbox : Cleaned. :mozilla.858:C:\Documents and Settings\LAR\Application Data\Mozilla\Firefox\Profiles\6kh8neev.Default User\cookies.txt -> TrackingCookie.Hitbox : Cleaned. :mozilla.892:C:\Documents and Settings\LAR\Application Data\Mozilla\Firefox\Profiles\6kh8neev.Default User\cookies.txt -> TrackingCookie.Hitbox : Cleaned. :mozilla.893:C:\Documents and Settings\LAR\Application Data\Mozilla\Firefox\Profiles\6kh8neev.Default User\cookies.txt -> TrackingCookie.Hitbox : Cleaned. :mozilla.742:C:\Documents and Settings\LAR\Application Data\Mozilla\Firefox\Profiles\6kh8neev.Default User\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned. :mozilla.743:C:\Documents and Settings\LAR\Application Data\Mozilla\Firefox\Profiles\6kh8neev.Default User\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned. :mozilla.89:C:\Documents and Settings\LAR\Application Data\Mozilla\Firefox\Profiles\8ceoxkcq.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned. :mozilla.90:C:\Documents and Settings\LAR\Application Data\Mozilla\Firefox\Profiles\8ceoxkcq.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned. :mozilla.233:C:\Documents and Settings\LAR\Application Data\Mozilla\Firefox\Profiles\8ceoxkcq.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned. :mozilla.234:C:\Documents and Settings\LAR\Application Data\Mozilla\Firefox\Profiles\8ceoxkcq.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned. :mozilla.235:C:\Documents and Settings\LAR\Application Data\Mozilla\Firefox\Profiles\8ceoxkcq.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned. :mozilla.25:C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\ra8he8fk.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned. :mozilla.92:C:\Documents and Settings\LAR\Application Data\Mozilla\Firefox\Profiles\6kh8neev.Default User\cookies.txt -> TrackingCookie.Mediaplex : Cleaned. :mozilla.93:C:\Documents and Settings\LAR\Application Data\Mozilla\Firefox\Profiles\6kh8neev.Default User\cookies.txt -> TrackingCookie.Mediaplex : Cleaned. :mozilla.148:C:\Documents and Settings\LAR\Application Data\Mozilla\Firefox\Profiles\8ceoxkcq.default\cookies.txt -> TrackingCookie.Netflame : Cleaned. :mozilla.750:C:\Documents and Settings\LAR\Application Data\Mozilla\Firefox\Profiles\6kh8neev.Default User\cookies.txt -> TrackingCookie.Onestat : Cleaned. :mozilla.751:C:\Documents and Settings\LAR\Application Data\Mozilla\Firefox\Profiles\6kh8neev.Default User\cookies.txt -> TrackingCookie.Onestat : Cleaned. :mozilla.130:C:\Documents and Settings\LAR\Application Data\Mozilla\Firefox\Profiles\8ceoxkcq.default\cookies.txt -> TrackingCookie.Overture : Cleaned. :mozilla.178:C:\Documents and Settings\LAR\Application Data\Mozilla\Firefox\Profiles\6kh8neev.Default User\cookies.txt -> TrackingCookie.Overture : Cleaned. :mozilla.179:C:\Documents and Settings\LAR\Application Data\Mozilla\Firefox\Profiles\6kh8neev.Default User\cookies.txt -> TrackingCookie.Overture : Cleaned. :mozilla.180:C:\Documents and Settings\LAR\Application Data\Mozilla\Firefox\Profiles\6kh8neev.Default User\cookies.txt -> TrackingCookie.Overture : Cleaned. :mozilla.708:C:\Documents and Settings\LAR\Application Data\Mozilla\Firefox\Profiles\6kh8neev.Default User\cookies.txt -> TrackingCookie.Overture : Cleaned. :mozilla.105:C:\Documents and Settings\LAR\Application Data\Mozilla\Firefox\Profiles\6kh8neev.Default User\cookies.txt -> TrackingCookie.Paypal : Cleaned. :mozilla.262:C:\Documents and Settings\LAR\Application Data\Mozilla\Firefox\Profiles\8ceoxkcq.default\cookies.txt -> TrackingCookie.Paypal : Cleaned. :mozilla.18:C:\Documents and Settings\LAR\Application Data\Mozilla\Firefox\Profiles\8ceoxkcq.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned. :mozilla.19:C:\Documents and Settings\LAR\Application Data\Mozilla\Firefox\Profiles\8ceoxkcq.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned. :mozilla.20:C:\Documents and Settings\LAR\Application Data\Mozilla\Firefox\Profiles\8ceoxkcq.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned. :mozilla.21:C:\Documents and Settings\LAR\Application Data\Mozilla\Firefox\Profiles\8ceoxkcq.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned. :mozilla.22:C:\Documents and Settings\LAR\Application Data\Mozilla\Firefox\Profiles\8ceoxkcq.