|
|
|
computer problems plz help
|
|
Member
|
6. October 2006 @ 22:47 |
Link to this message
|
|
my computer has gotting very slow just in a day i dont know whats worng with it. it takes at least 5 min to start up rather than just a min. the cpu usage is allways high about 90-100 and sound effects are lagy and so is mouse. i used nod32 antivirus system to do a full system cheeck and spydoctor and nothing showed up. also i keep getting a msg box that says
"data execution prevention-microsoft windows
to help protect your computer, windows has closed this program.
name: Windows Explorer
Publisher: Microsoft corporation"
and the only buttion i can choose is close message
what should i do to fix this problem
sorry for grammer errors and other stuff
thanks in advance
|
|
Advertisement
|
|
|
|
Senior Member
|
6. October 2006 @ 22:57 |
Link to this message
|
Hello redhouse,
Download HijackThis.
Create a folder in C: named HjT.
Extract the file to the new folder.
Open HijackThis.exe.
Click "Do a system scan and save a log file".
Post that log file in you next reply.
|
Member
|
6. October 2006 @ 23:02 |
Link to this message
|
Logfile of HijackThis v1.99.1
Scan saved at 3:01:09 AM, on 10/7/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5450.0004)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
c:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\LClock\LClock.exe
C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\AOL\1159844513\ee\AOLSoftware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Diablo II\Game.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\explorer.exe
C:\Documents and Settings\John\Desktop\HijackThis_v1.99.1.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3...ilion&pf=laptop
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {400741D2-9379-42DD-BED9-D7DBF9185DFC} - C:\WINDOWS\awvectp.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\Documents and Settings\John\Desktop\Spyware Doctor\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {849B9523-785F-4014-9CAF-079FB4A74C61} - C:\WINDOWS\system32\oobrynyo.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\DOCUME~1\John\Desktop\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: &VSToolBar - {821F87FF-8245-4972-9E28-732E92EC2F51} - C:\Program Files\VSToolbar\VSToolBar.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [D_V_T] C:\\dvt.exe /S \C:\\d_v_t.reg\
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [LClock] C:\Program Files\LClock\LClock.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1159844513\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PSPHost] "C:\Program Files\PSPHost\PSPHost.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\DOCUME~1\John\Desktop\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=laptop
O16 - DPF: {554F4AD7-8432-4F08-F306-650E5F1558DA} - http://85.255.113.214/1/gdnUS2339.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupd...b?1159216013454
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupd...b?1159215978798
O16 - DPF: {97B79133-88F0-45F0-8D57-0F2EF27D9C66} - http://85.255.114.166/1/rdgUS2405.exe
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - c:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O20 - Winlogon Notify: awvectp - C:\WINDOWS\awvectp.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: File Security Kernel Anti-Spyware Driver (ikhfile) - PCTools Research Pty Ltd. - C:\Documents and Settings\John\Desktop\Spyware Doctor\ikhfile.sys
O23 - Service: Kernel Anti-Spyware Driver (ikhlayer) - PCTools Research Pty Ltd. - C:\Documents and Settings\John\Desktop\Spyware Doctor\ikhlayer.sys
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - Unknown owner - C:\Documents and Settings\John\Desktop\Spyware Doctor\SDhelper.exe (file missing)
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
is this what your looking for thanks 4 quick reply
|
Senior Member
|
6. October 2006 @ 23:38 |
Link to this message
|
Yes, thank you.
Download VundoFix to your desktop.
Double-click VundoFix.exe to run it.
Click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will reboot your computer, click OK.
Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.
Go here to download the trial version of AVG Anti-spyware.
Install and update.
Restart your computer in safe mode(press F8 upon boot, select "Safe Mode" from menu and press Enter).
Open AVG AS and click "Scanner".
Click "Complete System Scan".
When it finishes scanning, set all items to "Quarantine".
Click "Apply All Actions".
Click "Save Report".
Click "Save report as" and save it to the desktop.
Post the contents of C:\vundofix.txt, the AVG report and a new HijackThis log.
This message has been edited since posting. Last time this message was edited on 6. October 2006 @ 23:39
|
Member
|
7. October 2006 @ 16:31 |
Link to this message
|
VundoFix V6.2.0
Checking Java version...
Java version is 1.5.0.6
Scan started at 3:41:08 AM 10/7/2006
Listing files found while scanning....
C:\WINDOWS\system32\nxuxjkwa.dll
C:\WINDOWS\system32\tnvafhyc.dll
C:\WINDOWS\system32\wyjtkqqi.dll
C:\WINDOWS\system32\hivvkfyv.exe
C:\WINDOWS\awvectp.dll
C:\WINDOWS\ptcevwa.ini
C:\WINDOWS\ptcevwa.bak1
C:\WINDOWS\ptcevwa.ini2
C:\WINDOWS\ptcevwa.tmp
Beginning removal...
Attempting to delete C:\WINDOWS\system32\nxuxjkwa.dll
C:\WINDOWS\system32\nxuxjkwa.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\tnvafhyc.dll
C:\WINDOWS\system32\tnvafhyc.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\wyjtkqqi.dll
C:\WINDOWS\system32\wyjtkqqi.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\hivvkfyv.exe
C:\WINDOWS\system32\hivvkfyv.exe Has been deleted!
Attempting to delete C:\WINDOWS\awvectp.dll
C:\WINDOWS\awvectp.dll Could not be deleted.
Attempting to delete C:\WINDOWS\ptcevwa.ini
C:\WINDOWS\ptcevwa.ini Has been deleted!
Attempting to delete C:\WINDOWS\ptcevwa.bak1
C:\WINDOWS\ptcevwa.bak1 Has been deleted!
Attempting to delete C:\WINDOWS\ptcevwa.ini2
C:\WINDOWS\ptcevwa.ini2 Has been deleted!
Attempting to delete C:\WINDOWS\ptcevwa.tmp
C:\WINDOWS\ptcevwa.tmp Has been deleted!
Performing Repairs to the registry.
Done!
Beginning removal...
Attempting to delete C:\WINDOWS\awvectp.dll
C:\WINDOWS\awvectp.dll Has been deleted!
Performing Repairs to the registry.
Done!
this is the C:\vundofix.txt
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------
+ Created at: 8:28:39 PM 10/7/2006
+ Scan result:
HKLM\SOFTWARE\Microsoft\VisualStudio\Analyzer\Events\{6C736D71-BCBF-11D0-8A23-00AA00B58E10} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
C:\Documents and Settings\John\Local Settings\Temporary Internet Files\Content.IE5\CPIV41UB\c[1].htm -> Hijacker.Linker.b : Cleaned with backup (quarantined).
C:\VundoFix Backups\nxuxjkwa.dll.bad -> Logger.VBStat.e : Cleaned with backup (quarantined).
C:\VundoFix Backups\tnvafhyc.dll.bad -> Logger.VBStat.e : Cleaned with backup (quarantined).
C:\VundoFix Backups\wyjtkqqi.dll.bad -> Logger.VBStat.e : Cleaned with backup (quarantined).
C:\Program Files\DIGStream\digstream.exe -> Not-A-Virus.Downloader.Win32.DigStream : Cleaned with backup (quarantined).
C:\Documents and Settings\John\Local Settings\Temporary Internet Files\Content.IE5\8PHGFQFY\SysProtectScannerInstall[1].cab/USYP_0002_N91M1708NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
C:\Documents and Settings\John\Local Settings\Temporary Internet Files\Content.IE5\8PHGFQFY\WinAntiVirusPro2006FreeInstall[1].cab/UWA6P_0001_N91M1807NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
C:\Program Files\ESET\infected\OBSEEHAA.NQF -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
:mozilla.258:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\b2mq7mig.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.259:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\b2mq7mig.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.261:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\b2mq7mig.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.262:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\b2mq7mig.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.263:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\b2mq7mig.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.264:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\b2mq7mig.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.265:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\b2mq7mig.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.266:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\b2mq7mig.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@cneteurope.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@microsofteup.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.127:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\qmfvp0jj.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.140:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\qmfvp0jj.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.212:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\qmfvp0jj.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.269:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\b2mq7mig.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.284:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\b2mq7mig.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.370:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\b2mq7mig.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.494:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\qmfvp0jj.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.496:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\qmfvp0jj.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.620:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\qmfvp0jj.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.654:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\qmfvp0jj.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.670:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\qmfvp0jj.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.67:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\b2mq7mig.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.70:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\qmfvp0jj.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.71:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\qmfvp0jj.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.72:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\qmfvp0jj.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.74:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\qmfvp0jj.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.75:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\qmfvp0jj.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\John\Cookies\john@adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.189:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\b2mq7mig.default\cookies.txt -> TrackingCookie.Addynamix : Cleaned.
C:\Documents and Settings\John\Cookies\john@adrevolver[2].txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.222:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\b2mq7mig.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.223:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\b2mq7mig.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.224:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\b2mq7mig.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.225:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\b2mq7mig.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.226:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\b2mq7mig.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\John\Cookies\john@advertising[1].txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.19:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\b2mq7mig.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.63:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\qmfvp0jj.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\John\Cookies\john@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.33:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\b2mq7mig.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.31:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\b2mq7mig.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.32:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\b2mq7mig.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.34:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\b2mq7mig.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.137:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\b2mq7mig.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.138:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\b2mq7mig.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.139:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\b2mq7mig.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.140:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\b2mq7mig.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.141:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\b2mq7mig.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.173:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\b2mq7mig.default\cookies.txt -> TrackingCookie.Clickhype : Cleaned.
:mozilla.174:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\b2mq7mig.default\cookies.txt -> TrackingCookie.Clickhype : Cleaned.
:mozilla.562:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\qmfvp0jj.default\cookies.txt -> TrackingCookie.Clickhype : Cleaned.
:mozilla.399:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\b2mq7mig.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned.
:mozilla.400:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\b2mq7mig.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned.
:mozilla.153:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\b2mq7mig.default\cookies.txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@com[1].txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\John\Cookies\john@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.26:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\b2mq7mig.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.43:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\qmfvp0jj.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\John\Cookies\john@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.336:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\b2mq7mig.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.337:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\b2mq7mig.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.338:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\b2mq7mig.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.55:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\b2mq7mig.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.56:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\b2mq7mig.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.57:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\b2mq7mig.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.58:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\b2mq7mig.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
C:\Documents and Settings\John\Cookies\john@as-us.falkag[2].txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.64:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\b2mq7mig.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.65:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\qmfvp0jj.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.65:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\b2mq7mig.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.66:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\qmfvp0jj.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.66:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\b2mq7mig.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.136:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\b2mq7mig.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.16:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\b2mq7mig.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.17:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\b2mq7mig.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.18:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\b2mq7mig.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.70:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\b2mq7mig.default\cookies.txt -> TrackingCookie.Hotlog : Cleaned.
:mozilla.116:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\b2mq7mig.default\cookies.txt -> TrackingCookie.Masterstats : Cleaned.
:mozilla.384:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\b2mq7mig.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.61:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\qmfvp0jj.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.378:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\b2mq7mig.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.379:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\b2mq7mig.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.36:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\qmfvp0jj.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.123:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\b2mq7mig.default\cookies.txt -> TrackingCookie.Paycounter : Cleaned.
:mozilla.133:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\b2mq7mig.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.134:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\b2mq7mig.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.135:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\b2mq7mig.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.21:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\b2mq7mig.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.22:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\b2mq7mig.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.23:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\b2mq7mig.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.147:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\b2mq7mig.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.186:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\b2mq7mig.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.187:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\b2mq7mig.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.188:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\b2mq7mig.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.181:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\b2mq7mig.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.182:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\b2mq7mig.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.183:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\b2mq7mig.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.184:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\b2mq7mig.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.111:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\b2mq7mig.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.112:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\b2mq7mig.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.113:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\b2mq7mig.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.114:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\b2mq7mig.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.117:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\b2mq7mig.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned.
:mozilla.161:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\b2mq7mig.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.162:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\b2mq7mig.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.163:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\b2mq7mig.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.164:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\b2mq7mig.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.559:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\qmfvp0jj.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.560:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\qmfvp0jj.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
C:\Documents and Settings\John\Cookies\john@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.71:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\b2mq7mig.default\cookies.txt -> TrackingCookie.Spylog : Cleaned.
:mozilla.393:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\b2mq7mig.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.394:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\b2mq7mig.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.141:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\qmfvp0jj.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.142:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\qmfvp0jj.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.143:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\qmfvp0jj.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.167:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\qmfvp0jj.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.185:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\b2mq7mig.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.30:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\b2mq7mig.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.38:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\b2mq7mig.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.42:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\b2mq7mig.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.43:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\b2mq7mig.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.610:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\qmfvp0jj.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\John\Cookies\john@anad.tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\John\Cookies\john@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.392:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\b2mq7mig.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.79:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\b2mq7mig.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.82:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\b2mq7mig.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.83:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\b2mq7mig.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.84:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\b2mq7mig.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.85:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\b2mq7mig.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.86:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\b2mq7mig.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.87:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\b2mq7mig.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.88:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\b2mq7mig.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
C:\Documents and Settings\John\Cookies\john@trafficmp[2].txt -> TrackingCookie.Trafficmp : Cleaned.
C:\Documents and Settings\John\Cookies\john@trafficmp[3].txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.415:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\b2mq7mig.default\cookies.txt -> TrackingCookie.Trafic : Cleaned.
:mozilla.220:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\b2mq7mig.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.221:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\b2mq7mig.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.44:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\qmfvp0jj.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.45:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\qmfvp0jj.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.46:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\qmfvp0jj.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.47:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\qmfvp0jj.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.48:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\qmfvp0jj.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.49:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\qmfvp0jj.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.201:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\b2mq7mig.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.202:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\b2mq7mig.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.203:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\b2mq7mig.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.204:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\b2mq7mig.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.205:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\b2mq7mig.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.206:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\b2mq7mig.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.428:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\b2mq7mig.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.72:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\b2mq7mig.default\cookies.txt -> TrackingCookie.Yadro : Cleaned.
:mozilla.39:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\b2mq7mig.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.40:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\b2mq7mig.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.41:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\b2mq7mig.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\John\Cookies\john@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.333:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\b2mq7mig.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.334:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\b2mq7mig.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.335:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\b2mq7mig.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
C:\WINDOWS\system32\oobrynyo.dll -> Trojan.BHO.g : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024 -> Trojan.Small : Cleaned with backup (quarantined).
::Report end
this is AVG Anti Spyware report
Logfile of HijackThis v1.99.1
Scan saved at 8:30:25 PM, on 10/7/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5450.0004)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\John\Desktop\HijackThis_v1.99.1.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3...ilion&pf=laptop
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {400741D2-9379-42DD-BED9-D7DBF9185DFC} - C:\WINDOWS\awvectp.dll (file missing)
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\Documents and Settings\John\Desktop\Spyware Doctor\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {849B9523-785F-4014-9CAF-079FB4A74C61} - C:\WINDOWS\system32\oobrynyo.dll (file missing)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\DOCUME~1\John\Desktop\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: &VSToolBar - {821F87FF-8245-4972-9E28-732E92EC2F51} - C:\Program Files\VSToolbar\VSToolBar.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [D_V_T] C:\\dvt.exe /S \C:\\d_v_t.reg\
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [LClock] C:\Program Files\LClock\LClock.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1159844513\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PSPHost] "C:\Program Files\PSPHost\PSPHost.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\DOCUME~1\John\Desktop\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=laptop
O16 - DPF: {554F4AD7-8432-4F08-F306-650E5F1558DA} - http://85.255.113.214/1/gdnUS2339.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupd...b?1159216013454
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupd...b?1159215978798
O16 - DPF: {97B79133-88F0-45F0-8D57-0F2EF27D9C66} - http://85.255.114.166/1/rdgUS2405.exe
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - c:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: File Security Kernel Anti-Spyware Driver (ikhfile) - PCTools Research Pty Ltd. - C:\Documents and Settings\John\Desktop\Spyware Doctor\ikhfile.sys
O23 - Service: Kernel Anti-Spyware Driver (ikhlayer) - PCTools Research Pty Ltd. - C:\Documents and Settings\John\Desktop\Spyware Doctor\ikhlayer.sys
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - Unknown owner - C:\Documents and Settings\John\Desktop\Spyware Doctor\SDhelper.exe (file missing)
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
this is HijackThis log
|
Senior Member
|
7. October 2006 @ 16:59 |
Link to this message
|
HijackThis was run in safe mode, next log please run the scan in normal mode.
Go here and download CWShredder.
Open cwshredder.exe
Click "Scan only".
If anything is found, click "Fix ->"
If nothing is found, click "Next"
Exit CWShredder.
If you did not install VSToolBar go to Add/Remove Programs and uninstall it.
Then delete the folder: C:\Program Files\VSToolBar
Run a scan only with HijackThis, check these(if there):
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3...ilion&pf=laptop
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {400741D2-9379-42DD-BED9-D7DBF9185DFC} - C:\WINDOWS\awvectp.dll (file missing)
O2 - BHO: (no name) - {849B9523-785F-4014-9CAF-079FB4A74C61} - C:\WINDOWS\system32\oobrynyo.dll (file missing)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: &VSToolBar - {821F87FF-8245-4972-9E28-732E92EC2F51} - C:\Program Files\VSToolbar\VSToolBar.dll Only if you uninstalled VSToolBar.
O16 - DPF: {554F4AD7-8432-4F08-F306-650E5F1558DA} - http://85.255.113.214/1/gdnUS2339.exe
O16 - DPF: {97B79133-88F0-45F0-8D57-0F2EF27D9C66} - http://85.255.114.166/1/rdgUS2405.exe
Close all windows except HijackThis, then click "Fix checked".
Then, go here and download ATF Cleaner.
Open AFT Cleaner.
Check "Select All".
Click "Empty Selected".
Restart and post a new HijackThis log.
How are things?
|
Member
|
7. October 2006 @ 17:55 |
Link to this message
|
Logfile of HijackThis v1.99.1
Scan saved at 9:54:31 PM, on 10/7/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5450.0004)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\ehome\ehtray.exe
c:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\LClock\LClock.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\AOL\1159844513\ee\AOLSoftware.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\WINDOWS\system32\taskmgr.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\John\Desktop\HijackThis_v1.99.1.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\Documents and Settings\John\Desktop\Spyware Doctor\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\DOCUME~1\John\Desktop\SPYWAR~1\tools\iesdpb.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [D_V_T] C:\\dvt.exe /S \C:\\d_v_t.reg\
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [LClock] C:\Program Files\LClock\LClock.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1159844513\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PSPHost] "C:\Program Files\PSPHost\PSPHost.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\DOCUME~1\John\Desktop\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=laptop
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupd...b?1159216013454
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupd...b?1159215978798
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - c:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: File Security Kernel Anti-Spyware Driver (ikhfile) - PCTools Research Pty Ltd. - C:\Documents and Settings\John\Desktop\Spyware Doctor\ikhfile.sys
O23 - Service: Kernel Anti-Spyware Driver (ikhlayer) - PCTools Research Pty Ltd. - C:\Documents and Settings\John\Desktop\Spyware Doctor\ikhlayer.sys
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - Unknown owner - C:\Documents and Settings\John\Desktop\Spyware Doctor\SDhelper.exe (file missing)
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
still the same and very high cpu usage
|
Senior Member
|
7. October 2006 @ 18:12 |
Link to this message
|
Hmm, your log is clean now.
Press Ctrl+Alt+Del > Processes tab. What program is using a high CPU and memory usage?
Go here and run Kaspersky Online Scanner.
Accept the terms.
After downloading, click "My Computer".
After scanning, click "Save report as".
Save as a text file and post it here.
|
Member
|
7. October 2006 @ 18:57 |
Link to this message
|
its hard to tell what is high.
its just not the same as before this happen
i can see a little improvements like mouse it not skipping around the screen when i move it
but i can tell its not the same because when i try to play a computer games it skips stops lag
and it used to play perfict before
when i try to play a movie it skips and repits and frame rate is realy bad not like before
also stupid things take up the cpu like refreshing a webpage
extracting things from WinRAR
and other small things that shouldent take up all the cpu
i cant run Kaspersky Online Scanner dont know y. when i try to click accept it doesent do anything
This message has been edited since posting. Last time this message was edited on 7. October 2006 @ 19:10
|
Senior Member
|
7. October 2006 @ 20:23 |
Link to this message
|
Go here and run ActiveScan. When it finishes, save the resutls and post them.
|
Member
|
8. October 2006 @ 14:55 |
Link to this message
|
|
Incident Status Location
Adware:Adware/Lop Not disinfected C:\Documents and Settings\John\Application Data\ezpinst.exe
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\qmfvp0jj.default\cookies.txt[.advertising.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\qmfvp0jj.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\qmfvp0jj.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\qmfvp0jj.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\qmfvp0jj.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\qmfvp0jj.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\qmfvp0jj.default\cookies.txt[.adrevolver.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\qmfvp0jj.default\cookies.txt[.advertising.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\qmfvp0jj.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\qmfvp0jj.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\qmfvp0jj.default\cookies.txt[.adrevolver.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\qmfvp0jj.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\qmfvp0jj.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/Ccbill Not disinfected C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\qmfvp0jj.default\cookies.txt[.ccbill.com/]
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\qmfvp0jj.default\cookies.txt[.as-eu.falkag.net/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\qmfvp0jj.default\cookies.txt[.mediaplex.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\qmfvp0jj.default\cookies.txt[.questionmarket.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\qmfvp0jj.default\cookies.txt[.overture.com/]
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\qmfvp0jj.default\cookies.txt[searchportal.information.com/]
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\qmfvp0jj.default\cookies.txt[.toplist.cz/]
Spyware:Cookie/Cd Freaks Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\b2mq7mig.default\cookies.txt[.cdfreaks.com/]
Spyware:Cookie/Cd Freaks Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\b2mq7mig.default\cookies.txt[.club.cdfreaks.com/]
Spyware:Cookie/FortuneCity Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\b2mq7mig.default\cookies.txt[.fortunecity.com/]
|
Senior Member
|
8. October 2006 @ 18:51 |
Link to this message
|
Open HijackThis.
Click "Open the Misc Tools section"
Click "Generate StartupList log.
Click Yes.
Post that log.
|
Member
|
8. October 2006 @ 19:47 |
Link to this message
|
StartupList report, 10/8/2006, 11:47:07 PM
StartupList version: 1.52.2
Started from : C:\Documents and Settings\John\Desktop\HijackThis_v1.99.1.EXE
Detected: Windows XP SP2 (WinNT 5.01.2600)
Detected: Internet Explorer v7.00 (7.00.5450.0004)
* Using default options
==================================================
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
c:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE
C:\Program Files\LClock\LClock.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\AOL\1159844513\ee\AOLSoftware.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Diablo II\Game.exe
C:\Documents and Settings\John\Desktop\HijackThis_v1.99.1.exe
--------------------------------------------------
Listing of startup folders:
Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
Bluetooth.lnk = ?
HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
--------------------------------------------------
Checking Windows NT UserInit:
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
ehTray = C:\WINDOWS\ehome\ehtray.exe
ATIPTA = "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
SynTPEnh = C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Default) =
QPService = "C:\Program Files\HP\QuickPlay\QPService.exe"
eabconfg.cpl = C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
RecGuard = C:\Windows\SMINST\RecGuard.exe
hpWirelessAssistant = C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe
D_V_T = C:\\dvt.exe /S \C:\\d_v_t.reg\
HP Software Update = C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
LClock = C:\Program Files\LClock\LClock.exe
SunJavaUpdateSched = C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
TkBellExe = "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
HostManager = C:\Program Files\Common Files\AOL\1159844513\ee\AOLSoftware.exe
IPHSend = C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
!AVG Anti-Spyware = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe
MSMSGS = "C:\Program Files\Messenger\msmsgs.exe" /background
--------------------------------------------------
Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:
Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*
Shell & screensaver key from Registry:
Shell=Explorer.exe
SCRNSAVE.EXE=*Registry value not found*
drivers=*Registry value not found*
Policies Shell key:
HKCU\..\Policies: Shell=*Registry value not found*
HKLM\..\Policies: Shell=*Registry value not found*
--------------------------------------------------
Enumerating Browser Helper Objects:
(no name) - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
(no name) - (no file) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB}
(no name) - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
(no name) - (no file) - {B56A7D7D-6927-48C8-A975-17DF180C71AC}
--------------------------------------------------
Enumerating Download Program Files:
[WUWebControl Class]
InProcServer32 = C:\WINDOWS\system32\wuweb.dll
CODEBASE = http://update.microsoft.com/microsoftupd...b?1159216013454
[MUWebControl Class]
InProcServer32 = C:\WINDOWS\system32\muweb.dll
CODEBASE = http://update.microsoft.com/microsoftupd...b?1159215978798
[ActiveScan Installer Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\asinst.dll
CODEBASE = http://acs.pandasoftware.com/activescan/as5free/asinst.cab
--------------------------------------------------
Enumerating ShellServiceObjectDelayLoad items:
PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\system32\webcheck.dll
SysTray: C:\WINDOWS\system32\stobject.dll
WPDShServiceObj: C:\WINDOWS\system32\WPDShServiceObj.dll
--------------------------------------------------
End of report, 7,062 bytes
Report generated in 0.047 seconds
Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only
|
Senior Member
|
8. October 2006 @ 23:09 |
Link to this message
|
Show hidden files and folders.
Control Panel > Folder Options > View tab > check "show hidden files and folders".
Delete this file:
C:\Documents and Settings\John\Application Data\ezpinst.exe
If access is denied delete it in safe mode.
Run ATF Cleaner to clean cookies. Click Firefox from menu.
Restart.
Still high CPU usage?
|
Member
|
9. October 2006 @ 09:23 |
Link to this message
|
|
yep
|
Senior Member
|
9. October 2006 @ 11:04 |
Link to this message
|
|
Damn. I hate to send you to run another online scan, but can you run Kaspersky Online Scan now? Be sure to use Internet Explorer.
|
Member
|
9. October 2006 @ 15:00 |
Link to this message
|
|
This message has been edited since posting. Last time this message was edited on 9. October 2006 @ 15:06
|
Senior Member
|
9. October 2006 @ 17:52 |
Link to this message
|
|
Member
|
10. October 2006 @ 08:21 |
Link to this message
|
|
it said it found 8 viruses and deleted them and so many infected files i forgot to save the report for it is there any way i can get it back and show u
This message has been edited since posting. Last time this message was edited on 10. October 2006 @ 09:00
|
Senior Member
|
10. October 2006 @ 12:37 |
Link to this message
|
|
Nah, you'd have to run it again, and they wouldn't be there. Do you remember any names?
How are things now? Internet working in normal mode?
Post a new HijackThislog.
|
Member
|
10. October 2006 @ 14:47 |
Link to this message
|
Logfile of HijackThis v1.99.1
Scan saved at 6:46:24 PM, on 10/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5450.0004)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
c:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\LClock\LClock.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\AOL\1159844513\ee\AOLSoftware.exe
C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\John\Desktop\HijackThis_v1.99.1.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\SoftwareDistribution\Download\fde4a5af73d5aee9b5faba71cbff1d6c\update\update.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - (no file)
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [D_V_T] C:\\dvt.exe /S \C:\\d_v_t.reg\
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [LClock] C:\Program Files\LClock\LClock.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1159844513\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=laptop
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupd...b?1159216013454
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupd...b?1159215978798
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - c:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: File Security Kernel Anti-Spyware Driver (ikhfile) - Unknown owner - C:\Documents and Settings\John\Desktop\Spyware Doctor\ikhfile.sys (file missing)
O23 - Service: Kernel Anti-Spyware Driver (ikhlayer) - Unknown owner - C:\Documents and Settings\John\Desktop\Spyware Doctor\ikhlayer.sys (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - Unknown owner - C:\Documents and Settings\John\Desktop\Spyware Doctor\SDhelper.exe (file missing)
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
still not running well
|
Senior Member
|
10. October 2006 @ 18:40 |
Link to this message
|
I'm assuming this "update" running is not good.
Go to Jotti's malware scan.
Copy/Paste this file into "File to upload and scan".
C:\WINDOWS\SoftwareDistribution\Download\fde4a5af73d5aee9b5faba71cbff1d6c\update\update.exe
Click Submit.
Post the resutls in your next reply.
|
Member
|
10. October 2006 @ 18:57 |
Link to this message
|
|
AntiVir
Found nothing
ArcaVir
Found nothing
Avast
Found nothing
AVG Antivirus
Found nothing
BitDefender
Found nothing
ClamAV
Found nothing
Dr.Web
Found nothing
F-Prot Antivirus
Found nothing
Fortinet
Found nothing
Kaspersky Anti-Virus
Found nothing
NOD32
Found nothing
Norman Virus Control
Found nothing
UNA
Found nothing
VirusBuster
Found nothing
VBA32
Found nothing
|
Senior Member
|
10. October 2006 @ 19:31 |
Link to this message
|
Guess not.
Go here and download Spybot Search and Destroy.
Run in safe mode.
Click "Check for Updates".
Click "Search for Updates".
Select all and click "Download Updates".
After updating, click "Search and Destroy".
Click "Check for Problems".
When it finishes, click "Fix selected problems".
Right click and select "Copy results" (not full report)
Paste them in your next reply if anything was found.
|
|
Advertisement
|
|
|
Member
|
10. October 2006 @ 20:02 |
Link to this message
|
CoolWWWSearch.Compstuic: Data (File, fixed)
C:\WINDOWS\gsc307.ggs
Microsoft.WindowsSecurityCenter.AntiVirusDisableNotify: Settings (Registry change, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify!=dword:0
Microsoft.WindowsSecurityCenter.FirewallDisableNotify: Settings (Registry change, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify!=dword:0
AstaKiller: Root class (Registry key, fixed)
HKEY_LOCAL_MACHINE\Software\Classes\MezziaCodec.Chl
AstaKiller: Class ID (Registry key, fixed)
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{6BF52A52-394A-11D3-B153-00C04F79FAA6}
SeachToolbarCorp.ToolbarVision: Settings (Registry key, fixed)
HKEY_USERS\S-1-5-21-2540899815-763274292-1888576114-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{821F87FF-8245-4972-9E28-732E92EC2F51}
SeachToolbarCorp.ToolbarVision: Settings (Registry key, fixed)
HKEY_USERS\S-1-5-21-2540899815-763274292-1888576114-1005\Software\Search Toolbar Corp
SeachToolbarCorp.ToolbarVision: Program directory (Directory, fixed)
C:\Documents and Settings\John\Application Data\SearchToolbarCorp\
SeachToolbarCorp.ToolbarVision: Program directory (Directory, fixed)
C:\Documents and Settings\John\Application Data\SearchToolbarCorp\Toolbar Vision\
SeachToolbarCorp.ToolbarVision: Text file (File, fixed)
C:\Documents and Settings\John\Application Data\SearchToolbarCorp\Toolbar Vision\PageHistory.txt
SeachToolbarCorp.ToolbarVision: Text file (File, fixed)
C:\Documents and Settings\John\Application Data\SearchToolbarCorp\Toolbar Vision\WebHistory.txt
CasaleMedia: Tracking cookie (Internet Explorer: John) (Cookie, fixed)
Advertising.com: Tracking cookie (Firefox: default) (Cookie, fixed)
Advertising.com: Tracking cookie (Firefox: default) (Cookie, fixed)
Advertising.com: Tracking cookie (Firefox: default) (Cookie, fixed)
Advertising.com: Tracking cookie (Firefox: default) (Cookie, fixed)
Avenue A, Inc.: Tracking cookie (Firefox: default) (Cookie, fixed)
CasaleMedia: Tracking cookie (Firefox: default) (Cookie, fixed)
CasaleMedia: Tracking cookie (Firefox: default) (Cookie, fixed)
CasaleMedia: Tracking cookie (Firefox: default) (Cookie, fixed)
CasaleMedia: Tracking cookie (Firefox: default) (Cookie, fixed)
CasaleMedia: Tracking cookie (Firefox: default) (Cookie, fixed)
DoubleClick: Tracking cookie (Firefox: default) (Cookie, fixed)
HitBox: Tracking cookie (Firefox: default) (Cookie, fixed)
HitBox: Tracking cookie (Firefox: default) (Cookie, fixed)
FastClick: Tracking cookie (Firefox: default) (Cookie, fixed)
FastClick: Tracking cookie (Firefox: default) (Cookie, fixed)
FastClick: Tracking cookie (Firefox: default) (Cookie, fixed)
HitBox: Tracking cookie (Firefox: default) (Cookie, fixed)
HitBox: Tracking cookie (Firefox: default) (Cookie, fixed)
MediaPlex: Tracking cookie (Firefox: default) (Cookie, fixed)
--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---
2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2006-10-10 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2006-02-06 advcheck.dll (1.0.2.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2006-02-20 Tools.dll (2.0.0.2)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2006-10-06 Includes\Cookies.sbi (*)
2006-10-06 Includes\Dialer.sbi (*)
2006-10-06 Includes\Hijackers.sbi (*)
2006-10-06 Includes\Keyloggers.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2006-10-06 Includes\Malware.sbi (*)
2006-10-06 Includes\PUPS.sbi (*)
2006-10-06 Includes\Revision.sbi (*)
2006-10-06 Includes\Security.sbi (*)
2006-10-06 Includes\Spybots.sbi (*)
2005-02-17 Includes\Tracks.uti
2006-10-06 Includes\Trojans.sbi (*)
hope thats it
|
|
