Help - Search - Members
Full Version: Please help (HJ log included)
Piriform Community Forums > Computer Help and Discussion > Spyware Hell
hhml
Nov 2 2006, 10:08 PM
My computer seems slow and when I tried uninstalling firefox, it wouldn't let me. I've scanned with avast and it found some trojans/viruses but those could've been false positives. I tried reinstalling yahoo messenger and it froze at the first step. I'm not sure if my computer is infected or not so here is my log file. Do I remove these in safe mode or normal mode is just as good? Btw, I've reverted back to using AVG free 7.5. Is that better than avast? Thanks in advance.


Logfile of HijackThis v1.99.1
Scan saved at 1:44:39 PM, on 11/2/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\Grisoft\AVG7\avgwb.dat
C:\Program Files\Sing-Gium International Pte Ltd\Pirate King\system\game.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\nstmp5\uninstall.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\nstmp6\uninstall.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\Desktop\New Folder\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 200.88.223.98:80
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: IDMIEHlprObj Class - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: (no name) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: (no name) - {7D9CB362-375B-4FB9-8024-E55079CC69D1}" - (no file)
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\PROGRA~1\FlashGet\getflash.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe" -start
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\RunServices: [Config33.exe] Config33.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...html?p=ZJfox000
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp.com/rdqcpc/downloads/sysinfo.cab
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com/uploader/SlideImageUploader.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {7C5D062A-7A1E-4A46-A02B-A928084CBD66} (MLauncherNew Class) - http://legendofares.netgame.com/download/MusaLauncherNew.cab
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - http://ipgweb.cce.hp.com/rdqcpc/downloads/msxml4.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://download.games.yahoo.com/games/web_...outLauncher.cab
O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} - http://nprotect.nefficient.com/Mir3/KeyCrypt/npkcx.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://download.games.yahoo.com/games/web_...aploader_v6.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Apache - Unknown owner - C:\Program Files\Apache Group\Apache\Apache.exe" --ntservice (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\system32\npkcsvc.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
rridgely
Nov 2 2006, 10:23 PM
Welcome to the forum. smile.gif


Run BitDefender Online Scanner
  • Using internet Explorer please go HERE to run BitDefender's Online scan.
  • Read the terms and then click I Agree
  • You may receive a Security Warning about the BitDefender ActiveX control, If you do, please allow it to install.
  • On the scanning Options screen, Press Click Here To Scan and then follow the on screen prompts.
  • Once bit defender is finished scanning your computer it will automatically remove the infections. Once the removal process is finished press the close button and a dialog box will appear asking if you want to send your scan log back to the makers of bitdefender. You do not have to do this but what you do want to do is press the button that says "view log" and then copy and paste that log into notepad and save it to your desktop as bitdefender.txt.
  • Reboot your computer

Post the bitdefender log and a new hijackthis log.
hhml
Nov 2 2006, 10:36 PM
TY for the welcome =P

I loaded explorer and went to Bitdender scanner online but my page would not load. Is it a proxy problem of some sort? I don't know what is wrong. How do I fix this so my page will load?
rridgely
Nov 2 2006, 10:41 PM
Try one more time and then we can try something else. I'm not sure why it wont load.
hhml
Nov 2 2006, 10:47 PM
It still doesn't load. Only yahoo.com works; other sites don't.
rridgely
Nov 2 2006, 11:02 PM
Sysclean
  • First create a new folder on your desktop by right clicking an empty space and choosing New>Folder. Rename the folder sysclean.
  • Download the following file and place it in your new folder.
    http://www.trendmicro.com/ftp/products/tsc/sysclean.com
  • Now download the most recent virus detection file and extract(unzip) it in the sysclean folder with the first file.
    http://www.trendmicro.com/ftp/products/tsc/cpr/tsc.zip
  • Now Open the Sysclean folder and double click the sysclean file and press scan. Sysclean will now scan and automatically clean your computer of all possible viruses. Once sysclean is done it might ask you to reboot your computer. If it does not ask you to reboot do it anyway.
  • After the reboot open the sysclean folder and look for SYSCLEAN.LOG. Post that log onto the forum.
There we go. smile.gif
Come back with the sysclean log and a new hijackthis log.
hhml
Nov 2 2006, 11:25 PM
I dl'd system scan and when I opened it, I received an error message.

"Pattern file "LPT$VPN.*" is missing, Please download a copy."

I don't know what is wrong sad.gif

Here is what it looks like: http://img288.imageshack.us/my.php?image=systemcleanuv7.png
rridgely
Nov 2 2006, 11:40 PM
Did you download the second file and unzip its contents into the same folder?
hhml
Nov 2 2006, 11:41 PM
Yeah, I did everything like you posted. And I got that msg when opening system scan.
rridgely
Nov 2 2006, 11:49 PM
Delete the sysclean folder and try again. Here is the sysclean file:
http://www.trendmicro.com/ftp/products/tsc/cpr/sysclean.com

Definition file:
http://www.trendmicro.com/ftp/products/tsc/cpr/tsc.zip
hhml
Nov 3 2006, 12:09 AM
I've deleted and re-dl'd several times. Each time I got the same msg. Here is the step by step I did. I open the definition file by unrar because my winzip has expired.

Step 1: http://img290.imageshack.us/my.php?image=step1gu1.png

Step 2: http://img426.imageshack.us/my.php?image=step2unrarfu8.png

Step 3 (opening system scan): http://img262.imageshack.us/my.php?image=l...nmissingya8.png
rridgely
Nov 3 2006, 12:22 AM
I'm not sure why it wont work for you. Give me about 10-15minutes from this post and I'll put the package together and make sure it works then upload it for you. smile.gif
hhml
Nov 3 2006, 12:24 AM
Ok, ty =)
rridgely
Nov 3 2006, 12:53 AM
Ok, done.
I seem to be having an off night. sad.gif First my links show up in html now I'm forgetting to get you to download all the files you need. tongue.gif
This is what happens when you don't put full attention towards something. Sorry won't happen again. biggrin.gif

The problem was I didn't have you download the actual virus definitions.laugh.gif

Anyway I went ahead and uploaded what you need.

http://rapidshare.com/files/1753289/Sysclean.zip.html
-------

Run the scan and then post the text file afterwards. smile.gif
hhml
Nov 3 2006, 01:01 AM
lol, it's understandable. You have a lot of topics to respond to and looking around the forum, I see mostly your name in response to the many other cry for helps out there. You're working hard I see tongue.gif

For a second there, I thought it was my computer that was giving me problems about running the system scan and such but turns out it wasn't biggrin.gif Good to know. For future reference, can you upload using sendspace or filefactory? Rapidshare only allows me to dl 1 file per hour sad.gif

I've dl'd the files successfully and is now scanning. Will post result once it is done.
hhml
Nov 3 2006, 01:37 AM
Here is the scan result from sysclean:



/--------------------------------------------------------------\
| Trend Micro System Cleaner |
| Copyright 2006, Trend Micro, Inc. |
| http://www.antivirus.com |
\--------------------------------------------------------------/


2006-11-02, 17:00:39, Auto-clean mode specified.
2006-11-02, 17:00:39, Running scanner "C:\Documents and Settings\Owner\Desktop\system clean\Sysclean\TSC.BIN"...
2006-11-02, 17:00:54, Scanner "C:\Documents and Settings\Owner\Desktop\system clean\Sysclean\TSC.BIN" has finished running.
2006-11-02, 17:00:54, TSC Log:

2006-11-02, 17:01:51, An error was detected on "C:\System Volume Information\*.*": Access is denied.
2006-11-02, 17:02:04, Files Detected:
Copyright © 1990 - 2004 Trend Micro Inc.
Report Date : 11/2/2006 17:02:03
VSAPI Engine Version : 8.000-1001
VSCANTM Version : 1.1-1001
Virus Pattern Version : 897 (139974 Patterns) (2006/11/01) (389700)
Command Line: C:\Documents and Settings\Owner\Desktop\system clean\Sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /DCEGENCLEAN /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=C:\Documents and Settings\Owner\Desktop\system clean\Sysclean

2006-11-02, 17:02:04, Files Clean:
Copyright © 1990 - 2004 Trend Micro Inc.
Report Date : 11/2/2006 17:02:03
VSAPI Engine Version : 8.000-1001
VSCANTM Version : 1.1-1001
Virus Pattern Version : 897 (139974 Patterns) (2006/11/01) (389700)
Command Line: C:\Documents and Settings\Owner\Desktop\system clean\Sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /DCEGENCLEAN /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=C:\Documents and Settings\Owner\Desktop\system clean\Sysclean

2006-11-02, 17:02:04, Clean Fail:
Copyright © 1990 - 2004 Trend Micro Inc.
Report Date : 11/2/2006 17:02:03
VSAPI Engine Version : 8.000-1001
VSCANTM Version : 1.1-1001
Virus Pattern Version : 897 (139974 Patterns) (2006/11/01) (389700)
Command Line: C:\Documents and Settings\Owner\Desktop\system clean\Sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /DCEGENCLEAN /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=C:\Documents and Settings\Owner\Desktop\system clean\Sysclean

2006-11-02, 17:02:04, Scanner "C:\Documents and Settings\Owner\Desktop\system clean\Sysclean\VSCANTM.BIN" has finished running.


/--------------------------------------------------------------\
| Trend Micro System Cleaner |
| Copyright 2006, Trend Micro, Inc. |
| http://www.antivirus.com |
\--------------------------------------------------------------/


2006-11-02, 17:02:14, Auto-clean mode specified.
2006-11-02, 17:02:14, Running scanner "C:\Documents and Settings\Owner\Desktop\system clean\Sysclean\TSC.BIN"...
2006-11-02, 17:02:28, Scanner "C:\Documents and Settings\Owner\Desktop\system clean\Sysclean\TSC.BIN" has finished running.
2006-11-02, 17:02:28, TSC Log:

2006-11-02, 17:02:32, An error was detected on "C:\System Volume Information\*.*": Access is denied.
2006-11-02, 17:27:03, Files Detected:
Copyright © 1990 - 2004 Trend Micro Inc.
Report Date : 11/2/2006 17:02:32
VSAPI Engine Version : 8.000-1001
VSCANTM Version : 1.1-1001
Virus Pattern Version : 897 (139974 Patterns) (2006/11/01) (389700)
Command Line: C:\Documents and Settings\Owner\Desktop\system clean\Sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /DCEGENCLEAN /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=C:\Documents and Settings\Owner\Desktop\system clean\Sysclean

58589 files have been read.
58589 files have been checked.
51908 files have been scanned.
91344 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At : 11/2/2006 17:27:02
---------*---------*---------*---------*---------*---------*---------*---------*
2006-11-02, 17:27:03, Files Clean:
Copyright © 1990 - 2004 Trend Micro Inc.
Report Date : 11/2/2006 17:02:32
VSAPI Engine Version : 8.000-1001
VSCANTM Version : 1.1-1001
Virus Pattern Version : 897 (139974 Patterns) (2006/11/01) (389700)
Command Line: C:\Documents and Settings\Owner\Desktop\system clean\Sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /DCEGENCLEAN /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=C:\Documents and Settings\Owner\Desktop\system clean\Sysclean

58589 files have been read.
58589 files have been checked.
51908 files have been scanned.
91344 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At : 11/2/2006 17:27:02 24 minutes 29 seconds (1469.41 seconds) has elapsed.

---------*---------*---------*---------*---------*---------*---------*---------*
2006-11-02, 17:27:03, Clean Fail:
Copyright © 1990 - 2004 Trend Micro Inc.
Report Date : 11/2/2006 17:02:32
VSAPI Engine Version : 8.000-1001
VSCANTM Version : 1.1-1001
Virus Pattern Version : 897 (139974 Patterns) (2006/11/01) (389700)
Command Line: C:\Documents and Settings\Owner\Desktop\system clean\Sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /DCEGENCLEAN /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=C:\Documents and Settings\Owner\Desktop\system clean\Sysclean

58589 files have been read.
58589 files have been checked.
51908 files have been scanned.
91344 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At : 11/2/2006 17:27:02 24 minutes 29 seconds (1469.41 seconds) has elapsed.

---------*---------*---------*---------*---------*---------*---------*---------*
2006-11-02, 17:27:03, Scanner "C:\Documents and Settings\Owner\Desktop\system clean\Sysclean\VSCANTM.BIN" has finished running.




Here is scan result from Hijack this! after rebooting from sysclean scanning:

Logfile of HijackThis v1.99.1
Scan saved at 5:32:36 PM, on 11/2/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Owner\Desktop\New Folder\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 200.88.223.98:80
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: IDMIEHlprObj Class - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: (no name) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: (no name) - {7D9CB362-375B-4FB9-8024-E55079CC69D1}" - (no file)
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\PROGRA~1\FlashGet\getflash.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe" -start
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...html?p=ZJfox000
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp.com/rdqcpc/downloads/sysinfo.cab
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com/uploader/SlideImageUploader.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {7C5D062A-7A1E-4A46-A02B-A928084CBD66} (MLauncherNew Class) - http://legendofares.netgame.com/download/MusaLauncherNew.cab
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - http://ipgweb.cce.hp.com/rdqcpc/downloads/msxml4.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://download.games.yahoo.com/games/web_...outLauncher.cab
O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} - http://nprotect.nefficient.com/Mir3/KeyCrypt/npkcx.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://download.games.yahoo.com/games/web_...aploader_v6.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Apache - Unknown owner - C:\Program Files\Apache Group\Apache\Apache.exe" --ntservice (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\system32\npkcsvc.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

rridgely
Nov 3 2006, 01:49 AM
Wow I really thought sysclean would catch those trojans. dry.gif
Lets run one more scan and see if this will clean them.

Download AVG Anti-Spyware
  1. Load AVG antispyware and then click the Update tab at the top. Under Manual Update click Start update.
  2. After the update finishes (the status bar at the bottom will display "Update successful")
  3. Click on the Scanner tab at the top and then click on Complete System Scan
  4. Ewido will list any infections found on the left, when the scan has finished, it will automatically set the recommended action. Click the Apply all actions button. AVG antispyware will then display "All actions have been applied" on the right.
  5. Click on "Save Report", then "Save Report As". This will create a text file which you can then save to the Desktop and post back
Note that this is not AVG antivirus but the program formally known as Ewido.
hhml
Nov 3 2006, 02:28 AM
Here's the result.

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 6:26:28 PM 11/2/2006

+ Scan result:



C:\Program Files\RSSoft -> Not-A-Virus.P2P.RedSwoosh : Ignored.
C:\Program Files\RSSoft\Cache -> Not-A-Virus.P2P.RedSwoosh : Ignored.
C:\Program Files\RSSoft\ClientCoreLib-1.920-868.dll -> Not-A-Virus.P2P.RedSwoosh : Ignored.
C:\Program Files\RSSoft\ClientCoreLib-1.922-102.dll -> Not-A-Virus.P2P.RedSwoosh : Ignored.
C:\Program Files\RSSoft\RSEDNClientUninstaller.exe -> Not-A-Virus.P2P.RedSwoosh : Ignored.
C:\Program Files\RSSoft\data.txt -> Not-A-Virus.P2P.RedSwoosh : Ignored.
C:\Program Files\RSSoft\install.ini -> Not-A-Virus.P2P.RedSwoosh : Ignored.
C:\Program Files\RSSoft\metadata.txt -> Not-A-Virus.P2P.RedSwoosh : Ignored.
C:\Program Files\RSSoft\precache.txt -> Not-A-Virus.P2P.RedSwoosh : Ignored.
C:\Program Files\RSSoft\registrypath.txt -> Not-A-Virus.P2P.RedSwoosh : Ignored.
C:\Program Files\RSSoft\upgrade.txt -> Not-A-Virus.P2P.RedSwoosh : Ignored.
:mozilla.263:C:\Documents and Settings\BaBiBoOfOrYooH\Application Data\Mozilla\Firefox\Profiles\dnc9mxhl.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.264:C:\Documents and Settings\BaBiBoOfOrYooH\Application Data\Mozilla\Firefox\Profiles\dnc9mxhl.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.265:C:\Documents and Settings\BaBiBoOfOrYooH\Application Data\Mozilla\Firefox\Profiles\dnc9mxhl.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.266:C:\Documents and Settings\BaBiBoOfOrYooH\Application Data\Mozilla\Firefox\Profiles\dnc9mxhl.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.267:C:\Documents and Settings\BaBiBoOfOrYooH\Application Data\Mozilla\Firefox\Profiles\dnc9mxhl.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.268:C:\Documents and Settings\BaBiBoOfOrYooH\Application Data\Mozilla\Firefox\Profiles\dnc9mxhl.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.269:C:\Documents and Settings\BaBiBoOfOrYooH\Application Data\Mozilla\Firefox\Profiles\dnc9mxhl.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.270:C:\Documents and Settings\BaBiBoOfOrYooH\Application Data\Mozilla\Firefox\Profiles\dnc9mxhl.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.271:C:\Documents and Settings\BaBiBoOfOrYooH\Application Data\Mozilla\Firefox\Profiles\dnc9mxhl.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.514:C:\Documents and Settings\BaBiBoOfOrYooH\Application Data\Mozilla\Firefox\Profiles\dnc9mxhl.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\BaBiBoOfOrYooH\Cookies\babibooforyooh@2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.231:C:\Documents and Settings\BaBiBoOfOrYooH\Application Data\Mozilla\Firefox\Profiles\dnc9mxhl.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.232:C:\Documents and Settings\BaBiBoOfOrYooH\Application Data\Mozilla\Firefox\Profiles\dnc9mxhl.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.28:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xzr8dr3h.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.29:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xzr8dr3h.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.30:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xzr8dr3h.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.335:C:\Documents and Settings\BaBiBoOfOrYooH\Application Data\Mozilla\Firefox\Profiles\dnc9mxhl.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.155:C:\Documents and Settings\BaBiBoOfOrYooH\Application Data\Mozilla\Firefox\Profiles\dnc9mxhl.default\cookies.txt -> TrackingCookie.Addynamix : Cleaned.
:mozilla.200:C:\Documents and Settings\BaBiBoOfOrYooH\Application Data\Mozilla\Firefox\Profiles\dnc9mxhl.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.201:C:\Documents and Settings\BaBiBoOfOrYooH\Application Data\Mozilla\Firefox\Profiles\dnc9mxhl.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.202:C:\Documents and Settings\BaBiBoOfOrYooH\Application Data\Mozilla\Firefox\Profiles\dnc9mxhl.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.203:C:\Documents and Settings\BaBiBoOfOrYooH\Application Data\Mozilla\Firefox\Profiles\dnc9mxhl.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.204:C:\Documents and Settings\BaBiBoOfOrYooH\Application Data\Mozilla\Firefox\Profiles\dnc9mxhl.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.205:C:\Documents and Settings\BaBiBoOfOrYooH\Application Data\Mozilla\Firefox\Profiles\dnc9mxhl.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.206:C:\Documents and Settings\BaBiBoOfOrYooH\Application Data\Mozilla\Firefox\Profiles\dnc9mxhl.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.207:C:\Documents and Settings\BaBiBoOfOrYooH\Application Data\Mozilla\Firefox\Profiles\dnc9mxhl.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.208:C:\Documents and Settings\BaBiBoOfOrYooH\Application Data\Mozilla\Firefox\Profiles\dnc9mxhl.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.308:C:\Documents and Settings\BaBiBoOfOrYooH\Application Data\Mozilla\Firefox\Profiles\dnc9mxhl.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.94:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xzr8dr3h.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.95:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xzr8dr3h.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.96:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xzr8dr3h.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.97:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xzr8dr3h.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.98:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xzr8dr3h.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.99:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xzr8dr3h.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.18:C:\Documents and Settings\BaBiBoOfOrYooH\Application Data\Mozilla\Firefox\Profiles\dnc9mxhl.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.19:C:\Documents and Settings\BaBiBoOfOrYooH\Application Data\Mozilla\Firefox\Profiles\dnc9mxhl.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.20:C:\Documents and Settings\BaBiBoOfOrYooH\Application Data\Mozilla\Firefox\Profiles\dnc9mxhl.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.21:C:\Documents and Settings\BaBiBoOfOrYooH\Application Data\Mozilla\Firefox\Profiles\dnc9mxhl.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.22:C:\Documents and Settings\BaBiBoOfOrYooH\Application Data\Mozilla\Firefox\Profiles\dnc9mxhl.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.56:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xzr8dr3h.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.57:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xzr8dr3h.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.58:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xzr8dr3h.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.59:C:\Documents and Settings\BaBiBoOfOrYooH\Application Data\Mozilla\Firefox\Profiles\dnc9mxhl.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.59:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xzr8dr3h.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\BaBiBoOfOrYooH\Cookies\babibooforyooh@advertising[2].txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.22:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xzr8dr3h.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.25:C:\Documents and Settings\BaBiBoOfOrYooH\Application Data\Mozilla\Firefox\Profiles\dnc9mxhl.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\BaBiBoOfOrYooH\Cookies\babibooforyooh@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.473:C:\Documents and Settings\BaBiBoOfOrYooH\Application Data\Mozilla\Firefox\Profiles\dnc9mxhl.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned.
:mozilla.85:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xzr8dr3h.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.209:C:\Documents and Settings\BaBiBoOfOrYooH\Application Data\Mozilla\Firefox\Profiles\dnc9mxhl.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.210:C:\Documents and Settings\BaBiBoOfOrYooH\Application Data\Mozilla\Firefox\Profiles\dnc9mxhl.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.211:C:\Documents and Settings\BaBiBoOfOrYooH\Application Data\Mozilla\Firefox\Profiles\dnc9mxhl.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.212:C:\Documents and Settings\BaBiBoOfOrYooH\Application Data\Mozilla\Firefox\Profiles\dnc9mxhl.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.213:C:\Documents and Settings\BaBiBoOfOrYooH\Application Data\Mozilla\Firefox\Profiles\dnc9mxhl.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.214:C:\Documents and Settings\BaBiBoOfOrYooH\Application Data\Mozilla\Firefox\Profiles\dnc9mxhl.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.70:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xzr8dr3h.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.71:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xzr8dr3h.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.72:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xzr8dr3h.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.13:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xzr8dr3h.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.25:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xzr8dr3h.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.29:C:\Documents and Settings\BaBiBoOfOrYooH\Application Data\Mozilla\Firefox\Profiles\dnc9mxhl.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.307:C:\Documents and Settings\BaBiBoOfOrYooH\Application Data\Mozilla\Firefox\Profiles\dnc9mxhl.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\BaBiBoOfOrYooH\Cookies\babibooforyooh@doubleclick[2].txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.137:C:\Documents and Settings\BaBiBoOfOrYooH\Application Data\Mozilla\Firefox\Profiles\dnc9mxhl.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.139:C:\Documents and Settings\BaBiBoOfOrYooH\Application Data\Mozilla\Firefox\Profiles\dnc9mxhl.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.186:C:\Documents and Settings\BaBiBoOfOrYooH\Application Data\Mozilla\Firefox\Profiles\dnc9mxhl.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.601:C:\Documents and Settings\BaBiBoOfOrYooH\Application Data\Mozilla\Firefox\Profiles\dnc9mxhl.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.602:C:\Documents and Settings\BaBiBoOfOrYooH\Application Data\Mozilla\Firefox\Profiles\dnc9mxhl.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.603:C:\Documents and Settings\BaBiBoOfOrYooH\Application Data\Mozilla\Firefox\Profiles\dnc9mxhl.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.604:C:\Documents and Settings\BaBiBoOfOrYooH\Application Data\Mozilla\Firefox\Profiles\dnc9mxhl.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.606:C:\Documents and Settings\BaBiBoOfOrYooH\Application Data\Mozilla\Firefox\Profiles\dnc9mxhl.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.607:C:\Documents and Settings\BaBiBoOfOrYooH\Application Data\Mozilla\Firefox\Profiles\dnc9mxhl.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.608:C:\Documents and Settings\BaBiBoOfOrYooH\Application Data\Mozilla\Firefox\Profiles\dnc9mxhl.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.609:C:\Documents and Settings\BaBiBoOfOrYooH\Application Data\Mozilla\Firefox\Profiles\dnc9mxhl.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.610:C:\Documents and Settings\BaBiBoOfOrYooH\Application Data\Mozilla\Firefox\Profiles\dnc9mxhl.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.217:C:\Documents and Settings\BaBiBoOfOrYooH\Application Data\Mozilla\Firefox\Profiles\dnc9mxhl.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.218:C:\Documents and Settings\BaBiBoOfOrYooH\Application Data\Mozilla\Firefox\Profiles\dnc9mxhl.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.219:C:\Documents and Settings\BaBiBoOfOrYooH\Application Data\Mozilla\Firefox\Profiles\dnc9mxhl.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.220:C:\Documents and Settings\BaBiBoOfOrYooH\Application Data\Mozilla\Firefox\Profiles\dnc9mxhl.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.372:C:\Documents and Settings\BaBiBoOfOrYooH\Application Data\Mozilla\Firefox\Profiles\dnc9mxhl.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.373:C:\Documents and Settings\BaBiBoOfOrYooH\Application Data\Mozilla\Firefox\Profiles\dnc9mxhl.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.374:C:\Documents and Settings\BaBiBoOfOrYooH\Application Data\Mozilla\Firefox\Profiles\dnc9mxhl.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.62:C:\Documents and Settings\BaBiBoOfOrYooH\Application Data\Mozilla\Firefox\Profiles\dnc9mxhl.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.63:C:\Documents and Settings\BaBiBoOfOrYooH\Application Data\Mozilla\Firefox\Profiles\dnc9mxhl.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.64:C:\Documents and Settings\BaBiBoOfOrYooH\Application Data\Mozilla\Firefox\Profiles\dnc9mxhl.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.66:C:\Documents and Settings\BaBiBoOfOrYooH\Application Data\Mozilla\Firefox\Profiles\dnc9mxhl.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.67:C:\Documents and Settings\BaBiBoOfOrYooH\Application Data\Mozilla\Firefox\Profiles\dnc9mxhl.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.67:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xzr8dr3h.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.68:C:\Documents and Settings\BaBiBoOfOrYooH\Application Data\Mozilla\Firefox\Profiles\dnc9mxhl.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.68:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xzr8dr3h.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.69:C:\Documents and Settings\BaBiBoOfOrYooH\Application Data\Mozilla\Firefox\Profiles\dnc9mxhl.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.69:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xzr8dr3h.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.70:C:\Documents and Settings\BaBiBoOfOrYooH\Application Data\Mozilla\Firefox\Profiles\dnc9mxhl.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.71:C:\Documents and Settings\BaBiBoOfOrYooH\Application Data\Mozilla\Firefox\Profiles\dnc9mxhl.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.385:C:\Documents and Settings\BaBiBoOfOrYooH\Application Data\Mozilla\Firefox\Profiles\dnc9mxhl.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.496:C:\Documents and Settings\BaBiBoOfOrYooH\Application Data\Mozilla\Firefox\Profiles\dnc9mxhl.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.516:C:\Documents and Settings\BaBiBoOfOrYooH\Application Data\Mozilla\Firefox\Profiles\dnc9mxhl.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.517:C:\Documents and Settings\BaBiBoOfOrYooH\Application Data\Mozilla\Firefox\Profiles\dnc9mxhl.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.138:C:\Documents and Settings\BaBiBoOfOrYooH\Application Data\Mozilla\Firefox\Profiles\dnc9mxhl.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.23:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xzr8dr3h.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.507:C:\Documents and Settings\BaBiBoOfOrYooH\Application Data\Mozilla\Firefox\Profiles\dnc9mxhl.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.508:C:\Documents and Settings\BaBiBoOfOrYooH\Application Data\Mozilla\Firefox\Profiles\dnc9mxhl.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.329:C:\Documents and Settings\BaBiBoOfOrYooH\Application Data\Mozilla\Firefox\Profiles\dnc9mxhl.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.386:C:\Documents and Settings\BaBiBoOfOrYooH\Application Data\Mozilla\Firefox\Profiles\dnc9mxhl.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.309:C:\Documents and Settings\BaBiBoOfOrYooH\Application Data\Mozilla\Firefox\Profiles\dnc9mxhl.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.310:C:\Documents and Settings\BaBiBoOfOrYooH\Application Data\Mozilla\Firefox\Profiles\dnc9mxhl.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.311:C:\Documents and Settings\BaBiBoOfOrYooH\Application Data\Mozilla\Firefox\Profiles\dnc9mxhl.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.312:C:\Documents and Settings\BaBiBoOfOrYooH\Application Data\Mozilla\Firefox\Profiles\dnc9mxhl.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.453:C:\Documents and Settings\BaBiBoOfOrYooH\Application Data\Mozilla\Firefox\Profiles\dnc9mxhl.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned.
:mozilla.454:C:\Documents and Settings\BaBiBoOfOrYooH\Application Data\Mozilla\Firefox\Profiles\dnc9mxhl.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned.
:mozilla.108:C:\Documents and Settings\BaBiBoOfOrYooH\Application Data\Mozilla\Firefox\Profiles\dnc9mxhl.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.111:C:\Documents and Settings\BaBiBoOfOrYooH\Application Data\Mozilla\Firefox\Profiles\dnc9mxhl.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.112:C:\Documents and Settings\BaBiBoOfOrYooH\Application Data\Mozilla\Firefox\Profiles\dnc9mxhl.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.113:C:\Documents and Settings\BaBiBoOfOrYooH\Application Data\Mozilla\Firefox\Profiles\dnc9mxhl.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.398:C:\Documents and Settings\BaBiBoOfOrYooH\Application Data\Mozilla\Firefox\Profiles\dnc9mxhl.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.302:C:\Documents and Settings\BaBiBoOfOrYooH\Application Data\Mozilla\Firefox\Profiles\dnc9mxhl.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.303:C:\Documents and Settings\BaBiBoOfOrYooH\Application Data\Mozilla\Firefox\Profiles\dnc9mxhl.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.304:C:\Documents and Settings\BaBiBoOfOrYooH\Application Data\Mozilla\Firefox\Profiles\dnc9mxhl.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.305:C:\Documents and Settings\BaBiBoOfOrYooH\Application Data\Mozilla\Firefox\Profiles\dnc9mxhl.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.306:C:\Documents and Settings\BaBiBoOfOrYooH\Application Data\Mozilla\Firefox\Profiles\dnc9mxhl.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.106:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xzr8dr3h.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.107:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xzr8dr3h.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.108:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xzr8dr3h.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.109:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xzr8dr3h.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.110:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xzr8dr3h.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.226:C:\Documents and Settings\BaBiBoOfOrYooH\Application Data\Mozilla\Firefox\Profiles\dnc9mxhl.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.227:C:\Documents and Settings\BaBiBoOfOrYooH\Application Data\Mozilla\Firefox\Profiles\dnc9mxhl.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.228:C:\Documents and Settings\BaBiBoOfOrYooH\Application Data\Mozilla\Firefox\Profiles\dnc9mxhl.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.229:C:\Documents and Settings\BaBiBoOfOrYooH\Application Data\Mozilla\Firefox\Profiles\dnc9mxhl.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.230:C:\Documents and Settings\BaBiBoOfOrYooH\Application Data\Mozilla\Firefox\Profiles\dnc9mxhl.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.349:C:\Documents and Settings\BaBiBoOfOrYooH\Application Data\Mozilla\Firefox\Profiles\dnc9mxhl.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.350:C:\Documents and Settings\BaBiBoOfOrYooH\Application Data\Mozilla\Firefox\Profiles\dnc9mxhl.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.351:C:\Documents and Settings\BaBiBoOfOrYooH\Application Data\Mozilla\Firefox\Profiles\dnc9mxhl.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.100:C:\Documents and Settings\BaBiBoOfOrYooH\Application Data\Mozilla\Firefox\Profiles\dnc9mxhl.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.101:C:\Documents and Settings\BaBiBoOfOrYooH\Application Data\Mozilla\Firefox\Profiles\dnc9mxhl.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.102:C:\Documents and Settings\BaBiBoOfOrYooH\Application Data\Mozilla\Firefox\Profiles\dnc9mxhl.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.103:C:\Documents and Settings\BaBiBoOfOrYooH\Application Data\Mozilla\Firefox\Profiles\dnc9mxhl.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.84:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xzr8dr3h.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.96:C:\Documents and Settings\BaBiBoOfOrYooH\Application Data\Mozilla\Firefox\Profiles\dnc9mxhl.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.97:C:\Documents and Settings\BaBiBoOfOrYooH\Application Data\Mozilla\Firefox\Profiles\dnc9mxhl.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.98:C:\Documents and Settings\BaBiBoOfOrYooH\Application Data\Mozilla\Firefox\Profiles\dnc9mxhl.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.99:C:\Documents and Settings\BaBiBoOfOrYooH\Application Data\Mozilla\Firefox\Profiles\dnc9mxhl.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.272:C:\Documents and Settings\BaBiBoOfOrYooH\Application Data\Mozilla\Firefox\Profiles\dnc9mxhl.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.273:C:\Documents and Settings\BaBiBoOfOrYooH\Application Data\Mozilla\Firefox\Profiles\dnc9mxhl.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.274:C:\Documents and Settings\BaBiBoOfOrYooH\Application Data\Mozilla\Firefox\Profiles\dnc9mxhl.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.275:C:\Documents and Settings\BaBiBoOfOrYooH\Application Data\Mozilla\Firefox\Profiles\dnc9mxhl.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.276:C:\Documents and Settings\BaBiBoOfOrYooH\Application Data\Mozilla\Firefox\Profiles\dnc9mxhl.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.320:C:\Documents and Settings\BaBiBoOfOrYooH\Application Data\Mozilla\Firefox\Profiles\dnc9mxhl.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.42:C:\Documents and Settings\BaBiBoOfOrYooH\Application Data\Mozilla\Firefox\Profiles\dnc9mxhl.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.43:C:\Documents and Settings\BaBiBoOfOrYooH\Application Data\Mozilla\Firefox\Profiles\dnc9mxhl.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.44:C:\Documents and Settings\BaBiBoOfOrYooH\Application Data\Mozilla\Firefox\Profiles\dnc9mxhl.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.45:C:\Documents and Settings\BaBiBoOfOrYooH\Application Data\Mozilla\Firefox\Profiles\dnc9mxhl.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.45:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xzr8dr3h.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.46:C:\Documents and Settings\BaBiBoOfOrYooH\Application Data\Mozilla\Firefox\Profiles\dnc9mxhl.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.47:C:\Documents and Settings\BaBiBoOfOrYooH\Application Data\Mozilla\Firefox\Profiles\dnc9mxhl.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.47:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xzr8dr3h.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.48:C:\Documents and Settings\BaBiBoOfOrYooH\Application Data\Mozilla\Firefox\Profiles\dnc9mxhl.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.48:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xzr8dr3h.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.49:C:\Documents and Settings\BaBiBoOfOrYooH\Application Data\Mozilla\Firefox\Profiles\dnc9mxhl.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.49:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xzr8dr3h.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.50:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xzr8dr3h.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.51:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xzr8dr3h.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.53:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xzr8dr3h.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.14:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xzr8dr3h.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.15:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xzr8dr3h.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.16:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xzr8dr3h.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.41:C:\Documents and Settings\BaBiBoOfOrYooH\Application Data\Mozilla\Firefox\Profiles\dnc9mxhl.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.52:C:\Documents and Settings\BaBiBoOfOrYooH\Application Data\Mozilla\Firefox\Profiles\dnc9mxhl.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.53:C:\Documents and Settings\BaBiBoOfOrYooH\Application Data\Mozilla\Firefox\Profiles\dnc9mxhl.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.54:C:\Documents and Settings\BaBiBoOfOrYooH\Application Data\Mozilla\Firefox\Profiles\dnc9mxhl.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.74:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xzr8dr3h.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.237:C:\Documents and Settings\BaBiBoOfOrYooH\Application Data\Mozilla\Firefox\Profiles\dnc9mxhl.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.238:C:\Documents and Settings\BaBiBoOfOrYooH\Application Data\Mozilla\Firefox\Profiles\dnc9mxhl.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.239:C:\Documents and Settings\BaBiBoOfOrYooH\Application Data\Mozilla\Firefox\Profiles\dnc9mxhl.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.240:C:\Documents and Settings\BaBiBoOfOrYooH\Application Data\Mozilla\Firefox\Profiles\dnc9mxhl.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.62:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xzr8dr3h.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.63:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xzr8dr3h.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.64:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xzr8dr3h.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.65:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xzr8dr3h.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.66:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xzr8dr3h.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.10:C:\Documents and Settings\BaBiBoOfOrYooH\Application Data\Mozilla\Firefox\Profiles\dnc9mxhl.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.16:C:\Documents and Settings\BaBiBoOfOrYooH\Application Data\Mozilla\Firefox\Profiles\dnc9mxhl.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.6:C:\Documents and Settings\BaBiBoOfOrYooH\Application Data\Mozilla\Firefox\Profiles\dnc9mxhl.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.7:C:\Documents and Settings\BaBiBoOfOrYooH\Application Data\Mozilla\Firefox\Profiles\dnc9mxhl.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.8:C:\Documents and Settings\BaBiBoOfOrYooH\Application Data\Mozilla\Firefox\Profiles\dnc9mxhl.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
C:\WINDOWS\system32\1024 -> Trojan.Small : Cleaned with backup (quarantined).


::Report end

rridgely
Nov 3 2006, 02:37 AM
Do you know what the RSSoft program is? Why didn't you remove it?
Also post a new hijackthis log. smile.gif
hhml
Nov 3 2006, 02:42 AM
Um, I have no idea what it is. But I uninstalled it by removing it to quarantine box and deleted the RSSoft folder. Here's the HJT log.

Logfile of HijackThis v1.99.1
Scan saved at 6:39:31 PM, on 11/2/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\AIM95\aim.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Documents and Settings\Owner\Desktop\New Folder\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 200.88.223.98:80
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: IDMIEHlprObj Class - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: (no name) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: (no name) - {7D9CB362-375B-4FB9-8024-E55079CC69D1}" - (no file)
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\PROGRA~1\FlashGet\getflash.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe" -start
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...html?p=ZJfox000
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp.com/rdqcpc/downloads/sysinfo.cab
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com/uploader/SlideImageUploader.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {7C5D062A-7A1E-4A46-A02B-A928084CBD66} (MLauncherNew Class) - http://legendofares.netgame.com/download/MusaLauncherNew.cab
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - http://ipgweb.cce.hp.com/rdqcpc/downloads/msxml4.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://download.games.yahoo.com/games/web_...outLauncher.cab
O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} - http://nprotect.nefficient.com/Mir3/KeyCrypt/npkcx.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://download.games.yahoo.com/games/web_...aploader_v6.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Apache - Unknown owner - C:\Program Files\Apache Group\Apache\Apache.exe" --ntservice (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\system32\npkcsvc.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

rridgely
Nov 3 2006, 04:03 AM
Download Killbox from Here

Run Killbox by clicking the killbox.exe file on the desktop

In the Full Path of File to Delete window type (or copy and paste)

C:\WINDOWS\system32\npkcsvc.exe

Select the options Delete on reboot

Click the button: Single File and it should then flash green.

Then press the Delete File button (Red Circle with a White X).
Killbox will tell you that all listed files will be removed on next reboot and asks if you would like to Reboot now, click YES
If you don't get that message, reboot manually.

Your computer should reboot now.

After the reboot post a new log.
hhml
Nov 3 2006, 04:36 AM
Logfile of HijackThis v1.99.1
Scan saved at 8:32:22 PM, on 11/2/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Documents and Settings\Owner\Desktop\New Folder\HijackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 200.88.223.98:80
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: IDMIEHlprObj Class - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: (no name) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: (no name) - {7D9CB362-375B-4FB9-8024-E55079CC69D1}" - (no file)
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\PROGRA~1\FlashGet\getflash.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe" -start
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...html?p=ZJfox000
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp.com/rdqcpc/downloads/sysinfo.cab
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com/uploader/SlideImageUploader.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {7C5D062A-7A1E-4A46-A02B-A928084CBD66} (MLauncherNew Class) - http://legendofares.netgame.com/download/MusaLauncherNew.cab
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - http://ipgweb.cce.hp.com/rdqcpc/downloads/msxml4.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://download.games.yahoo.com/games/web_...outLauncher.cab
O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} - http://nprotect.nefficient.com/Mir3/KeyCrypt/npkcx.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://download.games.yahoo.com/games/web_...aploader_v6.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Apache - Unknown owner - C:\Program Files\Apache Group\Apache\Apache.exe" --ntservice (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: npkcsvc - Unknown owner - C:\WINDOWS\system32\npkcsvc.exe (file missing)
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

rridgely
Nov 3 2006, 04:42 AM
Looks better. smile.gif
Lets run one last scan to make sure things are 100%.
Is the computer acting back to normal?

Run Kaspersky WebScanner
  • Please go HERE and click Kaspersky Online Scanner
  • Read and Accept the Agreement
  • You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • If you see a Windows dialog asking if you want to install this software, click the Install button.
  • The program will launch and then begin downloading the latest definition files,
  • When the "Update progress" line changes to "Ready" and the "NEXT ->" button becomes available, please click on it.
  • Click on the Scan Settings button, and in the next window select the Extended database, and click Ok.
  • Under "Please select a target to scan:", click My Computer to start the scan.
  • When the scan is finished, click the "Save as Text" button, and save the file as kavscan.txt to your Desktop, close the Kaspersky On-line Scanner window.
  • Paste kaspersky log onto forum.
hhml
Nov 3 2006, 04:49 AM
My comp seems to be slower ever since I installed Zone Alarm, which was a couple of hours ago. My boot up is much slower and takes longer to load up windows once I get to the log in screen. Do you recommend using ZA or Sygote?

For the Kaspersky online scanner, it says I need to do it using explorer, but the site won't load when I use explorer. None of the sites works (yahoo.com, msn.com, etc.). I don't know how or what to do to configure the explorer setting so it will work.
rridgely
Nov 3 2006, 05:14 AM
I can show you some great security programs once were finished. If you want you can get rid of zone alarm.

IE doesn't work on any site? Thats obviously not right.
Lets make sure there isn't anything keeping it from working.

Download Superantispyware
  1. Load Superantispyware and click the check for updates button.
  2. Once the update is finished click the scan your computer button.
  3. Check Perform Complete Scan and then next.
  4. Superantispyware will now scan your computer and when its finished it will list all the infections it has found.
  5. Make sure that they all have a check next to them and press next.
  6. Click finish and you will be taken back to the main interface.
  7. Click Preferences and then click the statistics/logs tab. Click the dated log and press view log and a text file will appear.
  8. Copy and paste the log onto the forum.

Lets see if that one finds anything.
hhml
Nov 3 2006, 05:27 AM
Ok, will try that and post result soon as I'm done. When I open my My Document folder and type in yahoo.com, it loads the site yet when I tried that with IE it doesn't work.

Also, same thing with firefox. Certain pages load and some don't. I went to check the Connection Settings and the default is set on "Manual Proxy Configuration" with my IP and port number included. I am not sure if this is the default setting or it might have been altered. In order to get all sites to work, I had to change it to "Auto-Detect proxy settings for this network". Each time I load up firefox I have to go change to that setting in order to surf.
hhml
Nov 3 2006, 06:57 AM
Result from SuperAntispyWare


SUPERAntiSpyware Scan Log
Generated 11/02/2006 at 10:13 PM

Application Version : 3.3.1020

Core Rules Database Version : 3107
Trace Rules Database Version: 1133

Scan type : Complete Scan
Total Scan Time : 00:47:28

Memory items scanned : 363
Memory threats detected : 0
Registry items scanned : 4861
Registry threats detected : 5
File items scanned : 32788
File threats detected : 6

Adware.Tracking Cookie
C:\Documents and Settings\Owner\cookies\owner@atwola[1].txt
C:\Documents and Settings\BaBiBoOfOrYooH\Cookies\babibooforyooh@atwola[1].txt

Adware.Elite Media
HKLM\Software\elite
HKLM\Software\elite#check
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/elite.ocx
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/elite.ocx#.Owner
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/elite.ocx#{9AC54695-69A4-46F1-BE10-10C74F9520D5}
C:\WINDOWS\elitemediagroup.ini

Viewpoint Toolbar
C:\PROGRAM FILES\VIEWPOINT\VIEWPOINT TOOLBAR\VIEWBAR.DLL

Adware.Unknown Origin
C:\WINDOWS\SYSTEM32\IESH12052004.CFG

Trojan.Unknown Origin
C:\WINDOWS\TEMPF.TXT



Result from Kaspersky Online scanner

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Thursday, November 02, 2006 10:46:20 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 3/11/2006
Kaspersky Anti-Virus database records: 237704
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 59073
Number of viruses found: 3
Number of infected objects: 3 / 0
Number of suspicious objects: 0
Duration of the scan process: 01:05:40

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Avg7\Log\emc.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a00e9c38e7d0259af36e06c870a3611c_39b7cccd-e8a5-42ec-ae72-3c3da0ae5636 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a773f8457f6956d4b398cb35c8fbd81b_39b7cccd-e8a5-42ec-ae72-3c3da0ae5636 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\cd571c51cdb061c0cd7d436ddf529884_39b7cccd-e8a5-42ec-ae72-3c3da0ae5636 Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xzr8dr3h.default\cert8.db Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xzr8dr3h.default\flashgot.log Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xzr8dr3h.default\formhistory.dat Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xzr8dr3h.default\history.dat Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xzr8dr3h.default\key3.db Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xzr8dr3h.default\parent.lock Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xzr8dr3h.default\search.sqlite Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xzr8dr3h.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\Owner\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Media Player\CurrentDatabase_360.wmdb Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\xzr8dr3h.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\xzr8dr3h.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\xzr8dr3h.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\xzr8dr3h.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Owner\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Owner\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Mozilla Firefox\plugins\NPMyWebS.dll Infected: not-a-virus:AdWare.Win32.MyWebSearch.i skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{2F56FCF9-5D3C-4795-B1FC-1207D6FF9FA0}\RP488\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\pfirewall.log Object is locked skipped
C:\WINDOWS\prelimhanse.exe Infected: not-a-virus:AdWare.Win32.WebHancer skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{170D8495-7BB2-40E1-8E75-47018CB413E1}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\f3PSSavr.scr Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.



Result from HJT log

Logfile of HijackThis v1.99.1
Scan saved at 4:52:59 AM, on 11/3/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Sing-Gium International Pte Ltd\Pirate King\system\game.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\Desktop\New Folder\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 200.88.223.98:80
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: IDMIEHlprObj Class - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: (no name) - {7D9CB362-375B-4FB9-8024-E55079CC69D1}" - (no file)
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\PROGRA~1\FlashGet\getflash.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...html?p=ZJfox000
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp.com/rdqcpc/downloads/sysinfo.cab
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com/uploader/SlideImageUploader.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {7C5D062A-7A1E-4A46-A02B-A928084CBD66} (MLauncherNew Class) - http://legendofares.netgame.com/download/MusaLauncherNew.cab
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - http://ipgweb.cce.hp.com/rdqcpc/downloads/msxml4.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://download.games.yahoo.com/games/web_...outLauncher.cab
O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} - http://nprotect.nefficient.com/Mir3/KeyCrypt/npkcx.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://download.games.yahoo.com/games/web_...aploader_v6.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe

hhml
Nov 3 2006, 09:55 PM
How is my system now? Everything ok?
rridgely
Nov 3 2006, 09:57 PM
Do you have a myweb toolbar in firefox? If so uninstall the extension because its spyware.

Find and delete these files:

C:\WINDOWS\prelimhanse.exe
C:\WINDOWS\system32\f3PSSavr.scr

Let me know if you have any problems removing the files.
hhml
Nov 3 2006, 10:16 PM
They are deleted.
rridgely
Nov 3 2006, 10:37 PM
What about that firefox extension? Did you know which one I meant?

Also look for this file.(its releated to the extension so it should be gone if you uninstalled it)

C:\Program Files\Mozilla Firefox\plugins\NPMyWebS.dll
--------

How does the pc seem? Back to normal?
hhml
Nov 3 2006, 10:42 PM
I'm not sure about the myweb tool bar but as for the C:\Program Files\Mozilla Firefox\plugins\NPMyWebS.dll, it is not in the folder so I guess it must've been removed.

Btw, what is "viewpoint"? I found the folder in my C:\Program Files...not sure what it is or if it's needed. The PC seems fine, except it loads a lot slower and boots up slower after all the anti virus and spyware programs I've dl'd and installed.
rridgely
Nov 3 2006, 10:44 PM
Please list the firefox extensions that are showing in your browser. smile.gif (sorry just want to make sure)

Does the PC seem back to normal?
hhml
Nov 3 2006, 10:56 PM
Here is a picture of it http://img414.imageshack.us/my.php?image=untitledxv9.png

Btw, what is "viewpoint"? I found the folder in my C:\Program Files...not sure what it is or if it's needed. The PC seems fine, except it loads a lot slower and boots up slower after all the anti virus and spyware programs I've dl'd and installed.
rridgely
Nov 3 2006, 11:18 PM
Actually if you could give me a pic of the add ons menu that would be better.
Viewpoint is another junk program. It comes from AOL and most consider it spyware because of the way it installs itself.
hhml
Nov 3 2006, 11:28 PM
It has flashgot, internet download manager, and Talkback 2.0 in the add ons menu.
rridgely
Nov 3 2006, 11:32 PM
Ok, well then you should be good as long as your sure that file wasn't there.
How does the computer seem? Back to normal?
hhml
Nov 3 2006, 11:38 PM
Seems normal. Just a little slow with so many antivirus and spyware software installed smile.gif
rridgely
Nov 4 2006, 02:54 AM
Well you don't have to run them all. I would recommend you leave them installed but turn off the real time protection.(which will expire as they are all trials.) You will still be able to manualy update them and scan if the need ever comes around again.

Here is a great link to help you keep your computer clean:
http://www.castlecops.com/postlite7736-.html
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
Invision Power Board © 2001-2010 Invision Power Services, Inc.