WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. Join 93101 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!

Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Pop ups! and Sloooow Computer

Started by RLMoeller , Mar 20 2006 03:21 PM

This topic is locked

16 replies to this topic

#1 RLMoeller

New Member

New Member
8 posts

Posted 20 March 2006 - 03:21 PM

Please Help!

My computer has been attacked by something that is causing so many pop-ups that I can't do anything at all, and it is so slow that I can't even check my e-mail.

Here is the HijackThis log:
Logfile of HijackThis v1.99.1
Scan saved at 1:15:42 PM, on 3/20/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\DOCUME~1\Samboshi\APPLIC~1\SMBOLS~1\arpa.exe
C:\Documents and Settings\Samboshi\My Documents\s?stem32\s?anregw.exe
C:\Program Files\America Online 8.0\aoltray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Samboshi\Desktop\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapp...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp.../search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapp...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\jexed.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,taeinbg.exe
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: (no name) - {037D2D4A-9FF4-B057-A560-EC1C86E5BB9E} - C:\WINDOWS\system32\yibfyzdf.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\ACROBAT\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O2 - BHO: web compressor - {23FB5ADD-DA37-4a40-9FC0-B0E2384CDE92} - C:\WINDOWS\system32\nsr60.dll
O2 - BHO: RieMon Class - {70F6A776-579A-4C95-BA88-134253907752} - C:\WINDOWS\system32\irsmuypo.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Yvakt Class - {98B9F201-C701-41F1-B338-7E5E0E6D768F} - C:\WINDOWS\system32\ejrwx8drl.dll
O2 - BHO: ohb - {9ADE0443-2AB2-4B23-A3F8-AC520773DE12} - C:\WINDOWS\system32\nsd8.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {E5E2A3E7-00FE-4D31-A030-A10799DDCA66} - (no file)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKCU\..\Run: [Snbu] "C:\DOCUME~1\Samboshi\APPLIC~1\SMBOLS~1\arpa.exe" -vt tzt
O4 - HKCU\..\Run: [Ofy] C:\Documents and Settings\Samboshi\My Documents\s?stem32\s?anregw.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: America Online Tray Icon.lnk = C:\Program Files\America Online 8.0\aoltray.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Search - http://edits.mywebse...?p=ZRxdm429YYUS
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll
O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM32\SHDOCVW.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.elitemediagroup.net
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.co...tup1.0.0.15.cab
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540013} (CInstall Class) - http://adserver.shar...ver/Install.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com...kup/qdiagcc.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1102272181956
O16 - DPF: {8A0DCBDB-6E20-489C-9041-C1E8A0352E75} (Mirar_Dummy_ATS1 Class) - http://awbeta.net-nu.../FIX/WinATS.cab
O16 - DPF: {9AC54695-69A4-46F1-BE10-10C74F9520D5} (elitectl.DemoCtl) - http://cabs.elitemed...s/mediaview.cab
O16 - DPF: {B8F2846E-CE36-11D0-AC83-00C04FD97575} - http://www.talkingbu...uddyinstall.exe
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://a.download.to...8.39/ttinst.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo....plorer1_9us.cab
O16 - DPF: {F5C90925-ABBF-4475-88F5-8622B452BA9E} (Compaq System Data Class) - http://www29.compaq....co/SysQuery.cab
O16 - DPF: {FFFFFFFF-CACE-BABE-BABE-00AA0055595A} - http://www.trueswitc...eInstallSBC.exe
O18 - Filter: text/html - {0FA7FD6B-47C3-425B-AE30-36383F1C4503} - C:\WINDOWS\system32\ejrwx8drl.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE

Advertisements

Register to Remove

#2 illukka

Retired Staff-Malware Expert

Authentic Member
834 posts

Posted 23 March 2006 - 06:46 AM

hi if you still need help post a fresh hijackthis log here using add reply i will take a look at it

To Ride, Shoot Straight And Speak TheTruth

#3 RLMoeller

New Member

New Member
8 posts

Posted 24 March 2006 - 09:07 PM

Yes, I still need help. When I first go on the internet, it's not too bad but the longer I stay online the slower and slower it gets. Maybe this info will help? Thanks for anything you can do!

Logfile of HijackThis v1.99.1
Scan saved at 6:49:40 PM, on 3/24/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\DOCUME~1\Samboshi\APPLIC~1\SMBOLS~1\arpa.exe
C:\Documents and Settings\Samboshi\My Documents\s?stem32\s?anregw.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\America Online 8.0\aoltray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Samboshi\Desktop\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapp...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp.../search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapp...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\jexed.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,taeinbg.exe
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: (no name) - {037D2D4A-9FF4-B057-A560-EC1C86E5BB9E} - C:\WINDOWS\system32\yibfyzdf.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\ACROBAT\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O2 - BHO: (no name) - {23FB5ADD-DA37-4a40-9FC0-B0E2384CDE92} - (no file)
O2 - BHO: (no name) - {70F6A776-579A-4C95-BA88-134253907752} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Yvakt Class - {98B9F201-C701-41F1-B338-7E5E0E6D768F} - C:\WINDOWS\system32\ejrwx8drl.dll
O2 - BHO: ohb - {9ADE0443-2AB2-4B23-A3F8-AC520773DE12} - C:\WINDOWS\system32\nsd8.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {E5E2A3E7-00FE-4D31-A030-A10799DDCA66} - (no file)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKCU\..\Run: [Snbu] "C:\DOCUME~1\Samboshi\APPLIC~1\SMBOLS~1\arpa.exe" -vt tzt
O4 - HKCU\..\Run: [Ofy] C:\Documents and Settings\Samboshi\My Documents\s?stem32\s?anregw.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: America Online Tray Icon.lnk = C:\Program Files\America Online 8.0\aoltray.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Search - http://edits.mywebse...?p=ZRxdm429YYUS
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll
O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM32\SHDOCVW.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.elitemediagroup.net
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.co...tup1.0.0.15.cab
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540013} (CInstall Class) - http://adserver.shar...ver/Install.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com...kup/qdiagcc.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1102272181956
O16 - DPF: {8A0DCBDB-6E20-489C-9041-C1E8A0352E75} (Mirar_Dummy_ATS1 Class) - http://awbeta.net-nu.../FIX/WinATS.cab
O16 - DPF: {9AC54695-69A4-46F1-BE10-10C74F9520D5} (elitectl.DemoCtl) - http://cabs.elitemed...s/mediaview.cab
O16 - DPF: {B8F2846E-CE36-11D0-AC83-00C04FD97575} - http://www.talkingbu...uddyinstall.exe
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://a.download.to...8.39/ttinst.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo....plorer1_9us.cab
O16 - DPF: {F5C90925-ABBF-4475-88F5-8622B452BA9E} (Compaq System Data Class) - http://www29.compaq....co/SysQuery.cab
O16 - DPF: {FFFFFFFF-CACE-BABE-BABE-00AA0055595A} - http://www.trueswitc...eInstallSBC.exe
O18 - Filter: text/html - {0FA7FD6B-47C3-425B-AE30-36383F1C4503} - C:\WINDOWS\system32\ejrwx8drl.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE

#4 illukka

Retired Staff-Malware Expert

Authentic Member
834 posts

Posted 25 March 2006 - 02:00 PM

hi

Download and Save Blacklight to your desktop:

Double-click blbeta.exe then accept the agreement, click > scan then > next

You'll see a list of all items found. There will also be a log on your desktop with the name fsbl.xxxxxxx.log (the xxxxxxx stand for numbers).

Copy and paste this log in your next reply. Don't choose the rename option yet! I want to see the log first, because legitimate items can also be present there, such as "wbemtest.exe"

To Ride, Shoot Straight And Speak TheTruth

#5 RLMoeller

New Member

New Member
8 posts

Posted 27 March 2006 - 06:12 PM

Perhaps, somehow I've been healed? When I did the blacklight thing it said I had no hidden stuff. Is that good? Here's the log: 03/27/06 16:02:40 [Info]: BlackLight Engine 1.0.33 initialized 03/27/06 16:02:40 [Info]: OS: 5.1 build 2600 (Service Pack 2) 03/27/06 16:02:41 [Note]: 7019 4 03/27/06 16:02:41 [Note]: 7005 0 03/27/06 16:02:46 [Note]: 7006 0 03/27/06 16:02:46 [Note]: 7011 728 03/27/06 16:02:47 [Note]: FSRAW library version 1.7.1015 03/27/06 16:03:38 [Note]: 7007 0 Thank you soooooo much for your time and trouble! P.S. Why doesn't this site have a "send" button---it took me so long to figure out how to post this!