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned. :mozilla.88:C:\Documents and Settings\LAR\Application Data\Mozilla\Firefox\Profiles\6kh8neev.Default User\cookies.txt -> TrackingCookie.Pointroll : Cleaned. :mozilla.89:C:\Documents and Settings\LAR\Application Data\Mozilla\Firefox\Profiles\6kh8neev.Default User\cookies.txt -> TrackingCookie.Pointroll : Cleaned. :mozilla.90:C:\Documents and Settings\LAR\Application Data\Mozilla\Firefox\Profiles\6kh8neev.Default User\cookies.txt -> TrackingCookie.Pointroll : Cleaned. :mozilla.91:C:\Documents and Settings\LAR\Application Data\Mozilla\Firefox\Profiles\6kh8neev.Default User\cookies.txt -> TrackingCookie.Pointroll : Cleaned. :mozilla.136:C:\Documents and Settings\LAR\Application Data\Mozilla\Firefox\Profiles\8ceoxkcq.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned. :mozilla.323:C:\Documents and Settings\LAR\Application Data\Mozilla\Firefox\Profiles\6kh8neev.Default User\cookies.txt -> TrackingCookie.Questionmarket : Cleaned. :mozilla.324:C:\Documents and Settings\LAR\Application Data\Mozilla\Firefox\Profiles\6kh8neev.Default User\cookies.txt -> TrackingCookie.Questionmarket : Cleaned. :mozilla.325:C:\Documents and Settings\LAR\Application Data\Mozilla\Firefox\Profiles\6kh8neev.Default User\cookies.txt -> TrackingCookie.Questionmarket : Cleaned. :mozilla.326:C:\Documents and Settings\LAR\Application Data\Mozilla\Firefox\Profiles\6kh8neev.Default User\cookies.txt -> TrackingCookie.Questionmarket : Cleaned. :mozilla.327:C:\Documents and Settings\LAR\Application Data\Mozilla\Firefox\Profiles\6kh8neev.Default User\cookies.txt -> TrackingCookie.Questionmarket : Cleaned. :mozilla.328:C:\Documents and Settings\LAR\Application Data\Mozilla\Firefox\Profiles\6kh8neev.Default User\cookies.txt -> TrackingCookie.Questionmarket : Cleaned. :mozilla.329:C:\Documents and Settings\LAR\Application Data\Mozilla\Firefox\Profiles\6kh8neev.Default User\cookies.txt -> TrackingCookie.Questionmarket : Cleaned. :mozilla.138:C:\Documents and Settings\LAR\Application Data\Mozilla\Firefox\Profiles\8ceoxkcq.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned. :mozilla.531:C:\Documents and Settings\LAR\Application Data\Mozilla\Firefox\Profiles\6kh8neev.Default User\cookies.txt -> TrackingCookie.Realmedia : Cleaned. :mozilla.533:C:\Documents and Settings\LAR\Application Data\Mozilla\Firefox\Profiles\6kh8neev.Default User\cookies.txt -> TrackingCookie.Realmedia : Cleaned. :mozilla.609:C:\Documents and Settings\LAR\Application Data\Mozilla\Firefox\Profiles\6kh8neev.Default User\cookies.txt -> TrackingCookie.Revsci : Cleaned. :mozilla.610:C:\Documents and Settings\LAR\Application Data\Mozilla\Firefox\Profiles\6kh8neev.Default User\cookies.txt -> TrackingCookie.Revsci : Cleaned. :mozilla.611:C:\Documents and Settings\LAR\Application Data\Mozilla\Firefox\Profiles\6kh8neev.Default User\cookies.txt -> TrackingCookie.Revsci : Cleaned. :mozilla.612:C:\Documents and Settings\LAR\Application Data\Mozilla\Firefox\Profiles\6kh8neev.Default User\cookies.txt -> TrackingCookie.Revsci : Cleaned. :mozilla.613:C:\Documents and Settings\LAR\Application Data\Mozilla\Firefox\Profiles\6kh8neev.Default User\cookies.txt -> TrackingCookie.Revsci : Cleaned. :mozilla.614:C:\Documents and Settings\LAR\Application Data\Mozilla\Firefox\Profiles\6kh8neev.Default User\cookies.txt -> TrackingCookie.Revsci : Cleaned. :mozilla.615:C:\Documents and Settings\LAR\Application Data\Mozilla\Firefox\Profiles\6kh8neev.Default User\cookies.txt -> TrackingCookie.Revsci : Cleaned. :mozilla.616:C:\Documents and Settings\LAR\Application Data\Mozilla\Firefox\Profiles\6kh8neev.Default User\cookies.txt -> TrackingCookie.Revsci : Cleaned. :mozilla.55:C:\Documents and Settings\LAR\Application Data\Mozilla\Firefox\Profiles\8ceoxkcq.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned. :mozilla.56:C:\Documents and Settings\LAR\Application Data\Mozilla\Firefox\Profiles\8ceoxkcq.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned. :mozilla.57:C:\Documents and Settings\LAR\Application Data\Mozilla\Firefox\Profiles\8ceoxkcq.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned. :mozilla.58:C:\Documents and Settings\LAR\Application Data\Mozilla\Firefox\Profiles\8ceoxkcq.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned. :mozilla.143:C:\Documents and Settings\LAR\Application Data\Mozilla\Firefox\Profiles\8ceoxkcq.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned. :mozilla.144:C:\Documents and Settings\LAR\Application Data\Mozilla\Firefox\Profiles\8ceoxkcq.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned. :mozilla.145:C:\Documents and Settings\LAR\Application Data\Mozilla\Firefox\Profiles\8ceoxkcq.