Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

vundo trojan, pop-ups galore!

Started by upinout , Dec 16 2006 12:00 PM

  • Please log in to reply

#1
upinout
Posted 16 December 2006 - 12:00 PM

upinout

    New Member

  • Member
  • Pip
  • 4 posts
I've been having a problem with vundo and pop-ups for about a week now.

I've run spybot, adaware and pest-patrol, all to no effect. Each time I reboot, the problems just come right back.

I've also used the Vundofix tool that is available for download. it finds 4 files each time, and I click "remove vundo" and then the system reboots, but the files are still there when I reboot.

Several times a day my anti-virus (norton) pops up all by it's self with a message that is has found and deleted the vudo virus. These messages usually come in groups of 3 back-to-back messages.

I've tried manually deleting files, but that seems to have no effect either. I've found a temporary fix for the pop-ups, which is selecting "manage add-ons" in "tools" on explorer and disabling several BHOs, but when I reboot the system, those files are of course re-enabled too.

I'm starting to think my only option is to format my hard drive and get a fresh start, at the loss of a couple hundred gigabytes of data I have saved. (I have a 400GB drive that is almost full)

I really would appreciate any help I can get at this point. Below is a log from hyjack this.

Logfile of HijackThis v1.99.1
Scan saved at 11:58:03 AM, on 12/16/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\WINDOWS\system32\clipboard.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Christopher\Desktop\VundoFix.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Christopher\Desktop\Hijack this\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [EPSON Stylus CX5200] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P19 "EPSON Stylus CX5200" /O6 "USB001" /M "Stylus CX5200"
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [CaISSDT] "C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe"
O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe"
O4 - HKLM\..\Run: [DllRunning] rundll32.exe "C:\WINDOWS\system32\pylbgoef.dll",setvm
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [clipboard.exe] C:\WINDOWS\system32\clipboard.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\tv\EXPLBAR.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe


If anyone can help me, you have my sincerest thanks!
  • 0

Advertisements

#2
MFDnSC
Posted 16 December 2006 - 01:23 PM

MFDnSC

    Banned

  • Banned
  • PipPipPipPip
  • 1,137 posts
Right click hijackthis.exe = rename it to G2G.exe (Some things hide from hijack)

Do not run vundo again

You may want to print this or save it to notepad as we will go to safe mode.

Fix these with HiJackThis – mark them, close IE, click fix checked

O4 - HKLM\..\Run: [DllRunning] rundll32.exe "C:\WINDOWS\system32\pylbgoef.dll",setvm

O4 - HKCU\..\Run: [clipboard.exe] C:\WINDOWS\system32\clipboard.exe

DownLoad http://www.downloads...org/KillBox.zip or
http://www.thespykil...les/killbox.exe

Restart your computer into safe mode now. (Tapping F8 at the first black screen) Perform the following steps in safe mode:

Double-click on Killbox.exe to run it. Now put a tick by Standard File Kill. In the "Full Path of File to Delete" box, copy and paste each of the following lines one at a time then click on the button that has the red circle with the X in the middle after you enter each file. It will ask for confimation to delete the file. Click Yes. Continue with that same procedure until you have copied and pasted all of these in the "Paste Full Path of File to Delete" box.

C:\WINDOWS\system32\pylbgoef.dll
C:\WINDOWS\system32\clipboard.exe

Note: It is possible that Killbox will tell you that one or more files do not exist. If that happens, just continue on with all the files. Be sure you don't miss any.

START – RUN – type in %temp% - OK - Edit – Select all – File – Delete

Delete everything in the C:\Windows\Temp folder or C:\WINNT\temp

Not all temp files will delete and that is normal
Empty the recycle bin
Boot

Download AVG Anti-Spyware from http://www.ewido.net/en/download/ and save that file to your desktop. Note: This is NOT the Anti Virus from AVG.

When the trial period expires it becomes feature-limited freeware but is still worth keeping as a good on-demand scanner.
1. Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double click it to launch the set up program.
2. Once the setup is complete you will need run AVG Anti-Spyware and update the definition files.
3. On the main screen select the icon "Update" then select the "Update now" link.
o Next select the "Start Update" button. The update will start and a progress bar will show the updates being installed.
4. Once the update has completed, select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
5. Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
6. Under "Reports"
o Select "Automatically generate report after every scan"
o Un-Select "Only if threats were found"
Close AVG Anti-Spyware. Do Not run a scan just yet, we will run it in safe mode.
1. Reboot your computer into Safe Mode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight Safe Mode then hit enter.

IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning as it may interfere with the scanning process:
2. Launch AVG Anti-Spyware by double clicking the icon on your desktop.
3. Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
4. AVG will now begin the scanning process. Please be patient as this may take a little time.
Once the scan is complete, do the following:
5. If you have any infections you will be prompted. Then select "Apply all actions."
6. Next select the "Reports" icon at the top.
7. Select the "Save report as" button in the lower lef- hand of the screen and save it to a text file on your system (make sure to remember where you saved that file. This is important).
8. Close AVG Anti-Spyware and reboot your system back into Normal Mode.
Post the log from AVG and a new HiJack log


Please give feedback on what worked/didn’t work and the current status of your system
  • 0

#3
upinout
Posted 16 December 2006 - 06:29 PM

upinout

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Thanks for the response..

However, before you had responded to my initial request, I had already downloaded AVG, booted to safe mode and did a full scan. Here are the results of that scan;

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 4:44:51 PM 12/16/2006

+ Scan result:



C:\VundoFix Backups\igeby54.dll.bad -> Adware.Zelda : Cleaned with backup (quarantined).
C:\WINDOWS\system32\abccd65.dll -> Adware.Zelda : Cleaned with backup (quarantined).
C:\WINDOWS\system32\hgeed24.dll -> Adware.Zelda : Cleaned with backup (quarantined).
C:\WINDOWS\system32\vspli41.dll -> Adware.Zelda : Cleaned with backup (quarantined).
C:\WINDOWS\system32\ytojg18.dll -> Adware.Zelda : Cleaned with backup (quarantined).
C:\WINDOWS\system32\dlsbk65.dll -> Downloader.ConHook.al : Cleaned with backup (quarantined).
C:\WINDOWS\system32\oerhw41.dll -> Downloader.ConHook.al : Cleaned with backup (quarantined).
C:\0.exe -> Downloader.Small.bwy : Cleaned with backup (quarantined).
:mozilla.10:F:\Old Hard Drive\Owner\Application Data\Mozilla\Firefox\Profiles\y55dtb9s.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.11:F:\Old Hard Drive\Owner\Application Data\Mozilla\Firefox\Profiles\y55dtb9s.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.12:F:\Old Hard Drive\Owner\Application Data\Mozilla\Firefox\Profiles\y55dtb9s.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.13:F:\Old Hard Drive\Owner\Application Data\Mozilla\Firefox\Profiles\y55dtb9s.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.14:F:\Old Hard Drive\Owner\Application Data\Mozilla\Firefox\Profiles\y55dtb9s.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.15:F:\Old Hard Drive\Owner\Application Data\Mozilla\Firefox\Profiles\y55dtb9s.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.16:F:\Old Hard Drive\Owner\Application Data\Mozilla\Firefox\Profiles\y55dtb9s.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.17:F:\Old Hard Drive\Owner\Application Data\Mozilla\Firefox\Profiles\y55dtb9s.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.18:F:\Old Hard Drive\Owner\Application Data\Mozilla\Firefox\Profiles\y55dtb9s.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.19:F:\Old Hard Drive\Owner\Application Data\Mozilla\Firefox\Profiles\y55dtb9s.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.20:F:\Old Hard Drive\Owner\Application Data\Mozilla\Firefox\Profiles\y55dtb9s.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.21:F:\Old Hard Drive\Owner\Application Data\Mozilla\Firefox\Profiles\y55dtb9s.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.22:F:\Old Hard Drive\Owner\Application Data\Mozilla\Firefox\Profiles\y55dtb9s.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.23:F:\Old Hard Drive\Owner\Application Data\Mozilla\Firefox\Profiles\y55dtb9s.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.24:F:\Old Hard Drive\Owner\Application Data\Mozilla\Firefox\Profiles\y55dtb9s.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.25:F:\Old Hard Drive\Owner\Application Data\Mozilla\Firefox\Profiles\y55dtb9s.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.26:F:\Old Hard Drive\Owner\Application Data\Mozilla\Firefox\Profiles\y55dtb9s.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.27:F:\Old Hard Drive\Owner\Application Data\Mozilla\Firefox\Profiles\y55dtb9s.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.28:F:\Old Hard Drive\Owner\Application Data\Mozilla\Firefox\Profiles\y55dtb9s.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.29:F:\Old Hard Drive\Owner\Application Data\Mozilla\Firefox\Profiles\y55dtb9s.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.30:F:\Old Hard Drive\Owner\Application Data\Mozilla\Firefox\Profiles\y55dtb9s.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.31:F:\Old Hard Drive\Owner\Application Data\Mozilla\Firefox\Profiles\y55dtb9s.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.32:F:\Old Hard Drive\Owner\Application Data\Mozilla\Firefox\Profiles\y55dtb9s.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.33:F:\Old Hard Drive\Owner\Application Data\Mozilla\Firefox\Profiles\y55dtb9s.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.34:F:\Old Hard Drive\Owner\Application Data\Mozilla\Firefox\Profiles\y55dtb9s.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.35:F:\Old Hard Drive\Owner\Application Data\Mozilla\Firefox\Profiles\y55dtb9s.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.36:F:\Old Hard Drive\Owner\Application Data\Mozilla\Firefox\Profiles\y55dtb9s.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.37:F:\Old Hard Drive\Owner\Application Data\Mozilla\Firefox\Profiles\y55dtb9s.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.38:F:\Old Hard Drive\Owner\Application Data\Mozilla\Firefox\Profiles\y55dtb9s.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.39:F:\Old Hard Drive\Owner\Application Data\Mozilla\Firefox\Profiles\y55dtb9s.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.40:F:\Old Hard Drive\Owner\Application Data\Mozilla\Firefox\Profiles\y55dtb9s.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.41:F:\Old Hard Drive\Owner\Application Data\Mozilla\Firefox\Profiles\y55dtb9s.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.429:F:\Old Hard Drive\Owner\Application Data\Mozilla\Firefox\Profiles\y55dtb9s.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.42:F:\Old Hard Drive\Owner\Application Data\Mozilla\Firefox\Profiles\y55dtb9s.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.43:F:\Old Hard Drive\Owner\Application Data\Mozilla\Firefox\Profiles\y55dtb9s.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.44:F:\Old Hard Drive\Owner\Application Data\Mozilla\Firefox\Profiles\y55dtb9s.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.45:F:\Old Hard Drive\Owner\Application Data\Mozilla\Firefox\Profiles\y55dtb9s.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.46:F:\Old Hard Drive\Owner\Application Data\Mozilla\Firefox\Profiles\y55dtb9s.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.47:F:\Old Hard Drive\Owner\Application Data\Mozilla\Firefox\Profiles\y55dtb9s.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.48:F:\Old Hard Drive\Owner\Application Data\Mozilla\Firefox\Profiles\y55dtb9s.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.49:F:\Old Hard Drive\Owner\Application Data\Mozilla\Firefox\Profiles\y55dtb9s.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.50:F:\Old Hard Drive\Owner\Application Data\Mozilla\Firefox\Profiles\y55dtb9s.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.51:F:\Old Hard Drive\Owner\Application Data\Mozilla\Firefox\Profiles\y55dtb9s.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.52:F:\Old Hard Drive\Owner\Application Data\Mozilla\Firefox\Profiles\y55dtb9s.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.53:F:\Old Hard Drive\Owner\Application Data\Mozilla\Firefox\Profiles\y55dtb9s.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.540:F:\Old Hard Drive\Owner\Application Data\Mozilla\Firefox\Profiles\y55dtb9s.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.54:F:\Old Hard Drive\Owner\Application Data\Mozilla\Firefox\Profiles\y55dtb9s.