WE'RE SURE THAT YOU'LL LOVE US!
Hey there! 
Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. 
Join 93101 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.
Try What the Tech -- It's free!
hijackthis log
Started by
jbruskii
, Jan 20 2006 04:40 PM
-
This topic is locked
17 replies to this topic
#1
jbruskii
-
- New Member
-
- 9 posts
New Member
Posted 20 January 2006 - 04:40 PM
Register to Remove
#2
LDTate
-
- Root Admin
-
- 57,211 posts
Grand Poobah
Posted 21 January 2006 - 04:09 PM
Hello jbruskii, Welcome to the forum.
This is what I suggest you do.
Please do not delete anything unless instructed to.
Even if you've already run these, make SURE they're up-to-date and run per instructions.
Make sure you have the up-to-date versions of Spybot V 1.4 and Ad-aware SE Build 1.06 . All are free and available below.
Download Spybot, install and update. Then download Ad-aware, install, and update.
Spybot:
Install the program and launch it.
Go to Start > Programs >Spybot > Search & Destroy and choose Spybot S&D
Close ALL windows except Spybot S&D
Click the button to "Search for Updates" and download and install the Updates.
Next click the button "Check for Problems"
When Spybot is complete, it will be showing "RED" (RED) entries "BLACK" entries and "GREEN" (GREEN) entries in the window
Put a check mark beside the RED (RED) entries ONLY.
Choose "Fix Selected Problems" and allow Spybot to fix the RED (RED) entries.
Ad-Aware FULL SCAN:
Install the program and launch it.
1. Launch Ad-Aware SE and run the WebUpdate feature. (Click on the Globe icon > Click connect > Click OK > Click Finish.)
2. Set up the Configurations as follows:
-- Click the Gear wheel at the top of the Ad-Aware window
-- Click General > Safety & Settings: Check (Green) all three.
-- Click Tweak > Cleaning Engine > UNcheck "Always try to unload modules before deletion".
3. Click "Proceed"
4. Click "Scan Now"
5. Deselect "Search for negligible risk entries" as negligible risk entries (MRU's) are not considered to be a threat.
6. Select "Search for low-risk threats"
7. Run the scanner using the Full Scan (Perform full system scan) mode.
8. When the scan has completed, select Next.
9. In the Scanning Results window, select the "Scan Summary" tab.
10. Check the box next to each "target family" you wish to remove.
11. Click next > Click OK.
Next:
Please download the trial version of ewido anti-malware 3.5 here:
http://www.ewido.net/en/download/
Install it, and update the definitions to the newest files. Do NOT run a scan yet.
Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.
Then please run Ewido, click on the Scanner run a full scan and let it clean everything it finds. Save the logfile from the scan.
Restart your computer in normal mode and please post a new HijackThis log, as well as the log from the Ewido scan.
This is what I suggest you do.
Please do not delete anything unless instructed to.
Even if you've already run these, make SURE they're up-to-date and run per instructions.
Make sure you have the up-to-date versions of Spybot V 1.4 and Ad-aware SE Build 1.06 . All are free and available below.
Download Spybot, install and update. Then download Ad-aware, install, and update.
Spybot:
Install the program and launch it.
Go to Start > Programs >Spybot > Search & Destroy and choose Spybot S&D
Close ALL windows except Spybot S&D
Click the button to "Search for Updates" and download and install the Updates.
Next click the button "Check for Problems"
When Spybot is complete, it will be showing "RED" (RED) entries "BLACK" entries and "GREEN" (GREEN) entries in the window
Put a check mark beside the RED (RED) entries ONLY.
Choose "Fix Selected Problems" and allow Spybot to fix the RED (RED) entries.
Ad-Aware FULL SCAN:
Install the program and launch it.
1. Launch Ad-Aware SE and run the WebUpdate feature. (Click on the Globe icon > Click connect > Click OK > Click Finish.)
2. Set up the Configurations as follows:
-- Click the Gear wheel at the top of the Ad-Aware window
-- Click General > Safety & Settings: Check (Green) all three.
-- Click Tweak > Cleaning Engine > UNcheck "Always try to unload modules before deletion".
3. Click "Proceed"
4. Click "Scan Now"
5. Deselect "Search for negligible risk entries" as negligible risk entries (MRU's) are not considered to be a threat.
6. Select "Search for low-risk threats"
7. Run the scanner using the Full Scan (Perform full system scan) mode.
8. When the scan has completed, select Next.
9. In the Scanning Results window, select the "Scan Summary" tab.
10. Check the box next to each "target family" you wish to remove.
11. Click next > Click OK.
Next:
Please download the trial version of ewido anti-malware 3.5 here:
http://www.ewido.net/en/download/
Install it, and update the definitions to the newest files. Do NOT run a scan yet.
Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.
Then please run Ewido, click on the Scanner run a full scan and let it clean everything it finds. Save the logfile from the scan.
Restart your computer in normal mode and please post a new HijackThis log, as well as the log from the Ewido scan.
The forum is run by volunteers who donate their time and expertise.
Want to help others? Join the ClassRoom and learn how.
Logs will be closed if you haven't replied within 3 days
If you would like to 
for the help you received.
Proud graduate of TC/WTT Classroom
#3
jbruskii
-
- New Member
-
- 9 posts
New Member
Posted 21 January 2006 - 07:49 PM
Thanks for the response and advice. I followed all the directions above. Ad-aware picked up 82 objects but couldn't delete a process running from c:\windows\system32\04ug0i7k.dll. I ran Ewido in safe mode and it found 287 objects. I wasn't sure if I should run clean with backup, but that's what I did. I booted back in windows and ran hijack this. I will post both the Ewido logs and Hijackthis logs below.
**********
---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------
+ Created on: 7:37:14 PM, 1/21/2006
+ Report-Checksum: 2C712618
+ Scan result:
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000010-6F7D-442C-93E3-4A4827C2E4C8} -> Spyware.InternetOptimizer : Cleaned with backup
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E} -> Spyware.NewDotNet : Cleaned with backup
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} -> Spyware.Mirar : Cleaned with backup
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9A9C9B69-F908-4AAB-8D0C-10EA8997F37E} -> Spyware.NetNucleus : Cleaned with backup
HKU\S-1-5-21-602162358-926492609-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9A9C9B69-F908-4AAB-8D0C-10EA8997F37E} -> Spyware.NetNucleus : Cleaned with backup
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000010-6F7D-442C-93E3-4A4827C2E4C8} -> Spyware.InternetOptimizer : Cleaned with backup
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E} -> Spyware.NewDotNet : Cleaned with backup
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} -> Spyware.Mirar : Cleaned with backup
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9A9C9B69-F908-4AAB-8D0C-10EA8997F37E} -> Spyware.NetNucleus : Cleaned with backup
:mozilla.14:C:\Documents and Settings\Jeb\Application Data\Mozilla\Firefox\Profiles\khxtzzou.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.15:C:\Documents and Settings\Jeb\Application Data\Mozilla\Firefox\Profiles\khxtzzou.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.16:C:\Documents and Settings\Jeb\Application Data\Mozilla\Firefox\Profiles\khxtzzou.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.17:C:\Documents and Settings\Jeb\Application Data\Mozilla\Firefox\Profiles\khxtzzou.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.18:C:\Documents and Settings\Jeb\Application Data\Mozilla\Firefox\Profiles\khxtzzou.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.19:C:\Documents and Settings\Jeb\Application Data\Mozilla\Firefox\Profiles\khxtzzou.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.20:C:\Documents and Settings\Jeb\Application Data\Mozilla\Firefox\Profiles\khxtzzou.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.21:C:\Documents and Settings\Jeb\Application Data\Mozilla\Firefox\Profiles\khxtzzou.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.22:C:\Documents and Settings\Jeb\Application Data\Mozilla\Firefox\Profiles\khxtzzou.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.23:C:\Documents and Settings\Jeb\Application Data\Mozilla\Firefox\Profiles\khxtzzou.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.24:C:\Documents and Settings\Jeb\Application Data\Mozilla\Firefox\Profiles\khxtzzou.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.25:C:\Documents and Settings\Jeb\Application Data\Mozilla\Firefox\Profiles\khxtzzou.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.26:C:\Documents and Settings\Jeb\Application Data\Mozilla\Firefox\Profiles\khxtzzou.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.27:C:\Documents and Settings\Jeb\Application Data\Mozilla\Firefox\Profiles\khxtzzou.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.28:C:\Documents and Settings\Jeb\Application Data\Mozilla\Firefox\Profiles\khxtzzou.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.29:C:\Documents and Settings\Jeb\Application Data\Mozilla\Firefox\Profiles\khxtzzou.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.30:C:\Documents and Settings\Jeb\Application Data\Mozilla\Firefox\Profiles\khxtzzou.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.31:C:\Documents and Settings\Jeb\Application Data\Mozilla\Firefox\Profiles\khxtzzou.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.32:C:\Documents and Settings\Jeb\Application Data\Mozilla\Firefox\Profiles\khxtzzou.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.33:C:\Documents and Settings\Jeb\Application Data\Mozilla\Firefox\Profiles\khxtzzou.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.34:C:\Documents and Settings\Jeb\Application Data\Mozilla\Firefox\Profiles\khxtzzou.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.35:C:\Documents and Settings\Jeb\Application Data\Mozilla\Firefox\Profiles\khxtzzou.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.36:C:\Documents and Settings\Jeb\Application Data\Mozilla\Firefox\Profiles\khxtzzou.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.37:C:\Documents and Settings\Jeb\Application Data\Mozilla\Firefox\Profiles\khxtzzou.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.38:C:\Documents and Settings\Jeb\Application Data\Mozilla\Firefox\Profiles\khxtzzou.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.39:C:\Documents and Settings\Jeb\Application Data\Mozilla\Firefox\Profiles\khxtzzou.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.40:C:\Documents and Settings\Jeb\Application Data\Mozilla\Firefox\Profiles\khxtzzou.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.41:C:\Documents and Settings\Jeb\Application Data\Mozilla\Firefox\Profiles\khxtzzou.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.42:C:\Documents and Settings\Jeb\Application Data\Mozilla\Firefox\Profiles\khxtzzou.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.43:C:\Documents and Settings\Jeb\Application Data\Mozilla\Firefox\Profiles\khxtzzou.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.44:C:\Documents and Settings\Jeb\Application Data\Mozilla\Firefox\Profiles\khxtzzou.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.45:C:\Documents and Settings\Jeb\Application Data\Mozilla\Firefox\Profiles\khxtzzou.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.46:C:\Documents and Settings\Jeb\Application Data\Mozilla\Firefox\Profiles\khxtzzou.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.47:C:\Documents and Settings\Jeb\Application Data\Mozilla\Firefox\Profiles\khxtzzou.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.48:C:\Documents and Settings\Jeb\Application Data\Mozilla\Firefox\Profiles\khxtzzou.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.49:C:\Documents and Settings\Jeb\Application Data\Mozilla\Firefox\Profiles\khxtzzou.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.50:C:\Documents and Settings\Jeb\Application Data\Mozilla\Firefox\Profiles\khxtzzou.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.51:C:\Documents and Settings\Jeb\Application Data\Mozilla\Firefox\Profiles\khxtzzou.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.52:C:\Documents and Settings\Jeb\Application Data\Mozilla\Firefox\Profiles\khxtzzou.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.53:C:\Documents and Settings\Jeb\Application Data\Mozilla\Firefox\Profiles\khxtzzou.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.54:C:\Documents and Settings\Jeb\Application Data\Mozilla\Firefox\Profiles\khxtzzou.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.55:C:\Documents and Settings\Jeb\Application Data\Mozilla\Firefox\Profiles\khxtzzou.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.56:C:\Documents and Settings\Jeb\Application Data\Mozilla\Firefox\Profiles\khxtzzou.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.57:C:\Documents and Settings\Jeb\Application Data\Mozilla\Firefox\Profiles\khxtzzou.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.58:C:\Documents and Settings\Jeb\Application Data\Mozilla\Firefox\Profiles\khxtzzou.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.59:C:\Documents and Settings\Jeb\Application Data\Mozilla\Firefox\Profiles\khxtzzou.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.60:C:\Documents and Settings\Jeb\Application Data\Mozilla\Firefox\Profiles\khxtzzou.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.61:C:\Documents and Settings\Jeb\Application Data\Mozilla\Firefox\Profiles\khxtzzou.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.62:C:\Documents and Settings\Jeb\Application Data\Mozilla\Firefox\Profiles\khxtzzou.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.63:C:\Documents and Settings\Jeb\Application Data\Mozilla\Firefox\Profiles\khxtzzou.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.92:C:\Documents and Settings\Jeb\Application Data\Mozilla\Firefox\Profiles\khxtzzou.default\cookies.txt -> Spyware.Cookie.Addynamix : Cleaned with backup
:mozilla.95:C:\Documents and Settings\Jeb\Application Data\Mozilla\Firefox\Profiles\khxtzzou.default\cookies.txt -> Spyware.Cookie.Euroclick : Cleaned with backup
:mozilla.96:C:\Documents and Settings\Jeb\Application Data\Mozilla\Firefox\Profiles\khxtzzou.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.98:C:\Documents and Settings\Jeb\Application Data\Mozilla\Firefox\Profiles\khxtzzou.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.99:C:\Documents and Settings\Jeb\Application Data\Mozilla\Firefox\Profiles\khxtzzou.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.100:C:\Documents and Settings\Jeb\Application Data\Mozilla\Firefox\Profiles\khxtzzou.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.101:C:\Documents and Settings\Jeb\Application Data\Mozilla\Firefox\Profiles\khxtzzou.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.102:C:\Documents and Settings\Jeb\Application Data\Mozilla\Firefox\Profiles\khxtzzou.default\cookies.txt -> Spyware.Cookie.Adtech : Cleaned with backup
:mozilla.103:C:\Documents and Settings\Jeb\Application Data\Mozilla\Firefox\Profiles\khxtzzou.default\cookies.txt -> Spyware.Cookie.Adtech : Cleaned with backup
:mozilla.160:C:\Documents and Settings\Jeb\Application Data\Mozilla\Firefox\Profiles\khxtzzou.default\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.166:C:\Documents and Settings\Jeb\Application Data\Mozilla\Firefox\Profiles\khxtzzou.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.167:C:\Documents and Settings\Jeb\Application Data\Mozilla\Firefox\Profiles\khxtzzou.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.175:C:\Documents and Settings\Jeb\Application Data\Mozilla\Firefox\Profiles\khxtzzou.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.186:C:\Documents and Settings\Jeb\Application Data\Mozilla\Firefox\Profiles\khxtzzou.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.187:C:\Documents and Settings\Jeb\Application Data\Mozilla\Firefox\Profiles\khxtzzou.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.188:C:\Documents and Settings\Jeb\Application Data\Mozilla\Firefox\Profiles\khxtzzou.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.189:C:\Documents and Settings\Jeb\Application Data\Mozilla\Firefox\Profiles\khxtzzou.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.195:C:\Documents and Settings\Jeb\Application Data\Mozilla\Firefox\Profiles\khxtzzou.default\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.196:C:\Documents and Settings\Jeb\Application Data\Mozilla\Firefox\Profiles\khxtzzou.default\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.212:C:\Documents and Settings\Jeb\Application Data\Mozilla\Firefox\Profiles\khxtzzou.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.213:C:\Documents and Settings\Jeb\Application Data\Mozilla\Firefox\Profiles\khxtzzou.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.220:C:\Documents and Settings\Jeb\Application Data\Mozilla\Firefox\Profiles\khxtzzou.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.221:C:\Documents and Settings\Jeb\Application Data\Mozilla\Firefox\Profiles\khxtzzou.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.222:C:\Documents and Settings\Jeb\Application Data\Mozilla\Firefox\Profiles\khxtzzou.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.223:C:\Documents and Settings\Jeb\Application Data\Mozilla\Firefox\Profiles\khxtzzou.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.224:C:\Documents and Settings\Jeb\Application Data\Mozilla\Firefox\Profiles\khxtzzou.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.225:C:\Documents and Settings\Jeb\Application Data\Mozilla\Firefox\Profiles\khxtzzou.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.226:C:\Documents and Settings\Jeb\Application Data\Mozilla\Firefox\Profiles\khxtzzou.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.227:C:\Documents and Settings\Jeb\Application Data\Mozilla\Firefox\Profiles\khxtzzou.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.228:C:\Documents and Settings\Jeb\Application Data\Mozilla\Firefox\Profiles\khxtzzou.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.229:C:\Documents and Settings\Jeb\Application Data\Mozilla\Firefox\Profiles\khxtzzou.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.230:C:\Documents and Settings\Jeb\Application Data\Mozilla\Firefox\Profiles\khxtzzou.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.231:C:\Documents and Settings\Jeb\Application Data\Mozilla\Firefox\Profiles\khxtzzou.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.232:C:\Documents and Settings\Jeb\Application Data\Mozilla\Firefox\Profiles\khxtzzou.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.233:C:\Documents and Settings\Jeb\Application Data\Mozilla\Firefox\Profiles\khxtzzou.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.234:C:\Documents and Settings\Jeb\Application Data\Mozilla\Firefox\Profiles\khxtzzou.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.235:C:\Documents and Settings\Jeb\Application Data\Mozilla\Firefox\Profiles\khxtzzou.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.236:C:\Documents and Settings\Jeb\Application Data\Mozilla\Firefox\Profiles\khxtzzou.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.237:C:\Documents and Settings\Jeb\Application Data\Mozilla\Firefox\Profiles\khxtzzou.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.238:C:\Documents and Settings\Jeb\Application Data\Mozilla\Firefox\Profiles\khxtzzou.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.239:C:\Documents and Settings\Jeb\Application Data\Mozilla\Firefox\Profiles\khxtzzou.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.240:C:\Documents and Settings\Jeb\Application Data\Mozilla\Firefox\Profiles\khxtzzou.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.241:C:\Documents and Settings\Jeb\Application Data\Mozilla\Firefox\Profiles\khxtzzou.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.242:C:\Documents and Settings\Jeb\Application Data\Mozilla\Firefox\Profiles\khxtzzou.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.243:C:\Documents and Settings\Jeb\Application Data\Mozilla\Firefox\Profiles\khxtzzou.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.244:C:\Documents and Settings\Jeb\Application Data\Mozilla\Firefox\Profiles\khxtzzou.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.245:C:\Documents and Settings\Jeb\Application Data\Mozilla\Firefox\Profiles\khxtzzou.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.246:C:\Documents and Settings\Jeb\Application Data\Mozilla\Firefox\Profiles\khxtzzou.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.247:C:\Documents and Settings\Jeb\Application Data\Mozilla\Firefox\Profiles\khxtzzou.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.248:C:\Documents and Settings\Jeb\Application Data\Mozilla\Firefox\Profiles\khxtzzou.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.249:C:\Documents and Settings\Jeb\Application Data\Mozilla\Firefox\Profiles\khxtzzou.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.250:C:\Documents and Settings\Jeb\Application Data\Mozilla\Firefox\Profiles\khxtzzou.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.251:C:\Documents and Settings\Jeb\Application Data\Mozilla\Firefox\Profiles\khxtzzou.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.252:C:\Documents and Settings\Jeb\Application Data\Mozilla\Firefox\Profiles\khxtzzou.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.253:C:\Documents and Settings\Jeb\Application Data\Mozilla\Firefox\Profiles\khxtzzou.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.254:C:\Documents and Settings\Jeb\Application Data\Mozilla\Firefox\Profiles\khxtzzou.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.255:C:\Documents and Settings\Jeb\Application Data\Mozilla\Firefox\Profiles\khxtzzou.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.256:C:\Documents and Settings\Jeb\Application Data\Mozilla\Firefox\Profiles\khxtzzou.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.257:C:\Documents and Settings\Jeb\Application Data\Mozilla\Firefox\Profiles\khxtzzou.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.258:C:\Documents and Settings\Jeb\Application Data\Mozilla\Firefox\Profiles\khxtzzou.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.259:C:\Documents and Settings\Jeb\Application Data\Mozilla\Firefox\Profiles\khxtzzou.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.260:C:\Documents and Settings\Jeb\Application Data\Mozilla\Firefox\Profiles\khxtzzou.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.261:C:\Documents and Settings\Jeb\Application Data\Mozilla\Firefox\Profiles\khxtzzou.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.262:C:\Documents and Settings\Jeb\Application Data\Mozilla\Firefox\Profiles\khxtzzou.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.263:C:\Documents and Settings\Jeb\Application Data\Mozilla\Firefox\Profiles\khxtzzou.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.264:C:\Documents and Settings\Jeb\Application Data\Mozilla\Firefox\Profiles\khxtzzou.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.265:C:\Documents and Settings\Jeb\Application Data\Mozilla\Firefox\Profiles\khxtzzou.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.266:C:\Documents and Settings\Jeb\Application Data\Mozilla\Firefox\Profiles\khxtzzou.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.267:C:\Documents and Settings\Jeb\Application Data\Mozilla\Firefox\Profiles\khxtzzou.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.268:C:\Documents and Settings\Jeb\Application Data\Mozilla\Firefox\Profiles\khxtzzou.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.269:C:\Documents and Settings\Jeb\Application Data\Mozilla\Firefox\Profiles\khxtzzou.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.270:C:\Documents and Settings\Jeb\Application Data\Mozilla\Firefox\Profiles\khxtzzou.default\cookies.txt -> Spyware.Cookie.Clickzs : Cleaned with backup
:mozilla.271:C:\Documents and Settings\Jeb\Application Data\Mozilla\Firefox\Profiles\khxtzzou.default\cookies.txt -> Spyware.Cookie.Clickzs : Cleaned with backup
:mozilla.272:C:\Documents and Settings\Jeb\Application Data\Mozilla\Firefox\Profiles\khxtzzou.default\cookies.txt -> Spyware.Cookie.Clickzs : Cleaned with backup
:mozilla.273:C:\Documents and Settings\Jeb\Application Data\Mozilla\Firefox\Profiles\khxtzzou.default\cookies.txt -> Spyware.Cookie.Clickzs : Cleaned with backup
:mozilla.274:C:\Documents and Settings\Jeb\Application Data\Mozilla\Firefox\Profiles\khxtzzou.default\cookies.txt -> Spyware.Cookie.Clickzs : Cleaned with backup
:mozilla.275:C:\Documents and Settings\Jeb\Application Data\Mozilla\Firefox\Profiles\khxtzzou.default\cookies.txt -> Spyware.Cookie.Clickzs : Cleaned with backup
:mozilla.317:C:\Documents and Settings\Jeb\Application Data\Mozilla\Firefox\Profiles\khxtzzou.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.318:C:\Documents and Settings\Jeb\Application Data\Mozilla\Firefox\Profiles\khxtzzou.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.319:C:\Documents and Settings\Jeb\Application Data\Mozilla\Firefox\Profiles\khxtzzou.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.340:C:\Documents and Settings\Jeb\Application Data\Mozilla\Firefox\Profiles\khxtzzou.default\cookies.txt -> Spyware.Cookie.Estat : Cleaned with backup
:mozilla.358:C:\Documents and Settings\Jeb\Application Data\Mozilla\Firefox\Profiles\khxtzzou.default\cookies.txt -> Spyware.Cookie.Findwhat : Cleaned with backup
:mozilla.397:C:\Documents and Settings\Jeb\Application Data\Mozilla\Firefox\Profiles\khxtzzou.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.413:C:\Documents and Settings\Jeb\Application Data\Mozilla\Firefox\Profiles\khxtzzou.default\cookies.txt -> Spyware.Cookie.Ivwbox : Cleaned with backup
:mozilla.530:C:\Documents and Settings\Jeb\Application Data\Mozilla\Firefox\Profiles\khxtzzou.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.531:C:\Documents and Settings\Jeb\Application Data\Mozilla\Firefox\Profiles\khxtzzou.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.539:C:\Documents and Settings\Jeb\Application Data\Mozilla\Firefox\Profiles\khxtzzou.default\cookies.txt -> Spyware.Cookie.Paycounter : Cleaned with backup
:mozilla.547:C:\Documents and Settings\Jeb\Application Data\Mozilla\Firefox\Profiles\khxtzzou.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.557:C:\Documents and Settings\Jeb\Application Data\Mozilla\Firefox\Profiles\khxtzzou.default\cookies.txt -> Spyware.Cookie.Valuead : Cleaned with backup
:mozilla.558:C:\Documents and Settings\Jeb\Application Data\Mozilla\Firefox\Profiles\khxtzzou.default\cookies.txt -> Spyware.Cookie.Valuead : Cleaned with backup
:mozilla.559:C:\Documents and Settings\Jeb\Application Data\Mozilla\Firefox\Profiles\khxtzzou.default\cookies.txt -> Spyware.Cookie.Valuead : Cleaned with backup
:mozilla.560:C:\Documents and Settings\Jeb\Application Data\Mozilla\Firefox\Profiles\khxtzzou.default\cookies.txt -> Spyware.Cookie.Valuead : Cleaned with backup
:mozilla.561:C:\Documents and Settings\Jeb\Application Data\Mozilla\Firefox\Profiles\khxtzzou.default\cookies.txt -> Spyware.Cookie.Valuead : Cleaned with backup
:mozilla.570:C:\Documents and Settings\Jeb\Application Data\Mozilla\Firefox\Profiles\khxtzzou.default\cookies.txt -> Spyware.Cookie.Qksrv : Cleaned with backup
:mozilla.571:C:\Documents and Settings\Jeb\Application Data\Mozilla\Firefox\Profiles\khxtzzou.default\cookies.txt -> Spyware.Cookie.Qksrv : Cleaned with backup
:mozilla.575:C:\Documents and Settings\Jeb\Application Data\Mozilla\Firefox\Profiles\khxtzzou.default\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
:mozilla.585:C:\Documents and Settings\Jeb\Application Data\Mozilla\Firefox\Profiles\khxtzzou.default\cookies.txt -> Spyware.Cookie.Revenue : Cleaned with backup
:mozilla.604:C:\Documents and Settings\Jeb\Application Data\Mozilla\Firefox\Profiles\khxtzzou.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.605:C:\Documents and Settings\Jeb\Application Data\Mozilla\Firefox\Profiles\khxtzzou.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.606:C:\Documents and Settings\Jeb\Application Data\Mozilla\Firefox\Profiles\khxtzzou.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.607:C:\Documents and Settings\Jeb\Application Data\Mozilla\Firefox\Profiles\khxtzzou.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.608:C:\Documents and Settings\Jeb\Application Data\Mozilla\Firefox\Profiles\khxtzzou.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.635:C:\Documents and Settings\Jeb\Application Data\Mozilla\Firefox\Profiles\khxtzzou.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.636:C:\Documents and Settings\Jeb\Application Data\Mozilla\Firefox\Profiles\khxtzzou.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.637:C:\Documents and Settings\Jeb\Application Data\Mozilla\Firefox\Profiles\khxtzzou.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.638:C:\Documents and Settings\Jeb\Application Data\Mozilla\Firefox\Profiles\khxtzzou.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.639:C:\Documents and Settings\Jeb\Application Data\Mozilla\Firefox\Profiles\khxtzzou.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.640:C:\Documents and Settings\Jeb\Application Data\Mozilla\Firefox\Profiles\khxtzzou.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.641:C:\Documents and Settings\Jeb\Application Data\Mozilla\Firefox\Profiles\khxtzzou.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.642:C:\Documents and Settings\Jeb\Application Data\Mozilla\Firefox\Profiles\khxtzzou.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.643:C:\Documents and Settings\Jeb\Application Data\Mozilla\Firefox\Profiles\khxtzzou.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.644:C:\Documents and Settings\Jeb\Application Data\Mozilla\Firefox\Profiles\khxtzzou.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.645:C:\Documents and Settings\Jeb\Application Data\Mozilla\Firefox\Profiles\khxtzzou.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.646:C:\Documents and Settings\Jeb\Application Data\Mozilla\Firefox\Profiles\khxtzzou.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.647:C:\Documents and Settings\Jeb\Application Data\Mozilla\Firefox\Profiles\khxtzzou.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.648:C:\Documents and Settings\Jeb\Application Data\Mozilla\Firefox\Profiles\khxtzzou.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.649:C:\Documents and Settings\Jeb\Application Data\Mozilla\Firefox\Profiles\khxtzzou.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.650:C:\Documents and Settings\Jeb\Application Data\Mozilla\Firefox\Profiles\khxtzzou.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.651:C:\Documents and Settings\Jeb\Application Data\Mozilla\Firefox\Profiles\khxtzzou.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.652:C:\Documents and Settings\Jeb\Application Data\Mozilla\Firefox\Profiles\khxtzzou.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.653:C:\Documents and Settings\Jeb\Application Data\Mozilla\Firefox\Profiles\khxtzzou.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.654:C:\Documents and Settings\Jeb\Application Data\Mozilla\Firefox\Profiles\khxtzzou.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.655:C:\Documents and Settings\Jeb\Application Data\Mozilla\Firefox\Profiles\khxtzzou.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.656:C:\Documents and Settings\Jeb\Application Data\Mozilla\Firefox\Profiles\khxtzzou.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.657:C:\Documents and Settings\Jeb\Application Data\Mozilla\Firefox\Profiles\khxtzzou.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.658:C:\Documents and Settings\Jeb\Application Data\Mozilla\Firefox\Profiles\khxtzzou.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.659:C:\Documents and Settings\Jeb\Application Data\Mozilla\Firefox\Profiles\khxtzzou.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.660:C:\Documents and Settings\Jeb\Application Data\Mozilla\Firefox\Profiles\khxtzzou.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.688:C:\Documents and Settings\Jeb\Application Data\Mozilla\Firefox\Profiles\khxtzzou.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
:mozilla.693:C:\Documents and Settings\Jeb\Application Data\Mozilla\Firefox\Profiles\khxtzzou.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.711:C:\Documents and Settings\Jeb\Application Data\Mozilla\Firefox\Profiles\khxtzzou.default\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.748:C:\Documents and Settings\Jeb\Application Data\Mozilla\Firefox\Profiles\khxtzzou.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.749:C:\Documents and Settings\Jeb\Application Data\Mozilla\Firefox\Profiles\khxtzzou.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.750:C:\Documents and Settings\Jeb\Application Data\Mozilla\Firefox\Profiles\khxtzzou.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.768:C:\Documents and Settings\Jeb\Application Data\Mozilla\Firefox\Profiles\khxtzzou.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.769:C:\Documents and Settings\Jeb\Application Data\Mozilla\Firefox\Profiles\khxtzzou.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.770:C:\Documents and Settings\Jeb\Application Data\Mozilla\Firefox\Profiles\khxtzzou.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.771:C:\Documents and Settings\Jeb\Application Data\Mozilla\Firefox\Profiles\khxtzzou.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.772:C:\Documents and Settings\Jeb\Application Data\Mozilla\Firefox\Profiles\khxtzzou.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.773:C:\Documents and Settings\Jeb\Application Data\Mozilla\Firefox\Profiles\khxtzzou.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.774:C:\Documents and Settings\Jeb\Application Data\Mozilla\Firefox\Profiles\khxtzzou.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.775:C:\Documents and Settings\Jeb\Application Data\Mozilla\Firefox\Profiles\khxtzzou.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.804:C:\Documents and Settings\Jeb\Application Data\Mozilla\Firefox\Profiles\khxtzzou.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.808:C:\Documents and Settings\Jeb\Application Data\Mozilla\Firefox\Profiles\khxtzzou.default\cookies.txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
:mozilla.809:C:\Documents and Settings\Jeb\Application Data\Mozilla\Firefox\Profiles\khxtzzou.default\cookies.txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
:mozilla.836:C:\Documents and Settings\Jeb\Application Data\Mozilla\Firefox\Profiles\khxtzzou.default\cookies.txt -> Spyware.Cookie.Masterstats : Cleaned with backup
:mozilla.857:C:\Documents and Settings\Jeb\Application Data\Mozilla\Firefox\Profiles\khxtzzou.default\cookies.txt -> Spyware.Cookie.Adjuggler : Cleaned with backup
:mozilla.864:C:\Documents and Settings\Jeb\Application Data\Mozilla\Firefox\Profiles\khxtzzou.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.918:C:\Documents and Settings\Jeb\Application Data\Mozilla\Firefox\Profiles\khxtzzou.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.919:C:\Documents and Settings\Jeb\Application Data\Mozilla\Firefox\Profiles\khxtzzou.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
C:\Documents and Settings\Jeb\Cookies\jeb@ad.yieldmanager[1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Jeb\Cookies\jeb@adopt.specificclick[2].txt -> Spyware.Cookie.Specificclick : Cleaned with backup
C:\Documents and Settings\Jeb\Cookies\jeb@yieldmanager[1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Jeb\Local Settings\Temp\nein.exe -> Downloader.Small.bgl : Cleaned with backup
C:\Documents and Settings\Jeb\Local Settings\Temp\temp.frC209 -> Adware.Sud : Cleaned with backup
C:\Documents and Settings\Jeb\Local Settings\Temporary Internet Files\Content.IE5\IV6TKT6V\xpl[1].wmf -> Exploit.MS05-053-WMF : Cleaned with backup
C:\Documents and Settings\Jeb\Local Settings\Temporary Internet Files\Content.IE5\MP0VCT25\new[2].htm -> Downloader.Agent.i : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@ad.yieldmanager[1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\89QJWTYJ\drsmartload197a[1].exe -> Downloader.Adload.j : Cleaned with backup
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\89QJWTYJ\elt888[1].exe -> Logger.Agent.hi : Cleaned with backup
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\89QJWTYJ\mm63[1].ocx -> Spyware.MediaMotor : Cleaned with backup
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\89QJWTYJ\mtrslib2[1].js -> Downloader.Small.ag : Cleaned with backup
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\8PAB45EJ\!update-3195[1].0000 -> Downloader.PurityScan.be : Cleaned with backup
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\8PAB45EJ\drsmartload[1].exe -> Downloader.Adload.j : Cleaned with backup
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\8PAB45EJ\elitemediapop[1].exe -> Trojan.LowZones.am : Cleaned with backup
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\K1AJ49UR\installer_251[1].exe -> Downloader.Qoologic.al : Cleaned with backup
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\KDMNSDMR\876057[1].exe -> Adware.Mirar : Cleaned with backup
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\KDMNSDMR\drsmartload_js[1].htm -> Downloader.IstBar.j : Cleaned with backup
C:\drsmartload1.exe -> Downloader.Adload.j : Cleaned with backup
C:\dsl197.exe -> Downloader.Adload.j : Cleaned with backup
C:\Program Files\Network Monitor\netmon.exe -> Not-A-Virus.Monitor.Win32.NetMon.a : Cleaned with backup
C:\WINDOWS\876057.exe -> Adware.Mirar : Cleaned with backup
C:\WINDOWS\elitemediapop.exe -> Trojan.LowZones.am : Cleaned with backup
C:\WINDOWS\mm63.ocx_tobedeleted -> Spyware.MediaMotor : Cleaned with backup
C:\WINDOWS\NDNuninstall7_14.exe -> Adware.NewDotNet : Cleaned with backup
C:\WINDOWS\scvhost.exe -> Backdoor.SdBot.ahj : Cleaned with backup
C:\WINDOWS\system32\loghlp.exe -> Logger.VB.eh : Cleaned with backup
C:\WINDOWS\system32\pi1_58.exe -> Downloader.Small.bue : Cleaned with backup
C:\WINDOWS\system32\WinNB57.dll -> Adware.Mirar : Cleaned with backup
C:\WINDOWS\Temp\!update.exe -> Downloader.PurityScan.be : Cleaned with backup
C:\WINDOWS\Temp\F0E46.tmp/Quicklinks.exe -> Adware.MDH : Cleaned with backup
C:\WINDOWS\winsysupd.exe -> Hijacker.StartPage.ahg : Cleaned with backup
::Report End
I admit I surf the pr0n. :-p
#4
jbruskii
-
- New Member
-
- 9 posts
New Member
Posted 21 January 2006 - 07:50 PM
Logfile of HijackThis v1.99.1
Scan saved at 7:40:45 PM, on 1/21/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Common Files\Canopus Shared\ProCoder 2\Kernel\PNXSERVR.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\LXSUPMON.EXE
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\hijack this\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2A0DC235-278F-2379-A4ED-04D58A2CE3BB} - C:\WINDOWS\system32\qlbjnzhi.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [ALi5289] C:\Program Files\ULI5289\ALi5289.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [NexusServer] "C:\Program Files\Common Files\Canopus Shared\ProCoder 2\Kernel\PNXSERVR.exe" -SelfLaunch
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Laser mouse] "C:\Program Files\Laser Center\Laser Sensor Mouse\Panel.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [\\gigantor\EPSON Stylus CX5400] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE /P30 "\\gigantor\EPSON Stylus CX5400" /O6 "USB001" /M "Stylus CX5400"
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\system32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [winsysban] C:\windows\winsysban.exe
O4 - HKCU\..\Run: [AtiTrayTools] "C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe"
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Local Security Authority Subsystem Service (lsass) - Unknown owner - C:\WINDOWS\scvhost.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
#5
LDTate
-
- Root Admin
-
- 57,211 posts
Grand Poobah
Posted 21 January 2006 - 08:05 PM
I suggest you do this:
Double-click My Computer.
Click the Tools menu, and then click Folder Options.
Click the View tab.
Clear "Hide file extensions for known file types."
Under the "Hidden files" folder, select "Show hidden files and folders."
Clear "Hide protected operating system files."
Click Apply, and then click OK.
Please do not delete anything unless instructed to.
Run hijackthis. Hit None of the above, Click Do a System Scan Only. Put a Check in the box on the left side on these:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {2A0DC235-278F-2379-A4ED-04D58A2CE3BB} - C:\WINDOWS\system32\qlbjnzhi.dll
O4 - HKLM\..\Run: [ALi5289] C:\Program Files\ULI5289\ALi5289.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [winsysban] C:\windows\winsysban.exe
Close ALL windows and browsers except HijackThis and click "Fix checked"
Restart in Safe Mode:
Restart your computer.
Press F8 after the Power-On Self Test (POST) is done. If the Windows Advanced Options Menu does not appear, try restarting and then pressing F8 several times after the POST screen.
Choose the Safe Mode option from the Windows Advanced Options Menu then press Enter.
delete these folders if listed:
C:\Program Files\ULI5289
delete these files if listed:
C:\Program Files\ULI5289\ALi5289.exe
C:\windows\winsysban.exe
Open C:\Windows\Prefetch\ Delete ALL files in this folder.
Do this also if these Temp Folders are part of your OS.
Also in safe mode navigate to the C:\Windows\Temp folder. Open the Temp folder and go to Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder.
Next navigate to the C:\Documents and Settings\(EVERY LISTED PROFILE USER)\Local Settings\Temp folder. Open the Temp folder and go to Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder.
Finally go to Control Panel > Internet Options. On the General tab under "Temporary Internet Files" Click "Delete Files". Put a check by "Delete Offline Content" and click OK. Click on the Programs tab then click the "Reset Web Settings" button. Click Apply then OK.
Empty the Recycle Bin
Reboot and "copy/paste" a new HijackThis log file into this thread.
Also please describe how your computer behaves at the moment.
Double-click My Computer.
Click the Tools menu, and then click Folder Options.
Click the View tab.
Clear "Hide file extensions for known file types."
Under the "Hidden files" folder, select "Show hidden files and folders."
Clear "Hide protected operating system files."
Click Apply, and then click OK.
Please do not delete anything unless instructed to.
Run hijackthis. Hit None of the above, Click Do a System Scan Only. Put a Check in the box on the left side on these:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {2A0DC235-278F-2379-A4ED-04D58A2CE3BB} - C:\WINDOWS\system32\qlbjnzhi.dll
O4 - HKLM\..\Run: [ALi5289] C:\Program Files\ULI5289\ALi5289.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [winsysban] C:\windows\winsysban.exe
Close ALL windows and browsers except HijackThis and click "Fix checked"
Restart in Safe Mode:
Restart your computer.
Press F8 after the Power-On Self Test (POST) is done. If the Windows Advanced Options Menu does not appear, try restarting and then pressing F8 several times after the POST screen.
Choose the Safe Mode option from the Windows Advanced Options Menu then press Enter.
delete these folders if listed:
C:\Program Files\ULI5289
delete these files if listed:
C:\Program Files\ULI5289\ALi5289.exe
C:\windows\winsysban.exe
Open C:\Windows\Prefetch\ Delete ALL files in this folder.
Do this also if these Temp Folders are part of your OS.
Also in safe mode navigate to the C:\Windows\Temp folder. Open the Temp folder and go to Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder.
Next navigate to the C:\Documents and Settings\(EVERY LISTED PROFILE USER)\Local Settings\Temp folder. Open the Temp folder and go to Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder.
Finally go to Control Panel > Internet Options. On the General tab under "Temporary Internet Files" Click "Delete Files". Put a check by "Delete Offline Content" and click OK. Click on the Programs tab then click the "Reset Web Settings" button. Click Apply then OK.
Empty the Recycle Bin
Reboot and "copy/paste" a new HijackThis log file into this thread.
Also please describe how your computer behaves at the moment.
The forum is run by volunteers who donate their time and expertise.
Want to help others? Join the ClassRoom and learn how.
Logs will be closed if you haven't replied within 3 days
If you would like to for the help you received.
Proud graduate of TC/WTT Classroom
#6
jbruskii
-
- New Member
-
- 9 posts
New Member
Posted 21 January 2006 - 11:06 PM
I followed all your instructions and deleted everything you listed. My computer has been running for about a half hour and I haven't encountered any popups. It seems like there are less processes running now. Below is my hijackthis log taken when I rebooted out of safe mode. I really appreciate you taking the time to help me.
Also, I recently installed an ATI video card and was wondering if I should just delete the NVIDIA drivers from my pc, since I noticed highjackthis listed a couple of nvidia features. Thanks again.
**********
Logfile of HijackThis v1.99.1
Scan saved at 10:33:33 PM, on 1/21/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Common Files\Canopus Shared\ProCoder 2\Kernel\PNXSERVR.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\LXSUPMON.EXE
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\hijack this\HijackThis.exe
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [NexusServer] "C:\Program Files\Common Files\Canopus Shared\ProCoder 2\Kernel\PNXSERVR.exe" -SelfLaunch
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Laser mouse] "C:\Program Files\Laser Center\Laser Sensor Mouse\Panel.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [\\gigantor\EPSON Stylus CX5400] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE /P30 "\\gigantor\EPSON Stylus CX5400" /O6 "USB001" /M "Stylus CX5400"
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\system32\LXSUPMON.EXE RUN
O4 - HKCU\..\Run: [AtiTrayTools] "C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe"
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Local Security Authority Subsystem Service (lsass) - Unknown owner - C:\WINDOWS\scvhost.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
#7
LDTate
-
- Root Admin
-
- 57,211 posts
Grand Poobah
Posted 21 January 2006 - 11:09 PM
You can if you like.Also, I recently installed an ATI video card and was wondering if I should just delete the NVIDIA drivers from my pc,
Good Job
Log looks good
How is it running any issues?Note: This will remove all previous Restore Points
Turn off System Restore:
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.
Restart your computer, turn it back on.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Remove the Check Turn off System Restore.
Click Apply, and then click OK.
Click Start> My Computer, select the Tools menu and then Folder Options, after the new window appears select the View tab…]
This time select the: Restore Defaults
Select: Apply, and click OK
If you dont have these three programs I would recommend that you get them. Spywareblaster, Spywareguard and IESPY AD. They will add 1000's of sites to your resticted zone and block some hijacks from happening. I also have a FREE FIREWALL and FREE ANTI VIRUS if you need one.
It is critical to have both a firewall and anti virus to protect your system.
Keep your system up to date and run Adaware & Spybot, once a week works, and hopefully you will be ok from here on. Both are available below.
Safe Surfing.
I would also suggest you read this:
So how did I get infected in the first place?
by Tony Klein
The forum is run by volunteers who donate their time and expertise.
Want to help others? Join the ClassRoom and learn how.
Logs will be closed if you haven't replied within 3 days
If you would like to for the help you received.
Proud graduate of TC/WTT Classroom
#8
jbruskii
-
- New Member
-
- 9 posts
New Member
Posted 22 January 2006 - 02:30 AM
Thanks for all the information. I feel a bit overwhelmed with all of it, but I managed to slowly work my way through it. I installed all the programs you listed including the firewall and anti-virus program. My only concern about having all these programs running is that they will conflict with one another. I realize that was addressed in Tony Klein's "So how did I get infected in the first place?". I only have one firewall and anti-virus program, so I should be fine.
The machine has been running excellent with no popups to speak of. My box is much more secure than it was previously. Thanks for all your help. I feel like I should be posting another hijackthis log. 
#9
LDTate
-
- Root Admin
-
- 57,211 posts
Grand Poobah
Posted 22 January 2006 - 06:26 AM
Looks like I missed one 
I suggest you do this:
Run hijackthis. Hit None of the above, Click Do a System Scan Only. Put a Check in the box on the left side on these:
O23 - Service: Local Security Authority Subsystem Service (lsass) - Unknown owner - C:\WINDOWS\scvhost.exe (file missing)
Close ALL windows and browsers except HijackThis and click "Fix checked"
Delete these Files if listed:
C:\WINDOWS\scvhost.exe <--Be careful with the spelling, make sure you only delete scvhost.exe
Empty Recycle Bin.
Restart your computer.
Reboot and "copy/paste" a new log file into this thread.
I suggest you do this:
Run hijackthis. Hit None of the above, Click Do a System Scan Only. Put a Check in the box on the left side on these:
O23 - Service: Local Security Authority Subsystem Service (lsass) - Unknown owner - C:\WINDOWS\scvhost.exe (file missing)
Close ALL windows and browsers except HijackThis and click "Fix checked"
Delete these Files if listed:
C:\WINDOWS\scvhost.exe <--Be careful with the spelling, make sure you only delete scvhost.exe
Empty Recycle Bin.
Restart your computer.
Reboot and "copy/paste" a new log file into this thread.
The forum is run by volunteers who donate their time and expertise.
Want to help others? Join the ClassRoom and learn how.
Logs will be closed if you haven't replied within 3 days
If you would like to for the help you received.
Proud graduate of TC/WTT Classroom
#10
jbruskii
-
- New Member
-
- 9 posts
New Member
Posted 22 January 2006 - 01:50 PM
I was wondering what that entry was since it had Unknown Owner next to it. I didn't find the scvhost.exe in my Windows directory. Here is my hijackthis log after the reboot.
**********
Logfile of HijackThis v1.99.1
Scan saved at 1:39:54 PM, on 1/22/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Common Files\Canopus Shared\ProCoder 2\Kernel\PNXSERVR.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Laser Center\Laser Sensor Mouse\Panel.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\WINDOWS\system32\LXSUPMON.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\hijack this\HijackThis.exe
C:\WINDOWS\System32\svchost.exe
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [NexusServer] "C:\Program Files\Common Files\Canopus Shared\ProCoder 2\Kernel\PNXSERVR.exe" -SelfLaunch
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Laser mouse] "C:\Program Files\Laser Center\Laser Sensor Mouse\Panel.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [\\gigantor\EPSON Stylus CX5400] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE /P30 "\\gigantor\EPSON Stylus CX5400" /O6 "USB001" /M "Stylus CX5400"
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\system32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKCU\..\Run: [AtiTrayTools] "C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe"
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Local Security Authority Subsystem Service (lsass) - Unknown owner - C:\WINDOWS\scvhost.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
Now you can witness all the programs I installed based off your input.
Register to Remove
#11
LDTate
-
- Root Admin
-
- 57,211 posts
Grand Poobah
Posted 22 January 2006 - 01:54 PM
It's still there.
Close all windows and browsers.
Open HijackThis
Click on Open Misc Tools
Click on Delete a File On Reboot
Click once on the file below to select it:
C:\WINDOWS\scvhost.exe
Click on the Back button to exit Process Manager
Now, back at the main screen of HijackThis, proceed to Scan.
and put a check by these.
O23 - Service: Local Security Authority Subsystem Service (lsass) - Unknown owner - C:\WINDOWS\scvhost.exe (file missing)
Close ALL windows and browsers except HijackThis and click "Fix checked"
Reboot and post a new HJT log.
Close all windows and browsers.
Open HijackThis
Click on Open Misc Tools
Click on Delete a File On Reboot
Click once on the file below to select it:
C:\WINDOWS\scvhost.exe
Click on the Back button to exit Process Manager
Now, back at the main screen of HijackThis, proceed to Scan.
and put a check by these.
O23 - Service: Local Security Authority Subsystem Service (lsass) - Unknown owner - C:\WINDOWS\scvhost.exe (file missing)
Close ALL windows and browsers except HijackThis and click "Fix checked"
Reboot and post a new HJT log.
The forum is run by volunteers who donate their time and expertise.
Want to help others? Join the ClassRoom and learn how.
Logs will be closed if you haven't replied within 3 days
If you would like to for the help you received.
Proud graduate of TC/WTT Classroom
#12
jbruskii
-
- New Member
-
- 9 posts
New Member
Posted 22 January 2006 - 05:51 PM
I couldn't click on the file due to it not being in the directory but I guided hijackthis to the Windows directory and typed in the file (scvhost.exe) to delete on reboot. Here is my new HJT log.
**********
Logfile of HijackThis v1.99.1
Scan saved at 5:43:53 PM, on 1/22/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Common Files\Canopus Shared\ProCoder 2\Kernel\PNXSERVR.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Program Files\Laser Center\Laser Sensor Mouse\Panel.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\LXSUPMON.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\hijack this\HijackThis.exe
C:\WINDOWS\System32\svchost.exe
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [NexusServer] "C:\Program Files\Common Files\Canopus Shared\ProCoder 2\Kernel\PNXSERVR.exe" -SelfLaunch
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Laser mouse] "C:\Program Files\Laser Center\Laser Sensor Mouse\Panel.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [\\gigantor\EPSON Stylus CX5400] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE /P30 "\\gigantor\EPSON Stylus CX5400" /O6 "USB001" /M "Stylus CX5400"
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\system32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKCU\..\Run: [AtiTrayTools] "C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe"
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
#13
LDTate
-
- Root Admin
-
- 57,211 posts
Grand Poobah
Posted 22 January 2006 - 05:53 PM
Good jobI couldn't click on the file due to it not being in the directory but I guided hijackthis to the Windows directory and typed in the file (scvhost.exe) to delete on reboot
All looks great. How's it running?
The forum is run by volunteers who donate their time and expertise.
Want to help others? Join the ClassRoom and learn how.
Logs will be closed if you haven't replied within 3 days
If you would like to for the help you received.
Proud graduate of TC/WTT Classroom
#14
jbruskii
-
- New Member
-
- 9 posts
New Member
Posted 22 January 2006 - 06:00 PM
I definitely haven't encountered any popups, so I'm very pleased to get rid of all the malware that was on my PC. Thanks again for taking the time to help me. Now my PC can finally go back to being malware free like it was a couple weeks ago when I reformatted (and have higher security measures to boot).
#15
LDTate
-
- Root Admin
-
- 57,211 posts
Grand Poobah
Posted 22 January 2006 - 06:07 PM
Lets clean-up.
Please download System Security Suite. Extract it from the zip file into a folder.
here.
Run 3S under “Items To Clear” tab place a checkmark in all of them but the last.
Reboot and Rescan with HJT and post a new log here.
Also please describe how your computer behaves now.
Please download System Security Suite. Extract it from the zip file into a folder.
here.
Run 3S under “Items To Clear” tab place a checkmark in all of them but the last.
Reboot and Rescan with HJT and post a new log here.
Also please describe how your computer behaves now.
The forum is run by volunteers who donate their time and expertise.
Want to help others? Join the ClassRoom and learn how.
Logs will be closed if you haven't replied within 3 days
If you would like to for the help you received.
Proud graduate of TC/WTT Classroom
2 user(s) are reading this topic
0 members, 2 guests, 0 anonymous users
