scads of viruses!

Question

Rumbleman 0 Newbie Poster

17 Years Ago

my problemss astarted by the advanced view folder tools dissapearing and then avg started spouting virus warnings at me mostly trojans and ones that claimed they were "not-a-virus:adware.win32.virtumonde.id" . Now my computer wint even stay running and its slow when it does run.
my HJT file is as follows and if i can make my computer runlong enough to get a virus scan file ill post it after.

Logfile of HijackThis v1.99.1
Scan saved at 5:13:03 PM, on 03/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\ZoneLabs\vsmon.exe
E:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe
E:\WINDOWS\system32\Ati2evxx.exe
C:\xoblite_bb3_rc1\Blackbox.exe
E:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
E:\WINDOWS\ATKKBService.exe
E:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
E:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
E:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
E:\WINDOWS\system32\taskswitch.exe
E:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
E:\Program Files\Microsoft IntelliPoint\point32.exe
E:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
E:\WINDOWS\system32\wuauclt.exe
E:\WINDOWS\system32\wscntfy.exe
E:\Program Files\MSN Messenger\msnmsgr.exe
E:\Program Files\Messenger\msmsgs.exe
E:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
E:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
E:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
E:\Program Files\MSN Messenger\usnsvc.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Program Files\Maxthon\Maxthon.exe
E:\PROGRA~1\Grisoft\AVGFRE~1\avgvv.exe
E:\Program Files\Hijackthis\HijackThis.exe
E:\WINDOWS\system32\ZoneLabs\UpdClient.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.shaw.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://start.shaw.ca/start/enca/addons/search/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer Provided by SHAW Internet
O2 - BHO: (no name) - {182B90A3-F372-438A-800C-6814B4DE417B} - E:\WINDOWS\system32\rqrropq.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [AVG7_CC] E:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [CoolSwitch] E:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [ATIPTA] E:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [IntelliPoint] "E:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "E:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [MessengerPlus3] "E:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "E:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "E:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Startup: Yahoo! Widget Engine.lnk = E:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - E:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - E:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: mljgd - E:\WINDOWS\system32\mljgd.dll (file missing)
O20 - Winlogon Notify: pmnnl - E:\WINDOWS\System32\pmnnl.dll (file missing)
O20 - Winlogon Notify: rqrropq - E:\WINDOWS\SYSTEM32\rqrropq.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - E:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - E:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - E:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - E:\WINDOWS\ATKKBService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - E:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - E:\WINDOWS\system32\ZoneLabs\vsmon.exe

windows-virus

2 Contributors
28 Replies
156 Views
1 Month Discussion Span
Latest Post 16 Years Ago Latest Post by gerbil

All 28 Replies

gerbil 216 Industrious Poster

17 Years Ago

Heya, rumbleman....
Please download VundoFix.exe to your desktop from http://www.atribune.org/ccount/click.php?id=4
Double-click VundoFix.exe to run it, and click the Scan for Vundo button.
When the scan completes click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files - click YES
Your desktop will then go blank as the process of removing Vundo starts.
When completed it will prompt that it will shutdown your computer - click OK.
Restart your computer, start HijackThis and press Scan Only. Place checks against the following entries if they exist, and press Fix Checked

O2 - BHO: (no name) - {182B90A3-F372-438A-800C-6814B4DE417B} - E:\WINDOWS\system32\rqrropq.dll
O11 - Options group: [INTERNATIONAL] International*
O20 - Winlogon Notify: mljgd - E:\WINDOWS\system32\mljgd.dll (file missing)
O20 - Winlogon Notify: pmnnl - E:\WINDOWS\System32\pmnnl.dll (file missing
O20 - Winlogon Notify: rqrropq - E:\WINDOWS\SYSTEM32\rqrropq.dll

--Check this one also only if you do not want that google search page:-
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://start.shaw.ca/start/enca/addons/search/

--This one is just an updater - it is running every time you start your sys, and a piece of it stays in memory. It aint necessary to run it like this cos you can do it manually once a month or so. Including this one in the checkmark list only stops it auto starting every time, the pgm itself is not removed... so up to you. I'd check it for fixing...
O4 - Startup: PowerReg Scheduler.exe

===Download this temp file cleaner from http://www.atribune.org/ccount/click.php?id=1 --click in the download window to run it, and when ATF Cleaner opens go Select all, and then Empty Selected.

===GET AVG antispyware 7.5 here.. http://free.grisoft.com/doc/5390/lng/us/tpl/v5 -the link is almost at the bottom of the page , avgas 7.5.0.50. Install it and UPDATE it.

