[Elite[sS]]

Today, I was trying to disable all my startup programs, and when I entered "msconfig" into Run, it open a window as usual and it said that something wasnt selected (sorry can't remember exactly) but now my computer has Windows 98 features like the crappy effects and looks unlike windows XP. Does anyone know how to fix this problem?

[Advertisements]

Hello, Elite[sS].

Were you trying to disable all your stuff in msconfig due to malware? If so, please re-enable everything in msconfig, reboot, and follow the instructions in This thread.

Then post a fresh Hijackthis log in this post.

If it is NOT malware related, please let me know.

[OwNt]

Hello, Elite[sS].

Were you trying to disable all your stuff in msconfig due to malware? If so, please re-enable everything in msconfig, reboot, and follow the instructions in This thread.

Then post a fresh Hijackthis log in this post.

If it is NOT malware related, please let me know.

[Elite[sS]]

Hey OwNt,

Everytime I would boot up my computer, MSN Messenger would run itself, so when I was browsing your site I found how to disable startup programs. I have done it before. but this time when I typed 'msconfig' into run (then hit enter) it opened the window as usual but another window popped up saying that something was unchecked, and this happened before I made any changes. I'm not sure if its Melware or not, but I couldn't find anywhere else to post my problem. Other problems I have been experiencing are...

- Printer won't work
- Sound won't work
- Windows 98 features have enabled themselves although I had Windows XP

Here is the HiJackThis log

Logfile of HijackThis v1.99.1
Scan saved at 6:31:41 PM, on 10/26/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\userinit.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Microsoft.NET\Framework\v2.0.40607\aspnet_admin.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Defender Pro Anti Spam\dpantispam.exe
C:\Documents and Settings\Dylan Cuccaro\Desktop\Dylan's Folder\Windows XP\XP Fix\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = † Internet Explorer †
O2 - BHO: SABHO - {21B4ACC4-8874-4AEC-AEAC-F567A249B4D4} - (no file)
O2 - BHO: IE PopUp-Killer ; Neikeisoft - {49E0E0F0-5C30-11D4-945D-000000000003} - C:\PROGRA~1\DEFEND~1\DEFEND~1\PopUp.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [KAVPersonal50] C:\Program Files\Defender\Defender Pro 2005\kav.exe /minimize
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [103] "C:\Program Files\Defender Pro Anti Spam\admin" "-hide"
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Windoxs Update Center] yrt.exe
O4 - HKCU\..\Run: [strtas] lockx.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [DefenderProAutoRun] "C:\Program Files\Defender Pro Anti Spam\dpantispam" -D "C:\Program Files\Defender Pro Anti Spam\conf"
O4 - HKCU\..\Run: [Ashampoo PopUpBlocker] C:\PROGRA~1\DEFEND~1\DEFEND~1\PopUpKiller.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1128200660843
O16 - DPF: {9E17A5F9-2B9C-4C66-A592-199A4BA1FBC8} - http://pictures06.ai...AIM.9.5.1.8.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O18 - Protocol: flowto - {C7101FB0-28FB-11D5-883A-204C4F4F5021} - C:\Program Files\NetExchange Pro3.0\FlowHook.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: kavsvc - Kaspersky Labs - C:\Program Files\Defender\Defender Pro 2005\kavsvc.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

Thanks, Elite[sS].

[OwNt]

Hello, Elite[sS].

Please follow the instructions provided, you may want to print out these instructions or save them to notepad and use them as a reference.

The location you have Hijackthis in is XP Fix, please make sure Hijackthis is the only program in that folder.

Please download AimFix from Here.
Save it somewhere you will remember, like your desktop.

Go ahead and run AimFIX, then reboot your computer.

• After that, please go HERE to run Housecall.
• Note: you must use Internet Explorer, other browsers will not work.
• Under "Scan your PC", please click Scan now. It's free!
• Select your location and click the Go button.
• Click the red magnifying glass button.
• Select Complete Scan.
• Please be patient while Housecall downloads.
• Please allow the ActiveX Control and when prompted click install
• Put a check next to My Computer
• Leave the following checked:
  • Scan for Spyware
    Check security vulnerabilities
• Click the Next button.
• It will download the latest scan engine and pattern files.
• When the definitions have been downloaded, the scan will start.
• After it's done scanning it will take you to the summary page.
• Click the Next button.
• Click the drop-down to choose delete or remove on each bad guy found, if you receive a prompt click OK.
• Click the Next button to move onto the recovery (final) portion of the scan.
• After everything has been removed, please click the show button on everything.
• Highlight all the of text and press CTRL + C to copy the text.
• Please post the contents into your next reply.

Also, please download ewido security suite it is a free version of the program.

• Install ewido security suite
• When installing, under "Additional Options" uncheck..
  • Install background guard
  • Install scan via context menu
• Launch ewido, there should be an icon on your desktop, double-click it.
• The program will now open to the main screen.
• When you run ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment.
  
• You will need to update ewido to the latest definition files.
  • On the left hand side of the main screen click update.
  • Then click on Start Update.
• The update will start and a progress bar will show the updates being installed.
  (the status bar at the bottom will display ("Update successful")

If you are having problems with the updater, you can use this link to manually update ewido.
ewido manual updates

Once the updates are installed do the following:

• Click on scanner
• Click on Complete System Scan and the scan will begin.
• You will be prompted to clean the first infection.
• Select "Perform action on all infections", then proceed.
• Once the scan has completed, there will be a button located on the bottom of the screen named Save report
• Click Save report.
• Save the report .txt file to your desktop or a location where you can find it easily.

Close ewido security suite.

Please remember to post back the logs from Ewido, Housecall.

[Elite[sS]]

Ok done!

AimFix Scan Results Below

1.3.831.2037
Setting security privileges for AIMfix...
First, closing any running copies of AOL Instant Messenger (aim.exe):
***ANY VIRUS FILES REMOVED WILL BE LISTED BELOW***
Registry key "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\strtas" removed
***RUN COMPLETED. ANY FILES REMOVED LISTED ABOVE***




HouseCall Scan Results Below


Results:
We have detected 5 infected file(s) with 5 virus(es) on your computer. Only 0 out of 0 infected files are displayed: - 0 virus(es) passed, 0 virus(es) no action available
- 0 virus(es) cleaned, 0 virus(es) uncleanable
- 5 virus(es) deleted, 0 virus(es) undeletable
- 0 virus(es) not found, 0 virus(es) unaccessible
Detected File Associated Virus Name Action Taken
C:\Documents and Settings\Dylan Cuccaro\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\javainstaller.jar-3c936701-5f6d113c.zip
- javainstaller\InstallerApplet.class JAVA_BYTEVER.R Deletion successful
C:\Documents and Settings\Dylan Cuccaro\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\javainstaller.jar-5aa0b436-29abf557.zip
- javainstaller\InstallerApplet.class JAVA_BYTEVER.R Deletion successful
C:\Documents and Settings\Kathy Cuccaro\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\javainstaller.jar-5aa0b436-76822bf4.zip
- javainstaller\InstallerApplet.class JAVA_BYTEVER.R Deletion successful
C:\Program Files\Common Files\InetGet\mc-62-602-0000156.exe TROJ_DLOADER.ZT Deletion successful
C:\Program Files\Common Files\Windows\mc-62-602-0000156.exe TROJ_DLOADER.ZT Deletion successful




Trojan/Worm Check 0 worm/Trojan horse deleted

What we checked:
Malicious activity by a Trojan horse program. Although a Trojan seems like a harmless program, it contains malicious code and once installed can cause damage to your computer.
Results:
We have detected 0 Trojan horse program(s) and worm(s) on your computer. Only 0 out of 0 Trojan horse programs and worms are displayed: - 0 worm(s)/Trojan(s) passed, 0 worm(s)/Trojan(s) no action available
- 0 Worm(s)/Trojan(s) deleted, 0 worm(s)/Trojan(s) undeletable
Trojan/Worm Name Trojan/Worm Type Action Taken




Spyware Check 18 spyware programs removed

What we checked:
Whether personal information was tracked and reported by spyware. Spyware is often installed secretly with legitimate programs downloaded from the Internet.
Results:
We have detected 19 spyware(s) on your computer. Only 0 out of 0 spywares are displayed: - 1 spyware(s) passed, 0 spyware(s) no action available
- 18 spyware(s) removed, 0 spyware(s) unremovable
Spyware Name Spyware Type Action Taken
COOKIE_45 Cookie Removal successful
COOKIE_281 Cookie Removal successful
COOKIE_346 Cookie Removal successful
COOKIE_442 Cookie Removal successful
COOKIE_722 Cookie Removal successful
COOKIE_1020 Cookie Removal successful
COOKIE_1198 Cookie Removal successful
COOKIE_1543 Cookie Removal successful
COOKIE_1802 Cookie Removal successful
COOKIE_2136 Cookie Removal successful
COOKIE_2250 Cookie Removal successful
COOKIE_2281 Cookie Removal successful
COOKIE_2346 Cookie Removal successful
COOKIE_2798 Cookie Removal successful
COOKIE_2897 Cookie Removal successful
COOKIE_2921 Cookie Removal successful
COOKIE_3004 Cookie Removal successful
COOKIE_3163 Cookie Removal successful
COOKIE_3235 Cookie Removal successful




Microsoft Vulnerability Check No vulnerability detected

What we checked:
Microsoft known security vulnerabilities. These are issues Microsoft has identified and released Critical Updates to fix.
Results:
We have detected 0 vulnerability/vulnerabilities on your computer. Only 0 out of 0 vulnerabilities are displayed.
Risk Level Issue How to Fix




Ewido Scan Results Below

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 6:31:08 AM, 10/27/2005
+ Report-Checksum: A2E9BA80

+ Scan result:

HKU\S-1-5-21-177979178-962658378-1639174387-1007\Software\DNS -> Adware.Shorty : Cleaned with backup
:mozilla.19:C:\Documents and Settings\Dylan Cuccaro\Application Data\Mozilla\Firefox\Profiles\eacjt75j.Dylan Cuccaro\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.20:C:\Documents and Settings\Dylan Cuccaro\Application Data\Mozilla\Firefox\Profiles\eacjt75j.Dylan Cuccaro\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.23:C:\Documents and Settings\Dylan Cuccaro\Application Data\Mozilla\Firefox\Profiles\eacjt75j.Dylan Cuccaro\cookies.txt -> Spyware.Cookie.Addynamix : Cleaned with backup
:mozilla.24:C:\Documents and Settings\Dylan Cuccaro\Application Data\Mozilla\Firefox\Profiles\eacjt75j.Dylan Cuccaro\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.25:C:\Documents and Settings\Dylan Cuccaro\Application Data\Mozilla\Firefox\Profiles\eacjt75j.Dylan Cuccaro\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.26:C:\Documents and Settings\Dylan Cuccaro\Application Data\Mozilla\Firefox\Profiles\eacjt75j.Dylan Cuccaro\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.27:C:\Documents and Settings\Dylan Cuccaro\Application Data\Mozilla\Firefox\Profiles\eacjt75j.Dylan Cuccaro\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.28:C:\Documents and Settings\Dylan Cuccaro\Application Data\Mozilla\Firefox\Profiles\eacjt75j.Dylan Cuccaro\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.29:C:\Documents and Settings\Dylan Cuccaro\Application Data\Mozilla\Firefox\Profiles\eacjt75j.Dylan Cuccaro\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.30:C:\Documents and Settings\Dylan Cuccaro\Application Data\Mozilla\Firefox\Profiles\eacjt75j.Dylan Cuccaro\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.31:C:\Documents and Settings\Dylan Cuccaro\Application Data\Mozilla\Firefox\Profiles\eacjt75j.Dylan Cuccaro\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.32:C:\Documents and Settings\Dylan Cuccaro\Application Data\Mozilla\Firefox\Profiles\eacjt75j.Dylan Cuccaro\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.33:C:\Documents and Settings\Dylan Cuccaro\Application Data\Mozilla\Firefox\Profiles\eacjt75j.Dylan Cuccaro\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.34:C:\Documents and Settings\Dylan Cuccaro\Application Data\Mozilla\Firefox\Profiles\eacjt75j.Dylan Cuccaro\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.35:C:\Documents and Settings\Dylan Cuccaro\Application Data\Mozilla\Firefox\Profiles\eacjt75j.Dylan Cuccaro\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.36:C:\Documents and Settings\Dylan Cuccaro\Application Data\Mozilla\Firefox\Profiles\eacjt75j.Dylan Cuccaro\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.37:C:\Documents and Settings\Dylan Cuccaro\Application Data\Mozilla\Firefox\Profiles\eacjt75j.Dylan Cuccaro\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.38:C:\Documents and Settings\Dylan Cuccaro\Application Data\Mozilla\Firefox\Profiles\eacjt75j.Dylan Cuccaro\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.39:C:\Documents and Settings\Dylan Cuccaro\Application Data\Mozilla\Firefox\Profiles\eacjt75j.Dylan Cuccaro\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.40:C:\Documents and Settings\Dylan Cuccaro\Application Data\Mozilla\Firefox\Profiles\eacjt75j.Dylan Cuccaro\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.41:C:\Documents and Settings\Dylan Cuccaro\Application Data\Mozilla\Firefox\Profiles\eacjt75j.Dylan Cuccaro\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.42:C:\Documents and Settings\Dylan Cuccaro\Application Data\Mozilla\Firefox\Profiles\eacjt75j.Dylan Cuccaro\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.43:C:\Documents and Settings\Dylan Cuccaro\Application Data\Mozilla\Firefox\Profiles\eacjt75j.Dylan Cuccaro\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.44:C:\Documents and Settings\Dylan Cuccaro\Application Data\Mozilla\Firefox\Profiles\eacjt75j.Dylan Cuccaro\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.45:C:\Documents and Settings\Dylan Cuccaro\Application Data\Mozilla\Firefox\Profiles\eacjt75j.Dylan Cuccaro\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.46:C:\Documents and Settings\Dylan Cuccaro\Application Data\Mozilla\Firefox\Profiles\eacjt75j.Dylan Cuccaro\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.47:C:\Documents and Settings\Dylan Cuccaro\Application Data\Mozilla\Firefox\Profiles\eacjt75j.Dylan Cuccaro\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.48:C:\Documents and Settings\Dylan Cuccaro\Application Data\Mozilla\Firefox\Profiles\eacjt75j.Dylan Cuccaro\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.49:C:\Documents and Settings\Dylan Cuccaro\Application Data\Mozilla\Firefox\Profiles\eacjt75j.Dylan Cuccaro\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.50:C:\Documents and Settings\Dylan Cuccaro\Application Data\Mozilla\Firefox\Profiles\eacjt75j.Dylan Cuccaro\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.51:C:\Documents and Settings\Dylan Cuccaro\Application Data\Mozilla\Firefox\Profiles\eacjt75j.Dylan Cuccaro\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.52:C:\Documents and Settings\Dylan Cuccaro\Application Data\Mozilla\Firefox\Profiles\eacjt75j.Dylan Cuccaro\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.53:C:\Documents and Settings\Dylan Cuccaro\Application Data\Mozilla\Firefox\Profiles\eacjt75j.Dylan Cuccaro\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.54:C:\Documents and Settings\Dylan Cuccaro\Application Data\Mozilla\Firefox\Profiles\eacjt75j.Dylan Cuccaro\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.55:C:\Documents and Settings\Dylan Cuccaro\Application Data\Mozilla\Firefox\Profiles\eacjt75j.Dylan Cuccaro\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.56:C:\Documents and Settings\Dylan Cuccaro\Application Data\Mozilla\Firefox\Profiles\eacjt75j.Dylan Cuccaro\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.57:C:\Documents and Settings\Dylan Cuccaro\Application Data\Mozilla\Firefox\Profiles\eacjt75j.Dylan Cuccaro\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.61:C:\Documents and Settings\Dylan Cuccaro\Application Data\Mozilla\Firefox\Profiles\eacjt75j.Dylan Cuccaro\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.62:C:\Documents and Settings\Dylan Cuccaro\Application Data\Mozilla\Firefox\Profiles\eacjt75j.Dylan Cuccaro\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.63:C:\Documents and Settings\Dylan Cuccaro\Application Data\Mozilla\Firefox\Profiles\eacjt75j.Dylan Cuccaro\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.66:C:\Documents and Settings\Dylan Cuccaro\Application Data\Mozilla\Firefox\Profiles\eacjt75j.Dylan Cuccaro\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
:mozilla.67:C:\Documents and Settings\Dylan Cuccaro\Application Data\Mozilla\Firefox\Profiles\eacjt75j.Dylan Cuccaro\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.68:C:\Documents and Settings\Dylan Cuccaro\Application Data\Mozilla\Firefox\Profiles\eacjt75j.Dylan Cuccaro\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.74:C:\Documents and Settings\Dylan Cuccaro\Application Data\Mozilla\Firefox\Profiles\eacjt75j.Dylan Cuccaro\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.75:C:\Documents and Settings\Dylan Cuccaro\Application Data\Mozilla\Firefox\Profiles\eacjt75j.Dylan Cuccaro\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.76:C:\Documents and Settings\Dylan Cuccaro\Application Data\Mozilla\Firefox\Profiles\eacjt75j.Dylan Cuccaro\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.77:C:\Documents and Settings\Dylan Cuccaro\Application Data\Mozilla\Firefox\Profiles\eacjt75j.Dylan Cuccaro\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.78:C:\Documents and Settings\Dylan Cuccaro\Application Data\Mozilla\Firefox\Profiles\eacjt75j.Dylan Cuccaro\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.89:C:\Documents and Settings\Dylan Cuccaro\Application Data\Mozilla\Firefox\Profiles\eacjt75j.Dylan Cuccaro\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.90:C:\Documents and Settings\Dylan Cuccaro\Application Data\Mozilla\Firefox\Profiles\eacjt75j.Dylan Cuccaro\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.91:C:\Documents and Settings\Dylan Cuccaro\Application Data\Mozilla\Firefox\Profiles\eacjt75j.Dylan Cuccaro\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.92:C:\Documents and Settings\Dylan Cuccaro\Application Data\Mozilla\Firefox\Profiles\eacjt75j.Dylan Cuccaro\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.93:C:\Documents and Settings\Dylan Cuccaro\Application Data\Mozilla\Firefox\Profiles\eacjt75j.Dylan Cuccaro\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.94:C:\Documents and Settings\Dylan Cuccaro\Application Data\Mozilla\Firefox\Profiles\eacjt75j.Dylan Cuccaro\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.95:C:\Documents and Settings\Dylan Cuccaro\Application Data\Mozilla\Firefox\Profiles\eacjt75j.Dylan Cuccaro\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.96:C:\Documents and Settings\Dylan Cuccaro\Application Data\Mozilla\Firefox\Profiles\eacjt75j.Dylan Cuccaro\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.98:C:\Documents and Settings\Dylan Cuccaro\Application Data\Mozilla\Firefox\Profiles\eacjt75j.Dylan Cuccaro\cookies.txt -> Spyware.Cookie.Masterstats : Cleaned with backup
:mozilla.103:C:\Documents and Settings\Dylan Cuccaro\Application Data\Mozilla\Firefox\Profiles\eacjt75j.Dylan Cuccaro\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.104:C:\Documents and Settings\Dylan Cuccaro\Application Data\Mozilla\Firefox\Profiles\eacjt75j.Dylan Cuccaro\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.105:C:\Documents and Settings\Dylan Cuccaro\Application Data\Mozilla\Firefox\Profiles\eacjt75j.Dylan Cuccaro\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.106:C:\Documents and Settings\Dylan Cuccaro\Application Data\Mozilla\Firefox\Profiles\eacjt75j.Dylan Cuccaro\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.107:C:\Documents and Settings\Dylan Cuccaro\Application Data\Mozilla\Firefox\Profiles\eacjt75j.Dylan Cuccaro\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.125:C:\Documents and Settings\Dylan Cuccaro\Application Data\Mozilla\Firefox\Profiles\eacjt75j.Dylan Cuccaro\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.126:C:\Documents and Settings\Dylan Cuccaro\Application Data\Mozilla\Firefox\Profiles\eacjt75j.Dylan Cuccaro\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.127:C:\Documents and Settings\Dylan Cuccaro\Application Data\Mozilla\Firefox\Profiles\eacjt75j.Dylan Cuccaro\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.128:C:\Documents and Settings\Dylan Cuccaro\Application Data\Mozilla\Firefox\Profiles\eacjt75j.Dylan Cuccaro\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.129:C:\Documents and Settings\Dylan Cuccaro\Application Data\Mozilla\Firefox\Profiles\eacjt75j.Dylan Cuccaro\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.130:C:\Documents and Settings\Dylan Cuccaro\Application Data\Mozilla\Firefox\Profiles\eacjt75j.Dylan Cuccaro\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.131:C:\Documents and Settings\Dylan Cuccaro\Application Data\Mozilla\Firefox\Profiles\eacjt75j.Dylan Cuccaro\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.132:C:\Documents and Settings\Dylan Cuccaro\Application Data\Mozilla\Firefox\Profiles\eacjt75j.Dylan Cuccaro\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.138:C:\Documents and Settings\Dylan Cuccaro\Application Data\Mozilla\Firefox\Profiles\eacjt75j.Dylan Cuccaro\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.139:C:\Documents and Settings\Dylan Cuccaro\Application Data\Mozilla\Firefox\Profiles\eacjt75j.Dylan Cuccaro\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.142:C:\Documents and Settings\Dylan Cuccaro\Application Data\Mozilla\Firefox\Profiles\eacjt75j.Dylan Cuccaro\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.157:C:\Documents and Settings\Dylan Cuccaro\Application Data\Mozilla\Firefox\Profiles\eacjt75j.Dylan Cuccaro\cookies.txt -> Spyware.Cookie.Linksynergy : Cleaned with backup
:mozilla.158:C:\Documents and Settings\Dylan Cuccaro\Application Data\Mozilla\Firefox\Profiles\eacjt75j.Dylan Cuccaro\cookies.txt -> Spyware.Cookie.Linksynergy : Cleaned with backup
:mozilla.160:C:\Documents and Settings\Dylan Cuccaro\Application Data\Mozilla\Firefox\Profiles\eacjt75j.Dylan Cuccaro\cookies.txt -> Spyware.Cookie.Qksrv : Cleaned with backup
:mozilla.161:C:\Documents and Settings\Dylan Cuccaro\Application Data\Mozilla\Firefox\Profiles\eacjt75j.Dylan Cuccaro\cookies.txt -> Spyware.Cookie.Qksrv : Cleaned with backup
:mozilla.164:C:\Documents and Settings\Dylan Cuccaro\Application Data\Mozilla\Firefox\Profiles\eacjt75j.Dylan Cuccaro\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.165:C:\Documents and Settings\Dylan Cuccaro\Application Data\Mozilla\Firefox\Profiles\eacjt75j.Dylan Cuccaro\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.166:C:\Documents and Settings\Dylan Cuccaro\Application Data\Mozilla\Firefox\Profiles\eacjt75j.Dylan Cuccaro\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.167:C:\Documents and Settings\Dylan Cuccaro\Application Data\Mozilla\Firefox\Profiles\eacjt75j.Dylan Cuccaro\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.168:C:\Documents and Settings\Dylan Cuccaro\Application Data\Mozilla\Firefox\Profiles\eacjt75j.Dylan Cuccaro\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.34:C:\Documents and Settings\Dylan Cuccaro\Application Data\Mozilla\Firefox\Profiles\tatr5i2r.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.35:C:\Documents and Settings\Dylan Cuccaro\Application Data\Mozilla\Firefox\Profiles\tatr5i2r.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.36:C:\Documents and Settings\Dylan Cuccaro\Application Data\Mozilla\Firefox\Profiles\tatr5i2r.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.37:C:\Documents and Settings\Dylan Cuccaro\Application Data\Mozilla\Firefox\Profiles\tatr5i2r.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.38:C:\Documents and Settings\Dylan Cuccaro\Application Data\Mozilla\Firefox\Profiles\tatr5i2r.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.39:C:\Documents and Settings\Dylan Cuccaro\Application Data\Mozilla\Firefox\Profiles\tatr5i2r.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.41:C:\Documents and Settings\Dylan Cuccaro\Application Data\Mozilla\Firefox\Profiles\tatr5i2r.default\cookies.txt -> Spyware.Cookie.Paypopup : Cleaned with backup
:mozilla.42:C:\Documents and Settings\Dylan Cuccaro\Application Data\Mozilla\Firefox\Profiles\tatr5i2r.default\cookies.txt -> Spyware.Cookie.Paypopup : Cleaned with backup
:mozilla.43:C:\Documents and Settings\Dylan Cuccaro\Application Data\Mozilla\Firefox\Profiles\tatr5i2r.default\cookies.txt -> Spyware.Cookie.Paypopup : Cleaned with backup
:mozilla.44:C:\Documents and Settings\Dylan Cuccaro\Application Data\Mozilla\Firefox\Profiles\tatr5i2r.default\cookies.txt -> Spyware.Cookie.Paypopup : Cleaned with backup
:mozilla.45:C:\Documents and Settings\Dylan Cuccaro\Application Data\Mozilla\Firefox\Profiles\tatr5i2r.default\cookies.txt -> Spyware.Cookie.Paypopup : Cleaned with backup
:mozilla.46:C:\Documents and Settings\Dylan Cuccaro\Application Data\Mozilla\Firefox\Profiles\tatr5i2r.default\cookies.txt -> Spyware.Cookie.Paypopup : Cleaned with backup
:mozilla.47:C:\Documents and Settings\Dylan Cuccaro\Application Data\Mozilla\Firefox\Profiles\tatr5i2r.default\cookies.txt -> Spyware.Cookie.Paypopup : Cleaned with backup
:mozilla.48:C:\Documents and Settings\Dylan Cuccaro\Application Data\Mozilla\Firefox\Profiles\tatr5i2r.default\cookies.txt -> Spyware.Cookie.Paypopup : Cleaned with backup
:mozilla.49:C:\Documents and Settings\Dylan Cuccaro\Application Data\Mozilla\Firefox\Profiles\tatr5i2r.default\cookies.txt -> Spyware.Cookie.Paypopup : Cleaned with backup
:mozilla.50:C:\Documents and Settings\Dylan Cuccaro\Application Data\Mozilla\Firefox\Profiles\tatr5i2r.default\cookies.txt -> Spyware.Cookie.Paypopup : Cleaned with backup
:mozilla.51:C:\Documents and Settings\Dylan Cuccaro\Application Data\Mozilla\Firefox\Profiles\tatr5i2r.default\cookies.txt -> Spyware.Cookie.Paypopup : Cleaned with backup
:mozilla.52:C:\Documents and Settings\Dylan Cuccaro\Application Data\Mozilla\Firefox\Profiles\tatr5i2r.default\cookies.txt -> Spyware.Cookie.Paypopup : Cleaned with backup
:mozilla.53:C:\Documents and Settings\Dylan Cuccaro\Application Data\Mozilla\Firefox\Profiles\tatr5i2r.default\cookies.txt -> Spyware.Cookie.Paypopup : Cleaned with backup
:mozilla.54:C:\Documents and Settings\Dylan Cuccaro\Application Data\Mozilla\Firefox\Profiles\tatr5i2r.default\cookies.txt -> Spyware.Cookie.Paypopup : Cleaned with backup
:mozilla.55:C:\Documents and Settings\Dylan Cuccaro\Application Data\Mozilla\Firefox\Profiles\tatr5i2r.default\cookies.txt -> Spyware.Cookie.Paypopup : Cleaned with backup
:mozilla.56:C:\Documents and Settings\Dylan Cuccaro\Application Data\Mozilla\Firefox\Profiles\tatr5i2r.default\cookies.txt -> Spyware.Cookie.Paypopup : Cleaned with backup
:mozilla.57:C:\Documents and Settings\Dylan Cuccaro\Application Data\Mozilla\Firefox\Profiles\tatr5i2r.default\cookies.txt -> Spyware.Cookie.Paypopup : Cleaned with backup
:mozilla.58:C:\Documents and Settings\Dylan Cuccaro\Application Data\Mozilla\Firefox\Profiles\tatr5i2r.default\cookies.txt -> Spyware.Cookie.Paypopup : Cleaned with backup
:mozilla.59:C:\Documents and Settings\Dylan Cuccaro\Application Data\Mozilla\Firefox\Profiles\tatr5i2r.default\cookies.txt -> Spyware.Cookie.Paypopup : Cleaned with backup
:mozilla.60:C:\Documents and Settings\Dylan Cuccaro\Application Data\Mozilla\Firefox\Profiles\tatr5i2r.default\cookies.txt -> Spyware.Cookie.Paypopup : Cleaned with backup
:mozilla.61:C:\Documents and Settings\Dylan Cuccaro\Application Data\Mozilla\Firefox\Profiles\tatr5i2r.default\cookies.txt -> Spyware.Cookie.Paypopup : Cleaned with backup
:mozilla.62:C:\Documents and Settings\Dylan Cuccaro\Application Data\Mozilla\Firefox\Profiles\tatr5i2r.default\cookies.txt -> Spyware.Cookie.Paypopup : Cleaned with backup
:mozilla.63:C:\Documents and Settings\Dylan Cuccaro\Application Data\Mozilla\Firefox\Profiles\tatr5i2r.default\cookies.txt -> Spyware.Cookie.Paypopup : Cleaned with backup
:mozilla.64:C:\Documents and Settings\Dylan Cuccaro\Application Data\Mozilla\Firefox\Profiles\tatr5i2r.default\cookies.txt -> Spyware.Cookie.Paypopup : Cleaned with backup
:mozilla.65:C:\Documents and Settings\Dylan Cuccaro\Application Data\Mozilla\Firefox\Profiles\tatr5i2r.default\cookies.txt -> Spyware.Cookie.Paypopup : Cleaned with backup
:mozilla.68:C:\Documents and Settings\Dylan Cuccaro\Application Data\Mozilla\Firefox\Profiles\tatr5i2r.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.69:C:\Documents and Settings\Dylan Cuccaro\Application Data\Mozilla\Firefox\Profiles\tatr5i2r.default\cookies.txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
:mozilla.71:C:\Documents and Settings\Dylan Cuccaro\Application Data\Mozilla\Firefox\Profiles\tatr5i2r.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.72:C:\Documents and Settings\Dylan Cuccaro\Application Data\Mozilla\Firefox\Profiles\tatr5i2r.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.73:C:\Documents and Settings\Dylan Cuccaro\Application Data\Mozilla\Firefox\Profiles\tatr5i2r.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.75:C:\Documents and Settings\Dylan Cuccaro\Application Data\Mozilla\Firefox\Profiles\tatr5i2r.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.76:C:\Documents and Settings\Dylan Cuccaro\Application Data\Mozilla\Firefox\Profiles\tatr5i2r.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.77:C:\Documents and Settings\Dylan Cuccaro\Application Data\Mozilla\Firefox\Profiles\tatr5i2r.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.78:C:\Documents and Settings\Dylan Cuccaro\Application Data\Mozilla\Firefox\Profiles\tatr5i2r.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.81:C:\Documents and Settings\Dylan Cuccaro\Application Data\Mozilla\Firefox\Profiles\tatr5i2r.default\cookies.txt -> Spyware.Cookie.Realtracker : Cleaned with backup
:mozilla.82:C:\Documents and Settings\Dylan Cuccaro\Application Data\Mozilla\Firefox\Profiles\tatr5i2r.default\cookies.txt -> Spyware.Cookie.Realtracker : Cleaned with backup
:mozilla.83:C:\Documents and Settings\Dylan Cuccaro\Application Data\Mozilla\Firefox\Profiles\tatr5i2r.default\cookies.txt -> Spyware.Cookie.Hypertracker : Cleaned with backup
:mozilla.90:C:\Documents and Settings\Dylan Cuccaro\Application Data\Mozilla\Firefox\Profiles\tatr5i2r.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.91:C:\Documents and Settings\Dylan Cuccaro\Application Data\Mozilla\Firefox\Profiles\tatr5i2r.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.92:C:\Documents and Settings\Dylan Cuccaro\Application Data\Mozilla\Firefox\Profiles\tatr5i2r.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.94:C:\Documents and Settings\Dylan Cuccaro\Application Data\Mozilla\Firefox\Profiles\tatr5i2r.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.95:C:\Documents and Settings\Dylan Cuccaro\Application Data\Mozilla\Firefox\Profiles\tatr5i2r.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.96:C:\Documents and Settings\Dylan Cuccaro\Application Data\Mozilla\Firefox\Profiles\tatr5i2r.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.97:C:\Documents and Settings\Dylan Cuccaro\Application Data\Mozilla\Firefox\Profiles\tatr5i2r.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.98:C:\Documents and Settings\Dylan Cuccaro\Application Data\Mozilla\Firefox\Profiles\tatr5i2r.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.99:C:\Documents and Settings\Dylan Cuccaro\Application Data\Mozilla\Firefox\Profiles\tatr5i2r.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.100:C:\Documents and Settings\Dylan Cuccaro\Application Data\Mozilla\Firefox\Profiles\tatr5i2r.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.101:C:\Documents and Settings\Dylan Cuccaro\Application Data\Mozilla\Firefox\Profiles\tatr5i2r.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.102:C:\Documents and Settings\Dylan Cuccaro\Application Data\Mozilla\Firefox\Profiles\tatr5i2r.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.103:C:\Documents and Settings\Dylan Cuccaro\Application Data\Mozilla\Firefox\Profiles\tatr5i2r.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.104:C:\Documents and Settings\Dylan Cuccaro\Application Data\Mozilla\Firefox\Profiles\tatr5i2r.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.105:C:\Documents and Settings\Dylan Cuccaro\Application Data\Mozilla\Firefox\Profiles\tatr5i2r.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.106:C:\Documents and Settings\Dylan Cuccaro\Application Data\Mozilla\Firefox\Profiles\tatr5i2r.default\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.107:C:\Documents and Settings\Dylan Cuccaro\Application Data\Mozilla\Firefox\Profiles\tatr5i2r.default\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.111:C:\Documents and Settings\Dylan Cuccaro\Application Data\Mozilla\Firefox\Profiles\tatr5i2r.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.112:C:\Documents and Settings\Dylan Cuccaro\Application Data\Mozilla\Firefox\Profiles\tatr5i2r.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.113:C:\Documents and Settings\Dylan Cuccaro\Application Data\Mozilla\Firefox\Profiles\tatr5i2r.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.114:C:\Documents and Settings\Dylan Cuccaro\Application Data\Mozilla\Firefox\Profiles\tatr5i2r.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.115:C:\Documents and Settings\Dylan Cuccaro\Application Data\Mozilla\Firefox\Profiles\tatr5i2r.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.116:C:\Documents and Settings\Dylan Cuccaro\Application Data\Mozilla\Firefox\Profiles\tatr5i2r.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.117:C:\Documents and Settings\Dylan Cuccaro\Application Data\Mozilla\Firefox\Profiles\tatr5i2r.default\cookies.txt -> Spyware.Cookie.Addynamix : Cleaned with backup
:mozilla.118:C:\Documents and Settings\Dylan Cuccaro\Application Data\Mozilla\Firefox\Profiles\tatr5i2r.default\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
:mozilla.124:C:\Documents and Settings\Dylan Cuccaro\Application Data\Mozilla\Firefox\Profiles\tatr5i2r.default\cookies.txt -> Spyware.Cookie.Revenue : Cleaned with backup
C:\Documents and Settings\Dylan Cuccaro\Cookies\dylan [email protected][2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Dylan Cuccaro\Cookies\dylan cuccaro@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Dylan Cuccaro\Cookies\dylan cuccaro@casalemedia[1].txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\Dylan Cuccaro\Desktop\Dylan's Folder\Starcraft Programs\Hacks\Starcraft Brood War 1.13e Hacks\Inhale\Loader.exe -> Backdoor.Konsl : Cleaned with backup
C:\Documents and Settings\Dylan Cuccaro\Desktop\Dylan's Folder\Starcraft Programs\Hacks\Starcraft Brood War 1.13e Hacks\Inhale.rar/Inhale\Loader.exe -> Backdoor.Konsl : Cleaned with backup
C:\Documents and Settings\Dylan Cuccaro\Local Settings\Temporary Internet Files\Content.IE5\MTG9OLIV\mm[2].js -> Spyware.Chitika : Cleaned with backup
:mozilla.6:C:\Documents and Settings\Kathy Cuccaro\Application Data\Mozilla\Firefox\Profiles\9t8yqnyg.default\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.11:C:\Documents and Settings\Kathy Cuccaro\Application Data\Mozilla\Firefox\Profiles\9t8yqnyg.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.19:C:\Documents and Settings\Kathy Cuccaro\Application Data\Mozilla\Firefox\Profiles\9t8yqnyg.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.21:C:\Documents and Settings\Kathy Cuccaro\Application Data\Mozilla\Firefox\Profiles\9t8yqnyg.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.22:C:\Documents and Settings\Kathy Cuccaro\Application Data\Mozilla\Firefox\Profiles\9t8yqnyg.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.23:C:\Documents and Settings\Kathy Cuccaro\Application Data\Mozilla\Firefox\Profiles\9t8yqnyg.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.30:C:\Documents and Settings\Kathy Cuccaro\Application Data\Mozilla\Firefox\Profiles\9t8yqnyg.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.31:C:\Documents and Settings\Kathy Cuccaro\Application Data\Mozilla\Firefox\Profiles\9t8yqnyg.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.32:C:\Documents and Settings\Kathy Cuccaro\Application Data\Mozilla\Firefox\Profiles\9t8yqnyg.default\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
:mozilla.33:C:\Documents and Settings\Kathy Cuccaro\Application Data\Mozilla\Firefox\Profiles\9t8yqnyg.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.39:C:\Documents and Settings\Kathy Cuccaro\Application Data\Mozilla\Firefox\Profiles\9t8yqnyg.default\cookies.txt -> Spyware.Cookie.Coremetrics : Cleaned with backup
C:\Documents and Settings\Kathy Cuccaro\Cookies\kathy cuccaro@2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Kathy Cuccaro\Cookies\kathy [email protected][2].txt -> Spyware.Cookie.Pointroll : Cleaned with backup
C:\Documents and Settings\Kathy Cuccaro\Cookies\kathy cuccaro@advertising[1].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Kathy Cuccaro\Cookies\kathy cuccaro@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Kathy Cuccaro\Cookies\kathy cuccaro@burstnet[2].txt -> Spyware.Cookie.Burstnet : Cleaned with backup
C:\Documents and Settings\Kathy Cuccaro\Cookies\kathy cuccaro@casalemedia[1].txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\Kathy Cuccaro\Cookies\kathy cuccaro@centrport[1].txt -> Spyware.Cookie.Centrport : Cleaned with backup
C:\Documents and Settings\Kathy Cuccaro\Cookies\kathy cuccaro@doubleclick[2].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Kathy Cuccaro\Cookies\kathy [email protected][2].txt -> Spyware.Cookie.Ru4 : Cleaned with backup
C:\Documents and Settings\Kathy Cuccaro\Cookies\kathy cuccaro@fastclick[2].txt -> Spyware.Cookie.Fastclick : Cleaned with backup
C:\Documents and Settings\Kathy Cuccaro\Cookies\kathy cuccaro@mediaplex[1].txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\Kathy Cuccaro\Cookies\kathy cuccaro@questionmarket[1].txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\Kathy Cuccaro\Cookies\kathy [email protected][2].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Kathy Cuccaro\Cookies\kathy cuccaro@serving-sys[1].txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\Kathy Cuccaro\Cookies\kathy cuccaro@tribalfusion[1].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\Kathy Cuccaro\Cookies\kathy [email protected][1].txt -> Spyware.Cookie.Adserver : Cleaned with backup
C:\Dylan's Folder\Winzip\Loader.exe -> Backdoor.Konsl : Cleaned with backup
C:\Program Files\Common Files\Windows\services32.exe -> Spyware.Maxifiles : Cleaned with backup
C:\Program Files\Mozilla Firefox\plugins\ZangoInstaller.exe -> Spyware.180Solutions : Cleaned with backup
C:\WINDOWS\SYSTEM32\H@tKeysH@@k.DLL -> Not-A-Virus.Tool.Game.HotHook : Cleaned with backup
C:\xz.bat -> Trojan.KillProc.a : Cleaned with backup


::Report End

There yah go OwNt, by the way, sorry it took me so long to reply. It took a while to scan.

[OwNt]

Hello, Elite[sS].

Could you post back a fresh Hijackthis log as well?

There yah go OwNt, by the way, sorry it took me so long to reply. It took a while to scan.

That was one of the quickest replies I've had yet.

[Elite[sS]]

Hey OwNt,

Lol, it seemed to take forever to scan but heres the HiJackThis Log.

Logfile of HijackThis v1.99.1
Scan saved at 4:06:01 PM, on 10/27/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Microsoft.NET\Framework\v2.0.40607\aspnet_admin.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Defender Pro Anti Spam\dpantispam.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Dylan Cuccaro\Desktop\Dylan's Folder\Windows XP\XP Fix\HiJackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = † Internet Explorer †
O2 - BHO: SABHO - {21B4ACC4-8874-4AEC-AEAC-F567A249B4D4} - (no file)
O2 - BHO: IE PopUp-Killer ; Neikeisoft - {49E0E0F0-5C30-11D4-945D-000000000003} - C:\PROGRA~1\DEFEND~1\DEFEND~1\PopUp.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [KAVPersonal50] C:\Program Files\Defender\Defender Pro 2005\kav.exe /minimize
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [103] "C:\Program Files\Defender Pro Anti Spam\admin" "-hide"
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Windoxs Update Center] yrt.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [DefenderProAutoRun] "C:\Program Files\Defender Pro Anti Spam\dpantispam" -D "C:\Program Files\Defender Pro Anti Spam\conf"
O4 - HKCU\..\Run: [Ashampoo PopUpBlocker] C:\PROGRA~1\DEFEND~1\DEFEND~1\PopUpKiller.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1128200660843
O16 - DPF: {9E17A5F9-2B9C-4C66-A592-199A4BA1FBC8} - http://pictures06.ai...AIM.9.5.1.8.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O18 - Protocol: flowto - {C7101FB0-28FB-11D5-883A-204C4F4F5021} - C:\Program Files\NetExchange Pro3.0\FlowHook.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: kavsvc - Kaspersky Labs - C:\Program Files\Defender\Defender Pro 2005\kavsvc.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

[OwNt]

Hello, Elite[sS].

Please open Hijackthis, scan, and put a checkmark by the following files:

O2 - BHO: SABHO - {21B4ACC4-8874-4AEC-AEAC-F567A249B4D4} - (no file)
O4 - HKCU\..\Run: [Windoxs Update Center] yrt.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

Close ALL open windows/browsers and click Fix Checked.

Please reboot into safe mode by tapping F8 after you turn on your computer, but before you see the windows loading screen.

Please show hidden files.

Click Start.
Open My Computer.
Select the Tools menu and click Folder Options.
Select the View Tab.
Under the Hidden files and folders heading select Show hidden files and folders.
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm.
Click OK.

Go to Start > Search > For Files or Folders, and type in yrt.exe

Please delete all instances found.

Also, please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.

• The program will launch and then begin downloading the latest definition files:
• Once the files have been downloaded click on NEXT
  
• Now click on Scan Settings
• In the scan settings make that the following are selected:
  • Scan using the following Anti-Virus database:
  Extended (if available otherwise Standard)
  
  • Scan Options:
  Scan Archives
  Scan Mail Bases
• Click OK
• Now under select a target to scan:Select My Computer
• This will program will start and scan your system.
• The scan will take a while so be patient and let it run.
• Once the scan is complete it will display if your system has been infected.
  • Now click on the Save as Text button:
• Save the file to your desktop.
• Copy and paste that information in your next post.

After all that please post a fresh Hijackthis log, and the log from Kaspersky.

Edited by OwNt, 27 October 2005 - 10:33 PM.

[Elite[sS]]

Hello PwNt,

Here are the two logfiles. (HiJackThis and Kaspersky). Oh, and was I suppose to close the scan of Kaspersky or not? (I still have it open if its needed).

HiJackThis Logfile

Logfile of HijackThis v1.99.1
Scan saved at 5:40:20 PM, on 10/28/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\AIM\aim.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Dylan Cuccaro\Desktop\Dylan's Folder\Windows XP\XP Fix\HiJackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = † Internet Explorer †
O2 - BHO: IE PopUp-Killer ; Neikeisoft - {49E0E0F0-5C30-11D4-945D-000000000003} - C:\PROGRA~1\DEFEND~1\DEFEND~1\PopUp.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [KAVPersonal50] C:\Program Files\Defender\Defender Pro 2005\kav.exe /minimize
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [103] "C:\Program Files\Defender Pro Anti Spam\admin" "-hide"
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [DefenderProAutoRun] "C:\Program Files\Defender Pro Anti Spam\dpantispam" -D "C:\Program Files\Defender Pro Anti Spam\conf"
O4 - HKCU\..\Run: [Ashampoo PopUpBlocker] C:\PROGRA~1\DEFEND~1\DEFEND~1\PopUpKiller.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1128200660843
O16 - DPF: {9E17A5F9-2B9C-4C66-A592-199A4BA1FBC8} - http://pictures06.ai...AIM.9.5.1.8.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O18 - Protocol: flowto - {C7101FB0-28FB-11D5-883A-204C4F4F5021} - C:\Program Files\NetExchange Pro3.0\FlowHook.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: kavsvc - Kaspersky Labs - C:\Program Files\Defender\Defender Pro 2005\kavsvc.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe


Kaspersky Logfile

-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Friday, October 28, 2005 17:37:45
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 28/10/2005
Kaspersky Anti-Virus database records: 156951
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 108061
Number of viruses found: 10
Number of infected objects: 19
Number of suspicious objects: 0
Duration of the scan process: 5250 sec

Infected Object Name - Virus Name
C:\Documents and Settings\Bob Cuccaro\Local Settings\Temporary Internet Files\Content.IE5\R6N771J4\mc-62-602-0000156[1].exe Infected: not-a-virus:AdWare.Win32.Maxifiles.m
C:\Documents and Settings\Dylan Cuccaro\Desktop\Dylan's Folder\Starcraft Programs\Hacks\Starcraft Brood War 1.13e Hacks\Spammer\Spammer.exe Infected: SpamTool.Win32.VB.k
C:\Documents and Settings\Dylan Cuccaro\Desktop\Dylan's Folder\Starcraft Programs\Hacks\Starcraft Brood War 1.13e Hacks\Spammer.rar/Spammer/Spammer.exe Infected: SpamTool.Win32.VB.k
C:\Documents and Settings\Dylan Cuccaro\Desktop\Dylan's Folder\Starcraft Programs\Hacks\Starcraft Brood War 1.13e Hacks\Spammer.rar Infected: SpamTool.Win32.VB.k
C:\Documents and Settings\Kathy Cuccaro\Local Settings\Temp\auf0.exe Infected: Trojan.Win32.Crypt.t
C:\Documents and Settings\Kathy Cuccaro\Local Settings\Temporary Internet Files\Content.IE5\89CV8ZSR\CP.GH2[1].exe Infected: Trojan.Win32.Crypt.t
C:\Documents and Settings\Kathy Cuccaro\Local Settings\Temporary Internet Files\Content.IE5\89CV8ZSR\mc-62-602-0000156[1].exe Infected: not-a-virus:AdWare.Win32.Maxifiles.m
C:\Documents and Settings\Kathy Cuccaro\Local Settings\Temporary Internet Files\Content.IE5\GP2FG5A3\1[1] Infected: Trojan.Win32.Crypt.t
C:\Documents and Settings\Kathy Cuccaro\Local Settings\Temporary Internet Files\Content.IE5\GP2FG5A3\stubSafull[1].exe Infected: not-a-virus:AdWare.Win32.WinAD.bl
C:\Dylan's Folder\Starcraft Programs\Spammer-eng.exe Infected: SpamTool.Win32.VB.k
C:\Program Files\Common Files\Download\mc-62-602-0000156.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.l
C:\Program Files\Common Files\InetGet\freeprodtb.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.o
C:\Program Files\InetGet2\CP.GH2.exe Infected: Trojan.Win32.Crypt.t
C:\Program Files\Your Uninstaller 2004\HbUninst.exe Infected: not-a-virus:AdWare.Win32.HotBar.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1\A0001096.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.h
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1\A0001097.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.h
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1\A0001101.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.h
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1\A0001102.exe Infected: not-a-virus:AdWare.Win32.180Solutions.i
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1\A0001104.bat Infected: Trojan.BAT.KillProc.a

Scan process completed.

[OwNt]

Hello, Elite[sS].

If you did not use Spybot or a similiar program to set restrictions, please fix the entry I have listed below.

Please open Hijackthis, scan, a put a checkmark by the following file:

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

Please close ALL open Windows/Browsers and click Fix Checked.

1) Please download the Killbox.
Unzip it to the desktop but do NOT run it yet.

2) Then please reboot into Safe Mode by restarting your computer and pressing F8 as your computer is booting up. Then select the Safe Mode option.

3) Once in Safe Mode, please run Killbox.

4) Select "Delete on Reboot".

5) Open the text file with these instructions in it, and copy the file names below to the clipboard by highlighting them and pressing Control-C:

C:\Documents and Settings\Bob Cuccaro\Local Settings\Temporary Internet Files\Content.IE5\R6N771J4\mc-62-602-0000156[1].exe
C:\Documents and Settings\Dylan Cuccaro\Desktop\Dylan's Folder\Starcraft Programs\Hacks\Starcraft Brood War 1.13e Hacks\Spammer\Spammer.exe
C:\Documents and Settings\Dylan Cuccaro\Desktop\Dylan's Folder\Starcraft Programs\Hacks\Starcraft Brood War 1.13e Hacks\Spammer.rar
C:\Documents and Settings\Kathy Cuccaro\Local Settings\Temp\auf0.exe
C:\Documents and Settings\Kathy Cuccaro\Local Settings\Temporary Internet Files\Content.IE5\89CV8ZSR\CP.GH2[1].exe
C:\Documents and Settings\Kathy Cuccaro\Local Settings\Temporary Internet Files\Content.IE5\89CV8ZSR\mc-62-602-0000156[1].exe
C:\Documents and Settings\Kathy Cuccaro\Local Settings\Temporary Internet Files\Content.IE5\GP2FG5A3\1[1]
C:\Documents and Settings\Kathy Cuccaro\Local Settings\Temporary Internet Files\Content.IE5\GP2FG5A3\stubSafull[1].exe
C:\Dylan's Folder\Starcraft Programs\Spammer-eng.exe
C:\Program Files\Common Files\Download\mc-62-602-0000156.exe
C:\Program Files\Common Files\InetGet\freeprodtb.exe
C:\Program Files\InetGet2\CP.GH2.exe
C:\Program Files\Your Uninstaller 2004\HbUninst.exe
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1\A0001096.exe
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1\A0001097.exe
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1\A0001101.exe
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1\A0001102.exe
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1\A0001104.bat

6) Return to Killbox, go to the File menu, and choose "Paste from Clipboard".

7) Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt.

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run TheKillbox, click here to download and run missingfilesetup.exe. Then try TheKillbox again..

Let the system reboot.

Please post back a fresh Hijackthis log. Also, is your system still feeling like Windows 98?

[Elite[sS]]

Will I ever get Windows XP back? God...yah its still Windows 98, but heres the HiJackThis Logfile. I hope I didn't miss one of your instructions.

Logfile of HijackThis v1.99.1
Scan saved at 9:14:26 PM, on 10/28/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\userinit.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Microsoft.NET\Framework\v2.0.40607\aspnet_admin.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Defender Pro Anti Spam\dpantispam.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Dylan Cuccaro\Desktop\Dylan's Folder\Windows XP\XP Fix\HiJackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = † Internet Explorer †
O2 - BHO: IE PopUp-Killer ; Neikeisoft - {49E0E0F0-5C30-11D4-945D-000000000003} - C:\PROGRA~1\DEFEND~1\DEFEND~1\PopUp.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [KAVPersonal50] C:\Program Files\Defender\Defender Pro 2005\kav.exe /minimize
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [103] "C:\Program Files\Defender Pro Anti Spam\admin" "-hide"
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [DefenderProAutoRun] "C:\Program Files\Defender Pro Anti Spam\dpantispam" -D "C:\Program Files\Defender Pro Anti Spam\conf"
O4 - HKCU\..\Run: [Ashampoo PopUpBlocker] C:\PROGRA~1\DEFEND~1\DEFEND~1\PopUpKiller.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1128200660843
O16 - DPF: {9E17A5F9-2B9C-4C66-A592-199A4BA1FBC8} - http://pictures06.ai...AIM.9.5.1.8.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O18 - Protocol: flowto - {C7101FB0-28FB-11D5-883A-204C4F4F5021} - C:\Program Files\NetExchange Pro3.0\FlowHook.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: kavsvc - Kaspersky Labs - C:\Program Files\Defender\Defender Pro 2005\kavsvc.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

[OwNt]

Hello, Elite[sS].

On your desktop, right click in an area not occupied by an icon, select properties.

Go to the tab called Appearance, under Windows and buttons: what is selected?

If it says Windows Classic style, can you change it to Windows XP Style?

[Elite[sS]]

Heh, I tried that a long time ago...but the thing is, the only thing there is "Classic XP Style"

[OwNt]

Hello, Elite[sS].

Go Here and scroll down the page to #187. On the right side you will see Restore Luna theme-Restore Classic theme. Right-click on the file and save it to your desktop.

Depending how your machine is set up, you will either see a Winzip file called Resources, or a WinXP Zip folder called Resources.

Whichever it is, open the downloaded file and find the file named Luna.msstyles... the file size will be 4,089 kbytes.

Move this file to C:\Windows\Rescources\Themes\Luna. You may already have the same Luna file listed in this folder, but you must replace it with the new one.

Restart your machine and go to Display Properties and you should be able to choose the XP theme again.

[Elite[sS]]

Hi OwNt,

Its still Windows Classic (98). Still nothing that is plugged into my computer works... , although it did about a week ago. Is there any chance I'll get Windows XP back and fix this problem?

Edited by Elite[sS], 29 October 2005 - 06:52 AM.