Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93101 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

My Turn


  • This topic is locked This topic is locked
31 replies to this topic

#1 Korom

Korom

    Authentic Member

  • Authentic Member
  • PipPip
  • 33 posts

Posted 21 January 2006 - 03:49 PM

Getting popups for RegScan.net and patchupdate.org (or something like that) every 5-10 minutes. Also, there is one popup which is up at system boot. I close it once and it is gone until next reboot. SpyBot, BitDefender, and Ad-Aware cannot get it.

Logfile of HijackThis v1.99.1
Scan saved at 4:28:40 PM, on 1/21/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\Documents and Settings\Dean\My Documents\My Music\Winamp\winampa.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\program files\softwin\bitdefender8\bdnagent.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\Fnwzho.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Dean\Desktop\hijackthis\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.emachines.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.yahoo.com/
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: COMMUNICATOR - {4E7BD74F-2B8D-469E-8DBC-A42EB79CB428} - C:\WINDOWS\system32\communicator.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Accoona Search Assistant - {944864A5-3916-46E2-96A9-A2E84F3F1208} - C:\Program Files\Accoona\ASearchAssist.dll (file missing)
O2 - BHO: (no name) - {9C5875B8-93F3-429D-FF34-660B206D897A} - C:\WINDOWS\System32\performent011.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Documents and Settings\Dean\My Documents\My Music\Winamp\winampa.exe
O4 - HKLM\..\Run: [QBRSR] C:\WINDOWS\QuickBrowser.exe
O4 - HKLM\..\Run: [Asuwqt] C:\Program Files\Gwiy\Uzct.exe
O4 - HKLM\..\Run: [AUNPS2] RUNDLL32 AUNPS2.DLL,_Run@16
O4 - HKLM\..\Run: [yfgbqlyf] C:\WINDOWS\yfgbqlyf.exe
O4 - HKLM\..\Run: [VBouncer] C:\PROGRA~1\VBouncer\VirtualBouncer.exe
O4 - HKLM\..\Run: [version] C:\WINDOWS\System32\Xqyakp.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [stb] C:\WINDOWS\System32\stb.exe
O4 - HKLM\..\Run: [Fast Home] C:\WINDOWS\system32\svcnvt.exe home
O4 - HKLM\..\Run: [BDNewsAgent] "c:\program files\softwin\bitdefender8\bdnagent.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [secure] C:\WINDOWS\System32\Fnwzho.exe
O4 - HKCU\..\Run: [Microsoft Works Update Detection] c:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [Ultimate Popup Killer] C:\Program Files\Ultimate Popup Killer\Popupkiller.exe
O4 - HKCU\..\Run: [Eaf] C:\WINDOWS\System32\?hkntfs.exe
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [desktop] C:\WINDOWS\System32\idemlog.exe
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Search - http://bar.mywebsear...?p=ZCxdm608YYUS
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\aim\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: (no name) - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O15 - ProtocolDefaults: 'http' protocol is in Trusted Zone, should be Internet Zone
O15 - ProtocolDefaults: 'https' protocol is in Trusted Zone, should be Internet Zone
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} - file://c:\counter.cab
O16 - DPF: {47CD99DF-8BCF-4B9B-94EF-02E51B2F79DA} - http://www.alwaysupd...ll/aun_0036.exe
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} (InstallShield Setup Player 2K2) - http://www.passalong...ork/install.exe
O16 - DPF: {539DA0E0-74A7-11D9-9669-0800200C9A66} - http://www.ouchvideo...viewer_ic13.cab
O16 - DPF: {5F3B3060-09E0-44C6-86F7-BC7B02B57BEE} (Installer Class) - http://downloads.sho...all_gsm1009.cab
O16 - DPF: {886DDE35-E585-11D0-A707-000000521958} - http://69.56.176.76/webplugin.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.c.../ymmapi_416.dll
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalci....1.11_en_dl.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab32846.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai...0/Installer.exe
O16 - DPF: {D3A7982E-915D-4589-8ECE-249F70D0C941} (Launch Control) - http://aaotracker.4p.../LaunchGame.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - http://fdl.msn.com/z...s/heartbeat.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zon...ss.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0C087414-E9A9-4909-B6D4-02C201C16800}: NameServer = 85.255.114.61,85.255.112.87
O17 - HKLM\System\CS1\Services\Tcpip\..\{0C087414-E9A9-4909-B6D4-02C201C16800}: NameServer = 85.255.114.61,85.255.112.87
O17 - HKLM\System\CS2\Services\Tcpip\..\{0C087414-E9A9-4909-B6D4-02C201C16800}: NameServer = 85.255.114.61,85.255.112.87
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O21 - SSODL: C0BEFIHB - {5A402B59-000F-4E9A-4EE4-547012000A67} - C:\WINDOWS\System32\Pckfnh32.dll (file missing)
O21 - SSODL: mtkle - {40E6BF92-7694-4539-95A8-0BC4AF8FC2BA} - C:\WINDOWS\System32\oogjqm32.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\RGVhbg\command.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

    Advertisements

Register to Remove


#2 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 21 January 2006 - 04:03 PM

Hello Korom, Welcome to the forum.

This is what I suggest you do.


Please do not delete anything unless instructed to.


Even if you've already run these, make SURE they're up-to-date and run per instructions.

Make sure you have the up-to-date versions of Spybot V 1.4 and Ad-aware SE Build 1.06 . All are free and available below.

Download Spybot, install and update. Then download Ad-aware, install, and update.

Spybot:

Install the program and launch it.

Go to Start > Programs >Spybot > Search & Destroy and choose Spybot S&D

Close ALL windows except Spybot S&D
Click the button to "Search for Updates" and download and install the Updates.
Next click the button "Check for Problems"
When Spybot is complete, it will be showing "RED" (RED) entries "BLACK" entries and "GREEN" (GREEN) entries in the window
Put a check mark beside the RED (RED) entries ONLY.
Choose "Fix Selected Problems" and allow Spybot to fix the RED (RED) entries.

Ad-Aware FULL SCAN:

Install the program and launch it.

1. Launch Ad-Aware SE and run the WebUpdate feature. (Click on the Globe icon > Click connect > Click OK > Click Finish.)
2. Set up the Configurations as follows:
-- Click the Gear wheel at the top of the Ad-Aware window
-- Click General > Safety & Settings: Check (Green) all three.
-- Click Tweak > Cleaning Engine > UNcheck "Always try to unload modules before deletion".
3. Click "Proceed"
4. Click "Scan Now"
5. Deselect "Search for negligible risk entries" as negligible risk entries (MRU's) are not considered to be a threat.
6. Select "Search for low-risk threats"
7. Run the scanner using the Full Scan (Perform full system scan) mode.
8. When the scan has completed, select Next.
9. In the Scanning Results window, select the "Scan Summary" tab.
10. Check the box next to each "target family" you wish to remove.
11. Click next > Click OK.

Next:

Please download the trial version of ewido anti-malware 3.5 here:
http://www.ewido.net/en/download/
Install it, and update the definitions to the newest files. Do NOT run a scan yet.


Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.


Then please run Ewido, click on the Scanner run a full scan and let it clean everything it finds. Save the logfile from the scan.


Restart your computer in normal mode and please post a new HijackThis log, as well as the log from the Ewido scan.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 


#3 Korom

Korom

    Authentic Member

  • Authentic Member
  • PipPip
  • 33 posts

Posted 22 January 2006 - 07:59 AM

Done, Done, & Done. I did everything you suggested (including the 8 hour SpyBot Scan. :blink: ) and it worked! So far no popups in sight!

Thanks so much! Here is my Hijack log +Ewido log incase there is something else you see wrong.

[quote]Logfile of HijackThis v1.99.1
Scan saved at 8:57:13 AM, on 1/22/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\Documents and Settings\Dean\My Documents\My Music\Winamp\winampa.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\program files\softwin\bitdefender8\bdnagent.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Ewido\ewidoctrl.exe
C:\Program Files\Ewido\ewidoguard.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Dean\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.emachines.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.yahoo.com/
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Accoona Search Assistant - {944864A5-3916-46E2-96A9-A2E84F3F1208} - C:\Program Files\Accoona\ASearchAssist.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Documents and Settings\Dean\My Documents\My Music\Winamp\winampa.exe
O4 - HKLM\..\Run: [QBRSR] C:\WINDOWS\QuickBrowser.exe
O4 - HKLM\..\Run: [Asuwqt] C:\Program Files\Gwiy\Uzct.exe
O4 - HKLM\..\Run: [AUNPS2] RUNDLL32 AUNPS2.DLL,_Run@16
O4 - HKLM\..\Run: [yfgbqlyf] C:\WINDOWS\yfgbqlyf.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Fast Home] C:\WINDOWS\system32\svcnvt.exe home
O4 - HKLM\..\Run: [BDNewsAgent] "c:\program files\softwin\bitdefender8\bdnagent.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Microsoft Works Update Detection] c:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [Ultimate Popup Killer] C:\Program Files\Ultimate Popup Killer\Popupkiller.exe
O4 - HKCU\..\Run: [Eaf] C:\WINDOWS\System32\?hkntfs.exe
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Search - http://bar.mywebsear...?p=ZCxdm608YYUS
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\aim\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O15 - ProtocolDefaults: 'http' protocol is in Trusted Zone, should be Internet Zone
O15 - ProtocolDefaults: 'https' protocol is in Trusted Zone, should be Internet Zone
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} - file://c:\counter.cab
O16 - DPF: {47CD99DF-8BCF-4B9B-94EF-02E51B2F79DA} - http://www.alwaysupd...ll/aun_0036.exe
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} (InstallShield Setup Player 2K2) - http://www.passalong...ork/install.exe
O16 - DPF: {539DA0E0-74A7-11D9-9669-0800200C9A66} - http://www.ouchvideo...viewer_ic13.cab
O16 - DPF: {5F3B3060-09E0-44C6-86F7-BC7B02B57BEE} (Installer Class) - http://downloads.sho...all_gsm1009.cab
O16 - DPF: {886DDE35-E585-11D0-A707-000000521958} - http://69.56.176.76/webplugin.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.c.../ymmapi_416.dll
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalci....1.11_en_dl.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab32846.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai...0/Installer.exe
O16 - DPF: {D3A7982E-915D-4589-8ECE-249F70D0C941} (Launch Control) - http://aaotracker.4p.../LaunchGame.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - http://fdl.msn.com/z...s/heartbeat.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zon...ss.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0C087414-E9A9-4909-B6D4-02C201C16800}: NameServer = 85.255.114.61,85.255.112.87
O17 - HKLM\System\CS1\Services\Tcpip\..\{0C087414-E9A9-4909-B6D4-02C201C16800}: NameServer = 85.255.114.61,85.255.112.87
O17 - HKLM\System\CS2\Services\Tcpip\..\{0C087414-E9A9-4909-B6D4-02C201C16800}: NameServer = 85.255.114.61,85.255.112.87
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O21 - SSODL: C0BEFIHB - {5A402B59-000F-4E9A-4EE4-547012000A67} - C:\WINDOWS\System32\Pckfnh32.dll (file missing)
O21 - SSODL: mtkle - {40E6BF92-7694-4539-95A8-0BC4AF8FC2BA} - C:\WINDOWS\System32\oogjqm32.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\Ewido\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\Ewido\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)[/quote]

[quote]---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 8:41:04 AM, 1/22/2006
+ Report-Checksum: C354B53F

+ Scan result:

HKLM\SOFTWARE\Classes\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA} -> Spyware.MyWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} -> Spyware.MiniBug : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{8940E505-72C6-44DE-BE85-1D746780EFBF} -> Spyware.SecondThought : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{49DB48FF-02B5-4645-B676-94A4DF1AA026} -> Spyware.SecondThought : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{6E0ED53C-9908-49ED-B055-7CB31B162577} -> Spyware.SecondThought : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{830D3AED-2FA9-454F-B266-D931862BBF34} -> Spyware.SecondThought : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{8C53BD8E-B12D-4C8F-AD0E-C9DDC39D1273} -> Spyware.SecondThought : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{9BCDD51B-4A7B-446C-8452-D32D38004582} -> Spyware.SecondThought : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{A986F4DB-792E-4571-8974-0BB6E024766F} -> Spyware.SecondThought : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{BCCAB53D-0895-40C3-A942-A03538CE227A} -> Spyware.SecondThought : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{C0F88E9E-DCEB-4655-968A-AE508A677C39} -> Spyware.SecondThought : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{D7EAC2D8-2D52-4010-A4AD-DFDF60C1706C} -> Spyware.SecondThought : Cleaned with backup
HKLM\SOFTWARE\Classes\SWRT01.RT -> Spyware.SecondThought : Cleaned with backup
HKLM\SOFTWARE\Classes\SWRT01.RT\Clsid -> Spyware.SecondThought : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{5E594162-60A9-487D-84B8-DBDD716CB862} -> Spyware.VirtualBouncer : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins -> Spyware.WebRebates : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DisplayUtility -> Spyware.Delfin : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinDH -> Spyware.DealHelper : Cleaned with backup
HKLM\SOFTWARE\PSGuard.com -> Spyware.PSGuard : Error during cleaning
HKLM\SOFTWARE\PSGuard.com\PSGuard -> Spyware.PSGuard : Error during cleaning
HKLM\SOFTWARE\PSGuard.com\PSGuard\P.S.Guard -> Spyware.PSGuard : Error during cleaning
HKLM\SOFTWARE\PSGuard.com\PSGuard\P.S.Guard\License -> Spyware.PSGuard : Cleaned with backup
HKLM\SOFTWARE\skin -> Spyware.Delfin : Cleaned with backup
HKU\S-1-5-21-1190143952-2275338482-3596922163-1005\Software\Bundles -> Spyware.SecondThought : Cleaned with backup
HKU\S-1-5-21-1190143952-2275338482-3596922163-1005\Software\Microsoft\Internet Explorer\Extensions\{6685509E-B47B-4f47-8E16-9A5F3A62F683} -> Spyware.MoneyMaker : Cleaned with backup
HKU\S-1-5-21-1190143952-2275338482-3596922163-1005\Software\WinUpdt -> Spyware.SecondThought : Cleaned with backup
[180] VM_00D60000 -> Downloader.Agent.uj : Error during cleaning
[204] VM_00C10000 -> Downloader.Agent.uj : Error during cleaning
[744] VM_007B0000 -> Downloader.Agent.uj : Error during cleaning
:mozilla.11:C:\Documents and Settings\Dean\Application Data\Mozilla\Firefox\Profiles\g2thbpll.default\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.30:C:\Documents and Settings\Dean\Application Data\Mozilla\Firefox\Profiles\g2thbpll.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.34:C:\Documents and Settings\Dean\Application Data\Mozilla\Firefox\Profiles\g2thbpll.default\cookies.txt -> Spyware.Cookie.247realmedia : Cleaned with backup
:mozilla.35:C:\Documents and Settings\Dean\Application Data\Mozilla\Firefox\Profiles\g2thbpll.default\cookies.txt -> Spyware.Cookie.247realmedia : Cleaned with backup
:mozilla.36:C:\Documents and Settings\Dean\Application Data\Mozilla\Firefox\Profiles\g2thbpll.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.37:C:\Documents and Settings\Dean\Application Data\Mozilla\Firefox\Profiles\g2thbpll.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.38:C:\Documents and Settings\Dean\Application Data\Mozilla\Firefox\Profiles\g2thbpll.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.39:C:\Documents and Settings\Dean\Application Data\Mozilla\Firefox\Profiles\g2thbpll.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.40:C:\Documents and Settings\Dean\Application Data\Mozilla\Firefox\Profiles\g2thbpll.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.41:C:\Documents and Settings\Dean\Application Data\Mozilla\Firefox\Profiles\g2thbpll.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.42:C:\Documents and Settings\Dean\Application Data\Mozilla\Firefox\Profiles\g2thbpll.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.43:C:\Documents and Settings\Dean\Application Data\Mozilla\Firefox\Profiles\g2thbpll.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.44:C:\Documents and Settings\Dean\Application Data\Mozilla\Firefox\Profiles\g2thbpll.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.45:C:\Documents and Settings\Dean\Application Data\Mozilla\Firefox\Profiles\g2thbpll.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.46:C:\Documents and Settings\Dean\Application Data\Mozilla\Firefox\Profiles\g2thbpll.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.47:C:\Documents and Settings\Dean\Application Data\Mozilla\Firefox\Profiles\g2thbpll.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.48:C:\Documents and Settings\Dean\Application Data\Mozilla\Firefox\Profiles\g2thbpll.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.49:C:\Documents and Settings\Dean\Application Data\Mozilla\Firefox\Profiles\g2thbpll.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.50:C:\Documents and Settings\Dean\Application Data\Mozilla\Firefox\Profiles\g2thbpll.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.51:C:\Documents and Settings\Dean\Application Data\Mozilla\Firefox\Profiles\g2thbpll.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.52:C:\Documents and Settings\Dean\Application Data\Mozilla\Firefox\Profiles\g2thbpll.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.53:C:\Documents and Settings\Dean\Application Data\Mozilla\Firefox\Profiles\g2thbpll.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.54:C:\Documents and Settings\Dean\Application Data\Mozilla\Firefox\Profiles\g2thbpll.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.55:C:\Documents and Settings\Dean\Application Data\Mozilla\Firefox\Profiles\g2thbpll.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.56:C:\Documents and Settings\Dean\Application Data\Mozilla\Firefox\Profiles\g2thbpll.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.57:C:\Documents and Settings\Dean\Application Data\Mozilla\Firefox\Profiles\g2thbpll.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.58:C:\Documents and Settings\Dean\Application Data\Mozilla\Firefox\Profiles\g2thbpll.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.59:C:\Documents and Settings\Dean\Application Data\Mozilla\Firefox\Profiles\g2thbpll.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.60:C:\Documents and Settings\Dean\Application Data\Mozilla\Firefox\Profiles\g2thbpll.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.61:C:\Documents and Settings\Dean\Application Data\Mozilla\Firefox\Profiles\g2thbpll.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.62:C:\Documents and Settings\Dean\Application Data\Mozilla\Firefox\Profiles\g2thbpll.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.63:C:\Documents and Settings\Dean\Application Data\Mozilla\Firefox\Profiles\g2thbpll.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.64:C:\Documents and Settings\Dean\Application Data\Mozilla\Firefox\Profiles\g2thbpll.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.65:C:\Documents and Settings\Dean\Application Data\Mozilla\Firefox\Profiles\g2thbpll.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.66:C:\Documents and Settings\Dean\Application Data\Mozilla\Firefox\Profiles\g2thbpll.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.67:C:\Documents and Settings\Dean\Application Data\Mozilla\Firefox\Profiles\g2thbpll.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.68:C:\Documents and Settings\Dean\Application Data\Mozilla\Firefox\Profiles\g2thbpll.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.69:C:\Documents and Settings\Dean\Application Data\Mozilla\Firefox\Profiles\g2thbpll.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.70:C:\Documents and Settings\Dean\Application Data\Mozilla\Firefox\Profiles\g2thbpll.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.71:C:\Documents and Settings\Dean\Application Data\Mozilla\Firefox\Profiles\g2thbpll.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.72:C:\Documents and Settings\Dean\Application Data\Mozilla\Firefox\Profiles\g2thbpll.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.73:C:\Documents and Settings\Dean\Application Data\Mozilla\Firefox\Profiles\g2thbpll.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.74:C:\Documents and Settings\Dean\Application Data\Mozilla\Firefox\Profiles\g2thbpll.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.75:C:\Documents and Settings\Dean\Application Data\Mozilla\Firefox\Profiles\g2thbpll.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.76:C:\Documents and Settings\Dean\Application Data\Mozilla\Firefox\Profiles\g2thbpll.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.77:C:\Documents and Settings\Dean\Application Data\Mozilla\Firefox\Profiles\g2thbpll.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.78:C:\Documents and Settings\Dean\Application Data\Mozilla\Firefox\Profiles\g2thbpll.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.79:C:\Documents and Settings\Dean\Application Data\Mozilla\Firefox\Profiles\g2thbpll.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.80:C:\Documents and Settings\Dean\Application Data\Mozilla\Firefox\Profiles\g2thbpll.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.81:C:\Documents and Settings\Dean\Application Data\Mozilla\Firefox\Profiles\g2thbpll.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.82:C:\Documents and Settings\Dean\Application Data\Mozilla\Firefox\Profiles\g2thbpll.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.83:C:\Documents and Settings\Dean\Application Data\Mozilla\Firefox\Profiles\g2thbpll.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.84:C:\Documents and Settings\Dean\Application Data\Mozilla\Firefox\Profiles\g2thbpll.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.85:C:\Documents and Settings\Dean\Application Data\Mozilla\Firefox\Profiles\g2thbpll.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.117:C:\Documents and Settings\Dean\Application Data\Mozilla\Firefox\Profiles\g2thbpll.default\cookies.txt -> Spyware.Cookie.Adocean : Cleaned with backup
:mozilla.118:C:\Documents and Settings\Dean\Application Data\Mozilla\Firefox\Profiles\g2thbpll.default\cookies.txt -> Spyware.Cookie.Adocean : Cleaned with backup
:mozilla.124:C:\Documents and Settings\Dean\Application Data\Mozilla\Firefox\Profiles\g2thbpll.default\cookies.txt -> Spyware.Cookie.Euroclick : Cleaned with backup
:mozilla.125:C:\Documents and Settings\Dean\Application Data\Mozilla\Firefox\Profiles\g2thbpll.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.126:C:\Documents and Settings\Dean\Application Data\Mozilla\Firefox\Profiles\g2thbpll.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.128:C:\Documents and Settings\Dean\Application Data\Mozilla\Firefox\Profiles\g2thbpll.default\cookies.txt -> Spyware.Cookie.Addynamix : Cleaned with backup
:mozilla.129:C:\Documents and Settings\Dean\Application Data\Mozilla\Firefox\Profiles\g2thbpll.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.130:C:\Documents and Settings\Dean\Application Data\Mozilla\Firefox\Profiles\g2thbpll.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.131:C:\Documents and Settings\Dean\Application Data\Mozilla\Firefox\Profiles\g2thbpll.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.132:C:\Documents and Settings\Dean\Application Data\Mozilla\Firefox\Profiles\g2thbpll.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.133:C:\Documents and Settings\Dean\Application Data\Mozilla\Firefox\Profiles\g2thbpll.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.134:C:\Documents and Settings\Dean\Application Data\Mozilla\Firefox\Profiles\g2thbpll.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.135:C:\Documents and Settings\Dean\Application Data\Mozilla\Firefox\Profiles\g2thbpll.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.136:C:\Documents and Settings\Dean\Application Data\Mozilla\Firefox\Profiles\g2thbpll.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.197:C:\Documents and Settings\Dean\Application Data\Mozilla\Firefox\Profiles\g2thbpll.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.198:C:\Documents and Settings\Dean\Application Data\Mozilla\Firefox\Profiles\g2thbpll.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.199:C:\Documents and Settings\Dean\Application Data\Mozilla\Firefox\Profiles\g2thbpll.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.200:C:\Documents and Settings\Dean\Application Data\Mozilla\Firefox\Profiles\g2thbpll.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.201:C:\Documents and Settings\Dean\Application Data\Mozilla\Firefox\Profiles\g2thbpll.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.202:C:\Documents and Settings\Dean\Application Data\Mozilla\Firefox\Profiles\g2thbpll.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.203:C:\Documents and Settings\Dean\Application Data\Mozilla\Firefox\Profiles\g2thbpll.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.245:C:\Documents and Settings\Dean\Application Data\Mozilla\Firefox\Profiles\g2thbpll.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.249:C:\Documents and Settings\Dean\Application Data\Mozilla\Firefox\Profiles\g2thbpll.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.250:C:\Documents and Settings\Dean\Application Data\Mozilla\Firefox\Profiles\g2thbpll.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.251:C:\Documents and Settings\Dean\Application Data\Mozilla\Firefox\Profiles\g2thbpll.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.263:C:\Documents and Settings\Dean\Application Data\Mozilla\Firefox\Profiles\g2thbpll.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.264:C:\Documents and Settings\Dean\Application Data\Mozilla\Firefox\Profiles\g2thbpll.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.265:C:\Documents and Settings\Dean\Application Data\Mozilla\Firefox\Profiles\g2thbpll.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.266:C:\Documents and Settings\Dean\Application Data\Mozilla\Firefox\Profiles\g2thbpll.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.267:C:\Documents and Settings\Dean\Application Data\Mozilla\Firefox\Profiles\g2thbpll.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.268:C:\Documents and Settings\Dean\Application Data\Mozilla\Firefox\Profiles\g2thbpll.default\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.269:C:\Documents and Settings\Dean\Application Data\Mozilla\Firefox\Profiles\g2thbpll.default\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.270:C:\Documents and Settings\Dean\Application Data\Mozilla\Firefox\Profiles\g2thbpll.default\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.271:C:\Documents and Settings\Dean\Application Data\Mozilla\Firefox\Profiles\g2thbpll.default\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.288:C:\Documents and Settings\Dean\Application Data\Mozilla\Firefox\Profiles\g2thbpll.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.289:C:\Documents and Settings\Dean\Application Data\Mozilla\Firefox\Profiles\g2thbpll.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.290:C:\Documents and Settings\Dean\Application Data\Mozilla\Firefox\Profiles\g2thbpll.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.304:C:\Documents and Settings\Dean\Application Data\Mozilla\Firefox\Profiles\g2thbpll.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.305:C:\Documents and Settings\Dean\Application Data\Mozilla\Firefox\Profiles\g2thbpll.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.306:C:\Documents and Settings\Dean\Application Data\Mozilla\Firefox\Profiles\g2thbpll.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.307:C:\Documents and Settings\Dean\Application Data\Mozilla\Firefox\Profiles\g2thbpll.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.308:C:\Documents and Settings\Dean\Application Data\Mozilla\Firefox\Profiles\g2thbpll.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.309:C:\Documents and Settings\Dean\Application Data\Mozilla\Firefox\Profiles\g2thbpll.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.310:C:\Documents and Settings\Dean\Application Data\Mozilla\Firefox\Profiles\g2thbpll.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.311:C:\Documents and Settings\Dean\Application Data\Mozilla\Firefox\Profiles\g2thbpll.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.312:C:\Documents and Settings\Dean\Application Data\Mozilla\Firefox\Profiles\g2thbpll.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.313:C:\Documents and Settings\Dean\Application Data\Mozilla\Firefox\Profiles\g2thbpll.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.314:C:\Documents and Settings\Dean\Application Data\Mozilla\Firefox\Profiles\g2thbpll.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.315:C:\Documents and Settings\Dean\Application Data\Mozilla\Firefox\Profiles\g2thbpll.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.316:C:\Documents and Settings\Dean\Application Data\Mozilla\Firefox\Profiles\g2thbpll.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.317:C:\Documents and Settings\Dean\Application Data\Mozilla\Firefox\Profiles\g2thbpll.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.318:C:\Documents and Settings\Dean\Application Data\Mozilla\Firefox\Profiles\g2thbpll.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.319:C:\Documents and Settings\Dean\Application Data\Mozilla\Firefox\Profiles\g2thbpll.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.320:C:\Documents and Settings\Dean\Application Data\Mozilla\Firefox\Profiles\g2thbpll.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.321:C:\Documents and Settings\Dean\Application Data\Mozilla\Firefox\Profiles\g2thbpll.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.322:C:\Documents and Settings\Dean\Application Data\Mozilla\Firefox\Profiles\g2thbpll.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.323:C:\Documents and Settings\Dean\Application Data\Mozilla\Firefox\Profiles\g2thbpll.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.324:C:\Documents and Settings\Dean\Application Data\Mozilla\Firefox\Profiles\g2thbpll.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.325:C:\Documents and Settings\Dean\Application Data\Mozilla\Firefox\Profiles\g2thbpll.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.326:C:\Documents and Settings\Dean\Application Data\Mozilla\Firefox\Profiles\g2thbpll.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.327:C:\Documents and Settings\Dean\Application Data\Mozilla\Firefox\Profiles\g2thbpll.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.328:C:\Documents and Settings\Dean\Application Data\Mozilla\Firefox\Profiles\g2thbpll.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.329:C:\Documents and Settings\Dean\Application Data\Mozilla\Firefox\Profiles\g2thbpll.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.330:C:\Documents and Settings\Dean\Application Data\Mozilla\Firefox\Profiles\g2thbpll.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.331:C:\Documents and Settings\Dean\Application Data\Mozilla\Firefox\Profiles\g2thbpll.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.332:C:\Documents and Settings\Dean\Application Data\Mozilla\Firefox\Profiles\g2thbpll.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.333:C:\Documents and Settings\Dean\Application Data\Mozilla\Firefox\Profiles\g2thbpll.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.334:C:\Documents and Settings\Dean\Application Data\Mozilla\Firefox\Profiles\g2thbpll.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.335:C:\Documents and Settings\Dean\Application Data\Mozilla\Firefox\Profiles\g2thbpll.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.336:C:\Documents and Settings\Dean\Application Data\Mozilla\Firefox\Profiles\g2thbpll.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.337:C:\Documents and Settings\Dean\Application Data\Mozilla\Firefox\Profiles\g2thbpll.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.338:C:\Documents and Settings\Dean\Application Data\Mozilla\Firefox\Profiles\g2thbpll.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.339:C:\Documents and Settings\Dean\Application Data\Mozilla\Firefox\Profiles\g2thbpll.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.340:C:\Documents and Settings\Dean\Application Data\Mozilla\Firefox\Profiles\g2thbpll.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.341:C:\Documents and Settings\Dean\Application Data\Mozilla\Firefox\Profiles\g2thbpll.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.342:C:\Documents and Settings\Dean\Application Data\Mozilla\Firefox\Profiles\g2thbpll.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.343:C:\Documents and Settings\Dean\Application Data\Mozilla\Firefox\Profiles\g2thbpll.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.344:C:\Documents and Settings\Dean\Application Data\Mozilla\Firefox\Profiles\g2thbpll.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.345:C:\Documents and Settings\Dean\Application Data\Mozilla\Firefox\Profiles\g2thbpll.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.346:C:\Documents and Settings\Dean\Application Data\Mozilla\Firefox\Profiles\g2thbpll.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.347:C:\Documents and Settings\Dean\Application Data\Mozilla\Firefox\Profiles\g2thbpll.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.348:C:\Documents and Settings\Dean\Application Data\Mozilla\Firefox\Profiles\g2thbpll.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.349:C:\Documents and Settings\Dean\Application Data\Mozilla\Firefox\Profiles\g2thbpll.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.350:C:\Documents and Settings\Dean\Application Data\Mozilla\Firefox\Profiles\g2thbpll.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.351:C:\Documents and Settings\Dean\Application Data\Mozilla\Firefox\Profiles\g2thbpll.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.352:C:\Documents and Settings\Dean\Application Data\Mozilla\Firefox\Profiles\g2thbpll.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.353:C:\Documents and Settings\Dean\Application Data\Mozilla\Firefox\Profiles\g2thbpll.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.355:C:\Documents and Settings\Dean\Application Data\Mozilla\Firefox\Profiles\g2thbpll.default\cookies.txt -> Spyware.Cookie.Clickzs : Cleaned with backup
:mozilla.356:C:\Documents and Settings\Dean\Application Data\Mozilla\Firefox\Profiles\g2thbpll.default\cookies.txt -> Spyware.Cookie.Clickzs : Cleaned with backup
:mozilla.372:C:\Documents and Settings\Dean\Application Data\Mozilla\Firefox\Profiles\g2thbpll.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.373:C:\Documents and Settings\Dean\Application Data\Mozilla\Firefox\Profiles\g2thbpll.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.374:C:\Documents and Settings\Dean\Application Data\Mozilla\Firefox\Profiles\g2thbpll.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.375:C:\Documents and Settings\Dean\Application Data\Mozilla\Firefox\Profiles\g2thbpll.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.376:C:\Documents and Settings\Dean\Application Data\Mozilla\Firefox\Profiles\g2thbpll.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.377:C:\Documents and Settings\Dean\Application Data\Mozilla\Firefox\Profiles\g2thbpll.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.378:C:\Documents and Settings\Dean\Application Data\Mozilla\Firefox\Profiles\g2thbpll.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.379:C:\Documents and Settings\Dean\Application Data\Mozilla\Firefox\Profiles\g2thbpll.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.388:C:\Documents and Settings\Dean\Application Data\Mozilla\Firefox\Profiles\g2thbpll.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.389:C:\Documents and Settings\Dean\Application Data\Mozilla\Firefox\Profiles\g2thbpll.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.390:C:\Documents and Settings\Dean\Application Data\Mozilla\Firefox\Profiles\g2thbpll.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.391:C:\Documents and Settings\Dean\Application Data\Mozilla\Firefox\Profiles\g2thbpll.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.392:C:\Documents and Settings\Dean\Application Data\Mozilla\Firefox\Profiles\g2thbpll.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.393:C:\Documents and Settings\Dean\Application Data\Mozilla\Firefox\Profiles\g2thbpll.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.394:C:\Documents and Settings\Dean\Application Data\Mozilla\Firefox\Profiles\g2thbpll.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.395:C:\Documents and Settings\Dean\Application Data\Mozilla\Firefox\Profiles\g2thbpll.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.396:C:\Documents and Settings\Dean\Application Data\Mozilla\Firefox\Profiles\g2thbpll.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.397:C:\Documents and Settings\Dean\Application Data\Mozilla\Firefox\Profiles\g2thbpll.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.419:C:\Documents and Settings\Dean\Application Data\Mozilla\Firefox\Profiles\g2thbpll.default\cookies.txt -> Spyware.Cookie.Findwhat : Cleaned with backup
:mozilla.448:C:\Documents and Settings\Dean\Application Data\Mozilla\Firefox\Profiles\g2thbpll.default\cookies.txt -> Spyware.Cookie.Hypertracker : Cleaned with backup
:mozilla.513:C:\Documents and Settings\Dean\Application Data\Mozilla\Firefox\Profiles\g2thbpll.default\cookies.txt -> Spyware.Cookie.Ivwbox : Cleaned with backup
:mozilla.537:C:\Documents and Settings\Dean\Application Data\Mozilla\Firefox\Profiles\g2thbpll.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.549:C:\Documents and Settings\Dean\Application Data\Mozilla\Firefox\Profiles\g2thbpll.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.594:C:\Documents and Settings\Dean\Application Data\Mozilla\Firefox\Profiles\g2thbpll.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.595:C:\Documents and Settings\Dean\Application Data\Mozilla\Firefox\Profiles\g2thbpll.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.606:C:\Documents and Settings\Dean\Application Data\Mozilla\Firefox\Profiles\g2thbpll.default\cookies.txt -> Spyware.Cookie.Paycounter : Cleaned with backup
:mozilla.612:C:\Documents and Settings\Dean\Application Data\Mozilla\Firefox\Profiles\g2thbpll.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.617:C:\Documents and Settings\Dean\Application Data\Mozilla\Firefox\Profiles\g2thbpll.default\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
:mozilla.618:C:\Documents and Settings\Dean\Application Data\Mozilla\Firefox\Profiles\g2thbpll.default\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
:mozilla.619:C:\Documents and Settings\Dean\Application Data\Mozilla\Firefox\Profiles\g2thbpll.default\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
:mozilla.620:C:\Documents and Settings\Dean\Application Data\Mozilla\Firefox\Profiles\g2thbpll.default\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
:mozilla.628:C:\Documents and Settings\Dean\Application Data\Mozilla\Firefox\Profiles\g2thbpll.default\cookies.txt -> Spyware.Cookie.Revenue : Cleaned with backup
:mozilla.629:C:\Documents and Settings\Dean\Application Data\Mozilla\Firefox\Profiles\g2thbpll.default\cookies.txt -> Spyware.Cookie.Revenue : Cleaned with backup
:mozilla.630:C:\Documents and Settings\Dean\Application Data\Mozilla\Firefox\Profiles\g2thbpll.default\cookies.txt -> Spyware.Cookie.Revenue : Cleaned with backup
:mozilla.631:C:\Documents and Settings\Dean\Application Data\Mozilla\Firefox\Profiles\g2thbpll.default\cookies.txt -> Spyware.Cookie.Revenue : Cleaned with backup
:mozilla.632:C:\Documents and Settings\Dean\Application Data\Mozilla\Firefox\Profiles\g2thbpll.default\cookies.txt -> Spyware.Cookie.Revenue : Cleaned with backup
:mozilla.633:C:\Documents and Settings\Dean\Application Data\Mozilla\Firefox\Profiles\g2thbpll.default\cookies.txt -> Spyware.Cookie.Revenue : Cleaned with backup
:mozilla.634:C:\Documents and Settings\Dean\Application Data\Mozilla\Firefox\Profiles\g2thbpll.default\cookies.txt -> Spyware.Cookie.Revenue : Cleaned with backup
:mozilla.635:C:\Documents and Settings\Dean\Application Data\Mozilla\Firefox\Profiles\g2thbpll.default\cookies.txt -> Spyware.Cookie.Revenue : Cleaned with backup
:mozilla.636:C:\Documents and Settings\Dean\Application Data\Mozilla\Firefox\Profiles\g2thbpll.default\cookies.txt -> Spyware.Cookie.Revenue : Cleaned with backup
:mozilla.663:C:\Documents and Settings\Dean\Application Data\Mozilla\Firefox\Profiles\g2thbpll.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.664:C:\Documents and Settings\Dean\Application Data\Mozilla\Firefox\Profiles\g2thbpll.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.665:C:\Documents and Settings\Dean\Application Data\Mozilla\Firefox\Profiles\g2thbpll.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.666:C:\Documents and Settings\Dean\Application Data\Mozilla\Firefox\Profiles\g2thbpll.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.675:C:\Documents and Settings\Dean\Application Data\Mozilla\Firefox\Profiles\g2thbpll.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.676:C:\Documents and Settings\Dean\Application Data\Mozilla\Firefox\Profiles\g2thbpll.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.677:C:\Documents and Settings\Dean\Application Data\Mozilla\Firefox\Profiles\g2thbpll.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.678:C:\Documents and Settings\Dean\Application Data\Mozilla\Firefox\Profiles\g2thbpll.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.679:C:\Documents and Settings\Dean\Application Data\Mozilla\Firefox\Profiles\g2thbpll.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.680:C:\Documents and Settings\Dean\Application Data\Mozilla\Firefox\Profiles\g2thbpll.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.681:C:\Documents and Settings\Dean\Application Data\Mozilla\Firefox\Profiles\g2thbpll.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.682:C:\Documents and Settings\Dean\Application Data\Mozilla\Firefox\Profiles\g2thbpll.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.683:C:\Documents and Settings\Dean\Application Data\Mozilla\Firefox\Profiles\g2thbpll.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.684:C:\Documents and Settings\Dean\Application Data\Mozilla\Firefox\Profiles\g2thbpll.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.685:C:\Documents and Settings\Dean\Application Data\Mozilla\Firefox\Profiles\g2thbpll.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.686:C:\Documents and Settings\Dean\Application Data\Mozilla\Firefox\Profiles\g2thbpll.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.687:C:\Documents and Settings\Dean\Application Data\Mozilla\Firefox\Profiles\g2thbpll.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.688:C:\Documents and Settings\Dean\Application Data\Mozilla\Firefox\Profiles\g2thbpll.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.689:C:\Documents and Settings\Dean\Application Data\Mozilla\Firefox\Profiles\g2thbpll.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.690:C:\Documents and Settings\Dean\Application Data\Mozilla\Firefox\Profiles\g2thbpll.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.691:C:\Documents and Settings\Dean\Application Data\Mozilla\Firefox\Profiles\g2thbpll.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.692:C:\Documents and Settings\Dean\Application Data\Mozilla\Firefox\Profiles\g2thbpll.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.693:C:\Documents and Settings\Dean\Application Data\Mozilla\Firefox\Profiles\g2thbpll.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.694:C:\Documents and Settings\Dean\Application Data\Mozilla\Firefox\Profiles\g2thbpll.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.695:C:\Documents and Settings\Dean\Application Data\Mozilla\Firefox\Profiles\g2thbpll.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.696:C:\Documents and Settings\Dean\Application Data\Mozilla\Firefox\Profiles\g2thbpll.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.697:C:\Documents and Settings\Dean\Application Data\Mozilla\Firefox\Profiles\g2thbpll.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.698:C:\Documents and Settings\Dean\Application Data\Mozilla\Firefox\Profiles\g2thbpll.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.699:C:\Documents and Settings\Dean\Application Data\Mozilla\Firefox\Profiles\g2thbpll.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.700:C:\Documents and Settings\Dean\Application Data\Mozilla\Firefox\Profiles\g2thbpll.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.716:C:\Documents and Settings\Dean\Application Data\Mozilla\Firefox\Profiles\g2thbpll.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.717:C:\Documents and Settings\Dean\Application Data\Mozilla\Firefox\Profiles\g2thbpll.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.71

#4 Korom

Korom

    Authentic Member

  • Authentic Member
  • PipPip
  • 33 posts

Posted 22 January 2006 - 08:15 AM

Nermind.... false alarm. The RegScan.net popup is still coming up. Instead of 5 minutes, its about 8 minutes now. Help?!

#5 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 22 January 2006 - 08:23 AM

Download: ResetProtocolDefaults.reg
http://www.mvps.org/...colDefaults.reg

Locate "ResetProtocolDefaults.reg"
Right-click and select: Merge (Ok the prompt)


Run hijackthis. Hit None of the above, Click Do a System Scan Only. Put a Check in the box on the left side on these:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R3 - Default URLSearchHook is missing

O2 - BHO: Accoona Search Assistant - {944864A5-3916-46E2-96A9-A2E84F3F1208} - C:\Program Files\Accoona\ASearchAssist.dll (file missing)

O4 - HKLM\..\Run: [QBRSR] C:\WINDOWS\QuickBrowser.exe
O4 - HKLM\..\Run: [Asuwqt] C:\Program Files\Gwiy\Uzct.exe
O4 - HKLM\..\Run: [AUNPS2] RUNDLL32 AUNPS2.DLL,_Run@16
O4 - HKLM\..\Run: [yfgbqlyf] C:\WINDOWS\yfgbqlyf.exe
O4 - HKLM\..\Run: [Fast Home] C:\WINDOWS\system32\svcnvt.exe home
O4 - HKCU\..\Run: [Eaf] C:\WINDOWS\System32\?hkntfs.exe
O4 - Startup: PowerReg Scheduler.exe

O15 - ProtocolDefaults: 'http' protocol is in Trusted Zone, should be Internet Zone
O15 - ProtocolDefaults: 'https' protocol is in Trusted Zone, should be Internet Zone

O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} - file://c:\counter.cab

O16 - DPF: {47CD99DF-8BCF-4B9B-94EF-02E51B2F79DA} - http://www.alwaysupd...ll/aun_0036.exe

O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} (InstallShield Setup Player 2K2) - http://www.passalong...ork/install.exe

O16 - DPF: {539DA0E0-74A7-11D9-9669-0800200C9A66} - http://www.ouchvideo...viewer_ic13.cab

O16 - DPF: {5F3B3060-09E0-44C6-86F7-BC7B02B57BEE} (Installer Class) - http://downloads.sho...all_gsm1009.cab

O16 - DPF: {886DDE35-E585-11D0-A707-000000521958} - http://69.56.176.76/webplugin.cab

O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalci....1.11_en_dl.cab

O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai...0/Installer.exe

O16 - DPF: {D3A7982E-915D-4589-8ECE-249F70D0C941} (Launch Control) - http://aaotracker.4p.../LaunchGame.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{0C087414-E9A9-4909-B6D4-02C201C16800}: NameServer = 85.255.114.61,85.255.112.87

O17 - HKLM\System\CS1\Services\Tcpip\..\{0C087414-E9A9-4909-B6D4-02C201C16800}: NameServer = 85.255.114.61,85.255.112.87

O17 - HKLM\System\CS2\Services\Tcpip\..\{0C087414-E9A9-4909-B6D4-02C201C16800}: NameServer = 85.255.114.61,85.255.112.87

O21 - SSODL: C0BEFIHB - {5A402B59-000F-4E9A-4EE4-547012000A67} - C:\WINDOWS\System32\Pckfnh32.dll (file missing)

O21 - SSODL: mtkle - {40E6BF92-7694-4539-95A8-0BC4AF8FC2BA} - C:\WINDOWS\System32\oogjqm32.dll (file missing)


Close ALL windows and browsers except HijackThis and click "Fix checked"


delete these folders if listed:
C:\Program Files\Accoona
C:\Program Files\Gwiy


Delete these Files if listed:
AUNPS2.DLL
C:\WINDOWS\QuickBrowser.exe
C:\WINDOWS\yfgbqlyf.exe
C:\WINDOWS\system32\svcnvt.exe
C:\WINDOWS\System32\Pckfnh32.dll
C:\WINDOWS\System32\oogjqm32.dll



Open C:\Windows\Prefetch\ Delete ALL files in this folder.




1. Open My Computer
2. Right click on your hard drive that you wish to clean (C drive, for example)
3. In the context menu that opens, select properties
4. Under the general tab you should select Disk Cleanup
5. Windows will scan your drive which will take a few seconds/minutes
6. A box will display the various files you can remove.
Check all boxes except compress old files (If listed)
7. Click OK and windows will comply.

Restart your computer.

Reboot and "copy/paste" a new log file into this thread.
Also please describe how your computer behaves at the moment.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 


#6 Korom

Korom

    Authentic Member

  • Authentic Member
  • PipPip
  • 33 posts

Posted 22 January 2006 - 10:20 AM

Alright...

1) I 'merged' ResetProtocolDefaults.reg into the registry.

2) I did the Hijack scan like you suggested, and fixed all the items you listed above except:

O15 - ProtocolDefaults: 'http' protocol is in Trusted Zone, should be Internet Zone
O15 - ProtocolDefaults: 'https' protocol is in Trusted Zone, should be Internet Zone


They were not listed in the scan, thus I could not fix them.

3) With the exception of QuickBrower.exe and the Accoona folder, none of the files/folders you instructed to delete were on my computer. I did a system search, as well as a manual check.

4) I deleted all files within C:\Windows\Prefetch\

5) I did a Disk Cleanup as instructed, leaving the 'compressed old files' option blank.

Here is the new Hijack log:

Logfile of HijackThis v1.99.1
Scan saved at 11:10:05 AM, on 1/22/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\Documents and Settings\Dean\My Documents\My Music\Winamp\winampa.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\program files\softwin\bitdefender8\bdnagent.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Ewido\ewidoctrl.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Ewido\ewidoguard.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Dean\Desktop\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.emachines.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.yahoo.com/
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Accoona Search Assistant - {944864A5-3916-46E2-96A9-A2E84F3F1208} - C:\Program Files\Accoona\ASearchAssist.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Documents and Settings\Dean\My Documents\My Music\Winamp\winampa.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [BDNewsAgent] "c:\program files\softwin\bitdefender8\bdnagent.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Microsoft Works Update Detection] c:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [Ultimate Popup Killer] C:\Program Files\Ultimate Popup Killer\Popupkiller.exe
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Search - http://bar.mywebsear...?p=ZCxdm608YYUS
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\aim\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {886DDE35-E585-11D0-A707-000000521958} - http://69.56.176.76/webplugin.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.c.../ymmapi_416.dll
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab32846.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - http://fdl.msn.com/z...s/heartbeat.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zon...ss.cab31267.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\Ewido\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\Ewido\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

==============================


You also wanted to know how my computer is acting.

Sometimes its 30 seconds apart, sometimes about 8 minutes apart, but I keep getting a popup for:

- www.RegScan.net
- www.RegistryFixGold.com
- www.RegistryCleanerGold.com
- www.uric.net
- www.fixer32.com
- www.regwin32.com
- www.patchupdate.info
- msregistrycleaner.com
- etc., etc.,

Regardless of the link, I am assuming its the same program, if you will, that is causing it. All of them look the same, pops in the middle of the screen, and have "Messenger Service" as the title.

In a perhaps not-so-related issue, when I start my internet browser, and when going to certain sites, I get a message (and this only started happening after I updated SpyBot/Ad-Aware and ran a full scan):

Illegal Operation in Plug-In


Shockwave Flash

The plug-in performed an illegal operation. You are strongly advised to restart Firefox.



Those are the only things that I have noticed..... yet.

#7 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 22 January 2006 - 10:36 AM

You need to update your Java.
http://www.java.com/...load/manual.jsp

I suggest you do this:

use Add/Remove Programs and see if listed and remove:
Accoona Search Assistant


Run hijackthis. Hit None of the above, Click Do a System Scan Only. Put a Check in the box on the left side on these:

O2 - BHO: Accoona Search Assistant - {944864A5-3916-46E2-96A9-A2E84F3F1208} - C:\Program Files\Accoona\ASearchAssist.dll (file missing)

O8 - Extra context menu item: &Search - http://bar.mywebsear...?p=ZCxdm608YYUS

O16 - DPF: {886DDE35-E585-11D0-A707-000000521958} - http://69.56.176.76/webplugin.cab


Close ALL windows and browsers except HijackThis and click "Fix checked"


Delete these Files if listed:
C:\Program Files\Accoona\ASearchAssist.dll


Empty Recycle Bin

Restart your computer.

Reboot and "copy/paste" a new log file into this thread.
Also please describe how your computer behaves at the moment.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 


#8 Korom

Korom

    Authentic Member

  • Authentic Member
  • PipPip
  • 33 posts

Posted 22 January 2006 - 11:03 AM


Quoted from above, due to my computer having the same problems.

==============================


You also wanted to know how my computer is acting.

Sometimes its 30 seconds apart, sometimes about 8 minutes apart, but I keep getting a popup for:

- www.RegScan.net
- www.RegistryFixGold.com
- www.RegistryCleanerGold.com
- www.uric.net
- www.fixer32.com
- www.regwin32.com
- www.patchupdate.info
- msregistrycleaner.com
- etc., etc.,

Regardless of the link, I am assuming its the same program, if you will, that is causing it. All of them look the same, pops in the middle of the screen, and have "Messenger Service" as the title.

In a perhaps not-so-related issue, when I start my internet browser, and when going to certain sites, I get a message (and this only started happening after I updated SpyBot/Ad-Aware and ran a full scan):

Illegal Operation in Plug-In


Shockwave Flash

The plug-in performed an illegal operation. You are strongly advised to restart Firefox.



Those are the only things that I have noticed..... yet.



I did your latest suggestions, didn't seem to work any. Here is my new Hijack Log.

Logfile of HijackThis v1.99.1
Scan saved at 12:00:28 PM, on 1/22/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Documents and Settings\Dean\My Documents\My Music\Winamp\winampa.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\program files\softwin\bitdefender8\bdnagent.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Ewido\ewidoctrl.exe
C:\Program Files\Ewido\ewidoguard.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Dean\Desktop\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.emachines.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.yahoo.com/
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Documents and Settings\Dean\My Documents\My Music\Winamp\winampa.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [BDNewsAgent] "c:\program files\softwin\bitdefender8\bdnagent.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Microsoft Works Update Detection] c:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [Ultimate Popup Killer] C:\Program Files\Ultimate Popup Killer\Popupkiller.exe
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\aim\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.c.../ymmapi_416.dll
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab32846.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - http://fdl.msn.com/z...s/heartbeat.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zon...ss.cab31267.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\Ewido\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\Ewido\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

#9 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 22 January 2006 - 11:09 AM

Your log looks good. Are you still having problems?

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 


#10 Korom

Korom

    Authentic Member

  • Authentic Member
  • PipPip
  • 33 posts

Posted 22 January 2006 - 11:13 AM

I had one popup, but haven't seen one since. And I'm still getting the Illegal Operation in Plugin message.

    Advertisements

Register to Remove


#11 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 22 January 2006 - 11:15 AM

Illegal Operation in Plugin message.

Can you tell me exactly what the error says?

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 


#12 Korom

Korom

    Authentic Member

  • Authentic Member
  • PipPip
  • 33 posts

Posted 22 January 2006 - 11:17 AM

When I start my internet browser, and when going to certain sites, I get a message (and this only started happening after I updated SpyBot/Ad-Aware and ran a full scan):

Illegal Operation in Plug-In


Shockwave Flash

The plug-in performed an illegal operation. You are strongly advised to restart Firefox.


I tried reinstalling Flash, Shockwave, and Java. I also did a check on DirectX which came back successful.

NOTE: Still getting the popups I mentioned before.. though it seems to be alot further apart. I had 2 in the last 20 minutes, rather then then 2-4 within 10 minutes like I had before.

Edited by Korom, 22 January 2006 - 11:18 AM.


#13 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 22 January 2006 - 11:25 AM

Lets see if this will stop the pop-ups.

Click the link below and get Google Toolbar.
Google toolbar has a very good built in popup blocker with a nice search bar. To provide privacy, select disable advanced features when installing.
http://toolbar.google.com/

I don't know about the Firefox error. Check their website and see if there's any help on that.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 


#14 Korom

Korom

    Authentic Member

  • Authentic Member
  • PipPip
  • 33 posts

Posted 22 January 2006 - 11:54 AM

First of all, thank you for patience and dedication in seeing me through this. Just want you to know I am seeing progress. Some of the popups have been removed and error message I kept getting at reboot has been fixed. With that said. I am still getting the "RegScan.net" popup and all its affiliated websites. It pops up whether I'm connected to the internet or not, so I don't think the google toolbar would work. But whether it was going to work or not, I was going to try it.. but when I try to download it Firefox blocked it. I went into Edit Options and added the url (toolbar.google.com) to the allowed websites. Still wasn't working. I uncheck blocked webistes all together, otherwise I told Firefox to allow anything... still blocks it. I'm thinking about going back to IE. :rofl: -- I agree, I think the Shockwave Flash is a Mozilla issue so I won't worry about it on these forums.

#15 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 22 January 2006 - 11:56 AM

Go here and run this scan. Let me know what it finds.
Microsoft - Malicious Software Removal Tool
http://www.microsoft...ve/default.mspx


Download this one and let me know if it finds anything.
RootkitRevealer
http://www.sysintern...itRevealer.html

When it's done, go to file->save
save the logfile to the desktop, and then past the contents here.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 

Related Topics



1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users