Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - rredmax

Pages: [1]
1
Tech Clinic / Win98 to WinXP Pro advice
« on: September 18, 2006, 04:46:16 PM »
Hi,
I have a computer that I'd like to upgrade with all new hardware, but keep the current hard drive as a slave. The computer currently has Win 98 (non-SE). If I build a new computer with new hardware, and a new HD, install WinXP, then slave the Win98 HD....will it recognize the slave HD and all the files? I am assuming not all the programs would run correctly too.

Any input would be appreciated.
Thanks,
rredd

2
Software / Win 98 to Win XP Pro advice
« on: September 14, 2006, 05:07:30 PM »
Hi,
I have a computer that I'd like to upgrade with all new hardware, but keep the current hard drive as a slave. The computer currently has Win 98 (non-SE). If I build a new computer with new hardware, and a new HD, install WinXP, then slave the Win98 HD....will it recognize the slave HD and all the files? I am assuming not all the programs would run correctly too.

Any input would be appreciated.
Thanks,
rredd

3
Tech Clinic / adware going nuts...ad-aware unable to remove it all.
« on: April 26, 2006, 07:34:01 PM »
things seem to be running fine now. i truly appreciate all your help.
i think i got all this trouble from one of those IM viruses, where someone who has the virus sends out IM's to everyone on his list with a file or link. stupidly i clicked on it.

if you have any other tips for keeping my computer safe, i am open to them.
thanks again,
rredmax

4
Tech Clinic / adware going nuts...ad-aware unable to remove it all.
« on: April 26, 2006, 03:34:20 PM »
Logfile of HijackThis v1.99.1
Scan saved at 4:32:51 PM, on 4/26/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Dell\AccessDirect\dadapp.exe
C:\Program Files\Dell\AccessDirect\DadTray.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\WINDOWS\System32\bcmntray.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Zone Labs\ZoneAlarm\zlclient.exe
C:\AIM\aim.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\CASIO\Photo Loader\Plauto.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Vinnie\Desktop\HijackThis.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [DadApp] C:\Program Files\Dell\AccessDirect\dadapp.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\System32\bcmntray
O4 - HKLM\..\Run: [Zone Labs Client] C:\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKCU\..\Run: [AIM] C:\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Photo Loader supervisory.lnk = C:\CASIO\Photo Loader\Plauto.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: ppctlcab - http://ppupdates.ca.com/downloads/scanner/ppctlcab.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://ppupdates.ca.com/downloads/scanner/axscanner.cab
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.ofoto.com/downloads/BUM/BUM_WIN_IE_1/axofupld.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE




doesn't exist HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\rdriv
-----------------------
-----------------------
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Messenger]
"Type"=dword:00000020
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,33,\
  32,5c,73,76,63,68,6f,73,74,2e,65,78,65,20,2d,6b,20,6e,65,74,73,76,63,73,00
"DisplayName"="Messenger"
"DependOnService"=hex(7):4c,61,6e,6d,61,6e,57,6f,72,6b,73,74,61,74,69,6f,6e,00,\
  4e,65,74,42,49,4f,53,00,50,6c,75,67,50,6c,61,79,00,52,70,63,53,53,00,00
"DependOnGroup"=hex(7):00
"ObjectName"="LocalSystem"
"Description"="Transmits net send and Alerter service messages between clients and servers. This service is not related to Windows Messenger. If this service is stopped, Alerter messages will not be transmitted. If this service is disabled, any services that explicitly depend on it will fail to start."
"Start"=dword:00000004

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Messenger\Parameters]
"ServiceDll"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,\
  33,32,5c,6d,73,67,73,76,63,2e,64,6c,6c,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Messenger\Security]
"Security"=hex:01,00,14,80,78,00,00,00,84,00,00,00,14,00,00,00,30,00,00,00,02,\
  00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
  00,00,02,00,48,00,03,00,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,\
  05,0b,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
  20,02,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,05,12,00,00,00,01,\
  01,00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Messenger\Enum]
"0"="Root\\LEGACY_MESSENGER\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry]
"Start"=dword:00000002


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr]
"Start"=dword:00000003


[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole]
"DefaultLaunchPermission"=hex:01,00,04,80,64,00,00,00,80,00,00,00,00,00,00,00,\
  14,00,00,00,02,00,50,00,03,00,00,00,00,00,18,00,01,00,00,00,01,01,00,00,00,\
  00,00,05,12,00,00,00,00,00,00,00,00,00,18,00,01,00,00,00,01,01,00,00,00,00,\
  00,05,04,00,00,00,00,00,00,00,00,00,18,00,01,00,00,00,01,02,00,00,00,00,00,\
  05,20,00,00,00,20,02,00,00,01,05,00,00,00,00,00,05,15,00,00,00,a0,5f,84,1f,\
  5e,2e,6b,49,ce,12,03,03,f4,01,00,00,01,05,00,00,00,00,00,05,15,00,00,00,a0,\
  5f,84,1f,5e,2e,6b,49,ce,12,03,03,f4,01,00,00
"EnableDCOM"="Y"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST]
"System.EnterpriseServices.Thunk.dll"=""


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00
"Bounds"=hex:00,30,00,00,00,20,00,00
"Security Packages"=hex(7):6b,65,72,62,65,72,6f,73,00,6d,73,76,31,5f,30,00,73,\
  63,68,61,6e,6e,65,6c,00,77,64,69,67,65,73,74,00,00
"LsaPid"=dword:00000348
"SecureBoot"=dword:00000001
"auditbaseobjects"=dword:00000000
"crashonauditfail"=dword:00000000
"disabledomaincreds"=dword:00000000
"everyoneincludesanonymous"=dword:00000000
"fipsalgorithmpolicy"=dword:00000000
"forceguest"=dword:00000001
"fullprivilegeauditing"=hex:00
"limitblankpassworduse"=dword:00000001
"lmcompatibilitylevel"=dword:00000000
"nodefaultadminowner"=dword:00000001
"nolmhash"=dword:00000000
"restrictanonymous"=dword:00000000
"restrictanonymoussam"=dword:00000001
"Notification Packages"=hex(7):73,63,65,63,6c,69,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders]
"ProviderOrder"=hex(7):57,69,6e,64,6f,77,73,20,4e,54,20,41,63,63,65,73,73,20,\
  50,72,6f,76,69,64,65,72,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider]
"ProviderPath"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,6d,\
  33,32,5c,6e,74,6d,61,72,74,61,2e,64,6c,6c,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data]
"Pattern"=hex:37,82,85,e3,ef,36,6c,be,c6,c6,f6,72,ff,46,e9,8b,34,65,33,38,63,\
  65,32,32,00,00,00,00,01,00,00,00,bc,01,00,00,c0,01,00,00,34,ca,06,00,45,9d,\
  bf,71,04,00,00,00,10,00,00,00,00,00,00,00,dd,e2,57,b1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG]
"GrafBlumGroup"=hex:08,0f,36,1c,01,85,a3,f6,d6

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD]
"Lookup"=hex:f1,ad,0d,02,4e,c0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0]
"ntlmminclientsec"=dword:00000000
"ntlmminserversec"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1]
"SkewMatrix"=hex:49,b8,0b,17,f3,ee,1b,e7,99,4e,05,ed,41,de,fc,d7

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4]
"SSOURL"="http://www.passport.com"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache]
"Time"=hex:10,56,4e,9e,bb,37,c4,01

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll]
"Name"="Digest"
"Comment"="Digest SSPI Authentication Package"
"Capabilities"=dword:00004050
"RpcId"=dword:0000ffff
"Version"=dword:00000001
"TokenSize"=dword:0000ffff
"Time"=hex:00,68,93,82,7d,4f,c2,01
"Type"=dword:00000031

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll]
"Name"="DPA"
"Comment"="DPA Security Package"
"Capabilities"=dword:00000037
"RpcId"=dword:00000011
"Version"=dword:00000001
"TokenSize"=dword:00000300
"Time"=hex:00,90,34,d6,42,4f,c2,01
"Type"=dword:00000031

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll]
"Name"="MSN"
"Comment"="MSN Security Package"
"Capabilities"=dword:00000037
"RpcId"=dword:00000012
"Version"=dword:00000001
"TokenSize"=dword:00000300
"Time"=hex:00,68,93,82,7d,4f,c2,01
"Type"=dword:00000031


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"UpdatesDisableNotify"=dword:00000000
"AntiVirusDisableNotify"=dword:00000000
"FirewallDisableNotify"=dword:00000000
"AntiVirusOverride"=dword:00000000
"FirewallOverride"=dword:00000000


[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]



5
Tech Clinic / adware going nuts...ad-aware unable to remove it all.
« on: April 25, 2006, 09:51:05 PM »
no problem.
thank you very much for your support. things are already much better. i appreciate it.

6
Tech Clinic / adware going nuts...ad-aware unable to remove it all.
« on: April 25, 2006, 09:35:52 PM »
updated.....

thanks

7
Tech Clinic / adware going nuts...ad-aware unable to remove it all.
« on: April 24, 2006, 10:20:56 PM »
continued....

   :mozilla.922:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
   :mozilla.929:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
   :mozilla.930:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup
   :mozilla.931:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
   C:\Documents and Settings\Vinnie\Cookies\[email protected][2].txt -> TrackingCookie.2o7 : Cleaned with backup
   C:\Documents and Settings\Vinnie\Cookies\[email protected][2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
   C:\Documents and Settings\Vinnie\Cookies\[email protected][1].txt -> TrackingCookie.Specificclick : Cleaned with backup
   C:\Documents and Settings\Vinnie\Cookies\vinnie@kmpads[1].txt -> TrackingCookie.Kmpads : Cleaned with backup
   C:\Documents and Settings\Vinnie\Cookies\[email protected][1].txt -> TrackingCookie.Liveperson : Cleaned with backup
   C:\Documents and Settings\Vinnie\Cookies\vinnie@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP478\A0019462.exe -> Adware.Enbrow : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP478\A0019466.exe -> Downloader.VB.tw : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP478\A0019467.exe -> Downloader.VB.tw : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP478\A0019468.exe -> Adware.Enbrow : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP478\A0019469.dll -> Adware.SurfSide : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP478\A0020040.exe -> Downloader.VB.aaf : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP478\A0020066.exe -> Downloader.VB.abj : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP478\A0020067.exe -> Downloader.VB.aaf : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP478\A0020068.exe -> Hijacker.VB.mo : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP478\A0020072.exe -> Adware.AdURL : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP478\A0020073.dll -> Adware.Look2Me : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP478\A0020074.dll -> Adware.Look2Me : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP479\A0020118.dll -> Hijacker.Small.jf : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP479\A0020120.exe -> Trojan.VB.tg : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP479\A0020122.exe -> Downloader.VB.abm : Cleaned with backup
   C:\visfx500.exe -> Dropper.Agent.aie : Cleaned with backup
   C:\WINDOWS\icont.exe -> Adware.AdURL : Cleaned with backup
   C:\WINDOWS\SYSTEM32\CGYPTNET.DLL -> Adware.Look2Me : Cleaned with backup
   C:\WINDOWS\SYSTEM32\SADLL.DLL -> Adware.Look2Me : Cleaned with backup
   C:\WINDOWS\SYSTEM32\TDPIUI.DLL -> Adware.Look2Me : Cleaned with backup
   C:\WINDOWS\unin101.exe -> Trojan.VB.tg : Cleaned with backup
   C:\WINDOWS\uni_eh.exe -> Trojan.VB.tg : Cleaned with backup


::Report End


side note. i did have view hidden files and view os files

thanks.

doesn't exist HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\rdriv
doesn't exist HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\rdriv
-----------------------
-----------------------
REGEDIT4
-----------------------
-----------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
"EnableFirewall"=dword:00000000


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Messenger]
"Type"=dword:00000020
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,33,\
  32,5c,73,76,63,68,6f,73,74,2e,65,78,65,20,2d,6b,20,6e,65,74,73,76,63,73,00
"DisplayName"="Messenger"
"DependOnService"=hex(7):4c,61,6e,6d,61,6e,57,6f,72,6b,73,74,61,74,69,6f,6e,00,\
  4e,65,74,42,49,4f,53,00,50,6c,75,67,50,6c,61,79,00,52,70,63,53,53,00,00
"DependOnGroup"=hex(7):00
"ObjectName"="LocalSystem"
"Description"="Transmits net send and Alerter service messages between clients and servers. This service is not related to Windows Messenger. If this service is stopped, Alerter messages will not be transmitted. If this service is disabled, any services that explicitly depend on it will fail to start."
"Start"=dword:00000004

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Messenger\Parameters]
"ServiceDll"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,\
  33,32,5c,6d,73,67,73,76,63,2e,64,6c,6c,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Messenger\Security]
"Security"=hex:01,00,14,80,78,00,00,00,84,00,00,00,14,00,00,00,30,00,00,00,02,\
  00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
  00,00,02,00,48,00,03,00,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,\
  05,0b,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
  20,02,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,05,12,00,00,00,01,\
  01,00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Messenger\Enum]
"0"="Root\\LEGACY_MESSENGER\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry]
"Start"=dword:00000004


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr]
"Start"=dword:00000004


[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate]
"DoNotAllowXPSP2"=dword:00000001


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole]
"DefaultLaunchPermission"=hex:01,00,04,80,64,00,00,00,80,00,00,00,00,00,00,00,\
  14,00,00,00,02,00,50,00,03,00,00,00,00,00,18,00,01,00,00,00,01,01,00,00,00,\
  00,00,05,12,00,00,00,00,00,00,00,00,00,18,00,01,00,00,00,01,01,00,00,00,00,\
  00,05,04,00,00,00,00,00,00,00,00,00,18,00,01,00,00,00,01,02,00,00,00,00,00,\
  05,20,00,00,00,20,02,00,00,01,05,00,00,00,00,00,05,15,00,00,00,a0,5f,84,1f,\
  5e,2e,6b,49,ce,12,03,03,f4,01,00,00,01,05,00,00,00,00,00,05,15,00,00,00,a0,\
  5f,84,1f,5e,2e,6b,49,ce,12,03,03,f4,01,00,00
"EnableDCOM"="Y"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST]
"System.EnterpriseServices.Thunk.dll"=""


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00
"Bounds"=hex:00,30,00,00,00,20,00,00
"Security Packages"=hex(7):6b,65,72,62,65,72,6f,73,00,6d,73,76,31,5f,30,00,73,\
  63,68,61,6e,6e,65,6c,00,77,64,69,67,65,73,74,00,00
"LsaPid"=dword:00000364
"SecureBoot"=dword:00000001
"auditbaseobjects"=dword:00000000
"crashonauditfail"=dword:00000000
"disabledomaincreds"=dword:00000000
"everyoneincludesanonymous"=dword:00000000
"fipsalgorithmpolicy"=dword:00000000
"forceguest"=dword:00000001
"fullprivilegeauditing"=hex:00
"limitblankpassworduse"=dword:00000001
"lmcompatibilitylevel"=dword:00000000
"nodefaultadminowner"=dword:00000001
"nolmhash"=dword:00000000
"restrictanonymous"=dword:00000000
"restrictanonymoussam"=dword:00000001
"Notification Packages"=hex(7):73,63,65,63,6c,69,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders]
"ProviderOrder"=hex(7):57,69,6e,64,6f,77,73,20,4e,54,20,41,63,63,65,73,73,20,\
  50,72,6f,76,69,64,65,72,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider]
"ProviderPath"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,6d,\
  33,32,5c,6e,74,6d,61,72,74,61,2e,64,6c,6c,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data]
"Pattern"=hex:37,82,85,e3,ef,36,6c,be,c6,c6,f6,72,ff,46,e9,8b,34,65,33,38,63,\
  65,32,32,00,00,00,00,01,00,00,00,bc,01,00,00,c0,01,00,00,34,ca,06,00,45,9d,\
  bf,71,04,00,00,00,10,00,00,00,00,00,00,00,dd,e2,57,b1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG]
"GrafBlumGroup"=hex:08,0f,36,1c,01,85,a3,f6,d6

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD]
"Lookup"=hex:f1,ad,0d,02,4e,c0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0]
"ntlmminclientsec"=dword:00000000
"ntlmminserversec"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1]
"SkewMatrix"=hex:49,b8,0b,17,f3,ee,1b,e7,99,4e,05,ed,41,de,fc,d7

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4]
"SSOURL"="http://www.passport.com"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache]
"Time"=hex:10,56,4e,9e,bb,37,c4,01

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll]
"Name"="Digest"
"Comment"="Digest SSPI Authentication Package"
"Capabilities"=dword:00004050
"RpcId"=dword:0000ffff
"Version"=dword:00000001
"TokenSize"=dword:0000ffff
"Time"=hex:00,68,93,82,7d,4f,c2,01
"Type"=dword:00000031

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll]
"Name"="DPA"
"Comment"="DPA Security Package"
"Capabilities"=dword:00000037
"RpcId"=dword:00000011
"Version"=dword:00000001
"TokenSize"=dword:00000300
"Time"=hex:00,90,34,d6,42,4f,c2,01
"Type"=dword:00000031

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll]
"Name"="MSN"
"Comment"="MSN Security Package"
"Capabilities"=dword:00000037
"RpcId"=dword:00000012
"Version"=dword:00000001
"TokenSize"=dword:00000300
"Time"=hex:00,68,93,82,7d,4f,c2,01
"Type"=dword:00000031


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"UpdatesDisableNotify"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001


[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
"EnableFirewall"=dword:00000000


[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
"EnableFirewall"=dword:00000000


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Messenger]
"Type"=dword:00000020
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,33,\
  32,5c,73,76,63,68,6f,73,74,2e,65,78,65,20,2d,6b,20,6e,65,74,73,76,63,73,00
"DisplayName"="Messenger"
"DependOnService"=hex(7):4c,61,6e,6d,61,6e,57,6f,72,6b,73,74,61,74,69,6f,6e,00,\
  4e,65,74,42,49,4f,53,00,50,6c,75,67,50,6c,61,79,00,52,70,63,53,53,00,00
"DependOnGroup"=hex(7):00
"ObjectName"="LocalSystem"
"Description"="Transmits net send and Alerter service messages between clients and servers. This service is not related to Windows Messenger. If this service is stopped, Alerter messages will not be transmitted. If this service is disabled, any services that explicitly depend on it will fail to start."
"Start"=dword:00000004

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Messenger\Parameters]
"ServiceDll"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,\
  33,32,5c,6d,73,67,73,76,63,2e,64,6c,6c,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Messenger\Security]
"Security"=hex:01,00,14,80,78,00,00,00,84,00,00,00,14,00,00,00,30,00,00,00,02,\
  00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
  00,00,02,00,48,00,03,00,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,\
  05,0b,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
  20,02,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,05,12,00,00,00,01,\
  01,00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Messenger\Enum]
"0"="Root\\LEGACY_MESSENGER\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry]
"Start"=dword:00000004


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr]
"Start"=dword:00000004


[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate]
"DoNotAllowXPSP2"=dword:00000001


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole]
"DefaultLaunchPermission"=hex:01,00,04,80,64,00,00,00,80,00,00,00,00,00,00,00,\
  14,00,00,00,02,00,50,00,03,00,00,00,00,00,18,00,01,00,00,00,01,01,00,00,00,\
  00,00,05,12,00,00,00,00,00,00,00,00,00,18,00,01,00,00,00,01,01,00,00,00,00,\
  00,05,04,00,00,00,00,00,00,00,00,00,18,00,01,00,00,00,01,02,00,00,00,00,00,\
  05,20,00,00,00,20,02,00,00,01,05,00,00,00,00,00,05,15,00,00,00,a0,5f,84,1f,\
  5e,2e,6b,49,ce,12,03,03,f4,01,00,00,01,05,00,00,00,00,00,05,15,00,00,00,a0,\
  5f,84,1f,5e,2e,6b,49,ce,12,03,03,f4,01,00,00
"EnableDCOM"="Y"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST]
"System.EnterpriseServices.Thunk.dll"=""


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00
"Bounds"=hex:00,30,00,00,00,20,00,00
"Security Packages"=hex(7):6b,65,72,62,65,72,6f,73,00,6d,73,76,31,5f,30,00,73,\
  63,68,61,6e,6e,65,6c,00,77,64,69,67,65,73,74,00,00
"LsaPid"=dword:00000364
"SecureBoot"=dword:00000001
"auditbaseobjects"=dword:00000000
"crashonauditfail"=dword:00000000
"disabledomaincreds"=dword:00000000
"everyoneincludesanonymous"=dword:00000000
"fipsalgorithmpolicy"=dword:00000000
"forceguest"=dword:00000001
"fullprivilegeauditing"=hex:00
"limitblankpassworduse"=dword:00000001
"lmcompatibilitylevel"=dword:00000000
"nodefaultadminowner"=dword:00000001
"nolmhash"=dword:00000000
"restrictanonymous"=dword:00000000
"restrictanonymoussam"=dword:00000001
"Notification Packages"=hex(7):73,63,65,63,6c,69,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders]
"ProviderOrder"=hex(7):57,69,6e,64,6f,77,73,20,4e,54,20,41,63,63,65,73,73,20,\
  50,72,6f,76,69,64,65,72,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider]
"ProviderPath"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,6d,\
  33,32,5c,6e,74,6d,61,72,74,61,2e,64,6c,6c,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data]
"Pattern"=hex:37,82,85,e3,ef,36,6c,be,c6,c6,f6,72,ff,46,e9,8b,34,65,33,38,63,\
  65,32,32,00,00,00,00,01,00,00,00,bc,01,00,00,c0,01,00,00,34,ca,06,00,45,9d,\
  bf,71,04,00,00,00,10,00,00,00,00,00,00,00,dd,e2,57,b1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG]
"GrafBlumGroup"=hex:08,0f,36,1c,01,85,a3,f6,d6

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD]
"Lookup"=hex:f1,ad,0d,02,4e,c0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0]
"ntlmminclientsec"=dword:00000000
"ntlmminserversec"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1]
"SkewMatrix"=hex:49,b8,0b,17,f3,ee,1b,e7,99,4e,05,ed,41,de,fc,d7

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4]
"SSOURL"="http://www.passport.com"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache]
"Time"=hex:10,56,4e,9e,bb,37,c4,01

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll]
"Name"="Digest"
"Comment"="Digest SSPI Authentication Package"
"Capabilities"=dword:00004050
"RpcId"=dword:0000ffff
"Version"=dword:00000001
"TokenSize"=dword:0000ffff
"Time"=hex:00,68,93,82,7d,4f,c2,01
"Type"=dword:00000031

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll]
"Name"="DPA"
"Comment"="DPA Security Package"
"Capabilities"=dword:00000037
"RpcId"=dword:00000011
"Version"=dword:00000001
"TokenSize"=dword:00000300
"Time"=hex:00,90,34,d6,42,4f,c2,01
"Type"=dword:00000031

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll]
"Name"="MSN"
"Comment"="MSN Security Package"
"Capabilities"=dword:00000037
"RpcId"=dword:00000012
"Version"=dword:00000001
"TokenSize"=dword:00000300
"Time"=hex:00,68,93,82,7d,4f,c2,01
"Type"=dword:00000031


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"UpdatesDisableNotify"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001


[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
"EnableFirewall"=dword:00000000



8
Tech Clinic / adware going nuts...ad-aware unable to remove it all.
« on: April 24, 2006, 10:12:17 PM »
Logfile of HijackThis v1.99.1
Scan saved at 11:00:32 PM, on 4/24/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Dell\AccessDirect\dadapp.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Dell\AccessDirect\DadTray.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\bcmntray.exe
C:\Zone Labs\ZoneAlarm\zlclient.exe
C:\AIM\aim.exe
C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\WINDOWS\system32\spoolsv.exe
C:\CASIO\Photo Loader\Plauto.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Documents and Settings\Vinnie\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/

myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/

myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common

Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton

Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.

ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [DadApp] C:\Program Files\Dell\AccessDirect\dadapp.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -

osboot
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\System32\bcmntray
O4 - HKLM\..\Run: [Zone Labs Client] C:\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKCU\..\Run: [AIM] C:\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common

Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Photo Loader supervisory.lnk = C:\CASIO\Photo Loader\Plauto.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32

\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:

\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32

\Shdocvw.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: ppctlcab - http://ppupdates.ca.com/downloads/scanner/ppctlcab.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://

ppupdates.ca.com/downloads/scanner/axscanner.cab
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.

ofoto.com/downloads/BUM/BUM_WIN_IE_1/axofupld.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common

Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common

Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program

Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program

Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-

malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common

Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program

Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32

\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton

AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1

\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program

Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32

\ZoneLabs\vsmon.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE





---------------------------------------------------------
 ewido anti-malware - Scan report
---------------------------------------------------------

 + Created on:         10:51:59 PM, 4/24/2006
 + Report-Checksum:      AE18CAD2

 + Scan result:

   HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\AMeOpt -> Adware.InternetOptimizer : Cleaned with backup
   HKU\.DEFAULT\Software\SurfSideKick3 -> Adware.SurfSide : Cleaned with backup
   HKU\.DEFAULT\Software\SurfSideKick3\Internet Explorer -> Adware.SurfSide : Cleaned with backup
   HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\AMeOpt -> Adware.InternetOptimizer : Cleaned with backup
   HKU\S-1-5-18\Software\SurfSideKick3 -> Adware.SurfSide : Cleaned with backup
   HKU\S-1-5-18\Software\SurfSideKick3\Internet Explorer -> Adware.SurfSide : Cleaned with backup
   C:\bintheredunthat\tviyfbx.exe -> Hijacker.VB.ij : Cleaned with backup
   C:\bintheredunthat\tviyfbxA.exe -> Hijacker.VB.ij : Cleaned with backup
   C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\81EB01AJ\drsmartload[1].exe -> Downloader.VB.abm : Cleaned with backup
   C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\81EB01AJ\newname13[1].exe -> Downloader.VB.aaf : Cleaned with backup
   C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\ENIDAH4R\keyboard13[1].exe -> Downloader.VB.abj : Cleaned with backup
   C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\ENIDAH4R\mousepad13[1].exe -> Hijacker.VB.mo : Cleaned with backup
   C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\GNU96RM3\visfx500[1].exe -> Dropper.Agent.aie : Cleaned with backup
   :mozilla.24:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
   :mozilla.25:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
   :mozilla.26:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
   :mozilla.27:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
   :mozilla.28:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
   :mozilla.29:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
   :mozilla.30:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
   :mozilla.31:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
   :mozilla.32:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
   :mozilla.33:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
   :mozilla.34:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
   :mozilla.35:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
   :mozilla.36:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
   :mozilla.37:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
   :mozilla.38:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
   :mozilla.39:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
   :mozilla.50:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned with backup
   :mozilla.51:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
   :mozilla.52:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
   :mozilla.53:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
   :mozilla.54:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
   :mozilla.55:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
   :mozilla.56:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
   :mozilla.58:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
   :mozilla.59:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
   :mozilla.60:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
   :mozilla.61:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
   :mozilla.66:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Addynamix : Cleaned with backup
   :mozilla.73:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
   :mozilla.74:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
   :mozilla.75:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
   :mozilla.76:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
   :mozilla.90:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
   :mozilla.91:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
   :mozilla.92:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
   :mozilla.93:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
   :mozilla.94:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
   :mozilla.95:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
   :mozilla.96:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
   :mozilla.97:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
   :mozilla.98:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
   :mozilla.107:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
   :mozilla.108:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
   :mozilla.109:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
   :mozilla.110:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
   :mozilla.117:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
   :mozilla.118:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
   :mozilla.119:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
   :mozilla.120:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
   :mozilla.121:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
   :mozilla.124:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
   :mozilla.125:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
   :mozilla.126:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
   :mozilla.127:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
   :mozilla.128:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
   :mozilla.129:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
   :mozilla.142:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
   :mozilla.143:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
   :mozilla.144:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
   :mozilla.151:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.152:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.153:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.154:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.155:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.156:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.157:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.158:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.159:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.160:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.161:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.162:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.163:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.164:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.165:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.166:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.167:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.168:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.169:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.170:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.171:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.172:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.173:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.174:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.175:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.176:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.177:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.184:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.185:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.186:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.187:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.188:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.189:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.190:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.191:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.192:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.193:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.194:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.195:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.196:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.197:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.198:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.199:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.200:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.201:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.202:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.203:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.204:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.218:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned with backup
   :mozilla.219:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
   :mozilla.220:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.221:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
   :mozilla.222:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
   :mozilla.223:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
   :mozilla.224:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
   :mozilla.225:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
   :mozilla.235:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
   :mozilla.236:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
   :mozilla.237:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
   :mozilla.238:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
   :mozilla.239:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
   :mozilla.240:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
   :mozilla.241:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
   :mozilla.242:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
   :mozilla.243:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
   :mozilla.244:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
   :mozilla.245:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
   :mozilla.246:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
   :mozilla.247:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
   :mozilla.249:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
   :mozilla.250:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
   :mozilla.251:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned with backup
   :mozilla.252:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned with backup
   :mozilla.257:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup
   :mozilla.258:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup
   :mozilla.293:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup
   :mozilla.294:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup
   :mozilla.295:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
   :mozilla.296:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
   :mozilla.305:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
   :mozilla.306:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
   :mozilla.307:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
   :mozilla.313:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup
   :mozilla.314:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup
   :mozilla.318:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup
   :mozilla.319:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup
   :mozilla.329:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
   :mozilla.330:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
   :mozilla.331:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
   :mozilla.332:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
   :mozilla.333:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
   :mozilla.334:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
   :mozilla.335:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
   :mozilla.336:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
   :mozilla.337:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
   :mozilla.338:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
   :mozilla.339:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
   :mozilla.340:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
   :mozilla.341:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
   :mozilla.342:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
   :mozilla.343:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
   :mozilla.372:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
   :mozilla.373:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
   :mozilla.374:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
   :mozilla.375:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
   :mozilla.377:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
   :mozilla.378:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
   :mozilla.383:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup
   :mozilla.387:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
   :mozilla.388:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
   :mozilla.389:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
   :mozilla.390:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
   :mozilla.391:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
   :mozilla.392:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
   :mozilla.393:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
   :mozilla.394:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
   :mozilla.404:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
   :mozilla.428:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
   :mozilla.429:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
   :mozilla.430:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
   :mozilla.457:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup
   :mozilla.458:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup
   :mozilla.459:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup
   :mozilla.460:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup
   :mozilla.466:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup
   :mozilla.467:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
   :mozilla.473:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
   :mozilla.474:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
   :mozilla.508:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
   :mozilla.509:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
   :mozilla.510:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
   :mozilla.511:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
   :mozilla.512:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
   :mozilla.513:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
   :mozilla.540:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.545:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
   :mozilla.546:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
   :mozilla.547:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
   :mozilla.555:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
   :mozilla.557:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
   :mozilla.653:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
   :mozilla.654:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
   :mozilla.655:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
   :mozilla.656:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
   :mozilla.660:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.668:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
   :mozilla.693:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
   :mozilla.694:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned with backup
   :mozilla.700:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
   :mozilla.716:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
   :mozilla.717:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
   :mozilla.719:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
   :mozilla.720:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
   :mozilla.721:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
   :mozilla.722:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
   :mozilla.723:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
   :mozilla.724:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
   :mozilla.725:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
   :mozilla.737:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
   :mozilla.759:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Goldenpalace : Cleaned with backup
   :mozilla.766:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Commission-junction : Cleaned with backup
   :mozilla.767:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Commission-junction : Cleaned with backup
   :mozilla.775:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
   :mozilla.776:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
   :mozilla.777:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
   :mozilla.779:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
   :mozilla.785:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup
   :mozilla.799:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.802:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
   :mozilla.817:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup
   :mozilla.818:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
   :mozilla.819:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
   :mozilla.834:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned with backup
   :mozilla.835:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned with backup
   :mozilla.836:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup
   :mozilla.837:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup
   :mozilla.838:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup
   :mozilla.847:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
   :mozilla.848:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
   :mozilla.862:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Bfast : Cleaned with backup
   :mozilla.907:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
   :mozilla.908:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Coremetrics : Cleaned with backup
   :mozilla.922:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
   :mozilla.929:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
   :mozilla.930:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup
   :mozilla.931:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
   C:\Documents and Settings\Vinnie\Cookies\[email protected][2].txt -> TrackingCookie.2o7 : Cleaned with backup
   C:\Documents and Settings\Vinnie\Cookies\[email protected][2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
   C:\Documents and Settings\Vinnie\Cook

