Page 2 of 3 FirstFirst 123 LastLast
Results 11 to 20 of 23

Thread: CoolWWWSearch.Feat2Installer Keeps coming back

  1. 2006-04-08, 23:22 #11
    jay hulka
    jay hulka is offline
    Junior Member
    Join Date
    Mar 2006
    Posts
    16

    Default

    Thanks once again. I have done as you suggested, and have posted the fresh hijackthis log. As you will see...those pesky 02, 04 items keep coming back. I also submitted files to virustotal as requested. I keep getting "web crawler" and "way to find" pop ups, among other ones. It happens for a while, then stops and I can stay online and not get popups...wierd, huh? Anyway, here is the log:

    Logfile of HijackThis v1.99.1
    Scan saved at 5:18:54 PM, on 4/8/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\WINDOWS\system32\cisvc.exe
    C:\WINDOWS\system32\hramebe.exe
    C:\WINDOWS\system32\hribycb.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.apple.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.insightbb.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Insight Broadband
    O1 - Hosts: 17.250.248.77 idisk0.mac.com idisk1.mac.com idisk2.mac.com idisk3.mac.com idisk4.mac.com idisk5.mac.com idisk6.mac.com idisk7.mac.com idisk8.mac.com idisk9.mac.com idisk10.mac.com idisk11.mac.com idisk12.mac.com idisk13.mac.com idisk14.mac.com idisk15.mac.com idisk16.mac.com idisk17.mac.com idisk18.mac.com idisk19.mac.com idisk20.mac.com idisk21.mac.com idisk22.mac.com idisk23.mac.com idisk24.mac.com idisk25.mac.com
    O2 - BHO: SDWin32 Class - {28308351-8788-4C11-BE17-0D4E7A1977C9} - C:\WINDOWS\system32\sxful.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [SAClient] "C:\Program Files\Insight\BBClient\Programs\RegCon.exe" /admincheck
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [guarnset] C:\WINDOWS\system32\guarnset.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O14 - IERESET.INF: START_PAGE_URL=http://www.insightbb.com
    O16 - DPF: Helper - https://www.ubspwmobile.com/CWM/helper.cab
    O16 - DPF: Java Mainframe Display (MFD) - https://www.wm-mobile.ubs.com/W2H/w2h/applet/wdmfd.cab
    O16 - DPF: PCGMC Client - https://www.wm-mobile.ubs.com/PCGMC/PCGMCClient.CAB
    O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
    O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
    O16 - DPF: {10DB6D21-8915-11D2-8E3A-006008D1E01C} (Reuters Plus - Web 1.6.1.12) - https://www.ubspwmobile.com/md/jnavigator.cab
    O16 - DPF: {138A4B11-6BBA-4EF3-B333-0515F67729DB} (Reuters PlusWeb Agent Java Classes - 1.6.0.33) - https://www.wm-mobile.ubs.com/md/pluswebagentjava.cab
    O16 - DPF: {18D29F69-AD28-450E-8EC4-AD3F8632D4FE} (qqagent Class) - https://www.wm-mobile.ubs.com/md/pluswebagent.cab
    O16 - DPF: {24F7A9CC-4EEB-49A7-8592-95E66A7C24A8} (Java ScrollingHeadlines Widget - 1.0.1.8) - https://www.wm-mobile.ubs.com/md/cla...ava/shdown.cab
    O16 - DPF: {2FCFDAB1-F134-11D2-97C6-00104B659322} (Java Monitor - 1.0.3.11) - https://www.wm-mobile.ubs.com/md/cla...nclassdown.cab
    O16 - DPF: {3005838E-2A00-11D2-B701-006008D1E01C} (webctl Class) - https://www.ubspwmobile.com/md/Navigator.cab
    O16 - DPF: {3D5F4B42-A6AD-4F31-BC6B-C4BA6AAEF08B} (Reuters PlusWeb Excel Macro 1,5,0,9) - https://www.ubspwmobile.com/md/plugi...obil/excel.cab
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1093137400467
    O16 - DPF: {766190C9-CF9B-11D5-92EA-00805FC7E991} (Java MarketAtGlance - 1.0.0.9) - https://www.wm-mobile.ubs.com/md/cla...yncompdown.cab
    O16 - DPF: {77E94DB3-EF12-40BE-9AC5-96E2A140900E} (Java jExit - 1.0.0.4) - https://www.ubspwmobile.com/md/jexitdown.cab
    O16 - DPF: {7B70A888-E8AC-4757-B454-766DA6B0B761} (Reuters PlusWeb Excel PreCheck 1,5,0,1) - https://www.ubspwmobile.com/md/plugi...l/precheck.cab
    O16 - DPF: {89F7D494-DA30-4207-9318-49D6E60BD805} (Reuters Webchart Class) - https://www.wm-mobile.ubs.com/md/webchart.cab
    O16 - DPF: {93972343-C012-11D4-A8E1-0060976A74AE} (Java Quote Widget - 1.1.6.11) - https://www.wm-mobile.ubs.com/md/cla...jquotedown.cab
    O16 - DPF: {B5C6E4C0-F9DB-11D2-B126-00104B0EB7AE} (Java Dialogs - 1.6.1.6) - https://www.wm-mobile.ubs.com/md/cla...ialogsdown.cab
    O16 - DPF: {C0966447-1276-46EF-A5BB-1D5BCB6E8935} (PWSweep Class) - https://www.ubspwmobile.com/CWM/pluswebsweeper.cab
    O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
    O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
    O16 - DPF: {D439B6E0-1838-11D2-A461-00A0C968EE5F} (Java QQagent - 1.0.6.05) - https://www.wm-mobile.ubs.com/md/cla...qagentdown.cab
    O16 - DPF: {E041DA00-21AF-11D2-A465-00A0C968EE5F} (Java MLSOFT package) - https://www.ubspwmobile.com/md/class...mlsoftdown.cab
    O16 - DPF: {F436C877-B085-4871-BADD-D23A6E630581} (Reuters PlusWeb Versions - 1,6,0,22) - https://www.wm-mobile.ubs.com/md/pluswebverdown.cab
    O16 - DPF: {F822CC94-9D2F-4914-9CBB-8FBB9EDB1BF0} (PWAgent Class) - https://www.wm-mobile.ubs.com/md/pwagentclient.cab
    O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/...ampx_en_dl.cab
    O16 - DPF: {FF2B96CA-23B8-4B6F-8B90-873770F0D537} (PlusWebLocator Class) - https://www.ubspwmobile.com/md/plusweblocator.cab
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: hdiceai - Unknown owner - C:\WINDOWS\system32\hdiceai.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
  2. 2006-04-09, 01:04 #12
    LonnyRJones
    LonnyRJones is offline
    Security Expert-Emeritus
    Join Date
    Oct 2005
    Posts
    5,025

    Default

    What did virus total say about them ?

    Download Pocket Killbox to the desktop
    http://www.downloads.subratam.org/KillBox.exe
    If you already have killbox what version is it ?
    Start Killbox place a tick next to [x]Delete on reboot Press the ALL Files button
    Copy this whole list into the windows clipboard, all the Bolded below.

    C:\WINDOWS\system32\hramebe.exe
    C:\WINDOWS\system32\hribycb.exe
    C:\WINDOWS\system32\sxful.dll
    C:\WINDOWS\system32\guarnset.exe


    Back in Killbox go > file > paste from clipboard,
    Click the red highlighted X button and say yes to the prompt to restart the pc.

    Post back with a new HJT log
  3. 2006-04-09, 19:10 #13
    jay hulka
    jay hulka is offline
    Junior Member
    Join Date
    Mar 2006
    Posts
    16

    Default

    And again thanks! I did not have Killbox and therefore downloaded and followed your instructions. I have also posted what virustotal said of the two files along with a fresh hijackthis log. Thanks again! So far, no pop ups.

    Results of a file scan
    This is a report processed by VirusTotal on 04/08/2006 at 23:18:14 (CET) after scanning the file "hramebe.exe" file.
    Antivirus Version Update Result
    AntiVir 6.34.0.24 04.08.2006 TR/Painwin.A.8
    Avast 4.6.695.0 04.03.2006 Win32:Adware-gen.
    AVG 386 04.08.2006 Adware Generic.AUQ
    Avira 6.34.0.56 04.08.2006 TR/Painwin.A.8
    BitDefender 7.2 04.08.2006 Application.Bho.Adlogix.D
    CAT-QuickHeal 8.00 04.06.2006 Trojan.Painwin.a
    ClamAV devel-20060202 04.08.2006 no virus found
    DrWeb 4.33 04.08.2006 no virus found
    eTrust-InoculateIT 23.71.123 04.07.2006 no virus found
    eTrust-Vet 12.4.2153 04.07.2006 no virus found
    Ewido 3.5 04.08.2006 Trojan.Painwin.a
    Fortinet 2.71.0.0 04.08.2006 W32/Painwin.A-tr
    F-Prot 3.16c 04.07.2006 no virus found
    Ikarus 0.2.59.0 04.07.2006 Trojan.Win32.Painwin.A
    Kaspersky 4.0.2.24 04.08.2006 Trojan.Win32.Painwin.a
    McAfee 4736 04.07.2006 potentially unwanted program Adware-Adlog
    NOD32v2 1.1477 04.08.2006 no virus found
    Norman 5.90.15 04.07.2006 W32/Painwin.F
    Panda 9.0.0.4 04.08.2006 Adware/AdLogix
    Sophos 4.04.0 04.08.2006 no virus found
    Symantec 8.0 04.08.2006 no virus found
    TheHacker 5.9.7.126 04.07.2006 Trojan/Painwin.a
    UNA 1.83 04.07.2006 Trojan.Win32.Painwin
    VBA32 3.10.5 04.07.2006 Trojan.Win32.Painwin.a

    Results of a file scan
    This is a report processed by VirusTotal on 04/08/2006 at 23:20:28 (CET) after scanning the file "hribycb.exe" file.
    Antivirus Version Update Result
    AntiVir 6.34.0.24 04.08.2006 TR/Painwin.A.7
    Avast 4.6.695.0 04.03.2006 Win32:Adware-gen.
    AVG 386 04.08.2006 Adware Generic.AUP
    Avira 6.34.0.56 04.08.2006 TR/Painwin.A.7
    BitDefender 7.2 04.08.2006 Application.Bho.Adlogix.B
    CAT-QuickHeal 8.00 04.06.2006 Trojan.Painwin.a
    ClamAV devel-20060202 04.08.2006 no virus found
    DrWeb 4.33 04.08.2006 Trojan.DownLoader.7012
    eTrust-InoculateIT 23.71.123 04.07.2006 no virus found
    eTrust-Vet 12.4.2153 04.07.2006 no virus found
    Ewido 3.5 04.08.2006 Trojan.Painwin.a
    Fortinet 2.71.0.0 04.08.2006 W32/Painwin.A-tr
    F-Prot 3.16c 04.07.2006 no virus found
    Ikarus 0.2.59.0 04.07.2006 Trojan.Win32.Painwin.A
    Kaspersky 4.0.2.24 04.08.2006 Trojan.Win32.Painwin.a
    McAfee 4736 04.07.2006 potentially unwanted program Adware-Adlog
    NOD32v2 1.1477 04.08.2006 no virus found
    Norman 5.90.15 04.07.2006 W32/Painwin.E
    Panda 9.0.0.4 04.08.2006 Adware/AdLogix
    Sophos 4.04.0 04.08.2006 no virus found
    Symantec 8.0 04.08.2006 no virus found
    TheHacker 5.9.7.126 04.07.2006 Trojan/Painwin.a
    UNA 1.83 04.07.2006 Trojan.Win32.Painwin
    VBA32 3.10.5 04.07.2006 Trojan.Win32.Painwin.a

    Logfile of HijackThis v1.99.1
    Scan saved at 1:07:00 PM, on 4/9/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\system32\cisvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.apple.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.insightbb.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Insight Broadband
    O1 - Hosts: 17.250.248.77 idisk0.mac.com idisk1.mac.com idisk2.mac.com idisk3.mac.com idisk4.mac.com idisk5.mac.com idisk6.mac.com idisk7.mac.com idisk8.mac.com idisk9.mac.com idisk10.mac.com idisk11.mac.com idisk12.mac.com idisk13.mac.com idisk14.mac.com idisk15.mac.com idisk16.mac.com idisk17.mac.com idisk18.mac.com idisk19.mac.com idisk20.mac.com idisk21.mac.com idisk22.mac.com idisk23.mac.com idisk24.mac.com idisk25.mac.com
    O2 - BHO: SDWin32 Class - {28308351-8788-4C11-BE17-0D4E7A1977C9} - C:\WINDOWS\system32\sxful.dll (file missing)
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [SAClient] "C:\Program Files\Insight\BBClient\Programs\RegCon.exe" /admincheck
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O14 - IERESET.INF: START_PAGE_URL=http://www.insightbb.com
    O16 - DPF: Helper - https://www.ubspwmobile.com/CWM/helper.cab
    O16 - DPF: Java Mainframe Display (MFD) - https://www.wm-mobile.ubs.com/W2H/w2h/applet/wdmfd.cab
    O16 - DPF: PCGMC Client - https://www.wm-mobile.ubs.com/PCGMC/PCGMCClient.CAB
    O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
    O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
    O16 - DPF: {10DB6D21-8915-11D2-8E3A-006008D1E01C} (Reuters Plus - Web 1.6.1.12) - https://www.ubspwmobile.com/md/jnavigator.cab
    O16 - DPF: {138A4B11-6BBA-4EF3-B333-0515F67729DB} (Reuters PlusWeb Agent Java Classes - 1.6.0.33) - https://www.wm-mobile.ubs.com/md/pluswebagentjava.cab
    O16 - DPF: {18D29F69-AD28-450E-8EC4-AD3F8632D4FE} (qqagent Class) - https://www.wm-mobile.ubs.com/md/pluswebagent.cab
    O16 - DPF: {24F7A9CC-4EEB-49A7-8592-95E66A7C24A8} (Java ScrollingHeadlines Widget - 1.0.1.8) - https://www.wm-mobile.ubs.com/md/cla...ava/shdown.cab
    O16 - DPF: {2FCFDAB1-F134-11D2-97C6-00104B659322} (Java Monitor - 1.0.3.11) - https://www.wm-mobile.ubs.com/md/cla...nclassdown.cab
    O16 - DPF: {3005838E-2A00-11D2-B701-006008D1E01C} (webctl Class) - https://www.ubspwmobile.com/md/Navigator.cab
    O16 - DPF: {3D5F4B42-A6AD-4F31-BC6B-C4BA6AAEF08B} (Reuters PlusWeb Excel Macro 1,5,0,9) - https://www.ubspwmobile.com/md/plugi...obil/excel.cab
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1093137400467
    O16 - DPF: {766190C9-CF9B-11D5-92EA-00805FC7E991} (Java MarketAtGlance - 1.0.0.9) - https://www.wm-mobile.ubs.com/md/cla...yncompdown.cab
    O16 - DPF: {77E94DB3-EF12-40BE-9AC5-96E2A140900E} (Java jExit - 1.0.0.4) - https://www.ubspwmobile.com/md/jexitdown.cab
    O16 - DPF: {7B70A888-E8AC-4757-B454-766DA6B0B761} (Reuters PlusWeb Excel PreCheck 1,5,0,1) - https://www.ubspwmobile.com/md/plugi...l/precheck.cab
    O16 - DPF: {89F7D494-DA30-4207-9318-49D6E60BD805} (Reuters Webchart Class) - https://www.wm-mobile.ubs.com/md/webchart.cab
    O16 - DPF: {93972343-C012-11D4-A8E1-0060976A74AE} (Java Quote Widget - 1.1.6.11) - https://www.wm-mobile.ubs.com/md/cla...jquotedown.cab
    O16 - DPF: {B5C6E4C0-F9DB-11D2-B126-00104B0EB7AE} (Java Dialogs - 1.6.1.6) - https://www.wm-mobile.ubs.com/md/cla...ialogsdown.cab
    O16 - DPF: {C0966447-1276-46EF-A5BB-1D5BCB6E8935} (PWSweep Class) - https://www.ubspwmobile.com/CWM/pluswebsweeper.cab
    O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
    O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
    O16 - DPF: {D439B6E0-1838-11D2-A461-00A0C968EE5F} (Java QQagent - 1.0.6.05) - https://www.wm-mobile.ubs.com/md/cla...qagentdown.cab
    O16 - DPF: {E041DA00-21AF-11D2-A465-00A0C968EE5F} (Java MLSOFT package) - https://www.ubspwmobile.com/md/class...mlsoftdown.cab
    O16 - DPF: {F436C877-B085-4871-BADD-D23A6E630581} (Reuters PlusWeb Versions - 1,6,0,22) - https://www.wm-mobile.ubs.com/md/pluswebverdown.cab
    O16 - DPF: {F822CC94-9D2F-4914-9CBB-8FBB9EDB1BF0} (PWAgent Class) - https://www.wm-mobile.ubs.com/md/pwagentclient.cab
    O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/...ampx_en_dl.cab
    O16 - DPF: {FF2B96CA-23B8-4B6F-8B90-873770F0D537} (PlusWebLocator Class) - https://www.ubspwmobile.com/md/plusweblocator.cab
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: hdiceai - Unknown owner - C:\WINDOWS\system32\hdiceai.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
  4. 2006-04-09, 19:18 #14
    jay hulka
    jay hulka is offline
    Junior Member
    Join Date
    Mar 2006
    Posts
    16

    Default by the way

    Also, I "fixed" the 02 missing file in the hijackthis log above, rebooted and ran another fresh hijackthis log. It seems as though the entries are finally gone, and I am no longer having popups. Thanks so much for all of your help. If there is anything else I should do (other than make a donation to spybot), please let me know. Regards,
    Jay

    Logfile of HijackThis v1.99.1
    Scan saved at 1:13:40 PM, on 4/9/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\WINDOWS\system32\cisvc.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\System32\svchost.exe
    C:\hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.apple.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.insightbb.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Insight Broadband
    O1 - Hosts: 17.250.248.77 idisk0.mac.com idisk1.mac.com idisk2.mac.com idisk3.mac.com idisk4.mac.com idisk5.mac.com idisk6.mac.com idisk7.mac.com idisk8.mac.com idisk9.mac.com idisk10.mac.com idisk11.mac.com idisk12.mac.com idisk13.mac.com idisk14.mac.com idisk15.mac.com idisk16.mac.com idisk17.mac.com idisk18.mac.com idisk19.mac.com idisk20.mac.com idisk21.mac.com idisk22.mac.com idisk23.mac.com idisk24.mac.com idisk25.mac.com
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [SAClient] "C:\Program Files\Insight\BBClient\Programs\RegCon.exe" /admincheck
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O14 - IERESET.INF: START_PAGE_URL=http://www.insightbb.com
    O16 - DPF: Helper - https://www.ubspwmobile.com/CWM/helper.cab
    O16 - DPF: Java Mainframe Display (MFD) - https://www.wm-mobile.ubs.com/W2H/w2h/applet/wdmfd.cab
    O16 - DPF: PCGMC Client - https://www.wm-mobile.ubs.com/PCGMC/PCGMCClient.CAB
    O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
    O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
    O16 - DPF: {10DB6D21-8915-11D2-8E3A-006008D1E01C} (Reuters Plus - Web 1.6.1.12) - https://www.ubspwmobile.com/md/jnavigator.cab
    O16 - DPF: {138A4B11-6BBA-4EF3-B333-0515F67729DB} (Reuters PlusWeb Agent Java Classes - 1.6.0.33) - https://www.wm-mobile.ubs.com/md/pluswebagentjava.cab
    O16 - DPF: {18D29F69-AD28-450E-8EC4-AD3F8632D4FE} (qqagent Class) - https://www.wm-mobile.ubs.com/md/pluswebagent.cab
    O16 - DPF: {24F7A9CC-4EEB-49A7-8592-95E66A7C24A8} (Java ScrollingHeadlines Widget - 1.0.1.8) - https://www.wm-mobile.ubs.com/md/cla...ava/shdown.cab
    O16 - DPF: {2FCFDAB1-F134-11D2-97C6-00104B659322} (Java Monitor - 1.0.3.11) - https://www.wm-mobile.ubs.com/md/cla...nclassdown.cab
    O16 - DPF: {3005838E-2A00-11D2-B701-006008D1E01C} (webctl Class) - https://www.ubspwmobile.com/md/Navigator.cab
    O16 - DPF: {3D5F4B42-A6AD-4F31-BC6B-C4BA6AAEF08B} (Reuters PlusWeb Excel Macro 1,5,0,9) - https://www.ubspwmobile.com/md/plugi...obil/excel.cab
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1093137400467
    O16 - DPF: {766190C9-CF9B-11D5-92EA-00805FC7E991} (Java MarketAtGlance - 1.0.0.9) - https://www.wm-mobile.ubs.com/md/cla...yncompdown.cab
    O16 - DPF: {77E94DB3-EF12-40BE-9AC5-96E2A140900E} (Java jExit - 1.0.0.4) - https://www.ubspwmobile.com/md/jexitdown.cab
    O16 - DPF: {7B70A888-E8AC-4757-B454-766DA6B0B761} (Reuters PlusWeb Excel PreCheck 1,5,0,1) - https://www.ubspwmobile.com/md/plugi...l/precheck.cab
    O16 - DPF: {89F7D494-DA30-4207-9318-49D6E60BD805} (Reuters Webchart Class) - https://www.wm-mobile.ubs.com/md/webchart.cab
    O16 - DPF: {93972343-C012-11D4-A8E1-0060976A74AE} (Java Quote Widget - 1.1.6.11) - https://www.wm-mobile.ubs.com/md/cla...jquotedown.cab
    O16 - DPF: {B5C6E4C0-F9DB-11D2-B126-00104B0EB7AE} (Java Dialogs - 1.6.1.6) - https://www.wm-mobile.ubs.com/md/cla...ialogsdown.cab
    O16 - DPF: {C0966447-1276-46EF-A5BB-1D5BCB6E8935} (PWSweep Class) - https://www.ubspwmobile.com/CWM/pluswebsweeper.cab
    O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
    O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
    O16 - DPF: {D439B6E0-1838-11D2-A461-00A0C968EE5F} (Java QQagent - 1.0.6.05) - https://www.wm-mobile.ubs.com/md/cla...qagentdown.cab
    O16 - DPF: {E041DA00-21AF-11D2-A465-00A0C968EE5F} (Java MLSOFT package) - https://www.ubspwmobile.com/md/class...mlsoftdown.cab
    O16 - DPF: {F436C877-B085-4871-BADD-D23A6E630581} (Reuters PlusWeb Versions - 1,6,0,22) - https://www.wm-mobile.ubs.com/md/pluswebverdown.cab
    O16 - DPF: {F822CC94-9D2F-4914-9CBB-8FBB9EDB1BF0} (PWAgent Class) - https://www.wm-mobile.ubs.com/md/pwagentclient.cab
    O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/...ampx_en_dl.cab
    O16 - DPF: {FF2B96CA-23B8-4B6F-8B90-873770F0D537} (PlusWebLocator Class) - https://www.ubspwmobile.com/md/plusweblocator.cab
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: hdiceai - Unknown owner - C:\WINDOWS\system32\hdiceai.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
  5. 2006-04-09, 23:14 #15
    LonnyRJones
    LonnyRJones is offline
    Security Expert-Emeritus
    Join Date
    Oct 2005
    Posts
    5,025

    Default

    Open a command prompt (start run type cmd press enter) type
    sc delete hdiceai
    press enter, type exit and press enter to exit the command prompt

    Install SpywareBlaster (By JavaCool): http://www.javacoolsoftware.com/spywareblaster.html

    Ewido
    Please download Ewido AntiMalware
    Install Ewido AntiMalware
    http://www.ewido.net/en/download/
    Launch Ewido, there should be an icon on your desktop, double-click it.
    The program will now open to the main screen.
    You will need to update Ewido to the latest definition files.
    On the left hand side of the main screen click update.
    Then click on Start Update.
    The update will start and a progress bar will show the updates being installed.
    (the status bar at the bottom will display "Update successful")
    Note: Your firewall may say "Antimalware wants to access the internet" It may not say Ewido.

    If you are having problems with the updater, you can use this link to manually update Ewido.
    Ewido manual updates
    http://www.ewido.net/en/download/updates/

    When the trial runs out you can continue to use the program but without its resident protection.


    Click on scanner.
    Click on Complete System Scan and the scan will begin.
    If Ewido finds anything, it will pop up a notification. You can select "remove" and check the boxes "Perform action with all infections" and "Create encrypted backup" before clicking on OK.
    Once the scan has completed, there will be a button located on the bottom of the screen named Save report
    Click Save report.
    Ewido automatically saves the report here on every scan:
    (default program installation folder)
    C:\Program Files\ewido\security suite\Reports

    Now close Ewido AntiMalware and post that report
  6. 2006-04-10, 05:47 #16
    jay hulka
    jay hulka is offline
    Junior Member
    Join Date
    Mar 2006
    Posts
    16

    Default Yes!!

    Lonny,
    I followed all of your instructions and have posted the Ewido report below. A quick run of spybot and hijackthis after reboot does not find the Feat2Installer anymore. Thank you so much for freeing my computer and putting it back to normal. You guys are the best! Here is the log in two posts:

    ---------------------------------------------------------
    ewido anti-malware - Scan report
    ---------------------------------------------------------

    + Created on: 7:04:50 PM, 4/9/2006
    + Report-Checksum: 35C08F08

    + Scan result:

    HKLM\SOFTWARE\Classes\CLSID\{39C78B50-7E98-4aa0-B007-D83114EA6E0F} -> Adware.Generic : Cleaned with backup
    HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{39C78B50-7E98-4AA0-B007-D83114EA6E0F} -> Adware.Generic : Cleaned with backup
    HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{39C78B50-7E98-4AA0-B007-D83114EA6E0F} -> Adware.Generic : Cleaned with backup
    C:\!KillBox\hramebe.exe -> Trojan.Painwin.a : Cleaned with backup
    C:\!KillBox\hribycb.exe -> Trojan.Painwin.a : Cleaned with backup
    C:\!KillBox\sxful.dll -> Adware.Adstart : Cleaned with backup
    :mozilla.20:C:\Documents and Settings\John Hulcher\Application Data\Mozilla\Firefox\Profiles\kt3e04mm.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup
    :mozilla.21:C:\Documents and Settings\John Hulcher\Application Data\Mozilla\Firefox\Profiles\kt3e04mm.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup
    :mozilla.22:C:\Documents and Settings\John Hulcher\Application Data\Mozilla\Firefox\Profiles\kt3e04mm.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
    :mozilla.23:C:\Documents and Settings\John Hulcher\Application Data\Mozilla\Firefox\Profiles\kt3e04mm.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
    :mozilla.24:C:\Documents and Settings\John Hulcher\Application Data\Mozilla\Firefox\Profiles\kt3e04mm.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
    :mozilla.25:C:\Documents and Settings\John Hulcher\Application Data\Mozilla\Firefox\Profiles\kt3e04mm.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
    :mozilla.26:C:\Documents and Settings\John Hulcher\Application Data\Mozilla\Firefox\Profiles\kt3e04mm.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
    :mozilla.27:C:\Documents and Settings\John Hulcher\Application Data\Mozilla\Firefox\Profiles\kt3e04mm.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
    :mozilla.28:C:\Documents and Settings\John Hulcher\Application Data\Mozilla\Firefox\Profiles\kt3e04mm.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
    :mozilla.29:C:\Documents and Settings\John Hulcher\Application Data\Mozilla\Firefox\Profiles\kt3e04mm.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
    :mozilla.30:C:\Documents and Settings\John Hulcher\Application Data\Mozilla\Firefox\Profiles\kt3e04mm.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
    :mozilla.31:C:\Documents and Settings\John Hulcher\Application Data\Mozilla\Firefox\Profiles\kt3e04mm.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
    :mozilla.32:C:\Documents and Settings\John Hulcher\Application Data\Mozilla\Firefox\Profiles\kt3e04mm.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
    :mozilla.33:C:\Documents and Settings\John Hulcher\Application Data\Mozilla\Firefox\Profiles\kt3e04mm.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
    :mozilla.34:C:\Documents and Settings\John Hulcher\Application Data\Mozilla\Firefox\Profiles\kt3e04mm.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
    :mozilla.35:C:\Documents and Settings\John Hulcher\Application Data\Mozilla\Firefox\Profiles\kt3e04mm.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup
    :mozilla.36:C:\Documents and Settings\John Hulcher\Application Data\Mozilla\Firefox\Profiles\kt3e04mm.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
    :mozilla.44:C:\Documents and Settings\John Hulcher\Application Data\Mozilla\Firefox\Profiles\kt3e04mm.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
    :mozilla.45:C:\Documents and Settings\John Hulcher\Application Data\Mozilla\Firefox\Profiles\kt3e04mm.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
    :mozilla.46:C:\Documents and Settings\John Hulcher\Application Data\Mozilla\Firefox\Profiles\kt3e04mm.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
    :mozilla.47:C:\Documents and Settings\John Hulcher\Application Data\Mozilla\Firefox\Profiles\kt3e04mm.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
    :mozilla.48:C:\Documents and Settings\John Hulcher\Application Data\Mozilla\Firefox\Profiles\kt3e04mm.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
    :mozilla.49:C:\Documents and Settings\John Hulcher\Application Data\Mozilla\Firefox\Profiles\kt3e04mm.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
    :mozilla.50:C:\Documents and Settings\John Hulcher\Application Data\Mozilla\Firefox\Profiles\kt3e04mm.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
    :mozilla.51:C:\Documents and Settings\John Hulcher\Application Data\Mozilla\Firefox\Profiles\kt3e04mm.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
    :mozilla.52:C:\Documents and Settings\John Hulcher\Application Data\Mozilla\Firefox\Profiles\kt3e04mm.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
    :mozilla.53:C:\Documents and Settings\John Hulcher\Application Data\Mozilla\Firefox\Profiles\kt3e04mm.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
    :mozilla.54:C:\Documents and Settings\John Hulcher\Application Data\Mozilla\Firefox\Profiles\kt3e04mm.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
    :mozilla.55:C:\Documents and Settings\John Hulcher\Application Data\Mozilla\Firefox\Profiles\kt3e04mm.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
    :mozilla.56:C:\Documents and Settings\John Hulcher\Application Data\Mozilla\Firefox\Profiles\kt3e04mm.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
    :mozilla.57:C:\Documents and Settings\John Hulcher\Application Data\Mozilla\Firefox\Profiles\kt3e04mm.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
    :mozilla.58:C:\Documents and Settings\John Hulcher\Application Data\Mozilla\Firefox\Profiles\kt3e04mm.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
    :mozilla.59:C:\Documents and Settings\John Hulcher\Application Data\Mozilla\Firefox\Profiles\kt3e04mm.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
    :mozilla.60:C:\Documents and Settings\John Hulcher\Application Data\Mozilla\Firefox\Profiles\kt3e04mm.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
    :mozilla.61:C:\Documents and Settings\John Hulcher\Application Data\Mozilla\Firefox\Profiles\kt3e04mm.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
    :mozilla.72:C:\Documents and Settings\John Hulcher\Application Data\Mozilla\Firefox\Profiles\kt3e04mm.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned with backup
    :mozilla.75:C:\Documents and Settings\John Hulcher\Application Data\Mozilla\Firefox\Profiles\kt3e04mm.default\cookies.txt -> TrackingCookie.Linksynergy : Cleaned with backup
    :mozilla.76:C:\Documents and Settings\John Hulcher\Application Data\Mozilla\Firefox\Profiles\kt3e04mm.default\cookies.txt -> TrackingCookie.Linksynergy : Cleaned with backup
    :mozilla.77:C:\Documents and Settings\John Hulcher\Application Data\Mozilla\Firefox\Profiles\kt3e04mm.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
    :mozilla.78:C:\Documents and Settings\John Hulcher\Application Data\Mozilla\Firefox\Profiles\kt3e04mm.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
    :mozilla.80:C:\Documents and Settings\John Hulcher\Application Data\Mozilla\Firefox\Profiles\kt3e04mm.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
    :mozilla.82:C:\Documents and Settings\John Hulcher\Application Data\Mozilla\Firefox\Profiles\kt3e04mm.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
    :mozilla.83:C:\Documents and Settings\John Hulcher\Application Data\Mozilla\Firefox\Profiles\kt3e04mm.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
    :mozilla.84:C:\Documents and Settings\John Hulcher\Application Data\Mozilla\Firefox\Profiles\kt3e04mm.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
    :mozilla.85:C:\Documents and Settings\John Hulcher\Application Data\Mozilla\Firefox\Profiles\kt3e04mm.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
    :mozilla.88:C:\Documents and Settings\John Hulcher\Application Data\Mozilla\Firefox\Profiles\kt3e04mm.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
    :mozilla.89:C:\Documents and Settings\John Hulcher\Application Data\Mozilla\Firefox\Profiles\kt3e04mm.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
    :mozilla.97:C:\Documents and Settings\John Hulcher\Application Data\Mozilla\Firefox\Profiles\kt3e04mm.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
    :mozilla.98:C:\Documents and Settings\John Hulcher\Application Data\Mozilla\Firefox\Profiles\kt3e04mm.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned with backup
    :mozilla.110:C:\Documents and Settings\John Hulcher\Application Data\Mozilla\Firefox\Profiles\kt3e04mm.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
    :mozilla.111:C:\Documents and Settings\John Hulcher\Application Data\Mozilla\Firefox\Profiles\kt3e04mm.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup
    :mozilla.112:C:\Documents and Settings\John Hulcher\Application Data\Mozilla\Firefox\Profiles\kt3e04mm.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup
    :mozilla.114:C:\Documents and Settings\John Hulcher\Application Data\Mozilla\Firefox\Profiles\kt3e04mm.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
    :mozilla.115:C:\Documents and Settings\John Hulcher\Application Data\Mozilla\Firefox\Profiles\kt3e04mm.default\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup
    :mozilla.116:C:\Documents and Settings\John Hulcher\Application Data\Mozilla\Firefox\Profiles\kt3e04mm.default\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup
    :mozilla.117:C:\Documents and Settings\John Hulcher\Application Data\Mozilla\Firefox\Profiles\kt3e04mm.default\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup
    :mozilla.124:C:\Documents and Settings\John Hulcher\Application Data\Mozilla\Firefox\Profiles\kt3e04mm.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
    :mozilla.125:C:\Documents and Settings\John Hulcher\Application Data\Mozilla\Firefox\Profiles\kt3e04mm.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
    :mozilla.126:C:\Documents and Settings\John Hulcher\Application Data\Mozilla\Firefox\Profiles\kt3e04mm.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
    :mozilla.140:C:\Documents and Settings\John Hulcher\Application Data\Mozilla\Firefox\Profiles\kt3e04mm.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
    :mozilla.141:C:\Documents and Settings\John Hulcher\Application Data\Mozilla\Firefox\Profiles\kt3e04mm.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
    :mozilla.142:C:\Documents and Settings\John Hulcher\Application Data\Mozilla\Firefox\Profiles\kt3e04mm.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
    :mozilla.143:C:\Documents and Settings\John Hulcher\Application Data\Mozilla\Firefox\Profiles\kt3e04mm.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
    :mozilla.144:C:\Documents and Settings\John Hulcher\Application Data\Mozilla\Firefox\Profiles\kt3e04mm.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
    :mozilla.145:C:\Documents and Settings\John Hulcher\Application Data\Mozilla\Firefox\Profiles\kt3e04mm.default\cookies.txt -> TrackingCookie.Targetnet : Cleaned with backup
    :mozilla.146:C:\Documents and Settings\John Hulcher\Application Data\Mozilla\Firefox\Profiles\kt3e04mm.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
    :mozilla.147:C:\Documents and Settings\John Hulcher\Application Data\Mozilla\Firefox\Profiles\kt3e04mm.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
    :mozilla.148:C:\Documents and Settings\John Hulcher\Application Data\Mozilla\Firefox\Profiles\kt3e04mm.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
    :mozilla.149:C:\Documents and Settings\John Hulcher\Application Data\Mozilla\Firefox\Profiles\kt3e04mm.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
    :mozilla.150:C:\Documents and Settings\John Hulcher\Application Data\Mozilla\Firefox\Profiles\kt3e04mm.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
    :mozilla.151:C:\Documents and Settings\John Hulcher\Application Data\Mozilla\Firefox\Profiles\kt3e04mm.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
    :mozilla.159:C:\Documents and Settings\John Hulcher\Application Data\Mozilla\Firefox\Profiles\kt3e04mm.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
    :mozilla.160:C:\Documents and Settings\John Hulcher\Application Data\Mozilla\Firefox\Profiles\kt3e04mm.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
    :mozilla.162:C:\Documents and Settings\John Hulcher\Application Data\Mozilla\Firefox\Profiles\kt3e04mm.default\cookies.txt -> TrackingCookie.Addynamix : Cleaned with backup
    :mozilla.163:C:\Documents and Settings\John Hulcher\Application Data\Mozilla\Firefox\Profiles\kt3e04mm.default\cookies.txt -> TrackingCookie.Addynamix : Cleaned with backup
    :mozilla.164:C:\Documents and Settings\John Hulcher\Application Data\Mozilla\Firefox\Profiles\kt3e04mm.default\cookies.txt -> TrackingCookie.Addynamix : Cleaned with backup
    :mozilla.165:C:\Documents and Settings\John Hulcher\Application Data\Mozilla\Firefox\Profiles\kt3e04mm.default\cookies.txt -> TrackingCookie.Addynamix : Cleaned with backup
    :mozilla.175:C:\Documents and Settings\John Hulcher\Application Data\Mozilla\Firefox\Profiles\kt3e04mm.default\cookies.txt -> TrackingCookie.Realtracker : Cleaned with backup
    :mozilla.176:C:\Documents and Settings\John Hulcher\Application Data\Mozilla\Firefox\Profiles\kt3e04mm.default\cookies.txt -> TrackingCookie.Realtracker : Cleaned with backup
    :mozilla.185:C:\Documents and Settings\John Hulcher\Application Data\Mozilla\Firefox\Profiles\kt3e04mm.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
    :mozilla.186:C:\Documents and Settings\John Hulcher\Application Data\Mozilla\Firefox\Profiles\kt3e04mm.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
    :mozilla.187:C:\Documents and Settings\John Hulcher\Application Data\Mozilla\Firefox\Profiles\kt3e04mm.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
    :mozilla.188:C:\Documents and Settings\John Hulcher\Application Data\Mozilla\Firefox\Profiles\kt3e04mm.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
    :mozilla.189:C:\Documents and Settings\John Hulcher\Application Data\Mozilla\Firefox\Profiles\kt3e04mm.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
    :mozilla.190:C:\Documents and Settings\John Hulcher\Application Data\Mozilla\Firefox\Profiles\kt3e04mm.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
    :mozilla.197:C:\Documents and Settings\John Hulcher\Application Data\Mozilla\Firefox\Profiles\kt3e04mm.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
    :mozilla.198:C:\Documents and Settings\John Hulcher\Application Data\Mozilla\Firefox\Profiles\kt3e04mm.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
    :mozilla.199:C:\Documents and Settings\John Hulcher\Application Data\Mozilla\Firefox\Profiles\kt3e04mm.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
    :mozilla.200:C:\Documents and Settings\John Hulcher\Application Data\Mozilla\Firefox\Profiles\kt3e04mm.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
    :mozilla.201:C:\Documents and Settings\John Hulcher\Application Data\Mozilla\Firefox\Profiles\kt3e04mm.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
    :mozilla.202:C:\Documents and Settings\John Hulcher\Application Data\Mozilla\Firefox\Profiles\kt3e04mm.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
    :mozilla.203:C:\Documents and Settings\John Hulcher\Application Data\Mozilla\Firefox\Profiles\kt3e04mm.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
    :mozilla.204:C:\Documents and Settings\John Hulcher\Application Data\Mozilla\Firefox\Profiles\kt3e04mm.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
    :mozilla.209:C:\Documents and Settings\John Hulcher\Application Data\Mozilla\Firefox\Profiles\kt3e04mm.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
    :mozilla.210:C:\Documents and Settings\John Hulcher\Application Data\Mozilla\Firefox\Profiles\kt3e04mm.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
    :mozilla.211:C:\Documents and Settings\John Hulcher\Application Data\Mozilla\Firefox\Profiles\kt3e04mm.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
    :mozilla.213:C:\Documents and Settings\John Hulcher\Application Data\Mozilla\Firefox\Profiles\kt3e04mm.default\cookies.txt -> TrackingCookie.Hypertracker : Cleaned with backup
    :mozilla.217:C:\Documents and Settings\John Hulcher\Application Data\Mozilla\Firefox\Profiles\kt3e04mm.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
    :mozilla.218:C:\Documents and Settings\John Hulcher\Application Data\Mozilla\Firefox\Profiles\kt3e04mm.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
    :mozilla.229:C:\Documents and Settings\John Hulcher\Application Data\Mozilla\Firefox\Profiles\kt3e04mm.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
    :mozilla.237:C:\Documents and Settings\John Hulcher\Application Data\Mozilla\Firefox\Profiles\kt3e04mm.default\cookies.txt -> TrackingCookie.Clickbank : Cleaned with backup
    :mozilla.241:C:\Documents and Settings\John Hulcher\Application Data\Mozilla\Firefox\Profiles\kt3e04mm.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned with backup
    :mozilla.242:C:\Documents and Settings\John Hulcher\Application Data\Mozilla\Firefox\Profiles\kt3e04mm.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned with backup
    :mozilla.245:C:\Documents and Settings\John Hulcher\Application Data\Mozilla\Firefox\Profiles\kt3e04mm.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
    :mozilla.246:C:\Documents and Settings\John Hulcher\Application Data\Mozilla\Firefox\Profiles\kt3e04mm.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
  7. 2006-04-10, 05:51 #17
    jay hulka
    jay hulka is offline
    Junior Member
    Join Date
    Mar 2006
    Posts
    16

    Default ewido report cont.

    :mozilla.247:C:\Documents and Settings\John Hulcher\Application Data\Mozilla\Firefox\Profiles\kt3e04mm.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
    :mozilla.248:C:\Documents and Settings\John Hulcher\Application Data\Mozilla\Firefox\Profiles\kt3e04mm.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
    :mozilla.249:C:\Documents and Settings\John Hulcher\Application Data\Mozilla\Firefox\Profiles\kt3e04mm.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
    :mozilla.250:C:\Documents and Settings\John Hulcher\Application Data\Mozilla\Firefox\Profiles\kt3e04mm.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
    :mozilla.251:C:\Documents and Settings\John Hulcher\Application Data\Mozilla\Firefox\Profiles\kt3e04mm.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
    :mozilla.252:C:\Documents and Settings\John Hulcher\Application Data\Mozilla\Firefox\Profiles\kt3e04mm.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
    :mozilla.253:C:\Documents and Settings\John Hulcher\Application Data\Mozilla\Firefox\Profiles\kt3e04mm.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
    :mozilla.254:C:\Documents and Settings\John Hulcher\Application Data\Mozilla\Firefox\Profiles\kt3e04mm.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
    :mozilla.255:C:\Documents and Settings\John Hulcher\Application Data\Mozilla\Firefox\Profiles\kt3e04mm.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned with backup
    C:\Documents and Settings\John Hulcher\Cookies\john hulcher@2o7[2].txt -> TrackingCookie.2o7 : Cleaned with backup
    C:\Documents and Settings\John Hulcher\Cookies\john hulcher@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
    C:\Documents and Settings\John Hulcher\Cookies\john hulcher@adopt.specificclick[1].txt -> TrackingCookie.Specificclick : Cleaned with backup
    C:\Documents and Settings\John Hulcher\Cookies\john hulcher@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup
    C:\Documents and Settings\John Hulcher\Cookies\john hulcher@c.goclick[2].txt -> TrackingCookie.Goclick : Cleaned with backup
    C:\Documents and Settings\John Hulcher\Cookies\john hulcher@data2.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup
    C:\Documents and Settings\John Hulcher\Cookies\john hulcher@e-2dj6wflogoc5seo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\John Hulcher\Cookies\john hulcher@e-2dj6wjk4qmdjilp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\John Hulcher\Cookies\john hulcher@e-2dj6wjnyckc5geo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\John Hulcher\Cookies\john hulcher@e-2dj6wjnyokazcgq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\John Hulcher\Cookies\john hulcher@e-2dj6wjnysnajwbp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\John Hulcher\Cookies\john hulcher@perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup
    C:\Documents and Settings\John Hulcher\Cookies\john hulcher@qksrv[2].txt -> TrackingCookie.Qksrv : Cleaned with backup
    C:\Documents and Settings\John Hulcher\Cookies\john hulcher@sales.liveperson[2].txt -> TrackingCookie.Liveperson : Cleaned with backup
    C:\Documents and Settings\John Hulcher\Cookies\john hulcher@server.iad.liveperson[1].txt -> TrackingCookie.Liveperson : Cleaned with backup
    C:\Documents and Settings\John Hulcher\Cookies\john hulcher@statcounter[1].txt -> TrackingCookie.Statcounter : Cleaned with backup
    C:\Documents and Settings\John Hulcher\Cookies\john hulcher@trafficmp[1].txt -> TrackingCookie.Trafficmp : Cleaned with backup
    C:\Documents and Settings\John Hulcher\Local Settings\Temp\!update.exe -> Downloader.PurityScan.bx : Cleaned with backup
    C:\Documents and Settings\John Hulcher\Local Settings\Temp\bw2.com -> Adware.AdURL : Cleaned with backup
    C:\Documents and Settings\John Hulcher\Local Settings\Temp\C8F7.tmp/titno.exe -> Adware.MDH : Cleaned with backup
    C:\Documents and Settings\John Hulcher\Local Settings\Temp\Cookies\john hulcher@2o7[2].txt -> TrackingCookie.2o7 : Cleaned with backup
    C:\Documents and Settings\John Hulcher\Local Settings\Temp\Cookies\john hulcher@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
    C:\Documents and Settings\John Hulcher\Local Settings\Temp\Cookies\john hulcher@adopt.specificclick[1].txt -> TrackingCookie.Specificclick : Cleaned with backup
    C:\Documents and Settings\John Hulcher\Local Settings\Temp\Cookies\john hulcher@ads.addynamix[2].txt -> TrackingCookie.Addynamix : Cleaned with backup
    C:\Documents and Settings\John Hulcher\Local Settings\Temp\Cookies\john hulcher@as-us.falkag[1].txt -> TrackingCookie.Falkag : Cleaned with backup
    C:\Documents and Settings\John Hulcher\Local Settings\Temp\Cookies\john hulcher@atdmt[1].txt -> TrackingCookie.Atdmt : Cleaned with backup
    C:\Documents and Settings\John Hulcher\Local Settings\Temp\Cookies\john hulcher@casalemedia[2].txt -> TrackingCookie.Casalemedia : Cleaned with backup
    C:\Documents and Settings\John Hulcher\Local Settings\Temp\Cookies\john hulcher@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned with backup
    C:\Documents and Settings\John Hulcher\Local Settings\Temp\Cookies\john hulcher@e-2dj6wjlyencpelp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\John Hulcher\Local Settings\Temp\Cookies\john hulcher@microsoftwga.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
    C:\Documents and Settings\John Hulcher\Local Settings\Temp\Cookies\john hulcher@partygaming.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
    C:\Documents and Settings\John Hulcher\Local Settings\Temp\Cookies\john hulcher@qksrv[2].txt -> TrackingCookie.Qksrv : Cleaned with backup
    C:\Documents and Settings\John Hulcher\Local Settings\Temp\Cookies\john hulcher@sales.liveperson[1].txt -> TrackingCookie.Liveperson : Cleaned with backup
    C:\Documents and Settings\John Hulcher\Local Settings\Temp\Cookies\john hulcher@server.iad.liveperson[2].txt -> TrackingCookie.Liveperson : Cleaned with backup
    C:\Documents and Settings\John Hulcher\Local Settings\Temp\Cookies\john hulcher@statcounter[1].txt -> TrackingCookie.Statcounter : Cleaned with backup
    C:\Documents and Settings\John Hulcher\Local Settings\Temp\Cookies\john hulcher@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : Cleaned with backup
    C:\Documents and Settings\John Hulcher\Local Settings\Temp\Cookies\john hulcher@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned with backup
    C:\Documents and Settings\John Hulcher\Local Settings\Temp\Cookies\john hulcher@trafficmp[2].txt -> TrackingCookie.Trafficmp : Cleaned with backup
    C:\Documents and Settings\John Hulcher\Local Settings\Temp\Cookies\john hulcher@www.burstbeacon[1].txt -> TrackingCookie.Burstbeacon : Cleaned with backup
    C:\Documents and Settings\John Hulcher\Local Settings\Temp\Cookies\john hulcher@www.myaffiliateprogram[1].txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup
    C:\Documents and Settings\John Hulcher\Local Settings\Temp\Cookies\john hulcher@yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
    C:\Documents and Settings\John Hulcher\Local Settings\Temp\F8B9.tmp/dgfgql.exe -> Adware.Suggestor : Cleaned with backup
    C:\Documents and Settings\John Hulcher\Local Settings\Temp\F8B9.tmp/u1um0id.exe -> Adware.Suggestor : Cleaned with backup
    C:\Documents and Settings\John Hulcher\Local Settings\Temp\i7.tmp -> Adware.SurfSide : Cleaned with backup
    C:\Documents and Settings\John Hulcher\Local Settings\Temp\iC.tmp -> Adware.SurfSide : Cleaned with backup
    C:\Documents and Settings\John Hulcher\Local Settings\Temp\mit16.tmp/NNBar_VCSetup_876029.exe -> Adware.Mirar : Cleaned with backup
    C:\Documents and Settings\John Hulcher\Local Settings\Temp\mit16.tmp.cab/NNBar_VCSetup_876029.exe -> Adware.Mirar : Cleaned with backup
    C:\Documents and Settings\John Hulcher\Local Settings\Temp\msin_installer1\gb.exe -> Downloader.Agent.wx : Cleaned with backup
    C:\Documents and Settings\John Hulcher\Local Settings\Temp\temp.frB41C -> Adware.Look2Me : Cleaned with backup
    C:\Documents and Settings\John Hulcher\Local Settings\Temporary Internet Files\Content.IE5\CB0NK9SX\AppWrap[1].exe -> Adware.AdURL : Cleaned with backup
    C:\Documents and Settings\John Hulcher\Local Settings\Temporary Internet Files\Content.IE5\CB0NK9SX\AppWrap[2].exe -> Adware.AdURL : Cleaned with backup
    C:\Documents and Settings\John Hulcher\Local Settings\Temporary Internet Files\Content.IE5\CB0NK9SX\AppWrap[3].exe -> Adware.Zestyfind : Cleaned with backup
    C:\Documents and Settings\John Hulcher\Local Settings\Temporary Internet Files\Content.IE5\CB0NK9SX\AppWrap[4].exe -> Adware.AdURL : Cleaned with backup
  8. 2006-04-10, 05:52 #18
    jay hulka
    jay hulka is offline
    Junior Member
    Join Date
    Mar 2006
    Posts
    16

    Default and again

    C:\Documents and Settings\John Hulcher\My Documents\Anti Mal Stuff\l2mfix\dlls\abl71.dll -> Adware.Look2Me : Cleaned with backup
    C:\Documents and Settings\John Hulcher\My Documents\Anti Mal Stuff\l2mfix\dlls\agifil32.dll -> Adware.Look2Me : Cleaned with backup
    C:\Documents and Settings\John Hulcher\My Documents\Anti Mal Stuff\l2mfix\dlls\aoi2evxx.dll -> Adware.Look2Me : Cleaned with backup
    C:\Documents and Settings\John Hulcher\My Documents\Anti Mal Stuff\l2mfix\dlls\dnnhupnp.dll -> Adware.Look2Me : Cleaned with backup
    C:\Documents and Settings\John Hulcher\My Documents\Anti Mal Stuff\l2mfix\dlls\DTMSADSN.DLL -> Adware.Look2Me : Cleaned with backup
    C:\Documents and Settings\John Hulcher\My Documents\Anti Mal Stuff\l2mfix\dlls\elent.dll -> Adware.Look2Me : Cleaned with backup
    C:\Documents and Settings\John Hulcher\My Documents\Anti Mal Stuff\l2mfix\dlls\en08l1du1.dll -> Adware.Look2Me : Cleaned with backup
    C:\Documents and Settings\John Hulcher\My Documents\Anti Mal Stuff\l2mfix\dlls\en0sl1d71.dll -> Adware.Look2Me : Cleaned with backup
    C:\Documents and Settings\John Hulcher\My Documents\Anti Mal Stuff\l2mfix\dlls\en84l1lq1.dll -> Adware.Look2Me : Cleaned with backup
    C:\Documents and Settings\John Hulcher\My Documents\Anti Mal Stuff\l2mfix\dlls\enjql1151.dll -> Adware.Look2Me : Cleaned with backup
    C:\Documents and Settings\John Hulcher\My Documents\Anti Mal Stuff\l2mfix\dlls\enpsl1771.dll -> Adware.Look2Me : Cleaned with backup
    C:\Documents and Settings\John Hulcher\My Documents\Anti Mal Stuff\l2mfix\dlls\fnl0213mg.dll -> Adware.Look2Me : Cleaned with backup
    C:\Documents and Settings\John Hulcher\My Documents\Anti Mal Stuff\l2mfix\dlls\g0jola131d.dll -> Adware.Look2Me : Cleaned with backup
    C:\Documents and Settings\John Hulcher\My Documents\Anti Mal Stuff\l2mfix\dlls\h0j4la1q1d.dll -> Adware.Look2Me : Cleaned with backup
    C:\Documents and Settings\John Hulcher\My Documents\Anti Mal Stuff\l2mfix\dlls\h4j40e1qeh.dll -> Adware.Look2Me : Cleaned with backup
    C:\Documents and Settings\John Hulcher\My Documents\Anti Mal Stuff\l2mfix\dlls\ideshare.dll -> Adware.Look2Me : Cleaned with backup
    C:\Documents and Settings\John Hulcher\My Documents\Anti Mal Stuff\l2mfix\dlls\ilengine.dll -> Adware.Look2Me : Cleaned with backup
    C:\Documents and Settings\John Hulcher\My Documents\Anti Mal Stuff\l2mfix\dlls\ir8ml5l11.dll -> Adware.Look2Me : Cleaned with backup
    C:\Documents and Settings\John Hulcher\My Documents\Anti Mal Stuff\l2mfix\dlls\irengine.dll -> Adware.Look2Me : Cleaned with backup
    C:\Documents and Settings\John Hulcher\My Documents\Anti Mal Stuff\l2mfix\dlls\KLDLT1.DLL -> Adware.Look2Me : Cleaned with backup
    C:\Documents and Settings\John Hulcher\My Documents\Anti Mal Stuff\l2mfix\dlls\KQDTUF.DLL -> Adware.Look2Me : Cleaned with backup
    C:\Documents and Settings\John Hulcher\My Documents\Anti Mal Stuff\l2mfix\dlls\ktuser.dll -> Adware.Look2Me : Cleaned with backup
    C:\Documents and Settings\John Hulcher\My Documents\Anti Mal Stuff\l2mfix\dlls\lvj0091me.dll -> Adware.Look2Me : Cleaned with backup
    C:\Documents and Settings\John Hulcher\My Documents\Anti Mal Stuff\l2mfix\dlls\lvpq0975e.dll -> Adware.Look2Me : Cleaned with backup
    C:\Documents and Settings\John Hulcher\My Documents\Anti Mal Stuff\l2mfix\dlls\m4460ehseh460.dll -> Adware.Look2Me : Cleaned with backup
    C:\Documents and Settings\John Hulcher\My Documents\Anti Mal Stuff\l2mfix\dlls\MFAUDITE.DLL -> Adware.Look2Me : Cleaned with backup
    C:\Documents and Settings\John Hulcher\My Documents\Anti Mal Stuff\l2mfix\dlls\MJRECR40.DLL -> Adware.Look2Me : Cleaned with backup
    C:\Documents and Settings\John Hulcher\My Documents\Anti Mal Stuff\l2mfix\dlls\MLVCP50.DLL -> Adware.Look2Me : Cleaned with backup
    C:\Documents and Settings\John Hulcher\My Documents\Anti Mal Stuff\l2mfix\dlls\mlw3prt.dll -> Adware.Look2Me : Cleaned with backup
    C:\Documents and Settings\John Hulcher\My Documents\Anti Mal Stuff\l2mfix\dlls\MTAATEXT.DLL -> Adware.Look2Me : Cleaned with backup
    C:\Documents and Settings\John Hulcher\My Documents\Anti Mal Stuff\l2mfix\dlls\mwrepl40.dll -> Adware.Look2Me : Cleaned with backup
    C:\Documents and Settings\John Hulcher\My Documents\Anti Mal Stuff\l2mfix\dlls\n0r2la9o1d.dll -> Adware.Look2Me : Cleaned with backup
    C:\Documents and Settings\John Hulcher\My Documents\Anti Mal Stuff\l2mfix\dlls\NJLANUI2.DLL -> Adware.Look2Me : Cleaned with backup
    C:\Documents and Settings\John Hulcher\My Documents\Anti Mal Stuff\l2mfix\dlls\ojuninst.dll -> Adware.Look2Me : Cleaned with backup
    C:\Documents and Settings\John Hulcher\My Documents\Anti Mal Stuff\l2mfix\dlls\q6nulg5916.dll -> Adware.Look2Me : Cleaned with backup
    C:\Documents and Settings\John Hulcher\My Documents\Anti Mal Stuff\l2mfix\dlls\RGND.DLL -> Adware.Look2Me : Cleaned with backup
    C:\Documents and Settings\John Hulcher\My Documents\Anti Mal Stuff\l2mfix\dlls\scclogon.dll -> Adware.Look2Me : Cleaned with backup
    C:\Documents and Settings\John Hulcher\My Documents\Anti Mal Stuff\l2mfix\dlls\seeio.dll -> Adware.Look2Me : Cleaned with backup
    C:\Documents and Settings\John Hulcher\My Documents\Anti Mal Stuff\l2mfix\dlls\SFNSCFG.DLL -> Adware.Look2Me : Cleaned with backup
    C:\Documents and Settings\John Hulcher\My Documents\Anti Mal Stuff\l2mfix\dlls\smdocvw.dll -> Adware.Look2Me : Cleaned with backup
    C:\Documents and Settings\John Hulcher\My Documents\Anti Mal Stuff\l2mfix\dlls\SPMAPI.DLL -> Adware.Look2Me : Cleaned with backup
    C:\Documents and Settings\John Hulcher\My Documents\Anti Mal Stuff\l2mfix\dlls\VEAR332.DLL -> Adware.Look2Me : Cleaned with backup
    C:\Documents and Settings\John Hulcher\My Documents\Anti Mal Stuff\l2mfix\dlls\vzscript.dll -> Adware.Look2Me : Cleaned with backup
    C:\Documents and Settings\John Hulcher\My Documents\Anti Mal Stuff\l2mfix\dlls\wcnscard.dll -> Adware.Look2Me : Cleaned with backup
    C:\Documents and Settings\John Hulcher\My Documents\Anti Mal Stuff\l2mfix\dlls\wessvc.dll -> Adware.Look2Me : Cleaned with backup
    C:\Documents and Settings\John Hulcher\My Documents\Anti Mal Stuff\l2mfix\dlls\wonbl32.dll -> Adware.Look2Me : Cleaned with backup
    C:\Documents and Settings\John Hulcher\My Documents\Anti Mal Stuff\l2mfix\dlls\wwdsp.dll -> Adware.Look2Me : Cleaned with backup
    C:\Documents and Settings\John Hulcher\My Documents\Anti Mal Stuff\l2mfix\dlls\WX2N50.dll -> Adware.Look2Me : Cleaned with backup
    C:\Documents and Settings\LocalService\Cookies\system@c.enhance[1].txt -> TrackingCookie.Enhance : Cleaned with backup
    C:\Documents and Settings\LocalService\Cookies\system@c.goclick[2].txt -> TrackingCookie.Goclick : Cleaned with backup
    C:\Documents and Settings\LocalService\Cookies\system@data3.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup
    C:\gimmygames11.exe -> Downloader.Adload.u : Cleaned with backup
    C:\hijackthis\backups\backup-20060408-171247-915.dll -> Adware.Adstart : Cleaned with backup
    C:\hijackthis\backups\backup-20060408-173441-113.dll -> Adware.Adstart : Cleaned with backup
    C:\NNSCAA638.EXE -> Adware.NewDotNet : Cleaned with backup
    C:\Program Files\Jalmp\uninstall.exe -> Adware.Suggestor : Cleaned with backup
    C:\WINDOWS\7020.exe/eee2.exe -> Adware.MediaMotor : Cleaned with backup
    C:\WINDOWS\dlgb.exe -> Trojan.Imiserv.c : Cleaned with backup
    C:\WINDOWS\eee2.exe -> Adware.MediaMotor : Cleaned with backup
    C:\WINDOWS\gimmygames11.exe -> Downloader.Adload.u : Cleaned with backup
    C:\WINDOWS\icont.exe -> Adware.AdURL : Cleaned with backup
    C:\WINDOWS\letn.exe/eee2.exe -> Adware.MediaMotor : Cleaned with backup
    C:\WINDOWS\mynexus.exe -> Trojan.Imiserv.c : Cleaned with backup
    C:\WINDOWS\NDNuninstall7_22.exe -> Adware.NewDotNet : Cleaned with backup
    C:\WINDOWS\Sm9obiBIdWxjaGVy\asappsrv.dll -> Adware.CommAd : Cleaned with backup
    C:\WINDOWS\Sm9obiBIdWxjaGVy\command.exe -> Adware.CommAd : Cleaned with backup
    C:\WINDOWS\SYSTEM32\adsetup.exe -> Dropper.Agent.abb : Cleaned with backup
    C:\WINDOWS\SYSTEM32\hdacyfa.vxd -> Trojan.Painwin.a : Cleaned with backup
    C:\WINDOWS\SYSTEM32\hdiceai.exe -> Trojan.Painwin.a : Cleaned with backup
    C:\WINDOWS\SYSTEM32\jcmkd.dll -> Adware.Adstart : Cleaned with backup
    C:\WINDOWS\SYSTEM32\jcmkdc.exe -> Adware.Adstart : Cleaned with backup
    C:\WINDOWS\SYSTEM32\jcmkdd.exe -> Adware.Adstart : Cleaned with backup
    C:\WINDOWS\SYSTEM32\jcmkdf.exe -> Adware.Adstart : Cleaned with backup
    C:\WINDOWS\SYSTEM32\qsdsregp.exe -> Adware.ZenoSearch : Cleaned with backup
    C:\WINDOWS\SYSTEM32\sxfulc.exe -> Adware.Adstart : Cleaned with backup
    C:\WINDOWS\SYSTEM32\sxfuld.exe -> Adware.Adstart : Cleaned with backup
    C:\WINDOWS\SYSTEM32\sxfulf.exe -> Adware.Adstart : Cleaned with backup
    C:\WINDOWS\SYSTEM32\ttbitt.exe -> Adware.Suggestor : Cleaned with backup
    C:\WINDOWS\SYSTEM32\u1um0id.exe -> Adware.Suggestor : Cleaned with backup
    C:\WINDOWS\SYSTEM32\unpack.exe -> Trojan.Painwin.a : Cleaned with backup
    C:\WINDOWS\SYSTEM32\ѕеcurity\rundll32.exe -> Downloader.PurityScan.bx : Cleaned with backup
    C:\WINDOWS\Temp\bw2.com -> Adware.AdURL : Cleaned with backup
    C:\WINDOWS\Temp\Cookies\john hulcher@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
    C:\WINDOWS\Temp\Cookies\john hulcher@kmpads[2].txt -> TrackingCookie.Kmpads : Cleaned with backup
    C:\WINDOWS\whCC-GIANT.exe/WhAgent.exe -> Adware.WebHancer : Cleaned with backup
    C:\ZICORN001.exe -> Adware.ZenoSearch : Cleaned with backup


    ::Report End
  9. 2006-04-10, 06:05 #19
    LonnyRJones
    LonnyRJones is offline
    Security Expert-Emeritus
    Join Date
    Oct 2005
    Posts
    5,025

    Default

    Thats good to here

    Keep an eye out for these to in Ewido scan over the next few day's
    C:\WINDOWS\system32\hramebe.exe
    C:\WINDOWS\system32\hribycb.exe
    and let me know if they return
    Is this line gone in a hijackthis log ?
    O23 - Service: hdiceai - Unknown owner - C:\WINDOWS\system32\hdiceai.exe

    Delete these two folders
    C:\WINDOWS\Sm9obiBIdWxjaGVy
    C:\Program Files\Jalmp
    Also delete the l2mfix folder/l2mfix.exe, if ever needed again it will probaly have been updated

    If your PC is running Ok now flush out the old system restore points
    Purge System Restore
    Turn off System Restore.
    On the Desktop, right-click My Computer.
    Click Properties.
    Click the System Restore tab.
    Check Turn off System Restore.
    Click Apply, and then click OK.
    Then Reboot. < Dont skip that step.
    Turn ON System Restore.
    On the Desktop, right-click My Computer.
    Click Properties.
    Click the System Restore tab.
    UN-Check Turn off System Restore.
    Click Apply, and then click OK.
  10. 2006-04-14, 02:34 #20
    jay hulka
    jay hulka is offline
    Junior Member
    Join Date
    Mar 2006
    Posts
    16

    Default Sorry!

    Hello! Sorry about the delay in getting back to you. I have completed your instructions.

    Upon running hijackthis, I did not find the 023 hdiceai item you refer to (yeah!). I did find and delete the two folders (though I had to turn on view hidden files to find one of them). I also deleted the l2mfix, as well as flushed the system restore. I will continue to check ewido scans for those files and let you know if they return. I can't thank you enough for all of your help. You have gone above and beyond. Please advise if I need to do anything else. Here is a recent hijackthis log for your final review.
    Thanks!!

    Logfile of HijackThis v1.99.1
    Scan saved at 8:33:36 PM, on 4/13/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\WINDOWS\system32\cisvc.exe
    C:\Program Files\ewido anti-malware\ewidoctrl.exe
    C:\Program Files\ewido anti-malware\ewidoguard.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\WINDOWS\system32\cidaemon.exe
    C:\hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.apple.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.insightbb.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Insight Broadband
    O1 - Hosts: 17.250.248.77 idisk0.mac.com idisk1.mac.com idisk2.mac.com idisk3.mac.com idisk4.mac.com idisk5.mac.com idisk6.mac.com idisk7.mac.com idisk8.mac.com idisk9.mac.com idisk10.mac.com idisk11.mac.com idisk12.mac.com idisk13.mac.com idisk14.mac.com idisk15.mac.com idisk16.mac.com idisk17.mac.com idisk18.mac.com idisk19.mac.com idisk20.mac.com idisk21.mac.com idisk22.mac.com idisk23.mac.com idisk24.mac.com idisk25.mac.com
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [SAClient] "C:\Program Files\Insight\BBClient\Programs\RegCon.exe" /admincheck
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O14 - IERESET.INF: START_PAGE_URL=http://www.insightbb.com
    O16 - DPF: Helper - https://www.ubspwmobile.com/CWM/helper.cab
    O16 - DPF: Java Mainframe Display (MFD) - https://www.wm-mobile.ubs.com/W2H/w2h/applet/wdmfd.cab
    O16 - DPF: PCGMC Client - https://www.wm-mobile.ubs.com/PCGMC/PCGMCClient.CAB
    O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
    O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
    O16 - DPF: {10DB6D21-8915-11D2-8E3A-006008D1E01C} (Reuters Plus - Web 1.6.1.12) - https://www.ubspwmobile.com/md/jnavigator.cab
    O16 - DPF: {138A4B11-6BBA-4EF3-B333-0515F67729DB} (Reuters PlusWeb Agent Java Classes - 1.6.0.33) - https://www.wm-mobile.ubs.com/md/pluswebagentjava.cab
    O16 - DPF: {18D29F69-AD28-450E-8EC4-AD3F8632D4FE} (qqagent Class) - https://www.wm-mobile.ubs.com/md/pluswebagent.cab
    O16 - DPF: {24F7A9CC-4EEB-49A7-8592-95E66A7C24A8} (Java ScrollingHeadlines Widget - 1.0.1.8) - https://www.wm-mobile.ubs.com/md/cla...ava/shdown.cab
    O16 - DPF: {2FCFDAB1-F134-11D2-97C6-00104B659322} (Java Monitor - 1.0.3.11) - https://www.wm-mobile.ubs.com/md/cla...nclassdown.cab
    O16 - DPF: {3005838E-2A00-11D2-B701-006008D1E01C} (webctl Class) - https://www.ubspwmobile.com/md/Navigator.cab
    O16 - DPF: {3D5F4B42-A6AD-4F31-BC6B-C4BA6AAEF08B} (Reuters PlusWeb Excel Macro 1,5,0,9) - https://www.ubspwmobile.com/md/plugi...obil/excel.cab
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1093137400467
    O16 - DPF: {766190C9-CF9B-11D5-92EA-00805FC7E991} (Java MarketAtGlance - 1.0.0.9) - https://www.wm-mobile.ubs.com/md/cla...yncompdown.cab
    O16 - DPF: {77E94DB3-EF12-40BE-9AC5-96E2A140900E} (Java jExit - 1.0.0.4) - https://www.ubspwmobile.com/md/jexitdown.cab
    O16 - DPF: {7B70A888-E8AC-4757-B454-766DA6B0B761} (Reuters PlusWeb Excel PreCheck 1,5,0,1) - https://www.ubspwmobile.com/md/plugi...l/precheck.cab
    O16 - DPF: {89F7D494-DA30-4207-9318-49D6E60BD805} (Reuters Webchart Class) - https://www.wm-mobile.ubs.com/md/webchart.cab
    O16 - DPF: {93972343-C012-11D4-A8E1-0060976A74AE} (Java Quote Widget - 1.1.6.11) - https://www.wm-mobile.ubs.com/md/cla...jquotedown.cab
    O16 - DPF: {B5C6E4C0-F9DB-11D2-B126-00104B0EB7AE} (Java Dialogs - 1.6.1.6) - https://www.wm-mobile.ubs.com/md/cla...ialogsdown.cab
    O16 - DPF: {C0966447-1276-46EF-A5BB-1D5BCB6E8935} (PWSweep Class) - https://www.ubspwmobile.com/CWM/pluswebsweeper.cab
    O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
    O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
    O16 - DPF: {D439B6E0-1838-11D2-A461-00A0C968EE5F} (Java QQagent - 1.0.6.05) - https://www.wm-mobile.ubs.com/md/cla...qagentdown.cab
    O16 - DPF: {E041DA00-21AF-11D2-A465-00A0C968EE5F} (Java MLSOFT package) - https://www.ubspwmobile.com/md/class...mlsoftdown.cab
    O16 - DPF: {F436C877-B085-4871-BADD-D23A6E630581} (Reuters PlusWeb Versions - 1,6,0,22) - https://www.wm-mobile.ubs.com/md/pluswebverdown.cab
    O16 - DPF: {F822CC94-9D2F-4914-9CBB-8FBB9EDB1BF0} (PWAgent Class) - https://www.wm-mobile.ubs.com/md/pwagentclient.cab
    O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/...ampx_en_dl.cab
    O16 - DPF: {FF2B96CA-23B8-4B6F-8B90-873770F0D537} (PlusWebLocator Class) - https://www.ubspwmobile.com/md/plusweblocator.cab
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
    O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules