« previous next »
Pages: [1]

Author Topic: adware going nuts...ad-aware unable to remove it all.  (Read 1748 times)

Offline rredmax

  • Newbie
  • *
  • Posts: 11
  • Karma: +0/-0
    • View Profile
adware going nuts...ad-aware unable to remove it all.
« on: April 24, 2006, 06:42:39 PM »
Hello,
I recently contracted adware/other baddies. Ad-aware has been unable to fix it. I do a deep scan, it finds a bunch of stuff, and removes most of it, but a few things it says it cant remove. do i want to try and remove next time i reboot. so i reboot and it's still there. i've tried to manually remove, but it's in use. some system32 .dlls. i've also tried to remove in safemode command prompt. i've seen lots of ppl post the HJT log, so here it is. any help is appreciated.
Thanks in advance

Logfile of HijackThis v1.99.1
Scan saved at 7:34:53 PM, on 4/24/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Dell\AccessDirect\dadapp.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Dell\AccessDirect\DadTray.exe
C:\WINDOWS\System32\bcmntray.exe
C:\WINDOWS\tviyfbxA.exe
C:\WINDOWS\SYSC00.exe
C:\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\CASIO\Photo Loader\Plauto.exe
C:\WINDOWS\tviyfbx.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Vinnie\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
R3 - URLSearchHook: (no name) - _{02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [DadApp] C:\Program Files\Dell\AccessDirect\dadapp.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\System32\bcmntray
O4 - HKLM\..\Run: [keyboard] C:\windows\keyboard13.exe
O4 - HKLM\..\Run: [mousepad] C:\windows\mousepad13.exe
O4 - HKLM\..\Run: [newname] C:\windows\newname13.exe
O4 - HKLM\..\Run: [tviyfbxA] C:\WINDOWS\tviyfbxA.exe
O4 - HKLM\..\Run: [TheMonitor] C:\WINDOWS\SYSC00.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKCU\..\Run: [AIM] C:\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Photo Loader supervisory.lnk = C:\CASIO\Photo Loader\Plauto.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: ppctlcab - http://ppupdates.ca.com/downloads/scanner/ppctlcab.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://ppupdates.ca.com/downloads/scanner/axscanner.cab
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.ofoto.com/downloads/BUM/BUM_WIN_IE_1/axofupld.cab
O20 - Winlogon Notify: Setup - C:\WINDOWS\system32\q0nu0a59ed.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Network DDE DSMA (NetDDEdsma) - Unknown owner - C:\WINDOWS\svchost.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\tviyfbx.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
adware going nuts...ad-aware unable to remove it all.
« Reply #1 on: April 24, 2006, 07:02:53 PM »
Can you do the following please

Download the latest version of Look2Me-Remover.exe by Atribune
and save it to your desktop

* Close all windows before continuing.
      * Double-click Look2Me-Remover.exe to run it.
      * Put a check next to Run this program as a task.
      * You will receive a message saying Look2Me-Remover will close and re-open in 1 minute. Click OK
      * When Look2Me-Remover re-opens, click the Scan for L2M button, your desktop icons will disappear, this is normal.
      * Once it's done scanning, click the Remove L2M button.
      * You will receive a Done Scanning message, click OK.
      * When completed, you will receive this message: Done removing infected files! Look2Me-Remover will now shutdown your computer, click OK.
      * Your computer will then shutdown.
      * After it has completed the shutdown>>Turn your computer back on.

Immediately come back here and Please post the contents of C:\Look2Me-Remover.txt and a new HiJackThis log.

If you receive a message from your firewall about this program accessing the internet please allow it.

If you receive a runtime error '339' please download MSWINSCK.OCX from the link below and place it in your C:\Windows\System32 Directory.
http://www.ascentive.com/support/new/images/lib/MSWINSCK.OCX
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline rredmax

  • Newbie
  • *
  • Posts: 11
  • Karma: +0/-0
    • View Profile
adware going nuts...ad-aware unable to remove it all.
« Reply #2 on: April 24, 2006, 07:32:54 PM »
thanks for the quick reply. here are the logs:

Logfile of HijackThis v1.99.1
Scan saved at 8:31:26 PM, on 4/24/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Dell\AccessDirect\dadapp.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Dell\AccessDirect\DadTray.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\System32\bcmntray.exe
C:\WINDOWS\tviyfbxA.exe
C:\WINDOWS\SYSC00.exe
C:\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\CASIO\Photo Loader\Plauto.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\svchost.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\tviyfbx.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Documents and Settings\Vinnie\Desktop\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
R3 - URLSearchHook: (no name) - _{02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [DadApp] C:\Program Files\Dell\AccessDirect\dadapp.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\System32\bcmntray
O4 - HKLM\..\Run: [keyboard] C:\windows\keyboard13.exe
O4 - HKLM\..\Run: [mousepad] C:\windows\mousepad13.exe
O4 - HKLM\..\Run: [newname] C:\windows\newname13.exe
O4 - HKLM\..\Run: [tviyfbxA] C:\WINDOWS\tviyfbxA.exe
O4 - HKLM\..\Run: [TheMonitor] C:\WINDOWS\SYSC00.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKCU\..\Run: [AIM] C:\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Photo Loader supervisory.lnk = C:\CASIO\Photo Loader\Plauto.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: ppctlcab - http://ppupdates.ca.com/downloads/scanner/ppctlcab.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://ppupdates.ca.com/downloads/scanner/axscanner.cab
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.ofoto.com/downloads/BUM/BUM_WIN_IE_1/axofupld.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Network DDE DSMA (NetDDEdsma) - Unknown owner - C:\WINDOWS\svchost.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\tviyfbx.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE




Look2Me-Destroyer V1.0.12

Scanning for infected files.....
Scan started at 4/24/2006 8:23:14 PM

Infected! C:\WINDOWS\system32\q0nu0a59ed.dll
Infected! C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP478\A0019659.dll
Infected! C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP478\A0019987.dll
Infected! C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP478\A0020013.dll
Infected! C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP478\A0020025.dll
Infected! C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP478\A0020028.dll
Infected! C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP478\A0020029.dll
Infected! C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP478\A0020043.dll
Infected! C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP478\A0020047.dll
Infected! C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP478\A0020058.dll
Infected! C:\WINDOWS\SYSTEM32\ir04l5dq1.dll
Infected! C:\WINDOWS\SYSTEM32\mhvcp71.dll
Infected! C:\WINDOWS\SYSTEM32\mwiqtz32.dll
Infected! C:\WINDOWS\SYSTEM32\q0nu0a59ed.dll
Infected! C:\WINDOWS\System32\guard.tmp

Attempting to delete infected files...

Attempting to delete: C:\WINDOWS\system32\q0nu0a59ed.dll
C:\WINDOWS\system32\q0nu0a59ed.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP478\A0019659.dll
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP478\A0019659.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP478\A0019987.dll
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP478\A0019987.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP478\A0020013.dll
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP478\A0020013.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP478\A0020025.dll
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP478\A0020025.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP478\A0020028.dll
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP478\A0020028.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP478\A0020029.dll
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP478\A0020029.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP478\A0020043.dll
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP478\A0020043.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP478\A0020047.dll
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP478\A0020047.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP478\A0020058.dll
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP478\A0020058.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\SYSTEM32\ir04l5dq1.dll
C:\WINDOWS\SYSTEM32\ir04l5dq1.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\SYSTEM32\mhvcp71.dll
C:\WINDOWS\SYSTEM32\mhvcp71.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\SYSTEM32\mwiqtz32.dll
C:\WINDOWS\SYSTEM32\mwiqtz32.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\SYSTEM32\q0nu0a59ed.dll
C:\WINDOWS\SYSTEM32\q0nu0a59ed.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\System32\guard.tmp
C:\WINDOWS\System32\guard.tmp Deleted successfully!

Making registry repairs.

Removing: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Setup

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{80C24CE5-BD47-4A8B-84A0-57F2B525CD01}"
HKCR\Clsid\{80C24CE5-BD47-4A8B-84A0-57F2B525CD01}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{65F11CD9-DD1C-4DEB-900A-9CC1C859114F}"
HKCR\Clsid\{65F11CD9-DD1C-4DEB-900A-9CC1C859114F}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{AFD6F9D9-DA34-45B9-BBF0-6FF1F3DFD9F7}"
HKCR\Clsid\{AFD6F9D9-DA34-45B9-BBF0-6FF1F3DFD9F7}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{B23C3B9A-C6FF-4FB3-ABE2-4785B49AEB3A}"
HKCR\Clsid\{B23C3B9A-C6FF-4FB3-ABE2-4785B49AEB3A}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{C48B6256-5F7A-49D2-8771-5E3D2F75CE7F}"
HKCR\Clsid\{C48B6256-5F7A-49D2-8771-5E3D2F75CE7F}

Restoring Windows certificates.

Replaced hosts file with default windows hosts file


Restoring SeDebugPrivilege for Administrators - Succeeded


thanks again.
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
adware going nuts...ad-aware unable to remove it all.
« Reply #3 on: April 24, 2006, 08:19:43 PM »
Still some work to do
but you got rid of a bad guy

Can you do the following please

Can you open "MyComputer"
Double click to open Local Disk C: drive
Right click an empty spot  and left click NEW>>Folder
A new folder will be placed in the C: folder , name it BFU
So you now have C:\BFU

Please download Brute Force Uninstaller
Reminder, choose SAVE rather than OPEN
Then Extract (UNZIP) the contents to the (C:\BFU) folder you just made
So you now have C:\Bfu\bfu.exe

[color=\"#CC0000\"]RIGHT CLICK HERE[/color]
 and choose "Save As" (in IE it's "Save Target As") in order to download  [color=\"#3333FF\"]Alcanshorty.bfu[/color].
Save it in the folder you made earlier (c:\BFU)
So you now have C:\Bfu\alcanshorty.bfu

==Download and then Install
Ewido anti-malware 3.5

When installing, under "Additional Options" Uncheck
 "Install background guard" and "Install scan via context menu".

From the main ewido screen, click on Update in the left menu, then click the Start update button.
After the update finishes (the status bar at the bottom will display "Update successful")
Close out Ewido for now, we'll need it later
If for some reason the Updater won't work can take a look at the following link to help with
the updating
http://www.ewido.net/en/support/?AID=26

Please save these instructions to a Notepad file and save it to your Desktop for reference
or Print them out!

RESTART your Computer in SAFE MODE
You can do this by tapping the F8 key as the system is restarting, just before Windows loads
Choose Safe mode from the startup menu
In safe mode

Go to START>>RUN>>Type in the Exactly the following in bold and hit OK after each
sc stop "Windows Overlay Components"
Hit OK
Notice the spaces
Then
sc delete "Windows Overlay Components"
Hit OK

Continue with
sc stop NetDDEdsma
Hit OK
and
sc delete NetDDEdsma
Hit OK

Find and delete these files, in the exact location please
C:\WINDOWS\tviyfbx.exe <-this file
C:\WINDOWS\svchost.exe <-this file, DO NOT attempt to try and delete the legit svchost.exe that resides in the system32 folder!!

=Open the C:\BFU folder
Double click to run BFU.exe
Use the "Open Script file" button (the folder icon next to Scriptfile to execute)
Navigate to alcanshorty.bfu in the C:\BFU folder
Right click alcanshorty.bfu and choose Select
In Brute Force Uninstaller select Execute
Wait for the "complete script execution" box to pop up and press OK.
Press exit to terminate the BFU program.

==Open Ewido Anti-malware
Click on the Scanner button on the left menu
Select Complete System Scan
*If Ewido finds something it will prompt you with "Infected Object found"
Ensure the following are Selected
  *1. Perform Action = Remove
  *2. Create Encrypted Backup in Quarantine (Recommended)
  *3. Perform action with all infections
  Then click OK
When Ewido has finished it's scan click the "Save Report" button
Save the report to the desktop or someplace you will remember
Exit Ewido
NOTE: When Ewido is running, don't open any other windows, let it run uninterrupted

Do a "System scan only" with Hijackthis and put a check next to these entries:
Not all may be found, but check what you see below

R3 - URLSearchHook: (no name) - _{02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)

O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [keyboard] C:\windows\keyboard13.exe
O4 - HKLM\..\Run: [mousepad] C:\windows\mousepad13.exe
O4 - HKLM\..\Run: [newname] C:\windows\newname13.exe
O4 - HKLM\..\Run: [tviyfbxA] C:\WINDOWS\tviyfbxA.exe
O4 - HKLM\..\Run: [TheMonitor] C:\WINDOWS\SYSC00.exe

After you have ticked the above entry, close All other open windows
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis

Reboot back to Normal mode

Post back the following please
1. Post back a fresh hijackthis log
2. Post the whole report from Ewido's you saved earlier

Could you also do the following
From below, download and save then UNZIP to your desktop
Find_it.bat
Double click on Find_It.bat
A dos window will open, scan quickly and then close
When it's done a folder will be placed on your desktop if it already doesn't exist
Called Files
Can you open the Files folder, inside will be a file called Look1.txt
Open the file and copy and paste back the whole contents please

If you can't post everything in one reply box, try more than one reply please
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline rredmax

  • Newbie
  • *
  • Posts: 11
  • Karma: +0/-0
    • View Profile
adware going nuts...ad-aware unable to remove it all.
« Reply #4 on: April 24, 2006, 08:38:02 PM »
I did not have the following files.
C:\WINDOWS\tviyfbx.exe <-this file
C:\WINDOWS\svchost.exe <-this file

I stopped in the procedure at this step.
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
adware going nuts...ad-aware unable to remove it all.
« Reply #5 on: April 24, 2006, 08:59:04 PM »
Set Windows To Show Hidden Files and Folders
    * Click Start.
    * Open My Computer.
    * Select the Tools menu and click Folder Options.
    * Select the View Tab.
    * Under the Hidden files and folders heading select Show hidden files and folders.
    * Uncheck the Hide protected operating system files (recommended) option.
    * Uncheck the Hide Extensions for known file types
    * Click Yes to confirm.
    * Click OK.
Then look for the files

Carry on with the instructions
Post back all the info later
Let me know what you couldn't accomplish afterwards
« Last Edit: April 24, 2006, 09:00:17 PM by guestolo »
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline rredmax

  • Newbie
  • *
  • Posts: 11
  • Karma: +0/-0
    • View Profile
adware going nuts...ad-aware unable to remove it all.
« Reply #6 on: April 24, 2006, 10:12:17 PM »
Logfile of HijackThis v1.99.1
Scan saved at 11:00:32 PM, on 4/24/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Dell\AccessDirect\dadapp.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Dell\AccessDirect\DadTray.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\bcmntray.exe
C:\Zone Labs\ZoneAlarm\zlclient.exe
C:\AIM\aim.exe
C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\WINDOWS\system32\spoolsv.exe
C:\CASIO\Photo Loader\Plauto.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Documents and Settings\Vinnie\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/

myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/

myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common

Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton

Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.

ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [DadApp] C:\Program Files\Dell\AccessDirect\dadapp.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -

osboot
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\System32\bcmntray
O4 - HKLM\..\Run: [Zone Labs Client] C:\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKCU\..\Run: [AIM] C:\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common

Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Photo Loader supervisory.lnk = C:\CASIO\Photo Loader\Plauto.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32

\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:

\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32

\Shdocvw.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: ppctlcab - http://ppupdates.ca.com/downloads/scanner/ppctlcab.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://

ppupdates.ca.com/downloads/scanner/axscanner.cab
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.

ofoto.com/downloads/BUM/BUM_WIN_IE_1/axofupld.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common

Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common

Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program

Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program

Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-

malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common

Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program

Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32

\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton

AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1

\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program

Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32

\ZoneLabs\vsmon.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE





---------------------------------------------------------
 ewido anti-malware - Scan report
---------------------------------------------------------

 + Created on:         10:51:59 PM, 4/24/2006
 + Report-Checksum:      AE18CAD2

 + Scan result:

   HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\AMeOpt -> Adware.InternetOptimizer : Cleaned with backup
   HKU\.DEFAULT\Software\SurfSideKick3 -> Adware.SurfSide : Cleaned with backup
   HKU\.DEFAULT\Software\SurfSideKick3\Internet Explorer -> Adware.SurfSide : Cleaned with backup
   HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\AMeOpt -> Adware.InternetOptimizer : Cleaned with backup
   HKU\S-1-5-18\Software\SurfSideKick3 -> Adware.SurfSide : Cleaned with backup
   HKU\S-1-5-18\Software\SurfSideKick3\Internet Explorer -> Adware.SurfSide : Cleaned with backup
   C:\bintheredunthat\tviyfbx.exe -> Hijacker.VB.ij : Cleaned with backup
   C:\bintheredunthat\tviyfbxA.exe -> Hijacker.VB.ij : Cleaned with backup
   C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\81EB01AJ\drsmartload[1].exe -> Downloader.VB.abm : Cleaned with backup
   C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\81EB01AJ\newname13[1].exe -> Downloader.VB.aaf : Cleaned with backup
   C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\ENIDAH4R\keyboard13[1].exe -> Downloader.VB.abj : Cleaned with backup
   C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\ENIDAH4R\mousepad13[1].exe -> Hijacker.VB.mo : Cleaned with backup
   C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\GNU96RM3\visfx500[1].exe -> Dropper.Agent.aie : Cleaned with backup
   :mozilla.24:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
   :mozilla.25:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
   :mozilla.26:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
   :mozilla.27:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
   :mozilla.28:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
   :mozilla.29:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
   :mozilla.30:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
   :mozilla.31:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
   :mozilla.32:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
   :mozilla.33:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
   :mozilla.34:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
   :mozilla.35:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
   :mozilla.36:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
   :mozilla.37:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
   :mozilla.38:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
   :mozilla.39:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
   :mozilla.50:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned with backup
   :mozilla.51:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
   :mozilla.52:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
   :mozilla.53:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
   :mozilla.54:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
   :mozilla.55:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
   :mozilla.56:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
   :mozilla.58:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
   :mozilla.59:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
   :mozilla.60:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
   :mozilla.61:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
   :mozilla.66:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Addynamix : Cleaned with backup
   :mozilla.73:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
   :mozilla.74:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
   :mozilla.75:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
   :mozilla.76:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
   :mozilla.90:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
   :mozilla.91:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
   :mozilla.92:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
   :mozilla.93:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
   :mozilla.94:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
   :mozilla.95:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
   :mozilla.96:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
   :mozilla.97:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
   :mozilla.98:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
   :mozilla.107:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
   :mozilla.108:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
   :mozilla.109:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
   :mozilla.110:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
   :mozilla.117:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
   :mozilla.118:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
   :mozilla.119:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
   :mozilla.120:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
   :mozilla.121:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
   :mozilla.124:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
   :mozilla.125:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
   :mozilla.126:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
   :mozilla.127:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
   :mozilla.128:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
   :mozilla.129:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
   :mozilla.142:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
   :mozilla.143:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
   :mozilla.144:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
   :mozilla.151:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.152:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.153:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.154:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.155:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.156:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.157:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.158:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.159:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.160:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.161:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.162:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.163:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.164:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.165:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.166:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.167:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.168:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.169:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.170:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.171:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.172:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.173:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.174:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.175:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.176:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.177:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.184:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.185:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.186:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.187:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.188:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.189:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.190:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.191:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.192:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.193:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.194:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.195:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.196:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.197:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.198:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.199:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.200:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.201:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.202:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.203:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.204:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.218:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned with backup
   :mozilla.219:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
   :mozilla.220:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.221:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
   :mozilla.222:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
   :mozilla.223:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
   :mozilla.224:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
   :mozilla.225:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
   :mozilla.235:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
   :mozilla.236:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
   :mozilla.237:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
   :mozilla.238:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
   :mozilla.239:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
   :mozilla.240:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
   :mozilla.241:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
   :mozilla.242:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
   :mozilla.243:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
   :mozilla.244:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
   :mozilla.245:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
   :mozilla.246:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
   :mozilla.247:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
   :mozilla.249:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
   :mozilla.250:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
   :mozilla.251:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned with backup
   :mozilla.252:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned with backup
   :mozilla.257:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup
   :mozilla.258:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup
   :mozilla.293:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup
   :mozilla.294:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup
   :mozilla.295:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
   :mozilla.296:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
   :mozilla.305:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
   :mozilla.306:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
   :mozilla.307:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
   :mozilla.313:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup
   :mozilla.314:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup
   :mozilla.318:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup
   :mozilla.319:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup
   :mozilla.329:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
   :mozilla.330:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
   :mozilla.331:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
   :mozilla.332:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
   :mozilla.333:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
   :mozilla.334:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
   :mozilla.335:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
   :mozilla.336:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
   :mozilla.337:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
   :mozilla.338:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
   :mozilla.339:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
   :mozilla.340:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
   :mozilla.341:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
   :mozilla.342:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
   :mozilla.343:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
   :mozilla.372:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
   :mozilla.373:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
   :mozilla.374:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
   :mozilla.375:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
   :mozilla.377:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
   :mozilla.378:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
   :mozilla.383:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup
   :mozilla.387:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
   :mozilla.388:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
   :mozilla.389:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
   :mozilla.390:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
   :mozilla.391:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
   :mozilla.392:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
   :mozilla.393:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
   :mozilla.394:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
   :mozilla.404:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
   :mozilla.428:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
   :mozilla.429:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
   :mozilla.430:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
   :mozilla.457:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup
   :mozilla.458:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup
   :mozilla.459:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup
   :mozilla.460:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup
   :mozilla.466:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup
   :mozilla.467:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
   :mozilla.473:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
   :mozilla.474:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
   :mozilla.508:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
   :mozilla.509:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
   :mozilla.510:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
   :mozilla.511:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
   :mozilla.512:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
   :mozilla.513:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
   :mozilla.540:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.545:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
   :mozilla.546:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
   :mozilla.547:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
   :mozilla.555:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
   :mozilla.557:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
   :mozilla.653:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
   :mozilla.654:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
   :mozilla.655:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
   :mozilla.656:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
   :mozilla.660:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.668:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
   :mozilla.693:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
   :mozilla.694:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned with backup
   :mozilla.700:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
   :mozilla.716:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
   :mozilla.717:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
   :mozilla.719:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
   :mozilla.720:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
   :mozilla.721:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
   :mozilla.722:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
   :mozilla.723:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
   :mozilla.724:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
   :mozilla.725:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
   :mozilla.737:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
   :mozilla.759:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Goldenpalace : Cleaned with backup
   :mozilla.766:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Commission-junction : Cleaned with backup
   :mozilla.767:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Commission-junction : Cleaned with backup
   :mozilla.775:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
   :mozilla.776:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
   :mozilla.777:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
   :mozilla.779:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
   :mozilla.785:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup
   :mozilla.799:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.802:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
   :mozilla.817:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup
   :mozilla.818:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
   :mozilla.819:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
   :mozilla.834:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned with backup
   :mozilla.835:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned with backup
   :mozilla.836:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup
   :mozilla.837:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup
   :mozilla.838:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup
   :mozilla.847:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
   :mozilla.848:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
   :mozilla.862:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Bfast : Cleaned with backup
   :mozilla.907:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
   :mozilla.908:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Coremetrics : Cleaned with backup
   :mozilla.922:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
   :mozilla.929:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
   :mozilla.930:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup
   :mozilla.931:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
   C:\Documents and Settings\Vinnie\Cookies\[email protected][2].txt -> TrackingCookie.2o7 : Cleaned with backup
   C:\Documents and Settings\Vinnie\Cookies\[email protected][2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
   C:\Documents and Settings\Vinnie\Cook
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
adware going nuts...ad-aware unable to remove it all.
« Reply #7 on: April 24, 2006, 10:13:40 PM »
Can you post the rest of the Ewido log please
I should of had you clear your cookies before running it from the looks of it

Don't post anything from the Ewido log that are related to Cookies
As eg..
 :mozilla.31:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup

But post everything below it and the additional info I asked for
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline rredmax

  • Newbie
  • *
  • Posts: 11
  • Karma: +0/-0
    • View Profile
adware going nuts...ad-aware unable to remove it all.
« Reply #8 on: April 24, 2006, 10:20:56 PM »
continued....

   :mozilla.922:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
   :mozilla.929:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
   :mozilla.930:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup
   :mozilla.931:C:\Documents and Settings\Vinnie\Application Data\Mozilla\Firefox\Profiles\weein9va.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
   C:\Documents and Settings\Vinnie\Cookies\[email protected][2].txt -> TrackingCookie.2o7 : Cleaned with backup
   C:\Documents and Settings\Vinnie\Cookies\[email protected][2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
   C:\Documents and Settings\Vinnie\Cookies\[email protected][1].txt -> TrackingCookie.Specificclick : Cleaned with backup
   C:\Documents and Settings\Vinnie\Cookies\vinnie@kmpads[1].txt -> TrackingCookie.Kmpads : Cleaned with backup
   C:\Documents and Settings\Vinnie\Cookies\[email protected][1].txt -> TrackingCookie.Liveperson : Cleaned with backup
   C:\Documents and Settings\Vinnie\Cookies\vinnie@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP478\A0019462.exe -> Adware.Enbrow : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP478\A0019466.exe -> Downloader.VB.tw : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP478\A0019467.exe -> Downloader.VB.tw : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP478\A0019468.exe -> Adware.Enbrow : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP478\A0019469.dll -> Adware.SurfSide : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP478\A0020040.exe -> Downloader.VB.aaf : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP478\A0020066.exe -> Downloader.VB.abj : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP478\A0020067.exe -> Downloader.VB.aaf : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP478\A0020068.exe -> Hijacker.VB.mo : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP478\A0020072.exe -> Adware.AdURL : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP478\A0020073.dll -> Adware.Look2Me : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP478\A0020074.dll -> Adware.Look2Me : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP479\A0020118.dll -> Hijacker.Small.jf : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP479\A0020120.exe -> Trojan.VB.tg : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP479\A0020122.exe -> Downloader.VB.abm : Cleaned with backup
   C:\visfx500.exe -> Dropper.Agent.aie : Cleaned with backup
   C:\WINDOWS\icont.exe -> Adware.AdURL : Cleaned with backup
   C:\WINDOWS\SYSTEM32\CGYPTNET.DLL -> Adware.Look2Me : Cleaned with backup
   C:\WINDOWS\SYSTEM32\SADLL.DLL -> Adware.Look2Me : Cleaned with backup
   C:\WINDOWS\SYSTEM32\TDPIUI.DLL -> Adware.Look2Me : Cleaned with backup
   C:\WINDOWS\unin101.exe -> Trojan.VB.tg : Cleaned with backup
   C:\WINDOWS\uni_eh.exe -> Trojan.VB.tg : Cleaned with backup


::Report End


side note. i did have view hidden files and view os files

thanks.

doesn't exist HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\rdriv
doesn't exist HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\rdriv
-----------------------
-----------------------
REGEDIT4
-----------------------
-----------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
"EnableFirewall"=dword:00000000


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Messenger]
"Type"=dword:00000020
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,33,\
  32,5c,73,76,63,68,6f,73,74,2e,65,78,65,20,2d,6b,20,6e,65,74,73,76,63,73,00
"DisplayName"="Messenger"
"DependOnService"=hex(7):4c,61,6e,6d,61,6e,57,6f,72,6b,73,74,61,74,69,6f,6e,00,\
  4e,65,74,42,49,4f,53,00,50,6c,75,67,50,6c,61,79,00,52,70,63,53,53,00,00
"DependOnGroup"=hex(7):00
"ObjectName"="LocalSystem"
"Description"="Transmits net send and Alerter service messages between clients and servers. This service is not related to Windows Messenger. If this service is stopped, Alerter messages will not be transmitted. If this service is disabled, any services that explicitly depend on it will fail to start."
"Start"=dword:00000004

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Messenger\Parameters]
"ServiceDll"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,\
  33,32,5c,6d,73,67,73,76,63,2e,64,6c,6c,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Messenger\Security]
"Security"=hex:01,00,14,80,78,00,00,00,84,00,00,00,14,00,00,00,30,00,00,00,02,\
  00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
  00,00,02,00,48,00,03,00,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,\
  05,0b,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
  20,02,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,05,12,00,00,00,01,\
  01,00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Messenger\Enum]
"0"="Root\\LEGACY_MESSENGER\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry]
"Start"=dword:00000004


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr]
"Start"=dword:00000004


[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate]
"DoNotAllowXPSP2"=dword:00000001


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole]
"DefaultLaunchPermission"=hex:01,00,04,80,64,00,00,00,80,00,00,00,00,00,00,00,\
  14,00,00,00,02,00,50,00,03,00,00,00,00,00,18,00,01,00,00,00,01,01,00,00,00,\
  00,00,05,12,00,00,00,00,00,00,00,00,00,18,00,01,00,00,00,01,01,00,00,00,00,\
  00,05,04,00,00,00,00,00,00,00,00,00,18,00,01,00,00,00,01,02,00,00,00,00,00,\
  05,20,00,00,00,20,02,00,00,01,05,00,00,00,00,00,05,15,00,00,00,a0,5f,84,1f,\
  5e,2e,6b,49,ce,12,03,03,f4,01,00,00,01,05,00,00,00,00,00,05,15,00,00,00,a0,\
  5f,84,1f,5e,2e,6b,49,ce,12,03,03,f4,01,00,00
"EnableDCOM"="Y"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST]
"System.EnterpriseServices.Thunk.dll"=""


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00
"Bounds"=hex:00,30,00,00,00,20,00,00
"Security Packages"=hex(7):6b,65,72,62,65,72,6f,73,00,6d,73,76,31,5f,30,00,73,\
  63,68,61,6e,6e,65,6c,00,77,64,69,67,65,73,74,00,00
"LsaPid"=dword:00000364
"SecureBoot"=dword:00000001
"auditbaseobjects"=dword:00000000
"crashonauditfail"=dword:00000000
"disabledomaincreds"=dword:00000000
"everyoneincludesanonymous"=dword:00000000
"fipsalgorithmpolicy"=dword:00000000
"forceguest"=dword:00000001
"fullprivilegeauditing"=hex:00
"limitblankpassworduse"=dword:00000001
"lmcompatibilitylevel"=dword:00000000
"nodefaultadminowner"=dword:00000001
"nolmhash"=dword:00000000
"restrictanonymous"=dword:00000000
"restrictanonymoussam"=dword:00000001
"Notification Packages"=hex(7):73,63,65,63,6c,69,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders]
"ProviderOrder"=hex(7):57,69,6e,64,6f,77,73,20,4e,54,20,41,63,63,65,73,73,20,\
  50,72,6f,76,69,64,65,72,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider]
"ProviderPath"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,6d,\
  33,32,5c,6e,74,6d,61,72,74,61,2e,64,6c,6c,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data]
"Pattern"=hex:37,82,85,e3,ef,36,6c,be,c6,c6,f6,72,ff,46,e9,8b,34,65,33,38,63,\
  65,32,32,00,00,00,00,01,00,00,00,bc,01,00,00,c0,01,00,00,34,ca,06,00,45,9d,\
  bf,71,04,00,00,00,10,00,00,00,00,00,00,00,dd,e2,57,b1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG]
"GrafBlumGroup"=hex:08,0f,36,1c,01,85,a3,f6,d6

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD]
"Lookup"=hex:f1,ad,0d,02,4e,c0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0]
"ntlmminclientsec"=dword:00000000
"ntlmminserversec"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1]
"SkewMatrix"=hex:49,b8,0b,17,f3,ee,1b,e7,99,4e,05,ed,41,de,fc,d7

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4]
"SSOURL"="http://www.passport.com"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache]
"Time"=hex:10,56,4e,9e,bb,37,c4,01

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll]
"Name"="Digest"
"Comment"="Digest SSPI Authentication Package"
"Capabilities"=dword:00004050
"RpcId"=dword:0000ffff
"Version"=dword:00000001
"TokenSize"=dword:0000ffff
"Time"=hex:00,68,93,82,7d,4f,c2,01
"Type"=dword:00000031

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll]
"Name"="DPA"
"Comment"="DPA Security Package"
"Capabilities"=dword:00000037
"RpcId"=dword:00000011
"Version"=dword:00000001
"TokenSize"=dword:00000300
"Time"=hex:00,90,34,d6,42,4f,c2,01
"Type"=dword:00000031

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll]
"Name"="MSN"
"Comment"="MSN Security Package"
"Capabilities"=dword:00000037
"RpcId"=dword:00000012
"Version"=dword:00000001
"TokenSize"=dword:00000300
"Time"=hex:00,68,93,82,7d,4f,c2,01
"Type"=dword:00000031


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"UpdatesDisableNotify"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001


[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
"EnableFirewall"=dword:00000000


[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
"EnableFirewall"=dword:00000000


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Messenger]
"Type"=dword:00000020
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,33,\
  32,5c,73,76,63,68,6f,73,74,2e,65,78,65,20,2d,6b,20,6e,65,74,73,76,63,73,00
"DisplayName"="Messenger"
"DependOnService"=hex(7):4c,61,6e,6d,61,6e,57,6f,72,6b,73,74,61,74,69,6f,6e,00,\
  4e,65,74,42,49,4f,53,00,50,6c,75,67,50,6c,61,79,00,52,70,63,53,53,00,00
"DependOnGroup"=hex(7):00
"ObjectName"="LocalSystem"
"Description"="Transmits net send and Alerter service messages between clients and servers. This service is not related to Windows Messenger. If this service is stopped, Alerter messages will not be transmitted. If this service is disabled, any services that explicitly depend on it will fail to start."
"Start"=dword:00000004

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Messenger\Parameters]
"ServiceDll"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,\
  33,32,5c,6d,73,67,73,76,63,2e,64,6c,6c,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Messenger\Security]
"Security"=hex:01,00,14,80,78,00,00,00,84,00,00,00,14,00,00,00,30,00,00,00,02,\
  00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
  00,00,02,00,48,00,03,00,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,\
  05,0b,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
  20,02,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,05,12,00,00,00,01,\
  01,00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Messenger\Enum]
"0"="Root\\LEGACY_MESSENGER\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry]
"Start"=dword:00000004


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr]
"Start"=dword:00000004


[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate]
"DoNotAllowXPSP2"=dword:00000001


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole]
"DefaultLaunchPermission"=hex:01,00,04,80,64,00,00,00,80,00,00,00,00,00,00,00,\
  14,00,00,00,02,00,50,00,03,00,00,00,00,00,18,00,01,00,00,00,01,01,00,00,00,\
  00,00,05,12,00,00,00,00,00,00,00,00,00,18,00,01,00,00,00,01,01,00,00,00,00,\
  00,05,04,00,00,00,00,00,00,00,00,00,18,00,01,00,00,00,01,02,00,00,00,00,00,\
  05,20,00,00,00,20,02,00,00,01,05,00,00,00,00,00,05,15,00,00,00,a0,5f,84,1f,\
  5e,2e,6b,49,ce,12,03,03,f4,01,00,00,01,05,00,00,00,00,00,05,15,00,00,00,a0,\
  5f,84,1f,5e,2e,6b,49,ce,12,03,03,f4,01,00,00
"EnableDCOM"="Y"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST]
"System.EnterpriseServices.Thunk.dll"=""


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00
"Bounds"=hex:00,30,00,00,00,20,00,00
"Security Packages"=hex(7):6b,65,72,62,65,72,6f,73,00,6d,73,76,31,5f,30,00,73,\
  63,68,61,6e,6e,65,6c,00,77,64,69,67,65,73,74,00,00
"LsaPid"=dword:00000364
"SecureBoot"=dword:00000001
"auditbaseobjects"=dword:00000000
"crashonauditfail"=dword:00000000
"disabledomaincreds"=dword:00000000
"everyoneincludesanonymous"=dword:00000000
"fipsalgorithmpolicy"=dword:00000000
"forceguest"=dword:00000001
"fullprivilegeauditing"=hex:00
"limitblankpassworduse"=dword:00000001
"lmcompatibilitylevel"=dword:00000000
"nodefaultadminowner"=dword:00000001
"nolmhash"=dword:00000000
"restrictanonymous"=dword:00000000
"restrictanonymoussam"=dword:00000001
"Notification Packages"=hex(7):73,63,65,63,6c,69,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders]
"ProviderOrder"=hex(7):57,69,6e,64,6f,77,73,20,4e,54,20,41,63,63,65,73,73,20,\
  50,72,6f,76,69,64,65,72,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider]
"ProviderPath"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,6d,\
  33,32,5c,6e,74,6d,61,72,74,61,2e,64,6c,6c,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data]
"Pattern"=hex:37,82,85,e3,ef,36,6c,be,c6,c6,f6,72,ff,46,e9,8b,34,65,33,38,63,\
  65,32,32,00,00,00,00,01,00,00,00,bc,01,00,00,c0,01,00,00,34,ca,06,00,45,9d,\
  bf,71,04,00,00,00,10,00,00,00,00,00,00,00,dd,e2,57,b1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG]
"GrafBlumGroup"=hex:08,0f,36,1c,01,85,a3,f6,d6

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD]
"Lookup"=hex:f1,ad,0d,02,4e,c0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0]
"ntlmminclientsec"=dword:00000000
"ntlmminserversec"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1]
"SkewMatrix"=hex:49,b8,0b,17,f3,ee,1b,e7,99,4e,05,ed,41,de,fc,d7

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4]
"SSOURL"="http://www.passport.com"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache]
"Time"=hex:10,56,4e,9e,bb,37,c4,01

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll]
"Name"="Digest"
"Comment"="Digest SSPI Authentication Package"
"Capabilities"=dword:00004050
"RpcId"=dword:0000ffff
"Version"=dword:00000001
"TokenSize"=dword:0000ffff
"Time"=hex:00,68,93,82,7d,4f,c2,01
"Type"=dword:00000031

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll]
"Name"="DPA"
"Comment"="DPA Security Package"
"Capabilities"=dword:00000037
"RpcId"=dword:00000011
"Version"=dword:00000001
"TokenSize"=dword:00000300
"Time"=hex:00,90,34,d6,42,4f,c2,01
"Type"=dword:00000031

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll]
"Name"="MSN"
"Comment"="MSN Security Package"
"Capabilities"=dword:00000037
"RpcId"=dword:00000012
"Version"=dword:00000001
"TokenSize"=dword:00000300
"Time"=hex:00,68,93,82,7d,4f,c2,01
"Type"=dword:00000031


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"UpdatesDisableNotify"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001


[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
"EnableFirewall"=dword:00000000


Logged

Offline rredmax

  • Newbie
  • *
  • Posts: 11
  • Karma: +0/-0
    • View Profile
adware going nuts...ad-aware unable to remove it all.
« Reply #9 on: April 25, 2006, 09:35:52 PM »
updated.....

thanks
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
adware going nuts...ad-aware unable to remove it all.
« Reply #10 on: April 25, 2006, 09:46:29 PM »
Sorry for the delay redmaxx
I just have to step out for a bit, I'll be back for continuing support
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline rredmax

  • Newbie
  • *
  • Posts: 11
  • Karma: +0/-0
    • View Profile
adware going nuts...ad-aware unable to remove it all.
« Reply #11 on: April 25, 2006, 09:51:05 PM »
no problem.
thank you very much for your support. things are already much better. i appreciate it.
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
adware going nuts...ad-aware unable to remove it all.
« Reply #12 on: April 25, 2006, 11:45:22 PM »
==Download and install Windows CleanUp! 4.5.1
==Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu).
Set the program up as follows:
Click "Options..."
Move the arrow down to "Custom CleanUp!"
Put a check next to the following (Make sure nothing else is checked!):

    * Empty Recycle Bins
    * Delete Cookies
    * Delete Prefetch files
    * Cleanup! All Users

Click OK
Press the CleanUp! button to start the program.
When it's done>>Click Close
DECLINE to Log off or Restart the computer

Can you do the following
From the bottom of this reply box, download and choose SAVE to disk
Fix.zip
Then extract (Unzip) the contents too desktop so you now have Fix.reg on desktop
Double click on Fix.reg and allow to add/merge to the registry

Afterwards
Open Hijackthis
Open Misc tools section
Open Delete file on Reboot
In the file name field, copy and paste the whole bold line below then click the OPEN button

C:\WINDOWS\svchost.exe

If the file is found, Hijackthis should prompt to reboot the computer
Do so!

Regardless whether the file is found or not
Reboot the computer anyways

Back in Windows
Post a fresh hijackthis log

Also
Delete look1.txt in the Files folder
Then double click to run Find_It.bat again and post the new contents of look1.txt
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline rredmax

  • Newbie
  • *
  • Posts: 11
  • Karma: +0/-0
    • View Profile
adware going nuts...ad-aware unable to remove it all.
« Reply #13 on: April 26, 2006, 03:34:20 PM »
Logfile of HijackThis v1.99.1
Scan saved at 4:32:51 PM, on 4/26/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Dell\AccessDirect\dadapp.exe
C:\Program Files\Dell\AccessDirect\DadTray.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\WINDOWS\System32\bcmntray.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Zone Labs\ZoneAlarm\zlclient.exe
C:\AIM\aim.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\CASIO\Photo Loader\Plauto.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Vinnie\Desktop\HijackThis.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [DadApp] C:\Program Files\Dell\AccessDirect\dadapp.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\System32\bcmntray
O4 - HKLM\..\Run: [Zone Labs Client] C:\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKCU\..\Run: [AIM] C:\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Photo Loader supervisory.lnk = C:\CASIO\Photo Loader\Plauto.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: ppctlcab - http://ppupdates.ca.com/downloads/scanner/ppctlcab.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://ppupdates.ca.com/downloads/scanner/axscanner.cab
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.ofoto.com/downloads/BUM/BUM_WIN_IE_1/axofupld.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE




doesn't exist HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\rdriv
-----------------------
-----------------------
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Messenger]
"Type"=dword:00000020
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,33,\
  32,5c,73,76,63,68,6f,73,74,2e,65,78,65,20,2d,6b,20,6e,65,74,73,76,63,73,00
"DisplayName"="Messenger"
"DependOnService"=hex(7):4c,61,6e,6d,61,6e,57,6f,72,6b,73,74,61,74,69,6f,6e,00,\
  4e,65,74,42,49,4f,53,00,50,6c,75,67,50,6c,61,79,00,52,70,63,53,53,00,00
"DependOnGroup"=hex(7):00
"ObjectName"="LocalSystem"
"Description"="Transmits net send and Alerter service messages between clients and servers. This service is not related to Windows Messenger. If this service is stopped, Alerter messages will not be transmitted. If this service is disabled, any services that explicitly depend on it will fail to start."
"Start"=dword:00000004

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Messenger\Parameters]
"ServiceDll"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,\
  33,32,5c,6d,73,67,73,76,63,2e,64,6c,6c,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Messenger\Security]
"Security"=hex:01,00,14,80,78,00,00,00,84,00,00,00,14,00,00,00,30,00,00,00,02,\
  00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
  00,00,02,00,48,00,03,00,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,\
  05,0b,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
  20,02,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,05,12,00,00,00,01,\
  01,00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Messenger\Enum]
"0"="Root\\LEGACY_MESSENGER\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry]
"Start"=dword:00000002


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr]
"Start"=dword:00000003


[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole]
"DefaultLaunchPermission"=hex:01,00,04,80,64,00,00,00,80,00,00,00,00,00,00,00,\
  14,00,00,00,02,00,50,00,03,00,00,00,00,00,18,00,01,00,00,00,01,01,00,00,00,\
  00,00,05,12,00,00,00,00,00,00,00,00,00,18,00,01,00,00,00,01,01,00,00,00,00,\
  00,05,04,00,00,00,00,00,00,00,00,00,18,00,01,00,00,00,01,02,00,00,00,00,00,\
  05,20,00,00,00,20,02,00,00,01,05,00,00,00,00,00,05,15,00,00,00,a0,5f,84,1f,\
  5e,2e,6b,49,ce,12,03,03,f4,01,00,00,01,05,00,00,00,00,00,05,15,00,00,00,a0,\
  5f,84,1f,5e,2e,6b,49,ce,12,03,03,f4,01,00,00
"EnableDCOM"="Y"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST]
"System.EnterpriseServices.Thunk.dll"=""


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00
"Bounds"=hex:00,30,00,00,00,20,00,00
"Security Packages"=hex(7):6b,65,72,62,65,72,6f,73,00,6d,73,76,31,5f,30,00,73,\
  63,68,61,6e,6e,65,6c,00,77,64,69,67,65,73,74,00,00
"LsaPid"=dword:00000348
"SecureBoot"=dword:00000001
"auditbaseobjects"=dword:00000000
"crashonauditfail"=dword:00000000
"disabledomaincreds"=dword:00000000
"everyoneincludesanonymous"=dword:00000000
"fipsalgorithmpolicy"=dword:00000000
"forceguest"=dword:00000001
"fullprivilegeauditing"=hex:00
"limitblankpassworduse"=dword:00000001
"lmcompatibilitylevel"=dword:00000000
"nodefaultadminowner"=dword:00000001
"nolmhash"=dword:00000000
"restrictanonymous"=dword:00000000
"restrictanonymoussam"=dword:00000001
"Notification Packages"=hex(7):73,63,65,63,6c,69,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders]
"ProviderOrder"=hex(7):57,69,6e,64,6f,77,73,20,4e,54,20,41,63,63,65,73,73,20,\
  50,72,6f,76,69,64,65,72,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider]
"ProviderPath"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,6d,\
  33,32,5c,6e,74,6d,61,72,74,61,2e,64,6c,6c,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data]
"Pattern"=hex:37,82,85,e3,ef,36,6c,be,c6,c6,f6,72,ff,46,e9,8b,34,65,33,38,63,\
  65,32,32,00,00,00,00,01,00,00,00,bc,01,00,00,c0,01,00,00,34,ca,06,00,45,9d,\
  bf,71,04,00,00,00,10,00,00,00,00,00,00,00,dd,e2,57,b1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG]
"GrafBlumGroup"=hex:08,0f,36,1c,01,85,a3,f6,d6

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD]
"Lookup"=hex:f1,ad,0d,02,4e,c0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0]
"ntlmminclientsec"=dword:00000000
"ntlmminserversec"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1]
"SkewMatrix"=hex:49,b8,0b,17,f3,ee,1b,e7,99,4e,05,ed,41,de,fc,d7

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4]
"SSOURL"="http://www.passport.com"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache]
"Time"=hex:10,56,4e,9e,bb,37,c4,01

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll]
"Name"="Digest"
"Comment"="Digest SSPI Authentication Package"
"Capabilities"=dword:00004050
"RpcId"=dword:0000ffff
"Version"=dword:00000001
"TokenSize"=dword:0000ffff
"Time"=hex:00,68,93,82,7d,4f,c2,01
"Type"=dword:00000031

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll]
"Name"="DPA"
"Comment"="DPA Security Package"
"Capabilities"=dword:00000037
"RpcId"=dword:00000011
"Version"=dword:00000001
"TokenSize"=dword:00000300
"Time"=hex:00,90,34,d6,42,4f,c2,01
"Type"=dword:00000031

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll]
"Name"="MSN"
"Comment"="MSN Security Package"
"Capabilities"=dword:00000037
"RpcId"=dword:00000012
"Version"=dword:00000001
"TokenSize"=dword:00000300
"Time"=hex:00,68,93,82,7d,4f,c2,01
"Type"=dword:00000031


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"UpdatesDisableNotify"=dword:00000000
"AntiVirusDisableNotify"=dword:00000000
"FirewallDisableNotify"=dword:00000000
"AntiVirusOverride"=dword:00000000
"FirewallOverride"=dword:00000000


[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]


Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
adware going nuts...ad-aware unable to remove it all.
« Reply #14 on: April 26, 2006, 06:23:28 PM »
Can you let me know how everythins running please
Then we'll just to a bit of final cleanup to help ensure your computer stay's safe
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline rredmax

  • Newbie
  • *
  • Posts: 11
  • Karma: +0/-0
    • View Profile
adware going nuts...ad-aware unable to remove it all.
« Reply #15 on: April 26, 2006, 07:34:01 PM »
things seem to be running fine now. i truly appreciate all your help.
i think i got all this trouble from one of those IM viruses, where someone who has the virus sends out IM's to everyone on his list with a file or link. stupidly i clicked on it.

if you have any other tips for keeping my computer safe, i am open to them.
thanks again,
rredmax
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
adware going nuts...ad-aware unable to remove it all.
« Reply #16 on: April 26, 2006, 07:55:18 PM »
Final Cleanup
We should flush all your restore points to ensure you don't restore any nasties that may be sitting idle
    Go to START>>RUN>>In the open field
    Type in
msconfig
Click OK
Click the "Launch System Restore" button
On the Left hand side click on "System Restore Settings"
Put a Check in "Turn off System Restore"
Apply it and OK out of there>>Reboot your computer
[/list]                          
Back in Windows, Go back and take the check out of "Turn off system restore"
This will reenable the System Restore feature and creates a new restore point

                 [indent][color=\"#CC0000\"]Protect yourself against Future Attacks[/color][/i][/b][/indent]
*Install  SpywareBlaster 3.5.1 by JavaCool  
    *Will block bad ActiveX Controls
    *Block Malevolent cookies in Internet Explorer and Firefox
    *Restrict actions of potentially dangerous sites in Internet Explorer
After installation, Check for updates and then click the "Enable all protection"
"Check for updates every couple of weeks"
after every update just simply click the "enable protection on all unprotected items"
                   
*Make sure your Anti-Virus software is always kept up to date and actively running in the background

*Check for updates with your anti-spyware programs and run a scan on a regular basis
A great addition to Ad-Aware and also free
Is Spybot 1.4,
Can be downloaded from
HERE
 or HERE
After installation--Click the UPDATE button on the left
SEARCH FOR UPDATES on the right
Check, and then download all updates
After update is complete
Click the "Immunize" button on the left>>>OK at the prompt>>Immunzine at the top green cross
Please Immunize after every update

To run a scan
Click the "Search & Destroy" button on the left
"Check for Problems"---When the Scan is complete
FIX all selected promblems in RED
RESTART the computer to finish the cleaning if Red entries were fixed

*Make sure your Firewall is enabled and running
A Firewall is also very important
This provides a line of defense against someone who might try to access your computer without your permission

+ I would opt to hold onto Ewido
Ewido will become a Limited free version in a couple weeks, but it's still a great scanner to update and run on a monthly basis

*Keep up to date on Windows updates (High Priorities)
This is the most important step in keeping your system secure
Service Pack 2 has been out for some time now, and your still not updated
I would take a look at the following link
http://www.microsoft.com/windowsxp/sp2/default.mspx
Take note on that page of the following
   What to know before you download and install
Before updating, you may want to take the oppurtunity to do a Disk Defragment on your computer
If it hasn't been done in some time!

After you have SP2 installed and there are no other High Priority updates
If you have Microsoft Office installed
 Make sure you keep up on security updates
You will find a link at Windows Updates named "Office Family"

Stay safe  http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/biggrin.gif\' class=\'bbc_emoticon\' alt=\':D\' />
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Pages: [1]
« previous next »