9
Tech Clinic / adware going nuts...ad-aware unable to remove it all.
« on: April 24, 2006, 08:38:02 PM »
I did not have the following files.
C:\WINDOWS\tviyfbx.exe <-this file
C:\WINDOWS\svchost.exe <-this file

I stopped in the procedure at this step.

10
Tech Clinic / adware going nuts...ad-aware unable to remove it all.
« on: April 24, 2006, 07:32:54 PM »
thanks for the quick reply. here are the logs:

Logfile of HijackThis v1.99.1
Scan saved at 8:31:26 PM, on 4/24/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Dell\AccessDirect\dadapp.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Dell\AccessDirect\DadTray.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\System32\bcmntray.exe
C:\WINDOWS\tviyfbxA.exe
C:\WINDOWS\SYSC00.exe
C:\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\CASIO\Photo Loader\Plauto.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\svchost.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\tviyfbx.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Documents and Settings\Vinnie\Desktop\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
R3 - URLSearchHook: (no name) - _{02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [DadApp] C:\Program Files\Dell\AccessDirect\dadapp.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\System32\bcmntray
O4 - HKLM\..\Run: [keyboard] C:\windows\keyboard13.exe
O4 - HKLM\..\Run: [mousepad] C:\windows\mousepad13.exe
O4 - HKLM\..\Run: [newname] C:\windows\newname13.exe
O4 - HKLM\..\Run: [tviyfbxA] C:\WINDOWS\tviyfbxA.exe
O4 - HKLM\..\Run: [TheMonitor] C:\WINDOWS\SYSC00.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKCU\..\Run: [AIM] C:\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Photo Loader supervisory.lnk = C:\CASIO\Photo Loader\Plauto.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: ppctlcab - http://ppupdates.ca.com/downloads/scanner/ppctlcab.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://ppupdates.ca.com/downloads/scanner/axscanner.cab
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.ofoto.com/downloads/BUM/BUM_WIN_IE_1/axofupld.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Network DDE DSMA (NetDDEdsma) - Unknown owner - C:\WINDOWS\svchost.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\tviyfbx.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE




Look2Me-Destroyer V1.0.12

Scanning for infected files.....
Scan started at 4/24/2006 8:23:14 PM

Infected! C:\WINDOWS\system32\q0nu0a59ed.dll
Infected! C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP478\A0019659.dll
Infected! C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP478\A0019987.dll
Infected! C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP478\A0020013.dll
Infected! C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP478\A0020025.dll
Infected! C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP478\A0020028.dll
Infected! C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP478\A0020029.dll
Infected! C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP478\A0020043.dll
Infected! C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP478\A0020047.dll
Infected! C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP478\A0020058.dll
Infected! C:\WINDOWS\SYSTEM32\ir04l5dq1.dll
Infected! C:\WINDOWS\SYSTEM32\mhvcp71.dll
Infected! C:\WINDOWS\SYSTEM32\mwiqtz32.dll
Infected! C:\WINDOWS\SYSTEM32\q0nu0a59ed.dll
Infected! C:\WINDOWS\System32\guard.tmp

Attempting to delete infected files...

Attempting to delete: C:\WINDOWS\system32\q0nu0a59ed.dll
C:\WINDOWS\system32\q0nu0a59ed.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP478\A0019659.dll
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP478\A0019659.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP478\A0019987.dll
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP478\A0019987.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP478\A0020013.dll
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP478\A0020013.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP478\A0020025.dll
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP478\A0020025.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP478\A0020028.dll
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP478\A0020028.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP478\A0020029.dll
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP478\A0020029.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP478\A0020043.dll
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP478\A0020043.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP478\A0020047.dll
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP478\A0020047.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP478\A0020058.dll
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP478\A0020058.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\SYSTEM32\ir04l5dq1.dll
C:\WINDOWS\SYSTEM32\ir04l5dq1.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\SYSTEM32\mhvcp71.dll
C:\WINDOWS\SYSTEM32\mhvcp71.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\SYSTEM32\mwiqtz32.dll
C:\WINDOWS\SYSTEM32\mwiqtz32.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\SYSTEM32\q0nu0a59ed.dll
C:\WINDOWS\SYSTEM32\q0nu0a59ed.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\System32\guard.tmp
C:\WINDOWS\System32\guard.tmp Deleted successfully!

Making registry repairs.

Removing: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Setup

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{80C24CE5-BD47-4A8B-84A0-57F2B525CD01}"
HKCR\Clsid\{80C24CE5-BD47-4A8B-84A0-57F2B525CD01}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{65F11CD9-DD1C-4DEB-900A-9CC1C859114F}"
HKCR\Clsid\{65F11CD9-DD1C-4DEB-900A-9CC1C859114F}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{AFD6F9D9-DA34-45B9-BBF0-6FF1F3DFD9F7}"
HKCR\Clsid\{AFD6F9D9-DA34-45B9-BBF0-6FF1F3DFD9F7}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{B23C3B9A-C6FF-4FB3-ABE2-4785B49AEB3A}"
HKCR\Clsid\{B23C3B9A-C6FF-4FB3-ABE2-4785B49AEB3A}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{C48B6256-5F7A-49D2-8771-5E3D2F75CE7F}"
HKCR\Clsid\{C48B6256-5F7A-49D2-8771-5E3D2F75CE7F}

Restoring Windows certificates.

Replaced hosts file with default windows hosts file


Restoring SeDebugPrivilege for Administrators - Succeeded


thanks again.

11
Tech Clinic / adware going nuts...ad-aware unable to remove it all.
« on: April 24, 2006, 06:42:39 PM »
Hello,
I recently contracted adware/other baddies. Ad-aware has been unable to fix it. I do a deep scan, it finds a bunch of stuff, and removes most of it, but a few things it says it cant remove. do i want to try and remove next time i reboot. so i reboot and it's still there. i've tried to manually remove, but it's in use. some system32 .dlls. i've also tried to remove in safemode command prompt. i've seen lots of ppl post the HJT log, so here it is. any help is appreciated.
Thanks in advance

Logfile of HijackThis v1.99.1
Scan saved at 7:34:53 PM, on 4/24/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Dell\AccessDirect\dadapp.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Dell\AccessDirect\DadTray.exe
C:\WINDOWS\System32\bcmntray.exe
C:\WINDOWS\tviyfbxA.exe
C:\WINDOWS\SYSC00.exe
C:\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\CASIO\Photo Loader\Plauto.exe
C:\WINDOWS\tviyfbx.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Vinnie\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
R3 - URLSearchHook: (no name) - _{02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [DadApp] C:\Program Files\Dell\AccessDirect\dadapp.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\System32\bcmntray
O4 - HKLM\..\Run: [keyboard] C:\windows\keyboard13.exe
O4 - HKLM\..\Run: [mousepad] C:\windows\mousepad13.exe
O4 - HKLM\..\Run: [newname] C:\windows\newname13.exe
O4 - HKLM\..\Run: [tviyfbxA] C:\WINDOWS\tviyfbxA.exe
O4 - HKLM\..\Run: [TheMonitor] C:\WINDOWS\SYSC00.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKCU\..\Run: [AIM] C:\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Photo Loader supervisory.lnk = C:\CASIO\Photo Loader\Plauto.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: ppctlcab - http://ppupdates.ca.com/downloads/scanner/ppctlcab.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://ppupdates.ca.com/downloads/scanner/axscanner.cab
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.ofoto.com/downloads/BUM/BUM_WIN_IE_1/axofupld.cab
O20 - Winlogon Notify: Setup - C:\WINDOWS\system32\q0nu0a59ed.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Network DDE DSMA (NetDDEdsma) - Unknown owner - C:\WINDOWS\svchost.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\tviyfbx.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

Pages: [1]