Jump to content
Sign in to follow this  
Gordon24Johnson48

Trojan removal i have tried everything

Recommended Posts

Hey everyone you guys have saved me some money here before instead of having to go to the computer shop. I am having another problem now and was wondering if anyone could help. I have done a spyware scan and nothing comes up except tracking cookies. I did a scan with Norton because my AVG won't open. I keep getting an error when i try to open it saying that it needs to close.

 

Anyway my problem is a couple trojans that Norton found.

 

PWSteal.Trojan

Trojan.Cmapp

 

Those are the 2 trojans and it says there is 3 files i need to delete located in the system32 file.

 

Accies98.dll

AcciesX2

Runner.dll

 

When i try to delete those files i get an error message saying they are in use and can't be deleted. I also tried to delete them in safe mode with the same results. Does anyone know a way i can delete them? This is really a crazy trojan. It makes Internet explorer pretty much useless and it always freezes. Firefox seems to work ok but i get the same popup every few minutes.

 

Below is a hijackthis log:

 

Logfile of HijackThis v1.99.1

Scan saved at 10:05:09 PM, on 3/22/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

C:\WINDOWS\system32\oodag.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\WINDOWS\system32\wdfmgr.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\a-squared\a2guard.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Symantec\LiveUpdate\ALUNOTIFY.EXE

C:\Documents and Settings\Chris\Desktop\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank

F2 - REG:system.ini: UserInit=userinit.exe

O2 - BHO: Acrobat IE Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE083} - C:\WINDOWS\system\ctldlg32.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {8110581C-FEA4-47AC-ADBC-DE958DD0F354} - (no file)

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O2 - BHO: Yvakt Class - {DAAC59E5-093D-4D24-A105-55BFE4ACDE14} - C:\WINDOWS\system32\w9seq.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [a-squared] "C:\Program Files\a-squared\a2guard.exe"

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll

O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe

O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople

O16 - DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} (VaioInfo.CMClass) - http://esupport.sony.com/VaioInfo.CAB

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1140804302562

O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://www.temaki.org/activex/AMC.cab

O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx

O16 - DPF: {E5ABEB00-B357-4884-9949-77B2C71A7EE3} (BoardCtl Class) - http://www.intel.com/design/motherbd/boardid/BoardID.cab

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

O20 - AppInit_DLLs: Runner.dll,bhfkpooc.dll,EQMini.dll

O20 - Winlogon Notify: accies98 - C:\WINDOWS\SYSTEM32\accies98.dll

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll

O20 - Winlogon Notify: mmx4xt - C:\WINDOWS\SYSTEM32\mmx4xt.dll

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe

O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe

O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

 

Sorry if i explained it bad. I tried not to make it too confusing but i have been working on this all day doing nothing but spyware and virus scans. It's driving me crazy. :pullhair:

 

Thanks for any advice.

Share this post


Link to post
Share on other sites

Hi Gordon24Johnson28 and welcome to the PC Pitstop Forums .

 

My name is Trevuren and I will be helping you with your log.

 

I notice that you are using more than one antivirus program. This is very dangerous, as multiple AVs can interfere with one another and actually allow MORE viruses to get through. I strongly suggest you either (1) configure only one antivirus program to enable automatic realtime scanning, and leave the rest disabled most of the time, or (2) go to Start -> Control Panel -> Add/Remove Programs and uninstall all but one antivirus program.

 

Restart your system

 

 

1. Download, install, update, configure, and run Ad-Aware SE Personal 1.06.

  • Download Ad-Aware SE Personal 1.06:
  • Install Ad-Aware SE Personal 1.06:
    • Double-click on aawsepersonal.exe to install the program.
    • Follow the default settings for installation.
    • After the program has finished installing uncheck the "Perform a full system scan now", "Update definition file now", and "Open the help file now" boxes.
  • Update Ad-Aware SE Personal 1.06:
    • Double-click the Ad-Aware SE Personal icon on your desktop.
    • Click "Check for updates now" then click "Connect".
    • It will check for any updates. If any are found click "OK" to download and install the updates. Once it has finished click "Finish".
  • Configure Ad-Aware SE Personal 1.06:
    • Click on the Gear button at the top of the window.
    • Click "General" on the left hand side to display the General Settings box.
      • Make sure these items have a green check next to them. If they do not, click once on the circle next to them to put a green checkmark in it.:
        • "Automatically save logfile"
        • "Automatically quarantine objects prior to removal"
        • "Safe Mode (always request confirmation)"
        • "Prompt to update outdated definitions" - change to 7 days from the default 14.
    • Click "Scanning" on the left hand side to display the Scan Settings box.
      • Make sure these items have a green check next to them. If they do not, click once on the circle next to them to put a green checkmark in it.:
      • "Scan within archives"
      • "Select drives & folders to scan" - select your hard drive(s).
      • "Scan active processes"
      • "Scan registry"
      • "Deep-scan registry"
      • "Scan my IE favorites for banned URLs"
      • "Scan my Hosts file"
    • Click "Advanced" on the left hand side to display the Advanced Settings box.
      • Make sure these items have a green check next to them. If they do not, click once on the circle next to them to put a green checkmark in it.:
      • "Move deleted files to Recycle Bin"
      • "Include additional object information"
      • "Include negligible objects information"
      • "Include environment information"
    • Click "Defaults" on the left hand side to display the Default Settings box.
      • Make sure these items have your preferred settings in them.:
      • "Default homepage"
      • "Default searchpage"
    • Click "Tweak" on the left hand side to display the Tweak Settings box.
      • Click the + (plus) sign next to the Log Files section. This will expand the section.
      • Make sure these items have a green check next to them. If they do not, click once on the circle next to them to put a green checkmark in it.:
        • "Include basic Ad-Aware settings in log file"
        • "Include additional Ad-Aware settings in log file"
        • "Include reference summary in log file"
        • "Include alternate data stream details in log file"
      • Click the + (plus) sign next to the Scanning Engine section. This will expand the section.
      • Make sure these items have a green check next to them. If they do not, click once on the circle next to them to put a green checkmark in it.:
        • "Unload recognized processes & modules during scan"
        • "Scan registry for all users instead of current user only"
        • "Obtain command line of scanned processes"
      • Click the + (plus) sign next to the Cleaning Engine section. This will expand the section.
      • Make sure these items have a green check next to them. If they do not, click once on the circle next to them to put a green checkmark in it.:
        • "Always try to unload modules before deletion"
        • "During removal, unload Explorer and IE if necessary"
        • "Let Windows remove files in use at next reboot"
        • "Delete quarantined objects after restoring"
    • Once you are done with these settings, click "Proceed" to save them.
    • This will take you back to the main screen.
  • Run Ad-Aware SE Personal 1.06:
    • Click the "Start" button.
    • Uncheck the "Search for negligible risk entries" entry.
    • Choose the "Use custom scanning options" scan mode.
    • Click the "Next" button.
    • Ad-Aware will begin to scan for malware residing on your computer.
    • Allow the scan to finish.
    • Right-click on any entry in the list and click "Select All" to select the whole list.
    • Click "Next" and choose "OK" at the prompt to quarantine and remove the objects.
2. Please follow the instructions provided, you may want to print out these instructions and use them as a reference.
  • Please download ewido security suite it is a trial version of the program.
    • Install ewido security suite
    • When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
    • Launch ewido, there should be an icon on your desktop double-click it.
    • The program will prompt you to update click the OK button
    • The program will now go to the main screen
  • You will need to update ewido to the latest definition files.
    • On the left hand side of the main screen click update
    • Click on Start
    • The update will start and a progress bar will show the updates being installed.
  • Once the updates are installed do the following:
    • REBOOT into Safe Mode
    • Run EWIDO
    • Click on scanner
    • Click on Start Scan
    • Let the program scan the machine
    • While the scan is in progress you will be prompted to clean files, click OK
  • Once the scan has completed, there will be a button located on the bottom of the screen named Save report
    • Click Save report
    • Save the report to your desktop
  • Reboot your machine and post back a new HJT log and the ewido .txt log file you saved by using Add Reply
Regards,

 

Trevuren

Share this post


Link to post
Share on other sites

Thanks Trevuren for the reply. Great instructions that even i could follow. :)

 

Here is the updated hijackthis log. I also removed both AVG and Norton. I am now using Nod32 and it seems alot better then the others.

 

Logfile of HijackThis v1.99.1

Scan saved at 5:00:12 AM, on 3/23/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\ewido anti-malware\ewidoctrl.exe

C:\Program Files\Eset\nod32krn.exe

C:\WINDOWS\system32\oodag.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wdfmgr.exe

C:\Program Files\Eset\nod32kui.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\Chris\Desktop\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank

F2 - REG:system.ini: UserInit=userinit.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {8110581C-FEA4-47AC-ADBC-DE958DD0F354} - (no file)

O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll

O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe

O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople

O16 - DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} (VaioInfo.CMClass) - http://esupport.sony.com/VaioInfo.CAB

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1140804302562

O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://www.temaki.org/activex/AMC.cab

O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx

O16 - DPF: {E5ABEB00-B357-4884-9949-77B2C71A7EE3} (BoardCtl Class) - http://www.intel.com/design/motherbd/boardid/BoardID.cab

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

O20 - AppInit_DLLs: Runner.dll,bhfkpooc.dll,EQMini.dll

O20 - Winlogon Notify: accies98 - accies98.dll (file missing)

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll

O20 - Winlogon Notify: mmx4xt - C:\WINDOWS\SYSTEM32\mmx4xt.dll

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe

O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe

 

 

 

And here is the log from Ewido:

 

---------------------------------------------------------

ewido anti-malware - Scan report

---------------------------------------------------------

 

+ Created on: 4:56:58 AM, 3/23/2006

+ Report-Checksum: 39E3D679

 

+ Scan result:

 

HKLM\SOFTWARE\Classes\CLSID\{06849E9F-C8D7-4D59-B87D-784B7D6BE083} -> Logger.Agent.io : Cleaned with backup

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE083} -> Logger.Agent.io : Cleaned with backup

HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{06849E9F-C8D7-4D59-B87D-784B7D6BE083} -> Logger.Agent.io : Cleaned with backup

HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6001CDF7-6F45-471B-A203-0225615E35A7} -> Adware.Generic : Cleaned with backup

HKU\S-1-5-21-3658712748-555725883-4060058650-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{06849E9F-C8D7-4D59-B87D-784B7D6BE083} -> Logger.Agent.io : Cleaned with backup

HKU\S-1-5-21-3658712748-555725883-4060058650-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6001CDF7-6F45-471B-A203-0225615E35A7} -> Adware.Generic : Cleaned with backup

HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{06849E9F-C8D7-4D59-B87D-784B7D6BE083} -> Logger.Agent.io : Cleaned with backup

HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6001CDF7-6F45-471B-A203-0225615E35A7} -> Adware.Generic : Cleaned with backup

:mozilla.8:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\o6biovgz.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup

:mozilla.9:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\o6biovgz.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup

:mozilla.11:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\o6biovgz.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup

:mozilla.12:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\o6biovgz.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup

:mozilla.13:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\o6biovgz.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup

:mozilla.14:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\o6biovgz.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup

:mozilla.15:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\o6biovgz.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup

:mozilla.25:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\o6biovgz.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup

:mozilla.26:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\o6biovgz.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup

:mozilla.27:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\o6biovgz.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup

:mozilla.28:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\o6biovgz.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup

:mozilla.29:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\o6biovgz.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup

:mozilla.30:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\o6biovgz.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup

:mozilla.35:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\o6biovgz.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup

:mozilla.36:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\o6biovgz.default\cookies.txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup

:mozilla.42:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\o6biovgz.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup

:mozilla.43:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\o6biovgz.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup

:mozilla.51:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\o6biovgz.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup

:mozilla.52:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\o6biovgz.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup

:mozilla.53:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\o6biovgz.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup

:mozilla.58:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\o6biovgz.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup

:mozilla.71:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\o6biovgz.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup

:mozilla.72:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\o6biovgz.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup

:mozilla.89:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\o6biovgz.default\cookies.txt -> TrackingCookie.Coremetrics : Cleaned with backup

:mozilla.92:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\o6biovgz.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup

:mozilla.93:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\o6biovgz.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup

:mozilla.94:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\o6biovgz.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup

:mozilla.108:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\o6biovgz.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup

C:\Documents and Settings\Chris\Cookies\[email protected][2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup

C:\Documents and Settings\Chris\Cookies\[email protected][1].txt -> TrackingCookie.Questionmarket : Cleaned with backup

C:\Documents and Settings\Chris\Cookies\ch[email protected][1].txt -> TrackingCookie.Liveperson : Cleaned with backup

:mozilla.7:C:\Documents and Settings\Lisa\Application Data\Mozilla\Firefox\Profiles\5c1cyhzh.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup

:mozilla.8:C:\Documents and Settings\Lisa\Application Data\Mozilla\Firefox\Profiles\5c1cyhzh.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup

:mozilla.9:C:\Documents and Settings\Lisa\Application Data\Mozilla\Firefox\Profiles\5c1cyhzh.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup

:mozilla.10:C:\Documents and Settings\Lisa\Application Data\Mozilla\Firefox\Profiles\5c1cyhzh.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup

:mozilla.11:C:\Documents and Settings\Lisa\Application Data\Mozilla\Firefox\Profiles\5c1cyhzh.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup

:mozilla.12:C:\Documents and Settings\Lisa\Application Data\Mozilla\Firefox\Profiles\5c1cyhzh.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup

:mozilla.13:C:\Documents and Settings\Lisa\Application Data\Mozilla\Firefox\Profiles\5c1cyhzh.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup

:mozilla.14:C:\Documents and Settings\Lisa\Application Data\Mozilla\Firefox\Profiles\5c1cyhzh.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup

:mozilla.15:C:\Documents and Settings\Lisa\Application Data\Mozilla\Firefox\Profiles\5c1cyhzh.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup

:mozilla.16:C:\Documents and Settings\Lisa\Application Data\Mozilla\Firefox\Profiles\5c1cyhzh.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup

:mozilla.17:C:\Documents and Settings\Lisa\Application Data\Mozilla\Firefox\Profiles\5c1cyhzh.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup

:mozilla.18:C:\Documents and Settings\Lisa\Application Data\Mozilla\Firefox\Profiles\5c1cyhzh.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup

:mozilla.19:C:\Documents and Settings\Lisa\Application Data\Mozilla\Firefox\Profiles\5c1cyhzh.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup

:mozilla.20:C:\Documents and Settings\Lisa\Application Data\Mozilla\Firefox\Profiles\5c1cyhzh.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup

:mozilla.28:C:\Documents and Settings\Lisa\Application Data\Mozilla\Firefox\Profiles\5c1cyhzh.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup

:mozilla.29:C:\Documents and Settings\Lisa\Application Data\Mozilla\Firefox\Profiles\5c1cyhzh.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup

:mozilla.30:C:\Documents and Settings\Lisa\Application Data\Mozilla\Firefox\Profiles\5c1cyhzh.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup

:mozilla.31:C:\Documents and Settings\Lisa\Application Data\Mozilla\Firefox\Profiles\5c1cyhzh.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup

:mozilla.32:C:\Documents and Settings\Lisa\Application Data\Mozilla\Firefox\Profiles\5c1cyhzh.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup

:mozilla.40:C:\Documents and Settings\Lisa\Application Data\Mozilla\Firefox\Profiles\5c1cyhzh.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup

:mozilla.41:C:\Documents and Settings\Lisa\Application Data\Mozilla\Firefox\Profiles\5c1cyhzh.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup

:mozilla.42:C:\Documents and Settings\Lisa\Application Data\Mozilla\Firefox\Profiles\5c1cyhzh.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup

:mozilla.47:C:\Documents and Settings\Lisa\Application Data\Mozilla\Firefox\Profiles\5c1cyhzh.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup

:mozilla.48:C:\Documents and Settings\Lisa\Application Data\Mozilla\Firefox\Profiles\5c1cyhzh.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup

:mozilla.49:C:\Documents and Settings\Lisa\Application Data\Mozilla\Firefox\Profiles\5c1cyhzh.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup

:mozilla.50:C:\Documents and Settings\Lisa\Application Data\Mozilla\Firefox\Profiles\5c1cyhzh.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup

:mozilla.69:C:\Documents and Settings\Lisa\Application Data\Mozilla\Firefox\Profiles\5c1cyhzh.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup

:mozilla.70:C:\Documents and Settings\Lisa\Application Data\Mozilla\Firefox\Profiles\5c1cyhzh.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup

:mozilla.71:C:\Documents and Settings\Lisa\Application Data\Mozilla\Firefox\Profiles\5c1cyhzh.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup

:mozilla.72:C:\Documents and Settings\Lisa\Application Data\Mozilla\Firefox\Profiles\5c1cyhzh.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup

:mozilla.90:C:\Documents and Settings\Lisa\Application Data\Mozilla\Firefox\Profiles\5c1cyhzh.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup

:mozilla.92:C:\Documents and Settings\Lisa\Application Data\Mozilla\Firefox\Profiles\5c1cyhzh.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup

:mozilla.93:C:\Documents and Settings\Lisa\Application Data\Mozilla\Firefox\Profiles\5c1cyhzh.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup

:mozilla.94:C:\Documents and Settings\Lisa\Application Data\Mozilla\Firefox\Profiles\5c1cyhzh.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup

:mozilla.95:C:\Documents and Settings\Lisa\Application Data\Mozilla\Firefox\Profiles\5c1cyhzh.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup

:mozilla.96:C:\Documents and Settings\Lisa\Application Data\Mozilla\Firefox\Profiles\5c1cyhzh.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup

:mozilla.97:C:\Documents and Settings\Lisa\Application Data\Mozilla\Firefox\Profiles\5c1cyhzh.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup

:mozilla.117:C:\Documents and Settings\Lisa\Application Data\Mozilla\Firefox\Profiles\5c1cyhzh.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup

:mozilla.118:C:\Documents and Settings\Lisa\Application Data\Mozilla\Firefox\Profiles\5c1cyhzh.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup

:mozilla.119:C:\Documents and Settings\Lisa\Application Data\Mozilla\Firefox\Profiles\5c1cyhzh.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup

:mozilla.120:C:\Documents and Settings\Lisa\Application Data\Mozilla\Firefox\Profiles\5c1cyhzh.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup

:mozilla.121:C:\Documents and Settings\Lisa\Application Data\Mozilla\Firefox\Profiles\5c1cyhzh.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup

:mozilla.173:C:\Documents and Settings\Lisa\Application Data\Mozilla\Firefox\Profiles\5c1cyhzh.default\cookies.txt -> TrackingCookie.Tracking101 : Cleaned with backup

:mozilla.177:C:\Documents and Settings\Lisa\Application Data\Mozilla\Firefox\Profiles\5c1cyhzh.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup

:mozilla.178:C:\Documents and Settings\Lisa\Application Data\Mozilla\Firefox\Profiles\5c1cyhzh.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup

:mozilla.179:C:\Documents and Settings\Lisa\Application Data\Mozilla\Firefox\Profiles\5c1cyhzh.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup

:mozilla.180:C:\Documents and Settings\Lisa\Application Data\Mozilla\Firefox\Profiles\5c1cyhzh.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup

:mozilla.187:C:\Documents and Settings\Lisa\Application Data\Mozilla\Firefox\Profiles\5c1cyhzh.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup

:mozilla.235:C:\Documents and Settings\Lisa\Application Data\Mozilla\Firefox\Profiles\5c1cyhzh.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup

:mozilla.236:C:\Documents and Settings\Lisa\Application Data\Mozilla\Firefox\Profiles\5c1cyhzh.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup

:mozilla.255:C:\Documents and Settings\Lisa\Application Data\Mozilla\Firefox\Profiles\5c1cyhzh.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup

:mozilla.256:C:\Documents and Settings\Lisa\Application Data\Mozilla\Firefox\Profiles\5c1cyhzh.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup

:mozilla.268:C:\Documents and Settings\Lisa\Application Data\Mozilla\Firefox\Profiles\5c1cyhzh.default\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup

:mozilla.271:C:\Documents and Settings\Lisa\Application Data\Mozilla\Firefox\Profiles\5c1cyhzh.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup

:mozilla.275:C:\Documents and Settings\Lisa\Application Data\Mozilla\Firefox\Profiles\5c1cyhzh.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup

:mozilla.276:C:\Documents and Settings\Lisa\Application Data\Mozilla\Firefox\Profiles\5c1cyhzh.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup

:mozilla.277:C:\Documents and Settings\Lisa\Application Data\Mozilla\Firefox\Profiles\5c1cyhzh.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup

:mozilla.289:C:\Documents and Settings\Lisa\Application Data\Mozilla\Firefox\Profiles\5c1cyhzh.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup

:mozilla.290:C:\Documents and Settings\Lisa\Application Data\Mozilla\Firefox\Profiles\5c1cyhzh.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup

:mozilla.291:C:\Documents and Settings\Lisa\Application Data\Mozilla\Firefox\Profiles\5c1cyhzh.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup

:mozilla.292:C:\Documents and Settings\Lisa\Application Data\Mozilla\Firefox\Profiles\5c1cyhzh.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup

:mozilla.300:C:\Documents and Settings\Lisa\Application Data\Mozilla\Firefox\Profiles\5c1cyhzh.default\cookies.txt -> TrackingCookie.Spylog : Cleaned with backup

:mozilla.301:C:\Documents and Settings\Lisa\Application Data\Mozilla\Firefox\Profiles\5c1cyhzh.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup

:mozilla.302:C:\Documents and Settings\Lisa\Application Data\Mozilla\Firefox\Profiles\5c1cyhzh.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup

:mozilla.321:C:\Documents and Settings\Lisa\Application Data\Mozilla\Firefox\Profiles\5c1cyhzh.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup

:mozilla.322:C:\Documents and Settings\Lisa\Application Data\Mozilla\Firefox\Profiles\5c1cyhzh.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup

:mozilla.333:C:\Documents and Settings\Lisa\Application Data\Mozilla\Firefox\Profiles\5c1cyhzh.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup

:mozilla.334:C:\Documents and Settings\Lisa\Application Data\Mozilla\Firefox\Profiles\5c1cyhzh.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup

:mozilla.335:C:\Documents and Settings\Lisa\Application Data\Mozilla\Firefox\Profiles\5c1cyhzh.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup

:mozilla.336:C:\Documents and Settings\Lisa\Application Data\Mozilla\Firefox\Profiles\5c1cyhzh.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup

:mozilla.337:C:\Documents and Settings\Lisa\Application Data\Mozilla\Firefox\Profiles\5c1cyhzh.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup

:mozilla.338:C:\Documents and Settings\Lisa\Application Data\Mozilla\Firefox\Profiles\5c1cyhzh.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup

:mozilla.339:C:\Documents and Settings\Lisa\Application Data\Mozilla\Firefox\Profiles\5c1cyhzh.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup

:mozilla.340:C:\Documents and Settings\Lisa\Application Data\Mozilla\Firefox\Profiles\5c1cyhzh.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup

:mozilla.341:C:\Documents and Settings\Lisa\Application Data\Mozilla\Firefox\Profiles\5c1cyhzh.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup

:mozilla.342:C:\Documents and Settings\Lisa\Application Data\Mozilla\Firefox\Profiles\5c1cyhzh.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup

:mozilla.343:C:\Documents and Settings\Lisa\Application Data\Mozilla\Firefox\Profiles\5c1cyhzh.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup

:mozilla.344:C:\Documents and Settings\Lisa\Application Data\Mozilla\Firefox\Profiles\5c1cyhzh.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup

:mozilla.345:C:\Documents and Settings\Lisa\Application Data\Mozilla\Firefox\Profiles\5c1cyhzh.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup

:mozilla.410:C:\Documents and Settings\Lisa\Application Data\Mozilla\Firefox\Profiles\5c1cyhzh.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup

:mozilla.411:C:\Documents and Settings\Lisa\Application Data\Mozilla\Firefox\Profiles\5c1cyhzh.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup

:mozilla.412:C:\Documents and Settings\Lisa\Application Data\Mozilla\Firefox\Profiles\5c1cyhzh.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup

:mozilla.413:C:\Documents and Settings\Lisa\Application Data\Mozilla\Firefox\Profiles\5c1cyhzh.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup

:mozilla.414:C:\Documents and Settings\Lisa\Application Data\Mozilla\Firefox\Profiles\5c1cyhzh.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup

:mozilla.415:C:\Documents and Settings\Lisa\Application Data\Mozilla\Firefox\Profiles\5c1cyhzh.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup

:mozilla.417:C:\Documents and Settings\Lisa\Application Data\Mozilla\Firefox\Profiles\5c1cyhzh.default\cookies.txt -> TrackingCookie.Cqcounter : Cleaned with backup

:mozilla.418:C:\Documents and Settings\Lisa\Application Data\Mozilla\Firefox\Profiles\5c1cyhzh.default\cookies.txt -> TrackingCookie.Cqcounter : Cleaned with backup

:mozilla.421:C:\Documents and Settings\Lisa\Application Data\Mozilla\Firefox\Profiles\5c1cyhzh.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup

:mozilla.422:C:\Documents and Settings\Lisa\Application Data\Mozilla\Firefox\Profiles\5c1cyhzh.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup

:mozilla.423:C:\Documents and Settings\Lisa\Application Data\Mozilla\Firefox\Profiles\5c1cyhzh.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup

:mozilla.424:C:\Documents and Settings\Lisa\Application Data\Mozilla\Firefox\Profiles\5c1cyhzh.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup

:mozilla.425:C:\Documents and Settings\Lisa\Application Data\Mozilla\Firefox\Profiles\5c1cyhzh.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup

:mozilla.426:C:\Documents and Settings\Lisa\Application Data\Mozilla\Firefox\Profiles\5c1cyhzh.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup

:mozilla.427:C:\Documents and Settings\Lisa\Application Data\Mozilla\Firefox\Profiles\5c1cyhzh.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup

:mozilla.432:C:\Documents and Settings\Lisa\Application Data\Mozilla\Firefox\Profiles\5c1cyhzh.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup

:mozilla.433:C:\Documents and Settings\Lisa\Application Data\Mozilla\Firefox\Profiles\5c1cyhzh.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup

:mozilla.434:C:\Documents and Settings\Lisa\Application Data\Mozilla\Firefox\Profiles\5c1cyhzh.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup

:mozilla.435:C:\Documents and Settings\Lisa\Application Data\Mozilla\Firefox\Profiles\5c1cyhzh.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup

:mozilla.436:C:\Documents and Settings\Lisa\Application Data\Mozilla\Firefox\Profiles\5c1cyhzh.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup

:mozilla.437:C:\Documents and Settings\Lisa\Application Data\Mozilla\Firefox\Profiles\5c1cyhzh.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup

:mozilla.438:C:\Documents and Settings\Lisa\Application Data\Mozilla\Firefox\Profiles\5c1cyhzh.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup

:mozilla.439:C:\Documents and Settings\Lisa\Application Data\Mozilla\Firefox\Profiles\5c1cyhzh.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup

:mozilla.441:C:\Documents and Settings\Lisa\Application Data\Mozilla\Firefox\Profiles\5c1cyhzh.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned with backup

:mozilla.22:C:\Documents and Settings\Patti\Application Data\Mozilla\Firefox\Profiles\9mahpcdn.default\cookies.txt -> TrackingCookie.Addynamix : Cleaned with backup

:mozilla.23:C:\Documents and Settings\Patti\Application Data\Mozilla\Firefox\Profiles\9mahpcdn.default\cookies.txt -> TrackingCookie.Addynamix : Cleaned with backup

:mozilla.26:C:\Documents and Settings\Patti\Application Data\Mozilla\Firefox\Profiles\9mahpcdn.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup

:mozilla.27:C:\Documents and Settings\Patti\Application Data\Mozilla\Firefox\Profiles\9mahpcdn.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup

:mozilla.28:C:\Documents and Settings\Patti\Application Data\Mozilla\Firefox\Profiles\9mahpcdn.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup

:mozilla.29:C:\Documents and Settings\Patti\Application Data\Mozilla\Firefox\Profiles\9mahpcdn.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup

:mozilla.30:C:\Documents and Settings\Patti\Application Data\Mozilla\Firefox\Profiles\9mahpcdn.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup

:mozilla.31:C:\Documents and Settings\Patti\Application Data\Mozilla\Firefox\Profiles\9mahpcdn.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup

:mozilla.49:C:\Documents and Settings\Patti\Application Data\Mozilla\Firefox\Profiles\9mahpcdn.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup

:mozilla.50:C:\Documents and Settings\Patti\Application Data\Mozilla\Firefox\Profiles\9mahpcdn.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup

:mozilla.51:C:\Documents and Settings\Patti\Application Data\Mozilla\Firefox\Profiles\9mahpcdn.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup

:mozilla.57:C:\Documents and Settings\Patti\Application Data\Mozilla\Firefox\Profiles\9mahpcdn.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup

:mozilla.70:C:\Documents and Settings\Patti\Application Data\Mozilla\Firefox\Profiles\9mahpcdn.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup

:mozilla.71:C:\Documents and Settings\Patti\Application Data\Mozilla\Firefox\Profiles\9mahpcdn.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup

:mozilla.72:C:\Documents and Settings\Patti\Application Data\Mozilla\Firefox\Profiles\9mahpcdn.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup

:mozilla.73:C:\Documents and Settings\Patti\Application Data\Mozilla\Firefox\Profiles\9mahpcdn.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup

:mozilla.74:C:\Documents and Settings\Patti\Application Data\Mozilla\Firefox\Profiles\9mahpcdn.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup

:mozilla.78:C:\Documents and Settings\Patti\Application Data\Mozilla\Firefox\Profiles\9mahpcdn.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup

:mozilla.79:C:\Documents and Settings\Patti\Application Data\Mozilla\Firefox\Profiles\9mahpcdn.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup

:mozilla.80:C:\Documents and Settings\Patti\Application Data\Mozilla\Firefox\Profiles\9mahpcdn.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup

:mozilla.81:C:\Documents and Settings\Patti\Application Data\Mozilla\Firefox\Profiles\9mahpcdn.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup

:mozilla.82:C:\Documents and Settings\Patti\Application Data\Mozilla\Firefox\Profiles\9mahpcdn.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup

:mozilla.83:C:\Documents and Settings\Patti\Application Data\Mozilla\Firefox\Profiles\9mahpcdn.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup

:mozilla.84:C:\Documents and Settings\Patti\Application Data\Mozilla\Firefox\Profiles\9mahpcdn.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup

:mozilla.87:C:\Documents and Settings\Patti\Application Data\Mozilla\Firefox\Profiles\9mahpcdn.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup

:mozilla.88:C:\Documents and Settings\Patti\Application Data\Mozilla\Firefox\Profiles\9mahpcdn.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup

:mozilla.98:C:\Documents and Settings\Patti\Application Data\Mozilla\Firefox\Profiles\9mahpcdn.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup

:mozilla.99:C:\Documents and Settings\Patti\Application Data\Mozilla\Firefox\Profiles\9mahpcdn.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup

:mozilla.100:C:\Documents and Settings\Patti\Application Data\Mozilla\Firefox\Profiles\9mahpcdn.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup

:mozilla.101:C:\Documents and Settings\Patti\Application Data\Mozilla\Firefox\Profiles\9mahpcdn.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup

:mozilla.102:C:\Documents and Settings\Patti\Application Data\Mozilla\Firefox\Profiles\9mahpcdn.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup

:mozilla.137:C:\Documents and Settings\Patti\Application Data\Mozilla\Firefox\Profiles\9mahpcdn.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup

:mozilla.138:C:\Documents and Settings\Patti\Application Data\Mozilla\Firefox\Profiles\9mahpcdn.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup

:mozilla.139:C:\Documents and Settings\Patti\Application Data\Mozilla\Firefox\Profiles\9mahpcdn.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup

:mozilla.140:C:\Documents and Settings\Patti\Application Data\Mozilla\Firefox\Profiles\9mahpcdn.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup

C:\Documents and Settings\Patti\Cookies\[email protected][1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup

C:\Documents and Settings\Patti\Cookies\[email protected][2].txt -> TrackingCookie.Overture : Cleaned with backup

C:\Documents and Settings\Patti\Cookies\[email protected][2].txt -> TrackingCookie.Liveperson : Cleaned with backup

C:\WINDOWS\CheckS02.exe -> Trojan.VB.tg : Cleaned with backup

C:\WINDOWS\system\ctldlg32.dll -> Logger.Agent.io : Cleaned with backup

C:\WINDOWS\system32\8A8F8B8E8D9590.exe -> Trojan.VB.aft : Cleaned with backup

 

 

::Report End

 

I must still have something because i am still getting the same popup every few minutes from overstock.com showing a Charlie and the chocolate factory dvd. Internet explorer also still freezes after a few webpages and windows media player won't play anything.

Share this post


Link to post
Share on other sites

There is a file in your log of which I am unsure. For that reason, I need you to submit it to Jotti's for analysis.

 

1. Click HERE to get to Jotti's site.

 

2. At the top of the Jotti window, use the Browse button to locate the following file on your system:

 

C:\WINDOWS\SYSTEM32\mmx4xt.dll

 

3. Once you have located the file, click SUBMIT and the content of the file will be uploaded by the site and analysed.

 

4. Please provide me with the results of the analysis.

 

5. Now, please do the same with the following files:

 

C:\WINDOWS\SYSTEM32\EQMini.dll

 

C:\WINDOWS\SYSTEM32\bhfkpooc.dll

 

C:\WINDOWS\SYSTEM32\Runner.dll

 

Regards,

 

Trevuren

Share this post


Link to post
Share on other sites

I can't find the mmx4xt.dll file. I swear it's not there anymore. The search on the computer can't even find it. I will continue to look for it but i wanted to post the others.

 

EQMini.dll = OK found nothing

 

bhfkpooc.dll = Hmm this one can't be found either?

 

Runner.dll = OK found nothing

 

 

Those other 2 have seemed to disappear. Maybe they have already been deleted or something i'm not sure. The other 2 i got the OK results for also come back clean to Nod32.

Share this post


Link to post
Share on other sites

Logfile of HijackThis v1.99.1

Scan saved at 7:55:23 PM, on 3/23/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\ewido anti-malware\ewidoctrl.exe

C:\Program Files\Eset\nod32krn.exe

C:\WINDOWS\system32\oodag.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wdfmgr.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Eset\nod32kui.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Chris\Desktop\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank

F2 - REG:system.ini: UserInit=userinit.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {8110581C-FEA4-47AC-ADBC-DE958DD0F354} - (no file)

O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll

O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe

O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople

O16 - DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} (VaioInfo.CMClass) - http://esupport.sony.com/VaioInfo.CAB

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1140804302562

O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://www.temaki.org/activex/AMC.cab

O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx

O16 - DPF: {E5ABEB00-B357-4884-9949-77B2C71A7EE3} (BoardCtl Class) - http://www.intel.com/design/motherbd/boardid/BoardID.cab

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

O20 - AppInit_DLLs: Runner.dll,bhfkpooc.dll,EQMini.dll

O20 - Winlogon Notify: accies98 - accies98.dll (file missing)

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll

O20 - Winlogon Notify: mmx4xt - C:\WINDOWS\SYSTEM32\mmx4xt.dll

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe

O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe

 

One other question i have is when i try to use the Vaio system recovery wizard it says this wizard is only available on Vaio computers your computer in not recognized as a Vaio computer. It is indeed a Vaio though and i have used the wizard before. Is there anyway to fix that? If i could just get that to work again i could recover the system and everything would be good again.

Share this post


Link to post
Share on other sites

I am sorry but I am not an expert on Vaio systems. For this problem, you should consult either the manufacturer's website or one of our other forums after all the malware has been removed from your system. Some of these problems could still be malware related.

 

Please do a search for the following files using the Windows Search function and try to provide me with the exact path of the files in question:

 

EQMini.dll

 

bhfkpooc.dll

 

 

Trevuren

Share this post


Link to post
Share on other sites

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order in which they are mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes.

  • First we need to make all files and folders VISIBLE:
    • Go to start>control panel>folder options>view (tab)
    • Choose to "show hidden files and folders,"
    • Uncheck the "hide protected operating system files" and the "hide extensions for know file types" boxes.
    • Close the window with ok
  • Please RUN HijackThis.

    . Click the SCAN button to produce a log.

     

  • Place a check mark beside each one of the following items:

     

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank

    O2 - BHO: (no name) - {8110581C-FEA4-47AC-ADBC-DE958DD0F354} - (no file)

    O20 - AppInit_DLLs: Runner.dll,bhfkpooc.dll,EQMini.dll

    O20 - Winlogon Notify: accies98 - accies98.dll (file missing)

    O20 - Winlogon Notify: mmx4xt - C:\WINDOWS\SYSTEM32\mmx4xt.dll

     

     

  • Now with all the items selected, and all windows closed except for HJT, delete them by clicking the FIX checked button. Close the HijackThis window.

     

  • Reboot Your System in Safe Mode

     

    How to use the F8 method to Start Your Computer in Safe Mode

    • Restart the computer.
    • As soon as BIOS is loaded begin tapping the F8 key until the Advanced Options menu appears.
    • Use the arrow keys to select the Safe mode menu item
    • Press Enter.
  • Using Windows Explorer, locate the following files/folders, and DELETE them (if they are present):

     

    C:\Windows\system32\Runner.dll

    C:\WINDOWS\SYSTEM32\mmx4xt.dll

    C:\Windows\SYSTEM32\EQMini.dll

    C:\Windows\system32\bhfkpooc.dll

     

  • Exit Explorer, and REBOOT BACK INTO NORMAL MODE

     

  • Finally, RUN Hijackthis again and produce a new HJT log. Post it in the forum so we can check how everything looks now.
Regards,

 

Trevuren

Share this post


Link to post
Share on other sites

Here is a new Hijackthis log. When i checked everything and clicked fix it came up with an error message. I can't remember what it said and it was suppose to save the message somewhere but i can't find it. I will try again later i am just heading out to work now. It finally did let me delete the Runner.dll and the EQMini.dll files. The other 2 are nowhere to be found.

 

 

 

Logfile of HijackThis v1.99.1

Scan saved at 12:08:48 AM, on 3/25/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Eset\nod32kui.exe

C:\Program Files\ewido anti-malware\ewidoctrl.exe

C:\Program Files\Eset\nod32krn.exe

C:\WINDOWS\system32\oodag.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wdfmgr.exe

C:\WINDOWS\System32\svchost.exe

C:\Documents and Settings\Chris\Desktop\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

F2 - REG:system.ini: UserInit=userinit.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll

O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe

O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople

O16 - DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} (VaioInfo.CMClass) - http://esupport.sony.com/VaioInfo.CAB

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1140804302562

O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://www.temaki.org/activex/AMC.cab

O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx

O16 - DPF: {E5ABEB00-B357-4884-9949-77B2C71A7EE3} (BoardCtl Class) - http://www.intel.com/design/motherbd/boardid/BoardID.cab

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll

O20 - Winlogon Notify: mmx4xt - C:\WINDOWS\SYSTEM32\mmx4xt.dll

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe

O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe

Share this post


Link to post
Share on other sites

Download haxfix.exe

and save it to your desktop.

  • Double click on haxfix.exe to install haxfix. (standard installation path is c:\program Files\haxfix)
  • Checkmark "Create a desktop icon"
  • Click "Next"
  • When the installation is completed, make sure that the checkmark "Launch HaxFix" is placed
  • Click "Finish"
A red "dos window" (dos box) will open with options:

1. Make logfile

2. Run auto fix

3. Run manual fix

E. Exit Haxfix

  • Select option 1. Make logfile by typing 1 and then pressing Enter
  • Haxfix will start scanning the computer. When it is finished a logfile will open: haxlog.txt
  • Copy the contents of that logfile and paste it into this thread. (c:\haxfix.txt)
Regards,

 

Trevuren

Share this post


Link to post
Share on other sites

HAXFIX logfile - by Marckie

--------------

Sat 03/25/2006 4:25:03.31

 

checking for ps.a3d....

ps.a3d is present!

 

checking for matching notify keys....

matching notify keys found

mmx4

 

checking for matching services....

matching services found

mmx4xm

mmx4xt

 

checking for matching safeboot services....

matching safeboot services found

mmx4xm.sys

mmx4xt.sys

 

Thanks again Trevuren for taking all this time to help out a total stranger. It is greatly appreciated! :)

Share this post


Link to post
Share on other sites

Option 2 autofix

  • Open this folder program files > haxfix and double click on fix.bat (or double click on fix.bat desktop icon)
  • Close all other open windows since this step requires a reboot
  • Select option 2. Run auto fix by typing 2 and then pressing Enter
If an infection is found, you'll get a message to close all other open windows.
  • Close all open windows except the red dos window from haxfix and then press Enter
  • The computer will reboot
  • After reboot a logfile will open > (c:\haxfix.txt)
  • Post the contents of that logfile along with a new HijackThis log.

Regards,

 

Trevuren

Share this post


Link to post
Share on other sites

HAXFIX logfile - by Marckie

--------------

Sat 03/25/2006 15:05:49.34

 

Auto Haxdoorfix

 

 

haxdoor key: mmx4

 

searching for services....

services found

deleting services.....

[sWSC] DeleteService SUCCESS

[sWSC] DeleteService SUCCESS

 

 

rebooting the computer.....

 

 

haxdoor key: mmx4

searching for services....

services not found

 

checking if files are found.....

mmx4xt.dll exist

mmx4xm.sys exist

mmx432.dll not found

mmx432.sys not found

mmx464.sys not found

mmx416.dll not found

mmx416.sys not found

mmx424.sys not found

mmx4xt.sys not found

 

deleting files.....

 

checking if files are deleted.....

 

 

checking for other files.....

klgcptini.dat exist

qz.dll exist

qz.sys exist

stt82.ini exist

ps.a3d exist

qm.dll not found

qm.sys not found

qy.dll not found

qy.sys not found

zq.dll not found

zq.sys not found

klogini.dll not found

p3.ini not found

klo5.sys not found

fux87.ini not found

set87.ini not found

 

deleting other files.....

 

checking if the files are deleted.....

 

 

Finished

Share this post


Link to post
Share on other sites

Logfile of HijackThis v1.99.1

Scan saved at 5:05:06 PM, on 3/25/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\ewido anti-malware\ewidoctrl.exe

C:\Program Files\Eset\nod32krn.exe

C:\WINDOWS\system32\oodag.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Eset\nod32kui.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Chris\Desktop\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

F2 - REG:system.ini: UserInit=userinit.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll

O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe

O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople

O16 - DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} (VaioInfo.CMClass) - http://esupport.sony.com/VaioInfo.CAB

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1140804302562

O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://www.temaki.org/activex/AMC.cab

O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx

O16 - DPF: {E5ABEB00-B357-4884-9949-77B2C71A7EE3} (BoardCtl Class) - http://www.intel.com/design/motherbd/boardid/BoardID.cab

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe

O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe

Share this post


Link to post
Share on other sites

Congratulations, your log shows that your SYSTEM IS CLEAN

 

There are a few things you must do once you are completely clean:

 

1. Re-hide your System Files and Folders to prevent any future accidents.

 

Reconfigure Windows XP to hide hidden files:

  • Click Start. Open My Computer.
  • Select the Tools menu and click Folder Options. Select the View Tab.

  • Under the Hidden files and folders heading deselect "Show hidden files and folders".
  • Check the "Hide protected operating system files (recommended)" option.
  • Click Yes to confirm. Click OK.
2. Please download ATF Cleaner by Atribune.

This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.

Under Main choose: Select All

Click the Empty Selected button.

If you use Firefox browserClick Firefox at the top and choose: Select All

Click the Empty Selected button.

NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browserClick Opera at the top and choose: Select All

Click the Empty Selected button.

NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.

For Technical Support, double-click the e-mail address located at the bottom of each menu.

 

3. Reset and Re-enable your System Restore to remove bad files from the backup that Windows makes as no program is able to clean those files:

 

TO DISABLE SYSTEM RESTORE

  • Right-click "My Computer", and then left click "Properties".
  • Left click on "System Restore Tab"
  • Check box beside "Turn Off System Restore"
  • Left click on "Apply"
Reboot your System

 

TO ENABLE SYSTEM RESTORE

  • Remove check mark from "Turn Off System Restore"
  • Click on "Apply"
Here are some tips to reduce the potential for spyware infection in the future:

 

Make sure you keep your Windows OS current by visiting Windows update

regularly to download and install any critical updates and service packs. With out these you are leaving the backdoor open.

 

I strongly recommend installing the following applications:

  • Spywareblaster <= SpywareBlaster will prevent spyware from being installed.
  • Spywareguard <= SpywareGuard offers realtime protection from spyware installation attempts.
  • How to use Ad-Aware to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Ad-Aware.
  • How to use Spybot to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Spybot. Similar to Ad-Aware, I strongly recommend both to catch most spyware.
To protect yourself further:
  • Spyad <= IE/Spyad places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.
  • MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your coputer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer
  • Google Toolbar <= Get the free google toolbar to help stop pop up windows.
And also see TonyKlein's good advice

So how did I get infected in the first place? (My Favorite)

 

Regards,

 

Trevuren

Share this post


Link to post
Share on other sites

Thanks so much Trevuren. It seems to be back to normal for the most part now. IE still freezes but i use Firefox most of the time anyway so that doesn't matter. I noticed one of the viruses was called PWStealer or something like that. SHould i change all my passwords now just in case someone got them or was that just the name of it? I use online banking through my local bank so that just made me a little nervous. I already changed my bank account password from another computer a few days ago.

 

Thank you again you saved me from a trip to the computer shop. :beer:

Share this post


Link to post
Share on other sites

It wouldn't hurt to change your passwords. In any event, they all should be changed on a regular basis.

 

My Pleasure,

 

Trevuren

Share this post


Link to post
Share on other sites

It wouldn't hurt to change your passwords. In any event, they all should be changed on a regular basis.

 

My Pleasure,

 

Trevuren

Share this post


Link to post
Share on other sites
Sign in to follow this  

×
×
  • Create New...