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.55:F:\Old Hard Drive\Owner\Application Data\Mozilla\Firefox\Profiles\y55dtb9s.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.564:F:\Old Hard Drive\Owner\Application Data\Mozilla\Firefox\Profiles\y55dtb9s.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.56:F:\Old Hard Drive\Owner\Application Data\Mozilla\Firefox\Profiles\y55dtb9s.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.57:F:\Old Hard Drive\Owner\Application Data\Mozilla\Firefox\Profiles\y55dtb9s.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.749:F:\Old Hard Drive\Owner\Application Data\Mozilla\Firefox\Profiles\y55dtb9s.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.802:F:\Old Hard Drive\Owner\Application Data\Mozilla\Firefox\Profiles\y55dtb9s.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.807:F:\Old Hard Drive\Owner\Application Data\Mozilla\Firefox\Profiles\y55dtb9s.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.906:F:\Old Hard Drive\Owner\Application Data\Mozilla\Firefox\Profiles\y55dtb9s.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
C:\RECYCLER\NPROTECT\00368268.TXT -> TrackingCookie.2o7 : Cleaned.
C:\RECYCLER\NPROTECT\00368455.TXT -> TrackingCookie.Adbrite : Cleaned.
:mozilla.104:F:\Old Hard Drive\Owner\Application Data\Mozilla\Firefox\Profiles\y55dtb9s.default\cookies.txt -> TrackingCookie.Admarketplace : Cleaned.
:mozilla.105:F:\Old Hard Drive\Owner\Application Data\Mozilla\Firefox\Profiles\y55dtb9s.default\cookies.txt -> TrackingCookie.Admarketplace : Cleaned.
:mozilla.99:F:\Old Hard Drive\Owner\Application Data\Mozilla\Firefox\Profiles\y55dtb9s.default\cookies.txt -> TrackingCookie.Admarketplace : Cleaned.
:mozilla.173:F:\Old Hard Drive\Owner\Application Data\Mozilla\Firefox\Profiles\y55dtb9s.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.710:F:\Old Hard Drive\Owner\Application Data\Mozilla\Firefox\Profiles\y55dtb9s.default\cookies.txt -> TrackingCookie.Clickhype : Cleaned.
:mozilla.405:F:\Old Hard Drive\Owner\Application Data\Mozilla\Firefox\Profiles\y55dtb9s.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.66:F:\Old Hard Drive\Owner\Application Data\Mozilla\Firefox\Profiles\y55dtb9s.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.67:F:\Old Hard Drive\Owner\Application Data\Mozilla\Firefox\Profiles\y55dtb9s.default\cookies.txt -> TrackingCookie.Com : Cleaned.
C:\RECYCLER\NPROTECT\00368259.TXT -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\Christopher\Cookies\christopher@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned.
C:\RECYCLER\NPROTECT\00368278.TXT -> TrackingCookie.Cpvfeed : Cleaned.
C:\RECYCLER\NPROTECT\00368472.TXT -> TrackingCookie.Cpvfeed : Cleaned.
C:\RECYCLER\NPROTECT\00368473.TXT -> TrackingCookie.Cpvfeed : Cleaned.
C:\RECYCLER\NPROTECT\00368474.TXT -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.73:F:\Old Hard Drive\Owner\Application Data\Mozilla\Firefox\Profiles\y55dtb9s.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.824:F:\Old Hard Drive\Owner\Application Data\Mozilla\Firefox\Profiles\y55dtb9s.default\cookies.txt -> TrackingCookie.Epilot : Cleaned.
:mozilla.142:F:\Old Hard Drive\Owner\Application Data\Mozilla\Firefox\Profiles\y55dtb9s.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.143:F:\Old Hard Drive\Owner\Application Data\Mozilla\Firefox\Profiles\y55dtb9s.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.144:F:\Old Hard Drive\Owner\Application Data\Mozilla\Firefox\Profiles\y55dtb9s.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.146:F:\Old Hard Drive\Owner\Application Data\Mozilla\Firefox\Profiles\y55dtb9s.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.147:F:\Old Hard Drive\Owner\Application Data\Mozilla\Firefox\Profiles\y55dtb9s.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.149:F:\Old Hard Drive\Owner\Application Data\Mozilla\Firefox\Profiles\y55dtb9s.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.163:F:\Old Hard Drive\Owner\Application Data\Mozilla\Firefox\Profiles\y55dtb9s.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.204:F:\Old Hard Drive\Owner\Application Data\Mozilla\Firefox\Profiles\y55dtb9s.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.205:F:\Old Hard Drive\Owner\Application Data\Mozilla\Firefox\Profiles\y55dtb9s.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.208:F:\Old Hard Drive\Owner\Application Data\Mozilla\Firefox\Profiles\y55dtb9s.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.255:F:\Old Hard Drive\Owner\Application Data\Mozilla\Firefox\Profiles\y55dtb9s.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.256:F:\Old Hard Drive\Owner\Application Data\Mozilla\Firefox\Profiles\y55dtb9s.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.314:F:\Old Hard Drive\Owner\Application Data\Mozilla\Firefox\Profiles\y55dtb9s.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.325:F:\Old Hard Drive\Owner\Application Data\Mozilla\Firefox\Profiles\y55dtb9s.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.326:F:\Old Hard Drive\Owner\Application Data\Mozilla\Firefox\Profiles\y55dtb9s.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.327:F:\Old Hard Drive\Owner\Application Data\Mozilla\Firefox\Profiles\y55dtb9s.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.342:F:\Old Hard Drive\Owner\Application Data\Mozilla\Firefox\Profiles\y55dtb9s.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.343:F:\Old Hard Drive\Owner\Application Data\Mozilla\Firefox\Profiles\y55dtb9s.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.344:F:\Old Hard Drive\Owner\Application Data\Mozilla\Firefox\Profiles\y55dtb9s.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.345:F:\Old Hard Drive\Owner\Application Data\Mozilla\Firefox\Profiles\y55dtb9s.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.346:F:\Old Hard Drive\Owner\Application Data\Mozilla\Firefox\Profiles\y55dtb9s.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.371:F:\Old Hard Drive\Owner\Application Data\Mozilla\Firefox\Profiles\y55dtb9s.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.372:F:\Old Hard Drive\Owner\Application Data\Mozilla\Firefox\Profiles\y55dtb9s.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.373:F:\Old Hard Drive\Owner\Application Data\Mozilla\Firefox\Profiles\y55dtb9s.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.374:F:\Old Hard Drive\Owner\Application Data\Mozilla\Firefox\Profiles\y55dtb9s.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.375:F:\Old Hard Drive\Owner\Application Data\Mozilla\Firefox\Profiles\y55dtb9s.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.376:F:\Old Hard Drive\Owner\Application Data\Mozilla\Firefox\Profiles\y55dtb9s.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.377:F:\Old Hard Drive\Owner\Application Data\Mozilla\Firefox\Profiles\y55dtb9s.