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned. :mozilla.146:C:\Documents and Settings\LAR\Application Data\Mozilla\Firefox\Profiles\8ceoxkcq.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned. :mozilla.425:C:\Documents and Settings\LAR\Application Data\Mozilla\Firefox\Profiles\6kh8neev.Default User\cookies.txt -> TrackingCookie.Serving-sys : Cleaned. :mozilla.426:C:\Documents and Settings\LAR\Application Data\Mozilla\Firefox\Profiles\6kh8neev.Default User\cookies.txt -> TrackingCookie.Serving-sys : Cleaned. :mozilla.427:C:\Documents and Settings\LAR\Application Data\Mozilla\Firefox\Profiles\6kh8neev.Default User\cookies.txt -> TrackingCookie.Serving-sys : Cleaned. :mozilla.428:C:\Documents and Settings\LAR\Application Data\Mozilla\Firefox\Profiles\6kh8neev.Default User\cookies.txt -> TrackingCookie.Serving-sys : Cleaned. :mozilla.429:C:\Documents and Settings\LAR\Application Data\Mozilla\Firefox\Profiles\6kh8neev.Default User\cookies.txt -> TrackingCookie.Serving-sys : Cleaned. :mozilla.430:C:\Documents and Settings\LAR\Application Data\Mozilla\Firefox\Profiles\6kh8neev.Default User\cookies.txt -> TrackingCookie.Serving-sys : Cleaned. :mozilla.222:C:\Documents and Settings\LAR\Application Data\Mozilla\Firefox\Profiles\8ceoxkcq.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned. :mozilla.801:C:\Documents and Settings\LAR\Application Data\Mozilla\Firefox\Profiles\6kh8neev.Default User\cookies.txt -> TrackingCookie.Smartadserver : Cleaned. :mozilla.802:C:\Documents and Settings\LAR\Application Data\Mozilla\Firefox\Profiles\6kh8neev.Default User\cookies.txt -> TrackingCookie.Smartadserver : Cleaned. :mozilla.803:C:\Documents and Settings\LAR\Application Data\Mozilla\Firefox\Profiles\6kh8neev.Default User\cookies.txt -> TrackingCookie.Smartadserver : Cleaned. :mozilla.133:C:\Documents and Settings\LAR\Application Data\Mozilla\Firefox\Profiles\6kh8neev.Default User\cookies.txt -> TrackingCookie.Specificclick : Cleaned. :mozilla.140:C:\Documents and Settings\LAR\Application Data\Mozilla\Firefox\Profiles\6kh8neev.Default User\cookies.txt -> TrackingCookie.Specificclick : Cleaned. :mozilla.141:C:\Documents and Settings\LAR\Application Data\Mozilla\Firefox\Profiles\6kh8neev.Default User\cookies.txt -> TrackingCookie.Specificclick : Cleaned. :mozilla.142:C:\Documents and Settings\LAR\Application Data\Mozilla\Firefox\Profiles\6kh8neev.Default User\cookies.txt -> TrackingCookie.Specificclick : Cleaned. :mozilla.143:C:\Documents and Settings\LAR\Application Data\Mozilla\Firefox\Profiles\6kh8neev.Default User\cookies.txt -> TrackingCookie.Specificclick : Cleaned. :mozilla.17:C:\Documents and Settings\LAR\Application Data\Mozilla\Firefox\Profiles\8ceoxkcq.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned. :mozilla.32:C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\ra8he8fk.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned. :mozilla.459:C:\Documents and Settings\LAR\Application Data\Mozilla\Firefox\Profiles\6kh8neev.Default User\cookies.txt -> TrackingCookie.Specificclick : Cleaned. :mozilla.460:C:\Documents and Settings\LAR\Application Data\Mozilla\Firefox\Profiles\6kh8neev.Default User\cookies.txt -> TrackingCookie.Specificclick : Cleaned. :mozilla.461:C:\Documents and Settings\LAR\Application Data\Mozilla\Firefox\Profiles\6kh8neev.Default User\cookies.txt -> TrackingCookie.Specificclick : Cleaned. :mozilla.462:C:\Documents and Settings\LAR\Application Data\Mozilla\Firefox\Profiles\6kh8neev.Default User\cookies.txt -> TrackingCookie.Specificclick : Cleaned. :mozilla.463:C:\Documents and Settings\LAR\Application Data\Mozilla\Firefox\Profiles\6kh8neev.Default User\cookies.txt -> TrackingCookie.Specificclick : Cleaned. :mozilla.30:C:\Documents and Settings\LAR\Application Data\Mozilla\Firefox\Profiles\6kh8neev.Default User\cookies.txt -> TrackingCookie.Statcounter : Cleaned. :mozilla.37:C:\Documents and Settings\LAR\Application Data\Mozilla\Firefox\Profiles\6kh8neev.Default User\cookies.txt -> TrackingCookie.Statcounter : Cleaned. :mozilla.40:C:\Documents and Settings\LAR\Application Data\Mozilla\Firefox\Profiles\6kh8neev.Default User\cookies.txt -> TrackingCookie.Statcounter : Cleaned. :mozilla.41:C:\Documents and Settings\LAR\Application Data\Mozilla\Firefox\Profiles\6kh8neev.Default User\cookies.txt -> TrackingCookie.Statcounter : Cleaned. :mozilla.42:C:\Documents and Settings\LAR\Application Data\Mozilla\Firefox\Profiles\6kh8neev.Default User\cookies.txt -> TrackingCookie.Statcounter : Cleaned. :mozilla.43:C:\Documents and Settings\LAR\Application Data\Mozilla\Firefox\Profiles\6kh8neev.Default User\cookies.txt -> TrackingCookie.Statcounter : Cleaned. :mozilla.44:C:\Documents and Settings\LAR\Application Data\Mozilla\Firefox\Profiles\6kh8neev.Default User\cookies.txt -> TrackingCookie.Statcounter : Cleaned. :mozilla.45:C:\Documents and Settings\LAR\Application Data\Mozilla\Firefox\Profiles\6kh8neev.Default User\cookies.txt -> TrackingCookie.Statcounter : Cleaned. :mozilla.46:C:\Documents and Settings\LAR\Application Data\Mozilla\Firefox\Profiles\6kh8neev.Default User\cookies.txt -> TrackingCookie.Statcounter : Cleaned. :mozilla.47:C:\Documents and Settings\LAR\Application Data\Mozilla\Firefox\Profiles\6kh8neev.Default User\cookies.txt -> TrackingCookie.Statcounter : Cleaned. :mozilla.48:C:\Documents and Settings\LAR\Application Data\Mozilla\Firefox\Profiles\6kh8neev.Default User\cookies.txt -> TrackingCookie.Statcounter : Cleaned. :mozilla.155:C:\Documents and Settings\LAR\Application Data\Mozilla\Firefox\Profiles\8ceoxkcq.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned. :mozilla.156:C:\Documents and Settings\LAR\Application Data\Mozilla\Firefox\Profiles\8ceoxkcq.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned. :mozilla.62:C:\Documents and Settings\LAR\Application Data\Mozilla\Firefox\Profiles\6kh8neev.Default User\cookies.txt -> TrackingCookie.Tacoda : Cleaned. :mozilla.63:C:\Documents and Settings\LAR\Application Data\Mozilla\Firefox\Profiles\6kh8neev.Default User\cookies.txt -> TrackingCookie.Tacoda : Cleaned. :mozilla.64:C:\Documents and Settings\LAR\Application Data\Mozilla\Firefox\Profiles\6kh8neev.Default User\cookies.txt -> TrackingCookie.Tacoda : Cleaned. :mozilla.65:C:\Documents and Settings\LAR\Application Data\Mozilla\Firefox\Profiles\6kh8neev.Default User\cookies.txt -> TrackingCookie.Tacoda : Cleaned. :mozilla.66:C:\Documents and Settings\LAR\Application Data\Mozilla\Firefox\Profiles\6kh8neev.Default User\cookies.txt -> TrackingCookie.Tacoda : Cleaned. :mozilla.77:C:\Documents and Settings\LAR\Application Data\Mozilla\Firefox\Profiles\6kh8neev.Default User\cookies.txt -> TrackingCookie.Tacoda : Cleaned. :mozilla.679:C:\Documents and Settings\LAR\Application Data\Mozilla\Firefox\Profiles\6kh8neev.Default User\cookies.txt -> TrackingCookie.Targetnet : Cleaned. :mozilla.680:C:\Documents and Settings\LAR\Application Data\Mozilla\Firefox\Profiles\6kh8neev.Default User\cookies.txt -> TrackingCookie.Targetnet : Cleaned. :mozilla.162:C:\Documents and Settings\LAR\Application Data\Mozilla\Firefox\Profiles\8ceoxkcq.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned. :mozilla.163:C:\Documents and Settings\LAR\Application Data\Mozilla\Firefox\Profiles\8ceoxkcq.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned. :mozilla.164:C:\Documents and Settings\LAR\Application Data\Mozilla\Firefox\Profiles\8ceoxkcq.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned. :mozilla.165:C:\Documents and Settings\LAR\Application Data\Mozilla\Firefox\Profiles\8ceoxkcq.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned. :mozilla.166:C:\Documents and Settings\LAR\Application Data\Mozilla\Firefox\Profiles\8ceoxkcq.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned. :mozilla.167:C:\Documents and Settings\LAR\Application Data\Mozilla\Firefox\Profiles\8ceoxkcq.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned. :mozilla.759:C:\Documents and Settings\LAR\Application Data\Mozilla\Firefox\Profiles\6kh8neev.Default User\cookies.txt -> TrackingCookie.Trafficmp : Cleaned. :mozilla.760:C:\Documents and Settings\LAR\Application Data\Mozilla\Firefox\Profiles\6kh8neev.Default User\cookies.txt -> TrackingCookie.Trafficmp : Cleaned. :mozilla.833:C:\Documents and Settings\LAR\Application Data\Mozilla\Firefox\Profiles\6kh8neev.Default User\cookies.txt -> TrackingCookie.Trafic : Cleaned. :mozilla.168:C:\Documents and Settings\LAR\Application Data\Mozilla\Firefox\Profiles\8ceoxkcq.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned. :mozilla.266:C:\Documents and Settings\LAR\Application Data\Mozilla\Firefox\Profiles\6kh8neev.Default User\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned. :mozilla.111:C:\Documents and Settings\LAR\Application Data\Mozilla\Firefox\Profiles\6kh8neev.Default User\cookies.txt -> TrackingCookie.Webtrends : Cleaned. :mozilla.123:C:\Documents and Settings\LAR\Application Data\Mozilla\Firefox\Profiles\6kh8neev.Default User\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned. :mozilla.145:C:\Documents and Settings\LAR\Application Data\Mozilla\Firefox\Profiles\6kh8neev.Default User\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned. :mozilla.146:C:\Documents and Settings\LAR\Application Data\Mozilla\Firefox\Profiles\6kh8neev.Default User\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned. :mozilla.147:C:\Documents and Settings\LAR\Application Data\Mozilla\Firefox\Profiles\6kh8neev.Default User\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned. :mozilla.191:C:\Documents and Settings\LAR\Application Data\Mozilla\Firefox\Profiles\8ceoxkcq.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned. :mozilla.192:C:\Documents and Settings\LAR\Application Data\Mozilla\Firefox\Profiles\8ceoxkcq.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned. :mozilla.193:C:\Documents and Settings\LAR\Application Data\Mozilla\Firefox\Profiles\8ceoxkcq.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned. :mozilla.194:C:\Documents and Settings\LAR\Application Data\Mozilla\Firefox\Profiles\8ceoxkcq.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned. :mozilla.195:C:\Documents and Settings\LAR\Application Data\Mozilla\Firefox\Profiles\8ceoxkcq.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned. :mozilla.196:C:\Documents and Settings\LAR\Application Data\Mozilla\Firefox\Profiles\8ceoxkcq.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned. :mozilla.290:C:\Documents and Settings\LAR\Application Data\Mozilla\Firefox\Profiles\6kh8neev.Default User\cookies.txt -> TrackingCookie.Zedo : Cleaned. :mozilla.291:C:\Documents and Settings\LAR\Application Data\Mozilla\Firefox\Profiles\6kh8neev.Default User\cookies.txt -> TrackingCookie.Zedo : Cleaned. :mozilla.292:C:\Documents and Settings\LAR\Application Data\Mozilla\Firefox\Profiles\6kh8neev.Default User\cookies.txt -> TrackingCookie.Zedo : Cleaned. C:\Documents and Settings\LAR\My Documents\Download.Accelerator.Plus.Ver.8.0.4.4.Premium-By.TXT.rar/Download.Accelerator.Plus.Ver.8.0.4.4.Premium-By.TXT\Patch\Trace.Cleaner.Activation.Patch.exe -> Trojan.Small : Cleaned. C:\Program Files\DAP\Privacy Package\Trace.Cleaner.Activation.Patch.exe -> Trojan.Small : Cleaned. C:\temp\dap\Download.Accelerator.Plus.Ver.8.0.4.4.Premium-By.TXT\Patch\Trace.Cleaner.Activation.Patch.exe -> Trojan.Small : Cleaned. ::Report end Here is my Super AntiSpyware log: SUPERAntiSpyware Scan Log Generated 04/26/2007 at 08:15 PM Application Version : 3.6.1000 Core Rules Database Version : 3226 Trace Rules Database Version: 1237 Scan type : Complete Scan Total Scan Time : 00:41:46 Memory items scanned : 384 Memory threats detected : 0 Registry items scanned : 5050 Registry threats detected : 9 File items scanned : 46852 File threats detected : 3 Adware.ClickSpring/Outer Info Network HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo#Publisher HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo#DisplayName HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo#UninstallString HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo#HelpLink HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo#InstallLocation HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo#NoModify HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo#NoRepair HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo#DisplayVersion Adware.ClickSpring/Yazzle C:\DOCUMENTS AND SETTINGS\LAR\LOCAL SETTINGS\TEMP\YAZZLEBUNDLE-1281.EXE C:\PROGRAM FILES\COMMON FILES\YAZZLE1281

llith View Member Profile	Apr 26 2007, 09:27 PM Post #2
New Member Posts: 8 OS: windows98	Previous topic got cutoff: My SuperAntispyware log SUPERAntiSpyware Scan Log Generated 04/26/2007 at 08:15 PM Application Version : 3.6.1000 Core Rules Database Version : 3226 Trace Rules Database Version: 1237 Scan type : Complete Scan Total Scan Time : 00:41:46 Memory items scanned : 384 Memory threats detected : 0 Registry items scanned : 5050 Registry threats detected : 9 File items scanned : 46852 File threats detected : 3 Adware.ClickSpring/Outer Info Network HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo#Publisher HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo#DisplayName HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo#UninstallString HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo#HelpLink HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo#InstallLocation HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo#NoModify HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo#NoRepair HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo#DisplayVersion Adware.ClickSpring/Yazzle C:\DOCUMENTS AND SETTINGS\LAR\LOCAL SETTINGS\TEMP\YAZZLEBUNDLE-1281.EXE C:\PROGRAM FILES\COMMON FILES\YAZZLE1281OINADMIN.EXE C:\PROGRAM FILES\COMMON FILES\YAZZLE1281OINUNINSTALLER.EXE And finally my Panda ActiveScan Incident Status Location Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\LAR\Application Data\Mozilla\Firefox\Profiles\6kh8neev.Default User\cookies.txt[.azjmp.com/] Spyware:Cookie/Go Not disinfected C:\Documents and Settings\LAR\Application Data\Mozilla\Firefox\Profiles\6kh8neev.Default User\cookies.txt[.go.com/] Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\LAR\Application Data\Mozilla\Firefox\Profiles\6kh8neev.Default User\cookies.txt[.apmebf.com/] Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\LAR\Application Data\Mozilla\Firefox\Profiles\6kh8neev.Default User\cookies.txt[.atwola.com/] Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\LAR\Application Data\Mozilla\Firefox\Profiles\6kh8neev.Default User\cookies.txt[.bravenet.com/] Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\LAR\Application Data\Mozilla\Firefox\Profiles\8ceoxkcq.default\cookies.txt[.atwola.com/] Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\LAR\Application Data\Mozilla\Firefox\Profiles\8ceoxkcq.default\cookies.txt[.belnk.com/] Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\LAR\Application Data\Mozilla\Firefox\Profiles\8ceoxkcq.default\cookies.txt[.bravenet.com/] Spyware:Cookie/360i Not disinfected C:\Documents and Settings\LAR\Application Data\Mozilla\Firefox\Profiles\8ceoxkcq.default\cookies.txt[.ct.360i.com/] Spyware:Spyware/New.net Not disinfected C:\temp\gorPCA.exe[win.exe] Adware:Adware/WebBuying Not disinfected C:\temp\gorPCA.exe[zin2.exe] Adware:Adware/TTC Not disinfected C:\temp\gorPCA.exe[win33.exe] Adware:Adware/DeluxeComunications Not disinfected C:\temp\gorPCA.exe[win4.exe] Virus:Trj/Downloader.NYN Not disinfected C:\temp\gorPCA.exe[win11.exe] If you made it this far, I applaud you. My O/S is XP (not 98 as listed at the side - my profile won't update). Thank you in advance for trying to help. Lauri-Ann

Daemon View Member Profile	Apr 27 2007, 12:00 AM Post #3
Security Expert Posts: 4,356 OS: XP	It doesn't look too bad. First of all, open Spybot S&D, click Mode>Advanced>Tools>Resident and remove the check from the Tea Timer box. You can reinstate it later but we don't want it interfering with what we need to do. Reboot when done. Click here to download System Security Suite. Extract it from the zip file into a folder and doubleclick on sss.exe. Check the boxes under the 'Items to Clear' tab and click 'Clear Selected Items'. You will be prompted to reboot, do so. 1. Download this file - combofix.exe 2. Double click combofix.exe & follow the prompts. 3. When finished, it will produce a log for you. Post that log in your next reply. Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

llith View Member Profile	Apr 27 2007, 08:41 AM Post #4
New Member Posts: 8 OS: windows98	First off, thank you very much for your incredibly speedy response. I did as you asked. Everything worked fine until I clicked the combofix dl link. It produced: You have used an invalid url to download ComboFix.exe. Please be advised that these are the correct links to use http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe http://download.bleepingcomputer.com/sUBs/ComboFix.exe I used the link at techsupportforum.com and got the following combofix report: "LAR" - 07-04-27 9:32:22 Service Pack 2 ComboFix 07-04-25.4V - Running from: "C:\Program Files\Mozilla Firefox\" ((((((((((((((((((((((((((((((( Files Created from 2007-03-27 to 2007-04-27 )))))))))))))))))))))))))))))))))) 2007-04-27 09:27 <DIR> d-------- C:\Program Files\System Security Suite 1.04 2007-04-26 20:40 <DIR> d-------- C:\WINDOWS\SYSTEM32\ActiveScan 2007-04-26 19:30 <DIR> d-------- C:\Program Files\SUPERAntiSpyware 2007-04-26 19:30 <DIR> d-------- C:\DOCUME~1\LAURI-~1\APPLIC~1\SUPERAntiSpyware.com 2007-04-26 19:30 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com 2007-04-25 21:32 3,968 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\AvgAsCln.sys 2007-04-25 21:06 <DIR> d-------- C:\VundoFix Backups 2007-04-25 09:57 415,873 --a------ C:\temp\gorPCA.exe 2007-04-25 09:57 <DIR> d--h----- C:\temp\17O7 2007-04-25 09:57 <DIR> d-------- C:\WINDOWS\SYSTEM32\smpi1 (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-04-26 21:12 -------- d-------- C:\Program Files\microsoft intellitype pro 2007-04-26 21:12 -------- d-------- C:\Program Files\microsoft intellipoint 2007-04-22 12:40 -------- d-------- C:\Program Files\trillian 2007-04-22 12:18 11094 --a------ C:\DOCUME~1\LAURI-~1\APPLIC~1\wklnhst.dat 2007-04-03 20:32 -------- d-------- C:\Program Files\world of warcraft 2007-03-17 08:43 292864 --a------ C:\WINDOWS\SYSTEM32\winsrv.dll 2007-03-08 10:36 577536 --a------ C:\WINDOWS\SYSTEM32\user32.dll 2007-03-08 10:36 40960 --a------ C:\WINDOWS\SYSTEM32\mf3216.dll 2007-03-08 10:36 281600 --a------ C:\WINDOWS\SYSTEM32\gdi32.dll 2007-03-08 08:47 1843584 --a------ C:\WINDOWS\SYSTEM32\win32k.sys 2007-02-05 15:17 185344 --a------ C:\WINDOWS\SYSTEM32\upnphost.dll (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) Note empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll {53707962-6F74-2D53-2644-206D7942484F} C:\PROGRA~1\SPYBOT~1\SDHelper.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "SunJavaUpdateSched"="C:\\Program Files\\Java\\j2re1.4.2_03\\bin\\jusched.exe" "IAAnotif"="C:\\Program Files\\Intel\\Intel Application Accelerator\\iaanotif.exe" "CTSysVol"="C:\\Program Files\\Creative\\Sound Blaster Live! 24-bit\\Surround Mixer\\CTSysVol.exe /r" "P17Helper"="Rundll32 P17.dll,P17Helper" "UpdReg"="C:\\WINDOWS\\UpdReg.EXE" "DVDLauncher"="\"C:\\Program Files\\CyberLink\\PowerDVD\\DVDLauncher.exe\"" "Microsoft Works Update Detection"="C:\\Program Files\\Common Files\\Microsoft Shared\\Works Shared\\WkUFind.exe" "NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup" "nwiz"="nwiz.exe /install" "TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot" "NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit" "VSOCheckTask"="\"C:\\PROGRA~1\\McAfee.com\\VSO\\mcmnhdlr.exe\" /checktask" "VirusScan Online"="C:\\Program Files\\McAfee.com\\VSO\\mcvsshld.exe" "OASClnt"="C:\\Program Files\\McAfee.com\\VSO\\oasclnt.exe" "MCAgentExe"="c:\\PROGRA~1\\mcafee.com\\agent\\mcagent.exe" "MCUpdateExe"="C:\\PROGRA~1\\mcafee.com\\agent\\mcupdate.exe" "itype"="\"C:\\Program Files\\Microsoft IntelliType Pro\\itype.exe\"" "IntelliPoint"="\"C:\\Program Files\\Microsoft IntelliPoint\\ipoint.exe\"" "!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe" "SUPERAntiSpyware"="C:\\Program Files\\SUPERAntiSpyware\\SUPERAntiSpyware.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5" "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"="" HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa Authentication Packages REG_MULTI_SZ msv1_0\0\0 Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0 Notification Packages REG_MULTI_SZ scecli\0\0 [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] HTTPFilter REG_MULTI_SZ HTTPFilter\0\0 LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService REG_MULTI_SZ DnsCache\0\0 DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0 rpcss REG_MULTI_SZ RpcSs\0\0 imgsvc REG_MULTI_SZ StiSvc\0\0 termsvcs REG_MULTI_SZ TermService\0\0 WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0 ****************************************************************** catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-04-27 09:34:29 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden services ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 ****************************************************************** Completion time: 07-04-27 9:34:34 C:\ComboFix-quarantined-files.txt ... 07-04-27 09:34 How's it looking? Lauri-Ann

Daemon View Member Profile	Apr 27 2007, 12:46 PM Post #5
Security Expert Posts: 4,356 OS: XP	Not bad. First of all, open Spybot S&D, click Mode>Advanced>Tools>Resident and remove the check from the Tea Timer box. You can reinstate it later but we don't want it interfering with what we need to do. Reboot when done. HijackThis is being run from a temporary folder; this means that any backups it creates as a result of fixes made with it will be lost. Please create a new folder for it and place the program into that new folder. Make sure that you have no browser windows open as this could prevent the fix from working properly. Open HijackThis, scan and when complete, remove the following entries by checking the box to the left and clicking 'fixed checked': O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file) O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file) Exit HijackThis when done. Reboot, rescan with HijackThis and post a new log here.

llith View Member Profile	Apr 28 2007, 12:34 AM Post #6
New Member Posts: 8 OS: windows98	Here is the latest Hijack This log: Logfile of HijackThis v1.99.1 Scan saved at 1:30:37 AM, on 28/04/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16414) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\system32\CTsvcCDA.EXE C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe c:\program files\mcafee.com\agent\mcdetect.exe c:\PROGRA~1\mcafee.com\vso\mcshield.exe c:\PROGRA~1\mcafee.com\agent\mctskshd.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe C:\WINDOWS\system32\Rundll32.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\McAfee.com\VSO\mcvsshld.exe C:\Program Files\McAfee.com\VSO\oasclnt.exe c:\progra~1\mcafee.com\vso\mcvsescn.exe C:\Program Files\Microsoft IntelliType Pro\itype.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Digital Line Detect\DLG.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\Explorer.EXE C:\Program Files\hijack this\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe /r O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe" O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe" O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Digital Line Detect.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Trend Micro ActiveX Scan Agent 6.5) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe Is it getting there yet? Thanks again! Lauri-Ann

Daemon View Member Profile	Apr 28 2007, 01:07 AM Post #7
Security Expert Posts: 4,356 OS: XP	Click here to download System Security Suite. Extract it from the zip file into a folder and doubleclick on sss.exe. Check the boxes under the 'Items to Clear' tab and click 'Clear Selected Items'. You will be prompted to reboot, do so. Repeat for all log-in accounts on your computer. Let me know how it's running now.

llith View Member Profile	Apr 28 2007, 08:19 AM Post #8
New Member Posts: 8 OS: windows98	It seems to be running ok now. I did another HiJack this scan and although you didn't ask me to post the log, I noticed that two of the files you asked me to remove are back. I did turn teatimer back on briefly after I did the System Security Suite clean you asked me to do. Logfile of HijackThis v1.99.1 Scan saved at 9:12:14 AM, on 28/04/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16414) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\system32\CTsvcCDA.EXE C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe c:\program files\mcafee.com\agent\mcdetect.exe c:\PROGRA~1\mcafee.com\vso\mcshield.exe c:\PROGRA~1\mcafee.com\agent\mctskshd.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\svchost.exe C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe C:\WINDOWS\system32\Rundll32.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\McAfee.com\VSO\mcvsshld.exe C:\Program Files\McAfee.com\VSO\oasclnt.exe c:\progra~1\mcafee.com\vso\mcvsescn.exe c:\program files\mcafee.com\agent\mcagent.exe C:\Program Files\Microsoft IntelliType Pro\itype.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Digital Line Detect\DLG.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\hijack this\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Virus\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file) O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file) O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe /r O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe" O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe" O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Digital Line Detect.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Trend Micro ActiveX Scan Agent 6.5) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (file missing) O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe Do you think I'm clean now? Thanks! Lauri-Ann

Daemon View Member Profile	Apr 28 2007, 12:06 PM Post #9
Security Expert Posts: 4,356 OS: XP	Leave teatimer off, fix those two entries with HJT. One more thing and then you're all set. Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs from changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected) 1. Turn off System Restore. On the Desktop, right-click My Computer. Click Properties. Click the System Restore tab. Check Turn off System Restore. Click Apply, and then click OK. 2. Restart your computer. 3. Turn ON System Restore. On the Desktop, right-click My Computer. Click Properties. Click the System Restore tab. UN-Check Turn off System Restore. Click Apply, and then click OK. System Restore will now be active again. To help keep you clean follow the recommendations in Tony's article here: So how did I get infected in the first place? Do you require any further assistance or should I close the topic?

llith View Member Profile	Apr 28 2007, 12:59 PM Post #10
New Member Posts: 8 OS: windows98	Close the topic please. You were awesome. Thank you very much! HUG Lauri-Ann

Daemon View Member Profile	Apr 28 2007, 02:49 PM Post #11
Security Expert Posts: 4,356 OS: XP	You're welcome - glad to help And thanks for the donation As this problem has been resolved the topic will be closed. If you need this topic reopened, please email the moderating team - be sure to include the address of the thread and the name you posted under.

« Next Oldest · Virus, Spyware and Trojan Removal · Next Newest »

1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)

0 Members:

Topic Title	Replies / Views	Topic Information
Virus, Spyware and Trojan Removal hit with trojan TROJ_ZLOB.CBO. and other malware	2 / 181	2nd December 2006 - 03:47 PM crazyivan2 started - last by crazyivan2
Virus, Spyware and Trojan Removal Windows 98 system infected with I-Worm.Klez.H and other viruses. [RESO	11 / 752	7th November 2007 - 03:40 AM Auset started - last by sarahw
Virus, Spyware and Trojan Removal Help with Virtumonde and other malware removal [CLOSED]	2 / 247	31st August 2008 - 04:03 PM ER11180 started - last by Rorschach112
Virus, Spyware and Trojan Removal infected with Keylogger and other malware/spyware	0 / 145	30th June 2009 - 03:44 PM shweebop96 started - last by shweebop96