Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93101 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Crashing computer and cannot remove spyware


  • This topic is locked This topic is locked
10 replies to this topic

#1 cfloyd

cfloyd

    New Member

  • New Member
  • Pip
  • 6 posts

Posted 17 February 2006 - 09:42 PM

Here is my log...

Logfile of HijackThis v1.99.1
Scan saved at 10:23:28 PM, on 17/02/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Watch.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Family\Desktop\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.canoe.ca/
R3 - Default URLSearchHook is missing
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Update] C:\Program Files\WindowsUpdate\wupdate.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AWMON] "C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Watch.exe"
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {3EB4F9EA-51A6-48DA-846A-0D69DCBA39EF} (DownloadManager Control) - http://download.akam...loadManager.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.snapfish....fishActivia.cab
O16 - DPF: {5CB1506E-1DEA-4E63-89A7-E40E52AEA1FD} (OnagerCtrl Class) - https://www.puretracks.com/onager.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1116875361155
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://us-housecall....ivex/hcImpl.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://sympatico.zon...ro.cab34246.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/...aploader_v6.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/p...t/msnchat45.cab
O20 - Winlogon Notify: SMDEn - C:\WINDOWS\system32\dnns0157e.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe

I have tried removing entries but they keep coming back. The homesite+.exe keeps popping up it also disabled my lan connection I re enabled it but don't know if I will lose it again.


Thanks in advance for any help that is given.

    Advertisements

Register to Remove


#2 cfloyd

cfloyd

    New Member

  • New Member
  • Pip
  • 6 posts

Posted 17 February 2006 - 11:54 PM

I downloaded the ewido software and ran it in safe mode here is my hijack this result after

Logfile of HijackThis v1.99.1
Scan saved at 12:50:39 AM, on 18/02/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Watch.exe
C:\Documents and Settings\Family\Desktop\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.canoe.ca/
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Update] C:\Program Files\WindowsUpdate\wupdate.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AWMON] "C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Watch.exe"
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1116875361155
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.t...ivex/hcImpl.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://sympatico.zon...ro.cab34246.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/...aploader_v6.cab
O20 - Winlogon Notify: OfficeUpdate - C:\WINDOWS\system32\n0p40a7qed.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe


Here is the output of the ewido software. I am still receiving pop ups and rundll errors

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 12:27:57 AM, 18/02/2006
+ Report-Checksum: B3B9A339

+ Scan result:

[652] C:\WINDOWS\system32\acioglxx.dll -> Adware.Look2Me : Cleaned with backup
C:\Documents and Settings\All Users\Application Data\SecTaskMan\netmon.exe.q_17E87001_q -> Not-A-Virus.Monitor.Win32.NetMon.a : Cleaned with backup
:mozilla.20:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\ryhbuohh.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned with backup
C:\Documents and Settings\Family\Local Settings\Temporary Internet Files\Content.IE5\2KR4OV29\AppWrap[1].exe -> Adware.Zestyfind : Cleaned with backup
:mozilla.24:C:\Documents and Settings\Matthew\Cookies\Application Data\Mozilla\Firefox\Profiles\6c9bf4r4.default\cookies.txt -> TrackingCookie.Linkbuddies : Cleaned with backup
:mozilla.40:C:\Documents and Settings\Matthew\Cookies\Application Data\Mozilla\Firefox\Profiles\6c9bf4r4.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.41:C:\Documents and Settings\Matthew\Cookies\Application Data\Mozilla\Firefox\Profiles\6c9bf4r4.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.42:C:\Documents and Settings\Matthew\Cookies\Application Data\Mozilla\Firefox\Profiles\6c9bf4r4.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.43:C:\Documents and Settings\Matthew\Cookies\Application Data\Mozilla\Firefox\Profiles\6c9bf4r4.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.44:C:\Documents and Settings\Matthew\Cookies\Application Data\Mozilla\Firefox\Profiles\6c9bf4r4.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.45:C:\Documents and Settings\Matthew\Cookies\Application Data\Mozilla\Firefox\Profiles\6c9bf4r4.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.46:C:\Documents and Settings\Matthew\Cookies\Application Data\Mozilla\Firefox\Profiles\6c9bf4r4.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.51:C:\Documents and Settings\Matthew\Cookies\Application Data\Mozilla\Firefox\Profiles\6c9bf4r4.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.52:C:\Documents and Settings\Matthew\Cookies\Application Data\Mozilla\Firefox\Profiles\6c9bf4r4.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.53:C:\Documents and Settings\Matthew\Cookies\Application Data\Mozilla\Firefox\Profiles\6c9bf4r4.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.58:C:\Documents and Settings\Matthew\Cookies\Application Data\Mozilla\Firefox\Profiles\6c9bf4r4.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.59:C:\Documents and Settings\Matthew\Cookies\Application Data\Mozilla\Firefox\Profiles\6c9bf4r4.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.60:C:\Documents and Settings\Matthew\Cookies\Application Data\Mozilla\Firefox\Profiles\6c9bf4r4.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.61:C:\Documents and Settings\Matthew\Cookies\Application Data\Mozilla\Firefox\Profiles\6c9bf4r4.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.62:C:\Documents and Settings\Matthew\Cookies\Application Data\Mozilla\Firefox\Profiles\6c9bf4r4.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.66:C:\Documents and Settings\Matthew\Cookies\Application Data\Mozilla\Firefox\Profiles\6c9bf4r4.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.67:C:\Documents and Settings\Matthew\Cookies\Application Data\Mozilla\Firefox\Profiles\6c9bf4r4.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.68:C:\Documents and Settings\Matthew\Cookies\Application Data\Mozilla\Firefox\Profiles\6c9bf4r4.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.69:C:\Documents and Settings\Matthew\Cookies\Application Data\Mozilla\Firefox\Profiles\6c9bf4r4.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.70:C:\Documents and Settings\Matthew\Cookies\Application Data\Mozilla\Firefox\Profiles\6c9bf4r4.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.76:C:\Documents and Settings\Matthew\Cookies\Application Data\Mozilla\Firefox\Profiles\6c9bf4r4.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.77:C:\Documents and Settings\Matthew\Cookies\Application Data\Mozilla\Firefox\Profiles\6c9bf4r4.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.85:C:\Documents and Settings\Matthew\Cookies\Application Data\Mozilla\Firefox\Profiles\6c9bf4r4.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.86:C:\Documents and Settings\Matthew\Cookies\Application Data\Mozilla\Firefox\Profiles\6c9bf4r4.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.87:C:\Documents and Settings\Matthew\Cookies\Application Data\Mozilla\Firefox\Profiles\6c9bf4r4.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.88:C:\Documents and Settings\Matthew\Cookies\Application Data\Mozilla\Firefox\Profiles\6c9bf4r4.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.89:C:\Documents and Settings\Matthew\Cookies\Application Data\Mozilla\Firefox\Profiles\6c9bf4r4.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.90:C:\Documents and Settings\Matthew\Cookies\Application Data\Mozilla\Firefox\Profiles\6c9bf4r4.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.95:C:\Documents and Settings\Matthew\Cookies\Application Data\Mozilla\Firefox\Profiles\6c9bf4r4.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.96:C:\Documents and Settings\Matthew\Cookies\Application Data\Mozilla\Firefox\Profiles\6c9bf4r4.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.100:C:\Documents and Settings\Matthew\Cookies\Application Data\Mozilla\Firefox\Profiles\6c9bf4r4.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.101:C:\Documents and Settings\Matthew\Cookies\Application Data\Mozilla\Firefox\Profiles\6c9bf4r4.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.102:C:\Documents and Settings\Matthew\Cookies\Application Data\Mozilla\Firefox\Profiles\6c9bf4r4.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.136:C:\Documents and Settings\Matthew\Cookies\Application Data\Mozilla\Firefox\Profiles\6c9bf4r4.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.137:C:\Documents and Settings\Matthew\Cookies\Application Data\Mozilla\Firefox\Profiles\6c9bf4r4.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.138:C:\Documents and Settings\Matthew\Cookies\Application Data\Mozilla\Firefox\Profiles\6c9bf4r4.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.139:C:\Documents and Settings\Matthew\Cookies\Application Data\Mozilla\Firefox\Profiles\6c9bf4r4.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.140:C:\Documents and Settings\Matthew\Cookies\Application Data\Mozilla\Firefox\Profiles\6c9bf4r4.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned with backup
:mozilla.141:C:\Documents and Settings\Matthew\Cookies\Application Data\Mozilla\Firefox\Profiles\6c9bf4r4.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.146:C:\Documents and Settings\Matthew\Cookies\Application Data\Mozilla\Firefox\Profiles\6c9bf4r4.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup
:mozilla.147:C:\Documents and Settings\Matthew\Cookies\Application Data\Mozilla\Firefox\Profiles\6c9bf4r4.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup
:mozilla.148:C:\Documents and Settings\Matthew\Cookies\Application Data\Mozilla\Firefox\Profiles\6c9bf4r4.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.149:C:\Documents and Settings\Matthew\Cookies\Application Data\Mozilla\Firefox\Profiles\6c9bf4r4.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.150:C:\Documents and Settings\Matthew\Cookies\Application Data\Mozilla\Firefox\Profiles\6c9bf4r4.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.151:C:\Documents and Settings\Matthew\Cookies\Application Data\Mozilla\Firefox\Profiles\6c9bf4r4.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.152:C:\Documents and Settings\Matthew\Cookies\Application Data\Mozilla\Firefox\Profiles\6c9bf4r4.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.153:C:\Documents and Settings\Matthew\Cookies\Application Data\Mozilla\Firefox\Profiles\6c9bf4r4.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.154:C:\Documents and Settings\Matthew\Cookies\Application Data\Mozilla\Firefox\Profiles\6c9bf4r4.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.155:C:\Documents and Settings\Matthew\Cookies\Application Data\Mozilla\Firefox\Profiles\6c9bf4r4.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.156:C:\Documents and Settings\Matthew\Cookies\Application Data\Mozilla\Firefox\Profiles\6c9bf4r4.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.157:C:\Documents and Settings\Matthew\Cookies\Application Data\Mozilla\Firefox\Profiles\6c9bf4r4.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.158:C:\Documents and Settings\Matthew\Cookies\Application Data\Mozilla\Firefox\Profiles\6c9bf4r4.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.159:C:\Documents and Settings\Matthew\Cookies\Application Data\Mozilla\Firefox\Profiles\6c9bf4r4.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.160:C:\Documents and Settings\Matthew\Cookies\Application Data\Mozilla\Firefox\Profiles\6c9bf4r4.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.161:C:\Documents and Settings\Matthew\Cookies\Application Data\Mozilla\Firefox\Profiles\6c9bf4r4.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.162:C:\Documents and Settings\Matthew\Cookies\Application Data\Mozilla\Firefox\Profiles\6c9bf4r4.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.163:C:\Documents and Settings\Matthew\Cookies\Application Data\Mozilla\Firefox\Profiles\6c9bf4r4.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.164:C:\Documents and Settings\Matthew\Cookies\Application Data\Mozilla\Firefox\Profiles\6c9bf4r4.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.165:C:\Documents and Settings\Matthew\Cookies\Application Data\Mozilla\Firefox\Profiles\6c9bf4r4.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.166:C:\Documents and Settings\Matthew\Cookies\Application Data\Mozilla\Firefox\Profiles\6c9bf4r4.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.167:C:\Documents and Settings\Matthew\Cookies\Application Data\Mozilla\Firefox\Profiles\6c9bf4r4.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.168:C:\Documents and Settings\Matthew\Cookies\Application Data\Mozilla\Firefox\Profiles\6c9bf4r4.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.169:C:\Documents and Settings\Matthew\Cookies\Application Data\Mozilla\Firefox\Profiles\6c9bf4r4.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.170:C:\Documents and Settings\Matthew\Cookies\Application Data\Mozilla\Firefox\Profiles\6c9bf4r4.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.171:C:\Documents and Settings\Matthew\Cookies\Application Data\Mozilla\Firefox\Profiles\6c9bf4r4.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.172:C:\Documents and Settings\Matthew\Cookies\Application Data\Mozilla\Firefox\Profiles\6c9bf4r4.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.173:C:\Documents and Settings\Matthew\Cookies\Application Data\Mozilla\Firefox\Profiles\6c9bf4r4.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.174:C:\Documents and Settings\Matthew\Cookies\Application Data\Mozilla\Firefox\Profiles\6c9bf4r4.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.175:C:\Documents and Settings\Matthew\Cookies\Application Data\Mozilla\Firefox\Profiles\6c9bf4r4.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.176:C:\Documents and Settings\Matthew\Cookies\Application Data\Mozilla\Firefox\Profiles\6c9bf4r4.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.177:C:\Documents and Settings\Matthew\Cookies\Application Data\Mozilla\Firefox\Profiles\6c9bf4r4.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.178:C:\Documents and Settings\Matthew\Cookies\Application Data\Mozilla\Firefox\Profiles\6c9bf4r4.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.179:C:\Documents and Settings\Matthew\Cookies\Application Data\Mozilla\Firefox\Profiles\6c9bf4r4.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.180:C:\Documents and Settings\Matthew\Cookies\Application Data\Mozilla\Firefox\Profiles\6c9bf4r4.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.181:C:\Documents and Settings\Matthew\Cookies\Application Data\Mozilla\Firefox\Profiles\6c9bf4r4.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.182:C:\Documents and Settings\Matthew\Cookies\Application Data\Mozilla\Firefox\Profiles\6c9bf4r4.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.183:C:\Documents and Settings\Matthew\Cookies\Application Data\Mozilla\Firefox\Profiles\6c9bf4r4.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.184:C:\Documents and Settings\Matthew\Cookies\Application Data\Mozilla\Firefox\Profiles\6c9bf4r4.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.185:C:\Documents and Settings\Matthew\Cookies\Application Data\Mozilla\Firefox\Profiles\6c9bf4r4.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.186:C:\Documents and Settings\Matthew\Cookies\Application Data\Mozilla\Firefox\Profiles\6c9bf4r4.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.190:C:\Documents and Settings\Matthew\Cookies\Application Data\Mozilla\Firefox\Profiles\6c9bf4r4.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.207:C:\Documents and Settings\Matthew\Cookies\Application Data\Mozilla\Firefox\Profiles\6c9bf4r4.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.208:C:\Documents and Settings\Matthew\Cookies\Application Data\Mozilla\Firefox\Profiles\6c9bf4r4.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.209:C:\Documents and Settings\Matthew\Cookies\Application Data\Mozilla\Firefox\Profiles\6c9bf4r4.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.210:C:\Documents and Settings\Matthew\Cookies\Application Data\Mozilla\Firefox\Profiles\6c9bf4r4.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.211:C:\Documents and Settings\Matthew\Cookies\Application Data\Mozilla\Firefox\Profiles\6c9bf4r4.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.212:C:\Documents and Settings\Matthew\Cookies\Application Data\Mozilla\Firefox\Profiles\6c9bf4r4.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.213:C:\Documents and Settings\Matthew\Cookies\Application Data\Mozilla\Firefox\Profiles\6c9bf4r4.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.214:C:\Documents and Settings\Matthew\Cookies\Application Data\Mozilla\Firefox\Profiles\6c9bf4r4.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.223:C:\Documents and Settings\Matthew\Cookies\Application Data\Mozilla\Firefox\Profiles\6c9bf4r4.default\cookies.txt -> TrackingCookie.Tracking101 : Cleaned with backup
:mozilla.244:C:\Documents and Settings\Matthew\Cookies\Application Data\Mozilla\Firefox\Profiles\6c9bf4r4.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.251:C:\Documents and Settings\Matthew\Cookies\Application Data\Mozilla\Firefox\Profiles\6c9bf4r4.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.252:C:\Documents and Settings\Matthew\Cookies\Application Data\Mozilla\Firefox\Profiles\6c9bf4r4.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.253:C:\Documents and Settings\Matthew\Cookies\Application Data\Mozilla\Firefox\Profiles\6c9bf4r4.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.254:C:\Documents and Settings\Matthew\Cookies\Application Data\Mozilla\Firefox\Profiles\6c9bf4r4.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.256:C:\Documents and Settings\Matthew\Cookies\Application Data\Mozilla\Firefox\Profiles\6c9bf4r4.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.257:C:\Documents and Settings\Matthew\Cookies\Application Data\Mozilla\Firefox\Profiles\6c9bf4r4.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.258:C:\Documents and Settings\Matthew\Cookies\Application Data\Mozilla\Firefox\Profiles\6c9bf4r4.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.259:C:\Documents and Settings\Matthew\Cookies\Application Data\Mozilla\Firefox\Profiles\6c9bf4r4.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.269:C:\Documents and Settings\Matthew\Cookies\Application Data\Mozilla\Firefox\Profiles\6c9bf4r4.default\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup
:mozilla.279:C:\Documents and Settings\Matthew\Cookies\Application Data\Mozilla\Firefox\Profiles\6c9bf4r4.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.290:C:\Documents and Settings\Matthew\Cookies\Application Data\Mozilla\Firefox\Profiles\6c9bf4r4.default\cookies.txt -> TrackingCookie.Bfast : Cleaned with backup
:mozilla.291:C:\Documents and Settings\Matthew\Cookies\Application Data\Mozilla\Firefox\Profiles\6c9bf4r4.default\cookies.txt -> TrackingCookie.Bfast : Cleaned with backup
C:\Documents and Settings\Matthew\Cookies\matthew@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Matthew\Cookies\matthew@ads.realcastmedia[2].txt -> TrackingCookie.Realcastmedia : Cleaned with backup
C:\Documents and Settings\Matthew\Cookies\matthew@burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned with backup
C:\Documents and Settings\Matthew\Cookies\matthew@com[2].txt -> TrackingCookie.Com : Cleaned with backup
C:\Documents and Settings\Matthew\Cookies\matthew@login.tracking101[2].txt -> TrackingCookie.Tracking101 : Cleaned with backup
C:\Documents and Settings\Matthew\Cookies\matthew@logodesignpros.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Matthew\Cookies\matthew@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Matthew\Cookies\matthew@paypopup[2].txt -> TrackingCookie.Paypopup : Cleaned with backup
C:\Documents and Settings\Matthew\Cookies\matthew@starware[2].txt -> TrackingCookie.Starware : Cleaned with backup
C:\Documents and Settings\Matthew\Cookies\matthew@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned with backup
C:\Documents and Settings\Matthew\Cookies\matthew@tgn.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Matthew\Cookies\matthew@www.burstbeacon[2].txt -> TrackingCookie.Burstbeacon : Cleaned with backup
C:\Documents and Settings\Matthew\Cookies\matthew@yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Matthew\Local Settings\Temp\iA4.tmp -> Adware.SurfSide : Cleaned with backup
C:\Downloads\SchoolTycoonSetup-dm[1].exe -> Adware.Trymedia : Cleaned with backup
C:\Downloads\ShrineCircusTycoonSetup-dm[1].exe -> Adware.Trymedia : Cleaned with backup
C:\quarantine\snd-need-funinja1.cracked.exe.exe.part.Vir/run.exe -> Downloader.PassAlert.i : Error during cleaning
C:\WINDOWS\Downloaded Program Files\popcaploader.dll -> Not-A-Virus.Downloader.Win32.PopCap.b : Cleaned with backup
C:\WINDOWS\iconu.exe -> Adware.Zestyfind : Cleaned with backup
C:\WINDOWS\NDNuninstall7_14.exe -> Adware.NewDotNet : Cleaned with backup
C:\WINDOWS\SYSC00.exe -> Trojan.VB.tg : Cleaned with backup
C:\WINDOWS\system32\acioglxx.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\cBbinet.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\cygmgr32.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\czutil.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\hszcoi07.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\iiss.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\kedtat.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\mrndex.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\oxexl32.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\pcnppagn.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\stmedia.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\wvninet.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\wzvcore.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\Temp\bw2.com -> Adware.Zestyfind : Cleaned with backup
C:\WINDOWS\unin101.exe -> Trojan.VB.tg : Cleaned with backup
C:\WINDOWS\uni_eh.exe -> Trojan.VB.tg : Cleaned with backup
C:\WINDOWS\wqqxhtx.exe -> Hijacker.VB.ij : Cleaned with backup
C:\WINDOWS\wqqxhtxA.exe -> Hijacker.VB.ij : Cleaned with backup
:mozilla.36:F:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\bhnfd9si.matt\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.60:F:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\bhnfd9si.matt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.61:F:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\bhnfd9si.matt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.76:F:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\bhnfd9si.matt\cookies.txt -> TrackingCookie.Hotlog : Cleaned with backup
:mozilla.86:F:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\bhnfd9si.matt\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.92:F:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\bhnfd9si.matt\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup
:mozilla.105:F:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\bhnfd9si.matt\cookies.txt -> TrackingCookie.Spylog : Cleaned with backup
:mozilla.125:F:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\bhnfd9si.matt\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.134:F:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\bhnfd9si.matt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.151:F:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\bhnfd9si.matt\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.178:F:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\bhnfd9si.matt\cookies.txt -> TrackingCookie.Thunderdownloads : Cleaned with backup
:mozilla.179:F:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\bhnfd9si.matt\cookies.txt -> TrackingCookie.Thunderdownloads : Cleaned with backup
:mozilla.56:F:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\st4rbib9.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.61:F:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\st4rbib9.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.142:F:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\st4rbib9.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.148:F:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\st4rbib9.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.253:F:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\st4rbib9.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.254:F:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\st4rbib9.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.255:F:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\st4rbib9.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.256:F:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\st4rbib9.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.282:F:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\st4rbib9.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.283:F:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\st4rbib9.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.284:F:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\st4rbib9.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.285:F:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\st4rbib9.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.357:F:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\st4rbib9.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.375:F:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\st4rbib9.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.376:F:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\st4rbib9.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.466:F:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\st4rbib9.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.474:F:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\st4rbib9.default\cookies.txt -> TrackingCookie.Masterstats : Cleaned with backup
:mozilla.477:F:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\st4rbib9.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.514:F:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\st4rbib9.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.589:F:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\st4rbib9.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.591:F:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\st4rbib9.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.626:F:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\st4rbib9.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned with backup
F:\Documents and Settings\Matthew\Cookies\matthew@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
F:\Documents and Settings\Matthew\Cookies\matthew@ads20.bpath[1].txt -> TrackingCookie.Bpath : Cleaned with backup
F:\Documents and Settings\Matthew\Cookies\matthew@com[2].txt -> TrackingCookie.Com : Cleaned with backup
F:\Documents and Settings\Matthew\Cookies\matthew@e-2dj6wfloanc5ofp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
F:\Documents and Settings\Matthew\Local Settings\Temp\BkUY5i.exe -> Downloader.IstBar : Cleaned with backup
F:\Documents and Settings\Matthew\Local Settings\Temp\CCZhPO.exe -> Downloader.IstBar : Cleaned with backup
F:\Documents and Settings\Matthew\Local Settings\Temp\CliprexTTIL.exe -> Adware.EZula : Cleaned with backup
F:\Documents and Settings\Matthew\Local Settings\Temp\Cookies\matthew@kmpads[2].txt -> TrackingCookie.Kmpads : Cleaned with backup
F:\Documents and Settings\Matthew\Local Settings\Temp\cqGGNr.exe -> Downloader.IstBar : Cleaned with backup
F:\Documents and Settings\Matthew\Local Settings\Temp\DEf4Mh.exe -> Downloader.IstBar : Cleaned with backup
F:\Documents and Settings\Matthew\Local Settings\Temp\FdnDKQ.exe -> Downloader.IstBar : Cleaned with backup
F:\Documents and Settings\Matthew\Local Settings\Temp\fJle3Z.exe -> Downloader.IstBar : Cleaned with backup
F:\Documents and Settings\Matthew\Local Settings\Temp\G4ekIE.exe -> Downloader.IstBar : Cleaned with backup
F:\Documents and Settings\Matthew\Local Settings\Temp\ICD2.tmp\ccbar.dll -> Adware.SearchIt : Cleaned with backup
F:\Documents and Settings\Matthew\Local Settings\Temp\iinstall.exe -> Downloader.IstBar : Cleaned with backup
F:\Documents and Settings\Matthew\Local Settings\Temp\O1by4G.exe -> Downloader.IstBar : Cleaned with backup
F:\Documents and Settings\Matthew\Local Settings\Temp\OCKAkP.exe -> Downloader.IstBar : Cleaned with backup
F:\Documents and Settings\Matthew\Local Settings\Temp\tMR04j.exe -> Downloader.IstBar : Cleaned with backup
F:\Program Files\Microsoft AntiSpyware\Quarantine\0140320E-FC47-462F-B8C6-8B9908\1C99016E-41CB-4417-AE5D-EDCCF1 -> Downloader.IstBar : Cleaned with backup
F:\Program Files\Microsoft AntiSpyware\Quarantine\1A1A38E5-5640-4BD1-80CA-B1567E\7BA9D58B-7B52-4C9A-B090-71134D -> Downloader.IstBar : Cleaned with backup
F:\Program Files\Microsoft AntiSpyware\Quarantine\2A9B1339-49C8-4902-B364-C7A82A\11F9859B-809F-48F8-99BE-D2F815 -> Downloader.IstBar : Cleaned with backup
F:\Program Files\Microsoft AntiSpyware\Quarantine\6B117BDE-3610-4C15-B121-79D948\712EE7F0-3E1B-4568-A1F1-006108 -> Downloader.IstBar : Cleaned with backup
F:\Program Files\Microsoft AntiSpyware\Quarantine\712AF637-4FA8-4BFF-989A-33BC9C\09048C80-8182-4C31-82F7-579E9F -> Downloader.IstBar : Cleaned with backup
F:\Program Files\Microsoft AntiSpyware\Quarantine\9A484C29-29CA-4A1B-84ED-C566E5\F85A5C61-EE9C-45F1-B0FE-30719F -> Downloader.IstBar : Cleaned with backup
F:\Program Files\Microsoft AntiSpyware\Quarantine\CE3B15FB-BC78-4519-B94B-0A3795\544DE029-F470-4A4D-A0F8-650D6E -> Downloader.IstBar : Cleaned with backup
F:\Program Files\Microsoft AntiSpyware\Quarantine\EC747E2E-F3A9-42D0-A069-AC9DE0\98B94FE8-AEFE-40B5-9BDE-118A11 -> Adware.WebRebates : Cleaned with backup
F:\Program Files\Microsoft AntiSpyware\Quarantine\EC747E2E-F3A9-42D0-A069-AC9DE0\C98C16B6-8DFE-43E3-9A63-2F6FC9 -> Adware.WebRebates : Cleaned with backup


::Report End

#3 Susan528

Susan528

    SuperMember

  • Authentic Member
  • PipPipPipPipPip
  • 3,194 posts

Posted 18 February 2006 - 02:31 AM

Hello cfloyd and Welcome to TomCoyote,

Look2Me

You have the latest version of VX2. Download L2mfix from one of these two locations:

http://www.atribune....oads/l2mfix.exe
http://www.downloads....org/l2mfix.exe

You may receive pop-up asking if you will allow script to run when you perform the following instructions. Please allow the script to run.

Save the file to your desktop and double click l2mfix.exe. Click the Install button to extract the files and follow the prompts, then open the newly added l2mfix folder on your desktop. Double click l2mfix.bat and select option #1 for Run Find Log by typing 1 and then pressing enter. This will scan your computer and it may appear nothing is happening, then, after a minute or 2, notepad will open with a log. Copy the contents of that log and paste it into this thread.

IMPORTANT: Do NOT run option #2 OR any other files in the l2mfix folder until you are asked to do so!

If you receive, while running option #1, an error similar like: ''C:\windows\system32\cmd.exe
C:\windows\system32\autoexec.nt the system file is not suitable for running ms-dos and microsoft windows applications. choose close to terminate the application.."...then please use option 5 or the web page link in the l2mfix folder to solve this error condition. do not run the fix portion without fixing this first.

Posted Image

Proud member of ASAP since 2005

The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

Want to help others? Come join us in the Class Room and learn how.

#4 cfloyd

cfloyd

    New Member

  • New Member
  • Pip
  • 6 posts

Posted 18 February 2006 - 10:03 AM

Hi Susan, Here is the output from the command you requested I run L2MFIX find log 010406 These are the registry keys present ********************************************************************************** Winlogon/notify: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\IPConfTSP] "Asynchronous"=dword:00000000 "DllName"="C:\\WINDOWS\\system32\\fp8s03l7e.dll" "Impersonate"=dword:00000000 "Logon"="WinLogon" "Logoff"="WinLogoff" "Shutdown"="WinShutdown" ********************************************************************************** useragent: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform] "{5C27B5A4-56E7-4AA6-276F-5E4244227E3E}"="" ********************************************************************************** Shell Extension key: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] "{00022613-0000-0000-C000-000000000046}"="Multimedia File Property Sheet" "{176d6597-26d3-11d1-b350-080036a75b03}"="ICM Scanner Management" "{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="NTFS Security Page" "{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="OLE Docfile Property Page" "{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Shell extensions for sharing" "{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension" "{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Display Adapter CPL Extension" "{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Display Monitor CPL Extension" "{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Display Panning CPL Extension" "{4E40F770-369C-11d0-8922-00A024AB2DBB}"="DS Security Page" "{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Compatibility Page" "{56117100-C0CD-101B-81E2-00AA004AE837}"="Shell Scrap DataHandler" "{59099400-57FF-11CE-BD94-0020AF85B590}"="Disk Copy Extension" "{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Shell extensions for Microsoft Windows Network objects" "{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ICM Monitor Management" "{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ICM Printer Management" "{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Shell extensions for file compression" "{77597368-7b15-11d0-a0c2-080036af3f03}"="Web Printer Shell Extension" "{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI" "{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Encryption Context Menu" "{85BBD920-42A0-1069-A2E4-08002B30309D}"="Briefcase" "{88895560-9AA2-1069-930E-00AA0030EBC8}"="HyperTerminal Icon Ext" "{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts" "{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="ICC Profile" "{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Printers Security Page" "{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Shell extensions for sharing" "{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension" "{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Crypto PKO Extension" "{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Crypto Sign Extension" "{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Network Connections" "{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Network Connections" "{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="Scanners & Cameras" "{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="Scanners & Cameras" "{905667aa-acd6-11d2-8080-00805f6596d2}"="Scanners & Cameras" "{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="Scanners & Cameras" "{83bbcbf3-b28a-4919-a5aa-73027445d672}"="Scanners & Cameras" "{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension" "{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension" "{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Shell extensions for Windows Script Host" "{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft Data Link" "{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler" "{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension" "{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Scheduled Tasks" "{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Taskbar and Start Menu" "{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Search" "{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support" "{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support" "{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Run..." "{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet" "{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="E-mail" "{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Fonts" "{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Administrative Tools" "{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler" "{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler" "{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler" "{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler" "{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler" "{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor" "{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Microsoft Internet Toolbar" "{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Download Status" "{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Augmented Shell Folder" "{6413BA2C-B461-11d1-A18A-080036B11A03}"="Augmented Shell Folder 2" "{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy" "{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Microsoft BrowserBand" "{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Search Band" "{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band" "{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="In-pane search" "{07798131-AF23-11d1-9111-00A0C98BA67D}"="Web Search" "{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Registry Tree Options Utility" "{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Address" "{A08C11D2-A228-11d0-825B-00AA005B4383}"="Address EditBox" "{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Microsoft AutoComplete" "{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor" "{6756A641-DE71-11d0-831B-00AA005B4383}"="MRU AutoComplete List" "{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Custom MRU AutoCompleted List" "{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible" "{acf35015-526e-4230-9596-becbe19f0ac9}"="Track Popup Bar" "{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Address Bar Parser" "{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Microsoft History AutoComplete List" "{03C036F1-A186-11D0-824A-00AA005B4383}"="Microsoft Shell Folder AutoComplete List" "{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Microsoft Multiple AutoComplete List Container" "{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Shell Band Site Menu" "{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp" "{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Shell DeskBar" "{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite" "{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="User Assist" "{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Global Folder Settings" "{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band" "{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service" "{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer" "{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture" "{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut" "{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service" "{FF393560-C2A7-11CF-BFF4-444553540000}"="History" "{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files" "{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files" "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook" "{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="IE4 Suite Splash Screen" "{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook" "{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC" "{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC" "{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="The Internet" "{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space" "{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band" "{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service" "{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service" "{88C6C381-2E85-11D0-94DE-444553540000}"="ActiveX Cache Folder" "{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck" "{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr" "{F5175861-2688-11d0-9C5E-00AA00A45957}"="Subscription Folder" "{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler" "{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent" "{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent" "{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent" "{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent" "{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent" "{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler" "{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Shell Application Manager" "{0B124F8F-91F0-11D1-B8B5-006008059382}"="Installed Apps Enumerator" "{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin App Publisher" "{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs" "{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory" "{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="GDI+ file thumbnail extractor" "{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Summary Info Thumbnail handler (DOCFILES)" "{EAB841A0-9550-11cf-8C16-00805F1408F3}"="HTML Thumbnail Extractor" "{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler" "{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Web Publishing Wizard" "{add36aa8-751a-4579-a266-d66f5202ccbb}"="Print Ordering via the Web" "{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Shell Publishing Wizard Object" "{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Get a Passport Wizard" "{7A9D77BD-5403-11d2-8785-2E0420524153}"="User Accounts" "{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler" "{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target" "{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Channel File" "{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Channel Shortcut" "{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object" "{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu" "{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties" "{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview" "{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext" "{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control" "{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control" "{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control" "{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control" "{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control" "{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI" "{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object" "{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find" "{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find" "{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI" "{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs" "{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook" "{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target" "{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties" "{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu" "{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options" "{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Offline Files Folder" "{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler" "{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell" "{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%" "{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler" "{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer" "{32714800-2E5F-11d0-8B85-00AA0044F941}"="For &People..." "{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler" "{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler" "{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler" "{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}"="Set Program Access and Defaults" "{596AB062-B4D2-4215-9F74-E9109B0A8153}"="Previous Versions Property Page" "{9DB7A13C-F208-4981-8353-73CC61AE2783}"="Previous Versions" "{692F0339-CBAA-47e6-B5B5-3B84DB604E87}"="Extensions Manager Folder" "{640167b4-59b0-47a6-b335-a6b3c0695aea}"="Portable Media Devices" "{cc86590a-b60a-48e6-996b-41d25ed39a1e}"="Portable Media Devices Menu" "{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"="Web Folders" "{0006F045-0000-0000-C000-000000000046}"="Microsoft Outlook Custom Icon Handler" "{42042206-2D85-11D3-8CFF-005004838597}"="Microsoft Office HTML Icon Handler" "{E0D79304-84BE-11CE-9641-444553540000}"="WinZip" "{E0D79305-84BE-11CE-9641-444553540000}"="WinZip" "{E0D79306-84BE-11CE-9641-444553540000}"="WinZip" "{E0D79307-84BE-11CE-9641-444553540000}"="WinZip" "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"="WinRAR shell extension" "{20082881-FC36-4E47-9A7A-644C95FF749F}"="IntelliPoint Wireless Control Panel Property Page" "{AF90F543-6A3A-4C1B-8B16-ECEC073E69BE}"="IntelliPoint Wheel Control Panel Property Page" "{653DCCC2-13DB-45B2-A389-427885776CFE}"="IntelliPoint Activities Control Panel Property Page" "{124597D8-850A-41AE-849C-017A4FA99CA2}"="IntelliPoint Buttons Control Panel Property Page" "{00E7B358-F65B-4dcf-83DF-CD026B94BFD4}"="Autoplay for SlideShow" "{29e3fb5b-cf62-45b5-b8bf-1ad500385fc7}"="Shell Context Menu Handler for Application References" "{29e3fb5b-cf62-45b5-b8bf-1ad500385fc6}"="Shell Context Menu Handler for Application Manifests" "{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75}"="Shell Icon Handler for Application References" "{21569614-B795-46b1-85F4-E737A8DC09AD}"="Shell Search Band" "{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}"="iTunes" "{724645C2-6691-47FD-88CC-D0AC287A2DB0}"="" "{0C596BB2-E3D4-444D-84BA-11863FE919CF}"="" "{D653647D-D607-4DF6-A5B8-48D2BA195F7B}"="BitDefender Antivirus v8" "{06188843-2098-4901-8389-955D3E9172A3}"="" ********************************************************************************** HKEY ROOT CLASSIDS: Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{724645C2-6691-47FD-88CC-D0AC287A2DB0}] @="" [HKEY_CLASSES_ROOT\CLSID\{724645C2-6691-47FD-88CC-D0AC287A2DB0}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{724645C2-6691-47FD-88CC-D0AC287A2DB0}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{724645C2-6691-47FD-88CC-D0AC287A2DB0}\InprocServer32] @="C:\\WINDOWS\\system32\\stmedia.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{06188843-2098-4901-8389-955D3E9172A3}] @="" [HKEY_CLASSES_ROOT\CLSID\{06188843-2098-4901-8389-955D3E9172A3}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{06188843-2098-4901-8389-955D3E9172A3}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{06188843-2098-4901-8389-955D3E9172A3}\InprocServer32] @="C:\\WINDOWS\\system32\\marui.dll" "ThreadingModel"="Apartment" ********************************************************************************** Files Found are not all bad files: C:\WINDOWS\SYSTEM32\ ati2cqag.dll Wed Jan 4 2006 10:05:36p A.... 237,568 232.00 K ati2dvag.dll Wed Jan 4 2006 10:47:00p A.... 252,928 247.00 K ati2edxx.dll Wed Jan 4 2006 10:41:12p A.... 40,960 40.00 K ati2evxx.dll Wed Jan 4 2006 10:41:00p A.... 61,440 60.00 K ati3duag.dll Wed Jan 4 2006 10:31:28p A.... 2,518,176 2.40 M atiddc.dll Wed Jan 4 2006 10:39:22p A.... 53,248 52.00 K atidemgr.dll Wed Jan 4 2006 9:22:04p A.... 258,048 252.00 K atiiiexx.dll Wed Jan 4 2006 10:19:00p A.... 307,200 300.00 K atikvmag.dll Wed Jan 4 2006 10:11:38p A.... 151,552 148.00 K atioglx1.dll Wed Jan 4 2006 10:20:06p A.... 6,684,672 6.38 M atioglxx.dll Wed Jan 4 2006 10:01:34p A.... 4,968,448 4.74 M atipdlxx.dll Wed Jan 4 2006 10:41:42p A.... 110,592 108.00 K atitvo32.dll Wed Jan 4 2006 10:10:58p A.... 17,408 17.00 K ativvaxx.dll Wed Jan 4 2006 10:25:12p A.... 862,336 842.13 K browseui.dll Wed Nov 23 2005 8:06:34p A.... 1,022,464 998.50 K fp8s03~1.dll Sat Feb 18 2006 1:07:52a ..S.R 234,179 228.69 K gdi32.dll Wed Dec 28 2005 9:54:36p A.... 280,064 273.50 K jt2607~1.dll Sat Feb 18 2006 10:55:00a ..S.R 234,806 229.30 K marui.dll Sat Feb 18 2006 10:55:00a ..S.R 234,179 228.69 K mshtml.dll Wed Nov 23 2005 8:06:34p A.... 3,015,680 2.88 M oemdspif.dll Wed Jan 4 2006 10:41:26p A.... 77,824 76.00 K shdocvw.dll Wed Nov 30 2005 10:59:30p A.... 1,492,480 1.42 M sintf16.dll Wed Feb 15 2006 5:38:28p A.... 12,067 11.78 K sintf32.dll Wed Feb 15 2006 5:38:28p A.... 17,212 16.81 K sintfnt.dll Wed Feb 15 2006 5:38:28p A.... 21,840 21.33 K sporder.dll Sun Jan 8 2006 2:15:58p A.... 8,464 8.27 K webclnt.dll Tue Jan 3 2006 10:35:06p A.... 68,096 66.50 K wmfhot~1.dll Mon Jan 2 2006 5:23:16p A.... 3,584 3.50 K wmp.dll Tue Dec 6 2005 6:02:16a A.... 5,533,696 5.28 M __dele~1.dll Sat Feb 18 2006 12:29:22a A.... 234,179 228.69 K 30 items found: 30 files (3 H/S), 0 directories. Total of file sizes: 29,015,390 bytes 27.67 M Locate .tmp files: C:\WINDOWS\SYSTEM32\ atmtdd~1.tmp Thu Feb 16 2006 8:35:48p A.... 0 0.00 K 1 item found: 1 file, 0 directories. Total of file sizes: 0 bytes 0.00 K ********************************************************************************** Directory Listing of system files: Volume in drive C has no label. Volume Serial Number is 7837-C8C6 Directory of C:\WINDOWS\System32 18/02/2006 10:54 AM 234,179 marui.dll 18/02/2006 10:54 AM 234,806 jt2607fse.dll 18/02/2006 01:07 AM 234,179 fp8s03l7e.dll 18/02/2006 12:45 AM <DIR> dllcache 26/12/2005 12:51 PM 1,994 KGyGaAvL.sys 26/12/2005 12:50 PM 56 123FD5161A.sys 02/09/2005 12:22 AM 259,887 rerolpxei.dat 24/07/2005 09:23 AM 32 rerolpxei.le 23/05/2005 02:52 PM <DIR> Microsoft 7 File(s) 965,133 bytes 2 Dir(s) 114,194,309,120 bytes free Thanks again

#5 Susan528

Susan528

    SuperMember

  • Authentic Member
  • PipPipPipPipPip
  • 3,194 posts

Posted 18 February 2006 - 11:42 AM

Hello cfloyd,

Please do the following:

======
Close any programs you have open since this step requires a reboot.

From the l2mfix folder on your desktop, double click l2mfix.bat and select option #2 for Run Fix by typing 2 and then pressing enter, then press any key to reboot your computer. After a reboot, your desktop and icons will appear, then disappear (this is normal). L2mfix will continue to scan your computer and when it's finished, notepad will open with a log. Copy the contents of that log and paste it back into this thread, along with a new hijackthis log.

IMPORTANT: Do NOT run any other files in the l2mfix folder until you are asked to do so! DO NOT run in safe mode!!

Note : Once the pc has restarted if a log does not appear or the icons didn't disappear, run the "second.bat" located inside the L2mfix folder.

After the fix portion is done. Please run the option to restore the winlogon defaults (menu option 4) as most of the notify key is missing. After you do that post an option 1 log again.
Posted Image

Proud member of ASAP since 2005

The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

Want to help others? Come join us in the Class Room and learn how.

#6 cfloyd

cfloyd

    New Member

  • New Member
  • Pip
  • 6 posts

Posted 18 February 2006 - 10:10 PM

I think that fixed it my computer is running good again. Thanks! Here is the lm2fix log

L2mfix 010406
Creating Account.
The command completed successfully.

Adding Administrative privleges.
The command completed successfully.
Checking for L2MFix account(0=no 1=yes):
1
Granting SeDebugPrivilege to L2MFIX ... successful

Running From:
C:\WINDOWS\system32

Killing Processes!

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 348 'smss.exe'

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 476 'winlogon.exe'
Killing PID 476 'winlogon.exe'
Killing PID 476 'winlogon.exe'
Killing PID 476 'winlogon.exe'

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 1356 'explorer.exe'

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 1220 'rundll32.exe'
Restoring Sedebugprivilege:
Granting SeDebugPrivilege to Administrators ... successful

Scanning First Pass. Please Wait!

First Pass Completed

Second Pass Scanning

Second pass Completed!
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
Deleting: C:\WINDOWS\system32\__delete_on_reboot__n0p40a7qed.dll
Successfully Deleted: C:\WINDOWS\system32\__delete_on_reboot__n0p40a7qed.dll
Deleting: C:\WINDOWS\system32\fp8s03l7e.dll
Successfully Deleted: C:\WINDOWS\system32\fp8s03l7e.dll
Deleting: C:\WINDOWS\system32\jt2607fse.dll
Successfully Deleted: C:\WINDOWS\system32\jt2607fse.dll
Deleting: C:\WINDOWS\system32\marui.dll
Successfully Deleted: C:\WINDOWS\system32\marui.dll

msg11?.dll
0 file(s) copied.



Restoring Windows Update Certificates.:

The following Is the Current Export of the Winlogon notify key:
****************************************************************************
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\IPConfTSP]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\fp8s03l7e.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"


The following are the files found:
****************************************************************************
C:\WINDOWS\system32\__delete_on_reboot__n0p40a7qed.dll
C:\WINDOWS\system32\fp8s03l7e.dll
C:\WINDOWS\system32\jt2607fse.dll
C:\WINDOWS\system32\marui.dll

Registry Entries that were Deleted:
Please verify that the listing looks ok.
If there was something deleted wrongly there are backups in the backreg folder.
****************************************************************************
Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{724645C2-6691-47FD-88CC-D0AC287A2DB0}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{724645C2-6691-47FD-88CC-D0AC287A2DB0}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{724645C2-6691-47FD-88CC-D0AC287A2DB0}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{724645C2-6691-47FD-88CC-D0AC287A2DB0}\InprocServer32]
@="C:\\WINDOWS\\system32\\stmedia.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{06188843-2098-4901-8389-955D3E9172A3}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{06188843-2098-4901-8389-955D3E9172A3}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{06188843-2098-4901-8389-955D3E9172A3}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{06188843-2098-4901-8389-955D3E9172A3}\InprocServer32]
@="C:\\WINDOWS\\system32\\marui.dll"
"ThreadingModel"="Apartment"

REGEDIT4

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{724645C2-6691-47FD-88CC-D0AC287A2DB0}"=-
"{0C596BB2-E3D4-444D-84BA-11863FE919CF}"=-
"{06188843-2098-4901-8389-955D3E9172A3}"=-
[-HKEY_CLASSES_ROOT\CLSID\{724645C2-6691-47FD-88CC-D0AC287A2DB0}]
[-HKEY_CLASSES_ROOT\CLSID\{0C596BB2-E3D4-444D-84BA-11863FE919CF}]
[-HKEY_CLASSES_ROOT\CLSID\{06188843-2098-4901-8389-955D3E9172A3}]
REGEDIT4

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"SV1"=""
****************************************************************************
Desktop.ini Contents:
****************************************************************************

****************************************************************************
Checking for L2MFix account(0=no 1=yes):
0
Zipping up files for submission:
adding: dlls/fp8s03l7e.dll (164 bytes security) (deflated 4%)
adding: dlls/jt2607fse.dll (164 bytes security) (deflated 5%)
adding: dlls/marui.dll (164 bytes security) (deflated 4%)
adding: dlls/__delete_on_reboot__n0p40a7qed.dll (164 bytes security) (deflated 4%)
adding: backregs/06188843-2098-4901-8389-955D3E9172A3.reg (212 bytes security) (deflated 70%)
adding: backregs/724645C2-6691-47FD-88CC-D0AC287A2DB0.reg (212 bytes security) (deflated 70%)
adding: backregs/notibac.reg (164 bytes security) (deflated 63%)
adding: backregs/shell.reg (164 bytes security) (deflated 74%)


Here is my hijackthis log

Logfile of HijackThis v1.99.1
Scan saved at 11:08:22 PM, on 18/02/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Watch.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\shstat.exe
C:\WINDOWS\system32\winlogon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Family\Desktop\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.canoe.ca/
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Update] C:\Program Files\WindowsUpdate\wupdate.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AWMON] "C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Watch.exe"
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1116875361155
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.t...ivex/hcImpl.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://sympatico.zon...ro.cab34246.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/...aploader_v6.cab
O20 - Winlogon Notify: IPConfTSP - C:\WINDOWS\system32\fp8s03l7e.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe


Thanks again, Let me know if there is anything else running that I should be concerned about.

#7 Susan528

Susan528

    SuperMember

  • Authentic Member
  • PipPipPipPipPip
  • 3,194 posts

Posted 07 March 2006 - 09:22 AM

Hello cfloyd, I am so sorry that I haven't gotten back to you. Please post a new hijackthis log and let's see if anything has changed. There were a couple of minor entries which could be fixed.
Posted Image

Proud member of ASAP since 2005

The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

Want to help others? Come join us in the Class Room and learn how.

#8 cfloyd

cfloyd

    New Member

  • New Member
  • Pip
  • 6 posts

Posted 10 March 2006 - 10:50 PM

Here is my logfile I hope it is now clean.


Logfile of HijackThis v1.99.1
Scan saved at 11:45:56 PM, on 10/03/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5296.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Documents and Settings\Family\Desktop\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.canoe.ca/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Update] C:\Program Files\WindowsUpdate\wupdate.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AWMON] "C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Watch.exe"
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_7 -reboot 1
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1116875361155
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.t...ivex/hcImpl.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://sympatico.zon...ro.cab34246.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/...aploader_v6.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe

#9 Susan528

Susan528

    SuperMember

  • Authentic Member
  • PipPipPipPipPip
  • 3,194 posts

Posted 11 March 2006 - 07:10 AM

Hello cfloyd,

There is one adware application we need to remove. Please do the following:

Disable AdWatch:
Please disable AdWatch, as it may hinder the removal of some entries. You can re-enable it after you're clean.To disable AdWatch:
  • Open AdAware SE.
  • Go to AdWatch User Interface .
  • Go to Tools and Preferences.At the bottom of the screen you will see 2 options Active and Automatic.
  • Active : This will turn Ad-Watch On\Off without closing it
  • Automatic : Suspicious activity will be blocked automatically
  • Uncheck both options. You can enable these after resolving your problem.
After all of the fixes are complete it is very important that you enable AdWatch again.

Disable Microsoft Windows Defender:
We need to disable your Microsoft Windows Defender Real-time Protection as it may interfere with the fixes that we need to make.
  • Open Microsoft Windows Defender. Click Start, Programs, Windows Defender
  • Click on Tools, General Settings.
  • Under Real-time protection options, unselect the Turn on real-time protection check box
  • Click Save
After all of the fixes are complete it is very important that you enable Real-time Protection again.

Please set your system to show all files; please see here if you're unsure how to do this.

Close all programs leaving only HijackThis running. Place a check against each of the following, making sure you get them all and not any others by mistake:
O4 - HKLM\..\Run: [Windows Update] C:\Program Files\WindowsUpdate\wupdate.exe
Click on Fix Checked when finished and exit HijackThis.

Reboot into Safe Mode: please see here if you are not sure how to do this.

Using Windows Explorer, locate the following files/folders, and delete them:
C:\Program Files\WindowsUpdate\wupdate.exe<==file
Exit Explorer, and reboot as normal afterwards.

Please post a new hijackthis log.
Posted Image

Proud member of ASAP since 2005

The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

Want to help others? Come join us in the Class Room and learn how.

#10 cfloyd

cfloyd

    New Member

  • New Member
  • Pip
  • 6 posts

Posted 11 March 2006 - 10:35 AM

Hi,

I did have show hidden files selected but I still could not see c:\program files\windows update folder.
I found that folder under my old C which is now my F: I deleted and now when I run a scan I do not see the windowsupdate anymore.

Thanks for your help.


Logfile of HijackThis v1.99.1
Scan saved at 11:29:09 AM, on 11/03/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5296.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Watch.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Documents and Settings\Family\Desktop\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.canoe.ca/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AWMON] "C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Watch.exe"
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_7 -reboot 1
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1116875361155
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.t...ivex/hcImpl.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://sympatico.zon...ro.cab34246.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/...aploader_v6.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe

#11 Susan528

Susan528

    SuperMember

  • Authentic Member
  • PipPipPipPipPip
  • 3,194 posts

Posted 11 March 2006 - 10:56 AM

Hello cfloyd,

Your logs appears to be clean now. Please do the following:

STEP 1.
======
Cleanmgr
To clean temporary files:
  • Go > start > run and type cleanmgr and click OK
  • Scan your system for files to remove.
  • Make sure Temporary Files, Temporary Internet Files and Recycle Bin are the only things checked.
  • Click OK to remove those files.
  • Click Yes to confirm deletion.
STEP 2.( Windows XP only)
======
Prefetch Folder
Open C:\Windows\Prefetch\
Delete All files in this folder but not the Prefetch folder

STEP 3.
======
System Restore for Windows XP
Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected)
  • Turn off System Restore.
  • On the Desktop, right-click My Computer.
  • Click Properties.
  • Click the System Restore tab.
  • Check Turn off System Restore.
  • Click Apply, and then click OK.
Reboot.

Turn ON System Restore.
  • On the Desktop, right-click My Computer.
  • Click Properties.
  • Click the System Restore tab.
  • UN-Check *Turn off System Restore*.
  • Click Apply, and then click OK.

STEP 4.
======
Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
  • Update your AntiVirus Software - It is imperative that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

  • Test your Firewall - Please test your firewall and make sure it is working properly.
    Test Firewall

  • Visit Microsoft's Update Site Frequently - It is important that you visit Windows Updates regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

  • Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an antivirus software.
    A tutorial on installing & using this product can be found here:
    Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers


  • Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.
    A tutorial on installing & using this product can be found here:
    Using SpywareBlaster to protect your computer from Spyware and Malware

  • Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
  • More info on how to prevent malware you can also find here (By Tony Klein)
    and here: http://wiki.castleco...nt_Re-infection
Follow this list and your potential for being infected again will reduce dramatically.

Thank you for allowing me to assist you.
Posted Image

Proud member of ASAP since 2005

The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

Want to help others? Come join us in the Class Room and learn how.

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users