Mobile/PDA About Us Advertise here
User User name Password  
  Not registered yet? Register here.
Lost your password? Click here. 		 
  Home   News   Guides   Downloads   Glossary   Hardware   Profiles   Forums   v4  
 Advertise at AfterDawn.com     Link to us!     Private messages     Compose a private message     List of all updated threads     Threads without replies     Search messages
Friday 31.10.2025 / 00:15
Search AfterDawn Forums:        In English   Suomeksi   På svenska
afterdawn.com > forums > software, operating systems and more > windows - virus and spyware problems > unclean computer - ulwindowseek popups
Show topics
 
Forums
Forums
Unclean Computer - UlWindowSeek popups
  Jump to:
 
Posted Message
Page:12Next >
DiRect
Member
_ 		20. May 2006 @ 18:59 _ Link to this message    Send private message to this user   
Hi,
My computer is unclean, and I keep recieving these UlWindowSeek popups. I had to remove SpyFalcon and something called "Yazzle Soduku" from the computer, and after that I started getting these pop-ups. Just now, Norton Antivirus also detected Trojan.Nebular (supposedly came from the popups). Here is my HiJackThis log:

Logfile of HijackThis v1.99.1
Scan saved at 10:56:48 PM, on 5/20/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe
C:\Program Files\Sony\VAIO Zone Remote Commander\AvRmtCtr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HiJackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {b0398eca-0bcd-4645-8261-5e9dc70248d0} - (no file)
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [VZRemoteCommander] C:\Program Files\Sony\VAIO Zone Remote Commander\AvRmtCtr.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P30 "EPSON Stylus Photo R300 Series" /O6 "USB002" /M "Stylus Photo R300"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: winmmz32 - winmmz32.dll (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe

Can someone please help, and tell me the steps into fixing my PC?

Regards,
DiRect
[ + quote]
Knowledge is imminent...
Advertisement
_ 		__
DiRect
Member
_ 		21. May 2006 @ 05:41 _ Link to this message    Send private message to this user   
Hi,
Just to update, the winmmz32.dll file that is missing is the one I deleted because it was the file with the virus. Norton Antivirus could not delete it, because access was denied so I used KillBox to kill it on restart. Please, can someone help me, I need to get this fixed as fast as possible.

Regards,
DiRect
[ + quote]
Knowledge is imminent...
JaPK
Senior Member
_ 		21. May 2006 @ 09:58 _ Link to this message    Send private message to this user   
Hi DiRect.

Download SmitfraudFix.zip to your desktop -> http://siri.urz.free.fr/Fix/SmitfraudFix.zip

Unzip it (folder named SmitFraudFix) to your desktop:

Open the folder SmitfraudFix and doubleclick smitfraudfix.cmd
Choose option #1 - Search by typing 1 and pressing "Enter"; a textfile opens and lists the infected files (if those exist)

Post the contents of this textfile to here.

(Some antiviruses recognises process.exe as a malware. It is not malware, it is a program that stops processes)
[ + quote]
DiRect
Member
_ 		21. May 2006 @ 10:28 _ Link to this message    Send private message to this user   
Hi,
Here is the log you asked for:

SmitFraudFix v2.45

Scan done at 14:26:43.60, Sun 05/21/2006
Run from C:\Documents and Settings\Owner\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600]

»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

C:\WINDOWS\system32\appmagr.dll FOUND !
C:\WINDOWS\system32\atmclk.exe FOUND !
C:\WINDOWS\system32\dcomcfg.exe FOUND !
C:\WINDOWS\system32\regperf.exe FOUND !
C:\WINDOWS\system32\simpole.tlb FOUND !
C:\WINDOWS\system32\stdole3.tlb FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Owner\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Owner\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End


Help is appreciated, thanks :)!

Regards,
DiRect
[ + quote]
Knowledge is imminent...
JaPK
Senior Member
_ 		21. May 2006 @ 10:40 _ Link to this message    Send private message to this user   
Cleaning instructions:

Update Ewido.

Fix the following entries with HijackThis (run HijackThis, press "Do a system scan only", close all other windows, checkmark entries and press Fix checked):

O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - (no file)
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O20 - Winlogon Notify: winmmz32 - winmmz32.dll (file missing)

Restart your computer to the safemode -> http://www.pchell.com/support/safemode.shtml

When in safemode, open SmitfraudFix folder and doubleclick the file smitfraudfix.cmd
Choose option #2 - Clean by typing 2 and pressing "Enter" in order to remove the infected files.

You are asked: "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove your desktop wallpaper and the infected registry keys.

The tool checks if wininet.dll file is infected. You might be asked to replace the infected .dll (if found); answer "Yes" by typing Y and press "Enter".

The tool might have to restart your computer; if it won't do it, restart your computer back to normal mode.
A textfile will appear after the cleaning process, copy this file and paste it to here.
Tha log is saved to your local diskdrive, usually C:\rapport.txt.

Warning : Running option 2 in a clean computer will delete your desktop wallpaper.

Scan and clean your computer with Ewido and save the log file.

Post the following logs to here:
-> a fresh HijackThis log
-> Ewido's log to
-> contents of C:\rapport.txt
[ + quote]
DiRect
Member
_ 		21. May 2006 @ 11:23 _ Link to this message    Send private message to this user   
Hi,
Thanks a lot for your help, here are the log files you requested:

RAPPORT
SmitFraudFix v2.45

Scan done at 15:02:34.46, Sun 05/21/2006
Run from C:\Documents and Settings\Owner\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600]

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» End

(sorry, I accidently cleaned it again, and the other log file got replaced, but it did delete all the infections)

EWIDO
---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 3:20:26 PM, 5/21/2006
+ Report-Checksum: B5922790

+ Scan result:

:mozilla.20:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\193x94p7.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.22:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\193x94p7.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.29:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\193x94p7.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.32:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\193x94p7.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.33:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\193x94p7.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.35:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\193x94p7.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.36:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\193x94p7.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.37:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\193x94p7.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.38:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\193x94p7.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.39:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\193x94p7.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.40:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\193x94p7.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.41:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\193x94p7.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.42:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\193x94p7.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.44:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\193x94p7.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.45:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\193x94p7.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.46:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\193x94p7.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.47:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\193x94p7.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.48:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\193x94p7.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.49:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\193x94p7.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.55:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\193x94p7.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.56:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\193x94p7.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.58:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\193x94p7.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.59:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\193x94p7.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.60:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\193x94p7.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.61:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\193x94p7.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.62:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\193x94p7.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.63:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\193x94p7.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.77:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\193x94p7.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.81:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\193x94p7.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.82:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\193x94p7.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.83:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\193x94p7.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.85:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\193x94p7.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.86:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\193x94p7.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.92:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\193x94p7.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.93:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\193x94p7.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.95:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\193x94p7.default\cookies.txt -> TrackingCookie.Addynamix : Cleaned with backup
:mozilla.130:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\193x94p7.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.131:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\193x94p7.default\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup
:mozilla.132:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\193x94p7.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.133:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\193x94p7.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.143:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\193x94p7.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.144:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\193x94p7.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.145:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\193x94p7.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.146:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\193x94p7.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.172:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\193x94p7.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.173:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\193x94p7.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.174:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\193x94p7.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.175:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\193x94p7.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.183:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\193x94p7.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.185:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\193x94p7.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.192:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\193x94p7.default\cookies.txt -> TrackingCookie.Coremetrics : Cleaned with backup
:mozilla.245:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\193x94p7.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.246:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\193x94p7.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.247:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\193x94p7.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.248:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\193x94p7.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.264:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\193x94p7.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.268:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\193x94p7.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.269:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\193x94p7.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.277:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\193x94p7.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.278:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\193x94p7.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.279:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\193x94p7.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.293:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\193x94p7.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.294:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\193x94p7.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.295:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\193x94p7.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.296:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\193x94p7.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.305:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\193x94p7.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned with backup
:mozilla.322:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\193x94p7.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.326:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\193x94p7.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.327:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\193x94p7.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.328:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\193x94p7.default\cookies.txt -> TrackingCookie.Masterstats : Cleaned with backup
:mozilla.343:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\193x94p7.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.344:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\193x94p7.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.345:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\193x94p7.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.352:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\193x94p7.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned with backup
:mozilla.353:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\193x94p7.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned with backup
:mozilla.354:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\193x94p7.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned with backup
:mozilla.355:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\193x94p7.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned with backup
:mozilla.356:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\193x94p7.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.370:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\193x94p7.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned with backup
:mozilla.373:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\193x94p7.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.392:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\193x94p7.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.396:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\193x94p7.default\cookies.txt -> TrackingCookie.Clickhype : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup


::Report End

HiJackThis
Logfile of HijackThis v1.99.1
Scan saved at 3:23:08 PM, on 5/21/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe
C:\Program Files\Sony\VAIO Zone Remote Commander\AvRmtCtr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HiJackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [VZRemoteCommander] C:\Program Files\Sony\VAIO Zone Remote Commander\AvRmtCtr.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P30 "EPSON Stylus Photo R300 Series" /O6 "USB002" /M "Stylus Photo R300"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe

Hope it's clean now :)!

Regards,
DiRect
[ + quote]
Knowledge is imminent...
JaPK
Senior Member
_ 		21. May 2006 @ 20:33 _ Link to this message    Send private message to this user   
Ok good, you're looking clean :)

You have an outdated Java, the latest version is 1.5.0_06 and you're having 1.5.0
You should update your Java because the old version has all kinds of vulnerabilites.

So update your Java:

1. Click Start-> Control Panel and double-click Java icon (coffee cup)
2. Move to "Update" tab and update Java by clicking "Update Now".
3. Do a restart.
4. If you can't make automatic update, get new version manually from here -> http://www.java.com/en/download/manual.jsp
5. Remove the old Java from the Control Panel -> Add/Remove Programs if still found, it should be named like this J2SE Runtime Environment 5.0

Now that you're clean, here are some tips how to stay clean.

1. Stand Up and Be Counted, Malware Complaints -> http://www.malwarecomplaints.info
The site offers people who have been (or are) victims of malware the opportunity to document their story and, in that way, launch a complaint against the malware and the makers of the malware.

2. Clear your system restore -> http://www.microsoft.com/windowsxp/using/helpandsupport/learnmore...
This will clear the system restore folders from possible malware that was left behind during the cleaning process. Remember to create a new restore point after the cleaning.

3. Use CCleaner -> http://www.ccleaner.com
Download and install CCleaner. Clean your registry and temporary files with it regularly.

4. Use Ad-Aware -> http://www.bleepingcomputer.com/forums/?showtutorial=48
Download and install Ad-Aware. Update it and scan your computer regularly with it.

5. Use Spybot S&D -> http://www.bleepingcomputer.com/forums/?showtutorial=43
Download and install Spybot S&D. Update it and scan your computer regularly with it.

6. Use Ewido -> http://www.ewido.net/en
Download and install Ewido. Update it and scan your computer regularly with it.

7. Install SpywareBlaster -> http://www.javacoolsoftware.com/spywareblaster.html
SpywareBlaster will prevent spyware from being installed.

8. Install MVPS Hosts file -> http://mvps.org/winhelp2002/hosts.htm
This prevents your computer from connecting to harmful sites.

9. Use Firefox browser -> http://www.mozilla.org
Firefox is faster, safer and quicker browser than Internet Explorer. (My favourite)

10. Keep your systen up-to-date -> http://windowsupdate.microsoft.com
Visit Windows Update regularly.

11. Keep your antivirus and firewall up-to-date
Scan your computer regularly with your antivirus.

12. Read this article by TonyKlein -> http://castlecops.com/postlite7736-.html
So how did I get infected in the first place?

Stay clean ;)
[ + quote]

This message has been edited since posting. Last time this message was edited on 21. May 2006 @ 22:11
znurtedik
Newbie
_ 		28. May 2006 @ 01:50 _ Link to this message    Send private message to this user   
Hello, i have the same problem with Direct and i tried to follow things you have posted here but i finally decided it is better to post reports i got from Smitfraudfix and after that hijackthis..

here is my smitfraudfix rapport..

SmitFraudFix v2.49

Scan done at 12:38:02,34, 28.05.2006
Run from C:\Documents and Settings\Nur\Desktop\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600]
Fix ran in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

C:\WINDOWS\system32\ot.ico FOUND !
C:\WINDOWS\system32\regperf.exe FOUND !
C:\WINDOWS\system32\stdole3.tlb FOUND !
C:\WINDOWS\system32\1024\ FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Nur\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Nur\FAVORI~1

C:\DOCUME~1\Nur\FAVORI~1\Antivirus Test Online.url FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{e04408db-4812-4478-8d4d-e46edcffd3b6}"="AutoDisc Ware"


»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End

and after that i did hijackthis and i recieved this report...

Logfile of HijackThis v1.99.1
Scan saved at 12:30:39, on 28.05.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Billionton\Bluetooth Software\bin\btwdins.exe
C:\Program Files\cFosSpeed\spd.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\PHILIP~1\VProperty.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dns\bin\named.exe
C:\Program Files\cFosSpeed\cFosSpeed.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\msiexec.exe
C:\Documents and Settings\Nur\Desktop\HijackThis_v1.99.1.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = prosearching.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = prosearching.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = prosearching.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = prosearching.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = prosearching.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = prosearching.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = prosearching.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = prosearching.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = prosearching.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = prosearching.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = prosearching.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page_bak = prosearching.com
R3 - Default URLSearchHook is missing
O1 - Hosts: 84.44.114.44 eksisozluk.com
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Nothing - {f79fd28e-36ee-4989-aa61-9dd8e30a82fa} - (no file)
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O4 - HKLM\..\Run: [ToUcamVProperty] C:\PROGRA~1\PHILIP~1\VProperty.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [cFosSpeed] C:\Program Files\cFosSpeed\cFosSpeed.exe
O4 - HKLM\..\Run: [CloneDVDElbyDelay] "C:\Program Files\Elaborate Bytes\CloneDVD\ElbyCheck.exe" /L ElbyDelay
O4 - HKLM\..\Run: [ElbyCheckAnyDVD] "C:\Program Files\SlySoft\AnyDVD\ElbyCheck.exe" /L AnyDVD
O4 - HKLM\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Gpl help owns active] C:\Documents and Settings\All Users\Application Data\tons glue gpl help\Ball Tray.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp3\winampa.exe"
O4 - HKLM\..\Run: [errorkiller] "C:\Program Files\errorkiller\errorkiller.exe" -boot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [dateface] C:\DOCUME~1\Nur\APPLIC~1\BENDME~1\HideLoud.exe
O4 - HKCU\..\Run: [5dd33f6.exe] C:\Documents and Settings\Nur\Local Settings\Application Data\5dd33f6.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Microsoft Excel'e Gö&nder - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\Billionton\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Billionton\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Billionton\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1162
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{305CB6AE-B27B-466D-A3F1-D62EF57AE6E2}: NameServer = 127.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{5B75B616-4C16-4D31-B8D1-0BC5FDEA8442}: NameServer = 127.0.0.1,10.0.0.2
O17 - HKLM\System\CCS\Services\Tcpip\..\{7D9B9A41-285D-40D6-ADBF-6BC58063E829}: NameServer = 127.0.0.1,10.0.0.2
O17 - HKLM\System\CS1\Services\Tcpip\..\{305CB6AE-B27B-466D-A3F1-D62EF57AE6E2}: NameServer = 127.0.0.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{305CB6AE-B27B-466D-A3F1-D62EF57AE6E2}: NameServer = 127.0.0.1
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: talkto - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winwea32 - C:\WINDOWS\SYSTEM32\winwea32.dll
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\Billionton\Bluetooth Software\bin\btwdins.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: cFosSpeed System Service (cFosSpeedS) - Unknown owner - C:\Program Files\cFosSpeed\spd.exe" -service (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: twdns - Unknown owner - C:\WINDOWS\system32\dns\bin\named.exe

please lead me to delete this too..
[ + quote]

This message has been edited since posting. Last time this message was edited on 28. May 2006 @ 01:56
JaPK
Senior Member
_ 		28. May 2006 @ 05:32 _ Link to this message    Send private message to this user   
Hi znurtedik.

You don't have a firewall or an antivirus on your computer. Download and install one firewall and one antivirus.

These are good (free) firewalls:
ZoneAlarm --> http://www.zonelabs.com
Kerio--> http://www.sunbelt-software.com/Kerio.cfm
Outpost-> http://www.agnitum.com

These are good (free) antiviruses:
AVG Antivirus --> http://www.grisoft.com
Avast --> http://www.avast.com

Ok, you got some infections on your computer....

Cleaning instructions:

Move HijackThis into its own folder C:\HJT

Download and install Ewido anti-malware -> http://www.ewido.net/en/download
Update it, but do NOT run a scan yet. We'll use it later.

Run HijackThis. Press Do a system scan only, then close all other windows, checkmark the following entries and press Fix checked

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = prosearching.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = prosearching.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = prosearching.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = prosearching.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = prosearching.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = prosearching.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = prosearching.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = prosearching.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = prosearching.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = prosearching.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = prosearching.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page_bak = prosearching.com
R3 - Default URLSearchHook is missing
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O4 - HKLM\..\Run: [Gpl help owns active] C:\Documents and Settings\All Users\Application Data\tons glue gpl help\Ball Tray.exe
O4 - HKCU\..\Run: [dateface] C:\DOCUME~1\Nur\APPLIC~1\BENDME~1\HideLoud.exe
O4 - HKCU\..\Run: [5dd33f6.exe] C:\Documents and Settings\Nur\Local Settings\Application Data\5dd33f6.exe
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1162
O20 - Winlogon Notify: winwea32 - C:\WINDOWS\SYSTEM32\winwea32.dll

Fix this too if you haven't set it:
O1 - Hosts: 84.44.114.44 eksisozluk.com

Make your hidden files visible -> http://www.bleepingcomputer.com/tutorials/tutorial62.html
Restart your computer to the safemode -> http://www.pchell.com/support/safemode.shtml

Delete these folders (if found):
C:\Documents and Settings\All Users\Application Data\tons glue gpl help
C:\Documents and Settings\Nur\Application Data\BENDME~1

Delete these files (if found):
C:\Documents and Settings\Nur\Local Settings\Application Data\5dd33f6.exe

Use the Windows "search" function
-> Start
-> Search
-> All files and folders
-> More advanced options

Checkmark these options:
- "Search system folders"
- "Search hidden files and folders"
- "Search subfolders"

->Search for this and delete if found: winwea32.dll

When in safemode, open SmitfraudFix folder and doubleclick the file smitfraudfix.cmd
Choose option #2 - Clean by typing 2 and pressing "Enter" in order to remove the infected files.

You are asked: "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove your desktop wallpaper and the infected registry keys.

The tool checks if wininet.dll file is infected. You might be asked to replace the infected .dll (if found); answer "Yes" by typing Y and press "Enter".

The tool might have to restart your computer; if it won't do it, restart your computer back to normal mode.
A textfile will appear after the cleaning process, copy this file and paste it to here.

Tha log is saved to your local diskdrive, usually C:\rapport.txt.

Warning : Running option 2 in a clean computer will delete your desktop wallpaper.

Scan and clean your computer with Ewido and save the report.

Clean the Recycle bin and make your hidden files visible again.

Download Findlop by Metallica and save it t your desktop -> http://metallica.geekstogo.com/findlop.zip

Extract the zip file and doubleclick the file findlop.bat, answer yes to any questions.

Post the following logs to here:
-> a fresh HijackThis log
-> Ewido's log
-> contents of C:\rapport.txt
-> contents of C:\findlop.txt
[ + quote]
I have moved from AD, I won''t be taking new HijackThis logs from here. Reason: The AD''s Unsupportive athmosphere.

This message has been edited since posting. Last time this message was edited on 28. May 2006 @ 05:33
shobhit
Newbie
_ 		28. May 2006 @ 06:32 _ Link to this message    Send private message to this user   
HI,
I AM ALSO HAVING THIS PROB...
This is my first post here...
I hope i get help here...
I am getting pop ups called 'ulwindowseek' and 'ulwindowurl'

This is my hijackthis log


Logfile of HijackThis v1.99.1
Scan saved at 8:00:22 PM, on 5/28/2006
Platform: Windows XP SP2, v.2096 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2096)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
F:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\ALCMTR.EXE
C:\Program Files\UberIcon\UberIcon Manager.exe
C:\Program Files\Yahoo!\Messenger\YPager.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Shobhit Is GREAT\Desktop\mac\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = prosearching.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = prosearching.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = prosearching.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.2020search.com/search/9884/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = prosearching.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = prosearching.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.2020search.com/search/9884/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = prosearching.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = prosearching.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page_bak = prosearching.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 209.128.101.236:8080
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [System Files Updater] C:\WINDOWS\FlyakiteOSX\Tools\System Files Updater.exe /S
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\RunOnce: [NCInstallQueue] rundll32 netman.dll,ProcessQueue
O4 - HKCU\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe"
O4 - HKCU\..\Run: [SysIdle] "C:\WINDOWS\SysIdle.exe"
O4 - Startup: RK Launcher.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Y!mLite - {9B04D939-D9D1-45e0-9FBF-5A31AAF7A68A} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.flingstone.com
O15 - Trusted Zone: *.i-lookup.com
O15 - Trusted Zone: *.offshoreclicks.com
O15 - Trusted Zone: *.teensguru.com
O15 - Trusted Zone: *.xxxtoolbar.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst200405...
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/cl...
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} (YazzleActiveX Control) - http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1162
O18 - Protocol: msnim - 0 - (no file)
O18 - Filter: application/xhtml+xml - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll
O18 - Filter hijack: text/xml - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll
O18 - Filter: text/xml; charset=iso-8859-1 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll
O18 - Filter: text/xml; charset=utf-8 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: winosz32 - C:\WINDOWS\SYSTEM32\winosz32.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: BlueSoleil Hid Service - Unknown owner - F:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

PLZ HELP...
[ + quote]
DO OR DO NOT,NO TRY

This message has been edited since posting. Last time this message was edited on 28. May 2006 @ 07:47
JaPK
Senior Member
_ 		28. May 2006 @ 19:35 _ Link to this message    Send private message to this user   
Hi shobhit, ok you got some infections...

At first, download SmitfraudFix.zip to your desktop -> http://siri.urz.free.fr/Fix/SmitfraudFix.zip

Unzip it (folder named SmitFraudFix) to your desktop:

Open the folder SmitfraudFix and doubleclick smitfraudfix.cmd
Choose option #1 - Search by typing 1 and pressing "Enter"; a textfile opens and lists the infected files (if those exist)

Post the contents of this textfile to here.

(Some antiviruses recognises process.exe as a malware. It is not malware, it is a program that stops processes)

Then we'll start the cleaning process.
[ + quote]
I have moved from AD, I won''t be taking new HijackThis logs from here. Reason: The AD''s Unsupportive athmosphere.
shobhit
Newbie
_ 		28. May 2006 @ 20:12 _ Link to this message    Send private message to this user   
My SmitFraud scan reults:

SmitFraudFix v2.49b

Scan done at 9:40:39.17, Mon 05/29/2006
Run from C:\Documents and Settings\Shobhit Is GREAT\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix ran in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Shobhit Is GREAT\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\SHOBHI~1\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End

[ + quote]
DO OR DO NOT,NO TRY
JaPK
Senior Member
_ 		29. May 2006 @ 03:10 _ Link to this message    Send private message to this user   
Hi shobhit, lets get you cleaned then.......

Cleaning instructions:

Download and install Ewido anti-malware -> http://www.ewido.net/en/download
Update it, but do NOT run a scan yet. We'll use it later.

Run HijackThis. Press Do a system scan only, then close all other windows, checkmark the following entries and press Fix checked

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = prosearching.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = prosearching.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = prosearching.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.2020search.com/search/9884/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = prosearching.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = prosearching.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.2020search.com/search/9884/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = prosearching.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = prosearching.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page_bak = prosearching.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKCU\..\Run: [SysIdle] "C:\WINDOWS\SysIdle.exe"
O15 - Trusted Zone: *.flingstone.com
O15 - Trusted Zone: *.i-lookup.com
O15 - Trusted Zone: *.offshoreclicks.com
O15 - Trusted Zone: *.teensguru.com
O15 - Trusted Zone: *.xxxtoolbar.com
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} (YazzleActiveX Control) - http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1162
O18 - Protocol: msnim - 0 - (no file)
O20 - Winlogon Notify: winosz32 - C:\WINDOWS\SYSTEM32\winosz32.dll

Make your hidden files visible -> http://www.bleepingcomputer.com/tutorials/tutorial62.html
Restart your computer to the safemode -> http://www.pchell.com/support/safemode.shtml

Delete these files (if found):
C:\WINDOWS\SysIdle.exe
C:\WINDOWS\SYSTEM32\winosz32.dll

Scan and clean your computer with Ewido and save the report.

Clean the Recycle bin and make your hidden files visible again.

Restart your computer normally.

Post the following logs to here:
-> a fresh HijackThis log
-> Ewido's log
[ + quote]
I have moved from AD, I won''t be taking new HijackThis logs from here. Reason: The AD''s Unsupportive athmosphere.
znurtedik
Newbie
_ 		29. May 2006 @ 07:05 _ Link to this message    Send private message to this user   
Hello,today i did every step and i only had one problem.. it was like this;
Can not delete winwea32.dll : Access is denied.
Make sure that disk is not full or write-protected and that file is not currently in use

beside that everything worked out..

here is Smitfraudfix rapport

SmitFraudFix v2.49

Scan done at 17:23:25,71, 29.05.2006
Run from C:\Documents and Settings\Nur\Desktop\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600]
Fix ran in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{e04408db-4812-4478-8d4d-e46edcffd3b6}"="AutoDisc Ware"


»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\WINDOWS\system32\ot.ico Deleted
C:\WINDOWS\system32\regperf.exe Deleted
C:\WINDOWS\system32\stdole3.tlb Deleted
C:\WINDOWS\system32\1024\ Deleted
C:\DOCUME~1\Nur\FAVORI~1\Antivirus Test Online.url Deleted

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End

here is Ewido

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 17:57:42, 29.05.2006
+ Report-Checksum: 48924355

+ Scan result:

:mozilla.17:C:\Documents and Settings\Nur\Application Data\Mozilla\Firefox\Profiles\arjcf6uj.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.18:C:\Documents and Settings\Nur\Application Data\Mozilla\Firefox\Profiles\arjcf6uj.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.38:C:\Documents and Settings\Nur\Application Data\Mozilla\Firefox\Profiles\arjcf6uj.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.40:C:\Documents and Settings\Nur\Application Data\Mozilla\Firefox\Profiles\arjcf6uj.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.41:C:\Documents and Settings\Nur\Application Data\Mozilla\Firefox\Profiles\arjcf6uj.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.42:C:\Documents and Settings\Nur\Application Data\Mozilla\Firefox\Profiles\arjcf6uj.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.58:C:\Documents and Settings\Nur\Application Data\Mozilla\Firefox\Profiles\arjcf6uj.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.59:C:\Documents and Settings\Nur\Application Data\Mozilla\Firefox\Profiles\arjcf6uj.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.60:C:\Documents and Settings\Nur\Application Data\Mozilla\Firefox\Profiles\arjcf6uj.default\cookies.txt -> TrackingCookie.Estat : Cleaned with backup
:mozilla.61:C:\Documents and Settings\Nur\Application Data\Mozilla\Firefox\Profiles\arjcf6uj.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.65:C:\Documents and Settings\Nur\Application Data\Mozilla\Firefox\Profiles\arjcf6uj.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.66:C:\Documents and Settings\Nur\Application Data\Mozilla\Firefox\Profiles\arjcf6uj.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.67:C:\Documents and Settings\Nur\Application Data\Mozilla\Firefox\Profiles\arjcf6uj.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.70:C:\Documents and Settings\Nur\Application Data\Mozilla\Firefox\Profiles\arjcf6uj.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.71:C:\Documents and Settings\Nur\Application Data\Mozilla\Firefox\Profiles\arjcf6uj.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.72:C:\Documents and Settings\Nur\Application Data\Mozilla\Firefox\Profiles\arjcf6uj.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.73:C:\Documents and Settings\Nur\Application Data\Mozilla\Firefox\Profiles\arjcf6uj.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.74:C:\Documents and Settings\Nur\Application Data\Mozilla\Firefox\Profiles\arjcf6uj.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.75:C:\Documents and Settings\Nur\Application Data\Mozilla\Firefox\Profiles\arjcf6uj.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.85:C:\Documents and Settings\Nur\Application Data\Mozilla\Firefox\Profiles\arjcf6uj.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.86:C:\Documents and Settings\Nur\Application Data\Mozilla\Firefox\Profiles\arjcf6uj.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.129:C:\Documents and Settings\Nur\Application Data\Mozilla\Firefox\Profiles\arjcf6uj.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup
:mozilla.133:C:\Documents and Settings\Nur\Application Data\Mozilla\Firefox\Profiles\arjcf6uj.default\cookies.txt -> TrackingCookie.Clickhype : Cleaned with backup
:mozilla.140:C:\Documents and Settings\Nur\Application Data\Mozilla\Firefox\Profiles\arjcf6uj.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.160:C:\Documents and Settings\Nur\Application Data\Mozilla\Firefox\Profiles\arjcf6uj.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned with backup
:mozilla.161:C:\Documents and Settings\Nur\Application Data\Mozilla\Firefox\Profiles\arjcf6uj.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.162:C:\Documents and Settings\Nur\Application Data\Mozilla\Firefox\Profiles\arjcf6uj.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.163:C:\Documents and Settings\Nur\Application Data\Mozilla\Firefox\Profiles\arjcf6uj.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.164:C:\Documents and Settings\Nur\Application Data\Mozilla\Firefox\Profiles\arjcf6uj.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.165:C:\Documents and Settings\Nur\Application Data\Mozilla\Firefox\Profiles\arjcf6uj.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.166:C:\Documents and Settings\Nur\Application Data\Mozilla\Firefox\Profiles\arjcf6uj.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.167:C:\Documents and Settings\Nur\Application Data\Mozilla\Firefox\Profiles\arjcf6uj.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.168:C:\Documents and Settings\Nur\Application Data\Mozilla\Firefox\Profiles\arjcf6uj.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.169:C:\Documents and Settings\Nur\Application Data\Mozilla\Firefox\Profiles\arjcf6uj.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.170:C:\Documents and Settings\Nur\Application Data\Mozilla\Firefox\Profiles\arjcf6uj.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.171:C:\Documents and Settings\Nur\Application Data\Mozilla\Firefox\Profiles\arjcf6uj.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.172:C:\Documents and Settings\Nur\Application Data\Mozilla\Firefox\Profiles\arjcf6uj.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.173:C:\Documents and Settings\Nur\Application Data\Mozilla\Firefox\Profiles\arjcf6uj.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.174:C:\Documents and Settings\Nur\Application Data\Mozilla\Firefox\Profiles\arjcf6uj.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.175:C:\Documents and Settings\Nur\Application Data\Mozilla\Firefox\Profiles\arjcf6uj.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.176:C:\Documents and Settings\Nur\Application Data\Mozilla\Firefox\Profiles\arjcf6uj.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.177:C:\Documents and Settings\Nur\Application Data\Mozilla\Firefox\Profiles\arjcf6uj.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.178:C:\Documents and Settings\Nur\Application Data\Mozilla\Firefox\Profiles\arjcf6uj.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.179:C:\Documents and Settings\Nur\Application Data\Mozilla\Firefox\Profiles\arjcf6uj.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.180:C:\Documents and Settings\Nur\Application Data\Mozilla\Firefox\Profiles\arjcf6uj.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.181:C:\Documents and Settings\Nur\Application Data\Mozilla\Firefox\Profiles\arjcf6uj.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.182:C:\Documents and Settings\Nur\Application Data\Mozilla\Firefox\Profiles\arjcf6uj.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.183:C:\Documents and Settings\Nur\Application Data\Mozilla\Firefox\Profiles\arjcf6uj.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.184:C:\Documents and Settings\Nur\Application Data\Mozilla\Firefox\Profiles\arjcf6uj.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.185:C:\Documents and Settings\Nur\Application Data\Mozilla\Firefox\Profiles\arjcf6uj.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.201:C:\Documents and Settings\Nur\Application Data\Mozilla\Firefox\Profiles\arjcf6uj.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup
:mozilla.203:C:\Documents and Settings\Nur\Application Data\Mozilla\Firefox\Profiles\arjcf6uj.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup
:mozilla.204:C:\Documents and Settings\Nur\Application Data\Mozilla\Firefox\Profiles\arjcf6uj.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup
:mozilla.205:C:\Documents and Settings\Nur\Application Data\Mozilla\Firefox\Profiles\arjcf6uj.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup
:mozilla.206:C:\Documents and Settings\Nur\Application Data\Mozilla\Firefox\Profiles\arjcf6uj.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup
:mozilla.207:C:\Documents and Settings\Nur\Application Data\Mozilla\Firefox\Profiles\arjcf6uj.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup
:mozilla.208:C:\Documents and Settings\Nur\Application Data\Mozilla\Firefox\Profiles\arjcf6uj.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.209:C:\Documents and Settings\Nur\Application Data\Mozilla\Firefox\Profiles\arjcf6uj.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.210:C:\Documents and Settings\Nur\Application Data\Mozilla\Firefox\Profiles\arjcf6uj.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.211:C:\Documents and Settings\Nur\Application Data\Mozilla\Firefox\Profiles\arjcf6uj.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.215:C:\Documents and Settings\Nur\Application Data\Mozilla\Firefox\Profiles\arjcf6uj.default\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup
:mozilla.216:C:\Documents and Settings\Nur\Application Data\Mozilla\Firefox\Profiles\arjcf6uj.default\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup
:mozilla.269:C:\Documents and Settings\Nur\Application Data\Mozilla\Firefox\Profiles\arjcf6uj.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.274:C:\Documents and Settings\Nur\Application Data\Mozilla\Firefox\Profiles\arjcf6uj.default\cookies.txt -> TrackingCookie.Centrport : Cleaned with backup
:mozilla.287:C:\Documents and Settings\Nur\Application Data\Mozilla\Firefox\Profiles\arjcf6uj.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.288:C:\Documents and Settings\Nur\Application Data\Mozilla\Firefox\Profiles\arjcf6uj.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.300:C:\Documents and Settings\Nur\Application Data\Mozilla\Firefox\Profiles\arjcf6uj.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.301:C:\Documents and Settings\Nur\Application Data\Mozilla\Firefox\Profiles\arjcf6uj.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.302:C:\Documents and Settings\Nur\Application Data\Mozilla\Firefox\Profiles\arjcf6uj.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.303:C:\Documents and Settings\Nur\Application Data\Mozilla\Firefox\Profiles\arjcf6uj.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.305:C:\Documents and Settings\Nur\Application Data\Mozilla\Firefox\Profiles\arjcf6uj.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup
:mozilla.306:C:\Documents and Settings\Nur\Application Data\Mozilla\Firefox\Profiles\arjcf6uj.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup
:mozilla.324:C:\Documents and Settings\Nur\Application Data\Mozilla\Firefox\Profiles\arjcf6uj.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.403:C:\Documents and Settings\Nur\Application Data\Mozilla\Firefox\Profiles\arjcf6uj.default\cookies.txt -> TrackingCookie.Hotlog : Cleaned with backup
:mozilla.512:C:\Documents and Settings\Nur\Application Data\Mozilla\Firefox\Profiles\arjcf6uj.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.513:C:\Documents and Settings\Nur\Application Data\Mozilla\Firefox\Profiles\arjcf6uj.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.554:C:\Documents and Settings\Nur\Application Data\Mozilla\Firefox\Profiles\arjcf6uj.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.564:C:\Documents and Settings\Nur\Application Data\Mozilla\Firefox\Profiles\arjcf6uj.default\cookies.txt -> TrackingCookie.Paycounter : Cleaned with backup
:mozilla.566:C:\Documents and Settings\Nur\Application Data\Mozilla\Firefox\Profiles\arjcf6uj.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.591:C:\Documents and Settings\Nur\Application Data\Mozilla\Firefox\Profiles\arjcf6uj.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.592:C:\Documents and Settings\Nur\Application Data\Mozilla\Firefox\Profiles\arjcf6uj.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.600:C:\Documents and Settings\Nur\Application Data\Mozilla\Firefox\Profiles\arjcf6uj.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.601:C:\Documents and Settings\Nur\Application Data\Mozilla\Firefox\Profiles\arjcf6uj.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.602:C:\Documents and Settings\Nur\Application Data\Mozilla\Firefox\Profiles\arjcf6uj.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.605:C:\Documents and Settings\Nur\Application Data\Mozilla\Firefox\Profiles\arjcf6uj.default\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup
:mozilla.606:C:\Documents and Settings\Nur\Application Data\Mozilla\Firefox\Profiles\arjcf6uj.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.622:C:\Documents and Settings\Nur\Application Data\Mozilla\Firefox\Profiles\arjcf6uj.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.623:C:\Documents and Settings\Nur\Application Data\Mozilla\Firefox\Profiles\arjcf6uj.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.624:C:\Documents and Settings\Nur\Application Data\Mozilla\Firefox\Profiles\arjcf6uj.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.625:C:\Documents and Settings\Nur\Application Data\Mozilla\Firefox\Profiles\arjcf6uj.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.626:C:\Documents and Settings\Nur\Application Data\Mozilla\Firefox\Profiles\arjcf6uj.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.648:C:\Documents and Settings\Nur\Application Data\Mozilla\Firefox\Profiles\arjcf6uj.default\cookies.txt -> TrackingCookie.Spylog : Cleaned with backup
:mozilla.649:C:\Documents and Settings\Nur\Application Data\Mozilla\Firefox\Profiles\arjcf6uj.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.650:C:\Documents and Settings\Nur\Application Data\Mozilla\Firefox\Profiles\arjcf6uj.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.651:C:\Documents and Settings\Nur\Application Data\Mozilla\Firefox\Profiles\arjcf6uj.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.652:C:\Documents and Settings\Nur\Application Data\Mozilla\Firefox\Profiles\arjcf6uj.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.653:C:\Documents and Settings\Nur\Application Data\Mozilla\Firefox\Profiles\arjcf6uj.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.654:C:\Documents and Settings\Nur\Application Data\Mozilla\Firefox\Profiles\arjcf6uj.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.655:C:\Documents and Settings\Nur\Application Data\Mozilla\Firefox\Profiles\arjcf6uj.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.656:C:\Documents and Settings\Nur\Application Data\Mozilla\Firefox\Profiles\arjcf6uj.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.657:C:\Documents and Settings\Nur\Application Data\Mozilla\Firefox\Profiles\arjcf6uj.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.658:C:\Documents and Settings\Nur\Application Data\Mozilla\Firefox\Profiles\arjcf6uj.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.659:C:\Documents and Settings\Nur\Application Data\Mozilla\Firefox\Profiles\arjcf6uj.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.660:C:\Documents and Settings\Nur\Application Data\Mozilla\Firefox\Profiles\arjcf6uj.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.661:C:\Documents and Settings\Nur\Application Data\Mozilla\Firefox\Profiles\arjcf6uj.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.662:C:\Documents and Settings\Nur\Application Data\Mozilla\Firefox\Profiles\arjcf6uj.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.663:C:\Documents and Settings\Nur\Application Data\Mozilla\Firefox\Profiles\arjcf6uj.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.664:C:\Documents and Settings\Nur\Application Data\Mozilla\Firefox\Profiles\arjcf6uj.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.665:C:\Documents and Settings\Nur\Application Data\Mozilla\Firefox\Profiles\arjcf6uj.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.666:C:\Documents and Settings\Nur\Application Data\Mozilla\Firefox\Profiles\arjcf6uj.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.667:C:\Documents and Settings\Nur\Application Data\Mozilla\Firefox\Profiles\arjcf6uj.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.668:C:\Documents and Settings\Nur\Application Data\Mozilla\Firefox\Profiles\arjcf6uj.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.669:C:\Documents and Settings\Nur\Application Data\Mozilla\Firefox\Profiles\arjcf6uj.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.670:C:\Documents and Settings\Nur\Application Data\Mozilla\Firefox\Profiles\arjcf6uj.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.671:C:\Documents and Settings\Nur\Application Data\Mozilla\Firefox\Profiles\arjcf6uj.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.672:C:\Documents and Settings\Nur\Application Data\Mozilla\Firefox\Profiles\arjcf6uj.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.673:C:\Documents and Settings\Nur\Application Data\Mozilla\Firefox\Profiles\arjcf6uj.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.674:C:\Documents and Settings\Nur\Application Data\Mozilla\Firefox\Profiles\arjcf6uj.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.675:C:\Documents and Settings\Nur\Application Data\Mozilla\Firefox\Profiles\arjcf6uj.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.676:C:\Documents and Settings\Nur\Application Data\Mozilla\Firefox\Profiles\arjcf6uj.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.677:C:\Documents and Settings\Nur\Application Data\Mozilla\Firefox\Profiles\arjcf6uj.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.693:C:\Documents and Settings\Nur\Application Data\Mozilla\Firefox\Profiles\arjcf6uj.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.694:C:\Documents and Settings\Nur\Application Data\Mozilla\Firefox\Profiles\arjcf6uj.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.712:C:\Documents and Settings\Nur\Application Data\Mozilla\Firefox\Profiles\arjcf6uj.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup
:mozilla.713:C:\Documents and Settings\Nur\Application Data\Mozilla\Firefox\Profiles\arjcf6uj.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.714:C:\Documents and Settings\Nur\Application Data\Mozilla\Firefox\Profiles\arjcf6uj.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.737:C:\Documents and Settings\Nur\Application Data\Mozilla\Firefox\Profiles\arjcf6uj.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup
:mozilla.753:C:\Documents and Settings\Nur\Application Data\Mozilla\Firefox\Profiles\arjcf6uj.default\cookies.txt -> TrackingCookie.Weborama : Cleaned with backup
:mozilla.754:C:\Documents and Settings\Nur\Application Data\Mozilla\Firefox\Profiles\arjcf6uj.default\cookies.txt -> TrackingCookie.Weborama : Cleaned with backup
:mozilla.785:C:\Documents and Settings\Nur\Application Data\Mozilla\Firefox\Profiles\arjcf6uj.default\cookies.txt -> TrackingCookie.Yadro : Cleaned with backup
:mozilla.788:C:\Documents and Settings\Nur\Application Data\Mozilla\Firefox\Profiles\arjcf6uj.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.789:C:\Documents and Settings\Nur\Application Data\Mozilla\Firefox\Profiles\arjcf6uj.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.790:C:\Documents and Settings\Nur\Application Data\Mozilla\Firefox\Profiles\arjcf6uj.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.791:C:\Documents and Settings\Nur\Application Data\Mozilla\Firefox\Profiles\arjcf6uj.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.792:C:\Documents and Settings\Nur\Application Data\Mozilla\Firefox\Profiles\arjcf6uj.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.840:C:\Documents and Settings\Nur\Application Data\Mozilla\Firefox\Profiles\arjcf6uj.default\cookies.txt -> TrackingCookie.Counted : Cleaned with backup
:mozilla.844:C:\Documents and Settings\Nur\Application Data\Mozilla\Firefox\Profiles\arjcf6uj.default\cookies.txt -> TrackingCookie.Enhance : Cleaned with backup
:mozilla.879:C:\Documents and Settings\Nur\Application Data\Mozilla\Firefox\Profiles\arjcf6uj.default\cookies.txt -> TrackingCookie.Masterstats : Cleaned with backup
:mozilla.905:C:\Documents and Settings\Nur\Application Data\Mozilla\Firefox\Profiles\arjcf6uj.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.906:C:\Documents and Settings\Nur\Application Data\Mozilla\Firefox\Profiles\arjcf6uj.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.907:C:\Documents and Settings\Nur\Application Data\Mozilla\Firefox\Profiles\arjcf6uj.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned with backup
:mozilla.914:C:\Documents and Settings\Nur\Application Data\Mozilla\Firefox\Profiles\arjcf6uj.default\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup
:mozilla.915:C:\Documents and Settings\Nur\Application Data\Mozilla\Firefox\Profiles\arjcf6uj.default\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup
:mozilla.916:C:\Documents and Settings\Nur\Application Data\Mozilla\Firefox\Profiles\arjcf6uj.default\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup
:mozilla.917:C:\Documents and Settings\Nur\Application Data\Mozilla\Firefox\Profiles\arjcf6uj.default\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup
:mozilla.918:C:\Documents and Settings\Nur\Application Data\Mozilla\Firefox\Profiles\arjcf6uj.default\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup
:mozilla.919:C:\Documents and Settings\Nur\Application Data\Mozilla\Firefox\Profiles\arjcf6uj.default\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup
:mozilla.928:C:\Documents and Settings\Nur\Application Data\Mozilla\Firefox\Profiles\arjcf6uj.default\cookies.txt -> TrackingCookie.Cqcounter : Cleaned with backup
:mozilla.937:C:\Documents and Settings\Nur\Application Data\Mozilla\Firefox\Profiles\arjcf6uj.default\cookies.txt -> TrackingCookie.Realtracker : Cleaned with backup
:mozilla.938:C:\Documents and Settings\Nur\Application Data\Mozilla\Firefox\Profiles\arjcf6uj.default\cookies.txt -> TrackingCookie.Realtracker : Cleaned with backup
C:\Documents and Settings\Nur\Cookies\nur@revenue[2].txt -> TrackingCookie.Revenue : Cleaned with backup
C:\WINDOWS\Temp\win1D3E.tmp.exe -> Downloader.IstBar.eq : Cleaned with backup


::Report End

here is findlop.txt

[TRACE] Enumerating jobs and queues
[TRACE] Activating job 'A894FE0591877479.job'
[TRACE] Printing all job properties

ApplicationName: 'c:\docume~1\nur\applic~1\bendme~1\rule proc dog.exe'
Parameters: ''
WorkingDirectory: ''
Comment: ''
Creator: 'Nur'
Priority: NORMAL
MaxRunTime: 259200000 (3d 0:00:00)
IdleWait: 10
IdleDeadline: 60
MostRecentRun: 00/00/0000 0:00:00
NextRun: 05/29/2006 18:00:00
StartError: SCHED_S_TASK_HAS_NOT_RUN
ExitCode: 0
Status: SCHED_S_TASK_HAS_NOT_RUN
ScheduledWorkItem Flags:
DeleteWhenDone = 0
Suspend = 0
StartOnlyIfIdle = 0
KillOnIdleEnd = 0
RestartOnIdleResume = 0
DontStartIfOnBatteries = 0
KillIfGoingOnBatteries = 0
RunOnlyIfLoggedOn = 1
SystemRequired = 0
Hidden = 1
TaskFlags: 0

1 Trigger

Trigger 0:
Type: Daily
DaysInterval: 1
StartDate: 06/09/1995
EndDate: 00/00/0000
StartTime: 00:00
MinutesDuration: 1440
MinutesInterval: 60
Flags:
HasEndDate = 0
KillAtDuration = 0
Disabled = 0

here is HijackThis

Logfile of HijackThis v1.99.1
Scan saved at 18:02:45, on 29.05.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Billionton\Bluetooth Software\bin\btwdins.exe
C:\Program Files\cFosSpeed\spd.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dns\bin\named.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\PROGRA~1\PHILIP~1\VProperty.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\cFosSpeed\cFosSpeed.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\HJT\HijackThis_v1.99.1.exe

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [ToUcamVProperty] C:\PROGRA~1\PHILIP~1\VProperty.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [cFosSpeed] C:\Program Files\cFosSpeed\cFosSpeed.exe
O4 - HKLM\..\Run: [CloneDVDElbyDelay] "C:\Program Files\Elaborate Bytes\CloneDVD\ElbyCheck.exe" /L ElbyDelay
O4 - HKLM\..\Run: [ElbyCheckAnyDVD] "C:\Program Files\SlySoft\AnyDVD\ElbyCheck.exe" /L AnyDVD
O4 - HKLM\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp3\winampa.exe"
O4 - HKLM\..\Run: [errorkiller] "C:\Program Files\errorkiller\errorkiller.exe" -boot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Microsoft Excel'e Gö&nder - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\Billionton\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Billionton\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Billionton\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{305CB6AE-B27B-466D-A3F1-D62EF57AE6E2}: NameServer = 127.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{5B75B616-4C16-4D31-B8D1-0BC5FDEA8442}: NameServer = 127.0.0.1,10.0.0.2
O17 - HKLM\System\CCS\Services\Tcpip\..\{7D9B9A41-285D-40D6-ADBF-6BC58063E829}: NameServer = 127.0.0.1,10.0.0.2
O17 - HKLM\System\CS1\Services\Tcpip\..\{305CB6AE-B27B-466D-A3F1-D62EF57AE6E2}: NameServer = 127.0.0.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{305CB6AE-B27B-466D-A3F1-D62EF57AE6E2}: NameServer = 127.0.0.1
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: talkto - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winwea32 - C:\WINDOWS\SYSTEM32\winwea32.dll
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\Billionton\Bluetooth Software\bin\btwdins.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: cFosSpeed System Service (cFosSpeedS) - Unknown owner - C:\Program Files\cFosSpeed\spd.exe" -service (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: twdns - Unknown owner - C:\WINDOWS\system32\dns\bin\named.exe

P.S. i am still recieving those pop-up windows :( even while i was in safe mode and even in scaning ewido and after ewido :(
[ + quote]
znurtedik
Newbie
_ 		29. May 2006 @ 08:36 _ Link to this message    Send private message to this user   
Lastest News

avast! anti virus program deleted winwea32.dll since virus scan no pop-up windows recieved!

Thank you very much for your help JaPK

regards
[ + quote]
JaPK
Senior Member
_ 		29. May 2006 @ 10:04 _ Link to this message    Send private message to this user   
@znurtedik:

Ok good, almost clean...

Download Killbox to your desktop -> http://www.downloads.subratam.org/KillBox.zip
Unzip it to your desktop.

Run Killbox.exe
-> Choose Delete on Reboot
-> Click All Files option.

Copy the following lines to your clipboard (choose text with your mouse, press CTRL+C or copy)

c:\windows\tasks\A894FE0591877479.job

Then go back to Killbox
-> go to File
-> choose Paste from Clipboard
-> Click the red-white Delete File option.
-> Click Yes to Delete on Reboot question
-> Click OK to any PendingFileRenameOperations requests (and tell me if you get any of these!)
-> Restart your computer if Killbox won't do it.

(If you get this error when running Killbox: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid.", download Missingfilessetup.exe form here to your desktop and run the file, then try running killbox -> http://www.eudaemonia.me.uk/downloads/Files/missingfilesetup.exe)

Then run the Findlop again.

Post the following logs to here:
-> a fresh HijackThis log
-> contents of C:\findlop.txt
[ + quote]
I have moved from AD, I won''t be taking new HijackThis logs from here. Reason: The AD''s Unsupportive athmosphere.

This message has been edited since posting. Last time this message was edited on 29. May 2006 @ 10:05
znurtedik
Newbie
_ 		29. May 2006 @ 15:23 _ Link to this message    Send private message to this user   
Hello again.. i did everything without having problems.. :)

HijackThis

Logfile of HijackThis v1.99.1
Scan saved at 02:18:04, on 30.05.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Billionton\Bluetooth Software\bin\btwdins.exe
C:\Program Files\cFosSpeed\spd.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\PROGRA~1\PHILIP~1\VProperty.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\cFosSpeed\cFosSpeed.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dns\bin\named.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HJT\HijackThis_v1.99.1.exe

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [ToUcamVProperty] C:\PROGRA~1\PHILIP~1\VProperty.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [cFosSpeed] C:\Program Files\cFosSpeed\cFosSpeed.exe
O4 - HKLM\..\Run: [CloneDVDElbyDelay] "C:\Program Files\Elaborate Bytes\CloneDVD\ElbyCheck.exe" /L ElbyDelay
O4 - HKLM\..\Run: [ElbyCheckAnyDVD] "C:\Program Files\SlySoft\AnyDVD\ElbyCheck.exe" /L AnyDVD
O4 - HKLM\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp3\winampa.exe"
O4 - HKLM\..\Run: [errorkiller] "C:\Program Files\errorkiller\errorkiller.exe" -boot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Microsoft Excel'e Gö&nder - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\Billionton\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Billionton\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Billionton\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{305CB6AE-B27B-466D-A3F1-D62EF57AE6E2}: NameServer = 127.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{5B75B616-4C16-4D31-B8D1-0BC5FDEA8442}: NameServer = 127.0.0.1,10.0.0.2
O17 - HKLM\System\CCS\Services\Tcpip\..\{7D9B9A41-285D-40D6-ADBF-6BC58063E829}: NameServer = 127.0.0.1,10.0.0.2
O17 - HKLM\System\CS1\Services\Tcpip\..\{305CB6AE-B27B-466D-A3F1-D62EF57AE6E2}: NameServer = 127.0.0.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{305CB6AE-B27B-466D-A3F1-D62EF57AE6E2}: NameServer = 127.0.0.1
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: talkto - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\Billionton\Bluetooth Software\bin\btwdins.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: cFosSpeed System Service (cFosSpeedS) - Unknown owner - C:\Program Files\cFosSpeed\spd.exe" -service (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: twdns - Unknown owner - C:\WINDOWS\system32\dns\bin\named.exe

findlop

[TRACE] Enumerating jobs and queues

regards
[ + quote]
JaPK
Senior Member
_ 		30. May 2006 @ 03:22 _ Link to this message    Send private message to this user   
Hi znurtedik, you're looking clean, are you having any problems?

You should install a firewall...


You have an outdated Java, the latest version is 1.5.0 update 7 and you're having 1.5.0 update 6

So we are going to update your Java because the old version has all kinds of vulnerabilities:

1. Click "Start" -> "Control Panel" and double-click "Java" icon (coffee cup)
2. Move to "Update" tab and update Java by clicking "Update Now".
3. Do a restart.

4. If you can't make automatic update, get new version manually from here -> http://www.java.com/en/download/manual.jsp
5. Remove the old Java from the Control Panel -> Add/Remove Programs if still found, it should be named like this J2SE Runtime Environment 5.0 Update 6


Now that you're clean, here are some tips how to stay clean.

-> Stand Up and Be Counted, Malware Complaints -> http://www.malwarecomplaints.info
The site offers people who have been (or are) victims of malware the opportunity to document their story and, in that way, launch a complaint against the malware and the makers of the malware.

-> Clear your system restore -> http://www.microsoft.com/windowsxp/using/helpandsupport/learnmore...
This will clear the system restore folders from possible malware that was left behind during the cleaning process. Remember to create a new restore point after the cleaning.

-> Use CCleaner -> http://www.ccleaner.com
Download and install CCleaner. Clean your registry and temporary files with it regularly.

-> Use Ad-Aware -> http://www.bleepingcomputer.com/forums/?showtutorial=48
Download and install Ad-Aware. Update it and scan your computer regularly with it.

-> Use Ewido -> http://www.ewido.net/en
Download and install Ewido. Update it and scan your computer regularly with it.

-> Install SpywareBlaster -> http://www.javacoolsoftware.com/spywareblaster.html
SpywareBlaster will prevent spyware from being installed to your computer.

-> Install MVPS Hosts file -> http://mvps.org/winhelp2002/hosts.htm
This prevents your computer from connecting to harmful sites.

-> Change your browser to Firefox -> http://www.mozilla.org
Firefox is faster, safer and quicker browser than Internet Explorer.

-> Keep your systen up-to-date -> http://windowsupdate.microsoft.com
Visit Windows Update regularly.

-> Keep your antivirus and firewall up-to-date
Scan your computer regularly with your antivirus.

-> Read this article by TonyKlein -> http://castlecops.com/postlite7736-.html
So how did I get infected in the first place?

Stay clean ;)
[ + quote]
I have moved from AD, I won''t be taking new HijackThis logs from here. Reason: The AD''s Unsupportive athmosphere.

This message has been edited since posting. Last time this message was edited on 30. May 2006 @ 03:23
znurtedik
Newbie
_ 		30. May 2006 @ 09:27 _ Link to this message    Send private message to this user   
Hello.. i am going to download a firewall just now.. :) since that winwea32.dll is gone no pop-up windows are coming and if you say it is clean this time i trust you, man you are an expert :)
thank you very much JaPK

p.s. : about java when i tried to download,it is still giving update 6
[ + quote]
JaPK
Senior Member
_ 		30. May 2006 @ 11:19 _ Link to this message    Send private message to this user   
Ok you're welcome, it is nice to hear that I could help :)

And that Java...update 7 was just released few days ago so they propably haven't updated the site yet...Here is a another site where you can download the latest version -> http://java.sun.com/j2se/1.5.0/download.jsp

Or then you can wait so the update comes available to internal updater, it propably takes some days...
[ + quote]
I have moved from AD, I won''t be taking new HijackThis logs from here. Reason: The AD''s Unsupportive athmosphere.

This message has been edited since posting. Last time this message was edited on 30. May 2006 @ 11:21
Nainy
Newbie
_ 		2. June 2006 @ 17:40 _ Link to this message    Send private message to this user   
i have now started to get the same problems i first got some unknown software installed called yazzle something and then once i deleted it 2 pop ups started come ULWindowSeek and ULWindowUrl i think. i tried to follow the instructions and then got lost please help me they are very annoying
[ + quote]
BunkrKing
Newbie
_ 		2. June 2006 @ 20:29 _ Link to this message    Send private message to this user   
Hey guys. I'm having a similar problem with the UlWindow pop-ups and such. I really hope you guys can help me out. Here are my SmitFraudFix and HiJackThis logs.

SmitFraudFix v2.53

Scan done at 0:11:16.71, Sat 06/03/2006
Run from C:\Documents and Settings\joe\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix ran in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

C:\WINDOWS\system32\atmclk.exe FOUND !
C:\WINDOWS\system32\dcomcfg.exe FOUND !
C:\WINDOWS\system32\hp???.tmp FOUND !
C:\WINDOWS\system32\hp????.tmp FOUND !
C:\WINDOWS\system32\ld????.tmp FOUND !
C:\WINDOWS\system32\ot.ico FOUND !
C:\WINDOWS\system32\regperf.exe FOUND !
C:\WINDOWS\system32\simpole.tlb FOUND !
C:\WINDOWS\system32\stdole3.tlb FOUND !
C:\WINDOWS\system32\ts.ico FOUND !
C:\WINDOWS\system32\1024\ FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\joe\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\JOEKIC~2.JOS\FAVORI~1

C:\DOCUME~1\JOEKIC~2.JOS\FAVORI~1\Antivirus Test Online.url FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{aea3d2df-2b2c-4d7b-81a0-d975c6dc088e}"="alongshore"

[HKEY_CLASSES_ROOT\CLSID\{aea3d2df-2b2c-4d7b-81a0-d975c6dc088e}\InProcServer32]
@="C:\WINDOWS\system32\yhbdupd.dll"

[HKEY_CURRENT_USER\Software\Classes\CLSID\{aea3d2df-2b2c-4d7b-81a0-d975c6dc088e}\InProcServer32]
@="C:\WINDOWS\system32\yhbdupd.dll"


»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End

And my HiJackThis log:

Logfile of HijackThis v1.99.1
Scan saved at 12:12:18 AM, on 6/3/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
C:\Program Files\Pure Networks\Router Service\pnroutsv.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\VetMsg.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust Anti-Spam\QSP-4.0.380.0\QOELoader.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVRID.exe
C:\WINDOWS\system32\fb86dadf.exe
C:\WINDOWS\system32\lexpps.exe
C:\WINDOWS\SMANTE~1\wuauboot.exe
C:\WINDOWS\?racle\?vchost.exe
C:\WINDOWS\system32\dcomcfg.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\atmclk.exe
C:\WINDOWS\notepad.exe
C:\Documents and Settings\joe\My Documents\download\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = prosearching.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = prosearching.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = prosearching.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = prosearching.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = prosearching.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = prosearching.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = prosearching.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = prosearching.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = prosearching.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = prosearching.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page_bak = prosearching.com
O2 - BHO: Nothing - {6ab7158b-4bff-4160-ad7d-4d622df548cf} - C:\WINDOWS\system32\hp100.tmp
O4 - HKLM\..\Run: [CaISSDT] "C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe"
O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust Anti-Spam\QSP-4.0.380.0\QOELoader.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [fb86dadf.exe] C:\WINDOWS\system32\fb86dadf.exe
O4 - HKLM\..\RunOnce: [AAW] "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe" "+b1"
O4 - HKCU\..\Run: [VoipBuster] "C:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe" -nosplash -minimized
O4 - HKCU\..\Run: [Alba] "C:\WINDOWS\SMANTE~1\wuauboot.exe" -vt ndrv
O4 - HKCU\..\Run: [Bkzjypmv] C:\WINDOWS\?racle\?vchost.exe
O4 - HKCU\..\Run: [fb86dadf.exe] C:\Documents and Settings\joe\Local Settings\Application Data\fb86dadf.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .PDF: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O18 - Protocol: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\puresp.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winqvn32 - C:\WINDOWS\SYSTEM32\winqvn32.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Bluetooth Service (btwdins) - Unknown owner - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Pure Networks Network Magic Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
O23 - Service: Pure Networks Router Manager (pnrouter) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Router Service\pnroutsv.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\VetMsg.exe

Thanks guys.
[ + quote]

This message has been edited since posting. Last time this message was edited on 2. June 2006 @ 20:39
JaPK
Senior Member
_ 		2. June 2006 @ 21:53 _ Link to this message    Send private message to this user   
@Nainy

Hi Nainy, please post a HijackThis log to here.

Intructions for posting -> http://forums.afterdawn.com/thread_view.cfm/263784
(steps 3-5)
--------------------------------------------------------------------------------------------------------------------------------------------

@BunkrKing

Ok, you got some infections on your computer....

You don't have a firewall on your computer. Download and install one firewall.

These are good (free) firewalls:
ZoneAlarm --> http://www.zonelabs.com
Kerio--> http://www.sunbelt-software.com/Kerio.cfm
Outpost-> http://www.agnitum.com

Cleaning instructions:

Download and install Ewido anti-malware -> http://www.ewido.net/en/download
Update it, but do NOT run a scan yet. We'll use it later.

Go to Control Panel -> Add/Remove programs -> Remove PuritySCAN By OIN, OuterInfo, OIN or similar if found

If you can't find those from the list, download this uninstaller to your desktop -> http://www.outerinfo.com/OiUninstaller.exe
Then run the uninstaller, here is the guide if needed -> http://www.outerinfo.com/howto.html

Run HijackThis. Press Do a system scan only, then close all other windows, checkmark the following entries and press Fix checked

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = prosearching.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = prosearching.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = prosearching.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = prosearching.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = prosearching.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = prosearching.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = prosearching.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = prosearching.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = prosearching.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = prosearching.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page_bak = prosearching.com
O4 - HKLM\..\Run: [fb86dadf.exe] C:\WINDOWS\system32\fb86dadf.exe
O4 - HKCU\..\Run: [fb86dadf.exe] C:\Documents and Settings\joe\Local Settings\Application Data\fb86dadf.exe
O20 - Winlogon Notify: winqvn32 - C:\WINDOWS\SYSTEM32\winqvn32.dll

Make your hidden files visible -> http://www.bleepingcomputer.com/tutorials/tutorial62.html
Restart your computer to the safemode -> http://www.pchell.com/support/safemode.shtml

Delete these folders (if found):
C:\Program Files\PurityScan

Delete these files (if found):
C:\WINDOWS\system32\fb86dadf.exe
C:\Documents and Settings\joe\Local Settings\Application Data\fb86dadf.exe
C:\WINDOWS\SYSTEM32\winqvn32.dll

When in safemode, open SmitfraudFix folder and doubleclick the file smitfraudfix.cmd
Choose option #2 - Clean by typing 2 and pressing "Enter" in order to remove the infected files.

You are asked: "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove your desktop wallpaper and the infected registry keys.

The tool checks if wininet.dll file is infected. You might be asked to replace the infected .dll (if found); answer "Yes" by typing Y and press "Enter".

The tool might have to restart your computer; if it won't do it, restart your computer back to normal mode.
A textfile will appear after the cleaning process, copy this file and paste it to here.

Tha log is saved to your local diskdrive, usually C:\rapport.txt.

Warning : Running option 2 in a clean computer will delete your desktop wallpaper.

Scan and clean your computer with Ewido and save the report.

Clean the Recycle bin and make your hidden files visible again.

Restart your computer normally.

Post the following logs to here:
-> a fresh HijackThis log
-> Ewido's log
-> contents of C:\rapport.txt
[ + quote]
I have moved from AD, I won''t be taking new HijackThis logs from here. Reason: The AD''s Unsupportive athmosphere.
BunkrKing
Newbie
_ 		3. June 2006 @ 10:55 _ Link to this message    Send private message to this user   
Well I did everything you said. I was only able to delete 2 of the files you told me to though. Both fb86dadf.exe's are gone however the winqvn.dll wouldn't delete. It said it was protected or in use. Anyway, here are the logs you asked for:


Logfile of HijackThis v1.99.1
Scan saved at 2:59:57 PM, on 6/3/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
C:\Program Files\Pure Networks\Router Service\pnroutsv.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\VetMsg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust Anti-Spam\QSP-4.0.380.0\QOELoader.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVRID.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\joe kicinski.JOSEPH-NGM5HN2C\My Documents\download\HijackThis.exe

O2 - BHO: Nothing - {6ab7158b-4bff-4160-ad7d-4d622df548cf} - C:\WINDOWS\system32\hp100.tmp (file missing)
O4 - HKLM\..\Run: [CaISSDT] "C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe"
O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust Anti-Spam\QSP-4.0.380.0\QOELoader.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVRID.exe"
O4 - HKCU\..\Run: [VoipBuster] "C:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe" -nosplash -minimized
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .PDF: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O18 - Protocol: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\puresp.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winqvn32 - winqvn32.dll (file missing)
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Bluetooth Service (btwdins) - Unknown owner - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Pure Networks Network Magic Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
O23 - Service: Pure Networks Router Manager (pnrouter) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Router Service\pnroutsv.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\VetMsg.exe


---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 2:47:33 PM, 6/3/2006
+ Report-Checksum: 852E7D0C

+ Scan result:

[836] C:\WINDOWS\system32\winqvn32.dll -> Trojan.Agent.qt : Cleaned with backup
:mozilla.8:C:\Documents and Settings\andrew kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.iv5\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.9:C:\Documents and Settings\andrew kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.iv5\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.10:C:\Documents and Settings\andrew kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.iv5\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.11:C:\Documents and Settings\andrew kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.iv5\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.12:C:\Documents and Settings\andrew kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.iv5\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.18:C:\Documents and Settings\andrew kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.iv5\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup
:mozilla.29:C:\Documents and Settings\andrew kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.iv5\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.39:C:\Documents and Settings\andrew kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.iv5\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.40:C:\Documents and Settings\andrew kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.iv5\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.41:C:\Documents and Settings\andrew kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.iv5\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.42:C:\Documents and Settings\andrew kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.iv5\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.43:C:\Documents and Settings\andrew kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.iv5\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.56:C:\Documents and Settings\andrew kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.iv5\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.71:C:\Documents and Settings\andrew kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.iv5\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.74:C:\Documents and Settings\andrew kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.iv5\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup
:mozilla.75:C:\Documents and Settings\andrew kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.iv5\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup
:mozilla.116:C:\Documents and Settings\andrew kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.iv5\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.117:C:\Documents and Settings\andrew kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.iv5\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.183:C:\Documents and Settings\andrew kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.iv5\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.184:C:\Documents and Settings\andrew kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.iv5\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.186:C:\Documents and Settings\andrew kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.iv5\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.187:C:\Documents and Settings\andrew kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.iv5\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.189:C:\Documents and Settings\andrew kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.iv5\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.307:C:\Documents and Settings\andrew kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.iv5\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
C:\Documents and Settings\andrew kicinski.JOSEPH-NGM5HN2C\Cookies\andrew kicinski@ads.realcastmedia[2].txt -> TrackingCookie.Realcastmedia : Cleaned with backup
C:\Documents and Settings\andrew kicinski.JOSEPH-NGM5HN2C\Cookies\andrew kicinski@bfast[1].txt -> TrackingCookie.Bfast : Cleaned with backup
C:\Documents and Settings\andrew kicinski.JOSEPH-NGM5HN2C\Cookies\andrew kicinski@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.18:C:\Documents and Settings\fran kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.noj\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.19:C:\Documents and Settings\fran kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.noj\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.20:C:\Documents and Settings\fran kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.noj\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.21:C:\Documents and Settings\fran kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.noj\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.22:C:\Documents and Settings\fran kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.noj\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.29:C:\Documents and Settings\fran kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.noj\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.40:C:\Documents and Settings\fran kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.noj\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.41:C:\Documents and Settings\fran kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.noj\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.42:C:\Documents and Settings\fran kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.noj\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.43:C:\Documents and Settings\fran kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.noj\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.50:C:\Documents and Settings\fran kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.noj\cookies.txt -> TrackingCookie.Coremetrics : Cleaned with backup
:mozilla.51:C:\Documents and Settings\fran kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.noj\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.52:C:\Documents and Settings\fran kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.noj\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.66:C:\Documents and Settings\fran kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.noj\cookies.txt -> TrackingCookie.Bfast : Cleaned with backup
:mozilla.79:C:\Documents and Settings\fran kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.noj\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.80:C:\Documents and Settings\fran kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.noj\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.81:C:\Documents and Settings\fran kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.noj\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.82:C:\Documents and Settings\fran kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.noj\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.97:C:\Documents and Settings\fran kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.noj\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.98:C:\Documents and Settings\fran kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.noj\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.99:C:\Documents and Settings\fran kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.noj\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.100:C:\Documents and Settings\fran kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.noj\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.101:C:\Documents and Settings\fran kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.noj\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.102:C:\Documents and Settings\fran kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.noj\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.123:C:\Documents and Settings\fran kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.noj\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.124:C:\Documents and Settings\fran kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.noj\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.125:C:\Documents and Settings\fran kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.noj\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.126:C:\Documents and Settings\fran kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.noj\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.127:C:\Documents and Settings\fran kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.noj\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.133:C:\Documents and Settings\fran kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.noj\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.135:C:\Documents and Settings\fran kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.noj\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.139:C:\Documents and Settings\fran kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.noj\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.142:C:\Documents and Settings\fran kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.noj\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.147:C:\Documents and Settings\fran kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.noj\cookies.txt -> TrackingCookie.Coremetrics : Cleaned with backup
:mozilla.163:C:\Documents and Settings\fran kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.noj\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.165:C:\Documents and Settings\fran kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.noj\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.168:C:\Documents and Settings\fran kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.noj\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.171:C:\Documents and Settings\fran kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.noj\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.172:C:\Documents and Settings\fran kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.noj\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.173:C:\Documents and Settings\fran kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.noj\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.174:C:\Documents and Settings\fran kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.noj\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.175:C:\Documents and Settings\fran kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.noj\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.178:C:\Documents and Settings\fran kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.noj\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.179:C:\Documents and Settings\fran kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.noj\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.180:C:\Documents and Settings\fran kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.noj\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.183:C:\Documents and Settings\fran kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.noj\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.205:C:\Documents and Settings\fran kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.noj\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.206:C:\Documents and Settings\fran kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.noj\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.207:C:\Documents and Settings\fran kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.noj\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.208:C:\Documents and Settings\fran kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.noj\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.227:C:\Documents and Settings\fran kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.noj\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.228:C:\Documents and Settings\fran kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.noj\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.229:C:\Documents and Settings\fran kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.noj\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.230:C:\Documents and Settings\fran kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.noj\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.231:C:\Documents and Settings\fran kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.noj\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.232:C:\Documents and Settings\fran kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.noj\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.233:C:\Documents and Settings\fran kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.noj\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.244:C:\Documents and Settings\fran kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.noj\cookies.txt -> TrackingCookie.Bluestreak : Cleaned with backup
:mozilla.245:C:\Documents and Settings\fran kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.noj\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.271:C:\Documents and Settings\fran kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.noj\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.285:C:\Documents and Settings\fran kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.noj\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.286:C:\Documents and Settings\fran kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.noj\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.287:C:\Documents and Settings\fran kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.noj\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
:mozilla.288:C:\Documents and Settings\fran kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.noj\cookies.txt -> TrackingCookie.Hitslink : Cleaned with backup
:mozilla.289:C:\Documents and Settings\fran kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.noj\cookies.txt -> TrackingCookie.Hitslink : Cleaned with backup
:mozilla.290:C:\Documents and Settings\fran kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.noj\cookies.txt -> TrackingCookie.Hitslink : Cleaned with backup
:mozilla.291:C:\Documents and Settings\fran kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.noj\cookies.txt -> TrackingCookie.Hitslink : Cleaned with backup
:mozilla.326:C:\Documents and Settings\fran kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.noj\cookies.txt -> TrackingCookie.Aavalue : Cleaned with backup
:mozilla.327:C:\Documents and Settings\fran kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.noj\cookies.txt -> TrackingCookie.Aavalue : Cleaned with backup
:mozilla.328:C:\Documents and Settings\fran kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.noj\cookies.txt -> TrackingCookie.Aavalue : Cleaned with backup
:mozilla.329:C:\Documents and Settings\fran kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.noj\cookies.txt -> TrackingCookie.Aavalue : Cleaned with backup
:mozilla.330:C:\Documents and Settings\fran kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.noj\cookies.txt -> TrackingCookie.Aavalue : Cleaned with backup
:mozilla.331:C:\Documents and Settings\fran kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.noj\cookies.txt -> TrackingCookie.Aavalue : Cleaned with backup
:mozilla.332:C:\Documents and Settings\fran kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.noj\cookies.txt -> TrackingCookie.Aavalue : Cleaned with backup
:mozilla.333:C:\Documents and Settings\fran kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.noj\cookies.txt -> TrackingCookie.Aavalue : Cleaned with backup
:mozilla.334:C:\Documents and Settings\fran kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.noj\cookies.txt -> TrackingCookie.Aavalue : Cleaned with backup
:mozilla.704:C:\Documents and Settings\fran kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.noj\cookies.txt -> TrackingCookie.Web-stat : Cleaned with backup
C:\Documents and Settings\fran kicinski.JOSEPH-NGM5HN2C\Cookies\fran kicinski@ads.realcastmedia[1].txt -> TrackingCookie.Realcastmedia : Cleaned with backup
C:\Documents and Settings\fran kicinski.JOSEPH-NGM5HN2C\Cookies\fran kicinski@cpvfeed[1].txt -> TrackingCookie.Cpvfeed : Cleaned with backup
C:\Documents and Settings\fran kicinski.JOSEPH-NGM5HN2C\Cookies\fran kicinski@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\joe kicinski.JOSEPH-NGM5HN2C\Cookies\joe kicinski@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Cleaned with backup
C:\Documents and Settings\joe kicinski.JOSEPH-NGM5HN2C\Cookies\joe kicinski@ivwbox[2].txt -> TrackingCookie.Ivwbox : Cleaned with backup
C:\Documents and Settings\joe kicinski.JOSEPH-NGM5HN2C\Local Settings\Temp\Cookies\joe kicinski@cpvfeed[1].txt -> TrackingCookie.Cpvfeed : Cleaned with backup
C:\Documents and Settings\joe kicinski.JOSEPH-NGM5HN2C\My Documents\download\backups\backup-20060601-170657-472.dll -> Adware.MediaTickets : Cleaned with backup
C:\Documents and Settings\joe kicinski.JOSEPH-NGM5HN2C\My Documents\download\backups\backup-20060602-234552-418.dll -> Adware.MediaTickets : Cleaned with backup
:mozilla.7:C:\Documents and Settings\joseph kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.1of\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.8:C:\Documents and Settings\joseph kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.1of\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.15:C:\Documents and Settings\joseph kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.1of\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.31:C:\Documents and Settings\joseph kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.1of\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.32:C:\Documents and Settings\joseph kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.1of\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.33:C:\Documents and Settings\joseph kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.1of\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.34:C:\Documents and Settings\joseph kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.1of\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.35:C:\Documents and Settings\joseph kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.1of\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.36:C:\Documents and Settings\joseph kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.1of\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.37:C:\Documents and Settings\joseph kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.1of\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.38:C:\Documents and Settings\joseph kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.1of\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.39:C:\Documents and Settings\joseph kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.1of\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.40:C:\Documents and Settings\joseph kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.1of\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.41:C:\Documents and Settings\joseph kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.1of\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.42:C:\Documents and Settings\joseph kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.1of\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.63:C:\Documents and Settings\joseph kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.1of\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.64:C:\Documents and Settings\joseph kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.1of\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.65:C:\Documents and Settings\joseph kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.1of\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.67:C:\Documents and Settings\joseph kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.1of\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.70:C:\Documents and Settings\joseph kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.1of\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.71:C:\Documents and Settings\joseph kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.1of\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.72:C:\Documents and Settings\joseph kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.1of\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.73:C:\Documents and Settings\joseph kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.1of\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.74:C:\Documents and Settings\joseph kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.1of\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.75:C:\Documents and Settings\joseph kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.1of\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.76:C:\Documents and Settings\joseph kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.1of\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.77:C:\Documents and Settings\joseph kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.1of\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.78:C:\Documents and Settings\joseph kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.1of\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.79:C:\Documents and Settings\joseph kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.1of\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.81:C:\Documents and Settings\joseph kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.1of\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.82:C:\Documents and Settings\joseph kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.1of\cookies.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.83:C:\Documents and Settings\joseph kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.1of\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.84:C:\Documents and Settings\joseph kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.1of\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.85:C:\Documents and Settings\joseph kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.1of\cookies.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.113:C:\Documents and Settings\joseph kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.1of\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.114:C:\Documents and Settings\joseph kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.1of\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.115:C:\Documents and Settings\joseph kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.1of\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.116:C:\Documents and Settings\joseph kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.1of\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.117:C:\Documents and Settings\joseph kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.1of\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.118:C:\Documents and Settings\joseph kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.1of\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.119:C:\Documents and Settings\joseph kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.1of\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.120:C:\Documents and Settings\joseph kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.1of\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.121:C:\Documents and Settings\joseph kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.1of\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.122:C:\Documents and Settings\joseph kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.1of\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.123:C:\Documents and Settings\joseph kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.1of\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.124:C:\Documents and Settings\joseph kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.1of\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.125:C:\Documents and Settings\joseph kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.1of\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.126:C:\Documents and Settings\joseph kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.1of\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.127:C:\Documents and Settings\joseph kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.1of\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.128:C:\Documents and Settings\joseph kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.1of\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.129:C:\Documents and Settings\joseph kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.1of\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.140:C:\Documents and Settings\joseph kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.1of\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.141:C:\Documents and Settings\joseph kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.1of\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.142:C:\Documents and Settings\joseph kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.1of\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.143:C:\Documents and Settings\joseph kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.1of\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.144:C:\Documents and Settings\joseph kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.1of\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.145:C:\Documents and Settings\joseph kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.1of\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.146:C:\Documents and Settings\joseph kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.1of\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.147:C:\Documents and Settings\joseph kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.1of\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.148:C:\Documents and Settings\joseph kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.1of\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.149:C:\Documents and Settings\joseph kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.1of\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.182:C:\Documents and Settings\joseph kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.1of\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.183:C:\Documents and Settings\joseph kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.1of\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.184:C:\Documents and Settings\joseph kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.1of\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.185:C:\Documents and Settings\joseph kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.1of\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.186:C:\Documents and Settings\joseph kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.1of\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.187:C:\Documents and Settings\joseph kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.1of\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.188:C:\Documents and Settings\joseph kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.1of\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.189:C:\Documents and Settings\joseph kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.1of\cookies.txt -> TrackingCookie.Addynamix : Cleaned with backup
:mozilla.190:C:\Documents and Settings\joseph kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.1of\cookies.txt -> TrackingCookie.Bfast : Cleaned with backup
:mozilla.191:C:\Documents and Settings\joseph kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.1of\cookies.txt -> TrackingCookie.Bfast : Cleaned with backup
:mozilla.203:C:\Documents and Settings\joseph kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.1of\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.204:C:\Documents and Settings\joseph kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.1of\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.205:C:\Documents and Settings\joseph kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.1of\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.206:C:\Documents and Settings\joseph kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.1of\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.207:C:\Documents and Settings\joseph kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.1of\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.208:C:\Documents and Settings\joseph kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.1of\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.209:C:\Documents and Settings\joseph kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.1of\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.210:C:\Documents and Settings\joseph kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.1of\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.211:C:\Documents and Settings\joseph kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.1of\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.212:C:\Documents and Settings\joseph kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.1of\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.213:C:\Documents and Settings\joseph kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.1of\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.214:C:\Documents and Settings\joseph kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.1of\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.230:C:\Documents and Settings\joseph kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.1of\cookies.txt -> TrackingCookie.Bluestreak : Cleaned with backup
:mozilla.232:C:\Documents and Settings\joseph kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.1of\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.233:C:\Documents and Settings\joseph kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.1of\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.234:C:\Documents and Settings\joseph kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.1of\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.235:C:\Documents and Settings\joseph kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.1of\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.236:C:\Documents and Settings\joseph kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.1of\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.237:C:\Documents and Settings\joseph kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.1of\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.239:C:\Documents and Settings\joseph kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.1of\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.240:C:\Documents and Settings\joseph kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.1of\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup
:mozilla.243:C:\Documents and Settings\joseph kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.1of\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.254:C:\Documents and Settings\joseph kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.1of\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup
:mozilla.255:C:\Documents and Settings\joseph kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.1of\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup
:mozilla.258:C:\Documents and Settings\joseph kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.1of\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
:mozilla.268:C:\Documents and Settings\joseph kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.1of\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.269:C:\Documents and Settings\joseph kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.1of\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.273:C:\Documents and Settings\joseph kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.1of\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.274:C:\Documents and Settings\joseph kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.1of\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.275:C:\Documents and Settings\joseph kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.1of\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.276:C:\Documents and Settings\joseph kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.1of\cookies.txt -> TrackingCookie.Adjuggler : Cleaned with backup
:mozilla.277:C:\Documents and Settings\joseph kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.1of\cookies.txt -> TrackingCookie.Adjuggler : Cleaned with backup
:mozilla.298:C:\Documents and Settings\joseph kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.1of\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.300:C:\Documents and Settings\joseph kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.1of\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.308:C:\Documents and Settings\joseph kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.1of\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.309:C:\Documents and Settings\joseph kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.1of\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.310:C:\Documents and Settings\joseph kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.1of\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.314:C:\Documents and Settings\joseph kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.1of\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.315:C:\Documents and Settings\joseph kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.1of\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.316:C:\Documents and Settings\joseph kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.1of\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.319:C:\Documents and Settings\joseph kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.1of\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup
:mozilla.322:C:\Documents and Settings\joseph kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.1of\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.323:C:\Documents and Settings\joseph kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.1of\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.326:C:\Documents and Settings\joseph kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.1of\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.339:C:\Documents and Settings\joseph kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.1of\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.340:C:\Documents and Settings\joseph kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.1of\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
:mozilla.347:C:\Documents and Settings\joseph kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.1of\cookies.txt -> TrackingCookie.Sexlist : Cleaned with backup
:mozilla.348:C:\Documents and Settings\joseph kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.1of\cookies.txt -> TrackingCookie.Sexlist : Cleaned with backup
:mozilla.349:C:\Documents and Settings\joseph kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.1of\cookies.txt -> TrackingCookie.Sexlist : Cleaned with backup
:mozilla.350:C:\Documents and Settings\joseph kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.1of\cookies.txt -> TrackingCookie.Sexlist : Cleaned with backup
:mozilla.352:C:\Documents and Settings\joseph kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.1of\cookies.txt -> TrackingCookie.Masterstats : Cleaned with backup
:mozilla.357:C:\Documents and Settings\joseph kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.1of\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.359:C:\Documents and Settings\joseph kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.1of\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.360:C:\Documents and Settings\joseph kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.1of\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.362:C:\Documents and Settings\joseph kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.1of\cookies.txt -> TrackingCookie.Linksynergy : Cleaned with backup
:mozilla.363:C:\Documents and Settings\joseph kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.1of\cookies.txt -> TrackingCookie.Linksynergy : Cleaned with backup
:mozilla.366:C:\Documents and Settings\joseph kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.1of\cookies.txt -> TrackingCookie.Paycounter : Cleaned with backup
:mozilla.369:C:\Documents and Settings\joseph kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.1of\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.371:C:\Documents and Settings\joseph kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.1of\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.382:C:\Documents and Settings\joseph kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.1of\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.384:C:\Documents and Settings\joseph kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.1of\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.385:C:\Documents and Settings\joseph kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.1of\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.386:C:\Documents and Settings\joseph kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.1of\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.387:C:\Documents and Settings\joseph kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.1of\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.388:C:\Documents and Settings\joseph kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.1of\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.389:C:\Documents and Settings\joseph kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.1of\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.394:C:\Documents and Settings\joseph kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.1of\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup
:mozilla.395:C:\Documents and Settings\joseph kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.1of\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup
:mozilla.422:C:\Documents and Settings\joseph kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.1of\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup
:mozilla.423:C:\Documents and Settings\joseph kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.1of\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup
:mozilla.429:C:\Documents and Settings\joseph kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.1of\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.430:C:\Documents and Settings\joseph kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.1of\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.433:C:\Documents and Settings\joseph kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.1of\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.435:C:\Documents and Settings\joseph kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.1of\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.436:C:\Documents and Settings\joseph kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.1of\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.437:C:\Documents and Settings\joseph kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.1of\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.443:C:\Documents and Settings\joseph kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.1of\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.444:C:\Documents and Settings\joseph kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.1of\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.450:C:\Documents and Settings\joseph kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.1of\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.452:C:\Documents and Settings\joseph kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.1of\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.453:C:\Documents and Settings\joseph kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.1of\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.454:C:\Documents and Settings\joseph kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.1of\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.455:C:\Documents and Settings\joseph kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.1of\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.456:C:\Documents and Settings\joseph kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.1of\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.457:C:\Documents and Settings\joseph kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.1of\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.467:C:\Documents and Settings\joseph kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.1of\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.468:C:\Documents and Settings\joseph kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.1of\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.476:C:\Documents and Settings\joseph kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.1of\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.479:C:\Documents and Settings\joseph kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.1of\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup
:mozilla.480:C:\Documents and Settings\joseph kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.1of\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup
:mozilla.492:C:\Documents and Settings\joseph kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.1of\cookies.txt -> TrackingCookie.Goclick : Cleaned with backup
:mozilla.493:C:\Documents and Settings\joseph kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.1of\cookies.txt -> TrackingCookie.Goclick : Cleaned with backup
:mozilla.494:C:\Documents and Settings\joseph kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.1of\cookies.txt -> TrackingCookie.Clickbank : Cleaned with backup
:mozilla.502:C:\Documents and Settings\joseph kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.1of\cookies.txt -> TrackingCookie.Starware : Cleaned with backup
:mozilla.503:C:\Documents and Settings\joseph kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.1of\cookies.txt -> TrackingCookie.Starware : Cleaned with backup
:mozilla.504:C:\Documents and Settings\joseph kicinski.JOSEPH-NGM5HN2C\Application Data\Mozilla\Firefox\Profiles\default.1of\cookies.txt -> TrackingCookie.Starware : Cleaned with backup
C:\Documents and Settings\joseph kicinski.JOSEPH-NGM5HN2C\Cookies\joseph kicinski@ads.realcastmedia[1].txt -> TrackingCookie.Realcastmedia : Cleaned with backup
C:\Documents and Settings\joseph kicinski.JOSEPH-NGM5HN2C\Cookies\joseph kicinski@bfast[2].txt -> TrackingCookie.Bfast : Cleaned with backup
C:\Documents and Settings\joseph kicinski.JOSEPH-NGM5HN2C\Cookies\joseph kicinski@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned with backup
C:\Documents and Settings\joseph kicinski.JOSEPH-NGM5HN2C\Cookies\joseph kicinski@doubleclick[2].txt -> TrackingCookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\joseph kicinski.JOSEPH-NGM5HN2C\Cookies\joseph kicinski@e-2dj6wfkiaoc5glo.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\joseph kicinski.JOSEPH-NGM5HN2C\Local Settings\Temp\Cookies\joseph kicinski@ads.realcastmedia[2].txt -> TrackingCookie.Realcastmedia : Cleaned with backup
C:\Documents and Settings\joseph kicinski.JOSEPH-NGM5HN2C\Local Settings\Temp\Cookies\joseph kicinski@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned with backup
C:\Documents and Settings\joseph kicinski.JOSEPH-NGM5HN2C\Local Settings\Temp\Cookies\joseph kicinski@kmpads[2].txt -> TrackingCookie.Kmpads : Cleaned with backup
C:\Documents and Settings\joseph kicinski.JOSEPH-NGM5HN2C\Local Settings\Temp\Cookies\joseph kicinski@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : Cleaned with backup
C:\Documents and Settings\joseph kicinski.JOSEPH-NGM5HN2C\Local Settings\Temp\Cookies\joseph kicinski@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.6:C:\Documents and Settings\LocalService.NT AUTHORITY.000\Application Data\Mozilla\Firefox\Profiles\r5wuoxxi.default\cookies.txt -> TrackingCookie.Goclick : Cleaned with backup
:mozilla.7:C:\Documents and Settings\LocalService.NT AUTHORITY.000\Application Data\Mozilla\Firefox\Profiles\r5wuoxxi.default\cookies.txt -> TrackingCookie.Goclick : Cleaned with backup
C:\WINDOWS\system32\winqvn32.dll -> Trojan.Agent.qt : Cleaned with backup
C:\WINDOWS\Temp\Cookies\joe kicinski@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\WINDOWS\Temp\Cookies\joe kicinski@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : Cleaned with backup
C:\WINDOWS\Temp\Cookies\joe kicinski@ads.realcastmedia[1].txt -> TrackingCookie.Realcastmedia : Cleaned with backup
C:\WINDOWS\Temp\Cookies\joe kicinski@anat.tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned with backup
C:\WINDOWS\Temp\Cookies\joe kicinski@atdmt[1].txt -> TrackingCookie.Atdmt : Cleaned with backup
C:\WINDOWS\Temp\Cookies\joe kicinski@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned with backup
C:\WINDOWS\Temp\Cookies\joe kicinski@data1.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup
C:\WINDOWS\Temp\Cookies\joe kicinski@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup
C:\WINDOWS\Temp\Cookies\joe kicinski@goldenpalace[2].txt -> TrackingCookie.Goldenpalace : Cleaned with backup
C:\WINDOWS\Temp\Cookies\joe kicinski@hypertracker[1].txt -> TrackingCookie.Hypertracker : Cleaned with backup
C:\WINDOWS\Temp\Cookies\joe kicinski@partygaming.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\WINDOWS\Temp\Cookies\joe kicinski@paypopup[1].txt -> TrackingCookie.Paypopup : Cleaned with backup
C:\WINDOWS\Temp\Cookies\joe kicinski@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned with backup
C:\WINDOWS\Temp\Cookies\joe kicinski@trafficmp[1].txt -> TrackingCookie.Trafficmp : Cleaned with backup
C:\WINDOWS\Temp\Cookies\joe kicinski@yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\WINDOWS\Temp\Cookies\joseph kicinski@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\WINDOWS\Temp\Cookies\joseph kicinski@adopt.specificclick[1].txt -> TrackingCookie.Specificclick : Cleaned with backup
C:\WINDOWS\Temp\Cookies\joseph kicinski@ads.realcastmedia[1].txt -> TrackingCookie.Realcastmedia : Cleaned with backup
C:\WINDOWS\Temp\Cookies\joseph kicinski@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned with backup
C:\WINDOWS\Temp\Cookies\joseph kicinski@partygaming.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\WINDOWS\Temp\Cookies\joseph kicinski@paypopup[1].txt -> TrackingCookie.Paypopup : Cleaned with backup
C:\WINDOWS\Temp\Cookies\joseph kicinski@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Cleaned with backup
C:\WINDOWS\Temp\Cookies\joseph kicinski@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned with backup
C:\WINDOWS\Temp\Cookies\joseph kicinski@yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\WINDOWS\Temp\win3B.tmp.exe -> Trojan.Dialer.oy : Cleaned with backup
C:\WINDOWS\Temp\win46.tmp.exe -> Trojan.Dialer.oy : Cleaned with backup
C:\WINDOWS\Temp\winB6C.tmp.exe -> Hijacker.Small : Cleaned with backup
C:\WINDOWS\Temp\winB72.tmp.exe -> Downloader.IstBar.eq : Cleaned with backup
C:\WINDOWS\Temp\winB7C.tmp.exe -> Trojan.Dialer.oy : Cleaned with backup
C:\WINDOWS\Temp\winB90.tmp.exe -> Trojan.Dialer.oy : Cleaned with backup
C:\WINDOWS\Temp\winBAB.tmp.exe -> Trojan.Dialer.oy : Cleaned with backup


::Report End


SmitFraudFix v2.53

Scan done at 13:11:39.88, Sat 06/03/2006
Run from C:\Documents and Settings\joe kicinski.JOSEPH-NGM5HN2C\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix ran in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{aea3d2df-2b2c-4d7b-81a0-d975c6dc088e}"="alongshore"

[HKEY_CLASSES_ROOT\CLSID\{aea3d2df-2b2c-4d7b-81a0-d975c6dc088e}\InProcServer32]
@="C:\WINDOWS\system32\yhbdupd.dll"

[HKEY_CURRENT_USER\Software\Classes\CLSID\{aea3d2df-2b2c-4d7b-81a0-d975c6dc088e}\InProcServer32]
@="C:\WINDOWS\system32\yhbdupd.dll"


»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\WINDOWS\system32\atmclk.exe Deleted
C:\WINDOWS\system32\dcomcfg.exe Deleted
C:\WINDOWS\system32\hp???.tmp Deleted
C:\WINDOWS\system32\ld????.tmp Deleted
C:\WINDOWS\system32\ot.ico Deleted
C:\WINDOWS\system32\regperf.exe Deleted
C:\WINDOWS\system32\simpole.tlb Deleted
C:\WINDOWS\system32\stdole3.tlb Deleted
C:\WINDOWS\system32\ts.ico Deleted
C:\WINDOWS\system32\yhbdupd.dll Deleted
C:\WINDOWS\system32\1024\ Deleted
C:\DOCUME~1\JOEKIC~2.JOS\FAVORI~1\Antivirus Test Online.url Deleted
C:\Program Files\SpywareQuake.com\ Deleted

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri

C:\WINDOWS\system32\yhbdupd.dll -> Missing File


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End

I will be getting one of those firewalls soon. Thanks for your help.
[ + quote]

This message has been edited since posting. Last time this message was edited on 3. June 2006 @ 11:02
Advertisement
_ 		__
 
_
JaPK
Senior Member
_ 		4. June 2006 @ 00:39 _ Link to this message    Send private message to this user   
Hi BunkrKing, looking quite good...

Move HijackThis into its own folder C:\HJT

Fix these two entries with HijackThis:

O2 - BHO: Nothing - {6ab7158b-4bff-4160-ad7d-4d622df548cf} - C:\WINDOWS\system32\hp100.tmp (file missing)
O20 - Winlogon Notify: winqvn32 - winqvn32.dll (file missing)

Download ATF Cleaner by Atribune to your desktop -> http://www.atribune.org/ccount/click.php?id=1
Run ATF Cleaner -> Check select all -> Press Empty selected

Reboot your computer.

Post a fresh HjT log to here.
[ + quote]
I have moved from AD, I won''t be taking new HijackThis logs from here. Reason: The AD''s Unsupportive athmosphere.

This message has been edited since posting. Last time this message was edited on 4. June 2006 @ 00:39
 
Page:12Next >
afterdawn.com > forums > software, operating systems and more > windows - virus and spyware problems > unclean computer - ulwindowseek popups
 

Digital video: AfterDawn.com | AfterDawn Forums
Music: MP3Lizard.com
Gaming: Blasteroids.com | Blasteroids Forums | Compare game prices
Software: Software downloads
Blogs: User profile pages
RSS feeds: AfterDawn.com News | Software updates | AfterDawn Forums
International: AfterDawn in Finnish | AfterDawn in Swedish | AfterDawn in Norwegian | download.fi
Navigate: Search | Site map
About us: About AfterDawn Ltd | Advertise on our sites | Rules, Restrictions, Legal disclaimer & Privacy policy
Contact us: Send feedback | Contact our media sales team
 
  © 1999-2025 by AfterDawn Ltd.

  IDG TechNetwork