#6 illukka

Retired Staff-Malware Expert

Authentic Member
834 posts

Posted 28 March 2006 - 08:09 AM

Perhaps, somehow I've been healed? When I did the blacklight thing it said I had no hidden stuff. Is that good?

thats very good

but still a little surprising
there should've been some..

Please download ewido anti malware it is a free version of the program.

Install ewido security suite
When installing, under "Additional Options" uncheck..
- Install background guard
- Install scan via context menu
Launch ewido, there should be an icon on your desktop, double-click it.
The program will now open to the main screen.
When you run ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment.
You will need to update ewido to the latest definition files.
- On the left hand side of the main screen click update.
- Then click on Start Update.
The update will start and a progress bar will show the updates being installed.
(the status bar at the bottom will display ("Update successful")

If you are having problems with the updater, you can use this link to manually update ewido.
ewido manual updates

Once the updates are installed do the following:

reboot your computer in SafeMode by doing the following:

Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
Instead of Windows loading as normal, a menu should appear
Select the first option, to run Windows in Safe Mode.

then launch ewido:

Click on scanner
Click on Complete System Scan and the scan will begin.
You will be prompted to clean the first infection.
Select "Perform action on all infections", then proceed.
Once the scan has completed, there will be a button located on the bottom of the screen named Save report
Click Save report.
Save the report .txt file to your desktop or a location where you can find it easily.

Close ewido anti malware.

reboot back to normal mode, post the ewido report and a log from a fresh hjt scan

To Ride, Shoot Straight And Speak TheTruth

#7 RLMoeller

New Member

New Member
8 posts

Posted 28 March 2006 - 06:46 PM

Hello! Here is the log report from ewido. Wow! It removed 365 "infections". Seemed like a lot to me. -------------------------------------------------------- ewido anti-malware - Scan report --------------------------------------------------------- + Created on: 4:35:39 PM, 3/28/2006 + Report-Checksum: D5B095B8 + Scan result: HKU\S-1-5-21-583907252-1677128483-1957994488-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{01EB5130-FC0C-4D75-B9CE-4801B1B854F5} -> Adware.Begin2Search : Cleaned with backup HKU\S-1-5-21-583907252-1677128483-1957994488-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{55BE9F0D-6CAF-4C3E-B125-5A13A8C9D0EC} -> Adware.Generic : Cleaned with backup HKU\S-1-5-21-583907252-1677128483-1957994488-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9ADE0443-2AB2-4B23-A3F8-AC520773DE12} -> Adware.Begin2Search : Cleaned with backup C:\WINDOWS\SYSTEM32\dwdsregt.exe -> Adware.ZenoSearch : Cleaned with backup C:\WINDOWS\SYSTEM32\lwinnrag.exe -> Adware.ZenoSearch : Cleaned with backup C:\WINDOWS\SYSTEM32\irismon.dll -> Adware.SafeSurfing : Cleaned with backup C:\WINDOWS\SYSTEM32\irssyncd.exe -> Adware.SafeSurfing : Cleaned with backup C:\WINDOWS\SYSTEM32\qmdsregs.exe -> Adware.ZenoSearch : Cleaned with backup C:\WINDOWS\SYSTEM32\WinNB57.dll -> Adware.Mirar : Cleaned with backup C:\WINDOWS\SYSTEM32\WinATS.dll -> Adware.Mirar : Cleaned with backup C:\WINDOWS\Downloaded Program Files\UERS_0001_N68M1801NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.d : Cleaned with backup C:\WINDOWS\JUSTIN2.exe -> Adware.EZula : Cleaned with backup C:\WINDOWS\elitemediapop.exe -> Trojan.LowZones.am : Cleaned with backup C:\WINDOWS\pss\kcsbj.exeCommon Startup -> Downloader.Qoologic.bj : Cleaned with backup C:\WINDOWS\ZIFI002.exe -> Adware.ZenoSearch : Cleaned with backup C:\WINDOWS\bu7dyo4f.exe -> Downloader.Small.afi : Cleaned with backup C:\WINDOWS\876057.exe -> Adware.Mirar : Cleaned with backup C:\Documents and Settings\Samboshi\Local Settings\Temp\Cookies\samboshi@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup C:\Documents and Settings\Samboshi\Local Settings\Temp\F7B82.tmp/slk8x2peu.exe -> Adware.Suggestor : Cleaned with backup C:\Documents and Settings\Samboshi\Local Settings\Temp\F7B82.tmp/ny8jr.exe -> Trojan.Runner.h : Cleaned with backup C:\Documents and Settings\Samboshi\Local Settings\Temp\mndcntas.tmp -> Adware.SafeSurfing : Cleaned with backup C:\Documents and Settings\Samboshi\Local Settings\Temporary Internet Files\Content.IE5\HOTYCSWO\ErrorSafeFreeInstall[1].cab/UERS_0001_N68M1801NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.d : Cleaned with backup C:\Documents and Settings\Samboshi\Cookies\samboshi@com[2].txt -> TrackingCookie.Com : Cleaned with backup C:\Documents and Settings\Samboshi\Cookies\samboshi@www.myaffiliateprogram[2].txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup C:\Documents and Settings\Samboshi\Cookies\samboshi@www.burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned with backup C:\Documents and Settings\Samboshi\Cookies\samboshi@adopt.specificclick[1].txt -> TrackingCookie.Specificclick : Cleaned with backup C:\Documents and Settings\Samboshi\Cookies\samboshi@yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup C:\Documents and Settings\Samboshi\Cookies\samboshi@e-2dj6wjkooocpgep.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\Samboshi\Cookies\samboshi@e-2dj6wjnygmazsbp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\Samboshi\Cookies\samboshi@e-2dj6wjny-1pdzeb.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\Samboshi\Cookies\samboshi@e-2dj6wfl4gid5sgo.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\Samboshi\Cookies\samboshi@e-2dj6wfkownc5gep.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\Samboshi\Cookies\samboshi@e-2dj6wjnycpcjolp.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\Samboshi\Cookies\samboshi@e-2dj6wjny-1mdpec.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\Samboshi\Cookies\samboshi@aavalue[2].txt -> TrackingCookie.Aavalue : Cleaned with backup C:\Documents and Settings\Samboshi\Cookies\samboshi@www5.click2begin[1].txt -> TrackingCookie.Click2begin : Cleaned with backup C:\Documents and Settings\Samboshi\Cookies\samboshi@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned with backup C:\Documents and Settings\Samboshi\Cookies\samboshi@ezgreets.aavalue[1].txt -> TrackingCookie.Aavalue : Cleaned with backup C:\Documents and Settings\Samboshi\Cookies\samboshi@www.epilot[1].txt -> TrackingCookie.Epilot : Cleaned with backup C:\Documents and Settings\Samboshi\Cookies\samboshi@e-2dj6wjnyandpoep.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\Samboshi\Cookies\samboshi@e-2dj6wjmigld5gep.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\Samboshi\Cookies\samboshi@e-2dj6wjlycndpmdo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\Samboshi\Cookies\samboshi@e-2dj6wjmygjcjsdo.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\Samboshi\Cookies\samboshi@e-2dj6wfkiulc5kkp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\Samboshi\Cookies\samboshi@e-2dj6wjnychd5mgq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\Samboshi\Cookies\samboshi@e-2dj6wjny-1majag.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\Samboshi\Cookies\samboshi@e-2dj6wjmikmajgco.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\Samboshi\Cookies\samboshi@e-2dj6wjnyuldpalp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\Samboshi\Cookies\samboshi@e-2dj6wgkyojc5iap.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\Samboshi\Cookies\samboshi@e-2dj6wjmyeidzgdp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\Samboshi\Cookies\samboshi@e-2dj6wjliugc5seq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\Samboshi\Cookies\samboshi@e-2dj6wfliqpd5ghp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\Samboshi\Cookies\samboshi@e-2dj6wjmiqhc5slp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\Samboshi\Cookies\samboshi@e-2dj6wfl4qjdpilp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\Samboshi\Cookies\samboshi@e-2dj6wjkokicpibq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\Samboshi\Cookies\samboshi@e-2dj6wfl4qidzmbq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\Samboshi\Cookies\samboshi@e-2dj6wjl4elc5ilq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\Samboshi\Cookies\samboshi@e-2dj6wfligjdjwfq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\Samboshi\Cookies\samboshi@e-2dj6wfl4eoajmkp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\Samboshi\Cookies\samboshi@e-2dj6wfkiqkcpsdo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\Samboshi\Cookies\samboshi@e-2dj6wjmiagd5sgp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\Samboshi\Cookies\samboshi@www4.click2begin[1].txt -> TrackingCookie.Click2begin : Cleaned with backup C:\Documents and Settings\Samboshi\Cookies\samboshi@www.click2begin[1].txt -> TrackingCookie.Click2begin : Cleaned with backup C:\Documents and Settings\Samboshi\Cookies\samboshi@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup C:\Documents and Settings\Samboshi\Cookies\samboshi@burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned with backup C:\Documents and Settings\Samboshi\Cookies\samboshi@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Cleaned with backup C:\Documents and Settings\Samboshi\Cookies\samboshi@oneeconomy.122.2o7[2].txt -> TrackingCookie.2o7 : Cleaned with backup C:\Documents and Settings\Samboshi\Cookies\samboshi@e-2dj6wjlokicpmho.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\Samboshi\Cookies\samboshi@e-2dj6wfkykiazohp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\Samboshi\Cookies\samboshi@e-2dj6wfliondzmho.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\Samboshi\Cookies\samboshi@e-2dj6wjny-1jcpmd.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\Samboshi\Cookies\samboshi@e-2dj6wjkygndzgdp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\Samboshi\Cookies\samboshi@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Cleaned with backup C:\Documents and Settings\Samboshi\Cookies\samboshi@e-2dj6wjlyqkcjalo.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\Samboshi\Cookies\samboshi@e-2dj6wjnywgdpaho.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\Samboshi\Cookies\samboshi@e-2dj6wflykidpmkp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\Samboshi\Cookies\samboshi@www.burstbeacon[1].txt -> TrackingCookie.Burstbeacon : Cleaned with backup C:\Documents and Settings\Samboshi\Cookies\samboshi@sales.liveperson[2].txt -> TrackingCookie.Liveperson : Cleaned with backup C:\Documents and Settings\Samboshi\Cookies\samboshi@adopt.specificclick[3].txt -> TrackingCookie.Specificclick : Cleaned with backup C:\Documents and Settings\Samboshi\Cookies\samboshi@e-2dj6wjmyqiajgdo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\Samboshi\Cookies\samboshi@e-2dj6wjnyenc5ohp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\Samboshi\Cookies\samboshi@e-2dj6wfl4whcpgao.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\Samboshi\Cookies\samboshi@e-2dj6wjmickc5mdq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\Samboshi\Cookies\samboshi@e-2dj6wfkoekazmcp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\Samboshi\Cookies\samboshi@e-2dj6wjny-1sdjgk.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\Samboshi\Cookies\samboshi@e-2dj6wjlyohdpcbq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\Samboshi\Cookies\samboshi@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned with backup C:\Documents and Settings\Samboshi\Cookies\samboshi@login.tracking101[3].txt -> TrackingCookie.Tracking101 : Cleaned with backup C:\Documents and Settings\Samboshi\Cookies\samboshi@login.tracking101[2].txt -> TrackingCookie.Tracking101 : Cleaned with backup C:\Documents and Settings\Samboshi\Cookies\samboshi@yadro[2].txt -> TrackingCookie.Yadro : Cleaned with backup C:\Documents and Settings\Samboshi\Cookies\samboshi@www.myaffiliateprogram[1].txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup C:\Documents and Settings\Samboshi\Cookies\samboshi@data2.perf.overture[2].txt -> TrackingCookie.Overture : Cleaned with backup C:\Documents and Settings\Samboshi\Cookies\samboshi@y-1shz2prbmdj6wvny-1sez2pra2dj6wjnychazwlogwdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\Samboshi\Cookies\samboshi@y-1shz2prbmdj6wvny-1sez2pra2dj6wjlyuncjodpqsdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\Samboshi\Cookies\samboshi@y-1shz2prbmdj6wvny-1sez2pra2dj6wjkyopdpaaoaqdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\Samboshi\Cookies\samboshi@y-1shz2prbmdj6wvny-1sez2pra2dj6wjnyohdzikpwmdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\Samboshi\Cookies\samboshi@y-1shz2prbmdj6wvny-1sez2pra2dj6wflochcjsaoa6dj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\Samboshi\Cookies\samboshi@y-1shz2prbmdj6wvny-1sez2pra2dj6wjlyagdjiapgudj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\Samboshi\Cookies\samboshi@y-1shz2prbmdj6wvny-1sez2pra2dj6wjk4alazedqamdj6x9ny-1seq-2-2.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\Samboshi\Cookies\samboshi@y-1shz2prbmdj6wvny-1sez2pra2dj6wjkosoajgfpwsdj6x9ny-1seq-2-2.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\Samboshi\Cookies\samboshi@y-1shz2prbmdj6wvny-1sez2pra2dj6wjlyaidpohpamdj6x9ny-1seq-2-2.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\Samboshi\Cookies\samboshi@y-1shz2prbmdj6wvny-1sez2pra2dj6wjk4akdpedowsdj6x9ny-1seq-2-2.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\Samboshi\Cookies\samboshi@a-1shz2prbmdj6wvny-1sez2pra2dj6wjkoskc5ihpq-1dj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\Samboshi\Cookies\samboshi@y-1shz2prbmdj6wvny-1sez2pra2dj6wjlieid5klpgwdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\Samboshi\Cookies\samboshi@y-1shz2prbmdj6wvny-1sez2pra2dj6wjnyggcjchpa6dj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\Samboshi\Cookies\samboshi@y-1shz2prbmdj6wvny-1sez2pra2dj6wfkoqjcjelpwmdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\Samboshi\Cookies\samboshi@y-1shz2prbmdj6wvny-1sez2pra2dj6wjkyujdjidoq6dj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\Samboshi\Cookies\samboshi@y-1shz2prbmdj6wvny-1sez2pra2dj6wjnyagazsepamdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\Samboshi\Cookies\samboshi@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : Cleaned with backup C:\Documents and Settings\Samboshi\Cookies\samboshi@y-1shz2prbmdj6wvny-1sez2pra2dj6wjloskd5ekpqsdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\Samboshi\Cookies\samboshi@e-2dj6wfkywjdzslo.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\Samboshi\Cookies\samboshi@e-2dj6wjlownazoco.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\Samboshi\Cookies\samboshi@e-2dj6wjkyomdjwap.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\Samboshi\Cookies\samboshi@e-2dj6wjkyakajkeo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\Samboshi\Cookies\samboshi@e-2dj6wjkokhdzgeo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\Samboshi\Cookies\samboshi@e-2dj6wjnyqid5wkp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\Samboshi\Cookies\samboshi@e-2dj6wjnyamd5ado.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\Samboshi\Cookies\samboshi@e-2dj6wfmicodzshp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\Samboshi\Cookies\samboshi@e-2dj6wjliohdzmko.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\Samboshi\Cookies\samboshi@y-1shz2prbmdj6wvny-1sez2pra2dj6wjkoqoazaaoawdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\Samboshi\Cookies\samboshi@data1.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup C:\Documents and Settings\Samboshi\Cookies\samboshi@y-1shz2prbmdj6wvny-1sez2pra2dj6wjk4oic5geoqydj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\Samboshi\Cookies\samboshi@www2.click2begin[1].txt -> TrackingCookie.Click2begin : Cleaned with backup C:\Documents and Settings\Samboshi\Cookies\samboshi@y-1shz2prbmdj6wvny-1sez2pra2dj6wjl4qncpkhpwydj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\Samboshi\Cookies\samboshi@entrepreneur.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup C:\Documents and Settings\Samboshi\Cookies\samboshi@starware[2].txt -> TrackingCookie.Starware : Cleaned with backup C:\Documents and Settings\Samboshi\Cookies\samboshi@y-1shz2prbmdj6wvny-1sez2pra2dj6wjkyenazscoaydj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\Samboshi\Cookies\samboshi@e-2dj6wjnyepajelo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\Samboshi\Cookies\samboshi@e-2dj6wfkiokcjakp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\Samboshi\Cookies\samboshi@e-2dj6wjnyohazahq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\Samboshi\Cookies\samboshi@e-2dj6wjnywkd5gko.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\Samboshi\Cookies\samboshi@y-1shz2prbmdj6wvny-1sez2pra2dj6wjk4ekazafpqmdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\Samboshi\Cookies\samboshi@e-2dj6wjnyskdjokp.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\Samboshi\Cookies\samboshi@e-2dj6wjnywodpwao.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\Samboshi\Cookies\samboshi@e-2dj6wjk4qmdzwkp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\Samboshi\Cookies\samboshi@e-2dj6wjkognazecp.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\Samboshi\Cookies\samboshi@e-2dj6wjl4aicpcbp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\Samboshi\Cookies\samboshi@e-2dj6wjnyupajmep.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\Samboshi\Cookies\samboshi@y-1shz2prbmdj6wvny-1sez2pra2dj6wjkysicpkfpw6dj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\Samboshi\Cookies\samboshi@www3.click2begin[1].txt -> TrackingCookie.Click2begin : Cleaned with backup C:\Documents and Settings\Samboshi\Cookies\samboshi@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup C:\Documents and Settings\Samboshi\Cookies\samboshi@e-2dj6wjnyojcjacq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\Samboshi\Cookies\samboshi@e-2dj6wgkyegczcco.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\Samboshi\Cookies\samboshi@login.tracking101[1].txt -> TrackingCookie.Tracking101 : Cleaned with backup C:\Documents and Settings\Samboshi\Cookies\samboshi@banner.paypopup[2].txt -> TrackingCookie.Paypopup : Cleaned with backup C:\Documents and Settings\Samboshi\Cookies\samboshi@e-2dj6wjkyuidjwbo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\Samboshi\Cookies\samboshi@e-2dj6wjnysgajgdo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\Samboshi\Cookies\samboshi@e-2dj6wjny-1lajgg.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\Samboshi\Cookies\samboshi@e-2dj6wfkywocjwko.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\Samboshi\Cookies\samboshi@e-2dj6wjny-1ldzoh.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\Samboshi\Cookies\samboshi@e-2dj6wjk4wmajoao.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\Samboshi\Cookies\samboshi@e-2dj6wflokpdzmkp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\Samboshi\Cookies\samboshi@e-2dj6wjkoenczedo.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\Samboshi\Cookies\samboshi@data3.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup C:\Documents and Settings\Samboshi\Cookies\samboshi@e-2dj6wjnyomc5cbo.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\Samboshi\Cookies\samboshi@e-2dj6wjnywodpwao.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\Samboshi\Cookies\samboshi@e-2dj6wjlywpcpaeq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\Samboshi\Cookies\samboshi@www.burstbeacon[2].txt -> TrackingCookie.Burstbeacon : Cleaned with backup C:\Documents and Settings\Samboshi\Cookies\samboshi@www.starware[1].txt -> TrackingCookie.Starware : Cleaned with backup C:\Documents and Settings\Samboshi\Cookies\samboshi@partygaming.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup C:\Documents and Settings\Samboshi\Cookies\samboshi@h.starware[1].txt -> TrackingCookie.Starware : Cleaned with backup C:\Documents and Settings\Samboshi\Cookies\samboshi@highbeam.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup C:\Documents and Settings\Samboshi\Cookies\samboshi@imgserv.adbutler[1].txt -> TrackingCookie.Adbutler : Cleaned with backup C:\Documents and Settings\Samboshi\Cookies\samboshi@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned with backup C:\Documents and Settings\Samboshi\Cookies\samboshi@e-2dj6wjnyqndjeao.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\Samboshi\Cookies\samboshi@reciperewards.aavalue[2].txt -> TrackingCookie.Aavalue : Cleaned with backup C:\Documents and Settings\Samboshi\Cookies\samboshi@hypertracker[1].txt -> TrackingCookie.Hypertracker : Cleaned with backup C:\Documents and Settings\Samboshi\Cookies\samboshi@e-2dj6wjnyqncjiho.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\Samboshi\Cookies\samboshi@e-2dj6wjk4kjcpwlq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\Samboshi\Cookies\samboshi@e-2dj6wjliqhdjigq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\Samboshi\Cookies\samboshi@e-2dj6wjlocicjghp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\Samboshi\Cookies\samboshi@e-2dj6wjmyeocjkbo.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\Samboshi\Cookies\samboshi@e-2dj6wjloqidzoko.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\Samboshi\Cookies\samboshi@e-2dj6wfkyslc5mgo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\Samboshi\Cookies\samboshi@e-2dj6wjkosoazafo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\Samboshi\Cookies\samboshi@e-2dj6wfkoooczccp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\Samboshi\Cookies\samboshi@cpvfeed[1].txt -> TrackingCookie.Cpvfeed : Cleaned with backup C:\Documents and Settings\Samboshi\Cookies\samboshi@stats.adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned with backup C:\Documents and Settings\Samboshi\Cookies\samboshi@paypopup[2].txt -> TrackingCookie.Paypopup : Cleaned with backup C:\Documents and Settings\Samboshi\Cookies\samboshi@ads1.revenue[1].txt -> TrackingCookie.Revenue : Cleaned with backup C:\Documents and Settings\Samboshi\Cookies\samboshi@c.enhance[2].txt -> TrackingCookie.Enhance : Cleaned with backup C:\Documents and Settings\Samboshi\Cookies\samboshi@goldenpalace[2].txt -> TrackingCookie.Goldenpalace : Cleaned with backup C:\Documents and Settings\Samboshi\Cookies\samboshi@sales.liveperson[3].txt -> TrackingCookie.Liveperson : Cleaned with backup C:\Documents and Settings\Samboshi\Cookies\samboshi@eztracks.aavalue[2].txt -> TrackingCookie.Aavalue : Cleaned with backup C:\Documents and Settings\Samboshi\Cookies\samboshi@aavalue[3].txt -> TrackingCookie.Aavalue : Cleaned with backup C:\Documents and Settings\Samboshi\Cookies\samboshi@www6.click2begin[1].txt -> TrackingCookie.Click2begin : Cleaned with backup C:\Documents and Settings\Samboshi\Cookies\samboshi@clubmom.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup C:\Documents and Settings\Samboshi\Cookies\samboshi@c.goclick[1].txt -> TrackingCookie.Goclick : Cleaned with backup :mozilla.14:C:\Documents and Settings\Samboshi\Application Data\Mozilla\Firefox\Profiles\7x6srz8f.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup :mozilla.15:C:\Documents and Settings\Samboshi\Application Data\Mozilla\Firefox\Profiles\7x6srz8f.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup :mozilla.30:C:\Documents and Settings\Samboshi\Application Data\Mozilla\Firefox\Profiles\7x6srz8f.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.31:C:\Documents and Settings\Samboshi\Application Data\Mozilla\Firefox\Profiles\7x6srz8f.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.32:C:\Documents and Settings\Samboshi\Application Data\Mozilla\Firefox\Profiles\7x6srz8f.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.33:C:\Documents and Settings\Samboshi\Application Data\Mozilla\Firefox\Profiles\7x6srz8f.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.34:C:\Documents and Settings\Samboshi\Application Data\Mozilla\Firefox\Profiles\7x6srz8f.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.35:C:\Documents and Settings\Samboshi\Application Data\Mozilla\Firefox\Profiles\7x6srz8f.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup :mozilla.36:C:\Documents and Settings\Samboshi\Application Data\Mozilla\Firefox\Profiles\7x6srz8f.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup :mozilla.43:C:\Documents and Settings\Samboshi\Application Data\Mozilla\Firefox\Profiles\7x6srz8f.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup :mozilla.44:C:\Documents and Settings\Samboshi\Application Data\Mozilla\Firefox\Profiles\7x6srz8f.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup :mozilla.49:C:\Documents and Settings\Samboshi\Application Data\Mozilla\Firefox\Profiles\7x6srz8f.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup :mozilla.50:C:\Documents and Settings\Samboshi\Application Data\Mozilla\Firefox\Profiles\7x6srz8f.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup :mozilla.51:C:\Documents and Settings\Samboshi\Application Data\Mozilla\Firefox\Profiles\7x6srz8f.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup :mozilla.52:C:\Documents and Settings\Samboshi\Application Data\Mozilla\Firefox\Profiles\7x6srz8f.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup :mozilla.53:C:\Documents and Settings\Samboshi\Application Data\Mozilla\Firefox\Profiles\7x6srz8f.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup :mozilla.54:C:\Documents and Settings\Samboshi\Application Data\Mozilla\Firefox\Profiles\7x6srz8f.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup :mozilla.55:C:\Documents and Settings\Samboshi\Application Data\Mozilla\Firefox\Profiles\7x6srz8f.default\cookies.txt -> TrackingCookie.Addynamix : Cleaned with backup :mozilla.56:C:\Documents and Settings\Samboshi\Application Data\Mozilla\Firefox\Profiles\7x6srz8f.default\cookies.txt -> TrackingCookie.Addynamix : Cleaned with backup :mozilla.58:C:\Documents and Settings\Samboshi\Application Data\Mozilla\Firefox\Profiles\7x6srz8f.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup :mozilla.59:C:\Documents and Settings\Samboshi\Application Data\Mozilla\Firefox\Profiles\7x6srz8f.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup :mozilla.60:C:\Documents and Settings\Samboshi\Application Data\Mozilla\Firefox\Profiles\7x6srz8f.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup :mozilla.61:C:\Documents and Settings\Samboshi\Application Data\Mozilla\Firefox\Profiles\7x6srz8f.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup :mozilla.62:C:\Documents and Settings\Samboshi\Application Data\Mozilla\Firefox\Profiles\7x6srz8f.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup :mozilla.63:C:\Documents and Settings\Samboshi\Application Data\Mozilla\Firefox\Profiles\7x6srz8f.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup :mozilla.69:C:\Documents and Settings\Samboshi\Application Data\Mozilla\Firefox\Profiles\7x6srz8f.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup :mozilla.70:C:\Documents and Settings\Samboshi\Application Data\Mozilla\Firefox\Profiles\7x6srz8f.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup :mozilla.76:C:\Documents and Settings\Samboshi\Application Data\Mozilla\Firefox\Profiles\7x6srz8f.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup :mozilla.77:C:\Documents and Settings\Samboshi\Application Data\Mozilla\Firefox\Profiles\7x6srz8f.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup :mozilla.78:C:\Documents and Settings\Samboshi\Application Data\Mozilla\Firefox\Profiles\7x6srz8f.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup :mozilla.79:C:\Documents and Settings\Samboshi\Application Data\Mozilla\Firefox\Profiles\7x6srz8f.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup :mozilla.89:C:\Documents and Settings\Samboshi\Application Data\Mozilla\Firefox\Profiles\7x6srz8f.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup :mozilla.140:C:\Documents and Settings\Samboshi\Application Data\Mozilla\Firefox\Profiles\7x6srz8f.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup :mozilla.141:C:\Documents and Settings\Samboshi\Application Data\Mozilla\Firefox\Profiles\7x6srz8f.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup :mozilla.142:C:\Documents and Settings\Samboshi\Application Data\Mozilla\Firefox\Profiles\7x6srz8f.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup :mozilla.143:C:\Documents and Settings\Samboshi\Application Data\Mozilla\Firefox\Profiles\7x6srz8f.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup :mozilla.144:C:\Documents and Settings\Samboshi\Application Data\Mozilla\Firefox\Profiles\7x6srz8f.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup :mozilla.145:C:\Documents and Settings\Samboshi\Application Data\Mozilla\Firefox\Profiles\7x6srz8f.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup :mozilla.146:C:\Documents and Settings\Samboshi\Application Data\Mozilla\Firefox\Profiles\7x6srz8f.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup :mozilla.147:C:\Documents and Settings\Samboshi\Application Data\Mozilla\Firefox\Profiles\7x6srz8f.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup :mozilla.148:C:\Documents and Settings\Samboshi\Application Data\Mozilla\Firefox\Profiles\7x6srz8f.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup :mozilla.149:C:\Documents and Settings\Samboshi\Application Data\Mozilla\Firefox\Profiles\7x6srz8f.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup :mozilla.150:C:\Documents and Settings\Samboshi\Application Data\Mozilla\Firefox\Profiles\7x6srz8f.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup :mozilla.151:C:\Documents and Settings\Samboshi\Application Data\Mozilla\Firefox\Profiles\7x6srz8f.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup :mozilla.152:C:\Documents and Settings\Samboshi\Application Data\Mozilla\Firefox\Profiles\7x6srz8f.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup :mozilla.153:C:\Documents and Settings\Samboshi\Application Data\Mozilla\Firefox\Profiles\7x6srz8f.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup :mozilla.154:C:\Documents and Settings\Samboshi\Application Data\Mozilla\Firefox\Profiles\7x6srz8f.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup :mozilla.155:C:\Documents and Settings\Samboshi\Application Data\Mozilla\Firefox\Profiles\7x6srz8f.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup :mozilla.162:C:\Documents and Settings\Samboshi\Application Data\Mozilla\Firefox\Profiles\7x6srz8f.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned with backup :mozilla.163:C:\Documents and Settings\Samboshi\Application Data\Mozilla\Firefox\Profiles\7x6srz8f.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned with backup :mozilla.164:C:\Documents and Settings\Samboshi\Application Data\Mozilla\Firefox\Profiles\7x6srz8f.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned with backup :mozilla.165:C:\Documents and Settings\Samboshi\Application Data\Mozilla\Firefox\Profiles\7x6srz8f.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned with backup :mozilla.166:C:\Documents and Settings\Samboshi\Application Data\Mozilla\Firefox\Profiles\7x6srz8f.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned with backup :mozilla.167:C:\Documents and Settings\Samboshi\Application Data\Mozilla\Firefox\Profiles\7x6srz8f.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned with backup :mozilla.168:C:\Documents and Settings\Samboshi\Application Data\Mozilla\Firefox\Profiles\7x6srz8f.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned with backup :mozilla.169:C:\Documents and Settings\Samboshi\Application Data\Mozilla\Firefox\Profiles\7x6srz8f.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned with backup :mozilla.170:C:\Documents and Settings\Samboshi\Application Data\Mozilla\Firefox\Profiles\7x6srz8f.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned with backup :mozilla.171:C:\Documents and Settings\Samboshi\Application Data\Mozilla\Firefox\Profiles\7x6srz8f.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned with backup :mozilla.172:C:\Documents and Settings\Samboshi\Application Data\Mozilla\Firefox\Profiles\7x6srz8f.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned with backup :mozilla.177:C:\Documents and Settings\Samboshi\Application Data\Mozilla\Firefox\Profiles\7x6srz8f.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup :mozilla.178:C:\Documents and Settings\Samboshi\Application Data\Mozilla\Firefox\Profiles\7x6srz8f.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup :mozilla.179:C:\Documents and Settings\Samboshi\Application Data\Mozilla\Firefox\Profiles\7x6srz8f.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup :mozilla.180:C:\Documents and Settings\Samboshi\Application Data\Mozilla\Firefox\Profiles\7x6srz8f.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup :mozilla.186:C:\Documents and Settings\Samboshi\Application Data\Mozilla\Firefox\Profiles\7x6srz8f.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup :mozilla.194:C:\Documents and Settings\Samboshi\Application Data\Mozilla\Firefox\Profiles\7x6srz8f.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup :mozilla.211:C:\Documents and Settings\Samboshi\Application Data\Mozilla\Firefox\Profiles\7x6srz8f.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup :mozilla.213:C:\Documents and Settings\Samboshi\Application Data\Mozilla\Firefox\Profiles\7x6srz8f.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup :mozilla.214:C:\Documents and Settings\Samboshi\Application Data\Mozilla\Firefox\Profiles\7x6srz8f.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup :mozilla.216:C:\Documents and Settings\Samboshi\Application Data\Mozilla\Firefox\Profiles\7x6srz8f.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup :mozilla.221:C:\Documents and Settings\Samboshi\Application Data\Mozilla\Firefox\Profiles\7x6srz8f.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup :mozilla.222:C:\Documents and Settings\Samboshi\Application Data\Mozilla\Firefox\Profiles\7x6srz8f.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup :mozilla.223:C:\Documents and Settings\Samboshi\Application Data\Mozilla\Firefox\Profiles\7x6srz8f.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup :mozilla.224:C:\Documents and Settings\Samboshi\Application Data\Mozilla\Firefox\Profiles\7x6srz8f.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup :mozilla.225:C:\Documents and Settings\Samboshi\Application Data\Mozilla\Firefox\Profiles\7x6srz8f.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup :mozilla.233:C:\Documents and Settings\Samboshi\Application Data\Mozilla\Firefox\Profiles\7x6srz8f.default\cookies.txt -> TrackingCookie.Centrport : Cleaned with backup C:\Documents and Settings\Ryan\Cookies\ryan@ads.realcastmedia[2].txt -> TrackingCookie.Realcastmedia : Cleaned with backup C:\Documents and Settings\Ryan\Cookies\ryan@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup C:\Documents and Settings\Ryan\Cookies\ryan@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup C:\Documents and Settings\Ryan\Cookies\ryan@www2.click2begin[1].txt -> TrackingCookie.Click2begin : Cleaned with backup :mozilla.16:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uj395eky.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup :mozilla.22:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uj395eky.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup :mozilla.31:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uj395eky.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup :mozilla.32:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uj395eky.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup :mozilla.33:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uj395eky.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup :mozilla.34:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uj395eky.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup :mozilla.35:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uj395eky.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup :mozilla.38:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uj395eky.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup :mozilla.39:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uj395eky.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup :mozilla.40:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uj395eky.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup :mozilla.41:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uj395eky.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup :mozilla.42:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uj395eky.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup :mozilla.43:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uj395eky.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup :mozilla.44:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uj395eky.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup :mozilla.47:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uj395eky.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup :mozilla.48:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uj395eky.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup :mozilla.49:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uj395eky.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.50:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uj395eky.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.51:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uj395eky.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.52:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uj395eky.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.53:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uj395eky.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.54:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uj395eky.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.55:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uj395eky.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.56:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uj395eky.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.57:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uj395eky.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.62:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uj395eky.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup :mozilla.75:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uj395eky.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup :mozilla.76:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uj395eky.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup :mozilla.79:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uj395eky.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup :mozilla.81:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uj395eky.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup :mozilla.82:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uj395eky.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup :mozilla.83:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uj395eky.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup :mozilla.84:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uj395eky.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup :mozilla.85:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uj395eky.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup :mozilla.86:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uj395eky.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup :mozilla.87:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uj395eky.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup :mozilla.96:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uj395eky.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup :mozilla.98:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uj395eky.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup :mozilla.104:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uj395eky.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup :mozilla.105:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uj395eky.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup :mozilla.106:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uj395eky.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup :mozilla.108:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uj395eky.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup :mozilla.109:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uj395eky.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup :mozilla.110:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uj395eky.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup :mozilla.111:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uj395eky.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup :mozilla.112:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uj395eky.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup :mozilla.117:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uj395eky.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.119:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uj395eky.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup :mozilla.120:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uj395eky.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup :mozilla.136:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uj395eky.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup :mozilla.137:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uj395eky.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup :mozilla.138:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uj395eky.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup :mozilla.139:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uj395eky.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned with backup :mozilla.140:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uj395eky.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup :mozilla.144:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uj395eky.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup :mozilla.145:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uj395eky.default\cookies.txt -> TrackingCookie.Realtracker : Cleaned with backup :mozilla.146:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uj395eky.default\cookies.txt -> TrackingCookie.Realtracker : Cleaned with backup :mozilla.154:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uj395eky.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup :mozilla.165:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uj395eky.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup :mozilla.191:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uj395eky.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup :mozilla.198:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uj395eky.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup :mozilla.199:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uj395eky.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup :mozilla.202:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uj395eky.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup :mozilla.209:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uj395eky.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup :mozilla.210:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uj395eky.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup :mozilla.213:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uj395eky.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup :mozilla.215:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uj395eky.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup :mozilla.216:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uj395eky.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup :mozilla.217:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uj395eky.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup :mozilla.218:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uj395eky.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup :mozilla.219:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uj395eky.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup :mozilla.220:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uj395eky.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup :mozilla.221:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uj395eky.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup :mozilla.222:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uj395eky.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup :mozilla.223:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uj395eky.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup :mozilla.234:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uj395eky.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned with backup :mozilla.237:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uj395eky.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned with backup :mozilla.245:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uj395eky.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup :mozilla.249:C

