« previous next »
Pages: [1]

Author Topic: Win XP DNS Problem  (Read 925 times)

Offline steveh

  • Newbie
  • *
  • Posts: 8
  • Karma: +0/-0
    • View Profile
Win XP DNS Problem
« on: April 28, 2007, 07:25:56 AM »
I have 2 machines networked to a billion ADSL router. Have been working fine but on one machine I had virus troubles, so installed McAfee package,  This fixed the virus, but on that machine I have lost my network. I have de installed McAfee, restarted etc - still no network.  Here are some details.

One of my machines is working fine, this verifies the router is OK, including its DHCP and DNS services.

On the bad machine I cannot get an IP address with DHCP. This is different to before, as I was using DHCP successfully before.  Therefore, I have configured TCPIP manually.  IPCONFIG command shows that IP, Netmask, Gateway look fine. I can ping the router OK with the manual IP setup. I can ping remote IP addresses too.

However NSLOOKUP suggests that my DNS is not functioning right. NSLOOKUP returns my router as the server (same as on good computer). However when I give it a name to lookup I get the 'NO RESPONSE FROM SERVER' ERROR and the DNS fails.

It looks like something is blocking my DHCP and DNS requests. As far as I can tell I dont have any firewalling running.

Appreciate any suggestions on what to do next.

Steve
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Win XP DNS Problem
« Reply #1 on: April 28, 2007, 09:45:44 AM »
There could be leftovers causing loss of connection
I need to check out a Hijackthis log

Can you do the following
Download Hijackthis 1.99.1 from my signature below
Transfer this too the desktop of the computer with no connection with floppy, thumbdrive, cdrw, etc....

Double click on hijackthis_sfx.exe on desktop
Click the UNZIP button>>OK the prompt
This will self extract to C:\Program Files\HijackThis
Delete hijackthis_sfx.exe from desktop

Go to START>>RUN
Copy>>paste the following to the open field, then hit OK
%systemdrive%\Program Files\HijackThis
This will open the Hijackthis folder
RIGHT CLICK on Hijackthis.exe and select SEND TO>>Desktop (create shortcut)
You can now run Hijackthis.exe from the new shortcut placed on your desktop

Do a "SCAN and Save a Log file"
A log will open in Notepad
Copy and paste the WHOLE contents of the log  here
Again, you will have to transfer that log back to the computer with connection
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline steveh

  • Newbie
  • *
  • Posts: 8
  • Karma: +0/-0
    • View Profile
Win XP DNS Problem
« Reply #2 on: April 28, 2007, 07:03:30 PM »
Guestolo,

Here is the logfile from hijackthis, as requested.
Additional info for you.. When I had the virus, the machine
was crashing immediately after login in normal mode.  When
booted in safe mode, it worked OK, and I did have internet.

After installing McAfee package in safe mode and running it, I removed
some trojans and the machine booted again in normal mode.
However I had lost internet, I think maybe due to McAfee firewall?
I think the firewall is now disabled, but sadly my DNS is still
not functioning.

thnx for your interest.

steveh


Logfile of HijackThis v1.99.1
Scan saved at 9:43:15 AM, on 29/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\cmd.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis\HijackThis.exe

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LGODDFU] "C:\Program Files\lg_fwupdate\fwupdate.exe" blrun
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] G:\iTunesHelper.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [WindowsHive] C:\WINDOWS\system32\rpcc.exe
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [PowerBar] "C:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe" /AtBootTime
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'c:\windows\system32\gfscirfqois.dll' missing
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{5DB506DE-3A99-4419-AF9D-174AE1867EFF}: NameServer = 192.168.1.254
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - G:\bin\iPodService.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: WinFast® Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Program Files\SiteAdvisor\6066\SAService.exe

Thanks for your help

steveh

------------------------------------------------------------------------------------------------

[quote name=\'guestolo\' post=\'320038\' date=\'Apr 29 2007, 12:45 AM\']There could be leftovers causing loss of connection
I need to check out a Hijackthis log

Can you do the following
Download Hijackthis 1.99.1 from my signature below
Transfer this too the desktop of the computer with no connection with floppy, thumbdrive, cdrw, etc....

Double click on hijackthis_sfx.exe on desktop
Click the UNZIP button>>OK the prompt
This will self extract to C:\Program Files\HijackThis
Delete hijackthis_sfx.exe from desktop

Go to START>>RUN
Copy>>paste the following to the open field, then hit OK
%systemdrive%\Program Files\HijackThis
This will open the Hijackthis folder
RIGHT CLICK on Hijackthis.exe and select SEND TO>>Desktop (create shortcut)
You can now run Hijackthis.exe from the new shortcut placed on your desktop

Do a "SCAN and Save a Log file"
A log will open in Notepad
Copy and paste the WHOLE contents of the log  here
Again, you will have to transfer that log back to the computer with connection[/quote]
Logged

Offline steveh

  • Newbie
  • *
  • Posts: 8
  • Karma: +0/-0
    • View Profile
Win XP DNS Problem
« Reply #3 on: April 28, 2007, 07:26:51 PM »
Hello Guestolo

Just noticed Item in the Hijackthis log:


O10 - Broken Internet access because of LSP provider 'c:\windows\system32\gfscirfqois.dll' missing

This is the dll which Mcaffee identified as a trojan, and instructed me to remove. (I needed to
download UNLOCKER to delete it. ) Is this something to do with my problem..?

Steve
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Win XP DNS Problem
« Reply #4 on: April 28, 2007, 10:09:47 PM »
I wanted to see a hijackthis log taken from Normal windows, not from safe mode
That's ok for now
I'm just on my way out the door, in the meantime

Can you do the following please
Again, can we transfer a tool needed
Download [color=\"red\"]SDFix[/color] and save>>>Transfer this too the desktop of the computer offline

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)
Navigate to the SDFix folder>>START>>MyComputer>>Local Disk C:>>SDFix folder

Reboot your computer into safe mode please
Sign in with your normal account

SDFix
Go to START>>My Computer>>Double click to open the C:\ folder
  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
I'll need to see that report later

If you are still not online after running this fix
Can you do the following
Open a command window with all other windows closed
START>>RUN>>type in cmd
Hit OK
At the command window type in the following Exactly as posted in bold below

netsh winsock reset catalog

Hit Enter, at the prompt restart your computer

If that get's you back online

Can you post back all the following please

1. Post a fresh hijackthis log taken from Normal windows
2. Post the report from SDFix
3. Could you also, Download this file - Combofix.exe and save it ONLY to your desktop
Double click combofix.exe & follow the prompts.
When finished, it shall produce a log for you.
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
Post the log from combofix please
« Last Edit: April 28, 2007, 10:10:20 PM by guestolo »
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline steveh

  • Newbie
  • *
  • Posts: 8
  • Karma: +0/-0
    • View Profile
Win XP DNS Problem
« Reply #5 on: April 30, 2007, 05:26:34 AM »
Good News Questolo!

The short answer is that your advice has restored my inernet comms! Aleluliah!

Now some additional info as you requested. I have performed the steps as advised. Heres what happened.

I first ran the SDFIX in safe mode.  This didnt itself fix the connection. However when I did the
winsock command my connection was fixed!

I have run the combifix and a fresh hijackthis (normal boot mode).  I just realised I did the combifix before the
fresh hijackthis.  Hope this is OK.

I am including the log files from the 3 procedures at the end of the post.

If you have time I'd appreciate a very brief comment on what was wrong - However appreciate you
are pretty busy so dont worry if you dont have time.

Thanks very much for your professional advice. Much appreciated.

Steve

1. LOG FILE FROM SDFIX
==================


SDFix: Version 1.81

Run by Steve Hearn - Mon 30/04/2007 - 18:42:14.67

Microsoft Windows XP [Version 5.1.2600]
Service Pack 2

Running From: C:\PROGRA~1\SDFix

Safe Mode:
Checking Services:

Name:
ntldr.sys
wincom32

ImagePath:
\??\C:\ntldr.sys
\??\C:\WINDOWS\system32\wincom32.sys

ntldr.sys - Deleted
wincom32 - Deleted


ndis.sys Infected!

Patched File copied to Backups Folder
Attempting to replace ndis.sys with original version...

Original ndis.sys Restored


Restoring Windows Registry Values
Restoring Windows Default Hosts File


Rebooting...

Normal Mode:
Checking Files:

Below files will be copied to Backups folder then removed:

C:\CP1041.NLS - Deleted
C:\WINDOWS\system32\cent.exe.exe - Deleted
C:\Program Files\Setup.exe - Deleted
C:\WINDOWS\system32\svcp.csv - Deleted
C:\WINDOWS\system32\wincom32.ini - Deleted
C:\WINDOWS\system32\winsub.xml - Deleted



Removing Temp Files

ADS Check:

Checking if ADS is attached to system32 Folder
C:\WINDOWS\system32
No streams found.

Checking if ADS is attached to svchost.exe
C:\WINDOWS\system32\svchost.exe
No streams found.



                                 Final Check:

Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"G:\\iTunes.exe"="G:\\iTunes.exe:*:Enabled:iTunes"
"G:\\ipod\\iTunes.exe"="G:\\ipod\\iTunes.exe:*:Enabled:iTunes"
"C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Disabled:Microsoft DirectPlay Voice Test"
"C:\\WINDOWS\\system32\\rundll32.exe"="C:\\WINDOWS\\system32\\rundll32.exe:*:Disabled:Run a DLL as an App"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Documents and Settings\\Kato\\Desktop\\d3.exe"="C:\\Documents and Settings\\Kato\\Desktop\\d3.exe:*:Enabled:enable"
"C:\\WINDOWS\\system32\\spoolsvv.exe"="C:\\WINDOWS\\system32\\spoolsvv.exe:*:Enabled:enable"
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"="C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe:*:Enabled:McAfee Network Agent"
"C:\\WINDOWS\\Explorer.EXE"="C:\\WINDOWS\\Explorer.EXE:*:Enabled:Explorer"


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"


Remaining Files:
---------------

Backups Folder: - C:\PROGRA~1\SDFix\backups\backups.zip

Checking For Files with Hidden Attributes:

C:\Program Files\Replay Converter\cygz.dll

                                 Finished


2. LOG FILE FROM COMBOFIX
=====================
"Steve Hearn" - 07-04-30 19:52:30    Service Pack 2  
ComboFix 07-04-25.4V - Running from: "I:\steveh\"


(((((((((((((((((((((((((((((((   Files Created from 2007-03-28 to 2007-04-30  ))))))))))))))))))))))))))))))))))


2007-04-30 18:36   <DIR>   d--------   C:\Program Files\SDFix
2007-04-25 13:58   <DIR>   d--------   C:\DOCUME~1\ADMINI~1\APPLIC~1\SiteAdvisor
2007-04-25 13:42   <DIR>   d--------   C:\DOCUME~1\LOCALS~1\APPLIC~1\SiteAdvisor
2007-04-25 12:58   <DIR>   d--------   C:\Program Files\SiteAdvisor
2007-04-25 12:58   <DIR>   d--------   C:\DOCUME~1\STEVEH~1\APPLIC~1\SiteAdvisor
2007-04-25 12:58   <DIR>   d--------   C:\DOCUME~1\ALLUSE~1\APPLIC~1\SiteAdvisor
2007-04-25 12:57   71,496   --a------   C:\WINDOWS\system32\drivers\mfeavfk.sys
2007-04-25 12:57   37,480   --a------   C:\WINDOWS\system32\drivers\mfesmfk.sys
2007-04-25 12:57   34,184   --a------   C:\WINDOWS\system32\drivers\mfebopk.sys
2007-04-25 12:57   32,008   --a------   C:\WINDOWS\system32\drivers\mferkdk.sys
2007-04-25 12:57   170,408   --a------   C:\WINDOWS\system32\drivers\mfehidk.sys
2007-04-25 12:57   109,608   --a------   C:\WINDOWS\system32\drivers\Mpfp.sys
2007-04-25 12:57   <DIR>   d--------   C:\Program Files\McAfee.com
2007-04-25 12:57   <DIR>   d--------   C:\Program Files\McAfee
2007-04-25 12:57   <DIR>   d--------   C:\Program Files\Common Files\McAfee
2007-04-25 11:35   <DIR>   d--------   C:\DOCUME~1\ALLUSE~1\APPLIC~1\McAfee
2007-04-25 10:44   786,432   --ah-----   C:\DOCUME~1\ADMINI~1\NTUSER.DAT
2007-04-24 23:24   262,144   --a------   C:\DOCUME~1\ALLUSE~1\ntuser.dat
2007-04-18 18:24   91,476   --a------   C:\WINDOWS\system32\cent.exe
2007-04-17 22:09   <DIR>   d--------   C:\DOCUME~1\KATOWO~1\APPLIC~1\MySpace
2007-04-09 18:47   <DIR>   d--------   C:\DOCUME~1\STEVEH~1\APPLIC~1\MySpace
2007-04-09 12:58   <DIR>   d--------   C:\Program Files\MySpace
2007-04-03 19:55   5,315   --a------   C:\WINDOWS\system32\drivers\CVirtA.sys


((((((((((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-04-30 19:47   --------   d--------   C:\Program Files\lg_fwupdate
2007-04-25 14:28   104168   --a------   C:\WINDOWS\hpoins04.dat
2007-04-24 13:14   --------   d--------   C:\Program Files\msn messenger
2007-04-24 09:31   --------   d--------   C:\Program Files\messenger plus! live
2007-04-09 16:08   7168   --ahs----   C:\Program Files\thumbs.db
2007-04-03 19:55   --------   d--h-----   C:\Program Files\installshield installation information
2007-04-03 19:53   81   --a------   C:\Program Files\null
2007-03-25 03:00   --------   d--------   C:\Program Files\msxml 4.0
2007-03-23 19:48   --------   d--------   C:\Program Files\hp
2007-03-23 19:42   --------   d--------   C:\Program Files\hewlett-packard
2007-03-22 22:41   --------   d--------   C:\Program Files\guitar chords library 5.8 trial
2007-03-17 23:43   292864   --a------   C:\WINDOWS\system32\winsrv.dll
2007-03-09 01:36   577536   --a------   C:\WINDOWS\system32\user32.dll
2007-03-09 01:36   40960   --a------   C:\WINDOWS\system32\mf3216.dll
2007-03-09 01:36   281600   --a------   C:\WINDOWS\system32\gdi32.dll
2007-03-08 23:47   1843584   --a------   C:\WINDOWS\system32\win32k.sys
2007-02-11 21:23   501   --a------   C:\WINDOWS\ereg.dat
2007-02-06 06:17   185344   --a------   C:\WINDOWS\system32\upnphost.dll
2007-01-08 16:19   678   --a------   C:\Program Files\griffith remote access (vlink).pcf


((((((((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))
 
 
*Note* empty entries & legit default entries are not shown
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{02478D38-C3F9-4EFB-9B51-7695ECA05670}   C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}   C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
{089FD14D-132B-48FC-8861-0048AE113215}   C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}   C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
{7DB2D5A0-7241-4E79-B68D-6309F01C5231}   c:\program files\mcafee\virusscan\scriptcl.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6}   C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"CTSysVol"="C:\\Program Files\\Creative\\SBAudigy\\Surround Mixer\\CTSysVol.exe /r"
"P17Helper"="Rundll32 P17.dll,P17Helper"
"UpdReg"="C:\\WINDOWS\\UpdReg.EXE"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"RemoteControl"="\"C:\\Program Files\\CyberLink DVD Solution\\PowerDVD\\PDVDServ.exe\""
"InCD"="C:\\Program Files\\Ahead\\InCD\\InCD.exe"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"LGODDFU"="\"C:\\Program Files\\lg_fwupdate\\fwupdate.exe\" blrun"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="G:\\iTunesHelper.exe"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"High Definition Audio Property Page Shortcut"="HDAShCut.exe"
"BluetoothAuthenticationAgent"="rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent"
"HP Software Update"="\"C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe\""
"HP Component Manager"="\"C:\\Program Files\\HP\\hpcoretech\\hpcmpmgr.exe\""
"UnlockerAssistant"="\"C:\\Program Files\\Unlocker\\UnlockerAssistant.exe\""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"Creative Detector"="C:\\Program Files\\Creative\\MediaSource\\Detector\\CTDetect.exe /R"
"NBJ"="\"C:\\Program Files\\Ahead\\Nero BackItUp\\NBJ.exe\""
"PowerBar"="\"C:\\Program Files\\CyberLink DVD Solution\\Multimedia Launcher\\PowerBar.exe\" /AtBootTime"
"msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
   Authentication Packages   REG_MULTI_SZ      msv1_0
   Security Packages   REG_MULTI_SZ      kerberosmsv1_0schannelwdigest
   Notification Packages   REG_MULTI_SZ      scecli

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\MCODS

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SharedAccess"=dword:00000002
"MpfService"=dword:00000002
"McSysmon"=dword:00000002
"McRedirector"=dword:00000002
"mcpromgr"=dword:00000002
"McODS"=dword:00000002
"McNASvc"=dword:00000002
"mcmscsvc"=dword:00000002
"mcmispupdmgr"=dword:00000003
"McAfee HackerWatch Service"=dword:00000002
"Emproxy"=dword:00000003
 
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter   REG_MULTI_SZ      HTTPFilter
LocalService   REG_MULTI_SZ      AlerterWebClientLmHostsRemoteRegistryupnphostSSDPSRV
NetworkService   REG_MULTI_SZ      DnsCache
DcomLaunch   REG_MULTI_SZ      DcomLaunchTermService
rpcss   REG_MULTI_SZ      RpcSs
imgsvc   REG_MULTI_SZ      StiSvc
termsvcs   REG_MULTI_SZ      TermService
bthsvcs   REG_MULTI_SZ      BthServ



Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\McDefragTask.job
C:\WINDOWS\tasks\McQcTask.job
C:\WINDOWS\tasks\WebReg 20070425142815.job
C:\WINDOWS\tasks\WebReg 20070428143347.job

********************************************************************

catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-04-30 19:54:03
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


********************************************************************

Completion time: 07-04-30 19:54:05
C:\ComboFix-quarantined-files.txt ... 07-04-30 19:54


3. LOGFILE FROM FRESH HIJACKTHIS IN NORMAL MODE
========================================

"Steve Hearn" - 07-04-30 19:52:30    Service Pack 2  
ComboFix 07-04-25.4V - Running from: "I:\steveh\"


(((((((((((((((((((((((((((((((   Files Created from 2007-03-28 to 2007-04-30  ))))))))))))))))))))))))))))))))))


2007-04-30 18:36   <DIR>   d--------   C:\Program Files\SDFix
2007-04-25 13:58   <DIR>   d--------   C:\DOCUME~1\ADMINI~1\APPLIC~1\SiteAdvisor
2007-04-25 13:42   <DIR>   d--------   C:\DOCUME~1\LOCALS~1\APPLIC~1\SiteAdvisor
2007-04-25 12:58   <DIR>   d--------   C:\Program Files\SiteAdvisor
2007-04-25 12:58   <DIR>   d--------   C:\DOCUME~1\STEVEH~1\APPLIC~1\SiteAdvisor
2007-04-25 12:58   <DIR>   d--------   C:\DOCUME~1\ALLUSE~1\APPLIC~1\SiteAdvisor
2007-04-25 12:57   71,496   --a------   C:\WINDOWS\system32\drivers\mfeavfk.sys
2007-04-25 12:57   37,480   --a------   C:\WINDOWS\system32\drivers\mfesmfk.sys
2007-04-25 12:57   34,184   --a------   C:\WINDOWS\system32\drivers\mfebopk.sys
2007-04-25 12:57   32,008   --a------   C:\WINDOWS\system32\drivers\mferkdk.sys
2007-04-25 12:57   170,408   --a------   C:\WINDOWS\system32\drivers\mfehidk.sys
2007-04-25 12:57   109,608   --a------   C:\WINDOWS\system32\drivers\Mpfp.sys
2007-04-25 12:57   <DIR>   d--------   C:\Program Files\McAfee.com
2007-04-25 12:57   <DIR>   d--------   C:\Program Files\McAfee
2007-04-25 12:57   <DIR>   d--------   C:\Program Files\Common Files\McAfee
2007-04-25 11:35   <DIR>   d--------   C:\DOCUME~1\ALLUSE~1\APPLIC~1\McAfee
2007-04-25 10:44   786,432   --ah-----   C:\DOCUME~1\ADMINI~1\NTUSER.DAT
2007-04-24 23:24   262,144   --a------   C:\DOCUME~1\ALLUSE~1\ntuser.dat
2007-04-18 18:24   91,476   --a------   C:\WINDOWS\system32\cent.exe
2007-04-17 22:09   <DIR>   d--------   C:\DOCUME~1\KATOWO~1\APPLIC~1\MySpace
2007-04-09 18:47   <DIR>   d--------   C:\DOCUME~1\STEVEH~1\APPLIC~1\MySpace
2007-04-09 12:58   <DIR>   d--------   C:\Program Files\MySpace
2007-04-03 19:55   5,315   --a------   C:\WINDOWS\system32\drivers\CVirtA.sys


((((((((((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-04-30 19:47   --------   d--------   C:\Program Files\lg_fwupdate
2007-04-25 14:28   104168   --a------   C:\WINDOWS\hpoins04.dat
2007-04-24 13:14   --------   d--------   C:\Program Files\msn messenger
2007-04-24 09:31   --------   d--------   C:\Program Files\messenger plus! live
2007-04-09 16:08   7168   --ahs----   C:\Program Files\thumbs.db
2007-04-03 19:55   --------   d--h-----   C:\Program Files\installshield installation information
2007-04-03 19:53   81   --a------   C:\Program Files\null
2007-03-25 03:00   --------   d--------   C:\Program Files\msxml 4.0
2007-03-23 19:48   --------   d--------   C:\Program Files\hp
2007-03-23 19:42   --------   d--------   C:\Program Files\hewlett-packard
2007-03-22 22:41   --------   d--------   C:\Program Files\guitar chords library 5.8 trial
2007-03-17 23:43   292864   --a------   C:\WINDOWS\system32\winsrv.dll
2007-03-09 01:36   577536   --a------   C:\WINDOWS\system32\user32.dll
2007-03-09 01:36   40960   --a------   C:\WINDOWS\system32\mf3216.dll
2007-03-09 01:36   281600   --a------   C:\WINDOWS\system32\gdi32.dll
2007-03-08 23:47   1843584   --a------   C:\WINDOWS\system32\win32k.sys
2007-02-11 21:23   501   --a------   C:\WINDOWS\ereg.dat
2007-02-06 06:17   185344   --a------   C:\WINDOWS\system32\upnphost.dll
2007-01-08 16:19   678   --a------   C:\Program Files\griffith remote access (vlink).pcf


((((((((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))
 