Start AVG a-s 7.5; under Scanner/ Settings set Recommended actions to Quarantine, and run the scan. Save the log file and only then click Apply all actions.

Post the AVG-AS scanlog file, plus the contents of C:\vundofix.txt plus a new Hijack this log. [run a new hijackthis log after you fix those entries above.]

gerbil 216 Industrious Poster

17 Years Ago

Please rerun vundofix - I think it missed one...
Then rename hijackthis.exe to rumble.exe and do another scan- post the log.

gerbil 216 Industrious Poster

17 Years Ago

Updating my instructions....
Please rerun vundofix - I think it missed one...
Rerun ATF Cleaner [you will have to rerun it from the site, else dl it to your desktop and run it from there...]
Then try an online scan at panda:- http://www.pandasoftware.com/products/activescan?
-select the link to the scan... free online virus scan...., enter a valid? email and follow through, choosing My Computer for a full system scan.
Post the log it produces here.
Rename hijackthis.exe to rumble.exe and do another scan- post the log.
If the panda scan gets through you should retry AVG because that will remove the lop infection if it gets a chance to run fully.

gerbil 216 Industrious Poster

17 Years Ago

Okay. A reason for running ATF Cleaner before AVG AS is that the cleaner removes all the cookies if run as i suggest, so the AVG report is as a result a bit easier to read...
Please tell me if your AV is still throwing up Lop warnings...
And yeah, you are correct about ATF and other browsers.. :) - I checked your log but obviously firefox wasn't running when you made it, so it didn't show up, so I cut that bit from my guide to you.. I think I shall just include the other browser instructions as standard in my texts from now on.

gerbil 216 Industrious Poster

17 Years Ago

pmnnl.dll is one of the random process names available to vundo [virtumonde] when it installs itself. It was killed early on by one of the scans you ran [zonelabs?] but it already had made duplicates with other names which escaped detection. Vundo now sometimes uses a rootkit to hide behind, but the later versions of vundofix employ rootkit detectors. when you finish the panda scan it may be cool to run a specialist rootkit detector such as f-Secure's blacklight beta.
===Download the latest trial version of Blacklight beta from http://www.f-secure.com/blacklight/
Dclick the .exe [they change the name occasionally when they update it so I am not giving it here...], click Run, agree to the terms and Scan. Post the results if positive.

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

Rumbleman 0 Newbie Poster · Answer 1 · 2007-04-04T07:28:38+00:00

someof my viruses are as follows:
packed.win32.cryptexe
trojan-downloader.vbs.small.az
trojan-downloader.Bat.ftp.c
trojan-downloader.win32.lstbar.ja
trojan-downloader.win32.softomate.u
trojan-downloader.bat.ftp.ab

Rumbleman 0 Newbie Poster · Answer 2 · 2007-04-05T07:44:24+00:00

VundoFix V6.3.19
Checking Java version...
Java version is 1.5.0.8
Old versions of java are exploitable and should be removed.
Scan started at 4:06:58 PM 04/04/2007
Listing files found while scanning....
E:\WINDOWS\system32\dgjlm.bak1
E:\WINDOWS\system32\dgjlm.bak2
E:\WINDOWS\system32\dgjlm.ini
E:\WINDOWS\system32\mljgd.dll
E:\WINDOWS\System32\pmnnl.dll
E:\WINDOWS\system32\rqrropq.dll
E:\WINDOWS\system32\vwghinws.exe
Beginning removal...
Attempting to delete E:\WINDOWS\system32\dgjlm.bak1
E:\WINDOWS\system32\dgjlm.bak1 Has been deleted!
Attempting to delete E:\WINDOWS\system32\dgjlm.bak2
E:\WINDOWS\system32\dgjlm.bak2 Has been deleted!
Attempting to delete E:\WINDOWS\system32\dgjlm.ini
E:\WINDOWS\system32\dgjlm.ini Has been deleted!
Attempting to delete E:\WINDOWS\system32\vwghinws.exe
E:\WINDOWS\system32\vwghinws.exe Has been deleted!
Performing Repairs to the registry.
Done!

