Page 1 of 3 123 LastLast
Results 1 to 10 of 30

Thread: Malware Prob

  1. 2007-04-18, 03:24 #1
    BWillia
    BWillia is offline
    Junior Member
    Join Date
    Apr 2007
    Location
    Delaware
    Posts
    21

    Default Malware Prob

    I recently was affected with some bad malware. I've tried running the following spyware programs to attempt to zap this from my system: Ad-aware SE, Spybot S&D, AVG Anti-spyware, Panda Antivirus, and SpyCatcher. None of these have fully cleaned my system. Symptoms are the usual: pop-up windows both inside my browser and outside. It doesn't seem to activate until I open my browser after first powering up.

    Here's my log:

    Logfile of HijackThis v1.99.1
    Scan saved at 9:24:26 PM, on 4/18/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16414)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    G:\Program Files\Windows Defender\MsMpEng.exe
    G:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\pavsrv51.exe
    G:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\AVENGINE.EXE
    C:\WINDOWS\system32\svchost.exe
    G:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\TPSrv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    g:\program files\panda software\panda antivirus + firewall 2007\firewall\PNMSRV.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    G:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\system32\crypserv.exe
    C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    G:\Program Files\Diskeeper\DkService.exe
    G:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\PavFnSvr.exe
    C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
    G:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\PsImSvc.exe
    G:\Program Files\SanDisk\Sansa Updater\SansaSvr.exe
    C:\Program Files\WhiteCanyon\SecureClean 4\scwatch4.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\Program Files\WhiteCanyon\SecureClean 4\scregmanager4.exe
    C:\Program Files\WhiteCanyon\SecureClean 4\sctray4.exe
    G:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe
    C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
    G:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
    G:\Program Files\Windows Defender\MSASCui.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
    C:\WINDOWS\system32\wscntfy.exe
    G:\Program Files\Mozilla Firefox\firefox.exe
    G:\Program Files\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.excite.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

    http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

    http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

    http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

    http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Brett's Microsoft

    Internet Explorer
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program

    Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SpywareBlock Class - {0A87E45F-537A-40B4-B812-E2544C21A09F} - G:\Program

    Files\SpyCatcher 2006\SCActiveBlock.dll
    O2 - BHO: (no name) - {5689A996-459E-44AE-832D-2DE47478DF76} - C:\WINDOWS\system32\wvurr.dll
    O2 - BHO: (no name) - {67C55A8D-E808-4caa-9EA7-F77102DE0BB6} -

    C:\WINDOWS\system32\htwfflyo.dll (file missing)
    O2 - BHO: (no name) - {E1DADA05-3E74-43B0-B3CE-FC347DB7C76B} -

    C:\WINDOWS\system32\pmnlkih.dll (file missing)
    O4 - HKLM\..\Run: [NvMixerTray] C:\Program Files\NVIDIA Corporation\NvMixer\NvMixerTray.exe
    O4 - HKLM\..\Run: [SecureClean4RegManager] "C:\Program Files\WhiteCanyon\SecureClean

    4\scregmanager4.exe"
    O4 - HKLM\..\Run: [SecureClean4Tray] "C:\Program Files\WhiteCanyon\SecureClean

    4\sctray4.exe"
    O4 - HKLM\..\Run: [D-Link AirPlus XtremeG] G:\Program Files\D-Link\AirPlus

    XtremeG\AirPlusCFG.exe
    O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
    O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio

    Shared\System\EngUtil.exe"
    O4 - HKLM\..\Run: [RoxioDragToDisc] "G:\Program Files\Roxio\Easy CD Creator

    6\DragToDisc\DrgToDsc.exe"
    O4 - HKLM\..\Run: [RoxioAudioCentral] "G:\Program Files\Roxio\Easy CD Creator

    6\AudioCentral\RxMon.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "G:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Windows Defender] "G:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [SpyCatcher Reminder] "G:\Program Files\SpyCatcher 2006\SpyCatcher.exe"

    reminder
    O4 - HKLM\..\Run: [APVXDWIN] "G:\Program Files\Panda Software\Panda Antivirus + Firewall

    2007\APVXDWIN.EXE" /s
    O4 - HKCU\..\Run: [CursorXP] G:\Program Files\CursorXP\CursorXP.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Startup: Scheduler.lnk = G:\Program Files\SpyCatcher 2006\Scheduler daemon.exe
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
    O4 - Global Startup: SpyCatcher Protector.lnk = G:\Program Files\SpyCatcher

    2006\Protector.exe
    O4 - Global Startup: VPN Client.lnk = ?
    O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} -

    http://www.comcast.net/ (file missing)
    O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} -

    http://www.comcastsupport.com/ (file missing)
    O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} -

    http://online.comcast.net/help/ (file missing)
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network

    Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} -

    %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O11 - Options group: [INTERNATIONAL] International*
    O15 - Trusted Zone: http://*.excite.com
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -

    http://update.microsoft.com/windowsu...te.cab?1121385

    835968
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) -

    http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -

    http://acs.pandasoftware.com/actives...ree/asinst.cab
    O20 - AppInit_DLLs: interceptor.dll
    O20 - Winlogon Notify: avldr - C:\WINDOWS\SYSTEM32\avldr.dll
    O20 - Winlogon Notify: pmnlkih - pmnlkih.dll (file missing)
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O20 - Winlogon Notify: wvurr - C:\WINDOWS\system32\wvurr.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} -

    C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe

    Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program

    Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - G:\Program

    Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: CachemanXP (CachemanXPService) - OuterTechnologies -

    G:\PROGRA~1\CACHEM~1\CachemanXP.exe
    O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
    O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program

    Files\Cisco Systems\VPN Client\cvpnd.exe
    O23 - Service: Diskeeper - Executive Software International, Inc. - G:\Program

    Files\Diskeeper\DkService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program

    Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - G:\Program

    Files\Panda Software\Panda Antivirus + Firewall 2007\PavFnSvr.exe
    O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program

    Files\Common Files\Panda Software\PavShld\pavprsrv.exe
    O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - G:\Program

    Files\Panda Software\Panda Antivirus + Firewall 2007\pavsrv51.exe
    O23 - Service: Panda Network Manager (PNMSRV) - Panda Software International - g:\program

    files\panda software\panda antivirus + firewall 2007\firewall\PNMSRV.EXE
    O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software - G:\Program Files\Panda

    Software\Panda Antivirus + Firewall 2007\PsImSvc.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner -

    %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
    O23 - Service: Sansa Updater Service (SansaService) - Unknown owner - G:\Program

    Files\SanDisk\Sansa Updater\SansaSvr.exe
    O23 - Service: SCWatch 4.0 - WhiteCanyon Inc. - C:\Program Files\WhiteCanyon\SecureClean

    4\scwatch4.exe
    O23 - Service: Panda TPSrv (TPSrv) - Panda Software - G:\Program Files\Panda Software\Panda

    Antivirus + Firewall 2007\TPSrv.exe
    O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program

    Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC -

    C:\WINDOWS\system32\ZoneLabs\vsmon.exe


    Thanks in advance for your help!
  2. 2007-04-18, 03:58 #2
    BWillia
    BWillia is offline
    Junior Member
    Join Date
    Apr 2007
    Location
    Delaware
    Posts
    21

    Default

    In attempting to be proactive, I decided to try and run Vundofix 6.3.19 with instructions from another post. My problems still exists...here's my new log:

    Logfile of HijackThis v1.99.1
    Scan saved at 10:00:52 PM, on 4/18/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16414)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    G:\Program Files\Windows Defender\MsMpEng.exe
    G:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\pavsrv51.exe
    G:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\AVENGINE.EXE
    C:\WINDOWS\system32\svchost.exe
    G:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\TPSrv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    g:\program files\panda software\panda antivirus + firewall 2007\firewall\PNMSRV.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    G:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\system32\crypserv.exe
    C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    G:\Program Files\Diskeeper\DkService.exe
    G:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\PavFnSvr.exe
    C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
    G:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\PsImSvc.exe
    G:\Program Files\SanDisk\Sansa Updater\SansaSvr.exe
    C:\Program Files\WhiteCanyon\SecureClean 4\scwatch4.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    G:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\apvxdwin.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\WhiteCanyon\SecureClean 4\scregmanager4.exe
    C:\Program Files\WhiteCanyon\SecureClean 4\sctray4.exe
    G:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe
    C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
    G:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
    G:\Program Files\Windows Defender\MSASCui.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
    g:\program files\panda software\panda antivirus + firewall 2007\WebProxy.exe
    G:\Program Files\Mozilla Firefox\firefox.exe
    G:\Program Files\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.excite.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Brett's Microsoft Internet Explorer
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SpywareBlock Class - {0A87E45F-537A-40B4-B812-E2544C21A09F} - G:\Program Files\SpyCatcher 2006\SCActiveBlock.dll
    O2 - BHO: (no name) - {5689A996-459E-44AE-832D-2DE47478DF76} - C:\WINDOWS\system32\wvurr.dll
    O2 - BHO: (no name) - {67C55A8D-E808-4caa-9EA7-F77102DE0BB6} - C:\WINDOWS\system32\htwfflyo.dll (file missing)
    O2 - BHO: (no name) - {E1DADA05-3E74-43B0-B3CE-FC347DB7C76B} - C:\WINDOWS\system32\pmnlkih.dll (file missing)
    O4 - HKLM\..\Run: [NvMixerTray] C:\Program Files\NVIDIA Corporation\NvMixer\NvMixerTray.exe
    O4 - HKLM\..\Run: [SecureClean4RegManager] "C:\Program Files\WhiteCanyon\SecureClean 4\scregmanager4.exe"
    O4 - HKLM\..\Run: [SecureClean4Tray] "C:\Program Files\WhiteCanyon\SecureClean 4\sctray4.exe"
    O4 - HKLM\..\Run: [D-Link AirPlus XtremeG] G:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe
    O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
    O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
    O4 - HKLM\..\Run: [RoxioDragToDisc] "G:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
    O4 - HKLM\..\Run: [RoxioAudioCentral] "G:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "G:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Windows Defender] "G:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [SpyCatcher Reminder] "G:\Program Files\SpyCatcher 2006\SpyCatcher.exe" reminder
    O4 - HKLM\..\Run: [APVXDWIN] "G:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\APVXDWIN.EXE" /s
    O4 - HKCU\..\Run: [CursorXP] G:\Program Files\CursorXP\CursorXP.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Startup: Scheduler.lnk = G:\Program Files\SpyCatcher 2006\Scheduler daemon.exe
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
    O4 - Global Startup: SpyCatcher Protector.lnk = G:\Program Files\SpyCatcher 2006\Protector.exe
    O4 - Global Startup: VPN Client.lnk = ?
    O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
    O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
    O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O11 - Options group: [INTERNATIONAL] International*
    O15 - Trusted Zone: http://*.excite.com
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1121385835968
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
    O20 - AppInit_DLLs: interceptor.dll
    O20 - Winlogon Notify: avldr - C:\WINDOWS\SYSTEM32\avldr.dll
    O20 - Winlogon Notify: pmnlkih - pmnlkih.dll (file missing)
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - G:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: CachemanXP (CachemanXPService) - OuterTechnologies - G:\PROGRA~1\CACHEM~1\CachemanXP.exe
    O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
    O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    O23 - Service: Diskeeper - Executive Software International, Inc. - G:\Program Files\Diskeeper\DkService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - G:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\PavFnSvr.exe
    O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
    O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - G:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\pavsrv51.exe
    O23 - Service: Panda Network Manager (PNMSRV) - Panda Software International - g:\program files\panda software\panda antivirus + firewall 2007\firewall\PNMSRV.EXE
    O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software - G:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\PsImSvc.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
    O23 - Service: Sansa Updater Service (SansaService) - Unknown owner - G:\Program Files\SanDisk\Sansa Updater\SansaSvr.exe
    O23 - Service: SCWatch 4.0 - WhiteCanyon Inc. - C:\Program Files\WhiteCanyon\SecureClean 4\scwatch4.exe
    O23 - Service: Panda TPSrv (TPSrv) - Panda Software - G:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\TPSrv.exe
    O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
  3. 2007-04-18, 04:44 #3
    BWillia
    BWillia is offline
    Junior Member
    Join Date
    Apr 2007
    Location
    Delaware
    Posts
    21

    Default

    Sorry, forgot to post my VendoFix from above step.


    VundoFix V6.3.19

    Checking Java version...

    Java version is 1.5.0.6
    Old versions of java are exploitable and should be removed.

    Scan started at 8:35:22 PM 4/18/2007

    Listing files found while scanning....

    C:\WINDOWS\system32\rruvw.bak1
    C:\WINDOWS\system32\rruvw.ini
    C:\WINDOWS\system32\wvurr.dll

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\rruvw.bak1
    C:\WINDOWS\system32\rruvw.bak1 Has been deleted!

    Attempting to delete C:\WINDOWS\system32\rruvw.ini
    C:\WINDOWS\system32\rruvw.ini Has been deleted!

    Attempting to delete C:\WINDOWS\system32\wvurr.dll
    C:\WINDOWS\system32\wvurr.dll Could not be deleted.

    Performing Repairs to the registry.
    Done!

    Beginning removal...
  4. 2007-04-19, 16:24 #4
    pskelley
    pskelley is offline
    In Memoriam -Always in our heart pskelley's Avatar
    Join Date
    Oct 2005
    Location
    Clearwater, Florida
    Posts
    20,538

    Default

    Welcome to the forum, sometimes pro-active is good and other times it is not. Reading and following the directions is always good:"
    "BEFORE you POST" Mandatory Steps Before Requesting Assistance
    http://forums.spybot.info/showthread.php?t=288
    I don't know if you are following this information or not:
    http://forums.spybot.info/showthread.php?t=4394
    But let me give you a little information about this junk:
    Please understand these hackers can call there junk anything they wish. Vundofix may not know the files at first, but it will learn. You want to run the fix until you see all Vundo files say: "Has been deleted"
    Since there is a class action involving this one, you may want to view this information:
    http://www.networkworld.com/news/200...-unravels.html
    http://www.youtube.com/watch?v=zBUZHiKhsog

    One thing I know that can cause the fix problems is out of date Java programs, that can also get you the infections, see this:
    http://forums.spybot.info/showpost.p...80&postcount=2
    You are running an old version: Java version is 1.5.0.6
    Old versions of java are exploitable and should be removed.
    and the fix even told you that. Start by downloading the newest Java version and uninstall all old versions in add remove programs.

    Next, the fix needs time to learn the bad files and remove them. I have seen it take as many as six runs, once in a while it will not remove a file at all, but that is rare. Here is your issue, and you can also see it in your HJT log:
    Attempting to delete C:\WINDOWS\system32\wvurr.dll
    C:\WINDOWS\system32\wvurr.dll Could not be deleted.
    Until you kill it all it will morph and put itself back, nice stuff huh?
    Run the fix until it removes the junk, then post the Vundofix log and a new HJT log and I will see what is left to do.

    Thanks
    MS-MVP Consumer Security 2007-08-09
    Proud Member ASAP
    UNITE Member 2006
  5. 2007-04-19, 21:51 #5
    BWillia
    BWillia is offline
    Junior Member
    Join Date
    Apr 2007
    Location
    Delaware
    Posts
    21

    Default

    Hello pskelley,
    Thanks for responding to my request. I accept all punishments and beat-down's you may decide to throw upon me for not following all instructions and being too proactive.

    I'm at work now, but I'll post a latest HJT log and Vundofix log (I've ran Vundofix a few times since my last posting and it has come up empty) tonight. I used HJT to remove the wvurr.dll file (maybe a bad move), but I'm still getting the pop-ups.

    As I said, "Captain Pro-active" here will accept all verbal abuse and punishment you can dish out. Feel free to vent. Although this spyware was a royal pain, trying to fix it was kinda fun....could I be a junior security expert in training? (Yes, I hear the groans from Florida clear up here in Delaware).

    I'll post my results later tonight. Thanks again for your help with this.
  6. 2007-04-19, 21:52 #6
    BWillia
    BWillia is offline
    Junior Member
    Join Date
    Apr 2007
    Location
    Delaware
    Posts
    21

    Default

    P.S. I was afraid to keep posting HJT logs for fear of bumping...at least I read that part of the instructions properly.
  7. 2007-04-20, 00:09 #7
    BWillia
    BWillia is offline
    Junior Member
    Join Date
    Apr 2007
    Location
    Delaware
    Posts
    21

    Default

    VundoFix Log
    -------------

    VundoFix V6.3.19

    Checking Java version...

    Java version is 1.5.0.6
    Old versions of java are exploitable and should be removed.

    Scan started at 5:48:31 PM 4/20/2007

    Listing files found while scanning....

    No infected files were found.



    Hijack This Log:
    --------------
    Logfile of HijackThis v1.99.1
    Scan saved at 6:08:08 PM, on 4/20/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16414)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    G:\Program Files\Windows Defender\MsMpEng.exe
    G:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\pavsrv51.exe
    G:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\AVENGINE.EXE
    C:\WINDOWS\system32\svchost.exe
    G:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\TPSrv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    g:\program files\panda software\panda antivirus + firewall 2007\firewall\PNMSRV.EXE
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    G:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    G:\Program Files\Diskeeper\DkService.exe
    G:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\PavFnSvr.exe
    C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
    G:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\PsImSvc.exe
    G:\Program Files\SanDisk\Sansa Updater\SansaSvr.exe
    C:\Program Files\WhiteCanyon\SecureClean 4\scwatch4.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\Program Files\WhiteCanyon\SecureClean 4\scregmanager4.exe
    C:\Program Files\WhiteCanyon\SecureClean 4\sctray4.exe
    G:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe
    C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
    G:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
    G:\Program Files\Windows Defender\MSASCui.exe
    G:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\apvxdwin.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    g:\program files\panda software\panda antivirus + firewall 2007\WebProxy.exe
    C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
    C:\WINDOWS\system32\NOTEPAD.EXE
    G:\Program Files\Mozilla Firefox\firefox.exe
    G:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\psimreal.exe
    G:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\avciman.exe
    G:\Program Files\HijackThis\HJT.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.excite.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Brett's Microsoft Internet Explorer
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SpywareBlock Class - {0A87E45F-537A-40B4-B812-E2544C21A09F} - G:\Program Files\SpyCatcher 2006\SCActiveBlock.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O4 - HKLM\..\Run: [NvMixerTray] C:\Program Files\NVIDIA Corporation\NvMixer\NvMixerTray.exe
    O4 - HKLM\..\Run: [SecureClean4RegManager] "C:\Program Files\WhiteCanyon\SecureClean 4\scregmanager4.exe"
    O4 - HKLM\..\Run: [SecureClean4Tray] "C:\Program Files\WhiteCanyon\SecureClean 4\sctray4.exe"
    O4 - HKLM\..\Run: [D-Link AirPlus XtremeG] G:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe
    O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
    O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
    O4 - HKLM\..\Run: [RoxioDragToDisc] "G:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
    O4 - HKLM\..\Run: [RoxioAudioCentral] "G:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "G:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Windows Defender] "G:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [SpyCatcher Reminder] "G:\Program Files\SpyCatcher 2006\SpyCatcher.exe" reminder
    O4 - HKLM\..\Run: [APVXDWIN] "G:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\APVXDWIN.EXE" /s
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKCU\..\Run: [CursorXP] G:\Program Files\CursorXP\CursorXP.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Startup: Scheduler.lnk = G:\Program Files\SpyCatcher 2006\Scheduler daemon.exe
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
    O4 - Global Startup: SpyCatcher Protector.lnk = G:\Program Files\SpyCatcher 2006\Protector.exe
    O4 - Global Startup: VPN Client.lnk = ?
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O11 - Options group: [INTERNATIONAL] International*
    O15 - Trusted Zone: http://*.excite.com
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1121385835968
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
    O20 - AppInit_DLLs: interceptor.dll
    O20 - Winlogon Notify: avldr - C:\WINDOWS\SYSTEM32\avldr.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - G:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: CachemanXP (CachemanXPService) - OuterTechnologies - G:\PROGRA~1\CACHEM~1\CachemanXP.exe
    O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    O23 - Service: Diskeeper - Executive Software International, Inc. - G:\Program Files\Diskeeper\DkService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - G:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\PavFnSvr.exe
    O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
    O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - G:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\pavsrv51.exe
    O23 - Service: Panda Network Manager (PNMSRV) - Panda Software International - g:\program files\panda software\panda antivirus + firewall 2007\firewall\PNMSRV.EXE
    O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software - G:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\PsImSvc.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
    O23 - Service: Sansa Updater Service (SansaService) - Unknown owner - G:\Program Files\SanDisk\Sansa Updater\SansaSvr.exe
    O23 - Service: SCWatch 4.0 - WhiteCanyon Inc. - C:\Program Files\WhiteCanyon\SecureClean 4\scwatch4.exe
    O23 - Service: Panda TPSrv (TPSrv) - Panda Software - G:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\TPSrv.exe
    O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
  8. 2007-04-20, 00:13 #8
    BWillia
    BWillia is offline
    Junior Member
    Join Date
    Apr 2007
    Location
    Delaware
    Posts
    21

    Default

    Also if it helps here's a log from running the online Panda Antivirus scan last night (nothing has been messed with on my system since then):


    Incident Status Location

    Adware:Adware/Lop Not disinfected C:\Documents and Settings\Daddy\Application Data\jugskindmags\once style.exe
    Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Daddy\Cookies\daddy@hitbox[2].txt
    Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Daddy\Desktop\SmitfraudFix\Process.exe
  9. 2007-04-20, 02:01 #9
    pskelley
    pskelley is offline
    In Memoriam -Always in our heart pskelley's Avatar
    Join Date
    Oct 2005
    Location
    Clearwater, Florida
    Posts
    20,538

    Default

    Thanks for returning the information, I am still showing this:
    Java version is 1.5.0.6
    Old versions of java are exploitable and should be removed.
    If you have not removed the old versions of Java, please uninstall them in Add Remove programs.

    I do not see LOP/C2 Media in your log: http://inetexplorer.mvps.org/data/lop.htm
    Adware:Adware/Lop Not disinfected C:\Documents and Settings\Daddy\Application Data\jugskindmags\ <<< Delete that folder
    Navigate to the folder in red and delete it!!

    C:\Documents and Settings\Daddy\Desktop\SmitfraudFix\ <<< delete that folder in red

    G:\Program Files\Grisoft\AVG Anti-Spyware 7.5\ <<< follow the instructions in this link to run that program, delete or quarantine anything it finds and post the scan report.
    http://forums.security-central.us/showthread.php?t=3165

    Post the AVG Anti-Spyware scan results and let me know how the computer is running.

    Do you own this program? G:\Program Files\SpyCatcher 2006\SpyCatcher.exe

    O15 - Trusted Zone: http://*.excite.com <<< are you sure that belongs in your "Trusted Zone"?

    Thanks
    MS-MVP Consumer Security 2007-08-09
    Proud Member ASAP
    UNITE Member 2006
  10. 2007-04-20, 04:17 #10
    BWillia
    BWillia is offline
    Junior Member
    Join Date
    Apr 2007
    Location
    Delaware
    Posts
    21

    Default

    Thanks. Dunno what happened with the Java Update...no other versions were showing in my add/remove programs (I had removed 2 other versions before updating to environment 6 update 1 which I verified on JAVA's site.) I uninstalled it, then reinstalled it again and verified it on JAVA's web site. However, running VundoFix STILL shows an old version even after rebooting:

    ---------------------------------------
    VundoFix V6.3.19

    Checking Java version...

    Java version is 1.5.0.6
    Old versions of java are exploitable and should be removed.

    Scan started at 9:10:46 PM 4/20/2007

    Listing files found while scanning....

    No infected files were found.


    ---------------------------------------

    I double checked my add/remove programs and still don't see any versions of Java except the environment 6, update 1 version. I'm really miffed on this one.


    - I can't seem to delete the jugskindmags directory. When I try, I get a message which says "Cannot Delete...The directory is not empty." When I open it, I don't see any files inside and I do have the Tools-->Folder Options-->Show hidden files and folders checked.

    - Successfully deleted the SmitfraudFix folder.

    - AVG Results:

    ---------------------------------------------------------
    AVG Anti-Spyware - Scan Report
    ---------------------------------------------------------

    + Created at: 10:16:03 PM 4/20/2007

    + Scan result:



    G:\System Volume Information\_restore{B1BB2BF4-6A2B-4968-9528-9576A73B9521}\RP480\A0179605.exe -> Adware.RegistryDoc : Cleaned.
    C:\Documents and Settings\Daddy\Cookies\daddy@cartoonnetwork.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
    C:\Documents and Settings\Daddy\Cookies\daddy@arn.aavalue[2].txt -> TrackingCookie.Aavalue : Cleaned.
    C:\Documents and Settings\Daddy\Cookies\daddy@getmusicfree.aavalue[2].txt -> TrackingCookie.Aavalue : Cleaned.
    :mozilla.12:C:\Documents and Settings\Daddy\Application Data\Mozilla\Firefox\Profiles\default.3sr\cookies-1.txt -> TrackingCookie.Cpvfeed : Cleaned.
    :mozilla.6:C:\Documents and Settings\Daddy\Application Data\Mozilla\Firefox\Profiles\default.3sr\cookies-1.txt -> TrackingCookie.Cpvfeed : Cleaned.
    :mozilla.7:C:\Documents and Settings\Daddy\Application Data\Mozilla\Firefox\Profiles\default.3sr\cookies-1.txt -> TrackingCookie.Cpvfeed : Cleaned.
    :mozilla.8:C:\Documents and Settings\Daddy\Application Data\Mozilla\Firefox\Profiles\default.3sr\cookies-1.txt -> TrackingCookie.Cpvfeed : Cleaned.
    C:\Documents and Settings\Daddy\Cookies\daddy@cpvfeed[1].txt -> TrackingCookie.Cpvfeed : Cleaned.
    :mozilla.11:C:\Documents and Settings\Daddy\Application Data\Mozilla\Firefox\Profiles\default.3sr\cookies-1.txt -> TrackingCookie.Hitbox : Cleaned.
    :mozilla.14:C:\Documents and Settings\Daddy\Application Data\Mozilla\Firefox\Profiles\default.3sr\cookies.txt -> TrackingCookie.Revsci : Cleaned.
    :mozilla.15:C:\Documents and Settings\Daddy\Application Data\Mozilla\Firefox\Profiles\default.3sr\cookies.txt -> TrackingCookie.Revsci : Cleaned.
    :mozilla.22:C:\Documents and Settings\Daddy\Application Data\Mozilla\Firefox\Profiles\default.3sr\cookies-1.txt -> TrackingCookie.Revsci : Cleaned.
    :mozilla.23:C:\Documents and Settings\Daddy\Application Data\Mozilla\Firefox\Profiles\default.3sr\cookies-1.txt -> TrackingCookie.Revsci : Cleaned.
    C:\Documents and Settings\Daddy\Cookies\daddy@revsci[2].txt -> TrackingCookie.Revsci : Cleaned.


    ::Report end



    - Spycatcher 2006 was an application I downloaded from tenebril.com. I can uninstall it if need be.

    - The http://*.excite.com in the trusted zone was something or other I had used awhile ago to allow me to login to excite's internet mail (had to have it for something which I can't remember now). We can remove it as it's no longer needed.

    Thanks again for your help.
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules