1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Help! My browser is hijacked to www.syssecuritysite.net

Discussion in 'Virus & Other Malware Removal' started by robertsbor, Jul 25, 2006.

Thread Status:
Not open for further replies.
Advertisement
  1. robertsbor

    robertsbor Thread Starter

    Joined:
    Jul 25, 2006
    Messages:
    9
    Hi. When I start up my browser (IE6), it goes to www.syssecuritysite.net. How can I get it back? I downloaded and ran HijackThis, and here is my log. Many thanks for any help you can give.

    Logfile of HijackThis v1.99.1
    Scan saved at 4:36:59 AM, on 7/25/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\System32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\cisvc.exe
    C:\WINDOWS\System32\CTsvcCDA.exe
    C:\Program Files\Expertcity\GoToMyPC\g2svc.exe
    C:\WINDOWS\System32\inetsrv\inetinfo.exe
    c:\program files\mcafee.com\agent\mcdetect.exe
    C:\Program Files\Expertcity\GoToMyPC\g2comm.exe
    c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
    C:\Program Files\Expertcity\GoToMyPC\g2pre.exe
    C:\Program Files\Expertcity\GoToMyPC\g2tray.exe
    c:\program files\mcafee.com\vso\mcvsshld.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    c:\progra~1\mcafee.com\vso\mcvsescn.exe
    c:\program files\mcafee.com\agent\mcagent.exe
    C:\PROGRA~1\MICROS~3\MSSQL\binn\sqlservr.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\IntCodec\isamonitor.exe
    C:\Program Files\IntCodec\pmsngr.exe
    C:\Program Files\IntCodec\isamini.exe
    C:\Program Files\IntCodec\pmmon.exe
    C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\WINDOWS\System32\DSentry.exe
    C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
    C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
    C:\Program Files\Dell Support\DSAgnt.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\Program Files\Verizon Online\SupportCenter\bin\mpbtn.exe
    c:\progra~1\mcafee.com\vso\mcvsftsn.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\System32\cidaemon.exe
    C:\WINDOWS\System32\cidaemon.exe
    C:\WINDOWS\SYSTEM32\CMD.EXE
    C:\WINDOWS\System32\findstr.exe
    C:\Documents and Settings\Robbie\Desktop\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/wdgt3/*http://www.yahoo.com/ext/search/search.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/wdgt3/*http://www.yahoo.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
    R3 - Default URLSearchHook is missing
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {5753791b-f607-48ca-814e-91c14d081f9e} - C:\Program Files\IntCodec\isaddon.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: Protection Bar - {d1ac752e-883f-4ed8-8828-b618c3a72152} - C:\Program Files\IntCodec\iesplugin.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
    O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
    O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
    O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
    O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
    O4 - HKLM\..\Run: [GoToMyPC] C:\Program Files\Expertcity\GoToMyPC\g2svc.exe -logon
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
    O4 - HKLM\..\Run: [SpamBlocker] C:\Program Files\SpamBlockerUtility\Bin\4.7.7.0\SbOEAddOn.exe
    O4 - HKCU\..\Run: [SFP] C:\Program Files\Common Files\Verizon Online\SFP\vzSFPWin.EXE /s
    O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
    O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - Startup: PowerReg Scheduler V3.exe
    O4 - Startup: Quicken Scheduled Updates.lnk = C:\Program Files\QUICKENW\bagent.exe
    O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
    O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Digital Line Detect.lnk = ?
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: MTV Networks Video Optimizer.lnk = C:\Program Files\MTV Networks\VOpt\MTVOptTray.exe
    O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    O4 - Global Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\SupportCenter\bin\matcli.exe
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZUxdm020YYUS
    O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
    O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
    O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
    O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
    O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
    O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: (no name) - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
    O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemydsl.verizon.net/sdcCommon/download/tgctlcm.cab
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/MyFunCardsFWBInitialSetup1.0.0.15.cab
    O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip.com/zenpuzzlegarden/miniclipGameLoader.dll
    O16 - DPF: {38578BF0-0ABB-11D3-9330-0080C6F796A1} (Create & Print ActiveX Plug-in) - http://www.imgag.com/cp/install/AxCtp.cab
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,76/mcinsctl.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by103fd.bay103.hotmail.msn.com/resources/MsnPUpld.cab
    O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
    O16 - DPF: {7DFDB8FD-B498-4958-B930-38021B94351D} (imlUCID Class) - http://imlive.com/chatsource/ImlCID.cab
    O16 - DPF: {BB383206-6DA1-4E80-B62A-3DF950FCC697} (Create & Print ActiveX Plug-in) - http://ak.imgag.com/imgag/cp/install/AxCtp2.cab
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,16/mcgdmgr.cab
    O16 - DPF: {C4847596-972C-11D0-9567-00A0C9273C2A} (Crystal Report Viewer Control) - http://irmisportal.hqda.army.mil/irmis/ClientSideComponents/activexviewer.cab
    O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: GoToMyPC - C:\Program Files\Expertcity\GoToMyPC\G2WinLogon.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: cholecyst - {ee2975b6-e8d5-405e-8448-8fe9590f6cfb} - (no file)
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
    O23 - Service: GoToMyPC - Unknown owner - C:\Program Files\Expertcity\GoToMyPC\g2svc.exe" -service (file missing)
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Flexlm (lmgrd) - Unknown owner - C:\Program Files\Cadopia\IntelliCAD 4\LicenseManager\lmgrd.exe (file missing)
    O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
    O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
     
  2. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    112,043
    Hi and welcome to TSG,

    Please download SmitfraudFix (by S!Ri)

    Extract (unzip) the content (a folder named SmitfraudFix) to your Desktop. This is imperative for the tool to function properly. If using a utility such as winzip you will have to direct it there as it will not unzip to the desktop by default. The desination location should look like this (C: being your primary drive): C:\Documents and Settings\User\Desktop\SmitfraudFix

    Open the SmitfraudFix folder and double-click smitfraudfix.cmd
    Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
    Please copy/paste the content of that report into your next reply.

    Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
    http://www.beyondlogic.org/consulting/proc...processutil.htm
     
  3. robertsbor

    robertsbor Thread Starter

    Joined:
    Jul 25, 2006
    Messages:
    9
    Thanks for your quick reply CookieGal. I was up most of the night looking into this, and discovered I had a folder IntCodec which contained, among other things, isaddon.dll which was in use and is is apparently associated with this problem. I went into RegEdit and discovered it was being referenced by hklm\software\microsoft\windows\currentversion\explorer\browser helper objects.
    After I rebooted and moved the contents of IntCodec into another directory, it seemed to solve the problem. I should probably continue with the cleaning process to make sure. Here is the result of running smitfraudfix.cmd. Thanks very much for your help!

    SmitFraudFix v2.75b

    Scan done at 23:11:30.89, Tue 07/25/2006
    Run from C:\Documents and Settings\Robbie\Desktop\SmitfraudFix
    OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
    Fix ran in normal mode

    »»»»»»»»»»»»»»»»»»»»»»»» C:\


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Robbie\Application Data


    »»»»»»»»»»»»»»»»»»»»»»»» Start Menu


    »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Robbie\FAVORI~1


    »»»»»»»»»»»»»»»»»»»»»»»» Desktop


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


    »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


    »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
    "Source"="About:Home"
    "SubscribedURL"="About:Home"
    "FriendlyName"="My Current Home Page"


    »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    »»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


    »»»»»»»»»»»»»»»»»»»»»»»» End
     
  4. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    112,043
    C:\Program Files\IntCodec needs to be removed. This is Smitfraud but unfortunately, the fix hasn't been updated to include it yet.

    Download the trial version of Ewido Anti-spyware from HERE and save that file to your desktop. When the trial period expires it becomes freeware with reduced functions but still worth keeping.



    • Once you have downloaded Ewido Anti-spyware, locate the icon on the desktop and double-click it to launch the set up program.
    • Once the setup is complete you will need run Ewido and update the definition files.
    • On the main screen select the icon "Update" then select the "Update now" link.
    • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
    • Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
    • Once in the Settings screen click on "Recommended actions" and then select "Quarantine"
    • Under "Reports"
    • Select "Automatically generate report after every scan"
    • Un-Select "Only if threats were found"

    Close Ewido Anti-spyware, Do NOT run a scan yet. We will do that later in safe mode.


    • Reboot your computer into Safe Mode now. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight Safe Mode then hit enter.
      IMPORTANT: Do not open any other windows or programs while Ewido is scanning as it may interfere with the scanning process:
    • Launch Ewido Anti-spyware by double-clicking the icon on your desktop.
    • Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
    • Ewido will now begin the scanning process. Be patient this may take a little time.
      Once the scan is complete do the following:
    • If you have any infections you will prompted, then select "Apply all actions"
    • Next select the "Reports" icon at the top.
    • Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
    • Close Ewido and reboot your system back into Normal Mode.


    Please go HERE to run Panda's ActiveScan
    • Once you are on the Panda site click the Scan your PC button
    • A new window will open...click the Check Now button
    • Enter your Country
    • Enter your State/Province
    • Enter your e-mail address and click send
    • Select either Home User or Company
    • Click the big Scan Now button
    • If it wants to install an ActiveX component allow it
    • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
    • When download is complete, click on My Computer to start the scan
    • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report


    Come back here and post a new HijackThis log along with the logs from the Ewido and Panda scans.
     
  5. robertsbor

    robertsbor Thread Starter

    Joined:
    Jul 25, 2006
    Messages:
    9
    Thanks for your help so far CookieGirl. I've done what you requested. Here are the new logs. I'm attaching them in separate posts because the system won't let me enter more than 300000 characters.

    Here is the HijackThis log:

