Gordon24Johnson48 Report post Posted March 23, 2006 Hey everyone you guys have saved me some money here before instead of having to go to the computer shop. I am having another problem now and was wondering if anyone could help. I have done a spyware scan and nothing comes up except tracking cookies. I did a scan with Norton because my AVG won't open. I keep getting an error when i try to open it saying that it needs to close. Anyway my problem is a couple trojans that Norton found. PWSteal.Trojan Trojan.Cmapp Those are the 2 trojans and it says there is 3 files i need to delete located in the system32 file. Accies98.dll AcciesX2 Runner.dll When i try to delete those files i get an error message saying they are in use and can't be deleted. I also tried to delete them in safe mode with the same results. Does anyone know a way i can delete them? This is really a crazy trojan. It makes Internet explorer pretty much useless and it always freezes. Firefox seems to work ok but i get the same popup every few minutes. Below is a hijackthis log: Logfile of HijackThis v1.99.1 Scan saved at 10:05:09 PM, on 3/22/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\WINDOWS\system32\oodag.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\wdfmgr.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\a-squared\a2guard.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Symantec\LiveUpdate\ALUNOTIFY.EXE C:\Documents and Settings\Chris\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank F2 - REG:system.ini: UserInit=userinit.exe O2 - BHO: Acrobat IE Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE083} - C:\WINDOWS\system\ctldlg32.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {8110581C-FEA4-47AC-ADBC-DE958DD0F354} - (no file) O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O2 - BHO: Yvakt Class - {DAAC59E5-093D-4D24-A105-55BFE4ACDE14} - C:\WINDOWS\system32\w9seq.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [a-squared] "C:\Program Files\a-squared\a2guard.exe" O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople O16 - DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} (VaioInfo.CMClass) - http://esupport.sony.com/VaioInfo.CAB O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1140804302562 O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://www.temaki.org/activex/AMC.cab O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx O16 - DPF: {E5ABEB00-B357-4884-9949-77B2C71A7EE3} (BoardCtl Class) - http://www.intel.com/design/motherbd/boardid/BoardID.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - AppInit_DLLs: Runner.dll,bhfkpooc.dll,EQMini.dll O20 - Winlogon Notify: accies98 - C:\WINDOWS\SYSTEM32\accies98.dll O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O20 - Winlogon Notify: mmx4xt - C:\WINDOWS\SYSTEM32\mmx4xt.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe Sorry if i explained it bad. I tried not to make it too confusing but i have been working on this all day doing nothing but spyware and virus scans. It's driving me crazy. Thanks for any advice. Share this post Link to post Share on other sites
Trevuren Report post Posted March 23, 2006 Hi Gordon24Johnson28 and welcome to the PC Pitstop Forums . My name is Trevuren and I will be helping you with your log. I notice that you are using more than one antivirus program. This is very dangerous, as multiple AVs can interfere with one another and actually allow MORE viruses to get through. I strongly suggest you either (1) configure only one antivirus program to enable automatic realtime scanning, and leave the rest disabled most of the time, or (2) go to Start -> Control Panel -> Add/Remove Programs and uninstall all but one antivirus program. Restart your system 1. Download, install, update, configure, and run Ad-Aware SE Personal 1.06. Download Ad-Aware SE Personal 1.06:Download Ad-Aware SE Personal 1.06. Save aawsepersonal.exe to a convenient location. Install Ad-Aware SE Personal 1.06:Double-click on aawsepersonal.exe to install the program. Follow the default settings for installation. After the program has finished installing uncheck the "Perform a full system scan now", "Update definition file now", and "Open the help file now" boxes. Update Ad-Aware SE Personal 1.06:Double-click the Ad-Aware SE Personal icon on your desktop. Click "Check for updates now" then click "Connect". It will check for any updates. If any are found click "OK" to download and install the updates. Once it has finished click "Finish". Configure Ad-Aware SE Personal 1.06:Click on the Gear button at the top of the window. Click "General" on the left hand side to display the General Settings box.Make sure these items have a green check next to them. If they do not, click once on the circle next to them to put a green checkmark in it.:"Automatically save logfile" "Automatically quarantine objects prior to removal" "Safe Mode (always request confirmation)" "Prompt to update outdated definitions" - change to 7 days from the default 14. Click "Scanning" on the left hand side to display the Scan Settings box.Make sure these items have a green check next to them. If they do not, click once on the circle next to them to put a green checkmark in it.: "Scan within archives" "Select drives & folders to scan" - select your hard drive(s). "Scan active processes" "Scan registry" "Deep-scan registry" "Scan my IE favorites for banned URLs" "Scan my Hosts file" Click "Advanced" on the left hand side to display the Advanced Settings box.Make sure these items have a green check next to them. If they do not, click once on the circle next to them to put a green checkmark in it.: "Move deleted files to Recycle Bin" "Include additional object information" "Include negligible objects information" "Include environment information" Click "Defaults" on the left hand side to display the Default Settings box.Make sure these items have your preferred settings in them.: "Default homepage" "Default searchpage" Click "Tweak" on the left hand side to display the Tweak Settings box.Click the + (plus) sign next to the Log Files section. This will expand the section. Make sure these items have a green check next to them. If they do not, click once on the circle next to them to put a green checkmark in it.:"Include basic Ad-Aware settings in log file" "Include additional Ad-Aware settings in log file" "Include reference summary in log file" "Include alternate data stream details in log file" Click the + (plus) sign next to the Scanning Engine section. This will expand the section. Make sure these items have a green check next to them. If they do not, click once on the circle next to them to put a green checkmark in it.:"Unload recognized processes & modules during scan" "Scan registry for all users instead of current user only" "Obtain command line of scanned processes" Click the + (plus) sign next to the Cleaning Engine section. This will expand the section. Make sure these items have a green check next to them. If they do not, click once on the circle next to them to put a green checkmark in it.:"Always try to unload modules before deletion" "During removal, unload Explorer and IE if necessary" "Let Windows remove files in use at next reboot" "Delete quarantined objects after restoring" Once you are done with these settings, click "Proceed" to save them. This will take you back to the main screen. Run Ad-Aware SE Personal 1.06:Click the "Start" button. Uncheck the "Search for negligible risk entries" entry. Choose the "Use custom scanning options" scan mode. Click the "Next" button. Ad-Aware will begin to scan for malware residing on your computer. Allow the scan to finish. Right-click on any entry in the list and click "Select All" to select the whole list. Click "Next" and choose "OK" at the prompt to quarantine and remove the objects. 2. Please follow the instructions provided, you may want to print out these instructions and use them as a reference. Please download ewido security suite it is a trial version of the program.Install ewido security suite When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu". Launch ewido, there should be an icon on your desktop double-click it. The program will prompt you to update click the OK button The program will now go to the main screen You will need to update ewido to the latest definition files.On the left hand side of the main screen click update Click on Start The update will start and a progress bar will show the updates being installed. Once the updates are installed do the following:REBOOT into Safe Mode Run EWIDO Click on scanner Click on Start Scan Let the program scan the machine While the scan is in progress you will be prompted to clean files, click OK Once the scan has completed, there will be a button located on the bottom of the screen named Save reportClick Save report Save the report to your desktop Reboot your machine and post back a new HJT log and the ewido .txt log file you saved by using Add Reply Regards, Trevuren Share this post Link to post Share on other sites
Gordon24Johnson48 Report post Posted March 23, 2006 Thanks Trevuren for the reply. Great instructions that even i could follow. Here is the updated hijackthis log. I also removed both AVG and Norton. I am now using Nod32 and it seems alot better then the others. Logfile of HijackThis v1.99.1 Scan saved at 5:00:12 AM, on 3/23/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\ewido anti-malware\ewidoctrl.exe C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\system32\oodag.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wdfmgr.exe C:\Program Files\Eset\nod32kui.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Chris\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank F2 - REG:system.ini: UserInit=userinit.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {8110581C-FEA4-47AC-ADBC-DE958DD0F354} - (no file) O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople O16 - DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} (VaioInfo.CMClass) - http://esupport.sony.com/VaioInfo.CAB O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1140804302562 O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://www.temaki.org/activex/AMC.cab O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx O16 - DPF: {E5ABEB00-B357-4884-9949-77B2C71A7EE3} (BoardCtl Class) - http://www.intel.com/design/motherbd/boardid/BoardID.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - AppInit_DLLs: Runner.dll,bhfkpooc.dll,EQMini.dll O20 - Winlogon Notify: accies98 - accies98.dll (file missing) O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O20 - Winlogon Notify: mmx4xt - C:\WINDOWS\SYSTEM32\mmx4xt.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe And here is the log from Ewido: --------------------------------------------------------- ewido anti-malware - Scan report --------------------------------------------------------- + Created on: 4:56:58 AM, 3/23/2006 + Report-Checksum: 39E3D679 + Scan result: HKLM\SOFTWARE\Classes\CLSID\{06849E9F-C8D7-4D59-B87D-784B7D6BE083} -> Logger.Agent.io : Cleaned with backup HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE083} -> Logger.Agent.io : Cleaned with backup HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{06849E9F-C8D7-4D59-B87D-784B7D6BE083} -> Logger.Agent.io : Cleaned with backup HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6001CDF7-6F45-471B-A203-0225615E35A7} -> Adware.Generic : Cleaned with backup HKU\S-1-5-21-3658712748-555725883-4060058650-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{06849E9F-C8D7-4D59-B87D-784B7D6BE083} -> Logger.Agent.io : Cleaned with backup HKU\S-1-5-21-3658712748-555725883-4060058650-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6001CDF7-6F45-471B-A203-0225615E35A7} -> Adware.Generic : Cleaned with backup HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{06849E9F-C8D7-4D59-B87D-784B7D6BE083} -> Logger.Agent.io : Cleaned with backup HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6001CDF7-6F45-471B-A203-0225615E35A7} -> Adware.Generic : Cleaned with backup :mozilla.8:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\o6biovgz.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup :mozilla.9:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\o6biovgz.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup :mozilla.11:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\o6biovgz.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup :mozilla.12:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\o6biovgz.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup :mozilla.13:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\o6biovgz.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup :mozilla.14:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\o6biovgz.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup :mozilla.15:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\o6biovgz.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup :mozilla.25:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\o6biovgz.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup :mozilla.26:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\o6biovgz.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup :mozilla.27:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\o6biovgz.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup :mozilla.28:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\o6biovgz.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup :mozilla.29:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\o6biovgz.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup :mozilla.30:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\o6biovgz.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup :mozilla.35:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\o6biovgz.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup :mozilla.36:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\o6biovgz.default\cookies.txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup :mozilla.42:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\o6biovgz.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup :mozilla.43:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\o6biovgz.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup :mozilla.51:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\o6biovgz.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup :mozilla.52:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\o6biovgz.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup :mozilla.53:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\o6biovgz.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup :mozilla.58:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\o6biovgz.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup :mozilla.71:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\o6biovgz.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup :mozilla.72:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\o6biovgz.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup :mozilla.89:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\o6biovgz.default\cookies.txt -> TrackingCookie.Coremetrics : Cleaned with backup :mozilla.92:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\o6biovgz.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup :mozilla.93:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\o6biovgz.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup :mozilla.94:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\o6biovgz.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup :mozilla.108:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\o6biovgz.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup C:\Documents and Settings\Chris\Cookies\[email protected][2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup C:\Documents and Settings\Chris\Cookies\[email protected][1].txt -> TrackingCookie.Questionmarket : Cleaned with backup C:\Documents and Settings\Chris\Cookies\[email protected][1].txt -> TrackingCookie.Liveperson : Cleaned with backup :mozilla.7:C:\Documents and Settings\Lisa\Application Data\Mozilla\Firefox\Profiles\5c1cyhzh.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.8:C:\Documents and Settings\Lisa\Application Data\Mozilla\Firefox\Profiles\5c1cyhzh.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.9:C:\Documents and Settings\Lisa\Application Data\Mozilla\Firefox\Profiles\5c1cyhzh.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.10:C:\Documents and Settings\Lisa\Application Data\Mozilla\Firefox\Profiles\5c1cyhzh.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.11:C:\Documents and Settings\Lisa\Application Data\Mozilla\Firefox\Profiles\5c1cyhzh.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.12:C:\Documents and Settings\Lisa\Application Data\Mozilla\Firefox\Profiles\5c1cyhzh.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.13:C:\Documents and Settings\Lisa\Application Data\Mozilla\Firefox\Profiles\5c1cyhzh.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.14:C:\Documents and Settings\Lisa\Application Data\Mozilla\Firefox\Profiles\5c1cyhzh.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.15:C:\Documents and Settings\Lisa\Application Data\Mozilla\Firefox\Profiles\5c1cyhzh.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.16:C:\Documents and Settings\Lisa\Application Data\Mozilla\Firefox\Profiles\5c1cyhzh.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.17:C:\Documents and Settings\Lisa\Application Data\Mozilla\Firefox\Profiles\5c1cyhzh.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.18:C:\Documents and Settings\Lisa\Application Data\Mozilla\Firefox\Profiles\5c1cyhzh.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.19:C:\Documents and Settings\Lisa\Application Data\Mozilla\Firefox\Profiles\5c1cyhzh.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.20:C:\Documents and Settings\Lisa\Application Data\Mozilla\Firefox\Profiles\5c1cyhzh.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.28:C:\Documents and Settings\Lisa\Application Data\Mozilla\Firefox\Profiles\5c1cyhzh.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup :mozilla.29:C:\Documents and Settings\Lisa\Application Data\Mozilla\Firefox\Profiles\5c1cyhzh.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup :mozilla.30:C:\Documents and Settings\Lisa\Application Data\Mozilla\Firefox\Profiles\5c1cyhzh.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup :mozilla.31:C:\Documents and Settings\Lisa\Application Data\Mozilla\Firefox\Profiles\5c1cyhzh.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup :mozilla.32:C:\Documents and Settings\Lisa\Application Data\Mozilla\Firefox\Profiles\5c1cyhzh.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup :mozilla.40:C:\Documents and Settings\Lisa\Application Data\Mozilla\Firefox\Profiles\5c1cyhzh.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup :mozilla.41:C:\Documents and Settings\Lisa\Application Data\Mozilla\Firefox\Profiles\5c1cyhzh.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup :mozilla.42:C:\Documents and Settings\Lisa\Application Data\Mozilla\Firefox\Profiles\5c1cyhzh.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup :mozilla.47:C:\Documents and Settings\Lisa\Application Data\Mozilla\Firefox\Profiles\5c1cyhzh.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup :mozilla.48:C:\Documents and Settings\Lisa\Application Data\Mozilla\Firefox\Profiles\5c1cyhzh.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup :mozilla.49:C:\Documents and Settings\Lisa\Application Data\Mozilla\Firefox\Profiles\5c1cyhzh.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup :mozilla.50:C:\Documents and Settings\Lisa\Application Data\Mozilla\Firefox\Profiles\5c1cyhzh.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup :mozilla.69:C:\Documents and Settings\Lisa\Application Data\Mozilla\Firefox\Profiles\5c1cyhzh.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup :mozilla.70:C:\Documents and Settings\Lisa\Application Data\Mozilla\Firefox\Profiles\5c1cyhzh.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup :mozilla.71:C:\Documents and Settings\Lisa\Application Data\Mozilla\Firefox\Profiles\5c1cyhzh.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup :mozilla.72:C:\Documents and Settings\Lisa\Application Data\Mozilla\Firefox\Profiles\5c1cyhzh.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup :mozilla.90:C:\Documents and Settings\Lisa\Application Data\Mozilla\Firefox\Profiles\5c1cyhzh.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup :mozilla.92:C:\Documents and Settings\Lisa\Application Data\Mozilla\Firefox\Profiles\5c1cyhzh.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup :mozilla.93:C:\Documents and Settings\Lisa\Application Data\Mozilla\Firefox\Profiles\5c1cyhzh.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup :mozilla.94:C:\Documents and Settings\Lisa\Application Data\Mozilla\Firefox\Profiles\5c1cyhzh.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup :mozilla.95:C:\Documents and Settings\Lisa\Application Data\Mozilla\Firefox\Profiles\5c1cyhzh.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup :mozilla.96:C:\Documents and Settings\Lisa\Application Data\Mozilla\Firefox\Profiles\5c1cyhzh.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup :mozilla.97:C:\Documents and Settings\Lisa\Application Data\Mozilla\Firefox\Profiles\5c1cyhzh.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup :mozilla.117:C:\Documents and Settings\Lisa\Application Data\Mozilla\Firefox\Profiles\5c1cyhzh.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup :mozilla.118:C:\Documents and Settings\Lisa\Application Data\Mozilla\Firefox\Profiles\5c1cyhzh.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup :mozilla.119:C:\Documents and Settings\Lisa\Application Data\Mozilla\Firefox\Profiles\5c1cyhzh.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup :mozilla.120:C:\Documents and Settings\Lisa\Application Data\Mozilla\Firefox\Profiles\5c1cyhzh.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup :mozilla.121:C:\Documents and Settings\Lisa\Application Data\Mozilla\Firefox\Profiles\5c1cyhzh.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup :mozilla.173:C:\Documents and Settings\Lisa\Application Data\Mozilla\Firefox\Profiles\5c1cyhzh.default\cookies.txt -> TrackingCookie.Tracking101 : Cleaned with backup :mozilla.177:C:\Documents and Settings\Lisa\Application Data\Mozilla\Firefox\Profiles\5c1cyhzh.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup :mozilla.178:C:\Documents and Settings\Lisa\Application Data\Mozilla\Firefox\Profiles\5c1cyhzh.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup :mozilla.179:C:\Documents and Settings\Lisa\Application Data\Mozilla\Firefox\Profiles\5c1cyhzh.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup :mozilla.180:C:\Documents and Settings\Lisa\Application Data\Mozilla\Firefox\Profiles\5c1cyhzh.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup :mozilla.187:C:\Documents and Settings\Lisa\Application Data\Mozilla\Firefox\Profiles\5c1cyhzh.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.235:C:\Documents and Settings\Lisa\Application Data\Mozilla\Firefox\Profiles\5c1cyhzh.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup :mozilla.236:C:\Documents and Settings\Lisa\Application Data\Mozilla\Firefox\Profiles\5c1cyhzh.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup :mozilla.255:C:\Documents and Settings\Lisa\Application Data\Mozilla\Firefox\Profiles\5c1cyhzh.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup :mozilla.256:C:\Documents and Settings\Lisa\Application Data\Mozilla\Firefox\Profiles\5c1cyhzh.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup :mozilla.268:C:\Documents and Settings\Lisa\Application Data\Mozilla\Firefox\Profiles\5c1cyhzh.default\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup :mozilla.271:C:\Documents and Settings\Lisa\Application Data\Mozilla\Firefox\Profiles\5c1cyhzh.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup :mozilla.275:C:\Documents and Settings\Lisa\Application Data\Mozilla\Firefox\Profiles\5c1cyhzh.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup :mozilla.276:C:\Documents and Settings\Lisa\Application Data\Mozilla\Firefox\Profiles\5c1cyhzh.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup :mozilla.277:C:\Documents and Settings\Lisa\Application Data\Mozilla\Firefox\Profiles\5c1cyhzh.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup :mozilla.289:C:\Documents and Settings\Lisa\Application Data\Mozilla\Firefox\Profiles\5c1cyhzh.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup :mozilla.290:C:\Documents and Settings\Lisa\Application Data\Mozilla\Firefox\Profiles\5c1cyhzh.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup :mozilla.291:C:\Documents and Settings\Lisa\Application Data\Mozilla\Firefox\Profiles\5c1cyhzh.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup :mozilla.292:C:\Documents and Settings\Lisa\Application Data\Mozilla\Firefox\Profiles\5c1cyhzh.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup :mozilla.300:C:\Documents and Settings\Lisa\Application Data\Mozilla\Firefox\Profiles\5c1cyhzh.default\cookies.txt -> TrackingCookie.Spylog : Cleaned with backup :mozilla.301:C:\Documents and Settings\Lisa\Application Data\Mozilla\Firefox\Profiles\5c1cyhzh.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup :mozilla.302:C:\Documents and Settings\Lisa\Application Data\Mozilla\Firefox\Profiles\5c1cyhzh.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup :mozilla.321:C:\Documents and Settings\Lisa\Application Data\Mozilla\Firefox\Profiles\5c1cyhzh.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup :mozilla.322:C:\Documents and Settings\Lisa\Application Data\Mozilla\Firefox\Profiles\5c1cyhzh.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup :mozilla.333:C:\Documents and Settings\Lisa\Application Data\Mozilla\Firefox\Profiles\5c1cyhzh.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup :mozilla.334:C:\Documents and Settings\Lisa\Application Data\Mozilla\Firefox\Profiles\5c1cyhzh.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup :mozilla.335:C:\Documents and Settings\Lisa\Application Data\Mozilla\Firefox\Profiles\5c1cyhzh.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup :mozilla.336:C:\Documents and Settings\Lisa\Application Data\Mozilla\Firefox\Profiles\5c1cyhzh.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup :mozilla.337:C:\Documents and Settings\Lisa\Application Data\Mozilla\Firefox\Profiles\5c1cyhzh.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup :mozilla.338:C:\Documents and Settings\Lisa\Application Data\Mozilla\Firefox\Profiles\5c1cyhzh.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup :mozilla.339:C:\Documents and Settings\Lisa\Application Data\Mozilla\Firefox\Profiles\5c1cyhzh.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup :mozilla.340:C:\Documents and Settings\Lisa\Application Data\Mozilla\Firefox\Profiles\5c1cyhzh.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup :mozilla.341:C:\Documents and Settings\Lisa\Application Data\Mozilla\Firefox\Profiles\5c1cyhzh.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup :mozilla.342:C:\Documents and Settings\Lisa\Application Data\Mozilla\Firefox\Profiles\5c1cyhzh.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup :mozilla.343:C:\Documents and Settings\Lisa\Application Data\Mozilla\Firefox\Profiles\5c1cyhzh.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup :mozilla.344:C:\Documents and Settings\Lisa\Application Data\Mozilla\Firefox\Profiles\5c1cyhzh.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup :mozilla.345:C:\Documents and Settings\Lisa\Application Data\Mozilla\Firefox\Profiles\5c1cyhzh.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup :mozilla.410:C:\Documents and Settings\Lisa\Application Data\Mozilla\Firefox\Profiles\5c1cyhzh.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup :mozilla.411:C:\Documents and Settings\Lisa\Application Data\Mozilla\Firefox\Profiles\5c1cyhzh.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup :mozilla.412:C:\Documents and Settings\Lisa\Application Data\Mozilla\Firefox\Profiles\5c1cyhzh.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup :mozilla.413:C:\Documents and Settings\Lisa\Application Data\Mozilla\Firefox\Profiles\5c1cyhzh.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup :mozilla.414:C:\Documents and Settings\Lisa\Application Data\Mozilla\Firefox\Profiles\5c1cyhzh.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup :mozilla.415:C:\Documents and Settings\Lisa\Application Data\Mozilla\Firefox\Profiles\5c1cyhzh.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup :mozilla.417:C:\Documents and Settings\Lisa\Application Data\Mozilla\Firefox\Profiles\5c1cyhzh.default\cookies.txt -> TrackingCookie.Cqcounter : Cleaned with backup :mozilla.418:C:\Documents and Settings\Lisa\Application Data\Mozilla\Firefox\Profiles\5c1cyhzh.default\cookies.txt -> TrackingCookie.Cqcounter : Cleaned with backup :mozilla.421:C:\Documents and Settings\Lisa\Application Data\Mozilla\Firefox\Profiles\5c1cyhzh.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup :mozilla.422:C:\Documents and Settings\Lisa\Application Data\Mozilla\Firefox\Profiles\5c1cyhzh.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup :mozilla.423:C:\Documents and Settings\Lisa\Application Data\Mozilla\Firefox\Profiles\5c1cyhzh.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup :mozilla.424:C:\Documents and Settings\Lisa\Application Data\Mozilla\Firefox\Profiles\5c1cyhzh.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup :mozilla.425:C:\Documents and Settings\Lisa\Application Data\Mozilla\Firefox\Profiles\5c1cyhzh.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup :mozilla.426:C:\Documents and Settings\Lisa\Application Data\Mozilla\Firefox\Profiles\5c1cyhzh.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup :mozilla.427:C:\Documents and Settings\Lisa\Application Data\Mozilla\Firefox\Profiles\5c1cyhzh.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup :mozilla.432:C:\Documents and Settings\Lisa\Application Data\Mozilla\Firefox\Profiles\5c1cyhzh.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup :mozilla.433:C:\Documents and Settings\Lisa\Application Data\Mozilla\Firefox\Profiles\5c1cyhzh.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup :mozilla.434:C:\Documents and Settings\Lisa\Application Data\Mozilla\Firefox\Profiles\5c1cyhzh.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup :mozilla.435:C:\Documents and Settings\Lisa\Application Data\Mozilla\Firefox\Profiles\5c1cyhzh.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup :mozilla.436:C:\Documents and Settings\Lisa\Application Data\Mozilla\Firefox\Profiles\5c1cyhzh.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup :mozilla.437:C:\Documents and Settings\Lisa\Application Data\Mozilla\Firefox\Profiles\5c1cyhzh.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup :mozilla.438:C:\Documents and Settings\Lisa\Application Data\Mozilla\Firefox\Profiles\5c1cyhzh.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup :mozilla.439:C:\Documents and Settings\Lisa\Application Data\Mozilla\Firefox\Profiles\5c1cyhzh.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup :mozilla.441:C:\Documents and Settings\Lisa\Application Data\Mozilla\Firefox\Profiles\5c1cyhzh.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned with backup :mozilla.22:C:\Documents and Settings\Patti\Application Data\Mozilla\Firefox\Profiles\9mahpcdn.default\cookies.txt -> TrackingCookie.Addynamix : Cleaned with backup :mozilla.23:C:\Documents and Settings\Patti\Application Data\Mozilla\Firefox\Profiles\9mahpcdn.default\cookies.txt -> TrackingCookie.Addynamix : Cleaned with backup :mozilla.26:C:\Documents and Settings\Patti\Application Data\Mozilla\Firefox\Profiles\9mahpcdn.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup :mozilla.27:C:\Documents and Settings\Patti\Application Data\Mozilla\Firefox\Profiles\9mahpcdn.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup :mozilla.28:C:\Documents and Settings\Patti\Application Data\Mozilla\Firefox\Profiles\9mahpcdn.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup :mozilla.29:C:\Documents and Settings\Patti\Application Data\Mozilla\Firefox\Profiles\9mahpcdn.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup :mozilla.30:C:\Documents and Settings\Patti\Application Data\Mozilla\Firefox\Profiles\9mahpcdn.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup :mozilla.31:C:\Documents and Settings\Patti\Application Data\Mozilla\Firefox\Profiles\9mahpcdn.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup :mozilla.49:C:\Documents and Settings\Patti\Application Data\Mozilla\Firefox\Profiles\9mahpcdn.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup :mozilla.50:C:\Documents and Settings\Patti\Application Data\Mozilla\Firefox\Profiles\9mahpcdn.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup :mozilla.51:C:\Documents and Settings\Patti\Application Data\Mozilla\Firefox\Profiles\9mahpcdn.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup :mozilla.57:C:\Documents and Settings\Patti\Application Data\Mozilla\Firefox\Profiles\9mahpcdn.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup :mozilla.70:C:\Documents and Settings\Patti\Application Data\Mozilla\Firefox\Profiles\9mahpcdn.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup :mozilla.71:C:\Documents and Settings\Patti\Application Data\Mozilla\Firefox\Profiles\9mahpcdn.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup :mozilla.72:C:\Documents and Settings\Patti\Application Data\Mozilla\Firefox\Profiles\9mahpcdn.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup :mozilla.73:C:\Documents and Settings\Patti\Application Data\Mozilla\Firefox\Profiles\9mahpcdn.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup :mozilla.74:C:\Documents and Settings\Patti\Application Data\Mozilla\Firefox\Profiles\9mahpcdn.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup :mozilla.78:C:\Documents and Settings\Patti\Application Data\Mozilla\Firefox\Profiles\9mahpcdn.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup :mozilla.79:C:\Documents and Settings\Patti\Application Data\Mozilla\Firefox\Profiles\9mahpcdn.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup :mozilla.80:C:\Documents and Settings\Patti\Application Data\Mozilla\Firefox\Profiles\9mahpcdn.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup :mozilla.81:C:\Documents and Settings\Patti\Application Data\Mozilla\Firefox\Profiles\9mahpcdn.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup :mozilla.82:C:\Documents and Settings\Patti\Application Data\Mozilla\Firefox\Profiles\9mahpcdn.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup :mozilla.83:C:\Documents and Settings\Patti\Application Data\Mozilla\Firefox\Profiles\9mahpcdn.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup :mozilla.84:C:\Documents and Settings\Patti\Application Data\Mozilla\Firefox\Profiles\9mahpcdn.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup :mozilla.87:C:\Documents and Settings\Patti\Application Data\Mozilla\Firefox\Profiles\9mahpcdn.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup :mozilla.88:C:\Documents and Settings\Patti\Application Data\Mozilla\Firefox\Profiles\9mahpcdn.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup :mozilla.98:C:\Documents and Settings\Patti\Application Data\Mozilla\Firefox\Profiles\9mahpcdn.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup :mozilla.99:C:\Documents and Settings\Patti\Application Data\Mozilla\Firefox\Profiles\9mahpcdn.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup :mozilla.100:C:\Documents and Settings\Patti\Application Data\Mozilla\Firefox\Profiles\9mahpcdn.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup :mozilla.101:C:\Documents and Settings\Patti\Application Data\Mozilla\Firefox\Profiles\9mahpcdn.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup :mozilla.102:C:\Documents and Settings\Patti\Application Data\Mozilla\Firefox\Profiles\9mahpcdn.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup :mozilla.137:C:\Documents and Settings\Patti\Application Data\Mozilla\Firefox\Profiles\9mahpcdn.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup :mozilla.138:C:\Documents and Settings\Patti\Application Data\Mozilla\Firefox\Profiles\9mahpcdn.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup :mozilla.139:C:\Documents and Settings\Patti\Application Data\Mozilla\Firefox\Profiles\9mahpcdn.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup :mozilla.140:C:\Documents and Settings\Patti\Application Data\Mozilla\Firefox\Profiles\9mahpcdn.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup C:\Documents and Settings\Patti\Cookies\[email protected][1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup C:\Documents and Settings\Patti\Cookies\[email protected][2].txt -> TrackingCookie.Overture : Cleaned with backup C:\Documents and Settings\Patti\Cookies\[email protected][2].txt -> TrackingCookie.Liveperson : Cleaned with backup C:\WINDOWS\CheckS02.exe -> Trojan.VB.tg : Cleaned with backup C:\WINDOWS\system\ctldlg32.dll -> Logger.Agent.io : Cleaned with backup C:\WINDOWS\system32\8A8F8B8E8D9590.exe -> Trojan.VB.aft : Cleaned with backup ::Report End I must still have something because i am still getting the same popup every few minutes from overstock.com showing a Charlie and the chocolate factory dvd. Internet explorer also still freezes after a few webpages and windows media player won't play anything. Share this post Link to post Share on other sites
Trevuren Report post Posted March 23, 2006 There is a file in your log of which I am unsure. For that reason, I need you to submit it to Jotti's for analysis. 1. Click HERE to get to Jotti's site. 2. At the top of the Jotti window, use the Browse button to locate the following file on your system: C:\WINDOWS\SYSTEM32\mmx4xt.dll 3. Once you have located the file, click SUBMIT and the content of the file will be uploaded by the site and analysed. 4. Please provide me with the results of the analysis. 5. Now, please do the same with the following files: C:\WINDOWS\SYSTEM32\EQMini.dll C:\WINDOWS\SYSTEM32\bhfkpooc.dll C:\WINDOWS\SYSTEM32\Runner.dll Regards, Trevuren Share this post Link to post Share on other sites
Gordon24Johnson48 Report post Posted March 23, 2006 I can't find the mmx4xt.dll file. I swear it's not there anymore. The search on the computer can't even find it. I will continue to look for it but i wanted to post the others. EQMini.dll = OK found nothing bhfkpooc.dll = Hmm this one can't be found either? Runner.dll = OK found nothing Those other 2 have seemed to disappear. Maybe they have already been deleted or something i'm not sure. The other 2 i got the OK results for also come back clean to Nod32. Share this post Link to post Share on other sites
Trevuren Report post Posted March 24, 2006 Please post a fresh HJT log Trevuren Share this post Link to post Share on other sites
Gordon24Johnson48 Report post Posted March 24, 2006 Logfile of HijackThis v1.99.1 Scan saved at 7:55:23 PM, on 3/23/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\ewido anti-malware\ewidoctrl.exe C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\system32\oodag.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wdfmgr.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Eset\nod32kui.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Chris\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank F2 - REG:system.ini: UserInit=userinit.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {8110581C-FEA4-47AC-ADBC-DE958DD0F354} - (no file) O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople O16 - DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} (VaioInfo.CMClass) - http://esupport.sony.com/VaioInfo.CAB O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1140804302562 O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://www.temaki.org/activex/AMC.cab O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx O16 - DPF: {E5ABEB00-B357-4884-9949-77B2C71A7EE3} (BoardCtl Class) - http://www.intel.com/design/motherbd/boardid/BoardID.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - AppInit_DLLs: Runner.dll,bhfkpooc.dll,EQMini.dll O20 - Winlogon Notify: accies98 - accies98.dll (file missing) O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O20 - Winlogon Notify: mmx4xt - C:\WINDOWS\SYSTEM32\mmx4xt.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe One other question i have is when i try to use the Vaio system recovery wizard it says this wizard is only available on Vaio computers your computer in not recognized as a Vaio computer. It is indeed a Vaio though and i have used the wizard before. Is there anyway to fix that? If i could just get that to work again i could recover the system and everything would be good again. Share this post Link to post Share on other sites
Trevuren Report post Posted March 24, 2006 I am sorry but I am not an expert on Vaio systems. For this problem, you should consult either the manufacturer's website or one of our other forums after all the malware has been removed from your system. Some of these problems could still be malware related. Please do a search for the following files using the Windows Search function and try to provide me with the exact path of the files in question: EQMini.dll bhfkpooc.dll Trevuren Share this post Link to post Share on other sites
Gordon24Johnson48 Report post Posted March 24, 2006 The EQMini.dll is in C:\WINDOWS\system32 I get no results for the bhfkpooc.dll Share this post Link to post Share on other sites
Trevuren Report post Posted March 24, 2006 Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order in which they are mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. First we need to make all files and folders VISIBLE: Go to start>control panel>folder options>view (tab) Choose to "show hidden files and folders," Uncheck the "hide protected operating system files" and the "hide extensions for know file types" boxes. Close the window with ok Please RUN HijackThis.. Click the SCAN button to produce a log. Place a check mark beside each one of the following items: R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank O2 - BHO: (no name) - {8110581C-FEA4-47AC-ADBC-DE958DD0F354} - (no file) O20 - AppInit_DLLs: Runner.dll,bhfkpooc.dll,EQMini.dll O20 - Winlogon Notify: accies98 - accies98.dll (file missing) O20 - Winlogon Notify: mmx4xt - C:\WINDOWS\SYSTEM32\mmx4xt.dll Now with all the items selected, and all windows closed except for HJT, delete them by clicking the FIX checked button. Close the HijackThis window. Reboot Your System in Safe Mode How to use the F8 method to Start Your Computer in Safe Mode Restart the computer. As soon as BIOS is loaded begin tapping the F8 key until the Advanced Options menu appears. Use the arrow keys to select the Safe mode menu item Press Enter. Using Windows Explorer, locate the following files/folders, and DELETE them (if they are present): C:\Windows\system32\Runner.dll C:\WINDOWS\SYSTEM32\mmx4xt.dll C:\Windows\SYSTEM32\EQMini.dll C:\Windows\system32\bhfkpooc.dll Exit Explorer, and REBOOT BACK INTO NORMAL MODE Finally, RUN Hijackthis again and produce a new HJT log. Post it in the forum so we can check how everything looks now. Regards, Trevuren Share this post Link to post Share on other sites
Gordon24Johnson48 Report post Posted March 25, 2006 Here is a new Hijackthis log. When i checked everything and clicked fix it came up with an error message. I can't remember what it said and it was suppose to save the message somewhere but i can't find it. I will try again later i am just heading out to work now. It finally did let me delete the Runner.dll and the EQMini.dll files. The other 2 are nowhere to be found. Logfile of HijackThis v1.99.1 Scan saved at 12:08:48 AM, on 3/25/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Eset\nod32kui.exe C:\Program Files\ewido anti-malware\ewidoctrl.exe C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\system32\oodag.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wdfmgr.exe C:\WINDOWS\System32\svchost.exe C:\Documents and Settings\Chris\Desktop\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ F2 - REG:system.ini: UserInit=userinit.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople O16 - DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} (VaioInfo.CMClass) - http://esupport.sony.com/VaioInfo.CAB O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1140804302562 O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://www.temaki.org/activex/AMC.cab O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx O16 - DPF: {E5ABEB00-B357-4884-9949-77B2C71A7EE3} (BoardCtl Class) - http://www.intel.com/design/motherbd/boardid/BoardID.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O20 - Winlogon Notify: mmx4xt - C:\WINDOWS\SYSTEM32\mmx4xt.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe Share this post Link to post Share on other sites
Trevuren Report post Posted March 25, 2006 Download haxfix.exe and save it to your desktop. Double click on haxfix.exe to install haxfix. (standard installation path is c:\program Files\haxfix) Checkmark "Create a desktop icon" Click "Next" When the installation is completed, make sure that the checkmark "Launch HaxFix" is placed Click "Finish" A red "dos window" (dos box) will open with options:1. Make logfile 2. Run auto fix 3. Run manual fix E. Exit Haxfix Select option 1. Make logfile by typing 1 and then pressing Enter Haxfix will start scanning the computer. When it is finished a logfile will open: haxlog.txt Copy the contents of that logfile and paste it into this thread. (c:\haxfix.txt) Regards, Trevuren Share this post Link to post Share on other sites
Gordon24Johnson48 Report post Posted March 25, 2006 HAXFIX logfile - by Marckie -------------- Sat 03/25/2006 4:25:03.31 checking for ps.a3d.... ps.a3d is present! checking for matching notify keys.... matching notify keys found mmx4 checking for matching services.... matching services found mmx4xm mmx4xt checking for matching safeboot services.... matching safeboot services found mmx4xm.sys mmx4xt.sys Thanks again Trevuren for taking all this time to help out a total stranger. It is greatly appreciated! Share this post Link to post Share on other sites
Trevuren Report post Posted March 25, 2006 Option 2 autofix Open this folder program files > haxfix and double click on fix.bat (or double click on fix.bat desktop icon) Close all other open windows since this step requires a reboot Select option 2. Run auto fix by typing 2 and then pressing Enter If an infection is found, you'll get a message to close all other open windows.Close all open windows except the red dos window from haxfix and then press Enter The computer will reboot After reboot a logfile will open > (c:\haxfix.txt) Post the contents of that logfile along with a new HijackThis log. Regards, Trevuren Share this post Link to post Share on other sites
Gordon24Johnson48 Report post Posted March 25, 2006 HAXFIX logfile - by Marckie -------------- Sat 03/25/2006 15:05:49.34 Auto Haxdoorfix haxdoor key: mmx4 searching for services.... services found deleting services..... [sWSC] DeleteService SUCCESS [sWSC] DeleteService SUCCESS rebooting the computer..... haxdoor key: mmx4 searching for services.... services not found checking if files are found..... mmx4xt.dll exist mmx4xm.sys exist mmx432.dll not found mmx432.sys not found mmx464.sys not found mmx416.dll not found mmx416.sys not found mmx424.sys not found mmx4xt.sys not found deleting files..... checking if files are deleted..... checking for other files..... klgcptini.dat exist qz.dll exist qz.sys exist stt82.ini exist ps.a3d exist qm.dll not found qm.sys not found qy.dll not found qy.sys not found zq.dll not found zq.sys not found klogini.dll not found p3.ini not found klo5.sys not found fux87.ini not found set87.ini not found deleting other files..... checking if the files are deleted..... Finished Share this post Link to post Share on other sites
Trevuren Report post Posted March 25, 2006 Please post a fresh HJT log for review Trevuren Share this post Link to post Share on other sites
Gordon24Johnson48 Report post Posted March 25, 2006 Logfile of HijackThis v1.99.1 Scan saved at 5:05:06 PM, on 3/25/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\ewido anti-malware\ewidoctrl.exe C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\system32\oodag.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Eset\nod32kui.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Chris\Desktop\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ F2 - REG:system.ini: UserInit=userinit.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople O16 - DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} (VaioInfo.CMClass) - http://esupport.sony.com/VaioInfo.CAB O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1140804302562 O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://www.temaki.org/activex/AMC.cab O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx O16 - DPF: {E5ABEB00-B357-4884-9949-77B2C71A7EE3} (BoardCtl Class) - http://www.intel.com/design/motherbd/boardid/BoardID.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe Share this post Link to post Share on other sites
Trevuren Report post Posted March 25, 2006 Congratulations, your log shows that your SYSTEM IS CLEAN There are a few things you must do once you are completely clean: 1. Re-hide your System Files and Folders to prevent any future accidents. Reconfigure Windows XP to hide hidden files: Click Start. Open My Computer. Select the Tools menu and click Folder Options. Select the View Tab. Under the Hidden files and folders heading deselect "Show hidden files and folders". Check the "Hide protected operating system files (recommended)" option. Click Yes to confirm. Click OK. 2. Please download ATF Cleaner by Atribune.This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program. Under Main choose: Select All Click the Empty Selected button. If you use Firefox browserClick Firefox at the top and choose: Select All Click the Empty Selected button. NOTE: If you would like to keep your saved passwords, please click No at the prompt. If you use Opera browserClick Opera at the top and choose: Select All Click the Empty Selected button. NOTE: If you would like to keep your saved passwords, please click No at the prompt. Click Exit on the Main menu to close the program. For Technical Support, double-click the e-mail address located at the bottom of each menu. 3. Reset and Re-enable your System Restore to remove bad files from the backup that Windows makes as no program is able to clean those files: TO DISABLE SYSTEM RESTORE Right-click "My Computer", and then left click "Properties". Left click on "System Restore Tab" Check box beside "Turn Off System Restore" Left click on "Apply" Reboot your System TO ENABLE SYSTEM RESTORE Remove check mark from "Turn Off System Restore" Click on "Apply" Here are some tips to reduce the potential for spyware infection in the future: Make sure you keep your Windows OS current by visiting Windows update regularly to download and install any critical updates and service packs. With out these you are leaving the backdoor open. I strongly recommend installing the following applications: Spywareblaster <= SpywareBlaster will prevent spyware from being installed. Spywareguard <= SpywareGuard offers realtime protection from spyware installation attempts. How to use Ad-Aware to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Ad-Aware. How to use Spybot to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Spybot. Similar to Ad-Aware, I strongly recommend both to catch most spyware. To protect yourself further: Spyad <= IE/Spyad places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites. MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your coputer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer Google Toolbar <= Get the free google toolbar to help stop pop up windows. And also see TonyKlein's good advice So how did I get infected in the first place? (My Favorite) Regards, Trevuren Share this post Link to post Share on other sites
Gordon24Johnson48 Report post Posted March 26, 2006 Thanks so much Trevuren. It seems to be back to normal for the most part now. IE still freezes but i use Firefox most of the time anyway so that doesn't matter. I noticed one of the viruses was called PWStealer or something like that. SHould i change all my passwords now just in case someone got them or was that just the name of it? I use online banking through my local bank so that just made me a little nervous. I already changed my bank account password from another computer a few days ago. Thank you again you saved me from a trip to the computer shop. :beer: Share this post Link to post Share on other sites
Trevuren Report post Posted March 26, 2006 It wouldn't hurt to change your passwords. In any event, they all should be changed on a regular basis. My Pleasure, Trevuren Share this post Link to post Share on other sites
Trevuren Report post Posted March 26, 2006 It wouldn't hurt to change your passwords. In any event, they all should be changed on a regular basis. My Pleasure, Trevuren Share this post Link to post Share on other sites