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.378:F:\Old Hard Drive\Owner\Application Data\Mozilla\Firefox\Profiles\y55dtb9s.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.379:F:\Old Hard Drive\Owner\Application Data\Mozilla\Firefox\Profiles\y55dtb9s.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.410:F:\Old Hard Drive\Owner\Application Data\Mozilla\Firefox\Profiles\y55dtb9s.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.411:F:\Old Hard Drive\Owner\Application Data\Mozilla\Firefox\Profiles\y55dtb9s.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.412:F:\Old Hard Drive\Owner\Application Data\Mozilla\Firefox\Profiles\y55dtb9s.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.413:F:\Old Hard Drive\Owner\Application Data\Mozilla\Firefox\Profiles\y55dtb9s.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.425:F:\Old Hard Drive\Owner\Application Data\Mozilla\Firefox\Profiles\y55dtb9s.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.426:F:\Old Hard Drive\Owner\Application Data\Mozilla\Firefox\Profiles\y55dtb9s.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.470:F:\Old Hard Drive\Owner\Application Data\Mozilla\Firefox\Profiles\y55dtb9s.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.471:F:\Old Hard Drive\Owner\Application Data\Mozilla\Firefox\Profiles\y55dtb9s.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.472:F:\Old Hard Drive\Owner\Application Data\Mozilla\Firefox\Profiles\y55dtb9s.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.483:F:\Old Hard Drive\Owner\Application Data\Mozilla\Firefox\Profiles\y55dtb9s.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.484:F:\Old Hard Drive\Owner\Application Data\Mozilla\Firefox\Profiles\y55dtb9s.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.485:F:\Old Hard Drive\Owner\Application Data\Mozilla\Firefox\Profiles\y55dtb9s.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.486:F:\Old Hard Drive\Owner\Application Data\Mozilla\Firefox\Profiles\y55dtb9s.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.488:F:\Old Hard Drive\Owner\Application Data\Mozilla\Firefox\Profiles\y55dtb9s.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.533:F:\Old Hard Drive\Owner\Application Data\Mozilla\Firefox\Profiles\y55dtb9s.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.582:F:\Old Hard Drive\Owner\Application Data\Mozilla\Firefox\Profiles\y55dtb9s.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.583:F:\Old Hard Drive\Owner\Application Data\Mozilla\Firefox\Profiles\y55dtb9s.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.584:F:\Old Hard Drive\Owner\Application Data\Mozilla\Firefox\Profiles\y55dtb9s.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.585:F:\Old Hard Drive\Owner\Application Data\Mozilla\Firefox\Profiles\y55dtb9s.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.586:F:\Old Hard Drive\Owner\Application Data\Mozilla\Firefox\Profiles\y55dtb9s.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.587:F:\Old Hard Drive\Owner\Application Data\Mozilla\Firefox\Profiles\y55dtb9s.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.588:F:\Old Hard Drive\Owner\Application Data\Mozilla\Firefox\Profiles\y55dtb9s.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.606:F:\Old Hard Drive\Owner\Application Data\Mozilla\Firefox\Profiles\y55dtb9s.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.607:F:\Old Hard Drive\Owner\Application Data\Mozilla\Firefox\Profiles\y55dtb9s.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.608:F:\Old Hard Drive\Owner\Application Data\Mozilla\Firefox\Profiles\y55dtb9s.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.609:F:\Old Hard Drive\Owner\Application Data\Mozilla\Firefox\Profiles\y55dtb9s.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.619:F:\Old Hard Drive\Owner\Application Data\Mozilla\Firefox\Profiles\y55dtb9s.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.620:F:\Old Hard Drive\Owner\Application Data\Mozilla\Firefox\Profiles\y55dtb9s.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.621:F:\Old Hard Drive\Owner\Application Data\Mozilla\Firefox\Profiles\y55dtb9s.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.622:F:\Old Hard Drive\Owner\Application Data\Mozilla\Firefox\Profiles\y55dtb9s.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.635:F:\Old Hard Drive\Owner\Application Data\Mozilla\Firefox\Profiles\y55dtb9s.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.636:F:\Old Hard Drive\Owner\Application Data\Mozilla\Firefox\Profiles\y55dtb9s.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.637:F:\Old Hard Drive\Owner\Application Data\Mozilla\Firefox\Profiles\y55dtb9s.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.658:F:\Old Hard Drive\Owner\Application Data\Mozilla\Firefox\Profiles\y55dtb9s.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.659:F:\Old Hard Drive\Owner\Application Data\Mozilla\Firefox\Profiles\y55dtb9s.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.660:F:\Old Hard Drive\Owner\Application Data\Mozilla\Firefox\Profiles\y55dtb9s.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.661:F:\Old Hard Drive\Owner\Application Data\Mozilla\Firefox\Profiles\y55dtb9s.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.662:F:\Old Hard Drive\Owner\Application Data\Mozilla\Firefox\Profiles\y55dtb9s.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.663:F:\Old Hard Drive\Owner\Application Data\Mozilla\Firefox\Profiles\y55dtb9s.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.683:F:\Old Hard Drive\Owner\Application Data\Mozilla\Firefox\Profiles\y55dtb9s.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.684:F:\Old Hard Drive\Owner\Application Data\Mozilla\Firefox\Profiles\y55dtb9s.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.685:F:\Old Hard Drive\Owner\Application Data\Mozilla\Firefox\Profiles\y55dtb9s.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.686:F:\Old Hard Drive\Owner\Application Data\Mozilla\Firefox\Profiles\y55dtb9s.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.687:F:\Old Hard Drive\Owner\Application Data\Mozilla\Firefox\Profiles\y55dtb9s.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.688:F:\Old Hard Drive\Owner\Application Data\Mozilla\Firefox\Profiles\y55dtb9s.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.775:F:\Old Hard Drive\Owner\Application Data\Mozilla\Firefox\Profiles\y55dtb9s.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.776:F:\Old Hard Drive\Owner\Application Data\Mozilla\Firefox\Profiles\y55dtb9s.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.789:F:\Old Hard Drive\Owner\Application Data\Mozilla\Firefox\Profiles\y55dtb9s.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.882:F:\Old Hard Drive\Owner\Application Data\Mozilla\Firefox\Profiles\y55dtb9s.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.883:F:\Old Hard Drive\Owner\Application Data\Mozilla\Firefox\Profiles\y55dtb9s.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.884:F:\Old Hard Drive\Owner\Application Data\Mozilla\Firefox\Profiles\y55dtb9s.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.885:F:\Old Hard Drive\Owner\Application Data\Mozilla\Firefox\Profiles\y55dtb9s.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.886:F:\Old Hard Drive\Owner\Application Data\Mozilla\Firefox\Profiles\y55dtb9s.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.887:F:\Old Hard Drive\Owner\Application Data\Mozilla\Firefox\Profiles\y55dtb9s.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.888:F:\Old Hard Drive\Owner\Application Data\Mozilla\Firefox\Profiles\y55dtb9s.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.889:F:\Old Hard Drive\Owner\Application Data\Mozilla\Firefox\Profiles\y55dtb9s.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.971:F:\Old Hard Drive\Owner\Application Data\Mozilla\Firefox\Profiles\y55dtb9s.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
C:\RECYCLER\NPROTECT\00368300.TXT -> TrackingCookie.Esomniture : Cleaned.
:mozilla.89:F:\Old Hard Drive\Owner\Application Data\Mozilla\Firefox\Profiles\y55dtb9s.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.90:F:\Old Hard Drive\Owner\Application Data\Mozilla\Firefox\Profiles\y55dtb9s.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.91:F:\Old Hard Drive\Owner\Application Data\Mozilla\Firefox\Profiles\y55dtb9s.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.92:F:\Old Hard Drive\Owner\Application Data\Mozilla\Firefox\Profiles\y55dtb9s.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.93:F:\Old Hard Drive\Owner\Application Data\Mozilla\Firefox\Profiles\y55dtb9s.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
C:\Documents and Settings\Christopher\Cookies\[email protected][1].txt -> TrackingCookie.Falkag : Cleaned.
C:\Documents and Settings\Christopher\Cookies\[email protected][2].txt -> TrackingCookie.Falkag : Cleaned.
C:\RECYCLER\NPROTECT\00368490.TXT -> TrackingCookie.Falkag : Cleaned.
C:\RECYCLER\NPROTECT\00368491.TXT -> TrackingCookie.Falkag : Cleaned.
C:\RECYCLER\NPROTECT\00368492.TXT -> TrackingCookie.Falkag : Cleaned.
C:\RECYCLER\NPROTECT\00368493.TXT -> TrackingCookie.Falkag : Cleaned.
C:\RECYCLER\NPROTECT\00368494.TXT -> TrackingCookie.Falkag : Cleaned.
:mozilla.113:F:\Old Hard Drive\Owner\Application Data\Mozilla\Firefox\Profiles\y55dtb9s.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.114:F:\Old Hard Drive\Owner\Application Data\Mozilla\Firefox\Profiles\y55dtb9s.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.115:F:\Old Hard Drive\Owner\Application Data\Mozilla\Firefox\Profiles\y55dtb9s.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.116:F:\Old Hard Drive\Owner\Application Data\Mozilla\Firefox\Profiles\y55dtb9s.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.117:F:\Old Hard Drive\Owner\Application Data\Mozilla\Firefox\Profiles\y55dtb9s.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.118:F:\Old Hard Drive\Owner\Application Data\Mozilla\Firefox\Profiles\y55dtb9s.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.119:F:\Old Hard Drive\Owner\Application Data\Mozilla\Firefox\Profiles\y55dtb9s.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.120:F:\Old Hard Drive\Owner\Application Data\Mozilla\Firefox\Profiles\y55dtb9s.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.121:F:\Old Hard Drive\Owner\Application Data\Mozilla\Firefox\Profiles\y55dtb9s.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.122:F:\Old Hard Drive\Owner\Application Data\Mozilla\Firefox\Profiles\y55dtb9s.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.242:F:\Old Hard Drive\Owner\Application Data\Mozilla\Firefox\Profiles\y55dtb9s.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.243:F:\Old Hard Drive\Owner\Application Data\Mozilla\Firefox\Profiles\y55dtb9s.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.275:F:\Old Hard Drive\Owner\Application Data\Mozilla\Firefox\Profiles\y55dtb9s.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.281:F:\Old Hard Drive\Owner\Application Data\Mozilla\Firefox\Profiles\y55dtb9s.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.320:F:\Old Hard Drive\Owner\Application Data\Mozilla\Firefox\Profiles\y55dtb9s.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.321:F:\Old Hard Drive\Owner\Application Data\Mozilla\Firefox\Profiles\y55dtb9s.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.322:F:\Old Hard Drive\Owner\Application Data\Mozilla\Firefox\Profiles\y55dtb9s.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.323:F:\Old Hard Drive\Owner\Application Data\Mozilla\Firefox\Profiles\y55dtb9s.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.420:F:\Old Hard Drive\Owner\Application Data\Mozilla\Firefox\Profiles\y55dtb9s.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.443:F:\Old Hard Drive\Owner\Application Data\Mozilla\Firefox\Profiles\y55dtb9s.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.444:F:\Old Hard Drive\Owner\Application Data\Mozilla\Firefox\Profiles\y55dtb9s.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.492:F:\Old Hard Drive\Owner\Application Data\Mozilla\Firefox\Profiles\y55dtb9s.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.517:F:\Old Hard Drive\Owner\Application Data\Mozilla\Firefox\Profiles\y55dtb9s.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.518:F:\Old Hard Drive\Owner\Application Data\Mozilla\Firefox\Profiles\y55dtb9s.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.519:F:\Old Hard Drive\Owner\Application Data\Mozilla\Firefox\Profiles\y55dtb9s.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.544:F:\Old Hard Drive\Owner\Application Data\Mozilla\Firefox\Profiles\y55dtb9s.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.581:F:\Old Hard Drive\Owner\Application Data\Mozilla\Firefox\Profiles\y55dtb9s.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.591:F:\Old Hard Drive\Owner\Application Data\Mozilla\Firefox\Profiles\y55dtb9s.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.592:F:\Old Hard Drive\Owner\Application Data\Mozilla\Firefox\Profiles\y55dtb9s.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.648:F:\Old Hard Drive\Owner\Application Data\Mozilla\Firefox\Profiles\y55dtb9s.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.673:F:\Old Hard Drive\Owner\Application Data\Mozilla\Firefox\Profiles\y55dtb9s.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.674:F:\Old Hard Drive\Owner\Application Data\Mozilla\Firefox\Profiles\y55dtb9s.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.675:F:\Old Hard Drive\Owner\Application Data\Mozilla\Firefox\Profiles\y55dtb9s.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.676:F:\Old Hard Drive\Owner\Application Data\Mozilla\Firefox\Profiles\y55dtb9s.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.677:F:\Old Hard Drive\Owner\Application Data\Mozilla\Firefox\Profiles\y55dtb9s.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.678:F:\Old Hard Drive\Owner\Application Data\Mozilla\Firefox\Profiles\y55dtb9s.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.679:F:\Old Hard Drive\Owner\Application Data\Mozilla\Firefox\Profiles\y55dtb9s.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.716:F:\Old Hard Drive\Owner\Application Data\Mozilla\Firefox\Profiles\y55dtb9s.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.900:F:\Old Hard Drive\Owner\Application Data\Mozilla\Firefox\Profiles\y55dtb9s.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.901:F:\Old Hard Drive\Owner\Application Data\Mozilla\Firefox\Profiles\y55dtb9s.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.914:F:\Old Hard Drive\Owner\Application Data\Mozilla\Firefox\Profiles\y55dtb9s.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.199:F:\Old Hard Drive\Owner\Application Data\Mozilla\Firefox\Profiles\y55dtb9s.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.200:F:\Old Hard Drive\Owner\Application Data\Mozilla\Firefox\Profiles\y55dtb9s.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.201:F:\Old Hard Drive\Owner\Application Data\Mozilla\Firefox\Profiles\y55dtb9s.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.136:F:\Old Hard Drive\Owner\Application Data\Mozilla\Firefox\Profiles\y55dtb9s.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.137:F:\Old Hard Drive\Owner\Application Data\Mozilla\Firefox\Profiles\y55dtb9s.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.360:F:\Old Hard Drive\Owner\Application Data\Mozilla\Firefox\Profiles\y55dtb9s.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
C:\RECYCLER\NPROTECT\00368296.TXT -> TrackingCookie.Pointroll : Cleaned.
:mozilla.942:F:\Old Hard Drive\Owner\Application Data\Mozilla\Firefox\Profiles\y55dtb9s.default\cookies.txt -> TrackingCookie.Pro-market : Cleaned.
:mozilla.943:F:\Old Hard Drive\Owner\Application Data\Mozilla\Firefox\Profiles\y55dtb9s.default\cookies.txt -> TrackingCookie.Pro-market : Cleaned.
C:\RECYCLER\NPROTECT\00368306.TXT -> TrackingCookie.Ru4 : Cleaned.
:mozilla.304:F:\Old Hard Drive\Owner\Application Data\Mozilla\Firefox\Profiles\y55dtb9s.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.305:F:\Old Hard Drive\Owner\Application Data\Mozilla\Firefox\Profiles\y55dtb9s.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.306:F:\Old Hard Drive\Owner\Application Data\Mozilla\Firefox\Profiles\y55dtb9s.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.307:F:\Old Hard Drive\Owner\Application Data\Mozilla\Firefox\Profiles\y55dtb9s.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.436:F:\Old Hard Drive\Owner\Application Data\Mozilla\Firefox\Profiles\y55dtb9s.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
C:\RECYCLER\NPROTECT\00368254.TXT -> TrackingCookie.Statcounter : Cleaned.
:mozilla.355:F:\Old Hard Drive\Owner\Application Data\Mozilla\Firefox\Profiles\y55dtb9s.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.356:F:\Old Hard Drive\Owner\Application Data\Mozilla\Firefox\Profiles\y55dtb9s.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.357:F:\Old Hard Drive\Owner\Application Data\Mozilla\Firefox\Profiles\y55dtb9s.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
C:\RECYCLER\NPROTECT\00368275.TXT -> TrackingCookie.Tacoda : Cleaned.
C:\RECYCLER\NPROTECT\00368445.TXT -> TrackingCookie.Tacoda : Cleaned.
:mozilla.237:F:\Old Hard Drive\Owner\Application Data\Mozilla\Firefox\Profiles\y55dtb9s.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.762:F:\Old Hard Drive\Owner\Application Data\Mozilla\Firefox\Profiles\y55dtb9s.default\cookies.txt -> TrackingCookie.Trafic : Cleaned.
C:\RECYCLER\NPROTECT\00368276.TXT -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.837:F:\Old Hard Drive\Owner\Application Data\Mozilla\Firefox\Profiles\y55dtb9s.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.838:F:\Old Hard Drive\Owner\Application Data\Mozilla\Firefox\Profiles\y55dtb9s.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.839:F:\Old Hard Drive\Owner\Application Data\Mozilla\Firefox\Profiles\y55dtb9s.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.840:F:\Old Hard Drive\Owner\Application Data\Mozilla\Firefox\Profiles\y55dtb9s.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.841:F:\Old Hard Drive\Owner\Application Data\Mozilla\Firefox\Profiles\y55dtb9s.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.842:F:\Old Hard Drive\Owner\Application Data\Mozilla\Firefox\Profiles\y55dtb9s.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.336:F:\Old Hard Drive\Owner\Application Data\Mozilla\Firefox\Profiles\y55dtb9s.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned.
:mozilla.337:F:\Old Hard Drive\Owner\Application Data\Mozilla\Firefox\Profiles\y55dtb9s.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned.
:mozilla.284:F:\Old Hard Drive\Owner\Application Data\Mozilla\Firefox\Profiles\y55dtb9s.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.285:F:\Old Hard Drive\Owner\Application Data\Mozilla\Firefox\Profiles\y55dtb9s.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.286:F:\Old Hard Drive\Owner\Application Data\Mozilla\Firefox\Profiles\y55dtb9s.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.287:F:\Old Hard Drive\Owner\Application Data\Mozilla\Firefox\Profiles\y55dtb9s.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.288:F:\Old Hard Drive\Owner\Application Data\Mozilla\Firefox\Profiles\y55dtb9s.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.289:F:\Old Hard Drive\Owner\Application Data\Mozilla\Firefox\Profiles\y55dtb9s.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Christopher\Cookies\[email protected][2].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\RECYCLER\NPROTECT\00368285.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\RECYCLER\NPROTECT\00368481.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\RECYCLER\NPROTECT\00368482.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\RECYCLER\NPROTECT\00368485.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\RECYCLER\NPROTECT\00368486.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\RECYCLER\NPROTECT\00368487.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\RECYCLER\NPROTECT\00368498.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\RECYCLER\NPROTECT\00368499.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\RECYCLER\NPROTECT\00368500.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\RECYCLER\NPROTECT\00368501.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\WINDOWS\system32\clipboard.exe -> Worm.VB.dy : Cleaned with backup (quarantined).


::Report end

___________________________________

After that scan had completed, I came back here and saw your response. I did the killbox stuff as you instructed, then I did another scan with AVG, except the second time I did the 2nd scan option, where it only scaned cookies and system files (that first full scan took early 4 hours)

Here is the log from the second smaller scan

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 6:17:57 PM 12/16/2006

+ Scan result:



C:\Documents and Settings\Christopher\Cookies\christopher@adtech[2].txt -> TrackingCookie.Adtech : Cleaned.
C:\Documents and Settings\Christopher\Cookies\christopher@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned.
C:\Documents and Settings\Christopher\Cookies\[email protected][1].txt -> TrackingCookie.Yieldmanager : Cleaned.


::Report end

_________________

lastly, here is a new hyjack this log..

Logfile of HijackThis v1.99.1
Scan saved at 6:21:24 PM, on 12/16/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Christopher\Desktop\Hijack this\G2G.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {10543EEF-2332-4717-9917-4C4DA395C07E} - C:\WINDOWS\system32\pmkjg.dll
O2 - BHO: (no name) - {2D3061AC-71D1-4CF3-879D-94E3C2DE82F9} - C:\WINDOWS\system32\awvvt.dll (file missing)
O2 - BHO: (no name) - {3FD6B99C-A275-46ea-8FD1-3D63986E51E4} - C:\WINDOWS\system32\rplxylwx.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {A3890A7C-C6F0-479A-A0C7-03ABD4B49282} - C:\WINDOWS\system32\jkkli.dll (file missing)
O2 - BHO: (no name) - {B10178FF-AC2C-4c41-8238-3965D2642F29} - C:\WINDOWS\system32\oerhw41.dll (file missing)
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {D51E8810-C44A-443A-A352-E3AF02639829} - C:\WINDOWS\system32\vxadf25.1
O2 - BHO: (no name) - {FC7CA77E-B4B7-4780-A33E-1EDC82C7845A} - C:\WINDOWS\system32\vtsqo.dll (file missing)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [EPSON Stylus CX5200] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P19 "EPSON Stylus CX5200" /O6 "USB001" /M "Stylus CX5200"
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [CaISSDT] "C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe"
O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\tv\EXPLBAR.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O20 - Winlogon Notify: oerhw - oerhw41.dll (file missing)
O20 - Winlogon Notify: pmkjg - C:\WINDOWS\system32\pmkjg.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe

_______________________

on a final note, I'm still getting pop-ups (I got one just coming to this site right now)

any further instructions?
  • 0

#4
MFDnSC
Posted 16 December 2006 - 06:43 PM

MFDnSC

    Banned

  • Banned
  • PipPipPipPip
  • 1,137 posts
Please download http://www.atribune..../click.php?id=4 to C:\
Double-click VundoFix.exe to run it.
click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES.
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will shutdown your computer, click OK.
Turn your computer back on.
Please post the contents of C:\vundofix.txt and a new HijackThis log.
Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears at reboot.
  • 0

#5
upinout
Posted 16 December 2006 - 07:31 PM

upinout

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Vundo fix log;

VundoFix V6.2.13

Checking Java version...

Java version is 1.5.0.6

Scan started at 10:04:51 AM 12/12/2006

Listing files found while scanning....

C:\WINDOWS\system32\awvvt.dll
C:\WINDOWS\system32\vxadf25.dll
C:\WINDOWS\system32\tvvwa.ini
C:\WINDOWS\system32\tvvwa.bak1

Beginning removal...

Attempting to delete C:\WINDOWS\system32\awvvt.dll
C:\WINDOWS\system32\awvvt.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\vxadf25.dll
C:\WINDOWS\system32\vxadf25.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\tvvwa.ini
C:\WINDOWS\system32\tvvwa.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\tvvwa.bak1
C:\WINDOWS\system32\tvvwa.bak1 Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.2.13

Checking Java version...

Java version is 1.5.0.6

Scan started at 11:07:45 AM 12/15/2006

Listing files found while scanning....

C:\WINDOWS\system32\jkkli.dll
C:\WINDOWS\system32\igeby54.dll
C:\WINDOWS\system32\ilkkj.ini
C:\WINDOWS\system32\ilkkj.bak1

Beginning removal...

Attempting to delete C:\WINDOWS\system32\jkkli.dll
C:\WINDOWS\system32\jkkli.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\igeby54.dll
C:\WINDOWS\system32\igeby54.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ilkkj.ini
C:\WINDOWS\system32\ilkkj.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\ilkkj.bak1
C:\WINDOWS\system32\ilkkj.bak1 Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.2.13

Checking Java version...

Java version is 1.5.0.6

Scan started at 11:49:52 AM 12/16/2006

Listing files found while scanning....

C:\WINDOWS\system32\vtsqo.dll
C:\WINDOWS\system32\oqstv.ini
C:\WINDOWS\system32\oqstv.bak1
C:\WINDOWS\system32\oqstv.bak2

Beginning removal...

Attempting to delete C:\WINDOWS\system32\vtsqo.dll
C:\WINDOWS\system32\vtsqo.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\oqstv.ini
C:\WINDOWS\system32\oqstv.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\oqstv.bak1
C:\WINDOWS\system32\oqstv.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\oqstv.bak2
C:\WINDOWS\system32\oqstv.bak2 Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.2.13

Checking Java version...

Java version is 1.5.0.6

Scan started at 7:07:11 PM 12/16/2006

Listing files found while scanning....

C:\WINDOWS\system32\pmkjg.dll
C:\WINDOWS\system32\gjkmp.ini
C:\WINDOWS\system32\gjkmp.bak1

Beginning removal...

Attempting to delete C:\WINDOWS\system32\pmkjg.dll
C:\WINDOWS\system32\pmkjg.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\gjkmp.ini
C:\WINDOWS\system32\gjkmp.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\gjkmp.bak1
C:\WINDOWS\system32\gjkmp.bak1 Has been deleted!

Performing Repairs to the registry.
Done!

______________________________

Hyjack this log;

Logfile of HijackThis v1.99.1
Scan saved at 7:29:03 PM, on 12/16/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Christopher\Desktop\Hijack this\G2G.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {10543EEF-2332-4717-9917-4C4DA395C07E} - C:\WINDOWS\system32\pmkjg.dll (file missing)
O2 - BHO: (no name) - {2D3061AC-71D1-4CF3-879D-94E3C2DE82F9} - C:\WINDOWS\system32\awvvt.dll (file missing)
O2 - BHO: (no name) - {3FD6B99C-A275-46ea-8FD1-3D63986E51E4} - C:\WINDOWS\system32\rplxylwx.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {A3890A7C-C6F0-479A-A0C7-03ABD4B49282} - C:\WINDOWS\system32\jkkli.dll (file missing)
O2 - BHO: (no name) - {B10178FF-AC2C-4c41-8238-3965D2642F29} - C:\WINDOWS\system32\oerhw41.dll (file missing)
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {D51E8810-C44A-443A-A352-E3AF02639829} - C:\WINDOWS\system32\vxadf25.1
O2 - BHO: (no name) - {FC7CA77E-B4B7-4780-A33E-1EDC82C7845A} - C:\WINDOWS\system32\vtsqo.dll (file missing)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [EPSON Stylus CX5200] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P19 "EPSON Stylus CX5200" /O6 "USB001" /M "Stylus CX5200"
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [CaISSDT] "C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe"
O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\tv\EXPLBAR.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O20 - Winlogon Notify: oerhw - oerhw41.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe

______________________
No pop-ups so far.. Is there anything else I should do?

*edited to add that after I posted this my anti-virus came up with a warning that it found and removed the vundo virus

** one more edit to say that I am still getting pop-ups

Edited by upinout, 16 December 2006 - 07:35 PM.

  • 0

#6
MFDnSC
Posted 16 December 2006 - 07:45 PM

MFDnSC

    Banned

  • Banned
  • PipPipPipPip
  • 1,137 posts
You may want to print this or save it to notepad as we will go to safe mode.

Fix these with HiJackThis – mark them, close IE, click fix checked

O2 - BHO: (no name) - {10543EEF-2332-4717-9917-4C4DA395C07E} - C:\WINDOWS\system32\pmkjg.dll (file missing)

O2 - BHO: (no name) - {2D3061AC-71D1-4CF3-879D-94E3C2DE82F9} - C:\WINDOWS\system32\awvvt.dll (file missing)

O2 - BHO: (no name) - {3FD6B99C-A275-46ea-8FD1-3D63986E51E4} - C:\WINDOWS\system32\rplxylwx.dll

O2 - BHO: (no name) - {A3890A7C-C6F0-479A-A0C7-03ABD4B49282} - C:\WINDOWS\system32\jkkli.dll (file missing)

O2 - BHO: (no name) - {B10178FF-AC2C-4c41-8238-3965D2642F29} - C:\WINDOWS\system32\oerhw41.dll (file missing)

O2 - BHO: (no name) - {D51E8810-C44A-443A-A352-E3AF02639829} - C:\WINDOWS\system32\vxadf25.1

O2 - BHO: (no name) - {FC7CA77E-B4B7-4780-A33E-1EDC82C7845A} - C:\WINDOWS\system32\vtsqo.dll (file missing)

O20 - Winlogon Notify: oerhw - oerhw41.dll (file missing)

DownLoad http://www.downloads...org/KillBox.zip or
http://www.thespykil...les/killbox.exe

Restart your computer into safe mode now. (Tapping F8 at the first black screen) Perform the following steps in safe mode:

Double-click on Killbox.exe to run it. Now put a tick by Standard File Kill. In the "Full Path of File to Delete" box, copy and paste each of the following lines one at a time then click on the button that has the red circle with the X in the middle after you enter each file. It will ask for confimation to delete the file. Click Yes. Continue with that same procedure until you have copied and pasted all of these in the "Paste Full Path of File to Delete" box.

C:\WINDOWS\system32\rplxylwx.dll
C:\WINDOWS\system32\vxadf25.1


Note: It is possible that Killbox will tell you that one or more files do not exist. If that happens, just continue on with all the files. Be sure you don't miss any.

START – RUN – type in %temp% - OK - Edit – Select all – File – Delete

Delete everything in the C:\Windows\Temp folder or C:\WINNT\temp

Not all temp files will delete and that is normal
Empty the recycle bin
Boot and post a new log from normal NOT safe mode

Please give feedback on what worked/didn’t work and the current status of your system
  • 0

#7
upinout
Posted 16 December 2006 - 08:02 PM

upinout

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Latest Hyjack this log:
____________________________
Logfile of HijackThis v1.99.1
Scan saved at 8:01:10 PM, on 12/16/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Christopher\Desktop\Hijack this\G2G.exe
C:\WINDOWS\system32\wuauclt.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {3FD6B99C-A275-46ea-8FD1-3D63986E51E4} - C:\WINDOWS\system32\aygtnpif.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {AF8A588A-6A89-4336-A161-E19229238EA4} - C:\WINDOWS\system32\awtqo.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [EPSON Stylus CX5200] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P19 "EPSON Stylus CX5200" /O6 "USB001" /M "Stylus CX5200"
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\tv\EXPLBAR.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O20 - Winlogon Notify: awtqo - C:\WINDOWS\system32\awtqo.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
  • 0

#8
MFDnSC
Posted 17 December 2006 - 09:27 AM

MFDnSC

    Banned

  • Banned
  • PipPipPipPip
  • 1,137 posts
Run Vundofix again

You may want to print this or save it to notepad as we will go to safe mode.

Fix these with HiJackThis – mark them, close IE, click fix checked

O2 - BHO: (no name) - {3FD6B99C-A275-46ea-8FD1-3D63986E51E4} - C:\WINDOWS\system32\aygtnpif.dll

O2 - BHO: (no name) - {AF8A588A-6A89-4336-A161-E19229238EA4} - C:\WINDOWS\system32\awtqo.dll

O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE

O20 - Winlogon Notify: awtqo - C:\WINDOWS\system32\awtqo.dll

DownLoad http://www.downloads...org/KillBox.zip or
http://www.thespykil...les/killbox.exe

Restart your computer into safe mode now. (Tapping F8 at the first black screen) Perform the following steps in safe mode:

Double-click on Killbox.exe to run it. Now put a tick by Standard File Kill. In the "Full Path of File to Delete" box, copy and paste each of the following lines one at a time then click on the button that has the red circle with the X in the middle after you enter each file. It will ask for confimation to delete the file. Click Yes. Continue with that same procedure until you have copied and pasted all of these in the "Paste Full Path of File to Delete" box.

C:\WINDOWS\system32\aygtnpif.dll


Note: It is possible that Killbox will tell you that one or more files do not exist. If that happens, just continue on with all the files. Be sure you don't miss any.

START – RUN – type in %temp% - OK - Edit – Select all – File – Delete

Delete everything in the C:\Windows\Temp folder or C:\WINNT\temp

Not all temp files will delete and that is normal
Empty the recycle bin
Boot and post a new log from normal NOT safe mode

Please give feedback on what worked/didn’t work and the current status of your system
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP