Tech Support Forum banner
Cancel

computer = infected: little help?

Jump to Latest Follow
Status
Not open for further replies.
1 - 20 of 26 Posts
S

· Registered
Joined
·
136 Posts
Discussion Starter · #1 ·
Alright, well basically... I've noticed that when I google search then click on a link, it is always redirecting me to other sites or other searches on other sites, which is getting annoying... I then tried a couple different spyware/adware scans, they turned up a few things, but of course the programs only detected them and didn't fix them. The last one I just tried 2 days ago was spyware doctor, and when I ran that one, it came up with 81 (others only turned up less than 10) and one of them was some sort of "high" trojan threat. I didn't have time at the moment to come to this security center thing (just had to go to work) and haven't gotten around to it until now. something else to mention though is that this morning when I tried to start up my computer, I was experiencing a "blue screen of death" and a couple days prior, the computer randomly restarted (only 3-4 times over the past week or 2) then when it would start up again it would say "windows just recovered from a serious error..." etc. anyways, this morning, it did that thing where it keeps restarting, so I tried try last good config, didn't work, then tried safemode, then a list of all that text came up, something like...

windows\SYSTEM32\whatever.sdalkfj (not that exactly obviously, but something like that)

it was staying on that for a while so i went to get a drink, came back, and it appeared to start up (but it doesn't seem to be safe mode... doesn't have that safemode wallpaper and bad graphics...). frankly I don't know if it will start up again or not, so I'd rather not turn it off... oh and after i started the computer I did in the run menu "SFC /SCANNOW" (i just remembered someone told me to do that from the last time I had a problem) I put in the disk and it did whatever it does... now I'm here

I read that "read this before posting" thing, I downloaded all of the spyware/virus/whatever software and all that, but I also noticed the post says NOT to have SP2 installed, but I already do... would that be a problem in trying to figure out whats wrong and cleaning up everything? I am not sure what to do whatsoever... help! :eek:
 
Ried

· TSF Security Manager, Emeritus
Joined
·
42,952 Posts
#3 ·
Hello silentfox618,

If you are unable to complete any online scans, then please just post a HijackThis log.

Please download HijackThis - this program will help us determine the extent of any spyware/malware on your computer as well as aid us in removing it.

Double-click on the file you just downloaded.
Click on the "Unzip" button to install. It will by default install to the directory - C:\PROGRAM FILES\HIJACKTHIS\

Double click on HijackThis.exe to run the program.

1. If it gives you an intro screen, just choose 'Do a system scan and save a logfile'.
2. If you don't get the intro screen, just hit Scan and then click on Save log.
3. Post the hijackthis.log file here.

**Do not fix anything in HijackThis as many entries are harmless and necessary for the proper operation of your system.
 
Save Share
S

· Registered
Joined
·
136 Posts
Discussion Starter · #4 · (Edited)
One Problem I have is that Internet Explorer keeps redirecting me whenever I click on a search result to completely unrelated sites. the other problem I mentioned about starting the computer up, doesn't seem to be a problem right now... basically I just want to get my system cleaned up and make sure all is well...

EDIT I was able to do all the scans and stuff, took a while, but got it done... (didn't see your post until after I posted this)

Logfile of HijackThis v1.99.1
Scan saved at 5:26:11 PM, on 12/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: ZILLAbar BHO - {1827766B-9F49-4854-8034-F6EE26FCB1EC} - C:\Program Files\STOPzilla!\ZB2.dll (file missing)
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll (file missing)
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll (file missing)
O3 - Toolbar: STOPzilla - {98828DED-A591-462F-83BA-D2F62A68B8B8} - C:\Program Files\STOPzilla!\ZB2.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [SoftwareStation] "C:\Program Files\eAcceleration\Station\station.exe" /b Startup
O4 - HKLM\..\Run: [StopSignSsTsMon] Rundll32.exe "C:\Program Files\Acceleration Software\Anti-Virus\sstsmon.dll",VerifyStatus
O4 - HKLM\..\Run: [webscan] "C:\Program Files\Acceleration Software\Anti-Virus\stopsignav.exe" -k
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/4h/player.virtools.com/downloads/player/Install3.0/Installer.exe
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,1,0,4915/mcfscan.cab
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - Unknown owner - C:\Program Files\Spyware Doctor\sdhelp.exe (file missing)
 
Ried

· TSF Security Manager, Emeritus
Joined
·
42,952 Posts
#5 ·
Hi,

The first thing we need to do is get a better Anti Virus program on your system. StopSign was recently de-listed as rogueware and there are very good free Anti Virus programs to choose from that have proven themselves trustworthy:

Please copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

***************************************************

Please download this excellent and FREE anti-virus program:

Please download Active Virus Shield (powered by Kaspersky) and save it to your desktop.
  • Please remember to register for your Activation Code using a legitimate email address.

Note: You must only use 1 (one) AV at a time because if you have 2 or more AVs running at the same time, they will conflict with each other and make your security less reliable.

**Stop at this point of your installation--we need to uninstall StopSign AV now**

-----------------------------------

Uninstall the following via the Add/Remove Panel (Start->(Settings)->Control Panel->Add/Remove Programs)

Anti Virus or StopSign or Acceleration

(please let me know what name it went by in the Add/Remove programs)

-----------------------------------

Open HijackThis and click on 'Do a System Scan Only'. 'Check' the following entries if they exist (make sure you do not miss any)

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O4 - HKLM\..\Run: [SoftwareStation] "C:\Program Files\eAcceleration\Station\station.exe" /b Startup
O4 - HKLM\..\Run: [StopSignSsTsMon] Rundll32.exe "C:\Program Files\Acceleration Software\Anti-Virus\sstsmon.dll",VerifyStatus
O4 - HKLM\..\Run: [webscan] "C:\Program Files\Acceleration Software\Anti-Virus\stopsignav.exe" -k


Click 'Fix Checked' and close HijackThis.