Logfile of HijackThis v1.99.1
Scan saved at 5:26:16 PM, on 04/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)
Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\ZoneLabs\vsmon.exe
E:\WINDOWS\system32\Ati2evxx.exe
C:\xoblite_bb3_rc1\Blackbox.exe
E:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe
E:\WINDOWS\system32\spoolsv.exe
E:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
E:\WINDOWS\ATKKBService.exe
E:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
E:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
E:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
E:\WINDOWS\system32\taskswitch.exe
E:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
E:\Program Files\Microsoft IntelliPoint\point32.exe
E:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe
E:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
E:\WINDOWS\system32\wuauclt.exe
E:\Program Files\Maxthon\Maxthon.exe
E:\Program Files\MSN Messenger\msnmsgr.exe
E:\Program Files\Messenger\msmsgs.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
E:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
E:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
E:\WINDOWS\system32\taskmgr.exe
E:\Program Files\MSN Messenger\usnsvc.exe
E:\Program Files\Hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.shaw.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer Provided by SHAW Internet
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [AVG7_CC] E:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [CoolSwitch] E:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [ATIPTA] E:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [IntelliPoint] "E:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "E:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [MessengerPlus3] "E:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "E:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "E:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Yahoo! Widget Engine.lnk = E:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
O9 - Extra button: Panda ActiveScan - {653D93AF-C741-4e5e-8C1B-59BA43F93E16} - http://www.pandasoftware.com/activescan (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - E:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - E:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - E:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - E:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - E:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - E:\WINDOWS\ATKKBService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - E:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - E:\WINDOWS\system32\ZoneLabs\vsmon.exe

Rumbleman 0 Newbie Poster · Answer 3 · 2007-04-05T07:50:25+00:00

i have been tring to run the avg spyware scanner but my computer keeps resetting itself and i dont know why. and avg antivirus found another trojan horse Lop.bL

Rumbleman 0 Newbie Poster · Answer 4 · 2007-04-05T09:37:42+00:00

ok i finished the scan finally ill post then rerun vundo and stuff

E:\System Volume Information\_restore{534E2F2C-02F9-402C-9972-62860AD1A4EC}\RP269\A0119679.exe -> Adware.Searchcolor : Cleaned.
E:\VundoFix Backups\vwghinws.exe.bad -> Adware.Searchcolor : Cleaned.
:mozilla.390:E:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\0gwcqxtt.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.391:E:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\0gwcqxtt.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.335:E:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\0gwcqxtt.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.336:E:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\0gwcqxtt.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.337:E:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\0gwcqxtt.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.338:E:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\0gwcqxtt.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.339:E:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\0gwcqxtt.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.340:E:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\0gwcqxtt.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.448:E:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\0gwcqxtt.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.449:E:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\0gwcqxtt.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.531:E:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\0gwcqxtt.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.560:E:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\0gwcqxtt.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.644:E:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\0gwcqxtt.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
E:\Documents and Settings\Owner\Cookies\owner@2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.899:E:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\0gwcqxtt.default\cookies.txt -> TrackingCookie.Abcsearch : Cleaned.
:mozilla.13:E:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\0gwcqxtt.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.14:E:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\0gwcqxtt.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.17:E:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\0gwcqxtt.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.18:E:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\0gwcqxtt.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.19:E:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\0gwcqxtt.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.21:E:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\0gwcqxtt.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.222:E:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\0gwcqxtt.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.223:E:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\0gwcqxtt.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.22:E:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\0gwcqxtt.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.23:E:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\0gwcqxtt.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.24:E:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\0gwcqxtt.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.25:E:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\0gwcqxtt.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.26:E:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\0gwcqxtt.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.38:E:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\0gwcqxtt.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.394:E:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\0gwcqxtt.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.395:E:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\0gwcqxtt.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.396:E:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\0gwcqxtt.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.397:E:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\0gwcqxtt.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.398:E:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\0gwcqxtt.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.399:E:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\0gwcqxtt.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.39:E:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\0gwcqxtt.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.400:E:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\0gwcqxtt.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.401:E:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\0gwcqxtt.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.402:E:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\0gwcqxtt.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.748:E:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\0gwcqxtt.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.403:E:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\0gwcqxtt.default\cookies.txt -> TrackingCookie.Adengage : Cleaned.
:mozilla.370:E:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\0gwcqxtt.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.374:E:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\0gwcqxtt.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.382:E:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\0gwcqxtt.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.383:E:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\0gwcqxtt.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.384:E:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\0gwcqxtt.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.415:E:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\0gwcqxtt.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.416:E:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\0gwcqxtt.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.380:E:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\0gwcqxtt.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
E:\Documents and Settings\Owner\Cookies\owner@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.446:E:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\0gwcqxtt.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.366:E:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\0gwcqxtt.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.367:E:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\0gwcqxtt.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.368:E:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\0gwcqxtt.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.369:E:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\0gwcqxtt.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.371:E:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\0gwcqxtt.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.372:E:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\0gwcqxtt.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.373:E:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\0gwcqxtt.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.331:E:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\0gwcqxtt.default\cookies.txt -> TrackingCookie.Clickhype : Cleaned.
:mozilla.488:E:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\0gwcqxtt.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned.
:mozilla.489:E:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\0gwcqxtt.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned.
:mozilla.490:E:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\0gwcqxtt.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned.
:mozilla.491:E:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\0gwcqxtt.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned.
:mozilla.492:E:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\0gwcqxtt.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned.
:mozilla.493:E:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\0gwcqxtt.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned.
:mozilla.494:E:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\0gwcqxtt.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned.
:mozilla.495:E:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\0gwcqxtt.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned.
:mozilla.451:E:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\0gwcqxtt.default\cookies.txt -> TrackingCookie.Connextra : Cleaned.
:mozilla.455:E:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\0gwcqxtt.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.456:E:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\0gwcqxtt.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.457:E:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\0gwcqxtt.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.458:E:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\0gwcqxtt.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.824:E:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\0gwcqxtt.default\cookies.txt -> TrackingCookie.Cqcounter : Cleaned.
:mozilla.426:E:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\0gwcqxtt.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.427:E:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\0gwcqxtt.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.428:E:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\0gwcqxtt.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.429:E:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\0gwcqxtt.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.189:E:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\0gwcqxtt.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.190:E:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\0gwcqxtt.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.192:E:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\0gwcqxtt.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.193:E:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\0gwcqxtt.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.257:E:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\0gwcqxtt.default\cookies.txt -> TrackingCookie.Findwhat : Cleaned.
:mozilla.563:E:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\0gwcqxtt.default\cookies.txt -> TrackingCookie.Hotlog : Cleaned.
:mozilla.606:E:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\0gwcqxtt.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.607:E:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\0gwcqxtt.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.888:E:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\0gwcqxtt.default\cookies.txt -> TrackingCookie.Information : Cleaned.
:mozilla.873:E:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\0gwcqxtt.default\cookies.txt -> TrackingCookie.Masterstats : Cleaned.
E:\Documents and Settings\Owner\Cookies\owner@ssl-hints.netflame[2].txt -> TrackingCookie.Netflame : Cleaned.
:mozilla.187:E:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\0gwcqxtt.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.188:E:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\0gwcqxtt.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.191:E:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\0gwcqxtt.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.689:E:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\0gwcqxtt.default\cookies.txt -> TrackingCookie.Paycounter : Cleaned.
:mozilla.922:E:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\0gwcqxtt.default\cookies.txt -> TrackingCookie.Paypal : Cleaned.
:mozilla.409:E:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\0gwcqxtt.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.410:E:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\0gwcqxtt.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.411:E:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\0gwcqxtt.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.412:E:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\0gwcqxtt.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.702:E:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\0gwcqxtt.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.703:E:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\0gwcqxtt.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.707:E:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\0gwcqxtt.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.708:E:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\0gwcqxtt.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.375:E:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\0gwcqxtt.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.376:E:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\0gwcqxtt.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.377:E:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\0gwcqxtt.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.378:E:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\0gwcqxtt.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.379:E:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\0gwcqxtt.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.381:E:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\0gwcqxtt.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.385:E:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\0gwcqxtt.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.529:E:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\0gwcqxtt.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.530:E:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\0gwcqxtt.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.459:E:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\0gwcqxtt.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.460:E:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\0gwcqxtt.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.461:E:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\0gwcqxtt.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.462:E:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\0gwcqxtt.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.463:E:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\0gwcqxtt.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.464:E:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\0gwcqxtt.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.465:E:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\0gwcqxtt.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.466:E:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\0gwcqxtt.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.467:E:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\0gwcqxtt.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.468:E:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\0gwcqxtt.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.469:E:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\0gwcqxtt.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.470:E:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\0gwcqxtt.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.471:E:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\0gwcqxtt.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.472:E:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\0gwcqxtt.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.473:E:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\0gwcqxtt.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.474:E:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\0gwcqxtt.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.475:E:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\0gwcqxtt.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.476:E:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\0gwcqxtt.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.477:E:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\0gwcqxtt.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.478:E:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\0gwcqxtt.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.479:E:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\0gwcqxtt.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.480:E:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\0gwcqxtt.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.481:E:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\0gwcqxtt.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.482:E:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\0gwcqxtt.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.483:E:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\0gwcqxtt.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.484:E:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\0gwcqxtt.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.485:E:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\0gwcqxtt.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.486:E:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\0gwcqxtt.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.925:E:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\0gwcqxtt.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned.
:mozilla.926:E:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\0gwcqxtt.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned.
:mozilla.927:E:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\0gwcqxtt.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned.
:mozilla.757:E:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\0gwcqxtt.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.758:E:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\0gwcqxtt.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.876:E:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\0gwcqxtt.default\cookies.txt -> TrackingCookie.Tracking101 : Cleaned.
:mozilla.781:E:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\0gwcqxtt.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.782:E:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\0gwcqxtt.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.783:E:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\0gwcqxtt.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.784:E:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\0gwcqxtt.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.785:E:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\0gwcqxtt.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.786:E:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\0gwcqxtt.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.787:E:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\0gwcqxtt.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.710:E:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\0gwcqxtt.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.711:E:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\0gwcqxtt.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.712:E:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\0gwcqxtt.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.713:E:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\0gwcqxtt.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.714:E:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\0gwcqxtt.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.820:E:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\0gwcqxtt.default\cookies.txt -> TrackingCookie.Yadro : Cleaned.
:mozilla.201:E:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\0gwcqxtt.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.202:E:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\0gwcqxtt.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.203:E:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\0gwcqxtt.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.204:E:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\0gwcqxtt.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.206:E:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\0gwcqxtt.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.210:E:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\0gwcqxtt.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.213:E:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\0gwcqxtt.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.214:E:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\0gwcqxtt.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.215:E:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\0gwcqxtt.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.216:E:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\0gwcqxtt.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.217:E:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\0gwcqxtt.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.

::Report end

Rumbleman 0 Newbie Poster · Answer 5 · 2007-04-05T10:02:24+00:00

i ran vundo and it came up clean
i reran atf and noticed that you hvae to set it for different browsers so i cleaned everything.
zonealarm virus scan found about 15 copies of not-a-virus:AdWare.Win32.Virtumonde.id.

and quarantined them all
ill run pandascan now and post the results

Rumbleman 0 Newbie Poster · Answer 6 · 2007-04-05T11:26:19+00:00

i rarely use firefox so i didnt even think about it i mostly use maxthon. ya i thought that log was long and that would explain it. panda is running has been for over an hour i have too many files. so far my computer has been stable for 2 hours which is a record for the last week or so, probably thanks to you. i just checked my log and the first warning was on teh 27th of march it was pmnnl.dll and there has been a steady stream of trojan warnings since then. dont know if that helps. so far panda has found 2 rootkits and its halfway done i dont know if my computer will stay running until its over. if not ill try again tommorrow. thanks alot for your help!

Rumbleman 0 Newbie Poster · Answer 7 · 2007-04-06T05:30:02+00:00

Incident Status Location
Potentially unwanted tool:Application/PRScheduler Not disinfected E:\Documents and Settings\Owner\Start Menu\Programs\Startup (Disabled)\PowerReg Scheduler.exe
Potentially unwanted tool:Application/PRScheduler Not disinfected E:\Program Files\Hijackthis\backups\backup-20070404-164318-460-PowerReg Scheduler.exe
thast all there was on the pandascan
and the f-secure said nothing was found

gerbil 216 Industrious Poster · Answer 8 · 2007-04-06T08:30:05+00:00

That, than, is pretty neat, rumbleman - you're out of the woods, I think. Is your sys working okay now?
Powerreg scheduler is just a pgm to remind you to register some software or product... it is just a commercial prompter used by many co's. Delete it. Do a search for powerreg - it will turn up several entries, incl one in your pgm files; delete that too.
Cheers.

Rumbleman 0 Newbie Poster · Answer 9 · 2007-04-06T12:03:22+00:00

actually my computer worked fine for a day now its resetting itself constalntly and i dont know why but i think it might be a hardware issue i ran another virus scan and didnt find any viruses so thanks for helping me fix it.

gerbil 216 Industrious Poster · Answer 10 · 2007-04-06T17:25:52+00:00

Hmm... on the other hand it could be that we missed something and it took a while to fully regenerate itself, perhaps by calling for a download. It does sound like a spyware/trojan issue.... May I suggest that you download this file: http://www.techsupportforum.com/sectools/combofix.exe
-- to run it dclick combofix.exe and follow the prompts to start it. When finished, it will produce a log - post that log in your next reply.
A word of caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop.
And rename hijackthis.exe to rumble.exe and post a fresh log also. We just gotta try a bit harder sometimes...

Rumbleman 0 Newbie Poster · Answer 11 · 2007-04-10T05:29:27+00:00

You have used an invalid url to download ComboFix.exe. Please be advised that these are the correct links to use
http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
first it said that so i changed the url and it ran and found 2 things: Qoologic and SurfSideKick but it just closed, didnt post a log. the log just said:
Start Time= 09/04/2007 16:17:42.35

i ran it from the second link and here is the log:
"Owner" - 07-04-09 16:25:30 Service Pack 2
ComboFix 07-04-05 - Running from: "e:\Program Files\Maxthon"

((((((((((((((((((((((((((((((( Files Created from 2007-03-09 to 2007-04-09 ))))))))))))))))))))))))))))))))))

2007-04-09 16:15 <DIR> d-------- E:\sUBs
2007-04-07 17:39 <DIR> d-------- E:\DOCUME~1\Owner\APPLIC~1\Ahead
2007-04-07 17:35 <DIR> d-------- E:\Program Files\Nero
2007-04-07 17:35 <DIR> d-------- E:\DOCUME~1\ALLUSE~1\APPLIC~1\Nero
2007-04-07 11:31 <DIR> d-------- E:\Program Files\Smart Projects
2007-04-06 09:27 4,096 --a------ E:\WINDOWS\d3dx.dat
2007-04-04 17:31 3,968 --a------ E:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-04-04 16:06 <DIR> d-------- E:\VundoFix Backups
2007-04-03 17:58 <DIR> d-------- E:\WINDOWS\system32\ActiveScan
2007-04-03 16:42 <DIR> d-------- E:\Program Files\ATI Technologies
2007-04-03 06:04 0 --a------ E:\WINDOWS\system32\atiicdxx.dat
2007-04-02 17:22 524,288 --ah----- E:\DOCUME~1\ADMINI~1\NTUSER.DAT
2007-03-31 10:50 <DIR> d-------- E:\Program Files\StuffPlug3
2007-03-31 10:31 8,988,704 --ahs---- E:\WINDOWS\system32\drivers\fidbox.dat
2007-03-31 10:31 266,272 --ahs---- E:\WINDOWS\system32\drivers\fidbox2.dat
2007-03-31 10:30 <DIR> d-------- E:\DOCUME~1\Owner\APPLIC~1\MailFrontier
2007-03-31 09:18 <DIR> d-------- E:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-03-30 12:54 75,512 --a------ E:\WINDOWS\zllsputility.exe
2007-03-30 12:54 11,264 --a------ E:\WINDOWS\system32\SpOrder.dll
2007-03-30 12:54 1,087,216 --a------ E:\WINDOWS\system32\zpeng24.dll
2007-03-28 22:34 <DIR> d-------- E:\DOCUME~1\Owner\APPLIC~1\Screenshot Sender
2007-03-28 22:33 <DIR> d-------- E:\Program Files\Messenger Plus! Live
2007-03-20 18:31 <DIR> d-------- E:\Program Files\Microsoft IntelliPoint
2007-03-14 19:27 972,336 --a------ E:\WINDOWS\UNRecode.exe
2007-03-14 19:20 133,168 --a------ E:\WINDOWS\system32\drivers\imagesrv.sys
2007-03-14 19:20 11,568 --a------ E:\WINDOWS\system32\drivers\imagedrv.sys
2007-03-14 19:19 972,336 --a------ E:\WINDOWS\UNNeroBackItUp.exe
2007-03-14 19:19 95,864 --a------ E:\WINDOWS\system32\NeroCo.dll
2007-03-12 13:51 972,336 --a------ E:\WINDOWS\UNNeroMediaHome.exe

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-04-09 16:24 -------- d-------- E:\Program Files\maxthon
2007-04-06 09:06 -------- d-------- E:\Program Files\startup manager
2007-04-04 21:45 -------- d-------- E:\Program Files\msn messenger
2007-04-04 21:41 -------- d-------- E:\Program Files\messenger
2007-04-03 16:42 -------- d--h----- E:\Program Files\installshield installation information
2007-03-30 12:55 4212 --ah----- E:\WINDOWS\system32\zllictbl.dat
2007-03-27 16:00 -------- d-------- E:\Program Files\freshdevices
2007-03-25 16:29 737575 --ahs---- E:\WINDOWS\system32\lnnmp.bak2
2007-03-10 10:40 -------- d-------- E:\Program Files\picasa2
2007-03-10 10:33 -------- d-------- E:\Program Files\google
2007-03-08 08:36 577536 --a------ E:\WINDOWS\system32\user32.dll
2007-03-08 08:36 40960 --a------ E:\WINDOWS\system32\mf3216.dll
2007-03-08 08:36 281600 --a------ E:\WINDOWS\system32\gdi32.dll
2007-03-08 06:47 1843584 --a------ E:\WINDOWS\system32\win32k.sys
2007-02-28 20:53 972336 --a------ E:\WINDOWS\unnerovision.exe
2007-02-28 15:41 972336 --a------ E:\WINDOWS\unneroshowtime.exe
2007-01-19 12:53 51056 --a------ E:\WINDOWS\system32\sirenacm.dll

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MessengerPlus3"="\"E:\\Program Files\\MessengerPlus! 3\\MsgPlus.exe\" /WinStart"
"msnmsgr"="\"E:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
"MSMSGS"="\"E:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"ctfmon.exe"="E:\\WINDOWS\\system32\\ctfmon.exe"
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"E:\\Program Files\\Common Files\\Ahead\\Lib\\NMBgMonitor.exe\""
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"AVG7_CC"="E:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
"CoolSwitch"="E:\\WINDOWS\\system32\\taskswitch.exe"
"ATIPTA"="E:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"IntelliPoint"="\"E:\\Program Files\\Microsoft IntelliPoint\\point32.exe\""
"ZoneAlarm Client"="\"E:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""
"!AVG Anti-Spyware"="\"E:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
"KernelFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,\
65,6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,6b,00
"NeroFilterCheck"="E:\\Program Files\\Common Files\\Ahead\\Lib\\NeroCheck.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{182B90A3-F372-438A-800C-6814B4DE417B}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"AVG7_Run"="E:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoFolderOptions"=dword:00000000
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoFolderOptions"=dword:00000000
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G]
Shell\AutoRun\command G:\setup.exe
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\I]
Shell\AutoRun\command I:\autorun.exe
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\J]
Shell\AutoRun\command J:\RoNsetup.exe /autorun
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8cec5a1d-5a62-11db-bbe3-0013d47ef642}]
Shell\AutoRun\command H:\autorun.exe
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8cec5a1e-5a62-11db-bbe3-0013d47ef642}]
Shell\AutoRun\command I:\RoNsetup.exe /autorun
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ec8a2cac-58d9-11db-bbd3-806d6172696f}]
Shell\AutoRun\command G:\TS-H652A.exe

Contents of the 'Scheduled Tasks' folder
E:\WINDOWS\tasks\AppleSoftwareUpdate.job

********************************************************************
catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006
http://www.gmer.net
scanning hidden processes ...
scanning hidden services ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
********************************************************************
Completion time: 07-04-09 16:28:31
E:\ComboFix-quarantined-files.txt ... 07-04-09 16:28
E:\ComboFix2.txt ... 07-04-09 16:17

Rumbleman 0 Newbie Poster · Answer 12 · 2007-04-10T05:56:12+00:00

Logfile of HijackThis v1.99.1
Scan saved at 4:50:30 PM, on 09/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)
Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\ZoneLabs\vsmon.exe
E:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe
E:\WINDOWS\ATKKBService.exe
E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
E:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
E:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
E:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
E:\WINDOWS\system32\Ati2evxx.exe
C:\xoblite_bb3_rc1\Blackbox.exe
E:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
E:\WINDOWS\system32\taskswitch.exe
E:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
E:\Program Files\Microsoft IntelliPoint\point32.exe
E:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
E:\Program Files\Hijackthis\rumble.exe.exe
E:\WINDOWS\system32\wuauclt.exe
E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
E:\Program Files\MSN Messenger\msnmsgr.exe
E:\Program Files\Messenger\msmsgs.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
E:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
E:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
E:\WINDOWS\system32\ZoneLabs\UpdClient.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.shaw.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [AVG7_CC] E:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [CoolSwitch] E:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [ATIPTA] E:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [IntelliPoint] "E:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "E:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [NeroFilterCheck] E:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKCU\..\Run: [MessengerPlus3] "E:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "E:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "E:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "E:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - Startup: Yahoo! Widget Engine.lnk = E:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
O9 - Extra button: Panda ActiveScan - {653D93AF-C741-4e5e-8C1B-59BA43F93E16} - http://www.pandasoftware.com/activescan (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - E:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - E:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - E:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - E:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - E:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - E:\WINDOWS\ATKKBService.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - E:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - E:\WINDOWS\system32\ZoneLabs\vsmon.exe

gerbil 216 Industrious Poster · Answer 13 · 2007-04-10T19:55:07+00:00

Hello, rumbleman.... still some vundo traces in there. Hmmm..... Vundofix just would not shift them. I know this tool will get more of it:
http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe
Save the file to your desktop, and CLOSE ALL running programs including IE [or other browsers]. Dclick Virtumundobegone to start it and follow the prompts. If you get a BSOD just reboot...
Please post the VBG.txt log from your desktop.

Rumbleman 0 Newbie Poster · Answer 14 · 2007-04-11T06:37:56+00:00

IT took me a while because my computer stopped booting and i had to rewrite the boot sector before it would start up again.

[04/10/2007, 17:28:57] - VirtumundoBeGone v1.5 ( "E:\Documents and Settings\Owner\Desktop\VirtumundoBeGone.exe" )
[04/10/2007, 17:29:02] - Detected System Information:
[04/10/2007, 17:29:02] - Windows Version: 5.1.2600, Service Pack 2
[04/10/2007, 17:29:02] - Current Username: Owner (Admin)
[04/10/2007, 17:29:02] - Windows is in NORMAL mode.
[04/10/2007, 17:29:02] - Searching for Browser Helper Objects:
[04/10/2007, 17:29:02] - BHO 1: {53707962-6F74-2D53-2644-206D7942484F} ()
[04/10/2007, 17:29:02] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/10/2007, 17:29:02] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[04/10/2007, 17:29:02] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[04/10/2007, 17:29:02] - Finished Searching Browser Helper Objects
[04/10/2007, 17:29:02] - Finishing up...
[04/10/2007, 17:29:02] - Nothing found! Exiting...

gerbil 216 Industrious Poster · Answer 15 · 2007-04-11T19:50:42+00:00

Ah. Well, that was my last shot. I don't think Silent Runners would help. All that is left is to clean up a few folders and traces:
Delete this file : E:\WINDOWS\system32\lnnmp.bak2
Delete this folder : E:\VundoFix Backups
Empty your AVG quarantine folder. Delete vundofix and vundobegone. Run this script to remove this registry key value [or go in and delete it manually..]
-copy all the text below the line as one block to notepad, Save as vnd.reg with type set as All files, to your desktop or to a scratch folder; then dclick the filename and allow it to merge with the registry...
_______________________________________________________________________________
Windows Registry Editor Version 5.00

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
"{182B90A3-F372-438A-800C-6814B4DE417B}"=-

Rumbleman 0 Newbie Poster · Answer 16 · 2007-04-13T10:17:13+00:00

ok i did all that and i havent seen sign of any viruses but the not starting is still a apin and it turns off and resets occasionally but i think i have driver and maybe hardware issues. thanks alot for your help.

gerbil 216 Industrious Poster · Answer 17 · 2007-04-13T10:32:04+00:00

first hardware check to make is power down at the wall, open up, brush [softly] with a vacuum cleaner nozzle in there too; when it's clean enough [esp the big chips' heatsinks...] unseat every little thing and replug. Cards, cables, RAM blocks, the lot. Even unlock, lift, and relock the processor if you wish. Don't take it right out to marvel at how well you can comb your hair with the pins.

Rumbleman 0 Newbie Poster · Answer 18 · 2007-04-15T23:35:35+00:00

ok i did all that cleanedit up and unplugged everything and plugged it back in but no change its getting worse. when i first hit the power button the ps sounds like its making a clicking noise an it wont even start to boot up unless i unplug my ethernet cord???
also when i do get it to boot my keyboard and mouse randomly wont work, the light on my wireless keyboard reciever will flicker when it isnt wrking. i think it is either a mb or ps problem but i dont know which. i have hecked all my mb caps carefully and they all LOOK fine.

gerbil 216 Industrious Poster · Answer 19 · 2007-04-16T11:02:05+00:00

hummm... i guessing now with what you have told, but a ps produces a Power Good signal which instructs MB/BIOS that it is okay to start.... i wonder if your ps is not starting to go marginal? You can google for wire colours and voltages if you like to test with a DVM, else plug in a mate's when he's not looking.

Rumbleman 0 Newbie Poster · Answer 20 · 2007-04-17T05:06:04+00:00

My PS is a SPI Sparkle power international i dont know if thats a good brand and i dont have another ps to test with but i do have a dvm so ill try that. it seems to be worse during startup too. once i get it running it seems sorta stable but i have to try about 10 times or more to get it to finish booting. sometimes it helps to turn off the ps and wait a minute and then try again.

gerbil 216 Industrious Poster · Answer 21 · 2007-04-17T16:16:32+00:00

good-oh. when yer fully done electrocuting yourself lemme know how you got on.... :)

Rumbleman 0 Newbie Poster · Answer 22 · 2007-05-17T08:59:59+00:00

well it was definatly my power supply so i bought a better one and it is up and running... but now my warcraft sub has run out lol thanks a lot for all the help.

gerbil 216 Industrious Poster · Answer 23 · 2007-05-17T09:30:55+00:00

hey, good and bad then. glad you are going again tho, and thanks for the inf.. Cheers

scads of viruses!

Recommended Answers Collapse Answers

All 28 Replies

Recommended Answers