 
*Note* empty entries & legit default entries are not shown
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{02478D38-C3F9-4EFB-9B51-7695ECA05670}   C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}   C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
{089FD14D-132B-48FC-8861-0048AE113215}   C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}   C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
{7DB2D5A0-7241-4E79-B68D-6309F01C5231}   c:\program files\mcafee\virusscan\scriptcl.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6}   C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"CTSysVol"="C:\\Program Files\\Creative\\SBAudigy\\Surround Mixer\\CTSysVol.exe /r"
"P17Helper"="Rundll32 P17.dll,P17Helper"
"UpdReg"="C:\\WINDOWS\\UpdReg.EXE"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"RemoteControl"="\"C:\\Program Files\\CyberLink DVD Solution\\PowerDVD\\PDVDServ.exe\""
"InCD"="C:\\Program Files\\Ahead\\InCD\\InCD.exe"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"LGODDFU"="\"C:\\Program Files\\lg_fwupdate\\fwupdate.exe\" blrun"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="G:\\iTunesHelper.exe"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"High Definition Audio Property Page Shortcut"="HDAShCut.exe"
"BluetoothAuthenticationAgent"="rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent"
"HP Software Update"="\"C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe\""
"HP Component Manager"="\"C:\\Program Files\\HP\\hpcoretech\\hpcmpmgr.exe\""
"UnlockerAssistant"="\"C:\\Program Files\\Unlocker\\UnlockerAssistant.exe\""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"Creative Detector"="C:\\Program Files\\Creative\\MediaSource\\Detector\\CTDetect.exe /R"
"NBJ"="\"C:\\Program Files\\Ahead\\Nero BackItUp\\NBJ.exe\""
"PowerBar"="\"C:\\Program Files\\CyberLink DVD Solution\\Multimedia Launcher\\PowerBar.exe\" /AtBootTime"
"msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
   Authentication Packages   REG_MULTI_SZ      msv1_0
   Security Packages   REG_MULTI_SZ      kerberosmsv1_0schannelwdigest
   Notification Packages   REG_MULTI_SZ      scecli

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\MCODS

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SharedAccess"=dword:00000002
"MpfService"=dword:00000002
"McSysmon"=dword:00000002
"McRedirector"=dword:00000002
"mcpromgr"=dword:00000002
"McODS"=dword:00000002
"McNASvc"=dword:00000002
"mcmscsvc"=dword:00000002
"mcmispupdmgr"=dword:00000003
"McAfee HackerWatch Service"=dword:00000002
"Emproxy"=dword:00000003
 
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter   REG_MULTI_SZ      HTTPFilter
LocalService   REG_MULTI_SZ      AlerterWebClientLmHostsRemoteRegistryupnphostSSDPSRV
NetworkService   REG_MULTI_SZ      DnsCache
DcomLaunch   REG_MULTI_SZ      DcomLaunchTermService
rpcss   REG_MULTI_SZ      RpcSs
imgsvc   REG_MULTI_SZ      StiSvc
termsvcs   REG_MULTI_SZ      TermService
bthsvcs   REG_MULTI_SZ      BthServ



Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\McDefragTask.job
C:\WINDOWS\tasks\McQcTask.job
C:\WINDOWS\tasks\WebReg 20070425142815.job
C:\WINDOWS\tasks\WebReg 20070428143347.job

********************************************************************

catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-04-30 19:54:03
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


********************************************************************

Completion time: 07-04-30 19:54:05
C:\ComboFix-quarantined-files.txt ... 07-04-30 19:54
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Win XP DNS Problem
« Reply #6 on: April 30, 2007, 07:05:54 PM »
Glad to hear that you got back online, can you ensure that McAfee firewall is reenabled

You never posted a fresh hijackthis log, you posted the log from Combofix twice however  http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/wink.gif\' class=\'bbc_emoticon\' alt=\';)\' />

Can you do the following please, before I see a new hijackthis log

==Download [color=\"#FF0000\"]AVG Anti-Spyware 7.5[/color] (Ewido)
  • Save the installer to desktop
  • Double click the installer, select your language, and then select "OK"
  • Click NEXT>>>Select I Agree>>>NEXT>>>INSTALL
       
  • AVG will now install and afterwards click FINISH
       
  • AVG Anti-Spyware 7.5 should now Load
  • Click the Update tab at the top. Under Manual Update click Start update.
       
  • After the update finishes (the status bar at the bottom will display "Update successful")
  • Click on the Scanner tab at the top
       
  • Click the "Settings" tab and then change the recommended action under "How to Act" to Quarantine and ensure that "Automatically generate report after every scan" IS selected and
    "Only if Threats are found" IS NOT selected
CLOSE AVG-Antispyware for now, as we will need it later
An AVG icon will be placed in your system tray next to your clock, can you right on it and uncheck
"Resident Shield" , "Automatic updates" and "Start with Windows"

Reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.
Load AVG Anti-Spyware 7.5
  • Click on the Scanner tab at the top
       
  • Cick on Complete System Scan.
    This scan can take a while to run, let it run uninterrupted
     
  • When the scan is complete it will list any infections found on the left hand side.
  • Click the Apply all actions button. AVG Anti-Spyware will display "All actions have been applied" on the right hand side.
     
  • Click on "Save Report", then "Save Report As". This will create a text file. Make sure you know where to find this file  (like on the Desktop).
I will need to see this log later

Restart the computer back to Normal windows

Post back All the following please

1. Post the whole report from Avg Anti-Spyware
2. Post a fresh hijackthis log
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline steveh

  • Newbie
  • *
  • Posts: 8
  • Karma: +0/-0
    • View Profile
Win XP DNS Problem
« Reply #7 on: May 01, 2007, 07:41:33 AM »
Hi again Questolo -

Sorry about posting wrong log last time - must be going a bit crazy!

Have installed /run the AVG spyware as per your instructions, and then reran the hijackthis.

Note that I have current;y got the Windows Firewall enabled, but not the McAfee Firewall.
Let me know if this is a problem.

Thmx again for your help.


Steve




Here are the 2 log files.
===============================================
AVG SPYWARE LOG

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

 + Created at:   10:16:26 PM 1/05/2007

 + Scan result:   



C:\Program Files\SDFix\backups_old1\backups.zip/backups/ndis.sys -> Not-A-Virus.SpamTool.Win32.Agent.u : Cleaned.
C:\System Volume Information\_restore{7D29D243-B9D7-4E6C-84AA-463A50C0BC06}\RP319\A0084596.sys -> Not-A-Virus.SpamTool.Win32.Agent.u : Cleaned.
C:\System Volume Information\_restore{7D29D243-B9D7-4E6C-84AA-463A50C0BC06}\RP319\A0084604.sys -> Not-A-Virus.SpamTool.Win32.Agent.u : Cleaned.
:mozilla.659:C:\Documents and Settings\Steve Hearn\Application Data\Mozilla\Firefox\Profiles\6dmuzmek.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.100:C:\Documents and Settings\Steve Hearn\Application Data\Mozilla\Firefox\Profiles\6dmuzmek.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.101:C:\Documents and Settings\Steve Hearn\Application Data\Mozilla\Firefox\Profiles\6dmuzmek.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.102:C:\Documents and Settings\Steve Hearn\Application Data\Mozilla\Firefox\Profiles\6dmuzmek.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.103:C:\Documents and Settings\Steve Hearn\Application Data\Mozilla\Firefox\Profiles\6dmuzmek.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.104:C:\Documents and Settings\Steve Hearn\Application Data\Mozilla\Firefox\Profiles\6dmuzmek.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.105:C:\Documents and Settings\Steve Hearn\Application Data\Mozilla\Firefox\Profiles\6dmuzmek.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.106:C:\Documents and Settings\Steve Hearn\Application Data\Mozilla\Firefox\Profiles\6dmuzmek.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.107:C:\Documents and Settings\Steve Hearn\Application Data\Mozilla\Firefox\Profiles\6dmuzmek.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.108:C:\Documents and Settings\Steve Hearn\Application Data\Mozilla\Firefox\Profiles\6dmuzmek.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.190:C:\Documents and Settings\Steve Hearn\Application Data\Mozilla\Firefox\Profiles\6dmuzmek.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.248:C:\Documents and Settings\Steve Hearn\Application Data\Mozilla\Firefox\Profiles\6dmuzmek.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.274:C:\Documents and Settings\Steve Hearn\Application Data\Mozilla\Firefox\Profiles\6dmuzmek.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.275:C:\Documents and Settings\Steve Hearn\Application Data\Mozilla\Firefox\Profiles\6dmuzmek.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.491:C:\Documents and Settings\Steve Hearn\Application Data\Mozilla\Firefox\Profiles\6dmuzmek.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.87:C:\Documents and Settings\KATO WORK\Application Data\Mozilla\Firefox\Profiles\wvkvy4oj.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.88:C:\Documents and Settings\KATO WORK\Application Data\Mozilla\Firefox\Profiles\wvkvy4oj.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.89:C:\Documents and Settings\KATO WORK\Application Data\Mozilla\Firefox\Profiles\wvkvy4oj.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.95:C:\Documents and Settings\Steve Hearn\Application Data\Mozilla\Firefox\Profiles\6dmuzmek.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.96:C:\Documents and Settings\Steve Hearn\Application Data\Mozilla\Firefox\Profiles\6dmuzmek.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.97:C:\Documents and Settings\Steve Hearn\Application Data\Mozilla\Firefox\Profiles\6dmuzmek.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.98:C:\Documents and Settings\Steve Hearn\Application Data\Mozilla\Firefox\Profiles\6dmuzmek.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.99:C:\Documents and Settings\Steve Hearn\Application Data\Mozilla\Firefox\Profiles\6dmuzmek.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.750:C:\Documents and Settings\Steve Hearn\Application Data\Mozilla\Firefox\Profiles\6dmuzmek.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.751:C:\Documents and Settings\Steve Hearn\Application Data\Mozilla\Firefox\Profiles\6dmuzmek.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.142:C:\Documents and Settings\Steve Hearn\Application Data\Mozilla\Firefox\Profiles\6dmuzmek.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.144:C:\Documents and Settings\Steve Hearn\Application Data\Mozilla\Firefox\Profiles\6dmuzmek.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.145:C:\Documents and Settings\Steve Hearn\Application Data\Mozilla\Firefox\Profiles\6dmuzmek.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.146:C:\Documents and Settings\Steve Hearn\Application Data\Mozilla\Firefox\Profiles\6dmuzmek.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.147:C:\Documents and Settings\Steve Hearn\Application Data\Mozilla\Firefox\Profiles\6dmuzmek.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.148:C:\Documents and Settings\Steve Hearn\Application Data\Mozilla\Firefox\Profiles\6dmuzmek.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.149:C:\Documents and Settings\Steve Hearn\Application Data\Mozilla\Firefox\Profiles\6dmuzmek.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.161:C:\Documents and Settings\Steve Hearn\Application Data\Mozilla\Firefox\Profiles\6dmuzmek.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.162:C:\Documents and Settings\Steve Hearn\Application Data\Mozilla\Firefox\Profiles\6dmuzmek.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.37:C:\Documents and Settings\KATO WORK\Application Data\Mozilla\Firefox\Profiles\wvkvy4oj.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.38:C:\Documents and Settings\KATO WORK\Application Data\Mozilla\Firefox\Profiles\wvkvy4oj.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.67:C:\Documents and Settings\Steve Hearn\Application Data\Mozilla\Firefox\Profiles\6dmuzmek.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.68:C:\Documents and Settings\Steve Hearn\Application Data\Mozilla\Firefox\Profiles\6dmuzmek.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.70:C:\Documents and Settings\Steve Hearn\Application Data\Mozilla\Firefox\Profiles\6dmuzmek.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.71:C:\Documents and Settings\Steve Hearn\Application Data\Mozilla\Firefox\Profiles\6dmuzmek.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.72:C:\Documents and Settings\Steve Hearn\Application Data\Mozilla\Firefox\Profiles\6dmuzmek.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.57:C:\Documents and Settings\KATO WORK\Application Data\Mozilla\Firefox\Profiles\wvkvy4oj.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.84:C:\Documents and Settings\Steve Hearn\Application Data\Mozilla\Firefox\Profiles\6dmuzmek.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.151:C:\Documents and Settings\Steve Hearn\Application Data\Mozilla\Firefox\Profiles\6dmuzmek.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.152:C:\Documents and Settings\Steve Hearn\Application Data\Mozilla\Firefox\Profiles\6dmuzmek.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.153:C:\Documents and Settings\Steve Hearn\Application Data\Mozilla\Firefox\Profiles\6dmuzmek.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.204:C:\Documents and Settings\Steve Hearn\Application Data\Mozilla\Firefox\Profiles\6dmuzmek.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.205:C:\Documents and Settings\Steve Hearn\Application Data\Mozilla\Firefox\Profiles\6dmuzmek.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.6:C:\Documents and Settings\KATO WORK\Application Data\Mozilla\Firefox\Profiles\wvkvy4oj.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.7:C:\Documents and Settings\KATO WORK\Application Data\Mozilla\Firefox\Profiles\wvkvy4oj.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.8:C:\Documents and Settings\KATO WORK\Application Data\Mozilla\Firefox\Profiles\wvkvy4oj.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.564:C:\Documents and Settings\Steve Hearn\Application Data\Mozilla\Firefox\Profiles\6dmuzmek.default\cookies.txt -> TrackingCookie.Clickbank : Cleaned.
:mozilla.170:C:\Documents and Settings\Steve Hearn\Application Data\Mozilla\Firefox\Profiles\6dmuzmek.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.678:C:\Documents and Settings\Steve Hearn\Application Data\Mozilla\Firefox\Profiles\6dmuzmek.default\cookies.txt -> TrackingCookie.Dealtime : Cleaned.
:mozilla.143:C:\Documents and Settings\Steve Hearn\Application Data\Mozilla\Firefox\Profiles\6dmuzmek.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.17:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\h7erotxz.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.439:C:\Documents and Settings\Steve Hearn\Application Data\Mozilla\Firefox\Profiles\6dmuzmek.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.127:C:\Documents and Settings\Steve Hearn\Application Data\Mozilla\Firefox\Profiles\6dmuzmek.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.128:C:\Documents and Settings\Steve Hearn\Application Data\Mozilla\Firefox\Profiles\6dmuzmek.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.129:C:\Documents and Settings\Steve Hearn\Application Data\Mozilla\Firefox\Profiles\6dmuzmek.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.130:C:\Documents and Settings\Steve Hearn\Application Data\Mozilla\Firefox\Profiles\6dmuzmek.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.131:C:\Documents and Settings\Steve Hearn\Application Data\Mozilla\Firefox\Profiles\6dmuzmek.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.132:C:\Documents and Settings\Steve Hearn\Application Data\Mozilla\Firefox\Profiles\6dmuzmek.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.197:C:\Documents and Settings\Steve Hearn\Application Data\Mozilla\Firefox\Profiles\6dmuzmek.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.198:C:\Documents and Settings\Steve Hearn\Application Data\Mozilla\Firefox\Profiles\6dmuzmek.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.199:C:\Documents and Settings\Steve Hearn\Application Data\Mozilla\Firefox\Profiles\6dmuzmek.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.134:C:\Documents and Settings\Steve Hearn\Application Data\Mozilla\Firefox\Profiles\6dmuzmek.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.139:C:\Documents and Settings\Steve Hearn\Application Data\Mozilla\Firefox\Profiles\6dmuzmek.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.141:C:\Documents and Settings\Steve Hearn\Application Data\Mozilla\Firefox\Profiles\6dmuzmek.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.30:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\h7erotxz.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.31:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\h7erotxz.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.304:C:\Documents and Settings\Steve Hearn\Application Data\Mozilla\Firefox\Profiles\6dmuzmek.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.339:C:\Documents and Settings\Steve Hearn\Application Data\Mozilla\Firefox\Profiles\6dmuzmek.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.180:C:\Documents and Settings\Steve Hearn\Application Data\Mozilla\Firefox\Profiles\6dmuzmek.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.181:C:\Documents and Settings\Steve Hearn\Application Data\Mozilla\Firefox\Profiles\6dmuzmek.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.182:C:\Documents and Settings\Steve Hearn\Application Data\Mozilla\Firefox\Profiles\6dmuzmek.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.490:C:\Documents and Settings\Steve Hearn\Application Data\Mozilla\Firefox\Profiles\6dmuzmek.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.636:C:\Documents and Settings\Steve Hearn\Application Data\Mozilla\Firefox\Profiles\6dmuzmek.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.776:C:\Documents and Settings\Steve Hearn\Application Data\Mozilla\Firefox\Profiles\6dmuzmek.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.777:C:\Documents and Settings\Steve Hearn\Application Data\Mozilla\Firefox\Profiles\6dmuzmek.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.791:C:\Documents and Settings\Steve Hearn\Application Data\Mozilla\Firefox\Profiles\6dmuzmek.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.495:C:\Documents and Settings\Steve Hearn\Application Data\Mozilla\Firefox\Profiles\6dmuzmek.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned.
:mozilla.555:C:\Documents and Settings\Steve Hearn\Application Data\Mozilla\Firefox\Profiles\6dmuzmek.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned.
:mozilla.597:C:\Documents and Settings\Steve Hearn\Application Data\Mozilla\Firefox\Profiles\6dmuzmek.default\cookies.txt -> TrackingCookie.Hotlog : Cleaned.
:mozilla.176:C:\Documents and Settings\Steve Hearn\Application Data\Mozilla\Firefox\Profiles\6dmuzmek.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.177:C:\Documents and Settings\Steve Hearn\Application Data\Mozilla\Firefox\Profiles\6dmuzmek.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.699:C:\Documents and Settings\Steve Hearn\Application Data\Mozilla\Firefox\Profiles\6dmuzmek.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.700:C:\Documents and Settings\Steve Hearn\Application Data\Mozilla\Firefox\Profiles\6dmuzmek.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.701:C:\Documents and Settings\Steve Hearn\Application Data\Mozilla\Firefox\Profiles\6dmuzmek.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.200:C:\Documents and Settings\Steve Hearn\Application Data\Mozilla\Firefox\Profiles\6dmuzmek.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.7:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\h7erotxz.default\cookies.txt -> TrackingCookie.Myaffiliateprogram : Cleaned.
:mozilla.15:C:\Documents and Settings\Steve Hearn\Application Data\Mozilla\Firefox\Profiles\6dmuzmek.default\cookies.txt -> TrackingCookie.Netflame : Cleaned.
:mozilla.314:C:\Documents and Settings\Steve Hearn\Application Data\Mozilla\Firefox\Profiles\6dmuzmek.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.315:C:\Documents and Settings\Steve Hearn\Application Data\Mozilla\Firefox\Profiles\6dmuzmek.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.316:C:\Documents and Settings\Steve Hearn\Application Data\Mozilla\Firefox\Profiles\6dmuzmek.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.14:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\h7erotxz.default\cookies.txt -> TrackingCookie.Paypal : Cleaned.
:mozilla.511:C:\Documents and Settings\Steve Hearn\Application Data\Mozilla\Firefox\Profiles\6dmuzmek.default\cookies.txt -> TrackingCookie.Paypal : Cleaned.
:mozilla.472:C:\Documents and Settings\Steve Hearn\Application Data\Mozilla\Firefox\Profiles\6dmuzmek.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.473:C:\Documents and Settings\Steve Hearn\Application Data\Mozilla\Firefox\Profiles\6dmuzmek.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.474:C:\Documents and Settings\Steve Hearn\Application Data\Mozilla\Firefox\Profiles\6dmuzmek.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.475:C:\Documents and Settings\Steve Hearn\Application Data\Mozilla\Firefox\Profiles\6dmuzmek.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.613:C:\Documents and Settings\Steve Hearn\Application Data\Mozilla\Firefox\Profiles\6dmuzmek.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.614:C:\Documents and Settings\Steve Hearn\Application Data\Mozilla\Firefox\Profiles\6dmuzmek.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.279:C:\Documents and Settings\Steve Hearn\Application Data\Mozilla\Firefox\Profiles\6dmuzmek.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.280:C:\Documents and Settings\Steve Hearn\Application Data\Mozilla\Firefox\Profiles\6dmuzmek.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.281:C:\Documents and Settings\Steve Hearn\Application Data\Mozilla\Firefox\Profiles\6dmuzmek.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.282:C:\Documents and Settings\Steve Hearn\Application Data\Mozilla\Firefox\Profiles\6dmuzmek.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.283:C:\Documents and Settings\Steve Hearn\Application Data\Mozilla\Firefox\Profiles\6dmuzmek.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.44:C:\Documents and Settings\KATO WORK\Application Data\Mozilla\Firefox\Profiles\wvkvy4oj.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.45:C:\Documents and Settings\KATO WORK\Application Data\Mozilla\Firefox\Profiles\wvkvy4oj.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.57:C:\Documents and Settings\Steve Hearn\Application Data\Mozilla\Firefox\Profiles\6dmuzmek.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.58:C:\Documents and Settings\Steve Hearn\Application Data\Mozilla\Firefox\Profiles\6dmuzmek.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.59:C:\Documents and Settings\Steve Hearn\Application Data\Mozilla\Firefox\Profiles\6dmuzmek.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.60:C:\Documents and Settings\Steve Hearn\Application Data\Mozilla\Firefox\Profiles\6dmuzmek.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.61:C:\Documents and Settings\Steve Hearn\Application Data\Mozilla\Firefox\Profiles\6dmuzmek.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.62:C:\Documents and Settings\Steve Hearn\Application Data\Mozilla\Firefox\Profiles\6dmuzmek.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.63:C:\Documents and Settings\Steve Hearn\Application Data\Mozilla\Firefox\Profiles\6dmuzmek.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.64:C:\Documents and Settings\Steve Hearn\Application Data\Mozilla\Firefox\Profiles\6dmuzmek.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.65:C:\Documents and Settings\Steve Hearn\Application Data\Mozilla\Firefox\Profiles\6dmuzmek.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.66:C:\Documents and Settings\Steve Hearn\Application Data\Mozilla\Firefox\Profiles\6dmuzmek.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.397:C:\Documents and Settings\Steve Hearn\Application Data\Mozilla\Firefox\Profiles\6dmuzmek.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.398:C:\Documents and Settings\Steve Hearn\Application Data\Mozilla\Firefox\Profiles\6dmuzmek.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.399:C:\Documents and Settings\Steve Hearn\Application Data\Mozilla\Firefox\Profiles\6dmuzmek.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.400:C:\Documents and Settings\Steve Hearn\Application Data\Mozilla\Firefox\Profiles\6dmuzmek.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.401:C:\Documents and Settings\Steve Hearn\Application Data\Mozilla\Firefox\Profiles\6dmuzmek.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.402:C:\Documents and Settings\Steve Hearn\Application Data\Mozilla\Firefox\Profiles\6dmuzmek.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.72:C:\Documents and Settings\KATO WORK\Application Data\Mozilla\Firefox\Profiles\wvkvy4oj.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.73:C:\Documents and Settings\KATO WORK\Application Data\Mozilla\Firefox\Profiles\wvkvy4oj.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.74:C:\Documents and Settings\KATO WORK\Application Data\Mozilla\Firefox\Profiles\wvkvy4oj.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.75:C:\Documents and Settings\KATO WORK\Application Data\Mozilla\Firefox\Profiles\wvkvy4oj.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.76:C:\Documents and Settings\KATO WORK\Application Data\Mozilla\Firefox\Profiles\wvkvy4oj.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.77:C:\Documents and Settings\KATO WORK\Application Data\Mozilla\Firefox\Profiles\wvkvy4oj.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.351:C:\Documents and Settings\Steve Hearn\Application Data\Mozilla\Firefox\Profiles\6dmuzmek.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.352:C:\Documents and Settings\Steve Hearn\Application Data\Mozilla\Firefox\Profiles\6dmuzmek.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.353:C:\Documents and Settings\Steve Hearn\Application Data\Mozilla\Firefox\Profiles\6dmuzmek.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.354:C:\Documents and Settings\Steve Hearn\Application Data\Mozilla\Firefox\Profiles\6dmuzmek.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.450:C:\Documents and Settings\Steve Hearn\Application Data\Mozilla\Firefox\Profiles\6dmuzmek.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.451:C:\Documents and Settings\Steve Hearn\Application Data\Mozilla\Firefox\Profiles\6dmuzmek.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.452:C:\Documents and Settings\Steve Hearn\Application Data\Mozilla\Firefox\Profiles\6dmuzmek.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.453:C:\Documents and Settings\Steve Hearn\Application Data\Mozilla\Firefox\Profiles\6dmuzmek.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.656:C:\Documents and Settings\Steve Hearn\Application Data\Mozilla\Firefox\Profiles\6dmuzmek.default\cookies.txt -> TrackingCookie.Starware : Cleaned.
:mozilla.657:C:\Documents and Settings\Steve Hearn\Application Data\Mozilla\Firefox\Profiles\6dmuzmek.default\cookies.txt -> TrackingCookie.Starware : Cleaned.
:mozilla.658:C:\Documents and Settings\Steve Hearn\Application Data\Mozilla\Firefox\Profiles\6dmuzmek.default\cookies.txt -> TrackingCookie.Starware : Cleaned.
:mozilla.417:C:\Documents and Settings\Steve Hearn\Application Data\Mozilla\Firefox\Profiles\6dmuzmek.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.418:C:\Documents and Settings\Steve Hearn\Application Data\Mozilla\Firefox\Profiles\6dmuzmek.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.419:C:\Documents and Settings\Steve Hearn\Application Data\Mozilla\Firefox\Profiles\6dmuzmek.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.420:C:\Documents and Settings\Steve Hearn\Application Data\Mozilla\Firefox\Profiles\6dmuzmek.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.421:C:\Documents and Settings\Steve Hearn\Application Data\Mozilla\Firefox\Profiles\6dmuzmek.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.422:C:\Documents and Settings\Steve Hearn\Application Data\Mozilla\Firefox\Profiles\6dmuzmek.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.423:C:\Documents and Settings\Steve Hearn\Application Data\Mozilla\Firefox\Profiles\6dmuzmek.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.95:C:\Documents and Settings\KATO WORK\Application Data\Mozilla\Firefox\Profiles\wvkvy4oj.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.135:C:\Documents and Settings\Steve Hearn\Application Data\Mozilla\Firefox\Profiles\6dmuzmek.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.136:C:\Documents and Settings\Steve Hearn\Application Data\Mozilla\Firefox\Profiles\6dmuzmek.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.137:C:\Documents and Settings\Steve Hearn\Application Data\Mozilla\Firefox\Profiles\6dmuzmek.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.138:C:\Documents and Settings\Steve Hearn\Application Data\Mozilla\Firefox\Profiles\6dmuzmek.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.140:C:\Documents and Settings\Steve Hearn\Application Data\Mozilla\Firefox\Profiles\6dmuzmek.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.624:C:\Documents and Settings\Steve Hearn\Application Data\Mozilla\Firefox\Profiles\6dmuzmek.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.16:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\h7erotxz.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.16:C:\Documents and Settings\Steve Hearn\Application Data\Mozilla\Firefox\Profiles\6dmuzmek.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.17:C:\Documents and Settings\Steve Hearn\Application Data\Mozilla\Firefox\Profiles\6dmuzmek.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.682:C:\Documents and Settings\Steve Hearn\Application Data\Mozilla\Firefox\Profiles\6dmuzmek.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned.
:mozilla.683:C:\Documents and Settings\Steve Hearn\Application Data\Mozilla\Firefox\Profiles\6dmuzmek.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned.
:mozilla.232:C:\Documents and Settings\Steve Hearn\Application Data\Mozilla\Firefox\Profiles\6dmuzmek.default\cookies.txt -> TrackingCookie.Webtrends : Cleaned.
:mozilla.504:C:\Documents and Settings\Steve Hearn\Application Data\Mozilla\Firefox\Profiles\6dmuzmek.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.781:C:\Documents and Settings\Steve Hearn\Application Data\Mozilla\Firefox\Profiles\6dmuzmek.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.782:C:\Documents and Settings\Steve Hearn\Application Data\Mozilla\Firefox\Profiles\6dmuzmek.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.596:C:\Documents and Settings\Steve Hearn\Application Data\Mozilla\Firefox\Profiles\6dmuzmek.default\cookies.txt -> TrackingCookie.Yadro : Cleaned.
:mozilla.598:C:\Documents and Settings\Steve Hearn\Application Data\Mozilla\Firefox\Profiles\6dmuzmek.default\cookies.txt -> TrackingCookie.Yadro : Cleaned.
:mozilla.22:C:\Documents and Settings\Steve Hearn\Application Data\Mozilla\Firefox\Profiles\6dmuzmek.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.23:C:\Documents and Settings\Steve Hearn\Application Data\Mozilla\Firefox\Profiles\6dmuzmek.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.24:C:\Documents and Settings\Steve Hearn\Application Data\Mozilla\Firefox\Profiles\6dmuzmek.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.25:C:\Documents and Settings\Steve Hearn\Application Data\Mozilla\Firefox\Profiles\6dmuzmek.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.31:C:\Documents and Settings\KATO WORK\Application Data\Mozilla\Firefox\Profiles\wvkvy4oj.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.32:C:\Documents and Settings\KATO WORK\Application Data\Mozilla\Firefox\Profiles\wvkvy4oj.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.33:C:\Documents and Settings\KATO WORK\Application Data\Mozilla\Firefox\Profiles\wvkvy4oj.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.34:C:\Documents and Settings\KATO WORK\Application Data\Mozilla\Firefox\Profiles\wvkvy4oj.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.35:C:\Documents and Settings\KATO WORK\Application Data\Mozilla\Firefox\Profiles\wvkvy4oj.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.36:C:\Documents and Settings\KATO WORK\Application Data\Mozilla\Firefox\Profiles\wvkvy4oj.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.392:C:\Documents and Settings\Steve Hearn\Application Data\Mozilla\Firefox\Profiles\6dmuzmek.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.393:C:\Documents and Settings\Steve Hearn\Application Data\Mozilla\Firefox\Profiles\6dmuzmek.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.394:C:\Documents and Settings\Steve Hearn\Application Data\Mozilla\Firefox\Profiles\6dmuzmek.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.395:C:\Documents and Settings\Steve Hearn\Application Data\Mozilla\Firefox\Profiles\6dmuzmek.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
C:\System Volume Information\_restore{7D29D243-B9D7-4E6C-84AA-463A50C0BC06}\RP312\A0039057.exe -> Worm.Zhelatin.da : Cleaned.
C:\System Volume Information\_restore{7D29D243-B9D7-4E6C-84AA-463A50C0BC06}\RP314\A0047059.exe -> Worm.Zhelatin.dc : Cleaned.


::Report end

================================================================

Then rebooted to normal mode and ran HIJACKTHIS


Logfile of HijackThis v1.99.1
Scan saved at 10:28:22 PM, on 1/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\lg_fwupdate\fwupdate.exe
C:\Program Files\QuickTime\qttask.exe
G:\iTunesHelper.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
G:\bin\iPodService.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HijackThis\HijackThis.exe

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LGODDFU] "C:\Program Files\lg_fwupdate\fwupdate.exe" blrun
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] G:\iTunesHelper.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [PowerBar] "C:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe" /AtBootTime
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{5DB506DE-3A99-4419-AF9D-174AE1867EFF}: NameServer = 192.168.1.254
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - G:\bin\iPodService.exe
O23 - Service: WinFast® Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Win XP DNS Problem
« Reply #8 on: May 01, 2007, 08:54:53 AM »
I'm just on my way to work, in the meantime, can you do the following
Delete this file if found
C:\WINDOWS\system32\spoolsvv.exe <-this file, NOTICE the spelling, DO NOT delete spoolsv.exe as it is a needed file
take note of the extra "v" in the bad file

In addition, can you do the following
Can you go to either of these links
http://virusscan.jotti.org/
OR
http://www.virustotal.com/flash/index_en.html

Use the browse button and navigate to the file on your harddrive
C:\Documents and Settings\Kato\Desktop\d3.exe <-this file

Right click on the file,  and choose Select>>or double click on it
Then use the Submit button
Let it finish scanning
Could you post back the results of the scan back here please
Do the same thing with the next one too
C:\WINDOWS\system32\cent.exe <-this file

Did you fully uninstall McAfee's?
It's not safe being online without proper AV protection
Do you need a free solution?
« Last Edit: May 01, 2007, 08:55:34 AM by guestolo »
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline steveh

  • Newbie
  • *
  • Posts: 8
  • Karma: +0/-0
    • View Profile
Win XP DNS Problem
« Reply #9 on: May 03, 2007, 01:11:32 AM »
Hello Questolo

The 3 files that you asked me to examine (spoolsvv, d3, cent) do not appear
to be on the system.

The system appears to be reasonably stable at present.

To answer your other question re firewalls etc..
You are right- I had deinstalled Mcafee.

Currently I have:

AVG Anti-Virus
AVG Anti Spyware
Windows Firewall + I have now enabled the firewall on my ADSL router.

If you can recommend any other free/low-cost protection I would appreciate it.


Steve

------------------------------------


[quote name=\'guestolo\' post=\'321161\' date=\'May 1 2007, 11:54 PM\']I'm just on my way to work, in the meantime, can you do the following
Delete this file if found
C:\WINDOWS\system32\spoolsvv.exe <-this file, NOTICE the spelling, DO NOT delete spoolsv.exe as it is a needed file
take note of the extra "v" in the bad file

In addition, can you do the following
Can you go to either of these links
http://virusscan.jotti.org/
OR
http://www.virustotal.com/flash/index_en.html

Use the browse button and navigate to the file on your harddrive
C:\Documents and Settings\Kato\Desktop\d3.exe <-this file

Right click on the file,  and choose Select>>or double click on it
Then use the Submit button
Let it finish scanning
Could you post back the results of the scan back here please
Do the same thing with the next one too
C:\WINDOWS\system32\cent.exe <-this file

Did you fully uninstall McAfee's?
It's not safe being online without proper AV protection
Do you need a free solution?[/quote]
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Win XP DNS Problem
« Reply #10 on: May 06, 2007, 09:14:45 AM »
Sorry for the delay, if you have recently installed AVG AntiVirus, it may have taken care of a couple files for you, that's why you can't find them

Can I see one last hijackthis log and then I'll just suggest some final recommendations
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline steveh

  • Newbie
  • *
  • Posts: 8
  • Karma: +0/-0
    • View Profile
Win XP DNS Problem
« Reply #11 on: May 11, 2007, 06:48:21 PM »
Hello again questolo

Sorry for delay in this - have been out of town for a while...

As you requested here is a current hijackthis log..

Appreciate any final recommendations etc ..

Thnx again for all your help

Steve
---------------------------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 9:43:43 AM, on 12/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\lg_fwupdate\fwupdate.exe
C:\Program Files\QuickTime\qttask.exe
G:\iTunesHelper.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
G:\bin\iPodService.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe
C:\Program Files\HijackThis\HijackThis.exe

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LGODDFU] "C:\Program Files\lg_fwupdate\fwupdate.exe" blrun
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] G:\iTunesHelper.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [PowerBar] "C:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe" /AtBootTime
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{5DB506DE-3A99-4419-AF9D-174AE1867EFF}: NameServer = 192.168.1.254
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - G:\bin\iPodService.exe
O23 - Service: WinFast® Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Win XP DNS Problem
« Reply #12 on: May 12, 2007, 12:20:06 PM »
Can you do the following
Go to Start -> Run -> type  regedit
Hit OK
DO EXACTLY as posted in the registry
In the Registry Editor, navigate to the following key (use the "+" symbols in the left panel to expand the tree entries):

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
Left click to HIGHLIGHT List on the left

In the right panel, locate the following:

C:\WINDOWS\Explorer.EXE

Right click on the above and select Modify. Change the Value Data from:
C:\WINDOWS\Explorer.EXE:*:Enabled:Explorer

To:
C:\WINDOWS\Explorer.EXE:*:Disabled:Explorer

Then Right click on each of the following
C:\Documents and Settings\Kato\Desktop\d3.exe
C:\WINDOWS\system32\spoolsvv.exe
Choose DELETE on the above 2
Exit the Registry Editor.

[color=\"blue\"]Your Java Runtime Environment is out of date.[/color] Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

[color=\"blue\"]Updating Java:[/color]
  • Download the latest version of   Java(tm) SE Runtime Environment 6 Update 1.
  • Scroll down to where it says "Java Runtime Environment (JRE) 6u1, The Java SE Runtime Environment (JRE) allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Check the box that says: "Accept License Agreement[/i]".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation, Multi-language  and save it to your desktop (13.16 MB).
  • Close any programs you may have running - especially any web browsers.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
Don't install the new version yet, instead
Do a "System scan only" with Hijackthis and put a check next to these entries:

O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)


After you have ticked the above entries, close All other open windows
Including this one
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis

Reboot your computer
Install the latest version of Java

If everything is running ok
Go to START>>All Programs>>Accessories>>System Tools>>System Restore
Select>>Create a New restore point
Give it a name and click Create
When that's done

Go to START>>RUN>>type the following
cleanmgr
Hit OK
Let if finish calculating

Select the More Options tab
and click Cleanup.. under 'System Restore'
This will clear all later restore points except for the one you just made

Ok the prompts, it may take a few seconds to remove old restore points
Ok again after it's ready and let it finish cleaning


I would add a bit more protection to this computer
Install
SpywareBlaster 3.5.1 by JavaCool  
    *Will block bad ActiveX Controls
    *Block Malevolent cookies in Internet Explorer and Firefox
    *Restrict actions of potentially dangerous sites in Internet Explorer
After installation, Check for updates
After updating, select "Protection" on the Left
Then select "Enable all Protection"
"Check for updates every couple of weeks"
after every update just simply click the "enable protection on all unprotected items"

Hope that helps, let me know how things are running and I'll lock this topic
« Last Edit: May 12, 2007, 12:23:16 PM by guestolo »
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline steveh

  • Newbie
  • *
  • Posts: 8
  • Karma: +0/-0
    • View Profile
Win XP DNS Problem
« Reply #13 on: May 20, 2007, 07:07:43 AM »
Hello Guestolo


Did most of your recommendations - a couple of queries.

1. REGEDIT
------------
When I went through the regedit procedure as advised, the  modules you identified were not present.

C:\WINDOWS\Explorer.EXE

C:\Documents and Settings\Kato\Desktop\d3.exe
C:\WINDOWS\system32\spoolsvv.exe

It is a while since you looked at my log so I guess things may have changed in the interim?


2. JAVA
--------

Did the Java upgrade no problems


3. SPYWAREBLASTER
-----------------------

Doing the install of spywareblaster I get the following.

c:\\windows\system32\MSINET.OCX

Error occurred trying to replace existing file.
Delete File failed code 5
Access Denied.

I aborted the install at that point.



Steve
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Win XP DNS Problem
« Reply #14 on: May 22, 2007, 07:44:10 PM »
Sorry for the delay
It's good you didn't find those entries in the registry

About SpywareBlaster
Please see this link
http://www.javacoolsoftware.info/kb/idx/14/049/article/
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Win XP DNS Problem
« Reply #15 on: June 09, 2007, 04:50:18 PM »
Problems appear resolved, I'll lock this topic
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Pages: [1]
« previous next »