-----------------------------------

Go to My Computer->Tools->Folder Options->View tab:
* Under the Hidden files and folders heading:
* select Show hidden files and folders.
* Uncheck Hide protected operating system files (recommended) option.
*Also, make sure there is no checkmark beside Hide file extensions for known file types.
* Click OK.

-----------------------------------

Using 'My Computer', navigate to and delete the following Folder if it still exists.

C:\Program Files\Acceleration Software


-----------------------------------

Now--continue with the installation of Active Virus Shield:

  • Double-click avs.msi to run the installer, but please uncheck "Install Security Toolbar" during the installation process:


  • Then please update the program and run a systemwide scan by selecting My Computer. Allow it to neutralize all that it finds.
  • When done, launch Active Virus Shield's main window.



  • Click the Scan button on the left, and then click Detected.

  • In the ensuing window, click the Save As button to save a copy of the log.
  • Copy and paste that log in your next reply.

-------------------------------

There is nothing readily apparent in your HijackThis log--after you've done the above, we need to download and run additional tools and see if any malware is revealed:

******************************************************

Download AVG Anti Spyware

Use the link at the bottom of the page under "AVG Anti-Spyware Free for Windows"

  • Install AVG Anti Spyware
  • Double-click the icon on Desktop to launch AVG
  • On the top of the main screen click Shield
  • Click the word active to change it to inactive
  • On the top of the main screen click Update.
  • Then click on Start Update. The update will start and a progress bar will show the updates being installed.
  • Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  • Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
  • Under "Reports"
    • Select "Automatically generate report after every scan"
    • Un-Select "Only if threats were found"
When you have finished updating, EXIT AVG Anti Spyware. Do Not run a scan just yet, we will shortly.


---------------------------

Download and install CleanUp! but do not run it yet. (Not Recommended for XP64).

------------------------------------------------

Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Use the up arrow key to highlight Safe Mode and press Enter.
5) Login with your usual account. Make sure to close any open browsers.

------------------------------------------------

*WARNING* Cleanup deletes EVERYTHING out of temp/temporary folders and does not make backups. If you have any documents or programs that are saved in any Temporary Folders, please make a backup of these before running CleanUp! or move them to a permanent location.

Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu). Set the program up as follows:
*Click "Options..."
*Move the arrow down to "Custom CleanUp!"
*Put a check next to the following:
  • Empty Recycle Bins
  • Delete Cookies
  • Delete Prefetch files
  • Cleanup! All Users
  • Click on the "Temporary Files" and uncheck the box for "Scan drives for file matching" if it's checked.
Click OK
Press the CleanUp! button to start the program. Do NOT reboot/logoff when prompted.

------------------------------------------------

IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess:
  • Lauch AVG Anti-Spyware by double-clicking the icon on your desktop.
  • Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
  • AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time.
    Once the scan is complete do the following:
  • If you have any infections you will prompted, **Please ensure it is set to Quarantine then select "Apply all actions"
  • Next select the "Reports" icon at the top.
  • Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
  • Close AVG Anti-Spyware.
**AVG Anti-Spyware is compatible with most AV and anti-spyware products, and the free version will continue to be useful as a second anti-malware scanner.

-----------------------------------

Reboot into Normal Mode.

-----------------------------------

Please run this online scan to search for any remnants. It can take some time, so please be patient and allow it to run it's full course:

Perform an online scan with Internet Explorer with Panda ActiveScan
  1. Click on
    located at the bottom of the page.
  2. A "pop up" window will appear. * Please ensure that your pop up blocker doesn't block it *
  3. Enter your e-mail address, country, and state & click "Free Online Scan" *The download of the 8 MB Panda's ActiveX control will take place*
Begin the scan by selecting
  • If it finds any malware, it will offer you a report.
  • Please ignore any entry it finds and the offer to buy the program to remove the entry, as we will address this later.
  • Click on
    then click
* You needn't remain online while it's doing the scan but you have to re-connect after it has finished to see the report.
* Turn off the real time scanner of any existing antivirus program while performing the online scan

-----------------------------------

Run a new scan with HijackThis and save the log.

-----------------------------------

Please include the following in your next reply:

AVG Anti-Spyware results
Panda results
New HijackThis log
 
Save Share
S

· Registered
Joined
·
136 Posts
Discussion Starter · #6 ·
the only anti virus programs I saw in the add/remove programs list were Spyware Doctor 4.0 and STOPzilla! I know I tried StopSign before, but I removed it from my computer (I thought so at least)... should I uninstall both spyware doctor 4.0 and stopzilla!, and make sure the stopsign folder in the Programs folder is gone? just tell me what to do and I'll do it...
 
Ried

· TSF Security Manager, Emeritus
Joined
·
42,952 Posts
#7 ·
StopZilla and Spyware Doctor are anti-malware programs, not anti-virus programs--you may leave those intact. :smile:

Fix the entries in HijackThis, then look for the folder I listed and delete it if it's there.

Please make sure you install and update Active Virus Shield before you go back online to download the other tools--connecting to the Internet without antivirus protection is a "Welcome" doormat for malware.
 
Save Share
S

· Registered
Joined
·
136 Posts
Discussion Starter · #8 ·
after installing avs, it is saying I need to restart the computer in order for the installation to be completed. Should I restart my computer or uncheck the "restart computer" checkbox and continue?
 
Ried

· TSF Security Manager, Emeritus
Joined
·
42,952 Posts
#9 ·
Uncheck the restart and continue with the HijackThis fixes and the folder deletion--then reboot your system.
 
Save Share
S

· Registered
Joined
·
136 Posts
Discussion Starter · #10 · (Edited)
well... uhh don't know what it means, but some sort of CHKDISK thing came up after restarting (something about checking consistancy of something, I can't remember...), it did some stuff then restarted up again... nothing appears to be wrong... I'm just going to go ahead with the Active Virus Shield scan. If you think somethings up, post and I'll respond after the scan...

EDIT: nevermind, it still says I need to restart my computer... so I'm restart it now, THEN do the scan...
 
Ried

· TSF Security Manager, Emeritus
Joined
·
42,952 Posts
#11 ·
Sounds good to me. :grin:
 
Save Share
S

· Registered
Joined
·
136 Posts
Discussion Starter · #12 ·
alright, I assume you only want the "detected threats" from that scan, so here's what came up. (cause the whole report is... LONG...). Did you want me to do all of the other stuff now too? or do you need to see the results of each scan one after the other. Just let me know what ya think. (i also understand it's getting late, so in case you can't stay up, I was thinking of just leaving my computer on, then picking up from where we left off sometime tomorrow. I have a final tomorrow anyways). Thanks for the help so far.

Scan My Computer
----------------
Scanned: 153182
Detected: 5
Untreated: 5
Start time: 12/10/2006 8:18:44 PM
Duration: 01:05:57
Finish time: 12/10/2006 9:24:41 PM


Detected
--------
Status Object
------ ------
detected: Trojan program Trojan.Win32.DNSChanger.gp File: C:\WINDOWS\system32\kdnkl.exe
detected: Trojan program Trojan.Win32.DNSChanger.gx File: C:\System Volume Information\_restore{EF0A37CC-400C-455F-8F69-F11848DC125B}\RP33\A0009420.exe/stream/data0001/PE-Crypt.PolyCryptA
detected: Trojan program Trojan.Win32.DNSChanger.gp File: C:\System Volume Information\_restore{EF0A37CC-400C-455F-8F69-F11848DC125B}\RP33\A0009420.exe/stream/data0002
detected: Trojan program Trojan.Win32.DNSChanger.gp File: C:\System Volume Information\_restore{EF0A37CC-400C-455F-8F69-F11848DC125B}\RP33\A0009422.exe
detected: malware Exploit.HTML.Mht (modification) File: C:\Documents and Settings\Daniel Stocking\Local Settings\Temporary Internet Files\Content.IE5\PUQSN0Z2\deliver46860[1].htm
 
Ried

· TSF Security Manager, Emeritus
Joined
·
42,952 Posts
#13 ·
Hi,

Generally I prefer you carry out all the steps and post all results at one time. In this case, as you have paused, run this next tool before using CleanUp and AVG A-S and the online scan.

If you've already begun those, I'll need you to run those scans again after running this tool:

Please download FixWareout from one of these sites:
http://downloads.subratam.org/Fixwareout.exe
http://www.bleepingcomputer.com/files/lonny/Fixwareout.exe
  • Save it to your desktop and run it.
  • Click "Next", then Install, make sure "Run fixit" is checked and click Finish.
  • The fix will begin: Please follow the prompts.
  • You will be asked to reboot your compute: Please do so.
  • Your system may take longer than usual to load and this is normal.
Once the desktop loads a text file will open (report.txt), you can close it - the file has already been saved.

Finally, please post the contents of the text file that opened earlier (you can find it at C:\fixwareout\report.txt ), along with the following:

AVG A-S
Panda results
New HijackThis log
 
Save Share
S

· Registered
Joined
·
136 Posts
Discussion Starter · #14 ·
when I click update (in AVG), I'm getting an error that shows up under "Current Status"...

Error: Failed to connect to server update.ewido.net.

then it just goes back to the "Ready for update..."
 
Ried

· TSF Security Manager, Emeritus
Joined
·
42,952 Posts
#15 ·
Have you run the FixWareout tool yet? If not, do that first. If you still cannot connect to the AVG A-S update server, then skip the remaining steps and post the report generated by the FixWareout tool and a new HijackThis log.
 
Save Share
S

· Registered
Joined
·
136 Posts
Discussion Starter · #16 ·
Yea I already ran fixwareout and still can't connect to the server, so here are the reports...


Fixwareout
Last edited 12/06/2006
Post this report in the forums please
...
Prerun check
[HKEY_LOCAL_MACHINE\\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"="kdnkl.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
@=""

...
...
Reg Entries that were deleted
...

Random Runs removed from HKLM
...
...

PLEASE NOTE, There WILL be LEGITIMATE FILES LISTED. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.

»»»»» Searching by size/names...

»»»»»
Search five digit cs, dm kd and jb files.
This WILL/CAN also list Legit Files, Submit them at Virustotal
C:\WINDOWS\SYSTEM32\KDNKL.EXE 63,504 2006-12-10

Other suspects.

»»»»» Misc files.

»»»»» Checking for older varients covered by the Rem3 tool.
...
Postrun check
[HKEY_LOCAL_MACHINE\\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"system"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
@=""

...




Logfile of HijackThis v1.99.1
Scan saved at 10:46:52 PM, on 12/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AOL\Active Virus Shield\avp.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\AOL\Active Virus Shield\avp.exe
C:\PROGRA~1\AIM\aim.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: ZILLAbar BHO - {1827766B-9F49-4854-8034-F6EE26FCB1EC} - C:\Program Files\STOPzilla!\ZB2.dll (file missing)
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll (file missing)
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll (file missing)
O3 - Toolbar: STOPzilla - {98828DED-A591-462F-83BA-D2F62A68B8B8} - C:\Program Files\STOPzilla!\ZB2.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [aol] "C:\Program Files\AOL\Active Virus Shield\avp.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/4h/player.virtools.com/downloads/player/Install3.0/Installer.exe
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,1,0,4915/mcfscan.cab
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Active Virus Shield (AVP) - Unknown owner - C:\Program Files\AOL\Active Virus Shield\avp.exe" -r (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - Unknown owner - C:\Program Files\Spyware Doctor\sdhelp.exe (file missing)
 
Ried

· TSF Security Manager, Emeritus
Joined
·
42,952 Posts
#17 ·
Please copy this page to Notepad and save to your desktop for reference.

-----------------------------------

Go to My Computer->Tools->Folder Options->View tab:
* Under the Hidden files and folders heading:
* select Show hidden files and folders.
* Uncheck Hide protected operating system files (recommended) option.
*Also, make sure there is no checkmark beside Hide file extensions for known file types.
* Click OK.

-----------------------------------

Using 'My Computer', navigate to and delete the following Files:

C:\WINDOWS\SYSTEM32\KDNKL.EXE

**If the above file resists deletion, boot into Safe Mode and delete it.

-----------------------------------

Run the online scan at Panda and save the results.

-----------------------------------

Download Combofix and save it to your desktop.

**Note: It is important that it is saved directly to your desktop**


-------------------------------------

Close any open browsers.

-------------------------------------

Double click on combofix.exe & follow the prompts.
When finished, it shall produce a log for you.

Post the ComboFix.txt in your next reply.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall

-----------------------------------

Please include the following in your next reply:

Panda results
ComboFix.txt
New HijackThis log
 
Save Share
S

· Registered
Joined
·
136 Posts
Discussion Starter · #18 · (Edited)
Alright, here's the results in the order panda, combo, hijack... (now I'm off to sleep... :sleep: ) I'll check back sometime tomorrow EDIT: Err.. well technically today... :rolleyes: . Thanks again for the help so far. I really do appreciate it.


Incident Status Location

Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Daniel Stocking\Application Data\Mozilla\Firefox\Profiles\fjqtqzza.default\cookies.txt[.2o7.net/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Daniel Stocking\Application Data\Mozilla\Firefox\Profiles\fjqtqzza.default\cookies.txt[.ads.pointroll.com/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Daniel Stocking\Application Data\Mozilla\Firefox\Profiles\fjqtqzza.default\cookies.txt[.atwola.com/]
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Daniel Stocking\Application Data\Mozilla\Firefox\Profiles\fjqtqzza.default\cookies.txt[.belnk.com/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Daniel Stocking\Application Data\Mozilla\Firefox\Profiles\fjqtqzza.default\cookies.txt[.com.com/]
Spyware:Cookie/FortuneCity Not disinfected C:\Documents and Settings\Daniel Stocking\Application Data\Mozilla\Firefox\Profiles\fjqtqzza.default\cookies.txt[.fortunecity.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Daniel Stocking\Application Data\Mozilla\Firefox\Profiles\fjqtqzza.default\cookies.txt[.overture.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Daniel Stocking\Application Data\Mozilla\Firefox\Profiles\fjqtqzza.default\cookies.txt[.questionmarket.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Daniel Stocking\Application Data\Mozilla\Firefox\Profiles\fjqtqzza.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Daniel Stocking\Application Data\Mozilla\Firefox\Profiles\fjqtqzza.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/Yadro Not disinfected C:\Documents and Settings\Daniel Stocking\Application Data\Mozilla\Firefox\Profiles\fjqtqzza.default\cookies.txt[.yadro.ru/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Daniel Stocking\Application Data\Mozilla\Firefox\Profiles\fjqtqzza.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Daniel Stocking\Application Data\Mozilla\Firefox\Profiles\fjqtqzza.default\cookies.txt[www.burstbeacon.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Daniel Stocking\Cookies\[email protected][2].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Daniel Stocking\Cookies\[email protected][2].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Daniel Stocking\Cookies\[email protected][1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Daniel Stocking\Cookies\[email protected][2].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Daniel Stocking\Cookies\[email protected][1].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Daniel Stocking\Cookies\[email protected][2].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Daniel Stocking\Cookies\[email protected][1].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Daniel Stocking\Cookies\[email protected][1].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Daniel Stocking\Cookies\[email protected][1].txt
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Daniel Stocking\Cookies\[email protected][1].txt
Possible Virus. Not disinfected C:\fixwareout\FindT\swreg.exe





Daniel Stocking - 06-12-11 0:10:50.53 Service Pack 2
ComboFix 06-12-01.3W-BetaE - Running from: "C:\Documents and Settings\Daniel Stocking\Desktop"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Documents and Settings\Daniel Stocking\Desktop\Internet Explorer.lnk


((((((((((((((((((((((((((((((( Files Created from 2006-11-11 to 2006-12-11 ))))))))))))))))))))))))))))))))))


2006-12-10 23:30 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2006-12-10 23:30 <DIR> d-------- C:\WINDOWS\LastGood
2006-12-10 22:27 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2006-12-10 22:27 <DIR> d-------- C:\Program Files\Grisoft
2006-12-10 22:16 <DIR> d-------- C:\fixwareout
2006-12-10 19:35 <DIR> d-------- C:\Program Files\AOL
2006-12-10 19:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AOL
2006-12-10 19:26 <DIR> d-------- C:\backups
2006-12-10 17:21 <DIR> d-------- C:\WINDOWS\pss
2006-12-10 17:18 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2006-12-10 16:01 <DIR> d-------- C:\WINDOWS\McAfee.com
2006-12-10 14:41 <DIR> d-------- C:\Documents and Settings\Daniel Stocking\.housecall6.6
2006-12-10 14:40 <DIR> d-------- C:\WINDOWS\Sun
2006-12-10 14:40 <DIR> d-------- C:\Documents and Settings\Daniel Stocking\Application Data\Sun
2006-12-10 10:29 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2006-12-10 10:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2006-12-10 10:21 <DIR> d-------- C:\Program Files\Lavasoft
2006-12-10 10:21 <DIR> d-------- C:\Documents and Settings\Daniel Stocking\Application Data\Lavasoft
2006-12-08 16:10 <DIR> d-------- C:\Documents and Settings\Daniel Stocking\Application Data\Google
2006-12-08 16:07 <DIR> d-------- C:\Program Files\Google
2006-12-08 16:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Google
2006-12-08 16:06 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2006-12-08 15:55 <DIR> d-------- C:\Program Files\STOPzilla!
2006-12-08 15:55 <DIR> d-------- C:\Program Files\Common Files\iS3
2006-12-08 15:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ZILLAbar
2006-12-08 15:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\STOPzilla!
2006-12-07 20:36 <DIR> d-------- C:\Documents and Settings\Daniel Stocking\Incomplete
2006-12-07 20:03 <DIR> d-------- C:\Program Files\Java
2006-12-07 20:01 <DIR> d-------- C:\Program Files\LimeWire
2006-12-07 20:01 <DIR> d-------- C:\Program Files\Common Files\Java
2006-12-07 19:51 <DIR> d-------- C:\Documents and Settings\Daniel Stocking\.limewire
2006-12-04 15:54 116,984 --------- C:\WINDOWS\system32\pxinsi64.exe
2006-12-04 15:54 115,960 --------- C:\WINDOWS\system32\pxcpyi64.exe
2006-12-04 15:54 <DIR> d-------- C:\Program Files\DivX
2006-11-30 17:19 <DIR> d-------- C:\Program Files\Real
2006-11-30 17:19 <DIR> d-------- C:\Program Files\Common Files\xing shared
2006-11-30 17:19 <DIR> d-------- C:\Program Files\Common Files\Real
2006-11-30 17:18 <DIR> d-------- C:\Documents and Settings\Daniel Stocking\Application Data\Real
2006-11-30 17:17 <DIR> d-------- C:\My Downloads
2006-11-27 18:37 <DIR> d-------- C:\WINDOWS\RegisteredPackages
2006-11-24 10:17 <DIR> d-------- C:\Program Files\Guitar Pro 5
2006-11-24 09:55 <DIR> d-------- C:\Documents and Settings\Daniel Stocking\Application Data\capella-software
2006-11-24 09:54 979,005 --a------ C:\WINDOWS\system32\python23.dll
2006-11-24 09:54 <DIR> d-------- C:\Python23
2006-11-23 22:46 <DIR> d-------- C:\Program Files\Virtools Web Player 3.0
2006-11-21 23:09 <DIR> d-------- C:\WINDOWS\WBEM
2006-11-21 23:09 <DIR> d-------- C:\WINDOWS\system32\en-US
2006-11-21 23:08 <DIR> d--h-c--- C:\WINDOWS\ie7
2006-11-21 23:07 121,856 --------- C:\WINDOWS\system32\xmllite.dll
2006-11-21 23:07 <DIR> d-------- C:\WINDOWS\network diagnostic
2006-11-21 23:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2006-11-21 11:20 23 --a------ C:\WINDOWS\system32\sysmwwod.dll
2006-11-21 11:19 360,448 --a------ C:\WINDOWS\system32\NCTWMAFile.dll
2006-11-21 11:19 233,472 --a------ C:\WINDOWS\system32\lame_enc.dll
2006-11-21 11:19 1,703,936 --a------ C:\WINDOWS\system32\NCTAudioFile.dll
2006-11-21 11:19 <DIR> d-------- C:\Program Files\ACE-HIGH MP3 WAV WMA OGG Converter
2006-11-15 20:45 <DIR> d--hs---- C:\Documents and Settings\Daniel Stocking\UserData
2006-11-15 13:01 520,192 --a------ C:\WINDOWS\system32\DivXsm.exe
2006-11-15 13:01 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2006-11-15 13:01 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll
2006-11-15 13:01 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
2006-11-15 12:56 806,912 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2006-11-15 12:56 806,912 --a------ C:\WINDOWS\system32\divx_xx07.dll
2006-11-15 12:56 790,528 --a------ C:\WINDOWS\system32\divx_xx11.dll
2006-11-15 12:56 73,728 --a------ C:\WINDOWS\system32\dpl100.dll
2006-11-15 12:56 635,486 --a------ C:\WINDOWS\system32\DivX.dll
2006-11-15 12:56 593,920 --a------ C:\WINDOWS\system32\dpuGUI11.dll
2006-11-15 12:56 57,344 --a------ C:\WINDOWS\system32\dpv11.dll
2006-11-15 12:56 53,248 --a------ C:\WINDOWS\system32\dpuGUI10.dll
2006-11-15 12:56 344,064 --a------ C:\WINDOWS\system32\dpus11.dll
2006-11-15 12:56 294,912 --a------ C:\WINDOWS\system32\dpu11.dll
2006-11-15 12:56 294,912 --a------ C:\WINDOWS\system32\dpu10.dll
2006-11-15 12:56 196,608 --a------ C:\WINDOWS\system32\dtu100.dll
2006-11-15 12:36 12,288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2006-11-15 12:36 118,784 --a------ C:\WINDOWS\system32\DivXCodecUpdateChecker.exe


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-12-10 23:51 -------- d-------- C:\Program Files\QuickTime
2006-12-10 23:49 -------- d-------- C:\Program Files\Internet Explorer
2006-12-10 23:47 -------- d-------- C:\Program Files\AIM
2006-12-10 23:26 -------- d-------- C:\Program Files\Steam
2006-12-10 20:10 61584 --a------ C:\WINDOWS\system32\drivers\klick.sys
2006-12-10 20:10 59536 --a------ C:\WINDOWS\system32\drivers\klin.sys
2006-12-10 10:27 218112 --a------ C:\HijackThis.exe
2006-12-08 15:55 -------- d-------- C:\Program Files\Common Files
2006-12-07 19:31 -------- d-------- C:\Program Files\Mozilla Firefox
2006-11-27 19:55 -------- d---s---- C:\Documents and Settings\Daniel Stocking\Application Data\Microsoft
2006-11-27 18:38 -------- d-------- C:\Program Files\Windows Media Player
2006-11-07 21:03 6049280 --------- C:\WINDOWS\system32\ieframe.dll
2006-11-07 21:03 50688 --------- C:\WINDOWS\system32\msfeedsbs.dll
2006-11-07 21:03 458752 --------- C:\WINDOWS\system32\msfeeds.dll
2006-11-07 21:03 413696 --a------ C:\WINDOWS\system32\vbscript.dll
2006-11-07 21:03 231424 --a------ C:\WINDOWS\system32\webcheck.dll
2006-11-07 21:03 180736 --------- C:\WINDOWS\system32\ieui.dll
2006-11-07 21:03 156160 --a------ C:\WINDOWS\system32\msls31.dll
2006-11-07 03:27 382976 --a------ C:\WINDOWS\system32\iedkcs32.dll
2006-11-07 03:27 229376 --a------ C:\WINDOWS\system32\ieaksie.dll
2006-11-07 03:26 71680 --a------ C:\WINDOWS\system32\admparse.dll
2006-11-07 03:26 55296 --a------ C:\WINDOWS\system32\iesetup.dll
2006-11-07 03:26 54784 --a------ C:\WINDOWS\system32\ie4uinit.exe
2006-11-07 03:26 43008 --a------ C:\WINDOWS\system32\iernonce.dll
2006-11-07 03:26 152064 --a------ C:\WINDOWS\system32\ieakeng.dll
2006-11-07 03:26 13312 --a------ C:\WINDOWS\system32\ieudinit.exe
2006-11-07 03:26 123904 --a------ C:\WINDOWS\system32\advpack.dll
2006-11-07 03:25 161792 --a------ C:\WINDOWS\system32\ieakui.dll
2006-11-03 13:57 -------- d-------- C:\Documents and Settings\Daniel Stocking\Application Data\Aim
2006-11-03 13:56 -------- d-------- C:\Program Files\AOD
2006-10-27 12:41 -------- d-------- C:\Program Files\Finale NotePad 2006
2006-10-26 06:43 -------- d-------- C:\Program Files\Messenger
2006-10-26 06:40 -------- d-------- C:\Program Files\Outlook Express
2006-10-26 06:40 -------- d-------- C:\Program Files\Common Files\System
2006-10-26 06:29 -------- d-------- C:\Program Files\Common Files\InstallShield
2006-10-25 14:31 15781 --a------ C:\WINDOWS\system32\drivers\mdc8021x.sys
2006-10-25 14:21 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-10-24 13:32 -------- d-------- C:\Documents and Settings\Daniel Stocking\Application Data\Macromedia
2006-10-17 20:05 -------- d-------- C:\Documents and Settings\Daniel Stocking\Application Data\Help
2006-10-17 12:06 78336 --a------ C:\WINDOWS\system32\ieencode.dll
2006-10-17 12:05 40960 --a------ C:\WINDOWS\system32\licmgr10.dll
2006-10-17 12:05 206336 --------- C:\WINDOWS\system32\WinFXDocObj.exe
2006-10-17 12:05 105984 --a------ C:\WINDOWS\system32\url.dll
2006-10-17 12:04 101376 --a------ C:\WINDOWS\system32\occache.dll
2006-10-17 12:03 17408 --a------ C:\WINDOWS\system32\corpol.dll
2006-10-17 11:58 61952 --------- C:\WINDOWS\system32\icardie.dll
2006-10-17 11:58 12288 --------- C:\WINDOWS\system32\msfeedssync.exe
2006-10-17 11:57 36352 --a------ C:\WINDOWS\system32\imgutil.dll
2006-10-17 11:57 266752 --------- C:\WINDOWS\system32\iertutil.dll
2006-10-17 11:56 45568 --a------ C:\WINDOWS\system32\mshta.exe
2006-10-17 11:28 48128 --a------ C:\WINDOWS\system32\mshtmler.dll
2006-10-17 11:27 380928 --------- C:\WINDOWS\system32\ieapfltr.dll
2006-10-13 12:43 -------- d-------- C:\Program Files\Finale Guitar 2003 Demo
2006-10-13 12:43 -------- d-------- C:\Program Files\Chord Warrior Trial
2006-10-13 04:35 65536 --a------ C:\WINDOWS\system32\nwwks.dll
2006-10-13 04:35 64000 --a------ C:\WINDOWS\system32\nwapi32.dll
2006-10-13 04:35 142336 --a------ C:\WINDOWS\system32\nwprovau.dll
2006-10-13 02:23 163584 --a------ C:\WINDOWS\system32\drivers\nwrdr.sys
2006-09-21 21:19 0 -rahs---- C:\MSDOS.SYS
2006-09-21 21:19 0 -rahs---- C:\IO.SYS
2006-09-21 21:19 0 --a------ C:\CONFIG.SYS
2006-09-21 21:19 0 --a------ C:\AUTOEXEC.BAT
2006-09-15 15:39 208896 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2006-09-12 21:01 1084416 --a------ C:\WINDOWS\system32\msxml3.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"Steam"="\"C:\\Program Files\\Steam\\Steam.exe\" -silent"
"AIM"="C:\\PROGRA~1\\AIM\\aim.exe -cnetwait.odl"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.908.5008\\GoogleToolbarNotifier.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_09\\bin\\jusched.exe\""
"aol"="\"C:\\Program Files\\AOL\\Active Virus Shield\\avp.exe\""
@=""
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Spyware Doctor"="\"C:\\Program Files\\Spyware Doctor\\swdoctor.exe\" /Q"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"Spyware Doctor"="\"C:\\Program Files\\Spyware Doctor\\swdoctor.exe\" /Q"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0



~ ~ ~ ~ ~ ~ ~ ~ Hijackthis Backups ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

Completion time: 06-12-11 0:13:00.10











Logfile of HijackThis v1.99.1
Scan saved at 12:15:26 AM, on 12/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\PROGRA~1\AIM\aim.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: ZILLAbar BHO - {1827766B-9F49-4854-8034-F6EE26FCB1EC} - C:\Program Files\STOPzilla!\ZB2.dll (file missing)
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll (file missing)
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll (file missing)
O3 - Toolbar: STOPzilla - {98828DED-A591-462F-83BA-D2F62A68B8B8} - C:\Program Files\STOPzilla!\ZB2.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [aol] "C:\Program Files\AOL\Active Virus Shield\avp.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/4h/player.virtools.com/downloads/player/Install3.0/Installer.exe
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,1,0,4915/mcfscan.cab
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Active Virus Shield (AVP) - Unknown owner - C:\Program Files\AOL\Active Virus Shield\avp.exe" -r (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - Unknown owner - C:\Program Files\Spyware Doctor\sdhelp.exe (file missing)
 
Ried

· TSF Security Manager, Emeritus
Joined
·
42,952 Posts
#19 ·
Hi,

Now that we're both rested...:grin:

Try once again to update AVG A-S. If it still will not connect, download the manual updates from here http://www.ewido.net/en/download/updates/

Run a scan from Safe Mode.

IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess:
  • Lauch AVG Anti-Spyware by double-clicking the icon on your desktop.
  • Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
  • AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time.
    Once the scan is complete do the following:
  • If you have any infections you will prompted, **Please ensure it is set to Quarantine then select "Apply all actions"
  • Next select the "Reports" icon at the top.
  • Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
  • Close AVG Anti-Spyware.
**AVG Anti-Spyware is compatible with most AV and anti-spyware products, and the free version will continue to be useful as a second anti-malware scanner.

-----------------------------------

Reboot into Normal Mode.

-----------------------------------

Post the AVG A-S results here

How is your system behaving?
 
Save Share
S

· Registered
Joined
·
136 Posts
Discussion Starter · #20 · (Edited)
While in safe mode, because the resolution was so low, I could not see the entire AVG screen (kinda hard to explain) so I'm not sure I did everything right. I selected "Quarantine" down at the bottem the clicked the apply to all action or whatever it was then saved the report or whatever. (the only reason I'm not sure of whether I did everything right was because in the list, most of the things in the list were marked as something like remove or delete or something while the one high threat showed quarantine next to it (I was trying to get them all to be quarantine). I did save the log though afterwards, and here it is. Hopefully I was able to do everything right givin the circumstances.

EDIT oh and my computer seems to be doing fine, same as before. It SEEMS fine, when in reality more than likely isn't


---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 6:03:21 PM 12/11/2006

+ Scan result:



C:\System Volume Information\_restore{EF0A37CC-400C-455F-8F69-F11848DC125B}\RP64\A0027536.exe -> Downloader.Zlob.aty : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{EF0A37CC-400C-455F-8F69-F11848DC125B}\RP64\A0027544.exe -> Downloader.Zlob.aty : Cleaned with backup (quarantined).
:mozilla.103:C:\Documents and Settings\Daniel Stocking\Application Data\Mozilla\Firefox\Profiles\fjqtqzza.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.6:C:\Documents and Settings\Daniel Stocking\Application Data\Mozilla\Firefox\Profiles\fjqtqzza.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.7:C:\Documents and Settings\Daniel Stocking\Application Data\Mozilla\Firefox\Profiles\fjqtqzza.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.85:C:\Documents and Settings\Daniel Stocking\Application Data\Mozilla\Firefox\Profiles\fjqtqzza.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.8:C:\Documents and Settings\Daniel Stocking\Application Data\Mozilla\Firefox\Profiles\fjqtqzza.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.9:C:\Documents and Settings\Daniel Stocking\Application Data\Mozilla\Firefox\Profiles\fjqtqzza.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Daniel Stocking\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Daniel Stocking\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.149:C:\Documents and Settings\Daniel Stocking\Application Data\Mozilla\Firefox\Profiles\fjqtqzza.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.15:C:\Documents and Settings\Daniel Stocking\Application Data\Mozilla\Firefox\Profiles\fjqtqzza.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.16:C:\Documents and Settings\Daniel Stocking\Application Data\Mozilla\Firefox\Profiles\fjqtqzza.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Daniel Stocking\Cookies\[email protected][2].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Daniel Stocking\Cookies\[email protected][1].txt -> TrackingCookie.Adjuggler : Cleaned.
C:\Documents and Settings\Daniel Stocking\Cookies\[email protected][1].txt -> TrackingCookie.Adrevolver : Cleaned.
C:\Documents and Settings\Daniel Stocking\Cookies\[email protected][1].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\Daniel Stocking\Cookies\[email protected][2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Daniel Stocking\Cookies\[email protected][2].txt -> TrackingCookie.Bfast : Cleaned.
:mozilla.183:C:\Documents and Settings\Daniel Stocking\Application Data\Mozilla\Firefox\Profiles\fjqtqzza.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.34:C:\Documents and Settings\Daniel Stocking\Application Data\Mozilla\Firefox\Profiles\fjqtqzza.default\cookies.txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\Daniel Stocking\Cookies\[email protected][1].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Daniel Stocking\Cookies\[email protected][1].txt -> TrackingCookie.Euroclick : Cleaned.
C:\Documents and Settings\Daniel Stocking\Cookies\[email protected][2].txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\Daniel Stocking\Cookies\[email protected][1].txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.123:C:\Documents and Settings\Daniel Stocking\Application Data\Mozilla\Firefox\Profiles\fjqtqzza.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.124:C:\Documents and Settings\Daniel Stocking\Application Data\Mozilla\Firefox\Profiles\fjqtqzza.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.125:C:\Documents and Settings\Daniel Stocking\Application Data\Mozilla\Firefox\Profiles\fjqtqzza.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.20:C:\Documents and Settings\Daniel Stocking\Application Data\Mozilla\Firefox\Profiles\fjqtqzza.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.21:C:\Documents and Settings\Daniel Stocking\Application Data\Mozilla\Firefox\Profiles\fjqtqzza.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.22:C:\Documents and Settings\Daniel Stocking\Application Data\Mozilla\Firefox\Profiles\fjqtqzza.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.23:C:\Documents and Settings\Daniel Stocking\Application Data\Mozilla\Firefox\Profiles\fjqtqzza.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.24:C:\Documents and Settings\Daniel Stocking\Application Data\Mozilla\Firefox\Profiles\fjqtqzza.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
C:\Documents and Settings\Daniel Stocking\Cookies\[email protected][1].txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.129:C:\Documents and Settings\Daniel Stocking\Application Data\Mozilla\Firefox\Profiles\fjqtqzza.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.130:C:\Documents and Settings\Daniel Stocking\Application Data\Mozilla\Firefox\Profiles\fjqtqzza.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\Daniel Stocking\Cookies\[email protected][1].txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\Daniel Stocking\Cookies\[email protected][1].txt -> TrackingCookie.Ru4 : Cleaned.
C:\Documents and Settings\Daniel Stocking\Cookies\[email protected][2].txt -> TrackingCookie.Specificclick : Cleaned.
C:\Documents and Settings\Daniel Stocking\Cookies\[email protected][1].txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.154:C:\Documents and Settings\Daniel Stocking\Application Data\Mozilla\Firefox\Profiles\fjqtqzza.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\Daniel Stocking\Cookies\[email protected][1].txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.163:C:\Documents and Settings\Daniel Stocking\Application Data\Mozilla\Firefox\Profiles\fjqtqzza.default\cookies.txt -> TrackingCookie.Yadro : Cleaned.
:mozilla.169:C:\Documents and Settings\Daniel Stocking\Application Data\Mozilla\Firefox\Profiles\fjqtqzza.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.170:C:\Documents and Settings\Daniel Stocking\Application Data\Mozilla\Firefox\Profiles\fjqtqzza.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Daniel Stocking\Cookies\danie[email protected][2].txt -> TrackingCookie.Zedo : Cleaned.


::Report end
 
1 - 20 of 26 Posts
Status
Not open for further replies.
About this Discussion
25 Replies
3 Participants
Last post:
Ried
Tech Support Forum
A forum community dedicated to tech experts and enthusiasts. Come join the discussion about articles, computer security, Mac, Microsoft, Linux, hardware, networking, gaming, reviews, accessories, and more!
Full Forum Listing
Explore Our Forums
Windows XP Support Windows 7 , Windows Vista Support Motherboards, Bios|UEFI & CPU Networking Support Laptop Support
Top