    Logfile of HijackThis v1.99.1
    Scan saved at 9:01:06 AM, on 7/27/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\System32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\cisvc.exe
    C:\WINDOWS\System32\CTsvcCDA.exe
    C:\Program Files\ewido anti-spyware 4.0\guard.exe
    C:\Program Files\Expertcity\GoToMyPC\g2svc.exe
    C:\WINDOWS\System32\inetsrv\inetinfo.exe
    c:\program files\mcafee.com\agent\mcdetect.exe
    c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    C:\Program Files\Expertcity\GoToMyPC\g2comm.exe
    c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
    C:\Program Files\Expertcity\GoToMyPC\g2pre.exe
    C:\WINDOWS\System32\DSentry.exe
    C:\PROGRA~1\mcafee.com\agent\mcagent.exe
    c:\program files\mcafee.com\vso\mcvsshld.exe
    C:\Program Files\Expertcity\GoToMyPC\g2tray.exe
    c:\progra~1\mcafee.com\vso\mcvsescn.exe
    C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
    C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
    C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\Program Files\ewido anti-spyware 4.0\ewido.exe
    C:\Program Files\AIM\aim.exe
    C:\Program Files\Dell Support\DSAgnt.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\MTV Networks\VOpt\MTVOptTray.exe
    C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\Program Files\MTV Networks\VOpt\MTVOptQueue.exe
    C:\Program Files\Verizon Online\SupportCenter\bin\mpbtn.exe
    c:\progra~1\mcafee.com\vso\mcvsftsn.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\System32\cidaemon.exe
    C:\WINDOWS\System32\cidaemon.exe
    C:\Documents and Settings\Robbie\Desktop\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/wdgt3/*http://www.yahoo.com/ext/search/search.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/wdgt3/*http://www.yahoo.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
    R3 - Default URLSearchHook is missing
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: Protection Bar - {d1ac752e-883f-4ed8-8828-b618c3a72152} - C:\Program Files\IntCodec\iesplugin.dll (file missing)
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
    O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
    O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
    O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
    O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
    O4 - HKLM\..\Run: [GoToMyPC] C:\Program Files\Expertcity\GoToMyPC\g2svc.exe -logon
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
    O4 - HKLM\..\Run: [SpamBlocker] C:\Program Files\SpamBlockerUtility\Bin\4.7.7.0\SbOEAddOn.exe
    O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
    O4 - HKCU\..\Run: [SFP] C:\Program Files\Common Files\Verizon Online\SFP\vzSFPWin.EXE /s
    O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
    O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1
    O4 - Startup: PowerReg Scheduler V3.exe
    O4 - Startup: Quicken Scheduled Updates.lnk = C:\Program Files\QUICKENW\bagent.exe
    O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
    O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Digital Line Detect.lnk = ?
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: MTV Networks Video Optimizer.lnk = C:\Program Files\MTV Networks\VOpt\MTVOptTray.exe
    O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    O4 - Global Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\SupportCenter\bin\matcli.exe
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZUxdm020YYUS
    O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
    O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
    O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
    O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
    O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
    O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: (no name) - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
    O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemydsl.verizon.net/sdcCommon/download/tgctlcm.cab
    O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/MyFunCardsFWBInitialSetup1.0.0.15.cab
    O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip.com/zenpuzzlegarden/miniclipGameLoader.dll
    O16 - DPF: {38578BF0-0ABB-11D3-9330-0080C6F796A1} (Create & Print ActiveX Plug-in) - http://www.imgag.com/cp/install/AxCtp.cab
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,76/mcinsctl.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by103fd.bay103.hotmail.msn.com/resources/MsnPUpld.cab
    O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
    O16 - DPF: {7DFDB8FD-B498-4958-B930-38021B94351D} (imlUCID Class) - http://imlive.com/chatsource/ImlCID.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {BB383206-6DA1-4E80-B62A-3DF950FCC697} (Create & Print ActiveX Plug-in) - http://ak.imgag.com/imgag/cp/install/AxCtp2.cab
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,16/mcgdmgr.cab
    O16 - DPF: {C4847596-972C-11D0-9567-00A0C9273C2A} (Crystal Report Viewer Control) - http://irmisportal.hqda.army.mil/irmis/ClientSideComponents/activexviewer.cab
    O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: GoToMyPC - C:\Program Files\Expertcity\GoToMyPC\G2WinLogon.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: cholecyst - {ee2975b6-e8d5-405e-8448-8fe9590f6cfb} - (no file)
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: GoToMyPC - Unknown owner - C:\Program Files\Expertcity\GoToMyPC\g2svc.exe" -service (file missing)
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Flexlm (lmgrd) - Unknown owner - C:\Program Files\Cadopia\IntelliCAD 4\LicenseManager\lmgrd.exe (file missing)
    O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
    O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
     
  6. robertsbor

    robertsbor Thread Starter

    Joined:
    Jul 25, 2006
    Messages:
    9
    Here's the new: Ewido log

    ---------------------------------------------------------
    ewido anti-spyware - Scan Report
    ---------------------------------------------------------

    + Created at: 9:07:08 AM 7/25/2006

    + Scan result:



