20 replies to this topic

[rborz]

Good Evening, Working on a friend's infected box. Machine was running slow and McAfee was flagging many 'PUPs' - cute name - NOT. Ran Spybot, ewido and HJT (LOGS below) . Many gone but at leat one (trelew) still remains. Next steps? Many thanks. R PS: You guys were such a help a year ago in a prior pickle, thought I woud return. --------------------------------------------------------- ewido anti-malware - Scan report --------------------------------------------------------- + Created on: 11:31:22 PM, 6/10/2006 + Report-Checksum: 5F9F203E + Scan result: :mozilla.6:C:\Documents and Settings\A K\Application Data\Mozilla\Firefox\Profiles\72txwrif.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.7:C:\Documents and Settings\A K\Application Data\Mozilla\Firefox\Profiles\72txwrif.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.8:C:\Documents and Settings\A K\Application Data\Mozilla\Firefox\Profiles\72txwrif.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.9:C:\Documents and Settings\A K\Application Data\Mozilla\Firefox\Profiles\72txwrif.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.10:C:\Documents and Settings\A K\Application Data\Mozilla\Firefox\Profiles\72txwrif.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.11:C:\Documents and Settings\A K\Application Data\Mozilla\Firefox\Profiles\72txwrif.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.12:C:\Documents and Settings\A K\Application Data\Mozilla\Firefox\Profiles\72txwrif.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.13:C:\Documents and Settings\A K\Application Data\Mozilla\Firefox\Profiles\72txwrif.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.14:C:\Documents and Settings\A K\Application Data\Mozilla\Firefox\Profiles\72txwrif.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.15:C:\Documents and Settings\A K\Application Data\Mozilla\Firefox\Profiles\72txwrif.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.16:C:\Documents and Settings\A K\Application Data\Mozilla\Firefox\Profiles\72txwrif.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.17:C:\Documents and Settings\A K\Application Data\Mozilla\Firefox\Profiles\72txwrif.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.18:C:\Documents and Settings\A K\Application Data\Mozilla\Firefox\Profiles\72txwrif.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.19:C:\Documents and Settings\A K\Application Data\Mozilla\Firefox\Profiles\72txwrif.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.20:C:\Documents and Settings\A K\Application Data\Mozilla\Firefox\Profiles\72txwrif.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.21:C:\Documents and Settings\A K\Application Data\Mozilla\Firefox\Profiles\72txwrif.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.22:C:\Documents and Settings\A K\Application Data\Mozilla\Firefox\Profiles\72txwrif.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.23:C:\Documents and Settings\A K\Application Data\Mozilla\Firefox\Profiles\72txwrif.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.24:C:\Documents and Settings\A K\Application Data\Mozilla\Firefox\Profiles\72txwrif.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.25:C:\Documents and Settings\A K\Application Data\Mozilla\Firefox\Profiles\72txwrif.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.26:C:\Documents and Settings\A K\Application Data\Mozilla\Firefox\Profiles\72txwrif.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.27:C:\Documents and Settings\A K\Application Data\Mozilla\Firefox\Profiles\72txwrif.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.28:C:\Documents and Settings\A K\Application Data\Mozilla\Firefox\Profiles\72txwrif.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.29:C:\Documents and Settings\A K\Application Data\Mozilla\Firefox\Profiles\72txwrif.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.39:C:\Documents and Settings\A K\Application Data\Mozilla\Firefox\Profiles\72txwrif.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned with backup :mozilla.40:C:\Documents and Settings\A K\Application Data\Mozilla\Firefox\Profiles\72txwrif.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup :mozilla.41:C:\Documents and Settings\A K\Application Data\Mozilla\Firefox\Profiles\72txwrif.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup :mozilla.42:C:\Documents and Settings\A K\Application Data\Mozilla\Firefox\Profiles\72txwrif.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup :mozilla.43:C:\Documents and Settings\A K\Application Data\Mozilla\Firefox\Profiles\72txwrif.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup :mozilla.44:C:\Documents and Settings\A K\Application Data\Mozilla\Firefox\Profiles\72txwrif.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup :mozilla.45:C:\Documents and Settings\A K\Application Data\Mozilla\Firefox\Profiles\72txwrif.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup :mozilla.46:C:\Documents and Settings\A K\Application Data\Mozilla\Firefox\Profiles\72txwrif.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup :mozilla.47:C:\Documents and Settings\A K\Application Data\Mozilla\Firefox\Profiles\72txwrif.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup :mozilla.48:C:\Documents and Settings\A K\Application Data\Mozilla\Firefox\Profiles\72txwrif.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup :mozilla.49:C:\Documents and Settings\A K\Application Data\Mozilla\Firefox\Profiles\72txwrif.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup :mozilla.50:C:\Documents and Settings\A K\Application Data\Mozilla\Firefox\Profiles\72txwrif.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup :mozilla.51:C:\Documents and Settings\A K\Application Data\Mozilla\Firefox\Profiles\72txwrif.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup :mozilla.52:C:\Documents and Settings\A K\Application Data\Mozilla\Firefox\Profiles\72txwrif.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup :mozilla.53:C:\Documents and Settings\A K\Application Data\Mozilla\Firefox\Profiles\72txwrif.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup :mozilla.54:C:\Documents and Settings\A K\Application Data\Mozilla\Firefox\Profiles\72txwrif.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup :mozilla.55:C:\Documents and Settings\A K\Application Data\Mozilla\Firefox\Profiles\72txwrif.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup :mozilla.56:C:\Documents and Settings\A K\Application Data\Mozilla\Firefox\Profiles\72txwrif.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup :mozilla.57:C:\Documents and Settings\A K\Application Data\Mozilla\Firefox\Profiles\72txwrif.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup :mozilla.64:C:\Documents and Settings\A K\Application Data\Mozilla\Firefox\Profiles\72txwrif.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup :mozilla.87:C:\Documents and Settings\A K\Application Data\Mozilla\Firefox\Profiles\72txwrif.default\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup :mozilla.88:C:\Documents and Settings\A K\Application Data\Mozilla\Firefox\Profiles\72txwrif.default\cookies.txt -> TrackingCookie.Targetnet : Cleaned with backup :mozilla.89:C:\Documents and Settings\A K\Application Data\Mozilla\Firefox\Profiles\72txwrif.default\cookies.txt -> TrackingCookie.Targetnet : Cleaned with backup :mozilla.90:C:\Documents and Settings\A K\Application Data\Mozilla\Firefox\Profiles\72txwrif.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup :mozilla.91:C:\Documents and Settings\A K\Application Data\Mozilla\Firefox\Profiles\72txwrif.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup :mozilla.92:C:\Documents and Settings\A K\Application Data\Mozilla\Firefox\Profiles\72txwrif.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup :mozilla.93:C:\Documents and Settings\A K\Application Data\Mozilla\Firefox\Profiles\72txwrif.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup :mozilla.94:C:\Documents and Settings\A K\Application Data\Mozilla\Firefox\Profiles\72txwrif.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup :mozilla.97:C:\Documents and Settings\A K\Application Data\Mozilla\Firefox\Profiles\72txwrif.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup :mozilla.98:C:\Documents and Settings\A K\Application Data\Mozilla\Firefox\Profiles\72txwrif.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup :mozilla.103:C:\Documents and Settings\A K\Application Data\Mozilla\Firefox\Profiles\72txwrif.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup :mozilla.109:C:\Documents and Settings\A K\Application Data\Mozilla\Firefox\Profiles\72txwrif.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned with backup :mozilla.111:C:\Documents and Settings\A K\Application Data\Mozilla\Firefox\Profiles\72txwrif.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.114:C:\Documents and Settings\A K\Application Data\Mozilla\Firefox\Profiles\72txwrif.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup :mozilla.115:C:\Documents and Settings\A K\Application Data\Mozilla\Firefox\Profiles\72txwrif.default\cookies.txt -> TrackingCookie.Addynamix : Cleaned with backup :mozilla.116:C:\Documents and Settings\A K\Application Data\Mozilla\Firefox\Profiles\72txwrif.default\cookies.txt -> TrackingCookie.Addynamix : Cleaned with backup :mozilla.117:C:\Documents and Settings\A K\Application Data\Mozilla\Firefox\Profiles\72txwrif.default\cookies.txt -> TrackingCookie.Addynamix : Cleaned with backup :mozilla.118:C:\Documents and Settings\A K\Application Data\Mozilla\Firefox\Profiles\72txwrif.default\cookies.txt -> TrackingCookie.Addynamix : Cleaned with backup :mozilla.119:C:\Documents and Settings\A K\Application Data\Mozilla\Firefox\Profiles\72txwrif.default\cookies.txt -> TrackingCookie.Addynamix : Cleaned with backup :mozilla.135:C:\Documents and Settings\A K\Application Data\Mozilla\Firefox\Profiles\72txwrif.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup :mozilla.136:C:\Documents and Settings\A K\Application Data\Mozilla\Firefox\Profiles\72txwrif.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup :mozilla.137:C:\Documents and Settings\A K\Application Data\Mozilla\Firefox\Profiles\72txwrif.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup :mozilla.138:C:\Documents and Settings\A K\Application Data\Mozilla\Firefox\Profiles\72txwrif.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup :mozilla.139:C:\Documents and Settings\A K\Application Data\Mozilla\Firefox\Profiles\72txwrif.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup :mozilla.140:C:\Documents and Settings\A K\Application Data\Mozilla\Firefox\Profiles\72txwrif.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup :mozilla.141:C:\Documents and Settings\A K\Application Data\Mozilla\Firefox\Profiles\72txwrif.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup :mozilla.142:C:\Documents and Settings\A K\Application Data\Mozilla\Firefox\Profiles\72txwrif.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup :mozilla.143:C:\Documents and Settings\A K\Application Data\Mozilla\Firefox\Profiles\72txwrif.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup :mozilla.146:C:\Documents and Settings\A K\Application Data\Mozilla\Firefox\Profiles\72txwrif.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup :mozilla.147:C:\Documents and Settings\A K\Application Data\Mozilla\Firefox\Profiles\72txwrif.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup :mozilla.149:C:\Documents and Settings\A K\Application Data\Mozilla\Firefox\Profiles\72txwrif.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup :mozilla.152:C:\Documents and Settings\A K\Application Data\Mozilla\Firefox\Profiles\72txwrif.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup :mozilla.154:C:\Documents and Settings\A K\Application Data\Mozilla\Firefox\Profiles\72txwrif.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup :mozilla.156:C:\Documents and Settings\A K\Application Data\Mozilla\Firefox\Profiles\72txwrif.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup :mozilla.157:C:\Documents and Settings\A K\Application Data\Mozilla\Firefox\Profiles\72txwrif.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup :mozilla.158:C:\Documents and Settings\A K\Application Data\Mozilla\Firefox\Profiles\72txwrif.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup :mozilla.173:C:\Documents and Settings\A K\Application Data\Mozilla\Firefox\Profiles\72txwrif.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup :mozilla.174:C:\Documents and Settings\A K\Application Data\Mozilla\Firefox\Profiles\72txwrif.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup :mozilla.175:C:\Documents and Settings\A K\Application Data\Mozilla\Firefox\Profiles\72txwrif.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup :mozilla.176:C:\Documents and Settings\A K\Application Data\Mozilla\Firefox\Profiles\72txwrif.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup :mozilla.183:C:\Documents and Settings\A K\Application Data\Mozilla\Firefox\Profiles\72txwrif.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup :mozilla.184:C:\Documents and Settings\A K\Application Data\Mozilla\Firefox\Profiles\72txwrif.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup :mozilla.185:C:\Documents and Settings\A K\Application Data\Mozilla\Firefox\Profiles\72txwrif.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup :mozilla.186:C:\Documents and Settings\A K\Application Data\Mozilla\Firefox\Profiles\72txwrif.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup :mozilla.187:C:\Documents and Settings\A K\Application Data\Mozilla\Firefox\Profiles\72txwrif.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup :mozilla.188:C:\Documents and Settings\A K\Application Data\Mozilla\Firefox\Profiles\72txwrif.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup :mozilla.194:C:\Documents and Settings\A K\Application Data\Mozilla\Firefox\Profiles\72txwrif.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup :mozilla.195:C:\Documents and Settings\A K\Application Data\Mozilla\Firefox\Profiles\72txwrif.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup :mozilla.196:C:\Documents and Settings\A K\Application Data\Mozilla\Firefox\Profiles\72txwrif.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup :mozilla.218:C:\Documents and Settings\A K\Application Data\Mozilla\Firefox\Profiles\72txwrif.default\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup :mozilla.219:C:\Documents and Settings\A K\Application Data\Mozilla\Firefox\Profiles\72txwrif.default\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup :mozilla.220:C:\Documents and Settings\A K\Application Data\Mozilla\Firefox\Profiles\72txwrif.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup :mozilla.221:C:\Documents and Settings\A K\Application Data\Mozilla\Firefox\Profiles\72txwrif.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup :mozilla.272:C:\Documents and Settings\A K\Application Data\Mozilla\Firefox\Profiles\72txwrif.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup :mozilla.273:C:\Documents and Settings\A K\Application Data\Mozilla\Firefox\Profiles\72txwrif.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup :mozilla.274:C:\Documents and Settings\A K\Application Data\Mozilla\Firefox\Profiles\72txwrif.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup :mozilla.275:C:\Documents and Settings\A K\Application Data\Mozilla\Firefox\Profiles\72txwrif.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup :mozilla.280:C:\Documents and Settings\A K\Application Data\Mozilla\Firefox\Profiles\72txwrif.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup :mozilla.281:C:\Documents and Settings\A K\Application Data\Mozilla\Firefox\Profiles\72txwrif.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup :mozilla.282:C:\Documents and Settings\A K\Application Data\Mozilla\Firefox\Profiles\72txwrif.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.287:C:\Documents and Settings\A K\Application Data\Mozilla\Firefox\Profiles\72txwrif.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup :mozilla.288:C:\Documents and Settings\A K\Application Data\Mozilla\Firefox\Profiles\72txwrif.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup :mozilla.289:C:\Documents and Settings\A K\Application Data\Mozilla\Firefox\Profiles\72txwrif.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup :mozilla.301:C:\Documents and Settings\A K\Application Data\Mozilla\Firefox\Profiles\72txwrif.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned with backup :mozilla.302:C:\Documents and Settings\A K\Application Data\Mozilla\Firefox\Profiles\72txwrif.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned with backup :mozilla.303:C:\Documents and Settings\A K\Application Data\Mozilla\Firefox\Profiles\72txwrif.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned with backup :mozilla.316:C:\Documents and Settings\A K\Application Data\Mozilla\Firefox\Profiles\72txwrif.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup :mozilla.317:C:\Documents and Settings\A K\Application Data\Mozilla\Firefox\Profiles\72txwrif.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup :mozilla.318:C:\Documents and Settings\A K\Application Data\Mozilla\Firefox\Profiles\72txwrif.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup :mozilla.319:C:\Documents and Settings\A K\Application Data\Mozilla\Firefox\Profiles\72txwrif.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup :mozilla.320:C:\Documents and Settings\A K\Application Data\Mozilla\Firefox\Profiles\72txwrif.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup :mozilla.321:C:\Documents and Settings\A K\Application Data\Mozilla\Firefox\Profiles\72txwrif.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup :mozilla.322:C:\Documents and Settings\A K\Application Data\Mozilla\Firefox\Profiles\72txwrif.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup :mozilla.323:C:\Documents and Settings\A K\Application Data\Mozilla\Firefox\Profiles\72txwrif.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup :mozilla.344:C:\Documents and Settings\A K\Application Data\Mozilla\Firefox\Profiles\72txwrif.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup :mozilla.345:C:\Documents and Settings\A K\Application Data\Mozilla\Firefox\Profiles\72txwrif.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup :mozilla.346:C:\Documents and Settings\A K\Application Data\Mozilla\Firefox\Profiles\72txwrif.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup :mozilla.372:C:\Documents and Settings\A K\Application Data\Mozilla\Firefox\Profiles\72txwrif.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup :mozilla.377:C:\Documents and Settings\A K\Application Data\Mozilla\Firefox\Profiles\72txwrif.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup :mozilla.378:C:\Documents and Settings\A K\Application Data\Mozilla\Firefox\Profiles\72txwrif.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup :mozilla.389:C:\Documents and Settings\A K\Application Data\Mozilla\Firefox\Profiles\72txwrif.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup :mozilla.390:C:\Documents and Settings\A K\Application Data\Mozilla\Firefox\Profiles\72txwrif.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup :mozilla.391:C:\Documents and Settings\A K\Application Data\Mozilla\Firefox\Profiles\72txwrif.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup :mozilla.392:C:\Documents and Settings\A K\Application Data\Mozilla\Firefox\Profiles\72txwrif.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup :mozilla.393:C:\Documents and Settings\A K\Application Data\Mozilla\Firefox\Profiles\72txwrif.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup :mozilla.395:C:\Documents and Settings\A K\Application Data\Mozilla\Firefox\Profiles\72txwrif.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.396:C:\Documents and Settings\A K\Application Data\Mozilla\Firefox\Profiles\72txwrif.default\cookies.txt -> TrackingCookie.Centrport : Cleaned with backup :mozilla.405:C:\Documents and Settings\A K\Application Data\Mozilla\Firefox\Profiles\72txwrif.default\cookies.txt -> TrackingCookie.Clickbank : Cleaned with backup :mozilla.407:C:\Documents and Settings\A K\Application Data\Mozilla\Firefox\Profiles\72txwrif.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup :mozilla.408:C:\Documents and Settings\A K\Application Data\Mozilla\Firefox\Profiles\72txwrif.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup :mozilla.409:C:\Documents and Settings\A K\Application Data\Mozilla\Firefox\Profiles\72txwrif.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup :mozilla.445:C:\Documents and Settings\A K\Application Data\Mozilla\Firefox\Profiles\72txwrif.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup :mozilla.446:C:\Documents and Settings\A K\Application Data\Mozilla\Firefox\Profiles\72txwrif.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup :mozilla.447:C:\Documents and Settings\A K\Application Data\Mozilla\Firefox\Profiles\72txwrif.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup :mozilla.448:C:\Documents and Settings\A K\Application Data\Mozilla\Firefox\Profiles\72txwrif.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup :mozilla.449:C:\Documents and Settings\A K\Application Data\Mozilla\Firefox\Profiles\72txwrif.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup :mozilla.450:C:\Documents and Settings\A K\Application Data\Mozilla\Firefox\Profiles\72txwrif.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup :mozilla.451:C:\Documents and Settings\A K\Application Data\Mozilla\Firefox\Profiles\72txwrif.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup :mozilla.461:C:\Documents and Settings\A K\Application Data\Mozilla\Firefox\Profiles\72txwrif.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.482:C:\Documents and Settings\A K\Application Data\Mozilla\Firefox\Profiles\72txwrif.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.494:C:\Documents and Settings\A K\Application Data\Mozilla\Firefox\Profiles\72txwrif.default\cookies.txt -> TrackingCookie.Starware : Cleaned with backup :mozilla.495:C:\Documents and Settings\A K\Application Data\Mozilla\Firefox\Profiles\72txwrif.default\cookies.txt -> TrackingCookie.Starware : Cleaned with backup :mozilla.505:C:\Documents and Settings\A K\Application Data\Mozilla\Firefox\Profiles\72txwrif.default\cookies.txt -> TrackingCookie.Hotlog : Cleaned with backup :mozilla.549:C:\Documents and Settings\A K\Application Data\Mozilla\Firefox\Profiles\72txwrif.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.561:C:\Documents and Settings\A K\Application Data\Mozilla\Firefox\Profiles\72txwrif.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.579:C:\Documents and Settings\A K\Application Data\Mozilla\Firefox\Profiles\72txwrif.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.627:C:\Documents and Settings\A K\Application Data\Mozilla\Firefox\Profiles\72txwrif.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup :mozilla.628:C:\Documents and Settings\A K\Application Data\Mozilla\Firefox\Profiles\72txwrif.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup :mozilla.629:C:\Documents and Settings\A K\Application Data\Mozilla\Firefox\Profiles\72txwrif.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup :mozilla.630:C:\Documents and Settings\A K\Application Data\Mozilla\Firefox\Profiles\72txwrif.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup :mozilla.631:C:\Documents and Settings\A K\Application Data\Mozilla\Firefox\Profiles\72txwrif.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup :mozilla.652:C:\Documents and Settings\A K\Application Data\Mozilla\Firefox\Profiles\72txwrif.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup :mozilla.653:C:\Documents and Settings\A K\Application Data\Mozilla\Firefox\Profiles\72txwrif.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup :mozilla.654:C:\Documents and Settings\A K\Application Data\Mozilla\Firefox\Profiles\72txwrif.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup :mozilla.655:C:\Documents and Settings\A K\Application Data\Mozilla\Firefox\Profiles\72txwrif.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup :mozilla.670:C:\Documents and Settings\A K\Application Data\Mozilla\Firefox\Profiles\72txwrif.default\cookies.txt -> TrackingCookie.Spylog : Cleaned with backup :mozilla.673:C:\Documents and Settings\A K\Application Data\Mozilla\Firefox\Profiles\72txwrif.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup :mozilla.674:C:\Documents and Settings\A K\Application Data\Mozilla\Firefox\Profiles\72txwrif.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup :mozilla.675:C:\Documents and Settings\A K\Application Data\Mozilla\Firefox\Profiles\72txwrif.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup :mozilla.676:C:\Documents and Settings\A K\Application Data\Mozilla\Firefox\Profiles\72txwrif.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup :mozilla.677:C:\Documents and Settings\A K\Application Data\Mozilla\Firefox\Profiles\72txwrif.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup :mozilla.678:C:\Documents and Settings\A K\Application Data\Mozilla\Firefox\Profiles\72txwrif.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup :mozilla.679:C:\Documents and Settings\A K\Application Data\Mozilla\Firefox\Profiles\72txwrif.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup :mozilla.680:C:\Documents and Settings\A K\Application Data\Mozilla\Firefox\Profiles\72txwrif.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup :mozilla.681:C:\Documents and Settings\A K\Application Data\Mozilla\Firefox\Profiles\72txwrif.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup :mozilla.682:C:\Documents and Settings\A K\Application Data\Mozilla\Firefox\Profiles\72txwrif.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup :mozilla.683:C:\Documents and Settings\A K\Application Data\Mozilla\Firefox\Profiles\72txwrif.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup :mozilla.684:C:\Documents and Settings\A K\Application Data\Mozilla\Firefox\Profiles\72txwrif.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup :mozilla.685:C:\Documents and Settings\A K\Application Data\Mozilla\Firefox\Profiles\72txwrif.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup :mozilla.686:C:\Documents and Settings\A K\Application Data\Mozilla\Firefox\Profiles\72txwrif.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup :mozilla.687:C:\Documents and Settings\A K\Application Data\Mozilla\Firefox\Profiles\72txwrif.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup :mozilla.705:C:\Documents and Settings\A K\Application Data\Mozilla\Firefox\Profiles\72txwrif.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup :mozilla.722:C:\Documents and Settings\A K\Application Data\Mozilla\Firefox\Profiles\72txwrif.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup :mozilla.723:C:\Documents and Settings\A K\Application Data\Mozilla\Firefox\Profiles\72txwrif.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup :mozilla.724:C:\Documents and Settings\A K\Application Data\Mozilla\Firefox\Profiles\72txwrif.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup :mozilla.725:C:\Documents and Settings\A K\Application Data\Mozilla\Firefox\Profiles\72txwrif.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup :mozilla.726:C:\Documents and Settings\A K\Application Data\Mozilla\Firefox\Profiles\72txwrif.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup :mozilla.752:C:\Documents and Settings\A K\Application Data\Mozilla\Firefox\Profiles\72txwrif.default\cookies.txt -> TrackingCookie.Yadro : Cleaned with backup :mozilla.758:C:\Documents and Settings\A K\Application Data\Mozilla\Firefox\Profiles\72txwrif.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup :mozilla.759:C:\Documents and Settings\A K\Application Data\Mozilla\Firefox\Profiles\72txwrif.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup :mozilla.760:C:\Documents and Settings\A K\Application Data\Mozilla\Firefox\Profiles\72txwrif.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup :mozilla.761:C:\Documents and Settings\A K\Application Data\Mozilla\Firefox\Profiles\72txwrif.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup :mozilla.762:C:\Documents and Settings\A K\Application Data\Mozilla\Firefox\Profiles\72txwrif.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup :mozilla.763:C:\Documents and Settings\A K\Application Data\Mozilla\Firefox\Profiles\72txwrif.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup :mozilla.776:C:\Documents and Settings\A K\Application Data\Mozilla\Firefox\Profiles\72txwrif.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup :mozilla.792:C:\Documents and Settings\A K\Application Data\Mozilla\Firefox\Profiles\72txwrif.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup :mozilla.793:C:\Documents and Settings\A K\Application Data\Mozilla\Firefox\Profiles\72txwrif.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup :mozilla.811:C:\Documents and Settings\A K\Application Data\Mozilla\Firefox\Profiles\72txwrif.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup :mozilla.812:C:\Documents and Settings\A K\Application Data\Mozilla\Firefox\Profiles\72txwrif.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup :mozilla.813:C:\Documents and Settings\A K\Application Data\Mozilla\Firefox\Profiles\72txwrif.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup :mozilla.814:C:\Documents and Settings\A K\Application Data\Mozilla\Firefox\Profiles\72txwrif.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup :mozilla.815:C:\Documents and Settings\A K\Application Data\Mozilla\Firefox\Profiles\72txwrif.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup :mozilla.816:C:\Documents and Settings\A K\Application Data\Mozilla\Firefox\Profiles\72txwrif.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup :mozilla.824:C:\Documents and Settings\A K\Application Data\Mozilla\Firefox\Profiles\72txwrif.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned with backup :mozilla.825:C:\Documents and Settings\A K\Application Data\Mozilla\Firefox\Profiles\72txwrif.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned with backup :mozilla.829:C:\Documents and Settings\A K\Application Data\Mozilla\Firefox\Profiles\72txwrif.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup :mozilla.832:C:\Documents and Settings\A K\Application Data\Mozilla\Firefox\Profiles\72txwrif.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup :mozilla.841:C:\Documents and Settings\A K\Application Data\Mozilla\Firefox\Profiles\72txwrif.default\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup :mozilla.842:C:\Documents and Settings\A K\Application Data\Mozilla\Firefox\Profiles\72txwrif.default\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup :mozilla.854:C:\Documents and Settings\A K\Application Data\Mozilla\Firefox\Profiles\72txwrif.default\cookies.txt -> TrackingCookie.Realtracker : Cleaned with backup :mozilla.855:C:\Documents and Settings\A K\Application Data\Mozilla\Firefox\Profiles\72txwrif.default\cookies.txt -> TrackingCookie.Realtracker : Cleaned with backup :mozilla.925:C:\Documents and Settings\A K\Application Data\Mozilla\Firefox\Profiles\72txwrif.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned with backup :mozilla.954:C:\Documents and Settings\A K\Application Data\Mozilla\Firefox\Profiles\72txwrif.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup C:\Documents and Settings\A K\Cookies\A K@a.tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned with backup C:\Documents and Settings\A K\Cookies\A K@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup C:\Documents and Settings\A K\Cookies\A K@ad1.clickhype[1].txt -> TrackingCookie.Clickhype : Cleaned with backup C:\Documents and Settings\A K\Cookies\A K@adopt.euroclick[1].txt -> TrackingCookie.Euroclick : Cleaned with backup C:\Documents and Settings\A K\Cookies\A K@adopt.specificclick[1].txt -> TrackingCookie.Specificclick : Cleaned with backup C:\Documents and Settings\A K\Cookies\A K@ads.realcastmedia[2].txt -> TrackingCookie.Realcastmedia : Cleaned with backup C:\Documents and Settings\A K\Cookies\A K@anat.tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned with backup C:\Documents and Settings\A K\Cookies\A K@banners.searchingbooth[1].txt -> TrackingCookie.Searchingbooth : Cleaned with backup C:\Documents and Settings\A K\Cookies\A K@burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned with backup C:\Documents and Settings\A K\Cookies\A K@c.enhance[1].txt -> TrackingCookie.Enhance : Cleaned with backup C:\Documents and Settings\A K\Cookies\A K@cnn.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup C:\Documents and Settings\A K\Cookies\A K@com[1].txt -> TrackingCookie.Com : Cleaned with backup C:\Documents and Settings\A K\Cookies\A K@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned with backup C:\Documents and Settings\A K\Cookies\A K@cz4.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned with backup C:\Documents and Settings\A K\Cookies\A K@cz7.clickzs[1].txt -> TrackingCookie.Clickzs : Cleaned with backup C:\Documents and Settings\A K\Cookies\A K@data1.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup C:\Documents and Settings\A K\Cookies\A K@data2.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup C:\Documents and Settings\A K\Cookies\A K@gettyimages.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup C:\Documents and Settings\A K\Cookies\A K@homestore.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup C:\Documents and Settings\A K\Cookies\A K@image.masterstats[1].txt -> TrackingCookie.Masterstats : Cleaned with backup C:\Documents and Settings\A K\Cookies\A K@media.top-banners[1].txt -> TrackingCookie.Top-banners : Cleaned with backup C:\Documents and Settings\A K\Cookies\A K@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup C:\Documents and Settings\A K\Cookies\A K@partygaming.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup C:\Documents and Settings\A K\Cookies\A K@revenue[1].txt -> TrackingCookie.Revenue : Cleaned with backup C:\Documents and Settings\A K\Cookies\A K@rotator.adjuggler[1].txt -> TrackingCookie.Adjuggler : Cleaned with backup C:\Documents and Settings\A K\Cookies\A K@searchingbooth[2].txt -> TrackingCookie.Searchingbooth : Cleaned with backup C:\Documents and Settings\A K\Cookies\A K@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned with backup C:\Documents and Settings\A K\Cookies\A K@webstat[1].txt -> TrackingCookie.Web-stat : Cleaned with backup C:\Documents and Settings\A K\Cookies\A K@www.belstat[2].txt -> TrackingCookie.Belstat : Cleaned with backup C:\Documents and Settings\A K\Cookies\A K@www.burstbeacon[1].txt -> TrackingCookie.Burstbeacon : Cleaned with backup C:\Documents and Settings\A K\Cookies\A K@www.myaffiliateprogram[1].txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup C:\Documents and Settings\A K\Cookies\A K@yadro[2].txt -> TrackingCookie.Yadro : Cleaned with backup C:\Documents and Settings\A K\Cookies\A K@yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup C:\Documents and Settings\A K\Local Settings\Temp\Cookies\A K@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup C:\Documents and Settings\A K\Local Settings\Temp\Cookies\A K@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : Cleaned with backup C:\Documents and Settings\A K\Local Settings\Temp\Cookies\A K@anat.tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned with backup C:\Documents and Settings\A K\Local Settings\Temp\Cookies\A K@banners.searchingbooth[1].txt -> TrackingCookie.Searchingbooth : Cleaned with backup C:\Documents and Settings\A K\Local Settings\Temp\Cookies\A K@cpvfeed[1].txt -> TrackingCookie.Cpvfeed : Cleaned with backup C:\Documents and Settings\A K\Local Settings\Temp\Cookies\A K@data1.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup C:\Documents and Settings\A K\Local Settings\Temp\Cookies\A K@data2.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup C:\Documents and Settings\A K\Local Settings\Temp\Cookies\A K@h.starware[1].txt -> TrackingCookie.Starware : Cleaned with backup C:\Documents and Settings\A K\Local Settings\Temp\Cookies\A K@media.top-banners[1].txt -> TrackingCookie.Top-banners : Cleaned with backup C:\Documents and Settings\A K\Local Settings\Temp\Cookies\A K@partygaming.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup C:\Documents and Settings\A K\Local Settings\Temp\Cookies\A K@revenue[2].txt -> TrackingCookie.Revenue : Cleaned with backup C:\Documents and Settings\A K\Local Settings\Temp\Cookies\A K@searchingbooth[1].txt -> TrackingCookie.Searchingbooth : Cleaned with backup C:\Documents and Settings\A K\Local Settings\Temp\Cookies\A K@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned with backup C:\Documents and Settings\A K\Local Settings\Temp\Cookies\A K@www.myaffiliateprogram[1].txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup C:\Documents and Settings\A K\Local Settings\Temp\Cookies\A K@yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup C:\Documents and Settings\A K\Local Settings\Temporary Internet Files\Content.IE5\I5JCL8JA\AppWrap[1].exe -> Adware.Zestyfind : Cleaned with backup :mozilla.13:C:\Documents and Settings\F K\Application Data\Mozilla\Firefox\Profiles\trintndi.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.14:C:\Documents and Settings\F K\Application Data\Mozilla\Firefox\Profiles\trintndi.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.15:C:\Documents and Settings\F K\Application Data\Mozilla\Firefox\Profiles\trintndi.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.16:C:\Documents and Settings\F K\Application Data\Mozilla\Firefox\Profiles\trintndi.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup :mozilla.17:C:\Documents and Settings\F K\Application Data\Mozilla\Firefox\Profiles\trintndi.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup :mozilla.18:C:\Documents and Settings\F K\Application Data\Mozilla\Firefox\Profiles\trintndi.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup :mozilla.19:C:\Documents and Settings\F K\Application Data\Mozilla\Firefox\Profiles\trintndi.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup :mozilla.20:C:\Documents and Settings\F K\Application Data\Mozilla\Firefox\Profiles\trintndi.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup :mozilla.21:C:\Documents and Settings\F K\Application Data\Mozilla\Firefox\Profiles\trintndi.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup :mozilla.22:C:\Documents and Settings\F K\Application Data\Mozilla\Firefox\Profiles\trintndi.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup :mozilla.23:C:\Documents and Settings\F K\Application Data\Mozilla\Firefox\Profiles\trintndi.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup :mozilla.24:C:\Documents and Settings\F K\Application Data\Mozilla\Firefox\Profiles\trintndi.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup :mozilla.25:C:\Documents and Settings\F K\Application Data\Mozilla\Firefox\Profiles\trintndi.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup :mozilla.26:C:\Documents and Settings\F K\Application Data\Mozilla\Firefox\Profiles\trintndi.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup :mozilla.27:C:\Documents and Settings\F K\Application Data\Mozilla\Firefox\Profiles\trintndi.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup :mozilla.28:C:\Documents and Settings\F K\Application Data\Mozilla\Firefox\Profiles\trintndi.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup :mozilla.29:C:\Documents and Settings\F K\Application Data\Mozilla\Firefox\Profiles\trintndi.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup :mozilla.30:C:\Documents and Settings\F K\Application Data\Mozilla\Firefox\Profiles\trintndi.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup :mozilla.31:C:\Documents and Settings\F K\Application Data\Mozilla\Firefox\Profiles\trintndi.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup :mozilla.32:C:\Documents and Settings\F K\Application Data\Mozilla\Firefox\Profiles\trintndi.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup :mozilla.33:C:\Documents and Settings\F K\Application Data\Mozilla\Firefox\Profiles\trintndi.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup :mozilla.34:C:\Documents and Settings\F K\Application Data\Mozilla\Firefox\Profiles\trintndi.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup :mozilla.35:C:\Documents and Settings\F K\Application Data\Mozilla\Firefox\Profiles\trintndi.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup :mozilla.36:C:\Documents and Settings\F K\Application Data\Mozilla\Firefox\Profiles\trintndi.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup :mozilla.37:C:\Documents and Settings\F K\Application Data\Mozilla\Firefox\Profiles\trintndi.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup :mozilla.38:C:\Documents and Settings\F K\Application Data\Mozilla\Firefox\Profiles\trintndi.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup :mozilla.39:C:\Documents and Settings\F K\Application Data\Mozilla\Firefox\Profiles\trintndi.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup :mozilla.40:C:\Documents and Settings\F K\Application Data\Mozilla\Firefox\Profiles\trintndi.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup :mozilla.41:C:\Documents and Settings\F K\Application Data\Mozilla\Firefox\Profiles\trintndi.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup :mozilla.42:C:\Documents and Settings\F K\Application Data\Mozilla\Firefox\Profiles\trintndi.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup :mozilla.43:C:\Documents and Settings\F K\Application Data\Mozilla\Firefox\Profiles\trintndi.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup :mozilla.44:C:\Documents and Settings\F K\Application Data\Mozilla\Firefox\Profiles\trintndi.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup :mozilla.48:C:\Documents and Settings\F K\Application Data\Mozilla\Firefox\Profiles\trintndi.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup :mozilla.49:C:\Documents and Settings\F K\Application Data\Mozilla\Firefox\Profiles\trintndi.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup :mozilla.50:C:\Documents and Settings\F K\Application Data\Mozilla\Firefox\Profiles\trintndi.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup :mozilla.51:C:\Documents and Settings\F K\Application Data\Mozilla\Firefox\Profiles\trintndi.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup :mozilla.52:C:\Documents and Settings\F K\Application Data\Mozilla\Firefox\Profiles\trintndi.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup :mozilla.53:C:\Documents and Settings\F K\Application Data\Mozilla\Firefox\Profiles\trintndi.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup :mozilla.67:C:\Documents and Settings\F K\Application Data\Mozilla\Firefox\Profiles\trintndi.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup :mozilla.68:C:\Documents and Settings\F K\Application Data\Mozilla\Firefox\Profiles\trintndi.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup :mozilla.69:C:\Documents and Settings\F K\Application Data\Mozilla\Firefox\Profiles\trintndi.default\cookies.txt -> TrackingCookie.Addynamix : Cleaned with backup :mozilla.70:C:\Documents and Settings\F K\Application Data\Mozilla\Firefox\Profiles\trintndi.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup :mozilla.72:C:\Documents and Settings\F K\Application Data\Mozilla\Firefox\Profiles\trintndi.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup :mozilla.84:C:\Documents and Settings\F K\Application Data\Mozilla\Firefox\Profiles\trintndi.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup :mozilla.85:C:\Documents and Settings\F K\Application Data\Mozilla\Firefox\Profiles\trintndi.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup :mozilla.87:C:\Documents and Settings\F K\Application Data\Mozilla\Firefox\Profiles\trintndi.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup :mozilla.97:C:\Documents and Settings\F K\Application Data\Mozilla\Firefox\Profiles\trintndi.default\cookies.txt -> TrackingCookie.Centrport : Cleaned with backup :mozilla.101:C:\Documents and Settings\F K\Application Data\Mozilla\Firefox\Profiles\trintndi.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned with backup :mozilla.107:C:\Documents and Settings\F K\Application Data\Mozilla\Firefox\Profiles\trintndi.default\cookies.txt -> TrackingCookie.Coremetrics : Cleaned with backup :mozilla.108:C:\Documents and Settings\F K\Application Data\Mozilla\Firefox\Profiles\trintndi.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup :mozilla.109:C:\Documents and Settings\F K\Application Data\Mozilla\Firefox\Profiles\trintndi.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup :mozilla.110:C:\Documents and Settings\F K\Application Data\Mozilla\Firefox\Profiles\trintndi.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup :mozilla.111:C:\Documents and Settings\F K\Application Data\Mozilla\Firefox\Profiles\trintndi.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup :mozilla.112:C:\Documents and Settings\F K\Application Data\Mozilla\Firefox\Profiles\trintndi.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup C:\Documents and Settings\F K\Cookies\F K@burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned with backup C:\Documents and Settings\F K\Cookies\F K@edge.ru4[2].txt -> TrackingCookie.Ru4 : Cleaned with backup C:\Documents and Settings\F K\Cookies\F K@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup C:\Documents and Settings\F K\Cookies\F K@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned with backup C:\Documents and Settings\F K\Cookies\F K@www.burstbeacon[1].txt -> TrackingCookie.Burstbeacon : Cleaned with backup :mozilla.6:C:\Documents and Settings\M K\Application Data\Mozilla\Firefox\Profiles\28gd5xll.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.7:C:\Documents and Settings\M K\Application Data\Mozilla\Firefox\Profiles\28gd5xll.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.8:C:\Documents and Settings\M K\Application Data\Mozilla\Firefox\Profiles\28gd5xll.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.9:C:\Documents and Settings\M K\Application Data\Mozilla\Firefox\Profiles\28gd5xll.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.10:C:\Documents and Settings\M K\Application Data\Mozilla\Firefox\Profiles\28gd5xll.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.11:C:\Documents and Settings\M K\Application Data\Mozilla\Firefox\Profiles\28gd5xll.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.12:C:\Documents and

[ken545]

rborz I Need a HJT log please

[rborz]

Sorry about that -- added the ewido and HJT and one must have been cut off.

Thanks


::Report EndLogfile of HijackThis v1.99.1
Scan saved at 11:38:02 PM, on 6/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\userinit.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\program files\mcafee.com\agent\mcagent.exe
C:\Program Files\HPQ\SHARED\HPQWMI.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\defender25.exe
C:\WINDOWS\oypxukaA.exe
C:\WINDOWS\system32\ssn6tuu.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\PECarlin\PECarlin.exe
C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\tmp\hijackthis\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...ilion&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.h...ilion&pf=laptop
O2 - BHO: Yvakt Class - {5C3E6596-C64F-48E0-AC1E-B9C6EB3A5915} - C:\WINDOWS\system32\x3cqp0.dll
O2 - BHO: (no name) - {E5E2A3E7-00FE-4D31-A030-A10799DDCA66} - (no file)
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] "%ProgramFiles%\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [defender] C:\\defender25.exe
O4 - HKLM\..\Run: [oypxukaA] C:\WINDOWS\oypxukaA.exe
O4 - HKLM\..\Run: [Hhl7RfpJ] "C:\WINDOWS\system32\ssn6tuu.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [PECarlin] "C:\Program Files\PECarlin\PECarlin.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar V35\ViewBar.dll/CXTSEARCH.HTML
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=laptop
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.s...rl/LSSupCtl.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...01/mcinsctl.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcaf...,26/mcgdmgr.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.s...rl/SymAData.cab
O18 - Filter: text/html - {624A3CDB-8C0A-4902-8480-191582C8498E} - C:\WINDOWS\system32\x3cqp0.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: Nls - C:\WINDOWS\system32\m6640gjqe6oe0.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: MSSQL$MICROSOFTSMLBIZ - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe" -sMICROSOFTSMLBIZ (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SQLAgent$MICROSOFTSMLBIZ - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlagent.EXE" -i MICROSOFTSMLBIZ (file missing)
O23 - Service: Userinit Logon Verification (UsrInitVerif) - Unknown owner - C:\WINDOWS\userinit.exe

[ken545]

rborz,

You have a few things going on that we need to address, but first you need to move HJT out of the temp directory or we can lose the backups of the changes we are going to make.



DO THIS FIRST
Your HIJACKTHIS program is current, but it is very important that it resides in its own folder.
We will use Hijackthis (HJT) to make changes to your system and HJT will make backups of those changes,
If HJT is not in its own folder, those backups could be lost.

Easy to fix,
* just go to My Computer > YOUR C:\ DRIVE > Program Files and create a new folder and name it Hijackthis .
* Now scroll to where you have HJT currently, right click on the HJT icon and select CUT .
* Now open the new folder you just created and right click within that folder and select PASTE .
* Now HJT should reside in C:\Program Files\Hijackthis\Hijackthis.exe

Please do not proceed until you have moved HJT


I am looking at your log and will be back early this evening

[rborz]

Thanks. It was in its own folder in C:\tmp\hijackthis\HijackThis.exe, but I moved it anyway. Look forward to hearing from you later! Thanks R

[ken545]

rborz,

We have a few things to do, you may want to print this out or copy and paste into Notepad to have it handy as we will be offline for part of the fix.


C:\tmp\hijackthis\HijackThis.exe <-- This looked like a temp folder unless its a folder that you named.



* Go to Start> Run and type in services.msc then press Enter
* Scroll down to Userinit Logon Verification
* Double Click that service to open it.
* Click on Stop Service.
* Then change the Startup Type to Disabled.
* OK your way out of the program.

Open HJT > Misc Tools > Delete an NT Service
* Type in UsrInitVerif
* Then click on OK, it will ask you to reboot, do so.


Open HJT Scan Only, close your browser and all open windows, check these items and click on Fix Checked.


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

O2 - BHO: Yvakt Class - {5C3E6596-C64F-48E0-AC1E-B9C6EB3A5915} - C:\WINDOWS\system32\x3cqp0.dll
O2 - BHO: (no name) - {E5E2A3E7-00FE-4D31-A030-A10799DDCA66} - (no file)

O4 - HKLM\..\Run: [defender] C:\\defender25.exe
O4 - HKLM\..\Run: [oypxukaA] C:\WINDOWS\oypxukaA.exe
O4 - HKLM\..\Run: [Hhl7RfpJ] "C:\WINDOWS\system32\ssn6tuu.exe"
O4 - HKCU\..\Run: [PECarlin] "C:\Program Files\PECarlin\PECarlin.exe"

O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar V35\ViewBar.dll/CXTSEARCH.HTML


O18 - Filter: text/html - {624A3CDB-8C0A-4902-8480-191582C8498E} - C:\WINDOWS\system32\x3cqp0.dll

O20 - Winlogon Notify: Nls - C:\WINDOWS\system32\m6640gjqe6oe0.dll (file missing)

O23 - Service: Userinit Logon Verification (UsrInitVerif) - Unknown owner - C:\WINDOWS\userinit.exe




Download Pocket Killbox to your desktop, unzip it to a folder that you can find.


* Highlight all the files at once with the complete path in the quote and press Ctrl C on your keyboard.

C:\defender25.exe
C:\WINDOWS\oypxukaA.exe
C:\WINDOWS\system32\m6640gjqe6oe0.dll
C:\WINDOWS\system32\ssn6tuu.exe
C:\WINDOWS\system32\x3cqp0.dll
C:\Program Files\PECarlin

* Open Pocket Killbox
* Go to File > Paste from clipboard
* Set it to Delete on Reboot
* Tick the box that says End Explorer shell while killing file
* If its not greyed out..Click the radio button that say Unregister .dll before deleting.
* Make sure ALL Files is selected
* Click on the Red circle with the white X
* It will ask you to confirm the deletion...Say yes
* It will ask you to reboot, say yes





Download and Install CCleaner
* Click on Run Cleaner
Tutorial for CCleaner



Post back with a New HJT log please

[rborz]

Ken545,

O23 - Service: Userinit Logon Verification (UsrInitVerif) - Unknown owner - C:\WINDOWS\userinit.exe
was not present when ran HJT scan, which seems to make sense. Here is the latest log.

Thanks

R

PS: Please note that i have the box offline as we clean- let me know when it may be safe to reconnect to network.


Logfile of HijackThis v1.99.1
Scan saved at 8:04:09 AM, on 6/17/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\HPQ\SHARED\HPQWMI.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...ilion&pf=laptop
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.h...ilion&pf=laptop
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] "%ProgramFiles%\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=laptop
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.s...rl/LSSupCtl.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...01/mcinsctl.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcaf...,26/mcgdmgr.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.s...rl/SymAData.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: MSSQL$MICROSOFTSMLBIZ - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe" -sMICROSOFTSMLBIZ (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SQLAgent$MICROSOFTSMLBIZ - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlagent.EXE" -i MICROSOFTSMLBIZ (file missing)

[ken545]

rborz

You have done well, your log looks good There are just a few minor issues we need to fix.

Go go the Add-Remove programs in the Control Panel and remove Viewpoint This is not Malware itself but installs without your knowledge or consent and is not needed.



Open HJT Scan Only, make sure your brower is closed as all open windows and fix these items. Some are optional so you can remove what you want. You can always open up HJT Review a List of Backups and restore any that you think you need to if they cause you a problem.

This one drove me crazy as it would start every 15 min or so, caused no problems with my HP All in One
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"

This one is just a reminder to register your copy of DirectX
O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe

This one if you uninstalled Viewpoint
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

This is using alot of resouces and is not needed at startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime


Your Java is out of date and leaving your system vunerale to attack, you can update it here.
Updating Java:

• Go to Start > Control Panel double-click on the Software icon > add/remove programs.
• Search in the list for all previous installed versions of Java. (J2SE Runtime Environment.... )
  
  It should have next icon next to it:
  Select it and click Remove.
• Then Download and install the newest version from here:http://www.java.com/en/download/manual.jsp

Post back and let me know how your system is running now and if all is ok, I have some tips and free tools for you to install to help keep you more secure on the internet.

[rborz]

Great news. I took your last few suggestions. Tired to use Java to update itself and its says I have most recent version - will double check manually. Remaining question: should I uninstall ewido, ccleaner and killbox? Since this is a friend's box, I will suggest they stop surfing with admin privileges open :-) Other tips? How does one join the classroom? Seems I have beenfited form the forum and perhaps, should give back. Thanks again R

[rborz]

one last update - just ran ewido scan after updating files (finally reconnected to the net). It picked up offun.exe. Should I worry? R

[ken545]

rborz

I took your last few suggestions. Tired to use Java to update itself and its says I have most recent version - will double check manually. Remaining question: should I uninstall ewido, ccleaner and killbox?

C:\Program Files\Java\jre1.5.0_06 <-- You have this
Java Runtime Environment Version 5.0 Update 7 <-- This is the upgrade.


1. Killbox you will never need , if you do in the future you can download an updated version
2. CCleaner is a great program and free, I run mine about every 2 weeks or so.
3. Ewido is a 30 day trial, after 30 days you will lose the background guard feature but you will still be able to check for updates, run scans and remove what it finds. I kept mine

one last update - just ran ewido scan after updating files (finally reconnected to the net). It picked up offun.exe. Should I worry?

offun.exe is a process belonging to an advertising program by PacerD. This process monitors your browsing habits and distributes the data back to the author's servers for analysis. This also prompts advertising popups. This program is a registered security risk and should be removed immediately.

There is no one program that catches it all, if Ewido removed it than not to worry.

How does one join the classroom? Seems I have beenfited form the forum and perhaps, should give back.

You can apply for admitance here
http://forums.tomcoy...?showtopic=1421







Here are some free programs and tips for keeping your system up to date, and to help keep all the riff raff out of your system.

Be sure to follow the instructions for System Restore because everything we removed is backed up in that program and if you ever use it to revert your system to an earlier date, you can reinfect your self all over again.


Download and Install CCleaner
* Click on Run Cleaner
* Run the Issues Scan < When it asks you to backup the Registry..Say Yes
Tutorial for CCleaner


Now that your clean, we need to erase all possible older infected files that may still be lurking on your system.
* Clean out your TEMP FILES
* This procedure should be run from SAFEMODE for better results.

To Enter SAFEMODE

* Go to START/ SHUT OF YOUR COMPUTER/ RESTART
* As the computer starts to boot-up, Tap the F8 KEY somewhat rapidly, this will bring up a menu.
* Use the UP AND DOWN ARROW KEYS to scroll up to SAFEMODE
* Then press the ENTER KEY ON YOUR KEYBOARD

* Go to My Computer/ C: Drive/ Documents and Settings/ Every User on this Computer Local Settings
and delete all the contents of the Temp Folder and the Temporary Internet Files Folder <--Just the contents, not the folder itself.

* Go to My Computer/ C:/ Windows/ Temp and delete all the contents of the Temp Folder <-- But not the temp folder itself.

* Go to My Computer/ C:/ Windows/ Prefetch and remove all the contents of the Prefetch Folder. <--But not the Prefetch folder itself.


NOW RE-BOOT NORMALLY


* Open INTERNET EXPLORER
* Click on the TOOLS MENU
* Then INTERNET OPTIONS
* At the GENERAL TAB (which should be the first tab you are currently on),
* click on the DELETE FILES BUTTON and put a checkmark in DELETE ALL OFFLINE CONTENT.
* Then press the OK BUTTON . This may take quite a while, so do not be alarmed with how long it takes.
* When it is done, your Temporary Internet Files will now be deleted.

Now Empty your Recycle Bin

System Restore makes regular backups of all your settings, if you ever had to use this program to restore your
system to a previous date, you will be infected all over again so we need to clean out the previous Restore Points

Turn off System Restore.

* Right-click My Computer.
* Click Properties.
* Click the System Restore tab.
* Check Turn off System Restore on all Drives.
* Click Apply, and then click OK.

Reboot your System

Turn ON System Restore.

* Right-click My Computer.
* ClickProperties.
* Click the System Restore tab.
* UN-Check Turn off System Restore on all Drives.
* Click Apply, and then click OK.

* Go to Start/ Control Panel/ Performance and Maintenance/ System Restore/ Create a New Restore Point
You can name the restore point anything you like, something that you can remember, You will have to be in Catagory View to see this

* Make sure that your ANTI-VIRUS SOFTWARE is up to date and run a full scan at least once aweek.

* Here are Free Anti-Virus Programs if you need one. Just install one because with AV software...MORE IS NOT BETTER.

AVG Free Edition
AntVir Personal Edition


* Spybot Search and Destroy 1.4
Check for Updates/ Immunize and run a Full System Scan on a regular basis.

* Ad-Aware SE Personal 1.06
Check for Updates and run a Full System Scan on a regular basis.

* Spyware Blaster It will prevent most spyware from ever being installed.

* Spyware Guard It offers realtime protection from spyware installation attempts.

* Win Patrol This program will warn you when any changes are being made to your system and
give you the option to deny the change.

* IE- Spyad IE-Spyad places over 4000 web sites and domains
in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (cookies etc) from the sites listed,
although you will still be able to connect to the sites.

* Firefox Browser
It has more features and is a lot more secure than IE. It is a very easy and painless download and install, it will no way interfere with IE, you can use
them both. When it asks you if you want it to be your default browser, say NO and take the checkmark out of the box to ask you again. After you use this
for awhile, you will want to make it your default.

* Thunderbird Mail There companion mail program was highly favored in PCWorld Magazine,
this has a good spam filter and is more secure than Outlook Express.

* Zone Alarm Here is a free Firewall from Zone Labs, I wouldn't
access the internet without it.

* WINDOWS UPDATES - Enable Automatic Updates
Right click on MY COMPUTER/Click on PROPERTIES/ AUTOMATIC UPDATES and put a mark in the radio button
DOWNLOAD UPDATES FOR ME BUT LET ME CHOOSE WHEN TO INSTALL THEM.

* Go to START/ CONTROL PANEL> PERFORMANCE AND MAINTENANCE> REARRANGE ITEMS ON YOUR HARD DISK TO MAKE PROGRAMS RUN FASTER
This is the Windows Disk Defragger, run this maybe once or twice a month to keep your system running good. The first time you run it, it may take awhile.


Thanks for stopping by Tom Coyote , I'm glad I was able to help you. I will keep this thread open for a few days in case you have any other questions

[rborz]

They're Backkk. Maybe. Was cleaning last steps and McAfee started flagging a bunch of the old pups again. This time most seemed to be dollarrevenue trojan related. trelew.exe was also in c:\. Redoing McAfee, Adaware and Ewido scans - other suggestions? thanks R

[ken545]

rborz ,

Lets run Ewido in Safemode and save the report for me to see. Open up Ewido, check for updates and then close out the program.



Now reboot into Safemode

* Go to Start> Shut off Your Computer> Restart
* As the computer starts to boot-up, Tap the F8 KEY somewhat rapidly, this will bring up a menu.
* Use the UP AND DOWN ARROW KEYS to scroll up to Safemode
* Then press the Enter Key on your Keyboard


Now open Ewido
o Click on scanner.
o Run a full system scan
o Let the program scan the machine.
o While the scan is in progress you will be prompted to clean files, click OK.
o Once the scan has completed, there will be a button located on the bottom of the screen named Save report.
o Click Save report.
o Save the report to your desktop.



Reboot normally




Download the trial version of Spy Sweeper from Here

Scroll to the bottom of the page and be sure to download and install the Free 4.5 Trial and not t the free online scan.

Install it using the Standard Install option. (You will be asked for your e-mail address, it is safe to give it. If you receive
alerts from your firewall, allow all activities for Spy Sweeper)

You will be prompted to check for updated definitions, please do so.
(This may take several minutes)

Click on Options > Sweep Options and check Sweep all Folders on Selected drives. Check Local Disc C.
Under What to Sweep, check every box.

Click on Sweep and allow it to fully scan your system.

When the sweep has finished, click Remove. Click Select All and then Next

From 'Results', select the Session Log tab. Click Save to File and save the log somewhere convenient.

Exit Spy Sweeper.

Restart your computer, and then please copy and paste the SpySweeper log into this thread along with the Ewido report and a new HJT log.

[rborz]

Ken545,

My best guess is the machine started reinfecting when I launced IE to clear the cache. So I ran adaware, spybot and ewido before your note last night. I then ran ewido, spysweeper and hjt again (all logs below) based on your instructions. Lo and Behold, spysweeper found the trojans the other's missed. Question is whether we have them all - I have yet to put the machine on-line again (no firewall yet). Looking forward to your reply

Thanks

R

PS: any idea what the sqlserver load is doing?


---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 6:21:47 AM, 6/19/2006
+ Report-Checksum: D92A6CF1

+ Scan result:

No infected objects found.


::Report End

********
6:30 AM: | Start of Session, Monday, June 19, 2006 |
6:30 AM: Spy Sweeper started
6:30 AM: Sweep initiated using definitions version 701
6:31 AM: Starting Memory Sweep
6:38 AM: Memory Sweep Complete, Elapsed Time: 00:07:08
6:38 AM: Starting Registry Sweep
6:38 AM: Found Adware: marketscore
6:38 AM: HKCR\clsid\{cd1b7795-13bc-4a12-bf42-a52748971aa2}\ (20 subtraces) (ID = 1144173)
6:38 AM: HKCR\typelib\{fe844296-3c38-4b78-a272-87557622c953}\ (9 subtraces) (ID = 1144194)
6:38 AM: HKLM\software\classes\clsid\{cd1b7795-13bc-4a12-bf42-a52748971aa2}\ (20 subtraces) (ID = 1144222)
6:38 AM: HKLM\software\classes\typelib\{fe844296-3c38-4b78-a272-87557622c953}\ (9 subtraces) (ID = 1144226)
6:38 AM: HKCR\iceclientatl.surveyclientctl\ (5 subtraces) (ID = 1149340)
6:38 AM: HKCR\iceclientatl.surveyclientctl.1\ (3 subtraces) (ID = 1149346)
6:38 AM: HKLM\software\classes\iceclientatl.surveyclientctl\ (5 subtraces) (ID = 1149354)
6:38 AM: HKLM\software\classes\iceclientatl.surveyclientctl.1\ (3 subtraces) (ID = 1149360)
6:38 AM: Found Adware: linkmaker
6:38 AM: HKCR\fseytdc.ariaqudok\ (3 subtraces) (ID = 1180460)
6:38 AM: HKCR\fseytdc.ariaqudok.1\ (3 subtraces) (ID = 1180464)
6:38 AM: HKLM\software\classes\fseytdc.ariaqudok\ (3 subtraces) (ID = 1180510)
6:38 AM: HKLM\software\classes\fseytdc.ariaqudok.1\ (3 subtraces) (ID = 1180514)
6:38 AM: HKCR\typelib\{90aff1ef-c901-4991-8d61-5beea455e090}\ (9 subtraces) (ID = 1389930)
6:38 AM: Found Adware: sysprotect
6:38 AM: HKLM\software\classes\typelib\{90aff1ef-c901-4991-8d61-5beea455e090}\ (9 subtraces) (ID = 1390005)
6:38 AM: Found Adware: dollarrevenue
6:38 AM: HKLM\software\ksr39sj5\ (2 subtraces) (ID = 1390021)
6:38 AM: Registry Sweep Complete, Elapsed Time:00:00:27
6:38 AM: Starting Cookie Sweep
6:38 AM: Cookie Sweep Complete, Elapsed Time: 00:00:00
6:38 AM: Starting File Sweep
6:55 AM: jiub5f27y.hhy (ID = 276229)
6:56 AM: cemetrix.dll (ID = 298669)
7:00 AM: Found Trojan Horse: trojan-dropper-agenthl
7:00 AM: vsl05.exe (ID = 299775)
7:01 AM: Found Adware: zenosearchassistant
7:01 AM: z_start.lnk (ID = 235994)
7:01 AM: File Sweep Complete, Elapsed Time: 00:23:04
7:01 AM: Full Sweep has completed. Elapsed time 00:30:58
7:01 AM: Traces Found: 125
8:02 PM: Removal process initiated
8:02 PM: Quarantining All Traces: zenosearchassistant
8:02 PM: Quarantining All Traces: dollarrevenue
8:02 PM: Quarantining All Traces: linkmaker
8:02 PM: Quarantining All Traces: marketscore
8:02 PM: Quarantining All Traces: trojan-dropper-agenthl
8:02 PM: Quarantining All Traces: sysprotect
8:02 PM: Removal process completed. Elapsed time 00:00:17
********
6:29 AM: | Start of Session, Monday, June 19, 2006 |
6:29 AM: Spy Sweeper started
6:30 AM: Your spyware definitions have been updated.
6:30 AM: | End of Session, Monday, June 19, 2006

Logfile of HijackThis v1.99.1
Scan saved at 8:06:13 PM, on 6/19/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\HPQ\SHARED\HPQWMI.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...ilion&pf=laptop
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] "%ProgramFiles%\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=laptop
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.s...rl/LSSupCtl.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...01/mcinsctl.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcaf...,26/mcgdmgr.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.s...rl/SymAData.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: MSSQL$MICROSOFTSMLBIZ - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe" -sMICROSOFTSMLBIZ (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SQLAgent$MICROSOFTSMLBIZ - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlagent.EXE" -i MICROSOFTSMLBIZ (file missing)
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

|

[ken545]

rborz,

You have Microsoft SQL Server running on your system, it has to be something you installed.

sqlmangr.exe is a system tray application from Microsoft which allows the user to start and stop SQL related services. This program is a non-essential system process, but should not be terminated unless suspected to be causing problems.

sqlagent.exe is a process belinging to the Microsoft SQL Server Agent and is used for executing scheduled jobs.

Download the stand alone version of CWShredder
Check for updates but dont run it yet


Boot into Safemode and open HJT Scan Only, and close all open windows and remove these entries.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank




Still in Safemode , run CWShredder

* Double-click on CWShredder.exe.
* Click "Fix ->" and click "OK" at the prompt.
* CWShredder will scan and clean your system of CWS files.
* Click "Next->" and then "Exit".



Now look for and delete the following files if still present, they could be in C:\, C:\windows or C:\windows\system32

cemetrix.dll
vsl05.exe



Post back with a new HJT log and let me know if things have improved.