#8 illukka

Retired Staff-Malware Expert

Authentic Member
834 posts

Posted 29 March 2006 - 10:59 AM

hi i am not sure if you posted the whole report( it should read "report end" in the end

) can you post it another time, edit out the cookie detections, and leave only the detected files and registry entries also post a new hiajckthis log

To Ride, Shoot Straight And Speak TheTruth

#9 RLMoeller

New Member

New Member
8 posts

Posted 29 March 2006 - 03:22 PM

Thanks sooooo much for all your help!

Here is the latest hijackthis log file:

Logfile of HijackThis v1.99.1
Scan saved at 1:14:24 PM, on 3/29/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Samboshi\Desktop\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapp...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp.../search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapp...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,taeinbg.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\ACROBAT\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {23FB5ADD-DA37-4a40-9FC0-B0E2384CDE92} - (no file)
O2 - BHO: (no name) - {70F6A776-579A-4C95-BA88-134253907752} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - blank (file missing)
O2 - BHO: Yvakt Class - {98B9F201-C701-41F1-B338-7E5E0E6D768F} - blank (file missing)
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: IEPlugin Class - {CF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files\Advanced System Optimizer\IEHelper.dll
O3 - Toolbar: (no name) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [winsync] C:\WINDOWS\system32\wakqcr.exe reg_run
O4 - HKCU\..\Run: [Registry Cleaner] C:\PROGRA~1\REGIST~1\regclean.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Search - http://edits.mywebse...?p=ZRxdm429YYUS
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - blank (file missing)
O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - blank (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.elitemediagroup.net
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.co...tup1.0.0.15.cab
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540013} (CInstall Class) - http://adserver.shar...ver/Install.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com...kup/qdiagcc.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1102272181956
O16 - DPF: {8A0DCBDB-6E20-489C-9041-C1E8A0352E75} (Mirar_Dummy_ATS1 Class) - http://awbeta.net-nu.../FIX/WinATS.cab
O16 - DPF: {9AC54695-69A4-46F1-BE10-10C74F9520D5} (elitectl.DemoCtl) - http://cabs.elitemed...s/mediaview.cab
O16 - DPF: {B8F2846E-CE36-11D0-AC83-00C04FD97575} - http://www.talkingbu...uddyinstall.exe
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo....plorer1_9us.cab
O16 - DPF: {F5C90925-ABBF-4475-88F5-8622B452BA9E} (Compaq System Data Class) - http://www29.compaq....co/SysQuery.cab
O16 - DPF: {FFFFFFFF-CACE-BABE-BABE-00AA0055595A} - http://www.trueswitc...eInstallSBC.exe
O18 - Filter: text/html - {0FA7FD6B-47C3-425B-AE30-36383F1C4503} - blank
O23 - Service: AOL Connectivity Service (AOL ACS) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE

And here is the cookie-free log from ewido:

ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 4:35:39 PM, 3/28/2006
+ Report-Checksum: D5B095B8

+ Scan result:

HKU\S-1-5-21-583907252-1677128483-1957994488-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{01EB5130-FC0C-4D75-B9CE-4801B1B854F5} -> Adware.Begin2Search : Cleaned with backup
HKU\S-1-5-21-583907252-1677128483-1957994488-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{55BE9F0D-6CAF-4C3E-B125-5A13A8C9D0EC} -> Adware.Generic : Cleaned with backup
HKU\S-1-5-21-583907252-1677128483-1957994488-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9ADE0443-2AB2-4B23-A3F8-AC520773DE12} -> Adware.Begin2Search : Cleaned with backup
C:\WINDOWS\SYSTEM32\dwdsregt.exe -> Adware.ZenoSearch : Cleaned with backup
C:\WINDOWS\SYSTEM32\lwinnrag.exe -> Adware.ZenoSearch : Cleaned with backup
C:\WINDOWS\SYSTEM32\irismon.dll -> Adware.SafeSurfing : Cleaned with backup
C:\WINDOWS\SYSTEM32\irssyncd.exe -> Adware.SafeSurfing : Cleaned with backup
C:\WINDOWS\SYSTEM32\qmdsregs.exe -> Adware.ZenoSearch : Cleaned with backup
C:\WINDOWS\SYSTEM32\WinNB57.dll -> Adware.Mirar : Cleaned with backup
C:\WINDOWS\SYSTEM32\WinATS.dll -> Adware.Mirar : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\UERS_0001_N68M1801NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.d : Cleaned with backup
C:\WINDOWS\JUSTIN2.exe -> Adware.EZula : Cleaned with backup
C:\WINDOWS\elitemediapop.exe -> Trojan.LowZones.am : Cleaned with backup
C:\WINDOWS\pss\kcsbj.exeCommon Startup -> Downloader.Qoologic.bj : Cleaned with backup
C:\WINDOWS\ZIFI002.exe -> Adware.ZenoSearch : Cleaned with backup
C:\WINDOWS\bu7dyo4f.exe -> Downloader.Small.afi : Cleaned with backup
C:\WINDOWS\876057.exe -> Adware.Mirar : Cleaned with backup
C:\Documents and Settings\Samboshi\Local Settings\Temp\Cookies\samboshi@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Samboshi\Local Settings\Temp\F7B82.tmp/slk8x2peu.exe -> Adware.Suggestor : Cleaned with backup
C:\Documents and Settings\Samboshi\Local Settings\Temp\F7B82.tmp/ny8jr.exe -> Trojan.Runner.h : Cleaned with backup
C:\Documents and Settings\Samboshi\Local Settings\Temp\mndcntas.tmp -> Adware.SafeSurfing : Cleaned with backup
C:\Documents and Settings\Samboshi\Local Settings\Temporary Internet Files\Content.IE5\HOTYCSWO\ErrorSafeFreeInstall[1].cab/UERS_0001_N68M1801NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.d : Cleaned with backup
click[1].txt -> TrackingCookie.Goclick : Cleaned with backup

C:\System Volume Information\_restore{72189C7C-BA1A-443A-8726-3A2F61621DA6}\RP708\A0060426.dll -> Adware.PurityScan : Cleaned with backup
C:\System Volume Information\_restore{72189C7C-BA1A-443A-8726-3A2F61621DA6}\RP708\A0060427.exe -> Adware.PurityScan : Cleaned with backup
C:\System Volume Information\_restore{72189C7C-BA1A-443A-8726-3A2F61621DA6}\RP713\A0060713.dll -> Adware.PurityScan : Cleaned with backup
C:\System Volume Information\_restore{72189C7C-BA1A-443A-8726-3A2F61621DA6}\RP713\A0060745.exe -> Adware.Suggestor : Cleaned with backup
C:\System Volume Information\_restore{72189C7C-BA1A-443A-8726-3A2F61621DA6}\RP713\A0060746.exe -> Trojan.Runner.h : Cleaned with backup
C:\System Volume Information\_restore{72189C7C-BA1A-443A-8726-3A2F61621DA6}\RP713\A0060826.dll -> Adware.Suggestor : Cleaned with backup
C:\System Volume Information\_restore{72189C7C-BA1A-443A-8726-3A2F61621DA6}\RP716\A0061260.EXE -> Downloader.Qoologic.bj : Cleaned with backup
C:\System Volume Information\_restore{72189C7C-BA1A-443A-8726-3A2F61621DA6}\RP716\A0061336.DLL -> Downloader.Agent.agw : Cleaned with backup
C:\System Volume Information\_restore{72189C7C-BA1A-443A-8726-3A2F61621DA6}\RP716\A0061341.EXE -> Downloader.Qoologic.bj : Cleaned with backup
C:\System Volume Information\_restore{72189C7C-BA1A-443A-8726-3A2F61621DA6}\RP716\A0061342.EXE -> Downloader.Qoologic.bj : Cleaned with backup
C:\System Volume Information\_restore{72189C7C-BA1A-443A-8726-3A2F61621DA6}\RP716\A0061343.EXE -> Downloader.Qoologic.bj : Cleaned with backup
C:\System Volume Information\_restore{72189C7C-BA1A-443A-8726-3A2F61621DA6}\RP716\A0061344.DLL -> Downloader.Qoologic.bj : Cleaned with backup
C:\System Volume Information\_restore{72189C7C-BA1A-443A-8726-3A2F61621DA6}\RP716\A0061346.EXE -> Downloader.Qoologic.bj : Cleaned with backup
C:\System Volume Information\_restore{72189C7C-BA1A-443A-8726-3A2F61621DA6}\RP716\A0061412.dll -> Adware.HotSearchBar : Cleaned with backup
C:\System Volume Information\_restore{72189C7C-BA1A-443A-8726-3A2F61621DA6}\RP707\A0058130.exe -> Downloader.Qoologic.at : Cleaned with backup
C:\System Volume Information\_restore{72189C7C-BA1A-443A-8726-3A2F61621DA6}\RP707\A0058131.dll -> Adware.EZula : Cleaned with backup

::Report End

#10 illukka

Retired Staff-Malware Expert

Authentic Member
834 posts

Posted 29 March 2006 - 03:51 PM

hi

open hijackthis
click do a system scan only
checkmark these lines:
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapp...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp.../search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapp...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,taeinbg.exe
O2 - BHO: (no name) - {23FB5ADD-DA37-4a40-9FC0-B0E2384CDE92} - (no file)
O2 - BHO: (no name) - {70F6A776-579A-4C95-BA88-134253907752} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - blank (file missing)
O2 - BHO: Yvakt Class - {98B9F201-C701-41F1-B338-7E5E0E6D768F} - blank (file missing)
O3 - Toolbar: (no name) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - (no file)
O4 - HKLM\..\Run: [winsync] C:\WINDOWS\system32\wakqcr.exe reg_run
O8 - Extra context menu item: &Search - http://edits.mywebse...?p=ZRxdm429YYUS
O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - blank (file missing)
O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - blank (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O15 - Trusted Zone: *.elitemediagroup.net
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.co...tup1.0.0.15.cab
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540013} (CInstall Class) - http://adserver.shar...ver/Install.cab
O16 - DPF: {8A0DCBDB-6E20-489C-9041-C1E8A0352E75} (Mirar_Dummy_ATS1 Class) - http://awbeta.net-nu.../FIX/WinATS.cab
O16 - DPF: {9AC54695-69A4-46F1-BE10-10C74F9520D5} (elitectl.DemoCtl) - http://cabs.elitemed...s/mediaview.cab
O16 - DPF: {B8F2846E-CE36-11D0-AC83-00C04FD97575} - http://www.talkingbu...uddyinstall.exe
O16 - DPF: {FFFFFFFF-CACE-BABE-BABE-00AA0055595A} - http://www.trueswitc...eInstallSBC.exe
O18 - Filter: text/html - {0FA7FD6B-47C3-425B-AE30-36383F1C4503} - blank

then close all other programs, including browsers and explorer windows, leaving only hijackthis running
and click fix checked

reboot

post a new log

To Ride, Shoot Straight And Speak TheTruth

Advertisements

Register to Remove

#11 RLMoeller

New Member

New Member
8 posts

Posted 29 March 2006 - 05:25 PM

Hello--Followed your directions (and recognized a couple of nasties--"Talking Buddy"!) so THANK YOU!
Here's the new log:

Logfile of HijackThis v1.99.1
Scan saved at 3:16:32 PM, on 3/29/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Samboshi\Desktop\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\ACROBAT\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: IEPlugin Class - {CF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files\Advanced System Optimizer\IEHelper.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKCU\..\Run: [Registry Cleaner] C:\PROGRA~1\REGIST~1\regclean.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com...kup/qdiagcc.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1102272181956
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo....plorer1_9us.cab
O16 - DPF: {F5C90925-ABBF-4475-88F5-8622B452BA9E} (Compaq System Data Class) - http://www29.compaq....co/SysQuery.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE

#12 illukka

Retired Staff-Malware Expert

Authentic Member
834 posts

Posted 30 March 2006 - 11:49 AM

hi

wow the log looks good..

lets make sure that there are ho hidden files there:

go to Panda ActiveScan

Reboot back into Windows and click the Panda ActiveScan shortcut.
- Once you are on the Panda site click the Scan your PC button
- A new window will open...click the Check Now button
- Enter your Country
- Enter your State/Province
- Enter your e-mail address and click send
- Select either Home User or Company
- Click the big Scan Now button
- If it wants to install an ActiveX component allow it
- It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
- When download is complete, click on Local Disks to start the scan
- When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.
Post the contents of the Panda scan report, along with a new HijackThis Log

Let us know if any problems persist.

To Ride, Shoot Straight And Speak TheTruth

#13 RLMoeller

New Member

New Member
8 posts

Posted 30 March 2006 - 06:18 PM

Good afternoon! Have done Pandaware as you suggested and it found 48 spyware items and 1 hijacking item. Interesting. Thank you again and again for all your time and attention. I sure do appreciate it! Here's the two logs:
Logfile of HijackThis v1.99.1
Scan saved at 4:05:26 PM, on 3/30/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Samboshi\Desktop\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\ACROBAT\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: IEPlugin Class - {CF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files\Advanced System Optimizer\IEHelper.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKCU\..\Run: [Registry Cleaner] C:\PROGRA~1\REGIST~1\regclean.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com...kup/qdiagcc.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1102272181956
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo....plorer1_9us.cab
O16 - DPF: {F5C90925-ABBF-4475-88F5-8622B452BA9E} (Compaq System Data Class) - http://www29.compaq....co/SysQuery.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE

THE PANDAWARE SCAN:

Incident Status Location

Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Samboshi\Local Settings\Temp\Cookies\samboshi@atwola[2].txt
Potentially unwanted tool:Application/FunWeb Not disinfected C:\Documents and Settings\Samboshi\Desktop\hijackthis\backups\backup-20060329-151518-597.inf
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Samboshi\Cookies\samboshi@atwola[3].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Samboshi\Cookies\samboshi@ads.pointroll[1].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Samboshi\Cookies\samboshi@atwola[4].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Samboshi\Cookies\samboshi@doubleclick[1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Samboshi\Cookies\samboshi@atdmt[2].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Samboshi\Cookies\samboshi@questionmarket[1].txt
Spyware:Cookie/go Not disinfected C:\Documents and Settings\Samboshi\Cookies\samboshi@go[2].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Samboshi\Cookies\samboshi@atwola[2].txt
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Samboshi\Cookies\samboshi@2o7[2].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Samboshi\Cookies\samboshi@mediaplex[1].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Samboshi\Cookies\samboshi@serving-sys[2].txt
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\Samboshi\Cookies\samboshi@888[2].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Samboshi\Cookies\samboshi@advertising[2].txt
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Samboshi\Cookies\samboshi@statse.webtrendslive[1].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Samboshi\Cookies\samboshi@perf.overture[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Samboshi\Cookies\samboshi@dist.belnk[1].txt
Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\Samboshi\Cookies\samboshi@errorsafe[2].txt
Spyware:Cookie/Banner Not disinfected C:\Documents and Settings\Samboshi\Cookies\samboshi@banner[2].txt
Spyware:Cookie/Banner Not disinfected C:\Documents and Settings\Samboshi\Cookies\samboshi@banner[1].txt
Spyware:Cookie/360i Not disinfected C:\Documents and Settings\Samboshi\Cookies\samboshi@ct.360i[2].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Samboshi\Cookies\samboshi@atwola[5].txt
Spyware:Cookie/go Not disinfected C:\Documents and Settings\Samboshi\Cookies\samboshi@go[3].txt
Spyware:Cookie/Target Not disinfected C:\Documents and Settings\Samboshi\Cookies\samboshi@target[2].txt
Spyware:Cookie/WebPower Not disinfected C:\Documents and Settings\Samboshi\Cookies\samboshi@webpower[2].txt
Spyware:Cookie/did-it Not disinfected C:\Documents and Settings\Samboshi\Cookies\samboshi@did-it[1].txt
Spyware:Cookie/Rightmedia Not disinfected C:\Documents and Settings\Samboshi\Cookies\samboshi@rightmedia[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Samboshi\Cookies\samboshi@dist.belnk[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Samboshi\Cookies\samboshi@belnk[2].txt
Spyware:Cookie/WinFixer Not disinfected C:\Documents and Settings\Samboshi\Cookies\samboshi@winfixer[1].txt
Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\Samboshi\Cookies\samboshi@www.errorsafe[1].txt
Spyware:Cookie/360i Not disinfected C:\Documents and Settings\Samboshi\Cookies\samboshi@ct.360i[1].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Samboshi\Cookies\samboshi@atwola[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Samboshi\Cookies\samboshi@ath.belnk[1].txt
Spyware:Cookie/Seeq Not disinfected C:\Documents and Settings\Samboshi\Cookies\samboshi@www48.seeq[1].txt
Spyware:Cookie/Buydomains Not disinfected C:\Documents and Settings\Samboshi\Cookies\samboshi@www47.buydomains[1].txt
Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\Samboshi\Cookies\samboshi@azjmp[1].txt
Spyware:Cookie/Entrepreneur Not disinfected C:\Documents and Settings\Samboshi\Cookies\samboshi@entrepreneur[2].txt
Spyware:Cookie/Target Not disinfected C:\Documents and Settings\Samboshi\Cookies\samboshi@target[1].txt
Spyware:Cookie/Advnt Not disinfected C:\Documents and Settings\Samboshi\Cookies\samboshi@www.advnt01[1].txt
Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\Samboshi\Cookies\samboshi@adopt.hbmediapro[2].txt
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\Samboshi\Cookies\samboshi@888[1].txt
Spyware:Cookie/Cassava Not disinfected C:\Documents and Settings\Samboshi\Cookies\samboshi@cassava[1].txt
Spyware:Cookie/go Not disinfected C:\Documents and Settings\Samboshi\Cookies\samboshi@go[1].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Samboshi\Application Data\Mozilla\Firefox\Profiles\7x6srz8f.default\cookies.txt[]
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Ryan\Cookies\ryan@belnk[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Ryan\Cookies\ryan@dist.belnk[2].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uj395eky.default\cookies.txt[]

#14 illukka

Retired Staff-Malware Expert

Authentic Member
834 posts

Posted 31 March 2006 - 01:43 PM

hi looks good, only cookies and a hijackthis backup

are there still problems ?

To Ride, Shoot Straight And Speak TheTruth

#15 RLMoeller

New Member

New Member
8 posts

Posted 31 March 2006 - 04:32 PM

No--I haven't had a pop-up in a few days. Thank you SO MUCH, it's wonderful what you do for free. THANK YOU!

Body Background

skin color theme