Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Problem with Win32:Dialer-520 & Win32:Zlob-BN [RESOLVED]

Started by Stevvvvvvve , Apr 19 2006 04:11 AM

  • This topic is locked This topic is locked

#1
Stevvvvvvve
Posted 19 April 2006 - 04:11 AM

Stevvvvvvve

    Member

  • Member
  • PipPip
  • 21 posts
The other night I downloaded a file, an .exe obviously, and I ran it knowing that I shouldn't have. I took care of this "fake" Spyware virus & thought I had cleared everything out. But Avast is continuously blocking attempts from Trojans. I'm at a loss of what to do.

Also I'm not a PC expert but I have quite a bit of knowledge & I'm also brand new to this site. Came to it from a search. So bare with me.

Here is a log from Avast giving some info about the attempts:

4/19/2006 5:39:57 AM SYSTEM 1248 Sign of "Win32:Dialer-520 [Trj]" has been found in "C:\WINDOWS\TEMP\win715.tmp.exe\[UPX]" file.
4/19/2006 5:35:52 AM SYSTEM 1248 Sign of "Win32:Dialer-520 [Trj]" has been found in "C:\WINDOWS\TEMP\win4CA.tmp.exe\[UPX]" file.
4/19/2006 5:33:35 AM SYSTEM 1248 Sign of "Win32:Dialer-520 [Trj]" has been found in "C:\WINDOWS\TEMP\win4C7.tmp.exe\[UPX]" file.
4/19/2006 5:31:21 AM SYSTEM 1248 Sign of "Win32:Dialer-520 [Trj]" has been found in "C:\WINDOWS\TEMP\win4C3.tmp.exe\[UPX]" file.
4/19/2006 5:06:32 AM Scuba Steve 2004 Sign of "Win32:Dialer-520 [Trj]" has been found in "C:\Documents and Settings\Scuba Steve\Local Settings\Temporary Internet Files\Content.IE5\W5IBWPUF\srvpyv[1].exe\[UPX]" file.
4/19/2006 5:06:30 AM Scuba Steve 2004 Sign of "Win32:Dialer-520 [Trj]" has been found in "C:\Documents and Settings\Scuba Steve\Local Settings\Temporary Internet Files\Content.IE5\SHMNGXAR\srvibj[1].exe\[UPX]" file.
4/19/2006 5:06:28 AM Scuba Steve 2004 Sign of "Win32:Dialer-520 [Trj]" has been found in "C:\Documents and Settings\Scuba Steve\Local Settings\Temporary Internet Files\Content.IE5\OTWROF8R\srvzee[1].exe\[UPX]" file.
4/19/2006 5:06:26 AM Scuba Steve 2004 Sign of "Win32:Dialer-520 [Trj]" has been found in "C:\Documents and Settings\Scuba Steve\Local Settings\Temporary Internet Files\Content.IE5\LMC118Y5\srvoap[1].exe\[UPX]" file.
4/19/2006 5:06:24 AM Scuba Steve 2004 Sign of "Win32:Dialer-520 [Trj]" has been found in "C:\Documents and Settings\Scuba Steve\Local Settings\Temporary Internet Files\Content.IE5\GDEBWHIB\srvuzh[1].exe\[UPX]" file.
4/19/2006 5:06:21 AM Scuba Steve 2004 Sign of "Win32:Dialer-520 [Trj]" has been found in "C:\Documents and Settings\Scuba Steve\Local Settings\Temporary Internet Files\Content.IE5\ETM345QF\srvzco[1].exe\[UPX]" file.
4/19/2006 5:06:04 AM Scuba Steve 2004 Sign of "Win32:Dialer-520 [Trj]" has been found in "C:\WINDOWS\TEMP\win4CA.tmp.exe\[UPX]" file.
4/19/2006 5:05:47 AM Scuba Steve 2004 Sign of "Win32:Dialer-520 [Trj]" has been found in "C:\Documents and Settings\Scuba Steve\Local Settings\Temporary Internet Files\Content.IE5\GDEBWHIB\srvuzh[1].exe\[UPX]" file.
4/19/2006 5:04:42 AM Scuba Steve 2004 Sign of "Win32:Dialer-520 [Trj]" has been found in "C:\Documents and Settings\KT\Local Settings\Temporary Internet Files\Content.IE5\KR9VQQVD\srvmgx[1].exe\[UPX]" file.
4/19/2006 5:03:39 AM Scuba Steve 2004 Sign of "Win32:Dialer-520 [Trj]" has been found in "C:\WINDOWS\TEMP\win4C7.tmp.exe\[UPX]" file.
4/19/2006 5:03:31 AM Scuba Steve 2004 Sign of "Win32:Dialer-520 [Trj]" has been found in "C:\Documents and Settings\Scuba Steve\Local Settings\Temporary Internet Files\Content.IE5\SHMNGXAR\srvibj[1].exe\[UPX]" file.
4/19/2006 5:01:22 AM Scuba Steve 2004 Sign of "Win32:Dialer-520 [Trj]" has been found in "C:\WINDOWS\TEMP\win4C3.tmp.exe\[UPX]" file.
4/19/2006 5:00:48 AM Scuba Steve 2004 Sign of "Win32:Dialer-520 [Trj]" has been found in "C:\Documents and Settings\Scuba Steve\Local Settings\Temporary Internet Files\Content.IE5\OTWROF8R\srvzee[1].exe\[UPX]" file.
4/19/2006 4:39:52 AM SYSTEM 1868 Sign of "Win32:Dialer-520 [Trj]" has been found in "C:\WINDOWS\TEMP\win715.tmp.exe\[UPX]" file.
4/19/2006 4:39:33 AM SYSTEM 1868 Sign of "Win32:Dialer-520 [Trj]" has been found in "C:\Documents and Settings\Scuba Steve\Local Settings\Temporary Internet Files\Content.IE5\ETM345QF\srvzco[1].exe\[UPX]" file.
4/19/2006 2:13:42 AM SYSTEM 1868 Sign of "Win32:Zlob-BM [Trj]" has been found in "C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP89\A0013000.exe\[Upack]" file.
4/19/2006 12:34:53 AM SYSTEM 1868 Sign of "Win32:Zlob-BN [Trj]" has been found in "C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP89\A0012998.exe\[Upack]" file.
4/18/2006 11:29:59 PM SYSTEM 1868 Sign of "Win32:Dialer-520 [Trj]" has been found in "C:\Documents and Settings\KT\Local Settings\Temporary Internet Files\Content.IE5\KR9VQQVD\srvmgx[1].exe\[UPX]" file.
4/18/2006 11:13:42 PM SYSTEM 1868 Sign of "Win32:Zlob-BN [Trj]" has been found in "C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP89\A0012998.exe\[Upack]" file.
4/18/2006 10:13:42 PM SYSTEM 1868 Sign of "Win32:Zlob-BN [Trj]" has been found in "C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP89\A0012998.exe\[Upack]" file.
4/18/2006 9:25:08 PM SYSTEM 1868 Sign of "Win32:Zlob-BN [Trj]" has been found in "C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP89\A0012998.exe\[Upack]" file.
4/18/2006 9:08:40 PM Scuba Steve 1848 Sign of "Win32:Dialer-520 [Trj]" has been found in "C:\Documents and Settings\Scuba Steve\Local Settings\Temporary Internet Files\Content.IE5\LMC118Y5\srvoap[1].exe\[UPX]" file.
4/18/2006 8:13:55 PM Scuba Steve 1848 Sign of "Win32:Zlob-BN [Trj]" has been found in "C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP89\A0012998.exe\[Upack]" file.
4/18/2006 7:49:52 PM Scuba Steve 1848 Sign of "Win32:Dialer-520 [Trj]" has been found in "C:\Documents and Settings\Scuba Steve\Local Settings\Temporary Internet Files\Content.IE5\W5IBWPUF\srvpyv[1].exe\[UPX]" file.
4/18/2006 2:18:27 PM SYSTEM 1264 Sign of "Win32:Dialer-520 [Trj]" has been found in "http://www.impotato....p?m=1&b=779&c=5\[UPX]" file.
4/18/2006 1:26:20 PM Scuba Steve 376 Sign of "Win32:Dialer-520 [Trj]" has been found in "http://www.impotato....p?m=1&b=779&c=4\[UPX]" file.
4/18/2006 1:26:19 PM Scuba Steve 376 Sign of "Win32:Trojano-3295 [Trj]" has been found in "http://85.255.113.214/1/gdnUS2339.exe\[Yoda]" file.
4/18/2006 1:26:06 PM Scuba Steve 376 Sign of "Win32:Zlob-BM [Trj]" has been found in "C:\WINDOWS\system32\mssearchnet.exe\[Upack]" file.
4/18/2006 1:24:53 PM Scuba Steve 376 Sign of "Win32:Zlob-BN [Trj]" has been found in "C:\WINDOWS\system32\nvctrl.exe\[Upack]" file.
4/18/2006 5:00:09 AM Scuba Steve 1392 Sign of "Win32:Trojan-gen. {Other}" has been found in "C:\Documents and Settings\Scuba Steve\Local Settings\Temp\win1F.tmp" file.
4/18/2006 4:48:03 AM Scuba Steve 1392 Sign of "Win32:Dialer-520 [Trj]" has been found in "http://www.impotato....p?m=1&b=779&c=5\[UPX]" file.
4/18/2006 4:43:58 AM Scuba Steve 1392 Sign of "Win32:Dialer-520 [Trj]" has been found in "http://www.impotato....p?m=1&b=779&c=3\[UPX]" file.
4/18/2006 4:43:02 AM Scuba Steve 1392 Sign of "Win32:Trojano-3295 [Trj]" has been found in "http://85.255.113.214/1/gdnUS2339.exe\[Yoda]" file.
4/18/2006 4:42:01 AM Scuba Steve 1392 Sign of "Win32:Zlob-BM [Trj]" has been found in "C:\WINDOWS\system32\mssearchnet.exe\[Upack]" file.
4/18/2006 4:41:51 AM Scuba Steve 1392 Sign of "Win32:Dialer-520 [Trj]" has been found in "http://www.impotato....p?m=1&b=779&c=2\[UPX]" file.
4/18/2006 4:41:48 AM Scuba Steve 1392 Sign of "Win32:Zlob-BN [Trj]" has been found in "C:\WINDOWS\system32\nvctrl.exe\[Upack]" file.
4/18/2006 4:38:02 AM SYSTEM 1528 Sign of "Win32:PurityScan-N [Trj]" has been found in "C:\DOCUME~1\SCUBAS~1\LOCALS~1\Temp\mshtml3.exe\[UPX]" file.
4/18/2006 4:37:35 AM SYSTEM 1528 Sign of "Win32:Trojan-gen. {Other}" has been found in "C:\Documents and Settings\Scuba Steve\Local Settings\Temporary Internet Files\Content.IE5\P099VJY2\winz32[1].exe" file.
4/18/2006 4:37:31 AM SYSTEM 1528 Sign of "Win32:Trojan-gen. {Other}" has been found in "http://contents.exet....php?m=1&b=779" file.
4/18/2006 4:37:14 AM SYSTEM 1528 Sign of "Win32:Dialer-520 [Trj]" has been found in "http://www.impotato....x.php?m=1&b=779\[UPX]" file.
4/18/2006 4:36:59 AM SYSTEM 1528 Sign of "Win32:Dialer-521 [Trj]" has been found in "http://impotato.com/...446262&v=17&I=0\[UPX]" file.

-----

Also I noticed something called "HIJACKTHIS" & downloaded it & ran it, hopefully I ran it right, but here is the log for that:

Logfile of HijackThis v1.99.1
Scan saved at 5:56:45 AM, on 4/19/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\HJT\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....://www.dell.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: GoogleAFE - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/s...nfo/webscan.cab
O16 - DPF: {FC0A65F2-8DFF-4F0F-B411-D4A50311628D} (XMRADIO.XM_SystemProfiler) - http://xmro.xmradio..../xmprofiler.CAB
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WBSrv - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll
O20 - Winlogon Notify: winzwr32 - C:\WINDOWS\SYSTEM32\winzwr32.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: LiveShare P2P Server (RoxLiveShare) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe
O23 - Service: RoxMediaDB - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
O23 - Service: RoxUpnpRenderer (RoxUPnPRenderer) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCom\RoxUpnpRenderer.exe
O23 - Service: RoxUpnpServer - Sonic Solutions - C:\Program Files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe
O23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
  • 0

Advertisements

#2
Flrman1
Posted 19 April 2006 - 08:08 AM

Flrman1

    Malware Assassin

  • Retired Staff
  • 6,596 posts
Hi Stevvvvvvve

Welcome to G2G! :whistling:

* Download the trial version of Ewido Security Suite here.
  • Install ewido.
  • During the installation, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
  • Launch ewido
  • It will prompt you to update click the OK button and it will go to the main screen
  • On the left side of the main screen click update
  • Click on Start and let it update.
  • If you cannot download the updates, update manuallly according to the directions here.
  • DO NOT run a scan yet. You will do that later in safe mode.
* Click here for info on how to boot to safe mode if you don't already know how.


* Now copy these instructions to notepad and save them to your desktop. You will need them to refer to in safe mode.


* Restart your computer into safe mode now. Perform the following steps in safe mode:


* Run Ewido:
  • Click on scanner
  • Click Complete System Scan and the scan will begin.
  • During the scan it will prompt you to clean files, click OK
  • When the scan is finished, look at the bottom of the screen and click the Save report button.
  • Save the report to your desktop

* Restart back into Windows normally now.


* Come back here and post a new HijackThis log, as well as the log from the Ewido scan.
  • 0

#3
Stevvvvvvve
Posted 19 April 2006 - 12:29 PM

Stevvvvvvve

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 2:24:26 PM, 4/19/2006
+ Report-Checksum: 93273A36

+ Scan result:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MediaTickets -> Adware.PurityScan : Cleaned with backup
:mozilla.16:C:\Documents and Settings\KT\Application Data\Mozilla\Firefox\Profiles\eay22mu2.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.17:C:\Documents and Settings\KT\Application Data\Mozilla\Firefox\Profiles\eay22mu2.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.18:C:\Documents and Settings\KT\Application Data\Mozilla\Firefox\Profiles\eay22mu2.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.19:C:\Documents and Settings\KT\Application Data\Mozilla\Firefox\Profiles\eay22mu2.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.20:C:\Documents and Settings\KT\Application Data\Mozilla\Firefox\Profiles\eay22mu2.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.21:C:\Documents and Settings\KT\Application Data\Mozilla\Firefox\Profiles\eay22mu2.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.44:C:\Documents and Settings\KT\Application Data\Mozilla\Firefox\Profiles\eay22mu2.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.45:C:\Documents and Settings\KT\Application Data\Mozilla\Firefox\Profiles\eay22mu2.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.46:C:\Documents and Settings\KT\Application Data\Mozilla\Firefox\Profiles\eay22mu2.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.47:C:\Documents and Settings\KT\Application Data\Mozilla\Firefox\Profiles\eay22mu2.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.48:C:\Documents and Settings\KT\Application Data\Mozilla\Firefox\Profiles\eay22mu2.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.49:C:\Documents and Settings\KT\Application Data\Mozilla\Firefox\Profiles\eay22mu2.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.50:C:\Documents and Settings\KT\Application Data\Mozilla\Firefox\Profiles\eay22mu2.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.51:C:\Documents and Settings\KT\Application Data\Mozilla\Firefox\Profiles\eay22mu2.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.53:C:\Documents and Settings\KT\Application Data\Mozilla\Firefox\Profiles\eay22mu2.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.54:C:\Documents and Settings\KT\Application Data\Mozilla\Firefox\Profiles\eay22mu2.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.55:C:\Documents and Settings\KT\Application Data\Mozilla\Firefox\Profiles\eay22mu2.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.56:C:\Documents and Settings\KT\Application Data\Mozilla\Firefox\Profiles\eay22mu2.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.57:C:\Documents and Settings\KT\Application Data\Mozilla\Firefox\Profiles\eay22mu2.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.58:C:\Documents and Settings\KT\Application Data\Mozilla\Firefox\Profiles\eay22mu2.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.59:C:\Documents and Settings\KT\Application Data\Mozilla\Firefox\Profiles\eay22mu2.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.61:C:\Documents and Settings\KT\Application Data\Mozilla\Firefox\Profiles\eay22mu2.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.62:C:\Documents and Settings\KT\Application Data\Mozilla\Firefox\Profiles\eay22mu2.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.69:C:\Documents and Settings\KT\Application Data\Mozilla\Firefox\Profiles\eay22mu2.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.79:C:\Documents and Settings\KT\Application Data\Mozilla\Firefox\Profiles\eay22mu2.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.80:C:\Documents and Settings\KT\Application Data\Mozilla\Firefox\Profiles\eay22mu2.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.81:C:\Documents and Settings\KT\Application Data\Mozilla\Firefox\Profiles\eay22mu2.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.82:C:\Documents and Settings\KT\Application Data\Mozilla\Firefox\Profiles\eay22mu2.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.83:C:\Documents and Settings\KT\Application Data\Mozilla\Firefox\Profiles\eay22mu2.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.90:C:\Documents and Settings\KT\Application Data\Mozilla\Firefox\Profiles\eay22mu2.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.91:C:\Documents and Settings\KT\Application Data\Mozilla\Firefox\Profiles\eay22mu2.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.92:C:\Documents and Settings\KT\Application Data\Mozilla\Firefox\Profiles\eay22mu2.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.93:C:\Documents and Settings\KT\Application Data\Mozilla\Firefox\Profiles\eay22mu2.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.94:C:\Documents and Settings\KT\Application Data\Mozilla\Firefox\Profiles\eay22mu2.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.95:C:\Documents and Settings\KT\Application Data\Mozilla\Firefox\Profiles\eay22mu2.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.96:C:\Documents and Settings\KT\Application Data\Mozilla\Firefox\Profiles\eay22mu2.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.97:C:\Documents and Settings\KT\Application Data\Mozilla\Firefox\Profiles\eay22mu2.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.98:C:\Documents and Settings\KT\Application Data\Mozilla\Firefox\Profiles\eay22mu2.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.114:C:\Documents and Settings\KT\Application Data\Mozilla\Firefox\Profiles\eay22mu2.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.115:C:\Documents and Settings\KT\Application Data\Mozilla\Firefox\Profiles\eay22mu2.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.117:C:\Documents and Settings\KT\Application Data\Mozilla\Firefox\Profiles\eay22mu2.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.118:C:\Documents and Settings\KT\Application Data\Mozilla\Firefox\Profiles\eay22mu2.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.119:C:\Documents and Settings\KT\Application Data\Mozilla\Firefox\Profiles\eay22mu2.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.120:C:\Documents and Settings\KT\Application Data\Mozilla\Firefox\Profiles\eay22mu2.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.121:C:\Documents and Settings\KT\Application Data\Mozilla\Firefox\Profiles\eay22mu2.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.122:C:\Documents and Settings\KT\Application Data\Mozilla\Firefox\Profiles\eay22mu2.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.123:C:\Documents and Settings\KT\Application Data\Mozilla\Firefox\Profiles\eay22mu2.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.124:C:\Documents and Settings\KT\Application Data\Mozilla\Firefox\Profiles\eay22mu2.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.125:C:\Documents and Settings\KT\Application Data\Mozilla\Firefox\Profiles\eay22mu2.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.126:C:\Documents and Settings\KT\Application Data\Mozilla\Firefox\Profiles\eay22mu2.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.127:C:\Documents and Settings\KT\Application Data\Mozilla\Firefox\Profiles\eay22mu2.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.128:C:\Documents and Settings\KT\Application Data\Mozilla\Firefox\Profiles\eay22mu2.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.129:C:\Documents and Settings\KT\Application Data\Mozilla\Firefox\Profiles\eay22mu2.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.130:C:\Documents and Settings\KT\Application Data\Mozilla\Firefox\Profiles\eay22mu2.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.131:C:\Documents and Settings\KT\Application Data\Mozilla\Firefox\Profiles\eay22mu2.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.132:C:\Documents and Settings\KT\Application Data\Mozilla\Firefox\Profiles\eay22mu2.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.133:C:\Documents and Settings\KT\Application Data\Mozilla\Firefox\Profiles\eay22mu2.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.134:C:\Documents and Settings\KT\Application Data\Mozilla\Firefox\Profiles\eay22mu2.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.135:C:\Documents and Settings\KT\Application Data\Mozilla\Firefox\Profiles\eay22mu2.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.136:C:\Documents and Settings\KT\Application Data\Mozilla\Firefox\Profiles\eay22mu2.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.137:C:\Documents and Settings\KT\Application Data\Mozilla\Firefox\Profiles\eay22mu2.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.138:C:\Documents and Settings\KT\Application Data\Mozilla\Firefox\Profiles\eay22mu2.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.141:C:\Documents and Settings\KT\Application Data\Mozilla\Firefox\Profiles\eay22mu2.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.143:C:\Documents and Settings\KT\Application Data\Mozilla\Firefox\Profiles\eay22mu2.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.146:C:\Documents and Settings\KT\Application Data\Mozilla\Firefox\Profiles\eay22mu2.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.147:C:\Documents and Settings\KT\Application Data\Mozilla\Firefox\Profiles\eay22mu2.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.148:C:\Documents and Settings\KT\Application Data\Mozilla\Firefox\Profiles\eay22mu2.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.149:C:\Documents and Settings\KT\Application Data\Mozilla\Firefox\Profiles\eay22mu2.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.150:C:\Documents and Settings\KT\Application Data\Mozilla\Firefox\Profiles\eay22mu2.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.168:C:\Documents and Settings\KT\Application Data\Mozilla\Firefox\Profiles\eay22mu2.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.169:C:\Documents and Settings\KT\Application Data\Mozilla\Firefox\Profiles\eay22mu2.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.170:C:\Documents and Settings\KT\Application Data\Mozilla\Firefox\Profiles\eay22mu2.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.171:C:\Documents and Settings\KT\Application Data\Mozilla\Firefox\Profiles\eay22mu2.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.172:C:\Documents and Settings\KT\Application Data\Mozilla\Firefox\Profiles\eay22mu2.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.173:C:\Documents and Settings\KT\Application Data\Mozilla\Firefox\Profiles\eay22mu2.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.174:C:\Documents and Settings\KT\Application Data\Mozilla\Firefox\Profiles\eay22mu2.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.175:C:\Documents and Settings\KT\Application Data\Mozilla\Firefox\Profiles\eay22mu2.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.181:C:\Documents and Settings\KT\Application Data\Mozilla\Firefox\Profiles\eay22mu2.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.182:C:\Documents and Settings\KT\Application Data\Mozilla\Firefox\Profiles\eay22mu2.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.183:C:\Documents and Settings\KT\Application Data\Mozilla\Firefox\Profiles\eay22mu2.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.184:C:\Documents and Settings\KT\Application Data\Mozilla\Firefox\Profiles\eay22mu2.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.188:C:\Documents and Settings\KT\Application Data\Mozilla\Firefox\Profiles\eay22mu2.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.189:C:\Documents and Settings\KT\Application Data\Mozilla\Firefox\Profiles\eay22mu2.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.193:C:\Documents and Settings\KT\Application Data\Mozilla\Firefox\Profiles\eay22mu2.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.194:C:\Documents and Settings\KT\Application Data\Mozilla\Firefox\Profiles\eay22mu2.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.195:C:\Documents and Settings\KT\Application Data\Mozilla\Firefox\Profiles\eay22mu2.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.196:C:\Documents and Settings\KT\Application Data\Mozilla\Firefox\Profiles\eay22mu2.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.197:C:\Documents and Settings\KT\Application Data\Mozilla\Firefox\Profiles\eay22mu2.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.198:C:\Documents and Settings\KT\Application Data\Mozilla\Firefox\Profiles\eay22mu2.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.199:C:\Documents and Settings\KT\Application Data\Mozilla\Firefox\Profiles\eay22mu2.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.215:C:\Documents and Settings\KT\Application Data\Mozilla\Firefox\Profiles\eay22mu2.default\cookies.txt -> TrackingCookie.Coremetrics : Cleaned with backup
:mozilla.219:C:\Documents and Settings\KT\Application Data\Mozilla\Firefox\Profiles\eay22mu2.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.220:C:\Documents and Settings\KT\Application Data\Mozilla\Firefox\Profiles\eay22mu2.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.221:C:\Documents and Settings\KT\Application Data\Mozilla\Firefox\Profiles\eay22mu2.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.222:C:\Documents and Settings\KT\Application Data\Mozilla\Firefox\Profiles\eay22mu2.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.223:C:\Documents and Settings\KT\Application Data\Mozilla\Firefox\Profiles\eay22mu2.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.224:C:\Documents and Settings\KT\Application Data\Mozilla\Firefox\Profiles\eay22mu2.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.225:C:\Documents and Settings\KT\Application Data\Mozilla\Firefox\Profiles\eay22mu2.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.226:C:\Documents and Settings\KT\Application Data\Mozilla\Firefox\Profiles\eay22mu2.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.234:C:\Documents and Settings\KT\Application Data\Mozilla\Firefox\Profiles\eay22mu2.default\cookies.txt -> TrackingCookie.Coremetrics : Cleaned with backup
:mozilla.244:C:\Documents and Settings\KT\Application Data\Mozilla\Firefox\Profiles\eay22mu2.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.245:C:\Documents and Settings\KT\Application Data\Mozilla\Firefox\Profiles\eay22mu2.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.246:C:\Documents and Settings\KT\Application Data\Mozilla\Firefox\Profiles\eay22mu2.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.247:C:\Documents and Settings\KT\Application Data\Mozilla\Firefox\Profiles\eay22mu2.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.250:C:\Documents and Settings\KT\Application Data\Mozilla\Firefox\Profiles\eay22mu2.default\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup
:mozilla.251:C:\Documents and Settings\KT\Application Data\Mozilla\Firefox\Profiles\eay22mu2.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.260:C:\Documents and Settings\KT\Application Data\Mozilla\Firefox\Profiles\eay22mu2.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned with backup
:mozilla.262:C:\Documents and Settings\KT\Application Data\Mozilla\Firefox\Profiles\eay22mu2.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.263:C:\Documents and Settings\KT\Application Data\Mozilla\Firefox\Profiles\eay22mu2.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.264:C:\Documents and Settings\KT\Application Data\Mozilla\Firefox\Profiles\eay22mu2.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.265:C:\Documents and Settings\KT\Application Data\Mozilla\Firefox\Profiles\eay22mu2.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.266:C:\Documents and Settings\KT\Application Data\Mozilla\Firefox\Profiles\eay22mu2.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.267:C:\Documents and Settings\KT\Application Data\Mozilla\Firefox\Profiles\eay22mu2.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.268:C:\Documents and Settings\KT\Application Data\Mozilla\Firefox\Profiles\eay22mu2.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.278:C:\Documents and Settings\KT\Application Data\Mozilla\Firefox\Profiles\eay22mu2.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.279:C:\Documents and Settings\KT\Application Data\Mozilla\Firefox\Profiles\eay22mu2.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.280:C:\Documents and Settings\KT\Application Data\Mozilla\Firefox\Profiles\eay22mu2.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.281:C:\Documents and Settings\KT\Application Data\Mozilla\Firefox\Profiles\eay22mu2.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.284:C:\Documents and Settings\KT\Application Data\Mozilla\Firefox\Profiles\eay22mu2.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.285:C:\Documents and Settings\KT\Application Data\Mozilla\Firefox\Profiles\eay22mu2.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.286:C:\Documents and Settings\KT\Application Data\Mozilla\Firefox\Profiles\eay22mu2.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
:mozilla.287:C:\Documents and Settings\KT\Application Data\Mozilla\Firefox\Profiles\eay22mu2.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.288:C:\Documents and Settings\KT\Application Data\Mozilla\Firefox\Profiles\eay22mu2.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.296:C:\Documents and Settings\KT\Application Data\Mozilla\Firefox\Profiles\eay22mu2.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup
:mozilla.314:C:\Documents and Settings\KT\Application Data\Mozilla\Firefox\Profiles\eay22mu2.default\cookies.txt -> TrackingCookie.Addynamix : Cleaned with backup
:mozilla.315:C:\Documents and Settings\KT\Application Data\Mozilla\Firefox\Profiles\eay22mu2.default\cookies.txt -> TrackingCookie.Addynamix : Cleaned with backup
:mozilla.317:C:\Documents and Settings\KT\Application Data\Mozilla\Firefox\Profiles\eay22mu2.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup
:mozilla.318:C:\Documents and Settings\KT\Application Data\Mozilla\Firefox\Profiles\eay22mu2.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup
:mozilla.344:C:\Documents and Settings\KT\Application Data\Mozilla\Firefox\Profiles\eay22mu2.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup
:mozilla.345:C:\Documents and Settings\KT\Application Data\Mozilla\Firefox\Profiles\eay22mu2.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup
:mozilla.367:C:\Documents and Settings\KT\Application Data\Mozilla\Firefox\Profiles\eay22mu2.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.376:C:\Documents and Settings\KT\Application Data\Mozilla\Firefox\Profiles\eay22mu2.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned with backup
:mozilla.377:C:\Documents and Settings\KT\Application Data\Mozilla\Firefox\Profiles\eay22mu2.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned with backup
:mozilla.378:C:\Documents and Settings\KT\Application Data\Mozilla\Firefox\Profiles\eay22mu2.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned with backup
:mozilla.379:C:\Documents and Settings\KT\Application Data\Mozilla\Firefox\Profiles\eay22mu2.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned with backup
:mozilla.401:C:\Documents and Settings\KT\Application Data\Mozilla\Firefox\Profiles\eay22mu2.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup
:mozilla.402:C:\Documents and Settings\KT\Application Data\Mozilla\Firefox\Profiles\eay22mu2.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.417:C:\Documents and Settings\KT\Application Data\Mozilla\Firefox\Profiles\eay22mu2.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned with backup
:mozilla.418:C:\Documents and Settings\KT\Application Data\Mozilla\Firefox\Profiles\eay22mu2.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned with backup
:mozilla.427:C:\Documents and Settings\KT\Application Data\Mozilla\Firefox\Profiles\eay22mu2.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.13:C:\Documents and Settings\Scuba Steve\Application Data\Mozilla\Firefox\Profiles\ldi5wa62.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.19:C:\Documents and Settings\Scuba Steve\Application Data\Mozilla\Firefox\Profiles\ldi5wa62.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.20:C:\Documents and Settings\Scuba Steve\Application Data\Mozilla\Firefox\Profiles\ldi5wa62.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.22:C:\Documents and Settings\Scuba Steve\Application Data\Mozilla\Firefox\Profiles\ldi5wa62.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.23:C:\Documents and Settings\Scuba Steve\Application Data\Mozilla\Firefox\Profiles\ldi5wa62.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.24:C:\Documents and Settings\Scuba Steve\Application Data\Mozilla\Firefox\Profiles\ldi5wa62.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.26:C:\Documents and Settings\Scuba Steve\Application Data\Mozilla\Firefox\Profiles\ldi5wa62.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
C:\Program Files\DIGStream\digstream.exe -> Not-A-Virus.Downloader.Win32.DigStream : Cleaned with backup
C:\WINDOWS\mtuninst.exe -> Adware.MediaTickets : Cleaned with backup
C:\WINDOWS\system32\1024\ld3D4D.tmp -> Not-A-Virus.Hoax.Win32.Renos.cc : Cleaned with backup
C:\WINDOWS\system32\ld5B96.tmp -> Downloader.Zlob.ju : Cleaned with backup
C:\WINDOWS\system32\oins.exe -> Downloader.PurityScan.bt : Cleaned with backup
C:\WINDOWS\system32\winzwr32.dll.delete -> Trojan.Agent.qt : Cleaned with backup


::Report End

-----

Logfile of HijackThis v1.99.1
Scan saved at 2:27:40 PM, on 4/19/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Rainlendar\Rainlendar.exe
C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HJT\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....://www.dell.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: GoogleAFE - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
O4 - Startup: Rainlendar.lnk = C:\Program Files\Rainlendar\Rainlendar.exe
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/s...nfo/webscan.cab
O16 - DPF: {FC0A65F2-8DFF-4F0F-B411-D4A50311628D} (XMRADIO.XM_SystemProfiler) - http://xmro.xmradio..../xmprofiler.CAB
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WBSrv - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll
O20 - Winlogon Notify: winzwr32 - winzwr32.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: LiveShare P2P Server (RoxLiveShare) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe
O23 - Service: RoxMediaDB - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
O23 - Service: RoxUpnpRenderer (RoxUPnPRenderer) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCom\RoxUpnpRenderer.exe
O23 - Service: RoxUpnpServer - Sonic Solutions - C:\Program Files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe
O23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
  • 0

#4
Stevvvvvvve
Posted 19 April 2006 - 01:00 PM

Stevvvvvvve

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Here's a log from an Adware scan I ran also. I thought I had gotten rid of that Spywarequake junk but evidentally not.

ArchiveData(auto-quarantine- 2006-04-19 14-56-31.bckp)
Referencefile : SE1R104 18.04.2006
======================================================

SPYWAREQUAKE
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[0]=Regkey : clsid\{5b55c4e3-c179-ba0b-b4fd-f2db862d6202}
obj[1]=Folder : C:\Program Files\SpywareQuake.com
  • 0

#5
Flrman1
Posted 19 April 2006 - 06:01 PM

Flrman1

    Malware Assassin

  • Retired Staff
  • 6,596 posts
* Run Hijack This again and put a check by this entry. Close ALL windows except HijackThis and click "Fix checked"

O20 - Winlogon Notify: winzwr32 - winzwr32.dll (file missing)


* Restart your computer.


* Run ActiveScan online virus scan here

When the scan is finished, click on the "Save Report" button an save the results of the scan to your desktop.

Post a new HiJackThis log along with the results from ActiveScan
  • 0

#6
Stevvvvvvve
Posted 19 April 2006 - 06:24 PM

Stevvvvvvve

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
I went to the site you said for the scan & while I was installing the ACTIVEX my AVAST popped up. Here is the log entry:

4/19/2006 8:22:43 PM SYSTEM 416 Sign of "Win32:CTX" has been found in "http://acs.pandasoftware.com/activescan/as5free/motor.cab\pskavs.DLL" file.

I aborted the connection.
  • 0

#7
Flrman1
Posted 19 April 2006 - 06:52 PM

Flrman1

    Malware Assassin

  • Retired Staff
  • 6,596 posts
That is a false positve by Avast. I would have though they would have fixed that by now. Run this one:

* Run Kaspersky online virus scan here.

After the updates have downloaded, click on the "Scan Settings" button.
Choose the "Extended database" for the scan.
Under "Please select a target to scan", click "My Computer".
When the scan is finished, Save the results from the scan!

Post a new HiJackThis log along with the results from Kaspersky scan
  • 0

#8
Stevvvvvvve
Posted 20 April 2006 - 06:24 AM

Stevvvvvvve

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
For some reason on the on-line scan it said that it skipped the 5 files for some odd reason.

-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Thursday, April 20, 2006 8:19:59 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.78.0
Kaspersky Anti-Virus database last update: 20/04/2006
Kaspersky Anti-Virus database records: 189070
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
F:\

Scan Statistics:
Total number of scanned objects: 82425
Number of viruses found: 5
Number of infected objects: 5
Number of suspicious objects: 0
Duration of the scan process: 00:46:52

Infected Object Name / Virus Name / Last Action
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP107\A0014658.exe Infected: not-a-virus:Downloader.Win32.DigStream skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP107\A0014659.exe Infected: not-a-virus:AdWare.Win32.MediaTickets.u skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP107\A0014660.exe Infected: Trojan-Downloader.Win32.PurityScan.bt skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP89\A0013006.dll Infected: not-virus:Hoax.Win32.Renos.cc skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP99\A0014246.dll Infected: Trojan.Win32.Agent.qt skipped

Scan process completed.

-----

Logfile of HijackThis v1.99.1
Scan saved at 8:23:24 AM, on 4/20/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\HJT\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....://www.dell.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: GoogleAFE - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/s...nfo/webscan.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {FC0A65F2-8DFF-4F0F-B411-D4A50311628D} (XMRADIO.XM_SystemProfiler) - http://xmro.xmradio..../xmprofiler.CAB
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WBSrv - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: LiveShare P2P Server (RoxLiveShare) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe
O23 - Service: RoxMediaDB - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
O23 - Service: RoxUpnpRenderer (RoxUPnPRenderer) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCom\RoxUpnpRenderer.exe
O23 - Service: RoxUpnpServer - Sonic Solutions - C:\Program Files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe
O23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
  • 0

#9
Flrman1
Posted 20 April 2006 - 07:23 PM

Flrman1

    Malware Assassin

  • Retired Staff
  • 6,596 posts
All those files the Kaspersky scan found are in System Restore. We will clear those by turning off System Restore after I am sure we have cleaned everything else.


How is you computer running now?


Open Hijack This and click on the "Open the Misc Tools section" button. Click on the "Open Uninstall Manager" button. Click the "Save List" button. Copy and paste that list here.
  • 0

#10
Stevvvvvvve
Posted 21 April 2006 - 07:18 AM

Stevvvvvvve

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
My PC seems to be running just fine. I haven't really been on the last day & a half very much but overall it seems fine. Here is the HJT log:

Acoustica CD/DVD Label Maker
Ad-Aware SE Personal
Adobe Acrobat - Reader 6.0.2 Update
Adobe Photoshop 7.0
Adobe Reader 6.0.1
Alchemy 1.2
AnyDVD
AOL Instant Messenger
AOLIcon
AstroPop Deluxe 1.0
Atomica Deluxe 2.52
avast! Antivirus
Azureus
Bejeweled Deluxe 1.861
Big Money Deluxe 1.22
BookWorm Deluxe 1.02
Cake Mania
Canon PIXMA iP6000D
CleanUp!
Codec Pack - All In 1 6.0.3.0
Conexant D850 56K V.9x DFVc Modem
Corel Paint Shop Pro X
Corel Photo Album 6
CursorXP
Dell Digital Jukebox Driver
Dell Driver Reset Tool
Dell Support 3.1
Digital Content Portal
Digital Line Detect
DVD Region+CSS Free 5.9.7.6
DVD Shrink 3.2
Dynomite Deluxe 2.71
EducateU
ELIcon
ESPNMotion
ewido anti-malware
GemMaster Mystic
Google AFE
Google Gmail Notifier
Google Toolbar for Internet Explorer
High Definition Audio Driver Package - KB835221
HijackThis 1.99.1
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows XP (KB888795)
Hotfix for Windows XP (KB891593)
Hotfix for Windows XP (KB895961)
Hotfix for Windows XP (KB899337)
Hotfix for Windows XP (KB899510)
Hotfix for Windows XP (KB902841)
Intel® Graphics Media Accelerator Driver
Intel® PRO Network Connections Drivers
Intel® PROSet for Wired Connections
iTunes
J2SE Runtime Environment 5.0 Update 3
J2SE Runtime Environment 5.0 Update 6
Java 2 Runtime Environment, SE v1.4.2_03
Kaspersky On-line Scanner
LimeWire PRO 4.10.5
LogonStudio
Macromedia Flash Player 8
MCU
Microsoft .NET Framework 1.0 Hotfix (KB887998)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
mIRC
Modem Helper
Mozilla Firefox (1.5.0.2)
Mummy Maze Deluxe 1.1
Nero 7 Ultra Edition
NetWaiting
NingPo MahJong Deluxe 1.04
Noah's Ark Deluxe 1.1
Otto
PowerDVD 5.5
QuickTime
Rainlendar (remove only)
Rocket Mania 1.01
Roxio Easy Media Creator 8 Suite
Sandlot Games Client Services
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Seven Seas Deluxe 1.13
Sonic Encoders
Sonic MyDVD LE
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
Spybot - Search & Destroy 1.4
TagScanner 4.9 build 492
TipTop Deluxe 1.1
TuneUp Utilities 2006
Typer Shark Deluxe 1.01
Ulead GIF Animator 5
Update for Windows Media Player 10 (KB910393)
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB910437)
Update Rollup 2 for Windows XP Media Center Edition 2005
Viewpoint Media Player
WebCyberCoach 3.2 Dell
WindowBlinds
Windows Defender
Windows Defender Signatures
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows Media Player 10
Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890927
Windows XP Media Center Edition 2005 KB908246
WinRAR archiver
WordPerfect Office 12
Yahoo! Widget Engine
Yahoo! Widget Engine
ZoneAlarm
Zuma Deluxe 1.0
  • 0

#11
Flrman1
Posted 21 April 2006 - 02:59 PM

Flrman1

    Malware Assassin

  • Retired Staff
  • 6,596 posts
* Go to Add/Remove programs and uninstall these:

J2SE Runtime Environment 5.0 Update 3
Java 2 Runtime Environment, SE v1.4.2_03
Viewpoint Media Player


* Check this out for info on how to tighten your security settings and some good free tools to help prevent this from happening again.


* Go to Windows update and install all "High Priority Updates".


* Now turn off System Restore:

On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

Restart your computer, turn System Restore back on and create a restore point.

To create a restore point:

Single-click Start and point to All Programs.
Mouse over Accessories, then System Tools, and select System Restore.
In the System Restore wizard, select the box next the text labeled "Create a restore point" and click the Next button.
Type a description for your new restore point. Something like "After trojan/spyware cleanup". Click Create and you're done.
  • 0

#12
Stevvvvvvve
Posted 21 April 2006 - 04:57 PM

Stevvvvvvve

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Ok all taken care of. Anymore logs you want me to post or anything like that?
  • 0

#13
Flrman1
Posted 21 April 2006 - 08:02 PM

Flrman1

    Malware Assassin

  • Retired Staff
  • 6,596 posts
That's it. :whistling:
  • 0

#14
Stevvvvvvve
Posted 22 April 2006 - 04:59 PM

Stevvvvvvve

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Sweet. Thanks a lot man!
  • 0

#15
Flrman1
Posted 04 May 2006 - 07:30 PM

Flrman1

    Malware Assassin

  • Retired Staff
  • 6,596 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :whistling:

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP