|
|
|
tt5.tmp.vbs script file not found error HELP HELP PLZ!
|
|
|
izzo62
Newbie
|
21. June 2008 @ 00:29 |
Link to this message
|
|
out of nowhere i started getting a blue screen telling me there is a [b]problem and somthing in programmer lingo. I can still do everything normally sort of but it keeps acting like im gonna crash. and i get the scrpit message. also my desktop background is just a bright blue now for some reason. I would really appreciate the help
Thanks 4 reading.[/b]
|
|
Advertisement
|
|
|
|
AfterDawn Addict
|
21. June 2008 @ 09:48 |
Link to this message
|
Hi izzo62,
Let?s first do a generic cleanup and get some Logs so your problems can be analyzed?
Please download ATF Cleaner by Atribune & save it to your desktop. DO NOT use yet.
Please download and install SUPERAntiSpyware Free
? Double-click SUPERAntiSypware.exe and use the default settings for installation.
? An icon will be created on your desktop. Double-click that icon to launch the program.
? If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here and unzip into the program's folder.)[/i]
? Under the "Configuration and Preferences", click the Preferences... button.
? Click the "General and Startup" tab, and under Start-up Options, make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked.
? Click the "Scanning Control" tab, and under Scanner Options, make sure the following are checked (leave all others unchecked):
o Close browsers before scanning.
o Scan for tracking cookies.
o Terminate memory threats before quarantining.
? Click the "Close" button to leave the control center screen and exit the program.
? Do not run a scan just yet.
Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".
Double-click ATF-Cleaner.exe to run the program.
? Under Main "Select Files to Delete" choose: Select All.
? Click the Empty Selected button.
? If you use Firefox browser click Firefox at the top and choose: Select All
? Click the Empty Selected button.
If you would like to keep your saved passwords, please click No at the prompt.
? If you use Opera browser click Opera at the top and choose: Select All
? Click the Empty Selected button.
If you would like to keep your saved passwords, please click No at the prompt.
? Click Exit on the Main menu to close the program.
Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".
Scan with SUPERAntiSpyware as follows:
? Launch the program and back on the main screen, under "Scan for Harmful Software" click Scan your computer.
? On the left, make sure you check C:\Fixed Drive.
? On the right, under "Complete Scan", choose Perform Complete Scan and click "Next".
? After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
? Make sure everything has a checkmark next to it and click "Next".
? A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
? If asked if you want to reboot, click "Yes" and reboot normally.
? To retrieve the removal information after reboot, launch SUPERAntispyware again.
o Click Preferences, then click the Statistics/Logs tab.
o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
o If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
o Please copy and paste the Scan Log results in your next reply.
? Click Close to exit the program.
Reboot to Normal Mode
Download and Run HijackThis
Download HJTInstall.exe to your Desktop.
? Doubleclick HJTInstall.exe to install it.
? By default it will install to C:\Program Files\Trend Micro\HijackThis .
? Click on Install.
? It will create a HijackThis icon on the desktop.
? Once installed, it will launch Hijackthis.
? Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
? Copy/Paste the log to your next reply please.
Please reply with the HJT Log and SUPERAntiSpyware Log and we?ll go from there?..
2OG
There are three kinds of men: The ones that learn by reading; The few who learn by observation;
The rest of them have to pee on the electric fence and find out for themselves... |
|
bishaym
Newbie
|
22. June 2008 @ 15:18 |
Link to this message
|
Hi,
I'm also having the EXACT same problem that started yesterday. PLEASE HELP!! I followed the directions in this post, the logs are listed below. Even after following instructions, I'm having the same problems...my computer seems to run fine but I'm having the following issues:
1. My wallpaper went to a blue screen that says "warning spyware has been detected on your computer" (which I can't change)
2. "Malware Protector 2008" keeps trying to run a scan and wants me to buy their stuff.
3. When my screensaver kicks in, a version of the blue screen of death pops up (I press esc and it goes away)
4. Upon reboot I get a pop of of something called "BlueScreen Screen Saver Configure" with an advertisement from Sysinternals.
5. Every time I reboot I get the message "Can not find script file "C:\Documents and Settings\[Name]\Local Settings\Temp\.tt1.tmp.vbs"
------------------------------------
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 06/22/2008 at 01:33 PM
Application Version : 4.15.1000
Core Rules Database Version : 3469
Trace Rules Database Version: 1478
Scan type : Complete Scan
Total Scan Time : 02:57:30
Memory items scanned : 152
Memory threats detected : 0
Registry items scanned : 6023
Registry threats detected : 277
File items scanned : 108933
File threats detected : 34
Adware.Avenue Media
[Mkmpme] C:\PROGRAM FILES\NGNXU\IBKP.EXE
C:\PROGRAM FILES\NGNXU\IBKP.EXE
[Internet Optimizer] C:\PROGRAM FILES\INTERNET OPTIMIZER\OPTIMIZE.EXE
C:\PROGRAM FILES\INTERNET OPTIMIZER\OPTIMIZE.EXE
IEDriver (Cydoor) Stealth Redirector
[iedriver] C:\WINDOWS\SYSTEM32\IEDRIVER.EXE
C:\WINDOWS\SYSTEM32\IEDRIVER.EXE
Trojan.Downloader-WinMedia
[Winsvr] C:\WINDOWS\CPU5632.EXE
C:\WINDOWS\CPU5632.EXE
Adware.IST/ISTBar (Slotch Bar)
C:\Program Files\ISTBar\istbar.dll
C:\Program Files\ISTBar
HKU\S-1-5-21-849902339-1739560297-3031995086-1006\Software\Microsoft\Internet Explorer\Main#BandRest [ Never ]
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main#BandRest [ Never ]
Adware.Avenue Media/Internet Optimizer
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Optimizer
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Optimizer#DisplayIcon
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Optimizer#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Optimizer#UninstallString
HKU\S-1-5-21-849902339-1739560297-3031995086-1006\Software\Avenue Media
HKLM\Software\Avenue Media
HKLM\Software\Avenue Media\Internet Optimizer
HKLM\Software\Avenue Media\Internet Optimizer#TargetDir
HKLM\Software\Avenue Media\Internet Optimizer#CLS
HKLM\Software\Avenue Media\Internet Optimizer#RID
HKLM\Software\Avenue Media\Internet Optimizer#Version
HKLM\Software\Avenue Media\Internet Optimizer#TAC
HKLM\Software\Avenue Media\Internet Optimizer#ServerVisited
HKLM\Software\Avenue Media\Internet Optimizer#UpdateInterval
HKLM\Software\Avenue Media\Internet Optimizer#ID
HKLM\Software\Avenue Media\Internet Optimizer#InstallT
HKLM\Software\Avenue Media\Internet Optimizer#remember[LLT]
HKLM\Software\Avenue Media\Internet Optimizer#Conn
HKLM\Software\Avenue Media\Internet Optimizer#403
HKLM\Software\Avenue Media\Internet Optimizer#404
HKLM\Software\Avenue Media\Internet Optimizer#410
HKLM\Software\Avenue Media\Internet Optimizer#500
HKLM\Software\Avenue Media\Internet Optimizer#PendingRemoval
HKLM\Software\Avenue Media\Internet Optimizer\Active Alert
HKLM\Software\Avenue Media\Internet Optimizer\Active Alert#Version
HKLM\Software\Avenue Media\Internet Optimizer\Active Alert#Target
HKLM\Software\Avenue Media\Internet Optimizer\Active Alert#RI74
HKLM\Software\Avenue Media\Internet Optimizer\Active Alert#RILast
HKLM\Software\Avenue Media\Internet Optimizer\Active Alert#RI77
HKLM\Software\Avenue Media\Internet Optimizer\Active Alert#RI75
HKLM\Software\Avenue Media\Internet Optimizer\Active Alert#RI73
HKLM\Software\Avenue Media\Internet Optimizer\Active Alert\cf1
HKLM\Software\Avenue Media\Internet Optimizer\Active Alert\cf1#DiffAll
HKLM\Software\Avenue Media\Internet Optimizer\Active Alert\cf1#TimeStamp
HKLM\Software\Avenue Media\Internet Optimizer\Active Alert\cf1#Version
HKLM\Software\Avenue Media\Internet Optimizer\Active Alert\cf3
HKLM\Software\Avenue Media\Internet Optimizer\Active Alert\cf3#RawData
HKLM\Software\Avenue Media\Internet Optimizer\Active Alert\cf3#Data
HKLM\Software\Avenue Media\Internet Optimizer\Active Alert\cf3#DiffAll
HKLM\Software\Avenue Media\Internet Optimizer\Active Alert\cf3#TimeStamp
HKLM\Software\Avenue Media\Internet Optimizer\Active Alert\cf3#Version
HKLM\Software\Avenue Media\Internet Optimizer\anything
HKLM\Software\Avenue Media\Internet Optimizer\anything\cf1
HKLM\Software\Avenue Media\Internet Optimizer\anything\cf1#DiffAll
HKLM\Software\Avenue Media\Internet Optimizer\anything\cf1#TimeStamp
HKLM\Software\Avenue Media\Internet Optimizer\anything\cf1#Version
HKLM\Software\Avenue Media\Internet Optimizer\Browser Helper
HKLM\Software\Avenue Media\Internet Optimizer\Browser Helper#Version
HKLM\Software\Avenue Media\Internet Optimizer\Browser Helper#ModuleFileName
HKLM\Software\Avenue Media\Internet Optimizer\Browser Helper#Options
HKLM\Software\Avenue Media\Internet Optimizer\Browser Helper\cf1
HKLM\Software\Avenue Media\Internet Optimizer\Browser Helper\cf1#RawData
HKLM\Software\Avenue Media\Internet Optimizer\Browser Helper\cf1#Data
HKLM\Software\Avenue Media\Internet Optimizer\Browser Helper\cf1#DiffAll
HKLM\Software\Avenue Media\Internet Optimizer\Browser Helper\cf1#TimeStamp
HKLM\Software\Avenue Media\Internet Optimizer\Browser Helper\cf1#Version
HKLM\Software\Avenue Media\Internet Optimizer\RO
HKLM\Software\Avenue Media\Internet Optimizer\RO\Upgrade
HKLM\Software\Avenue Media\Internet Optimizer\RO\Upgrade#Url
HKLM\Software\Avenue Media\Internet Optimizer\RO\Upgrade#Name
HKLM\Software\Avenue Media\Internet Optimizer\Software Installer
HKLM\Software\Avenue Media\Internet Optimizer\Software Installer#Version
HKLM\Software\Avenue Media\Internet Optimizer\Software Installer#Target
HKLM\Software\Avenue Media\Internet Optimizer\WSE
HKLM\Software\Avenue Media\Internet Optimizer\WSE#Version
HKLM\Software\Avenue Media\Internet Optimizer\WSE#Options
HKLM\Software\Avenue Media\Internet Optimizer\WSE#ModuleFileName
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI1443
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI1442
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI1440
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI954
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI19978
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI19968
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI19981
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI19967
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI1435
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI1423
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI19997
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI22159
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI1422
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI22802
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI19995
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI22008
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI20077
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI19986
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI2142
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI16935
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI19979
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI22053
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI22252
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI22220
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI22223
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI2279
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI506507
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI2179
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI506374
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI506402
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI2155
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI2243
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI506430
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI50543
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI969
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI506462
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI2278
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI19971
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI22671
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI972
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI21889
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI21895
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI20369
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI20001
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI20085
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI16756
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI1437
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI500687
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI20121
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI19994
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI2481
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI20860
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI506451
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI19975
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI50417
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI1383
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI2148
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI16617
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI21852
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI2160
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI22761
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI21774
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI2147
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI17878
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI21252
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI22763
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI22759
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI22758
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI1427
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI16999
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI1543
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI16419
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI507489
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI2075
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI2084
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI50097
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI1547
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI918
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI2145
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI506203
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI508919
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI19970
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI19622
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI20568
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI21593
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI19976
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI2514
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI1436
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI22756
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI683
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI534417
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI21732
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI1546
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI19319
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI508703
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI531350
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI507768
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI506145
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI20004
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI532657
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI530831
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI19996
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI1439
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI510438
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI506558
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI506440
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI2489
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI534512
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI1398
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI118
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI535998
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI510505
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI507549
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI16467
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI19623
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI534458
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI22337
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI21956
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI2078
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI534005
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI534323
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI534431
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI510793
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI1551
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI20003
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI536071
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI535284
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI536111
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI533995
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI2540
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI2531
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI16433
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI2533
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI20005
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI809
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI2523
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI21851
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI509426
HKLM\Software\Avenue Media\Internet Optimizer\WSE\cf1
HKLM\Software\Avenue Media\Internet Optimizer\WSE\cf1#RawData
HKLM\Software\Avenue Media\Internet Optimizer\WSE\cf1#Data
HKLM\Software\Avenue Media\Internet Optimizer\WSE\cf1#DiffAll
HKLM\Software\Avenue Media\Internet Optimizer\WSE\cf1#TimeStamp
HKLM\Software\Avenue Media\Internet Optimizer\WSE\cf1#Version
HKLM\Software\Avenue Media\Internet Optimizer\WSE\cf2
HKLM\Software\Avenue Media\Internet Optimizer\WSE\cf2#RawData
HKLM\Software\Avenue Media\Internet Optimizer\WSE\cf2#Data
HKLM\Software\Avenue Media\Internet Optimizer\WSE\cf2#DiffAll
HKLM\Software\Avenue Media\Internet Optimizer\WSE\cf2#TimeStamp
HKLM\Software\Avenue Media\Internet Optimizer\WSE\cf2#Version
HKLM\Software\Avenue Media\Internet Optimizer\WSE\cf2#Last
HKLM\Software\Avenue Media\Internet Optimizer\WSE\cf2#StartT
HKLM\Software\Avenue Media\Internet Optimizer\WSE\cf2#Num
HKLM\Software\Avenue Media\Internet Optimizer\WSE\cf3
HKLM\Software\Avenue Media\Internet Optimizer\WSE\cf3#RawData
HKLM\Software\Avenue Media\Internet Optimizer\WSE\cf3#Data
HKLM\Software\Avenue Media\Internet Optimizer\WSE\cf3#DiffAll
HKLM\Software\Avenue Media\Internet Optimizer\WSE\cf3#TimeStamp
HKLM\Software\Avenue Media\Internet Optimizer\WSE\cf3#Version
HKLM\Software\Avenue Media\Internet Optimizer\WSE\cf4
HKLM\Software\Avenue Media\Internet Optimizer\WSE\cf4#RawData
HKLM\Software\Avenue Media\Internet Optimizer\WSE\cf4#Data
HKLM\Software\Avenue Media\Internet Optimizer\WSE\cf4#DiffAll
HKLM\Software\Avenue Media\Internet Optimizer\WSE\cf4#TimeStamp
HKLM\Software\Avenue Media\Internet Optimizer\WSE\cf4#Version
HKLM\Software\Avenue Media\Internet Optimizer\WSE\cf5
HKLM\Software\Avenue Media\Internet Optimizer\WSE\cf5#RawData
HKLM\Software\Avenue Media\Internet Optimizer\WSE\cf5#Data
HKLM\Software\Avenue Media\Internet Optimizer\WSE\cf5#DiffAll
HKLM\Software\Avenue Media\Internet Optimizer\WSE\cf5#TimeStamp
HKLM\Software\Avenue Media\Internet Optimizer\WSE\cf5#Version
HKU\S-1-5-21-849902339-1739560297-3031995086-1006\SOFTWARE\Policies\Avenue Media
HKLM\SOFTWARE\Policies\Avenue Media
C:\Program Files\Internet Optimizer\actalert.exe
C:\Program Files\Internet Optimizer\update\actalert.exe
C:\Program Files\Internet Optimizer\update\optimize311.exe
C:\Program Files\Internet Optimizer\update\optimize312.exe
C:\Program Files\Internet Optimizer\update\optimize313.exe
C:\Program Files\Internet Optimizer\update\optimize314.exe
C:\Program Files\Internet Optimizer\update\rogue.exe
C:\Program Files\Internet Optimizer\update
C:\Program Files\Internet Optimizer
HKU\S-1-5-21-849902339-1739560297-3031995086-1006\Software\Microsoft\Internet Explorer\URLSearchHooks#_{CFBFAE00-17A6-11D0-99CB-00C04FD64497}
Adware.MyWay
HKLM\Software\MyWay
HKLM\Software\MyWay\myBar
HKLM\Software\MyWay\myBar#Dir
HKLM\Software\MyWay\myBar#pid
HKLM\Software\MyWay\myBar#CurInstall
HKLM\Software\MyWay\myBar#sr
HKLM\Software\MyWay\myBar#pl
HKLM\Software\MyWay\myBar#Id
HKLM\Software\MyWay\myBar#CacheDir
HKLM\Software\MyWay\myBar#HistoryDir
HKLM\Software\MyWay\myBar#Visible
HKLM\Software\MyWay\myBar#SettingsDir
HKLM\Software\MyWay\myBar#ConfigRevisionURL
HKLM\Software\MyWay\myBar#ConfigDateStamp
HKLM\Software\MyWay\myBar#Maximized
HKLM\Software\MyWay\SearchAssistant
HKLM\Software\MyWay\SearchAssistant#Dir
HKLM\Software\MyWay\SearchAssistant#pid
HKLM\Software\MyWay\SearchAssistant#CurInstall
HKLM\Software\MyWay\SearchAssistant#sr
HKLM\Software\MyWay\SearchAssistant#pl
HKLM\Software\MyWay\SearchAssistant#Id
HKLM\Software\MyWay\SearchAssistant#CacheDir
HKLM\Software\MyWay\SearchAssistant#ConfigDateStamp
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWaySearchAssistant
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWaySearchAssistant#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWaySearchAssistant#HelpLink
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWaySearchAssistant#Publisher
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWaySearchAssistant#UninstallString
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWaySearchAssistant#UrlInfoAbout
Rogue.Malware Protector 2008
C:\Documents and Settings\All Users\Start Menu\Programs\Malware Protector 2008\How to Register Malware Protector 2008.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Malware Protector 2008\License Agreement.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Malware Protector 2008\Malware Protector 2008.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Malware Protector 2008\Register Malware Protector 2008.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Malware Protector 2008\Uninstall.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Malware Protector 2008
C:\Documents and Settings\Username\Application Data\Microsoft\Internet Explorer\Quick Launch\Malware Protector 2008.lnk
Adware.Tracking Cookie
.atdmt.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.ad.doubleclick.net [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.doubleclick.net [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.doubleclick.net [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.statcounter.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.statcounter.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.statcounter.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.statcounter.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.statcounter.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.tribalfusion.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.tribalfusion.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.advertising.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.advertising.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.advertising.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.advertising.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.advertising.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.advertising.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.tacoda.net [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.tacoda.net [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.tacoda.net [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.tacoda.net [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.tacoda.net [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.tacoda.net [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.tacoda.net [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.kelleybluebook.112.2o7.net [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.247realmedia.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.questionmarket.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.questionmarket.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.questionmarket.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.questionmarket.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.questionmarket.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.questionmarket.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
ads.revsci.net [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.imrworldwide.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.imrworldwide.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
web4.realtracker.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.hitbox.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.hitbox.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.ehg-accenture.hitbox.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.ehg-accenture.hitbox.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.ehg-accenture.hitbox.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.macombcountymi.gov [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.macombcountymi.gov [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.adopt.specificclick.net [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.adopt.specificclick.net [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.adopt.specificclick.net [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.adopt.specificclick.net [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.adopt.specificclick.net [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.adopt.specificclick.net [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
anad.tacoda.net [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.casalemedia.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.casalemedia.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.casalemedia.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.casalemedia.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.casalemedia.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.casalemedia.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.casalemedia.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.casalemedia.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.dmtracker.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
ad.yieldmanager.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.ad.yieldmanager.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
ad.yieldmanager.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
ad.yieldmanager.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
ad.yieldmanager.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
ad.yieldmanager.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
ad.yieldmanager.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.ad.yieldmanager.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.ad.yieldmanager.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.zedo.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.zedo.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.zedo.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.zedo.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.zedo.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.adultfriendfinder.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.adultfriendfinder.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.adultfriendfinder.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.adultfriendfinder.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.richmedia.yahoo.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.nextag.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.nextag.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.mediaplex.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.mediaplex.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.mediaplex.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.interclick.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.interclick.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.interclick.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.interclick.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.interclick.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.interclick.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.interclick.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
sales.liveperson.net [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
sales.liveperson.net [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
sales.liveperson.net [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.edge.ru4.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.edge.ru4.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.adtech.de [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
www.googleadservices.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.fastclick.net [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.fastclick.net [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.fastclick.net [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.fastclick.net [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.fastclick.net [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.adrevolver.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.adrevolver.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.adrevolver.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.adrevolver.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.adrevolver.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.adrevolver.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
media.adrevolver.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
media.adrevolver.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
media.adrevolver.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
media.adrevolver.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
media.adrevolver.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
media.adrevolver.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
media.adrevolver.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.realmedia.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.realmedia.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.realmedia.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.realmedia.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.realmedia.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.realmedia.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.network.realmedia.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.realmedia.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.realmedia.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.burstnet.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.burstnet.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
www.burstnet.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
www.burstbeacon.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.burstnet.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.adinterax.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.adinterax.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.roiservice.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.serving-sys.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.serving-sys.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.serving-sys.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.serving-sys.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.bs.serving-sys.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.serving-sys.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.serving-sys.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
www.googleadservices.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.kontera.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.kontera.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
www.googleadservices.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.ehg-nelnetinc.hitbox.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
adserving.autotrader.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.nbcuniversal.122.2o7.net [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.lenovo.112.2o7.net [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
ads.bridgetrack.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.toyota.112.2o7.net [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
Adware.Unknown Origin
C:\PROGRAM FILES\COMMON FILES\MUIQ\MUIQD\CLASS-BARREL
C:\PROGRAM FILES\COMMON FILES\MUIQ\MUIQD\VOCABULARY
Trojan.Unknown Origin
C:\PROGRAM FILES\COMMON FILES\MUIQ\MUIQL.EXE
Trojan.Downloader-Gen
C:\PROGRAM FILES\COMMON FILES\MUIQ\MUIQP.EXE
Adware.180solutions/Seekmo/Zango
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP3\A0000196.EXE
Trojan.WinSoftware/WinFixer
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP3\A0000762.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP3\A0000764.EXE
C:\WINDOWS\DOWNLOADED PROGRAM FILES\UWFX5_0001_MNINETINSTALLER.EXE
C:\WINDOWS\DOWNLOADED PROGRAM FILES\UWFX5_0001_N56M0311NETINSTALLER.EXE
Adware.180solutions/Search Assistant
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP3\A0001139.DLL
Trojan.ErrorSafe
C:\WINDOWS\DOWNLOADED PROGRAM FILES\CONFLICT.1\UERS_9999_N91S2507NETINSTALLER.EXE
C:\WINDOWS\DOWNLOADED PROGRAM FILES\UERS_9999_N91S2507NETINSTALLER.EXE
--------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:49:58, on 6/22/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\basfipm.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\support.com\bin\tgcmd.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\WINDOWS\system32\lphcv6pj0erd1.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\System32\WScript.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\shcp6pj0erd1\shcp6pj0erd1.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\palmOne\Hotsync.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Southwest Airlines\Ding\Ding.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\notepad.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.comcast.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
R3 - Default URLSearchHook is missing
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\support.com\bin\tgcmd.exe" /server
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [sais] c:\program files\180solutions\sais.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [lphcv6pj0erd1] C:\WINDOWS\system32\lphcv6pj0erd1.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [bascstray] BascsTray.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [SMshcp6pj0erd1] C:\Program Files\shcp6pj0erd1\shcp6pj0erd1.exe
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [SMrhcr6pj0erd1] C:\Program Files\rhcr6pj0erd1\rhcr6pj0erd1.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Zinaps2008] "C:\Documents and Settings\Username\Application Data\Zinaps2008\Zinaps.exe" /MIN
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKUS\S-1-5-18\..\RunOnce: [SRUUninstall] "C:\WINDOWS\System32\msiexec.exe" /L*v C:\WINDOWS\TEMP\SND532unin.txt /x {6AF90EF6-F7F9-466C-99F4-1774826FBB40} /qn REBOOT=ReallySuppress (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [SRUUninstall] "C:\WINDOWS\System32\msiexec.exe" /L*v C:\WINDOWS\TEMP\SND532unin.txt /x {6AF90EF6-F7F9-466C-99F4-1774826FBB40} /qn REBOOT=ReallySuppress (User 'Default user')
O4 - Startup: DING!.lnk = C:\Program Files\Southwest Airlines\Ding\Ding.exe
O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Startup: Palm Registration.lnk = C:\Program Files\palmOne\register.exe
O4 - Startup: palmOne Registration.lnk = C:\Program Files\palmOne\register.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\palmOne\Hotsync.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {001EE746-A1F9-460E-80AD-269E088D6A01} (Infotl Control) - http://primis.ebrary.com/support/plugins/ebraryRdr.cab
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {416792D8-F532-493A-BECC-1C99A1501FF9} (vmLaunch Class) - http://media2.comcast.net/anon.comcaston...vmLauncher2.cab
O16 - DPF: {601B418B-E6A6-47FC-A094-07248741CEB3} (Camtronics Medical Systems Web Viewer) - file://C:\Documents and Settings\Username\Desktop\MRI\vwr_data\WebVwr.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Broadcom ASF IP monitoring service v6.0.3 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\System32\basfipm.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
--
End of file - 13856 bytes
This message has been edited since posting. Last time this message was edited on 22. June 2008 @ 16:07
|
AfterDawn Addict
|
23. June 2008 @ 03:19 |
Link to this message
|
There are three kinds of men: The ones that learn by reading; The few who learn by observation;
The rest of them have to pee on the electric fence and find out for themselves... |
Senior Member
|
23. June 2008 @ 08:19 |
Link to this message
|
|
|
AfterDawn Addict
|
23. June 2008 @ 08:45 |
Link to this message
|
There are three kinds of men: The ones that learn by reading; The few who learn by observation;
The rest of them have to pee on the electric fence and find out for themselves... |
Senior Member
|
23. June 2008 @ 09:15 |
Link to this message
|
|
Hey 2oldgeek.
YOu might want to check those websites out: many antivirus vendors I know link to them, and they are definitely not bad websites. I search through all the malware databases involving malicious websites and find nothing concerning those websites.... In fact, MRU actually has links to those websites!
Best Regards :D
This message has been edited since posting. Last time this message was edited on 23. June 2008 @ 09:17
|
AfterDawn Addict
|
23. June 2008 @ 11:42 |
Link to this message
|
|
Hey cdavfrew, I didn?t say they were Bad sites. I said they had Links to bad sites and were Banned in MY Host file?? As I have told you, I have over 300.000 sites in my Host file?. That may be paranoia, but it keeps me clean. Clean, but difficult to research anything without turning the Host file off and using Returnil?? LOL
There are three kinds of men: The ones that learn by reading; The few who learn by observation;
The rest of them have to pee on the electric fence and find out for themselves... |
|
bishaym
Newbie
|
23. June 2008 @ 22:29 |
Link to this message
|
|
2oldgeek/cdavfrew:
Thank you both for your input, the link to get back my background/wallpaper options was especially useful. I think I was successful in removing all the files.
Do either of you have any recommendations of what to use to stop this from happening again, or at least try to stop it?
Once again, thanks to you both.
|
AfterDawn Addict
|
24. June 2008 @ 03:19 |
Link to this message
|
|
Your very welcome, bishaym.
Hope it all works out for you, if not just give a holler???..
Have a ?Happy?
2OG
There are three kinds of men: The ones that learn by reading; The few who learn by observation;
The rest of them have to pee on the electric fence and find out for themselves... |
Senior Member
|
24. June 2008 @ 03:31 |
Link to this message
|
|
Yes, you're welcome bishaym. I do wonder what happened to izzo62 :P
As for preventing such a case again, here are a few tips as to how:
1. Malware can take advantage of exploits in outdated versions of java. Updating your java is a great way of defense.
2. Good antimalware are always needed. Antivir and Superantispyware are my recommendation, whether you want them paid or free, as they surpass most in detection and speed. Make sure to scan every file you download before opening them.
3. A secure browsing experience is the best browsing experience. Make sure your browser is always fully updated, and if you want, editing your hosts file to block the bad sites is always good as well. MVPS is a free way to do that.
These are just the basics on how to block most malware. There are other ways as well, such as firewalls, HIPS, etc etc. Read about them if you want, and apply it accordingly. Also remember to be cautious before trusting any product, as people can be tricked into downloading rogue antimalwares like Malware Protector.
Best Regards :D
|
AfterDawn Addict
|
24. June 2008 @ 03:42 |
Link to this message
|
cdavfrew,
Quote:
These are just the basics on how to block most malware. There are other ways as well, such as firewalls, HIPS, etc etc. Read about them if you want, and apply it accordingly. Also remember to be cautious before trusting any product, as people can be tricked into downloading rogue antimalwares like Malware Protector.
Take the time to read my signature?? LOL
There are three kinds of men: The ones that learn by reading; The few who learn by observation;
The rest of them have to pee on the electric fence and find out for themselves... |
Senior Member
|
24. June 2008 @ 05:26 |
Link to this message
|
|
Haha, well, even though experience does give knowledge that reading does not, reading gives comfort that experience does not. :)
Best Regards :D
|
AfterDawn Addict
|
24. June 2008 @ 05:32 |
Link to this message
|
|
Good judgment comes from experience and experience comes from a Lot of Bad judgment??????..
There are three kinds of men: The ones that learn by reading; The few who learn by observation;
The rest of them have to pee on the electric fence and find out for themselves... |
|
ohnoez
Newbie
|
28. June 2008 @ 23:06 |
Link to this message
|
Hello, this same thing happened to me today. I've followed the instructions provided so far, so I'm pasting my logs in hopes that someone could help me get rid of this as well! The spyware scan itself took almost 6 hours, so as you can imagine this has me really frustrated. Thanks so much for any help.
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 06/28/2008 at 09:41 PM
Application Version : 4.15.1000
Core Rules Database Version : 3493
Trace Rules Database Version: 1484
Scan type : Complete Scan
Total Scan Time : 05:50:32
Memory items scanned : 170
Memory threats detected : 0
Registry items scanned : 4832
Registry threats detected : 90
File items scanned : 148380
File threats detected : 25
Adware.Avenue Media/Internet Optimizer
HKLM\Software\Classes\CLSID\{00000010-6F7D-442C-93E3-4A4827C2E4C8}
HKCR\CLSID\{00000010-6F7D-442C-93E3-4A4827C2E4C8}
HKCR\CLSID\{00000010-6F7D-442C-93E3-4A4827C2E4C8}
HKCR\CLSID\{00000010-6F7D-442C-93E3-4A4827C2E4C8}\InprocServer32
HKCR\CLSID\{00000010-6F7D-442C-93E3-4A4827C2E4C8}\InprocServer32#ThreadingModel
HKCR\CLSID\{00000010-6F7D-442C-93E3-4A4827C2E4C8}\ProgID
HKCR\CLSID\{00000010-6F7D-442C-93E3-4A4827C2E4C8}\Programmable
HKCR\CLSID\{00000010-6F7D-442C-93E3-4A4827C2E4C8}\TypeLib
HKCR\CLSID\{00000010-6F7D-442C-93E3-4A4827C2E4C8}\VersionIndependentProgID
C:\WINDOWS\NEM220.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00000010-6F7D-442C-93E3-4A4827C2E4C8}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Kapabout
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Kapabout#Comment
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Kapabout#DComment
HKU\S-1-5-21-1729645872-1724147199-1570633615-1007\SOFTWARE\Policies\Avenue Media
HKLM\SOFTWARE\Policies\Avenue Media
www.mx-targeting
HKLM\Software\Classes\CLSID\{0000607D-D204-42C7-8E46-216055BF9918}
HKCR\CLSID\{0000607D-D204-42C7-8E46-216055BF9918}
HKCR\CLSID\{0000607D-D204-42C7-8E46-216055BF9918}
HKCR\CLSID\{0000607D-D204-42C7-8E46-216055BF9918}\InprocServer32
HKCR\CLSID\{0000607D-D204-42C7-8E46-216055BF9918}\InprocServer32#ThreadingModel
HKCR\CLSID\{0000607D-D204-42C7-8E46-216055BF9918}\ProgID
HKCR\CLSID\{0000607D-D204-42C7-8E46-216055BF9918}\Programmable
HKCR\CLSID\{0000607D-D204-42C7-8E46-216055BF9918}\TypeLib
HKCR\CLSID\{0000607D-D204-42C7-8E46-216055BF9918}\VersionIndependentProgID
C:\WINDOWS\MXTARGET.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0000607D-D204-42C7-8E46-216055BF9918}
Adware.IE Plugin Variant
HKLM\Software\Classes\CLSID\{01F44A8A-8C97-4325-A378-76E68DC4AB2E}
HKCR\CLSID\{01F44A8A-8C97-4325-A378-76E68DC4AB2E}
HKCR\CLSID\{01F44A8A-8C97-4325-A378-76E68DC4AB2E}
HKCR\CLSID\{01F44A8A-8C97-4325-A378-76E68DC4AB2E}\InprocServer32
HKCR\CLSID\{01F44A8A-8C97-4325-A378-76E68DC4AB2E}\InprocServer32#ThreadingModel
HKCR\CLSID\{01F44A8A-8C97-4325-A378-76E68DC4AB2E}\ProgID
HKCR\CLSID\{01F44A8A-8C97-4325-A378-76E68DC4AB2E}\Programmable
HKCR\CLSID\{01F44A8A-8C97-4325-A378-76E68DC4AB2E}\TypeLib
HKCR\CLSID\{01F44A8A-8C97-4325-A378-76E68DC4AB2E}\VersionIndependentProgID
C:\WINDOWS\SYSTB.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{01F44A8A-8C97-4325-A378-76E68DC4AB2E}
Browser Hijacker.Srng/ShopNav
HKLM\Software\Classes\CLSID\{14b3d246-6274-40b5-8d50-6c2ade2ab29b}
HKCR\CLSID\{14B3D246-6274-40B5-8D50-6C2ADE2AB29B}
HKCR\CLSID\{14B3D246-6274-40B5-8D50-6C2ADE2AB29B}
HKCR\CLSID\{14B3D246-6274-40B5-8D50-6C2ADE2AB29B}\InprocServer32
HKCR\CLSID\{14B3D246-6274-40B5-8D50-6C2ADE2AB29B}\InprocServer32#ThreadingModel
HKCR\CLSID\{14B3D246-6274-40B5-8D50-6C2ADE2AB29B}\ProgID
HKCR\CLSID\{14B3D246-6274-40B5-8D50-6C2ADE2AB29B}\Programmable
HKCR\CLSID\{14B3D246-6274-40B5-8D50-6C2ADE2AB29B}\VersionIndependentProgID
C:\PROGRAM FILES\SRNG\SNHELPER.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{14b3d246-6274-40b5-8d50-6c2ade2ab29b}
Spyware.WebSearch (WinTools/HuntBar)
HKLM\Software\Classes\CLSID\{8DA5457F-A8AA-4CCF-A842-70E6FD274094}
HKCR\CLSID\{8DA5457F-A8AA-4CCF-A842-70E6FD274094}
HKCR\CLSID\{8DA5457F-A8AA-4CCF-A842-70E6FD274094}
HKCR\CLSID\{8DA5457F-A8AA-4CCF-A842-70E6FD274094}\InprocServer32
HKCR\CLSID\{8DA5457F-A8AA-4CCF-A842-70E6FD274094}\InprocServer32#ThreadingModel
C:\PROGRA~1\COMMON~1\WINTOOLS\WTOOLST.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8DA5457F-A8AA-4CCF-A842-70E6FD274094}
C:\Program Files\Common Files\WinTools\iwuivj.wzg
C:\Program Files\Common Files\WinTools\WToolsT.dll
C:\Program Files\Common Files\WinTools
Adware.IST/ISTBar (Slotch Bar)
HKU\S-1-5-21-1729645872-1724147199-1570633615-1007\Software\IST
C:\UNZIPPED\LIMEWIRE PRO\SETUP.EXE
Adware.WebNexus
HKU\S-1-5-21-1729645872-1724147199-1570633615-1007\Software\intexp
Adware.TargetSavers
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TSA
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TSA#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TSA#UninstallString
Adware.IEPlugin
HKCR\Remove
Browser Hijacker.Internet Explorer Settings Hijack
HKU\S-1-5-21-1729645872-1724147199-1570633615-1007\Software\Microsoft\Internet Explorer\Main#Search Bar [ http://www.2020search.com/search/9884/search.html ]
Adware.MyWay
HKCR\TypeLib\{0494D0D0-F8E0-41AD-92A3-14154ECE70AC}
HKCR\TypeLib\{0494D0D0-F8E0-41AD-92A3-14154ECE70AC}\1.0
HKCR\TypeLib\{0494D0D0-F8E0-41AD-92A3-14154ECE70AC}\1.0\0
HKCR\TypeLib\{0494D0D0-F8E0-41AD-92A3-14154ECE70AC}\1.0\0\win32
HKCR\TypeLib\{0494D0D0-F8E0-41AD-92A3-14154ECE70AC}\1.0\FLAGS
HKCR\TypeLib\{0494D0D0-F8E0-41AD-92A3-14154ECE70AC}\1.0\HELPDIR
HKLM\Software\MyWay
HKLM\Software\MyWay\myBar
HKLM\Software\MyWay\myBar#Dir
HKLM\Software\MyWay\myBar#ShzmCurInstall
HKLM\Software\MyWay\myBar#pid
HKLM\Software\MyWay\myBar#strings
HKLM\Software\MyWay\myBar#CurInstall
HKLM\Software\MyWay\myBar#sr
HKLM\Software\MyWay\myBar#Id
HKLM\Software\MyWay\myBar#Build
HKLM\Software\MyWay\myBar#CacheDir
HKLM\Software\MyWay\myBar#HistoryDir
HKLM\Software\MyWay\myBar#Visible
HKLM\Software\MyWay\myBar#SettingsDir
HKLM\Software\MyWay\myBar#ConfigRevision
HKLM\Software\MyWay\myBar#ConfigRevisionURL
HKLM\Software\MyWay\myBar#ConfigDateStamp
HKLM\Software\MyWay\myBar#Maximized
HKLM\Software\MyWay\myBar\partner
HKLM\Software\MyWay\myBar\partner#bitmap
HKLM\Software\MyWay\myBar\partner#name
HKLM\Software\MyWay\myBar\partner#test
HKLM\Software\MyWay\myBar\partner#PM-Home
HKLM\Software\MyWay\myBar\partner#PM-Points
HKLM\Software\MyWay\myBar\partner#PM-Redeem
HKLM\Software\MyWay\myBar\partner#PM-Wallet
HKLM\Software\MyWay\myBar\partner#PM-Settings
Adware.BargainBuddy/NaviSearch
C:\Program Files\BullsEye Network
Spyware.ShopNav
C:\Program Files\Srng\SRNG.LOCK
C:\Program Files\Srng
Adware.Unknown Origin
C:\PROGRAM FILES\COMMON FILES\IFOQ\IFOQD\CLASS-BARREL
C:\PROGRAM FILES\COMMON FILES\IFOQ\IFOQD\VOCABULARY
Spyware.ShopNav-Installer
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1303\A0228677.EXE
Adware.BetterInternet
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1303\A0228678.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1303\A0228681.EXE
NotHarmful.Sysinternals Bluescreen Screen Saver
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1303\A0228687.SCR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1304\A0228694.SCR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1304\A0228703.SCR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1304\A0228719.SCR
C:\WINDOWS\SYSTEM32\BLPHCNTJJ0ECCL.SCR
Adware.eXactAdvertising-Installer
C:\WINDOWS\DOWNLOADED PROGRAM FILES\RUNUNINSTALL.EXE
C:\WINDOWS\SYSTB.EXE
TargetSaver, Inc. Process
C:\WINDOWS\SYSTEM32\TSUNINST.EXE
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:56:43 PM, on 6/28/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\PhilipsRemote.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Messenger Plus! 3\MsgPlus.exe
C:\Program Files\Java\jre1.5.0_03\bin\jucheck.exe
C:\Program Files\Netopia\C3kWepN.exe
C:\PROGRA~1\MUSICM~1\MUSICM~1\MM_DIR~1.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\WDBtnMgr.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\lphcntjj0eccl.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\My Book\WD Backup\uBBMonitor.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.shopnav.com/apps/epa/epa?cid=shnv9884&s=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.shopnav.com/apps/epa/epa?cid=shnv9884&s=
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.2020search.com/search/9884/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O3 - Toolbar: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [PhilipsRemote] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\PhilipsRemote.exe
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\Program Files\AIM\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [C2kWep] C:\Program Files\Netopia\C3kWepN.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [srng] \Program Files\Srng\Srng.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [lphcntjj0eccl] C:\WINDOWS\system32\lphcntjj0eccl.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellTransferAgent] "C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe"
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: WD Backup Monitor.lnk = C:\Program Files\My Book\WD Backup\uBBMonitor.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Addiction by pogo - http://game3.pogo.com/v/9.0.2.14/applet/...ction-en_US.cab
O16 - DPF: Crazy Cakes by pogo - http://game3.pogo.com/v/9.0.3.19/applet/...inner-en_US.cab
O16 - DPF: First Class Solitaire by pogo - http://game3.pogo.com/v/9.0.4.7/applet/f...lass2-en_US.cab
O16 - DPF: Hog Heaven Slots by pogo - http://game3.pogo.com/v/9.0.1.7/applet/fancy/fancy-en_US.cab
O16 - DPF: Mah Jong Garden by pogo - http://game3.pogo.com/v/9.0.1.17/applet/...jong2-en_US.cab
O16 - DPF: Mahjong Safari by Pogo - http://game3.pogo.com/v/9.0.3.15/applet/safari/safari-en_US.cab
O16 - DPF: Perfect Pair Solitaire by pogo - http://game3.pogo.com/v/9.0.1.7/applet/w...wheel-en_US.cab
O16 - DPF: Poppit by pogo - http://game3.pogo.com/v/9.0.1.7/applet/poppit2/poppit2-en_US.cab
O16 - DPF: Sweet Tooth 2 by Pogo - http://game3.pogo.com/v/9.0.1.7/applet/s...ooth2-en_US.cab
O16 - DPF: Tumble Bees by pogo - http://game3.pogo.com/v/9.0.2.13/applet/tumbee2/tumbee2-en_US.cab
O16 - DPF: World Class Solitaire by pogo - http://game3.pogo.com/v/9.0.1.7/applet/w...class-en_US.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/MusicUnlimited/ie/bridge-c5.cab
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.35mb.com/applet/applet_l.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} (PogoWebLauncher Control) - http://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/2003...meInstaller.exe
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {94837F90-A2CA-4A8A-9DA0-B5438EC563EA} - http://install.wildtangent.com/cda/islan...uncherSetup.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://clubgames.pogo.com/online2/pogop/...ader_v10_en.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: .NET Framework Service (.NET Connection Service) - Unknown owner - C:\WINDOWS\svchost.exe (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
--
End of file - 12030 bytes
|
Senior Member
|
29. June 2008 @ 10:02 |
Link to this message
|
Hi ohnoez
Just because you have the same symptons, it doesn't mean that you have the same problem, which is why you shouldn't follow steps listed in any thread if it isn't directed to you.
I see a trace of Malware Protector 2008 on your system. That was the problem of other victims.
First of all, do the scan again in safe mode, and quarantine all results. Post the scan log here again, unless you have done so already.
Fix the following entries in HijackThis (in normal mode)
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O4 - HKLM\..\Run: [srng] \Program Files\Srng\Srng.exe
O4 - HKLM\..\Run: [lphcntjj0eccl] C:\WINDOWS\system32\lphcntjj0eccl.exe
Next, follow Ltangel's instructions on downloading and running Combofix in this thread: http://forums.afterdawn.com/thread_view.cfm/639221 Post the log here. Do so in normal mode.
Best Regards :D
Life is but a dream; you dont feel any pain unless you want to or you fall off the bed.
Success is relative; the more success the more relatives.
A computer once beat me at chess, but it was no match for me at kickboxing.
To be or not to be; thats a dumb question.
|
|
ohnoez
Newbie
|
29. June 2008 @ 19:14 |
Link to this message
|
cdavfrew, thank you for your quick response. I've spent the day scanning and here are the new logs from each program.
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 06/29/2008 at 05:05 PM
Application Version : 4.15.1000
Core Rules Database Version : 3493
Trace Rules Database Version: 1484
Scan type : Complete Scan
Total Scan Time : 05:53:02
username\
Memory items scanned : 171
Memory threats detected : 0
Registry items scanned : 4820
Registry threats detected : 0
File items scanned : 148732
File threats detected : 9
Adware.Tracking Cookie
C:\Documents and Settings\username\Cookies\username@be.sitestat[1].txt
C:\Documents and Settings\username\\Cookies\username@be.sitestat[2].txt
.ads.addynamix.com [ C:\Documents and Settings\username\\Application Data\Mozilla\Firefox\Profiles\6e3mca3t.default\cookies.txt ]
.ads.addynamix.com [ C:\Documents and Settings\username\\Application Data\Mozilla\Firefox\Profiles\6e3mca3t.default\cookies.txt ]
ad.yieldmanager.com [ C:\Documents and Settings\username\\Application Data\Mozilla\Firefox\Profiles\6e3mca3t.default\cookies.txt ]
ad.yieldmanager.com [ C:\Documents and Settings\username\\Application Data\Mozilla\Firefox\Profiles\6e3mca3t.default\cookies.txt ]
ad.yieldmanager.com [ C:\Documents and Settings\username\\Application Data\Mozilla\Firefox\Profiles\6e3mca3t.default\cookies.txt ]
ad.yieldmanager.com [ C:\Documents and Settings\username\\Application Data\Mozilla\Firefox\Profiles\6e3mca3t.default\cookies.txt ]
ad.yieldmanager.com [ C:\Documents and Settings\username\\Application Data\Mozilla\Firefox\Profiles\6e3mca3t.default\cookies.txt ]
ad.yieldmanager.com [ C:\Documents and Settings\username\\Application Data\Mozilla\Firefox\Profiles\6e3mca3t.default\cookies.txt ]
.atdmt.com [ C:\Documents and Settings\username\\Application Data\Mozilla\Firefox\Profiles\6e3mca3t.default\cookies.txt ]
.advertising.com [ C:\Documents and Settings\username\\Application Data\Mozilla\Firefox\Profiles\6e3mca3t.default\cookies.txt ]
.advertising.com [ C:\Documents and Settings\username\\Application Data\Mozilla\Firefox\Profiles\6e3mca3t.default\cookies.txt ]
.advertising.com [ C:\Documents and Settings\username\\Application Data\Mozilla\Firefox\Profiles\6e3mca3t.default\cookies.txt ]
.advertising.com [ C:\Documents and Settings\username\\Application Data\Mozilla\Firefox\Profiles\6e3mca3t.default\cookies.txt ]
.advertising.com [ C:\Documents and Settings\username\\Application Data\Mozilla\Firefox\Profiles\6e3mca3t.default\cookies.txt ]
.doubleclick.net [ C:\Documents and Settings\username\\Application Data\Mozilla\Firefox\Profiles\6e3mca3t.default\cookies.txt ]
be.sitestat.com [ C:\Documents and Settings\username\\Application Data\Mozilla\Firefox\Profiles\6e3mca3t.default\cookies.txt ]
be.sitestat.com [ C:\Documents and Settings\username\\Application Data\Mozilla\Firefox\Profiles\6e3mca3t.default\cookies.txt ]
counter.hitslink.com [ C:\Documents and Settings\username\\Application Data\Mozilla\Firefox\Profiles\6e3mca3t.default\cookies.txt ]
.sixapart.adbureau.net [ C:\Documents and Settings\username\\Application Data\Mozilla\Firefox\Profiles\6e3mca3t.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\username\\Application Data\Mozilla\Firefox\Profiles\6e3mca3t.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\username\\Application Data\Mozilla\Firefox\Profiles\6e3mca3t.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\username\\Application Data\Mozilla\Firefox\Profiles\6e3mca3t.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\username\\Application Data\Mozilla\Firefox\Profiles\6e3mca3t.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\username\\Application Data\Mozilla\Firefox\Profiles\6e3mca3t.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\username\\Application Data\Mozilla\Firefox\Profiles\6e3mca3t.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\username\\Application Data\Mozilla\Firefox\Profiles\6e3mca3t.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\username\\Application Data\Mozilla\Firefox\Profiles\6e3mca3t.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\username\\Application Data\Mozilla\Firefox\Profiles\6e3mca3t.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\username\\Application Data\Mozilla\Firefox\Profiles\6e3mca3t.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\username\\Application Data\Mozilla\Firefox\Profiles\6e3mca3t.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\username\\Application Data\Mozilla\Firefox\Profiles\6e3mca3t.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\username\\Application Data\Mozilla\Firefox\Profiles\6e3mca3t.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\username\\Application Data\Mozilla\Firefox\Profiles\6e3mca3t.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\username\\Application Data\Mozilla\Firefox\Profiles\6e3mca3t.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\username\\Application Data\Mozilla\Firefox\Profiles\6e3mca3t.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\username\\Application Data\Mozilla\Firefox\Profiles\6e3mca3t.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\username\\Application Data\Mozilla\Firefox\Profiles\6e3mca3t.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\username\\Application Data\Mozilla\Firefox\Profiles\6e3mca3t.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\username\\Application Data\Mozilla\Firefox\Profiles\6e3mca3t.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\username\\Application Data\Mozilla\Firefox\Profiles\6e3mca3t.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\username\\Application Data\Mozilla\Firefox\Profiles\6e3mca3t.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\username\\Application Data\Mozilla\Firefox\Profiles\6e3mca3t.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\username\\Application Data\Mozilla\Firefox\Profiles\6e3mca3t.default\cookies.txt ]
.adopt.euroclick.com [ C:\Documents and Settings\username\\Application Data\Mozilla\Firefox\Profiles\6e3mca3t.default\cookies.txt ]
.adopt.euroclick.com [ C:\Documents and Settings\username\\Application Data\Mozilla\Firefox\Profiles\6e3mca3t.default\cookies.txt ]
.adopt.euroclick.com [ C:\Documents and Settings\username\\Application Data\Mozilla\Firefox\Profiles\6e3mca3t.default\cookies.txt ]
adopt.euroclick.com [ C:\Documents and Settings\username\\Application Data\Mozilla\Firefox\Profiles\6e3mca3t.default\cookies.txt ]
.adopt.euroclick.com [ C:\Documents and Settings\username\\Application Data\Mozilla\Firefox\Profiles\6e3mca3t.default\cookies.txt ]
.adopt.euroclick.com [ C:\Documents and Settings\username\\Application Data\Mozilla\Firefox\Profiles\6e3mca3t.default\cookies.txt ]
.apmebf.com [ C:\Documents and Settings\username\\Application Data\Mozilla\Firefox\Profiles\6e3mca3t.default\cookies.txt ]
.mediaplex.com [ C:\Documents and Settings\username\\Application Data\Mozilla\Firefox\Profiles\6e3mca3t.default\cookies.txt ]
ads.revsci.net [ C:\Documents and Settings\username\\Application Data\Mozilla\Firefox\Profiles\6e3mca3t.default\cookies.txt ]
.realmedia.com [ C:\Documents and Settings\username\\Application Data\Mozilla\Firefox\Profiles\6e3mca3t.default\cookies.txt ]
.realmedia.com [ C:\Documents and Settings\username\\Application Data\Mozilla\Firefox\Profiles\6e3mca3t.default\cookies.txt ]
.realmedia.com [ C:\Documents and Settings\username\\Application Data\Mozilla\Firefox\Profiles\6e3mca3t.default\cookies.txt ]
.casalemedia.com [ C:\Documents and Settings\username\\Application Data\Mozilla\Firefox\Profiles\6e3mca3t.default\cookies.txt ]
.casalemedia.com [ C:\Documents and Settings\username\\Application Data\Mozilla\Firefox\Profiles\6e3mca3t.default\cookies.txt ]
.casalemedia.com [ C:\Documents and Settings\username\\Application Data\Mozilla\Firefox\Profiles\6e3mca3t.default\cookies.txt ]
.questionmarket.com [ C:\Documents and Settings\username\\Application Data\Mozilla\Firefox\Profiles\6e3mca3t.default\cookies.txt ]
.questionmarket.com [ C:\Documents and Settings\username\\Application Data\Mozilla\Firefox\Profiles\6e3mca3t.default\cookies.txt ]
Adware.IST/ISTBar (Slotch Bar)
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1305\A0228730.EXE
NotHarmful.Sysinternals Bluescreen Screen Saver
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1305\A0228731.SCR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1305\A0228748.SCR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1305\A0228763.SCR
Adware.eXactAdvertising-Installer
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1305\A0228732.EXE
TargetSaver, Inc. Process
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1305\A0228733.EXE
Trojan.Unknown Origin
C:\WINDOWS\SYSTEM32\PHCNTJJ0ECCL.BMP
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:08:18 PM, on 6/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\PhilipsRemote.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Java\jre1.5.0_03\bin\jucheck.exe
C:\Program Files\Messenger Plus! 3\MsgPlus.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\MUSICM~1\MUSICM~1\MM_DIR~1.EXE
C:\WINDOWS\system32\WDBtnMgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\My Book\WD Backup\uBBMonitor.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [PhilipsRemote] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\PhilipsRemote.exe
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\Program Files\AIM\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [C2kWep] C:\Program Files\Netopia\C3kWepN.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellTransferAgent] "C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe"
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: WD Backup Monitor.lnk = C:\Program Files\My Book\WD Backup\uBBMonitor.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Addiction by pogo - http://game3.pogo.com/v/9.0.2.14/applet/...ction-en_US.cab
O16 - DPF: Crazy Cakes by pogo - http://game3.pogo.com/v/9.0.3.19/applet/...inner-en_US.cab
O16 - DPF: First Class Solitaire by pogo - http://game3.pogo.com/v/9.0.4.7/applet/f...lass2-en_US.cab
O16 - DPF: Hog Heaven Slots by pogo - http://game3.pogo.com/v/9.0.1.7/applet/fancy/fancy-en_US.cab
O16 - DPF: Mah Jong Garden by pogo - http://game3.pogo.com/v/9.0.1.17/applet/...jong2-en_US.cab
O16 - DPF: Mahjong Safari by Pogo - http://game3.pogo.com/v/9.0.3.15/applet/safari/safari-en_US.cab
O16 - DPF: Perfect Pair Solitaire by pogo - http://game3.pogo.com/v/9.0.1.7/applet/w...wheel-en_US.cab
O16 - DPF: Poppit by pogo - http://game3.pogo.com/v/9.0.1.7/applet/poppit2/poppit2-en_US.cab
O16 - DPF: Sweet Tooth 2 by Pogo - http://game3.pogo.com/v/9.0.1.7/applet/s...ooth2-en_US.cab
O16 - DPF: Tumble Bees by pogo - http://game3.pogo.com/v/9.0.2.13/applet/tumbee2/tumbee2-en_US.cab
O16 - DPF: World Class Solitaire by pogo - http://game3.pogo.com/v/9.0.1.7/applet/w...class-en_US.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/MusicUnlimited/ie/bridge-c5.cab
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.35mb.com/applet/applet_l.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} (PogoWebLauncher Control) - http://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/2003...meInstaller.exe
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {94837F90-A2CA-4A8A-9DA0-B5438EC563EA} - http://install.wildtangent.com/cda/islan...uncherSetup.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://clubgames.pogo.com/online2/pogop/...ader_v10_en.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: .NET Framework Service (.NET Connection Service) - Unknown owner - C:\WINDOWS\svchost.exe (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
--
End of file - 10993 bytes
ComboFix 08-06-20.4 - Username 2008-06-29 17:29:40.1 - NTFSx86
Running from: C:\Documents and Settings\Username\Desktop\Combo-Fix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\BulletProofSoft.com
C:\Program Files\comet systems
C:\Program Files\comet systems\DM\activeJobs.xml
C:\Program Files\comet systems\DM\bin\dmfilemap.xml
C:\Program Files\comet systems\DM\bin\publicKey.pbk
C:\Program Files\comet systems\DM\completedJobs.xml
C:\Program Files\comet systems\DM\jobIndex.xml
C:\Program Files\comet systems\DM\pendingJobs.xml
C:\Program Files\comet systems\DM\productInfo.xml
C:\Program Files\comet systems\DM\request.xml
C:\Program Files\comet systems\DM\response.xml
C:\WINDOWS\system32\drivers\fad.sys
C:\WINDOWS\system32\instsrv.exe
C:\WINDOWS\system32\stlbdist.XML
.
((((((((((((((((((((((((( Files Created from 2008-05-28 to 2008-06-29 )))))))))))))))))))))))))))))))
.
2008-06-28 21:55 . 2008-06-28 21:55 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-28 15:15 . 2008-06-28 15:15 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-06-28 15:15 . 2008-06-28 15:15 <DIR> d-------- C:\Documents and Settings\Username\Application Data\SUPERAntiSpyware.com
2008-06-28 15:15 . 2008-06-28 15:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-06-28 15:14 . 2008-06-28 15:14 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-28 10:28 . 2008-06-28 10:28 109,056 --a------ C:\WINDOWS\SYSTEM32\lphcntjj0eccl.exe
2008-06-21 19:34 . 2008-06-21 19:34 <DIR> d-------- C:\Program Files\iPod
2008-06-21 12:46 . 2008-06-28 15:33 <DIR> d--h----- C:\$AVG8.VAULT$
2008-06-21 09:54 . 2008-06-29 09:34 <DIR> d-------- C:\WINDOWS\SYSTEM32\DRIVERS\Avg
2008-06-21 09:54 . 2008-06-21 09:54 <DIR> d-------- C:\Program Files\AVG
2008-06-21 09:54 . 2008-06-29 10:16 <DIR> d-------- C:\Documents and Settings\Username\Application Data\AVGTOOLBAR
2008-06-21 09:54 . 2008-06-21 09:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-06-21 09:54 . 2008-06-21 09:54 96,520 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\avgldx86.sys
2008-06-21 09:54 . 2008-06-21 09:54 75,272 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\avgtdix.sys
2008-06-21 09:54 . 2008-06-21 09:54 10,520 --a------ C:\WINDOWS\SYSTEM32\avgrsstx.dll
2008-06-10 17:51 . 2008-06-13 08:10 272,128 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\bthport.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-29 15:26 --------- d-----w C:\Program Files\WMR11
2008-06-28 17:33 --------- d-----w C:\Program Files\Common Files\ifoq
2008-06-28 15:42 --------- d-----w C:\Documents and Settings\Username\Application Data\AdobeUM
2008-06-22 00:40 --------- d-----w C:\Program Files\Apple Software Update
2008-06-22 00:35 --------- d-----w C:\Program Files\iTunes
2008-06-22 00:31 --------- d-----w C:\Program Files\QuickTime
2008-06-13 13:10 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-05-26 04:28 0 --sha-w C:\Documents and Settings\Username\Application Data\00483a3bac3701e7aec91c4e5694af22f974f558f2.dat
2008-05-22 03:01 1,713,066 ----a-w C:\WINDOWS\Java\Packages\89F5R97P.ZIP
2008-05-17 19:47 2,934,622 ----a-w C:\WINDOWS\Java\Packages\B5BNX3VB.ZIP
2008-05-17 04:24 1,851,425 ----a-w C:\WINDOWS\Java\Packages\2OQ1ZDZN.ZIP
2008-05-09 02:17 2,671,195 ----a-w C:\WINDOWS\Java\Packages\31VFHFD7.ZIP
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-08 12:28 202,752 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\rmcast.sys
2008-05-08 03:50 3,502,787 ----a-w C:\WINDOWS\Java\Packages\8K2TBXNV.ZIP
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\SYSTEM32\quartz.dll
2008-05-07 05:18 1,287,680 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\quartz.dll
2008-05-04 03:32 --------- d-----w C:\Documents and Settings\Username\Application Data\Yahoo!
2008-05-04 00:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-05-04 00:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-05-04 00:02 --------- d-----w C:\Program Files\Yahoo!
2008-04-29 23:50 3,601,343 ----a-w C:\WINDOWS\Java\Packages\WAAQNXZR.ZIP
2008-04-28 03:16 2,171,564 ----a-w C:\WINDOWS\Java\Packages\7TVPJ3N1.ZIP
2008-04-27 23:14 2,489,158 ----a-w C:\WINDOWS\Java\Packages\DN53F7B3.ZIP
2008-04-27 01:29 2,181,091 ----a-w C:\WINDOWS\Java\Packages\68Q1JFX3.ZIP
2008-04-27 00:09 2,438,754 ----a-w C:\WINDOWS\Java\Packages\EXJHB7TZ.ZIP
2008-04-26 22:00 3,125,722 ----a-w C:\WINDOWS\Java\Packages\V7P7PNZN.ZIP
2008-04-24 03:16 3,591,680 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtml.dll
2008-04-22 07:40 625,664 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iexplore.exe
2008-04-22 07:39 70,656 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ie4uinit.exe
2008-04-22 07:39 13,824 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieudinit.exe
2008-04-20 05:07 161,792 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieakui.dll
2004-04-20 17:03 812 ----a-w C:\Program Files\INSTALL.LOG
2005-05-13 22:12 217,073 --sha-r C:\WINDOWS\meta4.exe
2005-07-14 17:31 27,648 --sha-r C:\WINDOWS\SYSTEM32\AVSredirect.dll
2005-06-26 20:32 616,448 --sha-r C:\WINDOWS\SYSTEM32\cygwin1.dll
2005-06-22 03:37 45,568 --sha-r C:\WINDOWS\SYSTEM32\cygz.dll
2006-05-03 09:06 163,328 --sh--r C:\WINDOWS\SYSTEM32\flvDX.dll
2004-01-25 05:00 70,656 --sha-r C:\WINDOWS\SYSTEM32\i420vfw.dll
2007-02-21 10:47 31,232 --sh--r C:\WINDOWS\SYSTEM32\msfDX.dll
2005-02-28 18:16 240,128 --sha-r C:\WINDOWS\SYSTEM32\x.264.exe
2004-01-25 05:00 70,656 --sha-r C:\WINDOWS\SYSTEM32\yv12vfw.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MessengerPlus3"="C:\Program Files\Messenger Plus! 3\MsgPlus.exe" [2007-04-06 04:34 190024]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 11:09 460784]
"PopUpStopperFreeEdition"="C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe" [2005-03-17 11:10 536576]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56 15360]
"Aim6"="" []
"DellTransferAgent"="C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe" [2007-11-13 16:46 135168]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-06-22 00:48 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-06-22 00:44 126976]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2003-09-29 11:58 151597]
"BJCFD"="C:\Program Files\BroadJump\Client Foundation\CFD.exe" [2002-09-10 21:26 368706]
"PhilipsRemote"="C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\PhilipsRemote.exe" [2002-10-24 14:03 69632]
"DeadAIM"="C:\Program Files\AIM\\DeadAIM.ocm,ExportedCheckODLs" [ ]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe" [2005-04-13 04:48 36975]
"MessengerPlus3"="C:\Program Files\Messenger Plus! 3\MsgPlus.exe" [2007-04-06 04:34 190024]
"C2kWep"="C:\Program Files\Netopia\C3kWepN.exe" [2004-03-24 13:46 233472]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-11-16 01:05 127035]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-12-15 11:18 49152]
"WD Button Manager"="WDBtnMgr.exe" [2008-01-02 19:58 364544 C:\WINDOWS\SYSTEM32\WDBtnMgr.exe]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-06-21 09:54 1177368]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 10:50 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-06-02 11:13 267048]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2006-01-24 12:37 7094272]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2004-08-04 02:56 53760 C:\WINDOWS\SYSTEM32\narrator.exe]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2003-09-29 11:54:40 24576]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-12-15 11:40:44 282624]
WD Backup Monitor.lnk - C:\Program Files\My Book\WD Backup\uBBMonitor.exe [2008-01-02 20:00:29 98304]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 10:13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= i420vfw.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
"msacm.divxa32"= DivXa32.acm
"vidc.yv12"= yv12vfw.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\AIM\\aim.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\Program Files\\MSN\\MSNCoreFiles\\msn6.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\StubInstaller.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\BitTorrent\\btdownloadgui.exe"=
"C:\\Program Files\\mIRC\\mirc.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Common Files\\aol\\Loader\\aolload.exe"=
"C:\\Program Files\\AIM6\\aim6.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6346:TCP"= 6346:TCP:Shareaza
"6346:UDP"= 6346:UDP:Shareaza
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-06-21 09:54]
R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-06-21 09:54]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-06-21 09:54]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-06-21 09:54]
R2 UacFlt;Philips Composite Class Filter Driver;C:\WINDOWS\system32\DRIVERS\uacbflt.sys [2002-06-14 00:40]
S1 lusbaudio;Logitech USB Microphone;C:\WINDOWS\system32\drivers\OVSound2.sys [2001-08-17 14:05]
S2 .NET Connection Service;.NET Framework Service;C:\WINDOWS\svchost.exe []
S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [2007-11-14 14:40]
S3 QCEmerald;Logitech QuickCam Web;C:\WINDOWS\system32\DRIVERS\OVCE.sys [2001-08-17 14:05]
S3 SWLD23U;Netopia 802.11b WLAN USB Adapter;C:\WINDOWS\system32\DRIVERS\SWLD23U.sys [2003-12-17 17:58]
S3 swlubtl;WLAN USB Boot Device;C:\WINDOWS\system32\Drivers\swlubtl.sys [2003-05-02 13:26]
S3 USB_RNDIS_XP;Westell WireSpeed Dual Connect Modem;C:\WINDOWS\system32\DRIVERS\usb8023.sys [2004-08-04 01:04]
*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-06-29 16:00:03 C:\WINDOWS\Tasks\86B0D5F9938B6F55.job"
- c:\progra~1\itchan~1\wma loud mapi.exe
"2008-06-29 16:00:04 C:\WINDOWS\Tasks\AF0A6E04918A1FCC.job"
- c:\progra~1\itchan~1\wma loud mapi.exe
"2008-06-22 00:23:55 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-06-28 17:00:13 C:\WINDOWS\Tasks\{EFB4CDBB-8613-4548-AE0B-11A5F54DD746}_BRITTANY_Username.job"
- C:\WINDOWS\system32\MOBSYNC.EXEN /Schedule=
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-29 17:36:16
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-06-29 17:56:40
ComboFix-quarantined-files.txt 2008-06-29 22:56:09
Pre-Run: 16,084,574,208 bytes free
Post-Run: 16,074,731,520 bytes free
212 --- E O F --- 2008-06-20 03:15:49
|
Senior Member
|
30. June 2008 @ 07:31 |
Link to this message
|
Hi ohnoez
Did you quarantine all your Superantispyware results?
It seems that you have the very latest version of Malware Protector 2008. I have seen nothing like this. Please boot in safe mode, and cut, not copy, the following files into a separate folder on your desktop.
C:\WINDOWS\system32\lphcntjj0eccl.exe
C:\Program Files\Srng\Srng.exe
C:\WINDOWS\SYSTEM32\PHCNTJJ0ECCL.BMP
Make this folder into a zip file, and upload it to these three websites after you have rebooted into normal mode:
http://www.virustotal.com/ (Post the results here)
http://analysis.avira.com/samples/ (Wait for the Avira support team to contact you by email, )
http://www.uploadmalware.com/ (Upload the files individually, not as a zip file)
After this, tell me how your problem is right now.
Best Regards :D
Life is but a dream; you dont feel any pain unless you want to or you fall off the bed.
Success is relative; the more success the more relatives.
A computer once beat me at chess, but it was no match for me at kickboxing.
To be or not to be; thats a dumb question.
|
|
ohnoez
Newbie
|
30. June 2008 @ 10:53 |
Link to this message
|
Hello again :) I made sure everything had a check-mark and quarantined all results. Last night the computer seemed to be back to normal, however one can never be too sure! I'll follow your instructions when I am back on my computer later and edit with an update. Thank you so much for your assistance thus far.
OK, I booted into safe mode, but was only able to locate C:\WINDOWS\system32\lphcntjj0eccl.exe, so I made that into a zip file and posted. Here's what the results are.
Virus Total:
Result: 12/33 (36.37%)
Antivirus Version Last Update Result
AhnLab-V3 2008.7.1.0 2008.06.30 -
AntiVir 7.8.0.59 2008.06.30 TR/Vundo.Gen
Authentium 5.1.0.4 2008.06.29 -
Avast 4.8.1195.0 2008.06.30 Win32:Agent-ZXU
AVG 7.5.0.516 2008.06.30 -
BitDefender 7.2 2008.06.30 -
CAT-QuickHeal 9.50 2008.06.30 (Suspicious) - DNAScan
ClamAV 0.93.1 2008.07.01 -
DrWeb 4.44.0.09170 2008.06.30 Trojan.Packed.557
eSafe 7.0.17.0 2008.06.30 Suspicious File
eTrust-Vet 31.6.5914 2008.06.30 -
Ewido 4.0 2008.06.27 -
F-Prot 4.4.4.56 2008.06.29 -
F-Secure 7.60.13501.0 2008.06.26 -
Fortinet 3.14.0.0 2008.07.01 Dorf.C
GData 2.0.7306.1023 2008.06.30 Win32:Agent-ZXU
Ikarus T3.1.1.26.0 2008.06.30 Trojan.Vundo
Kaspersky 7.0.0.125 2008.07.01 -
McAfee 5328 2008.06.30 -
Microsoft 1.3704 2008.06.30 Trojan:Win32/Tibs.GK
NOD32v2 3229 2008.06.30 -
Norman 5.80.02 2008.06.30 -
Panda 9.0.0.4 2008.07.01 -
Prevx1 V2 2008.07.01 Malicious Software
Rising 20.51.02.00 2008.06.30 -
Sophos 4.30.0 2008.07.01 Mal/Dorf-C
Sunbelt 3.1.1509.1 2008.06.30 -
Symantec 10 2008.07.01 -
TheHacker 6.2.96.365 2008.07.01 -
TrendMicro 8.700.0.1004 2008.06.30 -
VBA32 3.12.6.8 2008.06.30 -
VirusBuster 4.5.11.0 2008.06.30 -
Webwasher-Gateway 6.6.2 2008.06.30 Win32.Malware.gen!92
I still haven't gotten a detailed e-mail from Avira, but this is what it said after uploading:
Filename Result
lphcntjj0eccl.exe MALWARE
The file 'lphcntjj0eccl.exe' has been determined to be 'MALWARE'. This malware is detected by a special detection routine from the engine module.
And I uploaded it to the third site, but haven't received any e-mails.
My computer seems to be acting alright at the moment. When I first boot up it looks like something wants to pop up - it shows the outline of a box but it's just a flicker and it never actually pops up. There's also a "pop" sound but I don't know where it's coming from..
This message has been edited since posting. Last time this message was edited on 30. June 2008 @ 21:05
|
Senior Member
|
1. July 2008 @ 07:06 |
Link to this message
|
Hi ohnoez
Two final things to do.
Download and run Vundofix and Virtumundobegone. Post their logs here.
Then post another HijackThis log.
Best Regards :D
Life is but a dream; you dont feel any pain unless you want to or you fall off the bed.
Success is relative; the more success the more relatives.
A computer once beat me at chess, but it was no match for me at kickboxing.
To be or not to be; thats a dumb question.
|
|
ohnoez
Newbie
|
1. July 2008 @ 19:10 |
Link to this message
|
I'd like to say thank you for your suggestions and input on this, cdavfrew, I appreciate it.
I ran VundoFix and it said "No infected files were found."
And the other program found nothing as well.
[07/01/2008, 17:54:54] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Brittany Freeman\Desktop\VirtumundoBeGone.exe" )
[07/01/2008, 17:55:00] - Detected System Information:
[07/01/2008, 17:55:00] - Windows Version: 5.1.2600, Service Pack 2
[07/01/2008, 17:55:00] - Current Username: Brittany Freeman (Admin)
[07/01/2008, 17:55:00] - Windows is in SAFE mode.
[07/01/2008, 17:55:00] - Searching for Browser Helper Objects:
[07/01/2008, 17:55:00] - BHO 1: {02478D38-C3F9-4efb-9B51-7695ECA05670} (&Yahoo! Toolbar Helper)
[07/01/2008, 17:55:00] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[07/01/2008, 17:55:00] - BHO 3: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} (AVG Safe Search)
[07/01/2008, 17:55:00] - BHO 4: {53707962-6F74-2D53-2644-206D7942484F} ()
[07/01/2008, 17:55:00] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/01/2008, 17:55:00] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[07/01/2008, 17:55:00] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[07/01/2008, 17:55:00] - BHO 5: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} (Yahoo! IE Services Button)
[07/01/2008, 17:55:00] - BHO 6: {5CA3D70E-1895-11CF-8E15-001234567890} (DriveLetterAccess)
[07/01/2008, 17:55:00] - BHO 7: {A057A204-BACC-4D26-9990-79A187E2698E} (AVG Security Toolbar)
[07/01/2008, 17:55:00] - Finished Searching Browser Helper Objects
[07/01/2008, 17:55:00] - Finishing up...
[07/01/2008, 17:55:00] - Nothing found! Exiting...
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:05:32 PM, on 7/1/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\PhilipsRemote.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Messenger Plus! 3\MsgPlus.exe
C:\Program Files\Java\jre1.5.0_03\bin\jucheck.exe
C:\Program Files\Netopia\C3kWepN.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\PROGRA~1\MUSICM~1\MUSICM~1\MM_DIR~1.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\WDBtnMgr.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\My Book\WD Backup\uBBMonitor.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [PhilipsRemote] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\PhilipsRemote.exe
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\Program Files\AIM\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [C2kWep] C:\Program Files\Netopia\C3kWepN.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellTransferAgent] "C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: WD Backup Monitor.lnk = C:\Program Files\My Book\WD Backup\uBBMonitor.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Addiction by pogo - http://game3.pogo.com/v/9.0.2.14/applet/...ction-en_US.cab
O16 - DPF: Crazy Cakes by pogo - http://game3.pogo.com/v/9.0.3.19/applet/...inner-en_US.cab
O16 - DPF: First Class Solitaire by pogo - http://game3.pogo.com/v/9.0.4.7/applet/f...lass2-en_US.cab
O16 - DPF: Hog Heaven Slots by pogo - http://game3.pogo.com/v/9.0.1.7/applet/fancy/fancy-en_US.cab
O16 - DPF: Mah Jong Garden by pogo - http://game3.pogo.com/v/9.0.1.17/applet/...jong2-en_US.cab
O16 - DPF: Mahjong Safari by Pogo - http://game3.pogo.com/v/9.0.3.15/applet/safari/safari-en_US.cab
O16 - DPF: Perfect Pair Solitaire by pogo - http://game3.pogo.com/v/9.0.1.7/applet/w...wheel-en_US.cab
O16 - DPF: Poppit by pogo - http://game3.pogo.com/v/9.0.1.7/applet/poppit2/poppit2-en_US.cab
O16 - DPF: Sweet Tooth 2 by Pogo - http://game3.pogo.com/v/9.0.1.7/applet/s...ooth2-en_US.cab
O16 - DPF: Tumble Bees by pogo - http://game3.pogo.com/v/9.0.2.13/applet/tumbee2/tumbee2-en_US.cab
O16 - DPF: World Class Solitaire by pogo - http://game3.pogo.com/v/9.0.1.7/applet/w...class-en_US.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/MusicUnlimited/ie/bridge-c5.cab
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.35mb.com/applet/applet_l.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} (PogoWebLauncher Control) - http://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/2003...meInstaller.exe
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {94837F90-A2CA-4A8A-9DA0-B5438EC563EA} - http://install.wildtangent.com/cda/islan...uncherSetup.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://clubgames.pogo.com/online2/pogop/...ader_v10_en.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: .NET Framework Service (.NET Connection Service) - Unknown owner - C:\WINDOWS\svchost.exe (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
--
End of file - 11182 bytes
Do you think my system is clean now? It seems to be running fine, but I'm paranoid now. Thank you again!
EDIT: I just got this notification from AVG, any thoughts?
This message has been edited since posting. Last time this message was edited on 1. July 2008 @ 20:21
|
|
deemystql
Newbie
|
2. July 2008 @ 02:57 |
Link to this message
|
Dear AfterDawn and Members,
I am having the same issue which is ... .tt1.tmp.vbs cannot be found.
Symptoms:
1)Blue Display with no previous wallpaper
2) Fonts have become really small
3) Antivirus software ( AVG,and Automatic updates of OPS) do not get connected and thus receive no updates, which wasnt the case prior to this problem.
I have a feeling that a trojan called Antivirus XP 2008 is the culprit. It has somehow installed itself into the system and even after I deleted it, it still shows on the system.
I am going to follow the earlier instructions you have given to the other members and will create a log file with Hijackthis and post that log here in my next message.
I would really appreciate if you could help me with this issue.
Thank you.
Dee
|
|
deemystql
Newbie
|
2. July 2008 @ 04:33 |
Link to this message
|
Hello,
I am freaking out here, cuz I am not even able to install Hijackthis, everytime i click on it, it never registers.:(
what do I do? Do I have to have trendmicro to run this?
Help:'(
Dee
|
AfterDawn Addict
|
2. July 2008 @ 04:42 |
Link to this message
|
|
Dee,
To get some help, please start a new thread and someone can work on your problem without confusing the issue at hand. Thanks.
There are three kinds of men: The ones that learn by reading; The few who learn by observation;
The rest of them have to pee on the electric fence and find out for themselves... |
|
Advertisement
|
|
|
Senior Member
|
2. July 2008 @ 07:01 |
Link to this message
|
Hey ohnoez .
You are officially clean. Do not worry about the AVG warning, because it is detecting a file inside your system restore folder, which although is a malicious file, is a dormant malware, and will be flushed when you flush your system restore.
Three things to do before you should be good.
Update Java. Java exploits are usually the way most people get infected by vundo or other script malware. Please remember to uninstall previous versions of java after you have updated to the latest version.
Update Windows Service Pack from 2 to 3. Microsoft Update will do this.
Flush your system restore. Disable it, and then reenable it again.
That is all! Congrats.
Best Regards :D
Life is but a dream; you dont feel any pain unless you want to or you fall off the bed.
Success is relative; the more success the more relatives.
A computer once beat me at chess, but it was no match for me at kickboxing.
To be or not to be; thats a dumb question.
|
|