    HKLM\SOFTWARE\Classes\CLSID\{5753791b-f607-48ca-814e-91c14d081f9e} -> Adware.Generic : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5753791b-f607-48ca-814e-91c14d081f9e} -> Adware.Generic : Cleaned with backup (quarantined).
    HKU\S-1-5-21-1745697433-3222028259-1033960427-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5753791B-F607-48CA-814E-91C14D081F9E} -> Adware.Generic : Cleaned with backup (quarantined).
    C:\WINDOWS\SYSTEM32\in10b6s.dll -> Dropper.Small.abe : Cleaned with backup (quarantined).
    C:\Documents and Settings\Robbie\Cookies\[email protected][2].txt -> TrackingCookie.2o7 : Cleaned.
    C:\Documents and Settings\Robbie\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
    C:\Documents and Settings\Robbie\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
    C:\Documents and Settings\Robbie\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
    C:\Documents and Settings\Robbie\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
    C:\Documents and Settings\Robbie\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
    C:\Documents and Settings\Robbie\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
    C:\Documents and Settings\Robbie\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
    C:\Documents and Settings\Robbie\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
    C:\Documents and Settings\Robbie\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
    C:\Documents and Settings\Robbie\Cookies\[email protected][2].txt -> TrackingCookie.2o7 : Cleaned.
    C:\Documents and Settings\Robbie\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
    C:\Documents and Settings\Robbie\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
    C:\Documents and Settings\Robbie\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
    C:\Documents and Settings\Robbie\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
    C:\Documents and Settings\Robbie\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
    C:\Documents and Settings\Robbie\Cookies\[email protected][2].txt -> TrackingCookie.2o7 : Cleaned.
    C:\Documents and Settings\Robbie\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
    C:\Documents and Settings\Robbie\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
    C:\Documents and Settings\Robbie\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
    C:\Documents and Settings\Robbie\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
    C:\Documents and Settings\Robbie\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
    C:\Documents and Settings\Robbie\Cookies\[email protected][2].txt -> TrackingCookie.2o7 : Cleaned.
    C:\Documents and Settings\Robbie\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
    C:\Documents and Settings\Robbie\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
    C:\Documents and Settings\Robbie\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
    C:\Documents and Settings\Robbie\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
    C:\Documents and Settings\Robbie\Cookies\[email protected][2].txt -> TrackingCookie.Aavalue : Cleaned.
    C:\Documents and Settings\Robbie\Cookies\[email protected][1].txt -> TrackingCookie.Aavalue : Cleaned.
    C:\Documents and Settings\Robbie\Cookies\[email protected][1].txt -> TrackingCookie.Abetterinternet : Cleaned.
    C:\Documents and Settings\Robbie\Cookies\[email protected][1].txt -> TrackingCookie.Adbutler : Cleaned.
    C:\Documents and Settings\Robbie\Cookies\[email protected][1].txt -> TrackingCookie.Adjuggler : Cleaned.
    C:\Documents and Settings\Robbie\Cookies\[email protected][1].txt -> TrackingCookie.Bpath : Cleaned.
    C:\Documents and Settings\Robbie\Cookies\[email protected][1].txt -> TrackingCookie.Bpath : Cleaned.
    C:\Documents and Settings\Robbie\Cookies\[email protected][1].txt -> TrackingCookie.Bpath : Cleaned.
    C:\Documents and Settings\Robbie\Cookies\[email protected][1].txt -> TrackingCookie.Bpath : Cleaned.
    C:\Documents and Settings\Robbie\Cookies\[email protected][2].txt -> TrackingCookie.Burstbeacon : Cleaned.
    C:\Documents and Settings\Robbie\Cookies\[email protected][2].txt -> TrackingCookie.Burstnet : Cleaned.
    C:\Documents and Settings\Robbie\Cookies\[email protected][2].txt -> TrackingCookie.Com : Cleaned.
    C:\Documents and Settings\Robbie\Cookies\[email protected][1].txt -> TrackingCookie.Com : Cleaned.
    C:\Documents and Settings\Robbie\Cookies\[email protected][2].txt -> TrackingCookie.Com : Cleaned.
    C:\Documents and Settings\Robbie\Cookies\[email protected][2].txt -> TrackingCookie.Com : Cleaned.
    C:\Documents and Settings\Robbie\Cookies\[email protected][1].txt -> TrackingCookie.Com : Cleaned.
    C:\Documents and Settings\Robbie\Cookies\[email protected][1].txt -> TrackingCookie.Cpvfeed : Cleaned.
    C:\Documents and Settings\Robbie\Cookies\[email protected][1].txt -> TrackingCookie.Enhance : Cleaned.
    C:\Documents and Settings\Robbie\Cookies\[email protected][1].txt -> TrackingCookie.Enhance : Cleaned.
    C:\Documents and Settings\Robbie\Cookies\[email protected][2].txt -> TrackingCookie.Enigmasoftwaregroup : Cleaned.
    C:\Documents and Settings\Robbie\Cookies\[email protected]2-2.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\Robbie\Cookies\[email protected]-2-2.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\Robbie\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\Robbie\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\Robbie\Cookies\[email protected][1].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\Robbie\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\Robbie\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\Robbie\Cookies\[email protected][1].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\Robbie\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\Robbie\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\Robbie\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\Robbie\Cookies\[email protected][1].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\Robbie\Cookies\[email protected][1].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\Robbie\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\Robbie\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\Robbie\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\Robbie\Cookies\[email protected][1].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\Robbie\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\Robbie\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\Robbie\Cookies\[email protected][1].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\Robbie\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\Robbie\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\Robbie\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\Robbie\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\Robbie\Cookies\[email protected]stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\Robbie\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\Robbie\Cookies\[email protected][1].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\Robbie\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\Robbie\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\Robbie\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\Robbie\Cookies\[email protected][1].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\Robbie\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\Robbie\Cookies\[email protected][1].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\Robbie\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\Robbie\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\Robbie\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\Robbie\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\Robbie\Cookies\[email protected][1].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\Robbie\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\Robbie\Cookies\[email protected][1].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\Robbie\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\Robbie\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\Robbie\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\Robbie\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\Robbie\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\Robbie\Cookies\[email protected][1].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\Robbie\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\Robbie\Cookies\[email protected][1].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\Robbie\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\Robbie\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\Robbie\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\Robbie\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\Robbie\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\Robbie\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\Robbie\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\Robbie\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\Robbie\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\Robbie\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\Robbie\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\Robbie\Cookies\[email protected][1].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\Robbie\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\Robbie\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\Robbie\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\Robbie\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\Robbie\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\Robbie\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\Robbie\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\Robbie\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\Robbie\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\Robbie\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\Robbie\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\Robbie\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\Robbie\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\Robbie\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\Robbie\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\Robbie\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\Robbie\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\Robbie\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\Robbie\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\Robbie\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\Robbie\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\Robbie\Cookies\[email protected][1].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\Robbie\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\Robbie\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\Robbie\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\Robbie\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\Robbie\Cookies\[email protected][1].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\Robbie\Cookies\[email protected][1].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\Robbie\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\Robbie\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\Robbie\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\Robbie\Cookies\[email protected][1].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\Robbie\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\Robbie\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\Robbie\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\Robbie\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\Robbie\Cookies\[email protected]2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\Robbie\Cookies\[email protected]2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\Robbie\Cookies\[email protected]2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\Robbie\Cookies\[email protected]2-2.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\Robbie\Cookies\[email protected]2-2.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\Robbie\Cookies\[email protected]2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\Robbie\Cookies\[email protected]2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\Robbie\Cookies\[email protected]2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\Robbie\Cookies\[email protected]2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\Robbie\Cookies\[email protected]2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\Robbie\Cookies\[email protected]2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\Robbie\Cookies\[email protected]2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\Robbie\Cookies\[email protected]6wjl4kmc5mcqqmdj6x9ny-1seq-2-2.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\Robbie\Cookies\[email protected]2-2.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\Robbie\Cookies\[email protected]2-2.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\Robbie\Cookies\[email protected]2-2.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\Robbie\Cookies\[email protected]2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\Robbie\Cookies\[email protected]2-2.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\Robbie\Cookies\[email protected]2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\Robbie\Cookies\[email protected]2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\Robbie\Cookies\[email protected]2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\Robbie\Cookies\[email protected]2-2.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\Robbie\Cookies\[email protected]2-2.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\Robbie\Cookies\[email protected]2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\Robbie\Cookies\[email protected][1].txt -> TrackingCookie.Euroclick : Cleaned.
    C:\Documents and Settings\Robbie\Cookies\[email protected][2].txt -> TrackingCookie.Goclick : Cleaned.
    C:\Documents and Settings\Robbie\Cookies\[email protected][2].txt -> TrackingCookie.Hyperbanner : Cleaned.
    C:\Documents and Settings\Robbie\Cookies\[email protected][1].txt -> TrackingCookie.Hypertracker : Cleaned.
    C:\Documents and Settings\Robbie\Cookies\[email protected][2].txt -> TrackingCookie.Kmpads : Cleaned.
    C:\Documents and Settings\Robbie\Cookies\[email protected][1].txt -> TrackingCookie.Liveperson : Cleaned.
    C:\Documents and Settings\Robbie\Cookies\[email protected][1].txt -> TrackingCookie.Masterstats : Cleaned.
    C:\Documents and Settings\Robbie\Cookies\[email protected][1].txt -> TrackingCookie.Myaffiliateprogram : Cleaned.
    C:\Documents and Settings\Robbie\Cookies\[email protected][2].txt -> TrackingCookie.Overture : Cleaned.
    C:\Documents and Settings\Robbie\Cookies\[email protected][2].txt -> TrackingCookie.Overture : Cleaned.
    C:\Documents and Settings\Robbie\Cookies\[email protected][1].txt -> TrackingCookie.Overture : Cleaned.
    C:\Documents and Settings\Robbie\Cookies\[email protected][1].txt -> TrackingCookie.Overture : Cleaned.
    C:\Documents and Settings\Robbie\Cookies\[email protected][2].txt -> TrackingCookie.Realcastmedia : Cleaned.
    C:\Documents and Settings\Robbie\Cookies\[email protected][2].txt -> TrackingCookie.Realcastmedia : Cleaned.
    C:\Documents and Settings\Robbie\Cookies\[email protected][1].txt -> TrackingCookie.Specificclick : Cleaned.
    C:\Documents and Settings\Robbie\Cookies\[email protected][1].txt -> TrackingCookie.Specificpop : Cleaned.
    C:\Documents and Settings\Robbie\Cookies\[email protected][2].txt -> TrackingCookie.Starware : Cleaned.
    C:\Documents and Settings\Robbie\Cookies\[email protected][1].txt -> TrackingCookie.Starware : Cleaned.
    C:\Documents and Settings\Robbie\Cookies\[email protected][2].txt -> TrackingCookie.Statcounter : Cleaned.
    C:\Documents and Settings\Robbie\Cookies\[email protected][2].txt -> TrackingCookie.Tacoda : Cleaned.
    C:\Documents and Settings\Robbie\Cookies\[email protected][1].txt -> TrackingCookie.Tacoda : Cleaned.
    C:\Documents and Settings\Robbie\Cookies\[email protected][1].txt -> TrackingCookie.Tacoda : Cleaned.
    C:\Documents and Settings\Robbie\Cookies\[email protected][2].txt -> TrackingCookie.Tracking101 : Cleaned.
    C:\Documents and Settings\Robbie\Cookies\[email protected][2].txt -> TrackingCookie.Web-stat : Cleaned.
    C:\Documents and Settings\Robbie\Cookies\[email protected][2].txt -> TrackingCookie.Web-stat : Cleaned.
    C:\Documents and Settings\Robbie\Cookies\[email protected][2].txt -> TrackingCookie.Web-stat : Cleaned.
    C:\Documents and Settings\Robbie\Cookies\[email protected][1].txt -> TrackingCookie.Yadro : Cleaned.
    C:\Documents and Settings\Robbie\Cookies\[email protected][2].txt -> TrackingCookie.Yieldmanager : Cleaned.
    C:\Documents and Settings\Robbie\Cookies\[email protected][1].txt -> TrackingCookie.Yieldmanager : Cleaned.


    ::Report end
     
  7. robertsbor

    robertsbor Thread Starter

    Joined:
    Jul 25, 2006
    Messages:
    9
    Here's the ActiveScan log. Thanks again for your help! Unfortunately it's too long to post, i have to break it up. Here's the first part.


    Incident Status Location

    Adware:adware/wupd Not disinfected c:\windows\system32\ide21201.vxd
    Potentially unwanted tool:application/funweb Not disinfected c:\windows\downloaded program files\f3initialsetup1.0.0.15.inf
    Adware:adware/gator Not disinfected c:\windows\GatorHDPlugin.log
    Adware:adware/ist.istbar Not disinfected c:\program files\common files\Totem Shared
    Adware:adware/sahagent Not disinfected c:\windows\system32\SahImages
    Potentially unwanted tool:application/mywebsearch Not disinfected c:\program files\MyWebSearch
    Adware:adware/cws Not disinfected C:\Documents and Settings\Robbie\Favorites\health
    Adware:adware/prositefinder Not disinfected Windows Registry
    Adware:adware/powerstrip Not disinfected Windows Registry
    Adware:adware/topmoxie Not disinfected Windows Registry
    Adware:adware/dyfuca Not disinfected Windows Registry
    Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\frogface\Cookies\[email protected][1].txt
    Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\frogface\Cookies\[email protected][1].txt
    Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\frogface\Cookies\[email protected][2].txt
    Spyware:Cookie/Banner Not disinfected C:\Documents and Settings\frogface\Cookies\[email protected]ner[1].txt
    Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\frogface\Cookies\[email protected][2].txt
    Spyware:Cookie/Ccbill Not disinfected C:\Documents and Settings\frogface\Cookies\[email protected][2].txt
    Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\frogface\Cookies\[email protected][10].txt
    Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\frogface\Cookies\[email protected][11].txt
    Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\frogface\Cookies\[email protected][12].txt
    Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\frogface\Cookies\[email protected][13].txt
    Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\frogface\Cookies\[email protected][7].txt
    Spyware:Cookie/Sexsuche Not disinfected C:\Documents and Settings\frogface\Cookies\[email protected][1].txt
    Spyware:Cookie/did-it Not disinfected C:\Documents and Settings\frogface\Cookies\[email protected][1].txt
    Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\frogface\Cookies\[email protected][1].txt
    Spyware:Cookie/Go Not disinfected C:\Documents and Settings\frogface\Cookies\[email protected][2].txt
    Spyware:Cookie/Malwarewipe Not disinfected C:\Documents and Settings\frogface\Cookies\[email protected][1].txt
    Spyware:Cookie/Target Not disinfected C:\Documents and Settings\frogface\Cookies\[email protected][1].txt
    Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\frogface\Cookies\[email protected][1].txt
    Spyware:Cookie/WebPower Not disinfected C:\Documents and Settings\frogface\Cookies\[email protected][1].txt
    Spyware:Cookie/SecurityError Not disinfected C:\Documents and Settings\frogface\Cookies\[email protected][1].txt
    Spyware:Cookie/Seeq Not disinfected C:\Documents and Settings\frogface\Cookies\[email protected][1].txt
    Adware:Adware/PestTrap Not disinfected C:\Documents and Settings\frogface\Local Settings\Temporary Internet Files\Content.IE5\KPABW9QF\syssecuritysite[1].htm
    Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Kids\Cookies\[email protected][1].txt
    Spyware:Cookie/GoStats Not disinfected C:\Documents and Settings\Kids\Cookies\[email protected][2].txt
     
  8. robertsbor

    robertsbor Thread Starter

    Joined:
    Jul 25, 2006
    Messages:
    9
    Here's the second part of the ActiveScan log. Thanks again.

    Spyware:Cookie/Ccbill Not disinfected C:\Documents and Settings\Kids\Cookies\[email protected][1].txt
    Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Kids\Cookies\[email protected][1].txt
    Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Kids\Cookies\[email protected][1].txt
    Spyware:Cookie/Affiliate fuel Not disinfected C:\Documents and Settings\Kids\Cookies\[email protected][1].txt
    Spyware:Cookie/64.62.232 Not disinfected C:\Documents and Settings\Robbie\Cookies\[email protected][2].txt
    Spyware:Cookie/888 Not disinfected C:\Documents and Settings\Robbie\Cookies\[email protected][2].txt
    Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\Robbie\Cookies\[email protected][1].txt
    Spyware:Cookie/Gorillanation Not disinfected C:\Documents and Settings\Robbie\Cookies\[email protected][1].txt
    Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\Robbie\Cookies\[email protected][2].txt
    Spyware:Cookie/NewMedia Not disinfected C:\Documents and Settings\Robbie\Cookies\[email protected][2].txt
    Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Robbie\Cookies\[email protected][1].txt
    Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Robbie\Cookies\[email protected][2].txt
    Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\Robbie\Cookies\[email protected][1].txt
    Spyware:Cookie/Banner Not disinfected C:\Documents and Settings\Robbie\Cookies\[email protected][1].txt
    Spyware:Cookie/Banner Not disinfected C:\Documents and Settings\Robbie\Cookies\[email protected][2].txt
    Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Robbie\Cookies\[email protected][1].txt
    Spyware:Cookie/GoStats Not disinfected C:\Documents and Settings\Robbie\Cookies\[email protected][2].txt
    Spyware:Cookie/GoStats Not disinfected C:\Documents and Settings\Robbie\Cookies\[email protected][2].txt
    Spyware:Cookie/Ccbill Not disinfected C:\Documents and Settings\Robbie\Cookies\[email protected][2].txt
    Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Robbie\Cookies\[email protected][11].txt
    Spyware:Cookie/360i Not disinfected C:\Documents and Settings\Robbie\Cookies\[email protected][2].txt
    Spyware:Cookie/did-it Not disinfected C:\Documents and Settings\Robbie\Cookies\[email protected][2].txt
    Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Robbie\Cookies\[email protected][2].txt
    Spyware:Cookie/Entrepreneur Not disinfected C:\Documents and Settings\Robbie\Cookies\[email protected][1].txt
    Spyware:Cookie/GoStats Not disinfected C:\Documents and Settings\Robbie\Cookies\[email protected][1].txt
    Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Robbie\Cookies\[email protected][2].txt
    Spyware:Cookie/Screensavers Not disinfected C:\Documents and Settings\Robbie\Cookies\[email protected][1].txt
    Spyware:Cookie/MediaTickets Not disinfected C:\Documents and Settings\Robbie\Cookies\[email protected][1].txt
    Spyware:Cookie/Kount Not disinfected C:\Documents and Settings\Robbie\Cookies\[email protected][1].txt
    Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Robbie\Cookies\[email protected][2].txt
    Spyware:Cookie/OfferOptimizer Not disinfected C:\Documents and Settings\Robbie\Cookies\[email protected][1].txt
    Spyware:Cookie/Rightmedia Not disinfected C:\Documents and Settings\Robbie\Cookies\[email protected][2].txt
    Spyware:Cookie/Rn11 Not disinfected C:\Documents and Settings\Robbie\Cookies\[email protected][2].txt
    Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Robbie\Cookies\[email protected][2].txt
    Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Robbie\Cookies\[email protected][1].txt
    Spyware:Cookie/Target Not disinfected C:\Documents and Settings\Robbie\Cookies\[email protected][1].txt
    Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Robbie\Cookies\[email protected][1].txt
    Spyware:Cookie/Affiliate fuel Not disinfected C:\Documents and Settings\Robbie\Cookies\[email protected][1].txt
    Spyware:Cookie/seeqA Not disinfected C:\Documents and Settings\Robbie\Cookies\[email protected][2].txt
    Spyware:Cookie/SpywareQuake Not disinfected C:\Documents and Settings\Robbie\Cookies\[email protected][1].txt
    Spyware:Cookie/SecurityError Not disinfected C:\Documents and Settings\Robbie\Cookies\[email protected][1].txt
    Spyware:Cookie/TopRebates.com Not disinfected C:\Documents and Settings\Robbie\Cookies\[email protected][2].txt
    Spyware:Cookie/Buydomains Not disinfected C:\Documents and Settings\Robbie\Cookies\[email protected][1].txt
    Spyware:Cookie/Seeq Not disinfected C:\Documents and Settings\Robbie\Cookies\[email protected][1].txt
    Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Robbie\Cookies\[email protected][1].txt
    Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Robbie\Desktop\Robbie's Files\smitRem\Process.exe
    Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Robbie\Desktop\SmitfraudFix\Process.exe
     
  9. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Hi, Cookiegal is off on holiday for a few days. I'll try and help you while she is gone.

    Go to control panel, add/remove programs and remove SpamBlockerUtility


    Run HJT again and put a check in the following:

    R3 - Default URLSearchHook is missing
    O3 - Toolbar: Protection Bar - {d1ac752e-883f-4ed8-8828-b618c3a72152} - C:\Program Files\IntCodec\iesplugin.dll (file missing)
    O4 - HKLM\..\Run: [SpamBlocker] C:\Program Files\SpamBlockerUtility\Bin\4.7.7.0\SbOEAddOn.exe
    O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbar...p=ZUxdm020YYUS
    O9 - Extra button: (no name) - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/noc...up1.0.0.15.cab
    O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip.com/zenpuzzlegar...GameLoader.dll
    O21 - SSODL: cholecyst - {ee2975b6-e8d5-405e-8448-8fe9590f6cfb} - (no file)

    Close all applications and browser windows before you click "fix checked".


    Go to www.java.com & download the latest version of java 1.5.0.7
    Install it & then go to add/remove programs and UNINSTALL ALL previous versions of sun java.



    1. Please download The Avenger by Swandog46 to your Desktop.
    • Click on Avenger.zip to open the file
    • Extract avenger.exe to your desktop

    2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):



    Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


    3. Now, start The Avenger program by clicking on its icon on your desktop.
    • Under "Script file to execute" choose "Input Script Manually".
    • Now click on the Magnifying Glass icon which will open a new window titled "View/edit script"
    • Paste the text copied to clipboard into this window by pressing (Ctrl+V).
    • Click Done
    • Now click on the Green Light to begin execution of the script
    • Answer "Yes" twice when prompted.
    4. The Avenger will automatically do the following:
    • It will Restart your computer. ( In cases where the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)
    • On reboot, it will briefly open a black command window on your desktop, this is normal.
    • After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
    • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
    5. Please copy/paste the content of c:\avenger.txt into your reply along with a fresh HJT log
     
  10. robertsbor

    robertsbor Thread Starter

    Joined:
    Jul 25, 2006
    Messages:
    9
    Many thanks, Cybertech. Here are the two new logs. Let me know how it looks.

    Avenger log:
    --------------

    Logfile of The Avenger version 1, by Swandog46
    Running from registry key:
    \Registry\Machine\System\CurrentControlSet\Services\vxdxlweb

    *******************

    Script file located at: \??\C:\ydwifpeg.txt
    Script file opened successfully.

    Script file read successfully

    Backups directory opened successfully at C:\Avenger

    *******************

    Beginning to process script file:

    File c:\windows\system32\ide21201.vxd deleted successfully.


    File c:\windows\downloaded program files\f3initialsetup1.0.0.15.inf not found!
    Deletion of file c:\windows\downloaded program files\f3initialsetup1.0.0.15.inf failed!

    Could not process line:
    c:\windows\downloaded program files\f3initialsetup1.0.0.15.inf
    Status: 0xc0000034

    File c:\windows\GatorHDPlugin.log deleted successfully.
    Folder C:\Program Files\IntCodec deleted successfully.
    Folder c:\program files\MyWebSearch deleted successfully.

    Completed script processing.

    *******************

    Finished! Terminate.







    HijackThis log:
    -----------------

    Logfile of HijackThis v1.99.1
    Scan saved at 11:58:29 PM, on 7/28/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\System32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\DSentry.exe
    C:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\Program Files\McAfee.com\VSO\mcvsshld.exe
    C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
    c:\progra~1\mcafee.com\vso\mcvsescn.exe
    C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
    C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\WINDOWS\System32\cisvc.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\McAfee.com\VSO\oasclnt.exe
    C:\WINDOWS\System32\CTsvcCDA.exe
    C:\Program Files\ewido anti-spyware 4.0\guard.exe
    C:\Program Files\Expertcity\GoToMyPC\g2svc.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\System32\inetsrv\inetinfo.exe
    C:\Program Files\ewido anti-spyware 4.0\ewido.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    c:\program files\mcafee.com\agent\mcdetect.exe
    c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    C:\Program Files\Expertcity\GoToMyPC\g2comm.exe
    c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    C:\Program Files\Common Files\Verizon Online\SFP\vzSFPWin.EXE
    C:\Program Files\Expertcity\GoToMyPC\g2pre.exe
    C:\Program Files\Expertcity\GoToMyPC\g2tray.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\PROGRA~1\MICROS~3\MSSQL\binn\sqlservr.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\Program Files\AIM\aim.exe
    C:\Program Files\Dell Support\DSAgnt.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\MTV Networks\VOpt\MTVOptTray.exe
    C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\MTV Networks\VOpt\MTVOptQueue.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\Program Files\Verizon Online\SupportCenter\bin\mpbtn.exe
    c:\progra~1\mcafee.com\vso\mcvsftsn.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Robbie\Desktop\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/wdgt3/*http://www.yahoo.com/ext/search/search.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/wdgt3/*http://www.yahoo.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
    O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
    O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
    O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
    O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
    O4 - HKLM\..\Run: [GoToMyPC] C:\Program Files\Expertcity\GoToMyPC\g2svc.exe -logon
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKCU\..\Run: [SFP] C:\Program Files\Common Files\Verizon Online\SFP\vzSFPWin.EXE /s
    O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
    O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1
    O4 - Startup: PowerReg Scheduler V3.exe
    O4 - Startup: Quicken Scheduled Updates.lnk = C:\Program Files\QUICKENW\bagent.exe
    O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
    O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Digital Line Detect.lnk = ?
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: MTV Networks Video Optimizer.lnk = C:\Program Files\MTV Networks\VOpt\MTVOptTray.exe
    O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    O4 - Global Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\SupportCenter\bin\matcli.exe
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
    O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
    O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
    O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
    O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
    O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemydsl.verizon.net/sdcCommon/download/tgctlcm.cab
    O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
    O16 - DPF: {38578BF0-0ABB-11D3-9330-0080C6F796A1} (Create & Print ActiveX Plug-in) - http://www.imgag.com/cp/install/AxCtp.cab
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,76/mcinsctl.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by103fd.bay103.hotmail.msn.com/resources/MsnPUpld.cab
    O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
    O16 - DPF: {7DFDB8FD-B498-4958-B930-38021B94351D} (imlUCID Class) - http://imlive.com/chatsource/ImlCID.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {BB383206-6DA1-4E80-B62A-3DF950FCC697} (Create & Print ActiveX Plug-in) - http://ak.imgag.com/imgag/cp/install/AxCtp2.cab
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,16/mcgdmgr.cab
    O16 - DPF: {C4847596-972C-11D0-9567-00A0C9273C2A} (Crystal Report Viewer Control) - http://irmisportal.hqda.army.mil/irmis/ClientSideComponents/activexviewer.cab
    O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: GoToMyPC - C:\Program Files\Expertcity\GoToMyPC\G2WinLogon.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: GoToMyPC - Unknown owner - C:\Program Files\Expertcity\GoToMyPC\g2svc.exe" -service (file missing)
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Flexlm (lmgrd) - Unknown owner - C:\Program Files\Cadopia\IntelliCAD 4\LicenseManager\lmgrd.exe (file missing)
    O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
    O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
     
  11. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    112,043
    Thanks cybertech! (y)


    The smitfraudfix has been updated to include this variant now so please remove the version you had downloaded previously and do this again.

    Please download SmitfraudFix (by S!Ri)

    Extract (unzip) the content (a folder named SmitfraudFix) to your Desktop. This is imperative for the tool to function properly. If using a utility such as winzip you will have to direct it there as it will not unzip to the desktop by default. The desination location should look like this (C: being your primary drive): C:\Documents and Settings\User\Desktop\SmitfraudFix

    Open the SmitfraudFix folder and double-click smitfraudfix.cmd
    Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
    Please copy/paste the content of that report into your next reply.

    Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
    http://www.beyondlogic.org/consulting/proc...processutil.htm
     
  12. robertsbor

    robertsbor Thread Starter

    Joined:
    Jul 25, 2006
    Messages:
    9
    Welcome back CookieGal. Here is the SmitFraudFix log you asked for. Thanks to you and all the other great "techguys"!


    SmitFraudFix v2.76

    Scan done at 16:57:37.09, Sun 07/30/2006
    Run from C:\Documents and Settings\Robbie\Desktop\SmitfraudFix
    OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
    Fix ran in normal mode

    »»»»»»»»»»»»»»»»»»»»»»»» C:\


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Robbie\Application Data


    »»»»»»»»»»»»»»»»»»»»»»»» Start Menu


    »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Robbie\FAVORI~1


    »»»»»»»»»»»»»»»»»»»»»»»» Desktop


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


    »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


    »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
    "Source"="About:Home"
    "SubscribedURL"="About:Home"
    "FriendlyName"="My Current Home Page"


    »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    »»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


    »»»»»»»»»»»»»»»»»»»»»»»» End
     
  13. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    You're welcome!

    You're welcome, happy I could fill a small gap of time for you!
     
  14. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    112,043
    Click Here and download Killbox and save it to your desktop but don’t run it yet.

    Then boot to safe mode:


    How to restart to safe mode


    Double-click on Killbox.exe to run it.
    • Put a tick by Standard File Kill.
    • In the "Full Path of File to Delete" box, copy and paste each of the following lines one at a time:

      c:\windows\system32\SahImages

      c:\program files\common files\Totem Shared


    • Click on the button that has the red circle with the X in the middle after you enter each file.
    • It will ask for confirmation to delete the file.
    • Click Yes.
    • Continue with that procedure until you have pasted all of these in the "Paste Full Path of File to Delete" box.
    • Killbox may tell you that one or more files do not exist.
    • If that happens, just continue on with all the files. Be sure you don't miss any.
    • Next in Killbox go to Tools > Delete Temp Files
    • In the window that pops up, put a check by ALL the options there except these three:
      • XP Prefetch
      • Recent
      • History
    • Now click the Delete Selected Temp Files button.
    • Exit the Killbox.


    While still in safe mode, go to Start - Run and copy and paste then click OK:

    shell:cache\content.ie5

    This should open your content.ie5 folder. Select everything in there and click delete. You will not be able to delete the index.bat file and that’s normal.


    How are things running now?
     
  15. robertsbor

    robertsbor Thread Starter

    Joined:
    Jul 25, 2006
    Messages:
    9
    Everything seems to be working ok now. Thanks Cookiegal and friends. You guys rock.
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/486175

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice