Mobile/PDA About Us Advertise here
User User name Password  
  Not registered yet? Register here.
Lost your password? Click here. 		 
  Home   News   Guides   Downloads   Glossary   Hardware   Profiles   Forums   v4  
 Advertise at AfterDawn.com     Link to us!     Private messages     Compose a private message     List of all updated threads     Threads without replies     Search messages
Friday 31.10.2025 / 01:52
Search AfterDawn Forums:        In English   Suomeksi   På svenska
afterdawn.com > forums > software, operating systems and more > windows - virus and spyware problems > gretel
Show topics
 
Forums
Forums
gretel
  Jump to:
 
Posted Message
gretel
Suspended due to non-functional email address
_ 		25. May 2006 @ 17:27 _ Link to this message    Send private message to this user   
Zlob-BN - Hi ZLob-BN, ZLOB-BM and Hoaxalarm -V all arrived at the same time. Seem to have gotten rid of the BM and Hoaxalarm with Avast - but the BN one is vicious and won't go away. Now avast just goes away when I click "Move to Chest" - nothing happens. here is a HijackThis log - I'm in trouble here...I think I posted this to a wrong thread earlier, too.
Logfile of HijackThis v1.99.1
Scan saved at 7:37:28 PM, on 5/25/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\PROGRA~1\AVG\avgamsvr.exe
C:\PROGRA~1\AVG\avgupsvc.exe
C:\WINNT\System32\cisvc.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\MsPMSPSv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\cidaemon.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINNT\system32\dcomcfg.exe
C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Common Files\Roxio Shared\Project Selector\projselector.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\PROGRA~1\AVG\avgcc.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\SYSTEM~1\soap.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\PROGRA~1\EACCEL~1\Station\station.exe
C:\PROGRA~1\ACCELE~1\ANTI-V~1\STOPSI~1.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINNT\system32\spool\DRIVERS\W32X86\3\HPZSTC04.EXE
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ycomp/defaults/sb/*http...
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr7/*http://www...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr7/*http://www...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://as.starware.com/dp/search?x=wKX1ILEOi+Vh7AfA98Gm4Me69ZMbub...
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=C:\WINNT\system32\Userinit.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - (no file)
O2 - BHO: Big Fish Games - {4E7BD74F-2B8D-469E-86BD-FD60BB9AAE3A} - C:\PROGRA~1\BFGTOO~1\BFGTOO~1.DLL
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Starware - {CA356D79-679B-4b4c-8E49-5AF97014F4C1} - C:\Program Files\Starware\bin\Starware.dll (file missing)
O2 - BHO: Nothing - {f79fd28e-36ee-4989-aa61-9dd8e30a82fa} - C:\WINNT\system32\hp100.tmp
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Big Fish Games - {4E7BD74F-2B8D-469E-86BD-FD60BB9AAE3A} - C:\PROGRA~1\BFGTOO~1\BFGTOO~1.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: Starware - {D49E9D35-254C-4c6a-9D17-95018D228FF5} - C:\Program Files\Starware\bin\Starware.dll (file missing)
O3 - Toolbar: SecurityToolbar - {736b5468-bdad-41be-92d0-22ae2ddf7bcb} - C:\Program Files\Security Toolbar\Security Toolbar.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [USSShReg] C:\PROGRA~1\ULEADS~1.0\Ussshreg.exe /r
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup
O4 - HKLM\..\Run: [projselector] "C:\Program Files\Common Files\Roxio Shared\Project Selector\projselector.exe" -r
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\AVG\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SoftwareStation] "C:\Program Files\eAcceleration\Station\station.exe" /b Startup
O4 - HKLM\..\Run: [webscan] "C:\Program Files\Acceleration Software\Anti-Virus\stopsignav.exe" -k
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [System Soap Pro] C:\PROGRA~1\SYSTEM~1\soap.exe min
O4 - HKCU\..\Run: [ClockSync] "C:\Program Files\ClockSync\Sync.exe" /q
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O10 - Broken Internet access because of LSP provider 'c:\program files\newdotnet\newdotnet3_88.dll' missing
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://us-housecall.trendmicro-europe.com/housecall/applet/html/n...
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\AVG\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\AVG\avgupsvc.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
[ + quote]
Advertisement
_ 		__
JaPK
Senior Member
_ 		25. May 2006 @ 19:42 _ Link to this message    Send private message to this user   
You got a nice collection of malware on your computer.

You don't have a firewall on your computer. Download and install one firewall.

These are good (free) firewalls:
ZoneAlarm --> http://www.zonelabs.com
Kerio--> http://www.sunbelt-software.com/Kerio.cfm
Outpost-> http://www.agnitum.com

Then you have two antiviruses on your computer (AVG, Avast). This is not recommended and it may cause slowdowns, crashes etc...

So you should install one of them. Go to Control Panel -> Add/Remove programs -> Remove AVG OR Avast

Cleaning instructions:

Move HijackThis into its own folder C:\HJT

Donwload LSPFix -> http://www.cexx.org/lspfix.htm to your desktop.
Don't run this program yet. This program is used only if you lost your internet connection during the cleaning.

Download and install Ewido anti-malware -> http://www.ewido.net/en/download
Update it, but do NOT run a scan yet. We'll use it later.

Go to Control Panel -> Add/Remove programs -> Remove New.Net, NewDotNet, Big Fish Games, Starware, System Soap Pro, eAcceleration, ClockSync if found

--->IF New.Net or NewDotNet ain't listed in add/or remove programs, do this<---

1.Un-plug your internet cable.
2.Disable your antispyware and antivirus
3.Download NNuninstall to your desktop http://www.new.net/support/NNuninstall.exe
4.Run NNuninstall.exe file.
->It asks if you want to remove New.Net
->Click Yes.
->When it is done click OK.
->Restart your computer
5.Restart your antivirus
6.Plug your internet cable back.
7.Empty the recycle bin.

(IF you lost your internet connection during the new.net removal, doubleclik LSPFix.exe. Check "I know what I'm doing" option.You see two panels; If something is listed in "Remove" panel on the right side, leave it there and press "Finish>>". Then restart your computer and the connection should work. If nothing is listed in "Remove" panel, DO NOTHING, close LSPFix. Go to some different machine to get help. (This is just a precaution. Usually the internet connection stays ok ;) )

-->Then continue from here<---

Run HijackThis. Press Do a system scan only, then close all other windows, checkmark the following entries and press Fix checked

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ycomp/defaults/sb/*http...
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr7/*http://www...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr7/*http://www...
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://as.starware.com/dp/search?x=wKX1ILEOi+Vh7AfA98Gm4Me69ZMbub...
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - (no file)
O2 - BHO: Big Fish Games - {4E7BD74F-2B8D-469E-86BD-FD60BB9AAE3A} - C:\PROGRA~1\BFGTOO~1\BFGTOO~1.DLL
O2 - BHO: Starware - {CA356D79-679B-4b4c-8E49-5AF97014F4C1} - C:\Program Files\Starware\bin\Starware.dll (file missing)
O3 - Toolbar: Big Fish Games - {4E7BD74F-2B8D-469E-86BD-FD60BB9AAE3A} - C:\PROGRA~1\BFGTOO~1\BFGTOO~1.DLL
O3 - Toolbar: Starware - {D49E9D35-254C-4c6a-9D17-95018D228FF5} - C:\Program Files\Starware\bin\Starware.dll (file missing)
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup
O4 - HKLM\..\Run: [SoftwareStation] "C:\Program Files\eAcceleration\Station\station.exe" /b Startup
O4 - HKLM\..\Run: [webscan] "C:\Program Files\Acceleration Software\Anti-Virus\stopsignav.exe" -k
O4 - HKCU\..\Run: [System Soap Pro] C:\PROGRA~1\SYSTEM~1\soap.exe min
O4 - HKCU\..\Run: [ClockSync] "C:\Program Files\ClockSync\Sync.exe" /q
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm

Make your hidden files visible -> http://www.bleepingcomputer.com/tutorials/tutorial62.html
Restart your computer to the safemode -> http://www.pchell.com/support/safemode.shtml

Delete these folders (if found):
C:\Program Files\BFGTOO~1
C:\Program Files\Starware
C:\Program Files\NewDotNet
C:\Program Files\eAcceleration
C:\Program Files\Acceleration Software
C:\Program Files\ClockSync
C:\Program Files\System Soap Pro

Delete these files (if found):
C:\WINNT\web\related.htm

Scan and clean your computer with Ewido and save the report.

Clean the Recycle bin and make your hidden files visible again.

Restart your computer normally.

Download SmitfraudFix.zip to your desktop -> http://siri.urz.free.fr/Fix/SmitfraudFix.zip

Unzip it (folder named SmitFraudFix) to your desktop:

Open the folder SmitfraudFix and doubleclick smitfraudfix.cmd
Choose option #1 - Search by typing 1 and pressing "Enter"; a textfile opens and lists the infected files (if those exist)

Post the contents of this textfile to here.

(Some antiviruses recognises process.exe as a malware. It is not malware, it is a program that stops processes)

Post the following logs to here:
-> a fresh HijackThis log
-> Ewido's log
-> Log from SmitFraudFix

Then we'll continue the cleaning process.
[ + quote]
gretel
Suspended due to non-functional email address
_ 		26. May 2006 @ 00:56 _ Link to this message    Send private message to this user   
OK - Thanks for the directions! the machine is still slow as molasses but here are the logs -
(I see there's still a SpywareQuake program still on the drive - I'm afraid even to click on the folder - but have to get it off the computer. What's the best way?)

SmitFraudFix v2.48

Scan done at 2:14:21.49, Fri 05/26/2006
Run from C:\Desktop\smitfraudFix
OS: Microsoft Windows 2000 [Version 5.00.2195]
Fix ran in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINNT


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINNT\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINNT\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINNT\system32

C:\WINNT\system32\dcomcfg.exe FOUND !
C:\WINNT\system32\hp????.tmp FOUND !
C:\WINNT\system32\ld????.tmp FOUND !
C:\WINNT\system32\ot.ico FOUND !
C:\WINNT\system32\regperf.exe FOUND !
C:\WINNT\system32\simpole.tlb FOUND !
C:\WINNT\system32\stdole3.tlb FOUND !
C:\WINNT\system32\ts.ico FOUND !
C:\WINNT\system32\1024\ FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Gretchen Mannix\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\GRETCH~1\FAVORI~1

C:\DOCUME~1\GRETCH~1\FAVORI~1\Antivirus Test Online.url FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

C:\Program Files\Security Toolbar\ FOUND !
C:\Program Files\SpywareQuake.com\ FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{0c7416f0-dd23-420f-97f5-aae352ea2bf1}"="glochid"

[HKEY_CLASSES_ROOT\CLSID\{0c7416f0-dd23-420f-97f5-aae352ea2bf1}\InProcServer32]
@="C:\WINNT\system32\wfkduei.dll"

[HKEY_CURRENT_USER\Software\Classes\CLSID\{0c7416f0-dd23-420f-97f5-aae352ea2bf1}\InProcServer32]
@="C:\WINNT\system32\wfkduei.dll"


»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End



Logfile of HijackThis v1.99.1
Scan saved at 3:34:05 AM, on 5/26/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINNT\System32\cisvc.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\MsPMSPSv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\dcomcfg.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Common Files\Roxio Shared\Project Selector\projselector.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINNT\System32\cidaemon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\HJT\HijackThis.exe
C:\HJT\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Nothing - {f79fd28e-36ee-4989-aa61-9dd8e30a82fa} - C:\WINNT\system32\hp100.tmp
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [USSShReg] C:\PROGRA~1\ULEADS~1.0\Ussshreg.exe /r
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [projselector] "C:\Program Files\Common Files\Roxio Shared\Project Selector\projselector.exe" -r
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [OutpostFeedBack] C:\Program Files\Agnitum\Outpost Firewall\feedback.exe /dump:os_startup
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Outpost Firewall] "C:\Program Files\Agnitum\Outpost Firewall\outpost.exe" /waitservice
O4 - HKLM\..\RunOnce: [InnoSetupRegFile.0000000001] "C:\WINNT\is-AN6QG.exe" /REG
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Outpost Firewall Pro Quick Tune - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\Program Files\Agnitum\Outpost Firewall\Plugins\BrowserBar\ie_bar.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://us-housecall.trendmicro-europe.com/housecall/applet/html/n...
O20 - AppInit_DLLs: C:\PROGRA~1\Agnitum\OUTPOS~1\wl_hook.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum Ltd. - C:\Program Files\Agnitum\Outpost Firewall\outpost.exe

ewido anti-malware - Process report
---------------------------------------------------------

ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 1:51:35 AM, 5/26/2006
+ Report-Checksum: 57F094E4

+ Scan result:

HKLM\SOFTWARE\Classes\AppID\WeatherOnTray.EXE -> Adware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{736B5468-BDAD-41BE-92D0-22AE2DDF7BCB} -> Adware.Generic : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{D49E9D35-254C-4c6a-9D17-95018D228FF5} -> Adware.Starware : Cleaned with backup
HKLM\SOFTWARE\Classes\WUSN.1 -> Adware.SaveNow : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{736b5468-bdad-41be-92d0-22ae2ddf7bcb} -> Adware.Generic : Cleaned with backup
HKLM\SOFTWARE\WhenUSave -> Adware.SaveNow : Cleaned with backup
HKLM\SOFTWARE\WhenUSave\Partners -> Adware.SaveNow : Cleaned with backup
HKLM\SOFTWARE\WhenUSave\Partners\SYNC -> Adware.SaveNow : Cleaned with backup
HKU\S-1-5-21-2025429265-1935655697-1060284298-1000\Software\WhenU -> Adware.SaveNow : Cleaned with backup
HKU\S-1-5-21-2025429265-1935655697-1060284298-1000\Software\WhenU\ClockSync -> Adware.SaveNow : Cleaned with backup
C:\Desktop\NNuninstall.exe -> Adware.NewDotNet : Cleaned with backup
:mozilla.7:C:\Documents and Settings\Gretchen Mannix\Application Data\Mozilla\Firefox\Profiles\m7dwgbws.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.8:C:\Documents and Settings\Gretchen Mannix\Application Data\Mozilla\Firefox\Profiles\m7dwgbws.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.10:C:\Documents and Settings\Gretchen Mannix\Application Data\Mozilla\Firefox\Profiles\m7dwgbws.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.11:C:\Documents and Settings\Gretchen Mannix\Application Data\Mozilla\Firefox\Profiles\m7dwgbws.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.27:C:\Documents and Settings\Gretchen Mannix\Application Data\Mozilla\Firefox\Profiles\m7dwgbws.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.28:C:\Documents and Settings\Gretchen Mannix\Application Data\Mozilla\Firefox\Profiles\m7dwgbws.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.29:C:\Documents and Settings\Gretchen Mannix\Application Data\Mozilla\Firefox\Profiles\m7dwgbws.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.30:C:\Documents and Settings\Gretchen Mannix\Application Data\Mozilla\Firefox\Profiles\m7dwgbws.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.38:C:\Documents and Settings\Gretchen Mannix\Application Data\Mozilla\Firefox\Profiles\m7dwgbws.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.39:C:\Documents and Settings\Gretchen Mannix\Application Data\Mozilla\Firefox\Profiles\m7dwgbws.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.51:C:\Documents and Settings\Gretchen Mannix\Application Data\Mozilla\Firefox\Profiles\m7dwgbws.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.52:C:\Documents and Settings\Gretchen Mannix\Application Data\Mozilla\Firefox\Profiles\m7dwgbws.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.58:C:\Documents and Settings\Gretchen Mannix\Application Data\Mozilla\Firefox\Profiles\m7dwgbws.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.62:C:\Documents and Settings\Gretchen Mannix\Application Data\Mozilla\Firefox\Profiles\m7dwgbws.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.63:C:\Documents and Settings\Gretchen Mannix\Application Data\Mozilla\Firefox\Profiles\m7dwgbws.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.64:C:\Documents and Settings\Gretchen Mannix\Application Data\Mozilla\Firefox\Profiles\m7dwgbws.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.65:C:\Documents and Settings\Gretchen Mannix\Application Data\Mozilla\Firefox\Profiles\m7dwgbws.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.66:C:\Documents and Settings\Gretchen Mannix\Application Data\Mozilla\Firefox\Profiles\m7dwgbws.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.67:C:\Documents and Settings\Gretchen Mannix\Application Data\Mozilla\Firefox\Profiles\m7dwgbws.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.68:C:\Documents and Settings\Gretchen Mannix\Application Data\Mozilla\Firefox\Profiles\m7dwgbws.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.69:C:\Documents and Settings\Gretchen Mannix\Application Data\Mozilla\Firefox\Profiles\m7dwgbws.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.70:C:\Documents and Settings\Gretchen Mannix\Application Data\Mozilla\Firefox\Profiles\m7dwgbws.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.71:C:\Documents and Settings\Gretchen Mannix\Application Data\Mozilla\Firefox\Profiles\m7dwgbws.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.72:C:\Documents and Settings\Gretchen Mannix\Application Data\Mozilla\Firefox\Profiles\m7dwgbws.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.73:C:\Documents and Settings\Gretchen Mannix\Application Data\Mozilla\Firefox\Profiles\m7dwgbws.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.74:C:\Documents and Settings\Gretchen Mannix\Application Data\Mozilla\Firefox\Profiles\m7dwgbws.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.75:C:\Documents and Settings\Gretchen Mannix\Application Data\Mozilla\Firefox\Profiles\m7dwgbws.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.76:C:\Documents and Settings\Gretchen Mannix\Application Data\Mozilla\Firefox\Profiles\m7dwgbws.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.77:C:\Documents and Settings\Gretchen Mannix\Application Data\Mozilla\Firefox\Profiles\m7dwgbws.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.79:C:\Documents and Settings\Gretchen Mannix\Application Data\Mozilla\Firefox\Profiles\m7dwgbws.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.80:C:\Documents and Settings\Gretchen Mannix\Application Data\Mozilla\Firefox\Profiles\m7dwgbws.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.81:C:\Documents and Settings\Gretchen Mannix\Application Data\Mozilla\Firefox\Profiles\m7dwgbws.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.82:C:\Documents and Settings\Gretchen Mannix\Application Data\Mozilla\Firefox\Profiles\m7dwgbws.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.83:C:\Documents and Settings\Gretchen Mannix\Application Data\Mozilla\Firefox\Profiles\m7dwgbws.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.92:C:\Documents and Settings\Gretchen Mannix\Application Data\Mozilla\Firefox\Profiles\m7dwgbws.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.93:C:\Documents and Settings\Gretchen Mannix\Application Data\Mozilla\Firefox\Profiles\m7dwgbws.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.94:C:\Documents and Settings\Gretchen Mannix\Application Data\Mozilla\Firefox\Profiles\m7dwgbws.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.95:C:\Documents and Settings\Gretchen Mannix\Application Data\Mozilla\Firefox\Profiles\m7dwgbws.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.112:C:\Documents and Settings\Gretchen Mannix\Application Data\Mozilla\Firefox\Profiles\m7dwgbws.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.113:C:\Documents and Settings\Gretchen Mannix\Application Data\Mozilla\Firefox\Profiles\m7dwgbws.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.114:C:\Documents and Settings\Gretchen Mannix\Application Data\Mozilla\Firefox\Profiles\m7dwgbws.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.121:C:\Documents and Settings\Gretchen Mannix\Application Data\Mozilla\Firefox\Profiles\m7dwgbws.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.122:C:\Documents and Settings\Gretchen Mannix\Application Data\Mozilla\Firefox\Profiles\m7dwgbws.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.133:C:\Documents and Settings\Gretchen Mannix\Application Data\Mozilla\Firefox\Profiles\m7dwgbws.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.137:C:\Documents and Settings\Gretchen Mannix\Application Data\Mozilla\Firefox\Profiles\m7dwgbws.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup
:mozilla.138:C:\Documents and Settings\Gretchen Mannix\Application Data\Mozilla\Firefox\Profiles\m7dwgbws.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup
:mozilla.139:C:\Documents and Settings\Gretchen Mannix\Application Data\Mozilla\Firefox\Profiles\m7dwgbws.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup
:mozilla.140:C:\Documents and Settings\Gretchen Mannix\Application Data\Mozilla\Firefox\Profiles\m7dwgbws.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup
:mozilla.141:C:\Documents and Settings\Gretchen Mannix\Application Data\Mozilla\Firefox\Profiles\m7dwgbws.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.142:C:\Documents and Settings\Gretchen Mannix\Application Data\Mozilla\Firefox\Profiles\m7dwgbws.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.143:C:\Documents and Settings\Gretchen Mannix\Application Data\Mozilla\Firefox\Profiles\m7dwgbws.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.144:C:\Documents and Settings\Gretchen Mannix\Application Data\Mozilla\Firefox\Profiles\m7dwgbws.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.145:C:\Documents and Settings\Gretchen Mannix\Application Data\Mozilla\Firefox\Profiles\m7dwgbws.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.210:C:\Documents and Settings\Gretchen Mannix\Application Data\Mozilla\Firefox\Profiles\m7dwgbws.default\cookies.txt -> TrackingCookie.Addynamix : Cleaned with backup
:mozilla.216:C:\Documents and Settings\Gretchen Mannix\Application Data\Mozilla\Firefox\Profiles\m7dwgbws.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.217:C:\Documents and Settings\Gretchen Mannix\Application Data\Mozilla\Firefox\Profiles\m7dwgbws.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.218:C:\Documents and Settings\Gretchen Mannix\Application Data\Mozilla\Firefox\Profiles\m7dwgbws.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.233:C:\Documents and Settings\Gretchen Mannix\Application Data\Mozilla\Firefox\Profiles\m7dwgbws.default\cookies.txt -> TrackingCookie.Coremetrics : Cleaned with backup
:mozilla.236:C:\Documents and Settings\Gretchen Mannix\Application Data\Mozilla\Firefox\Profiles\m7dwgbws.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
:mozilla.239:C:\Documents and Settings\Gretchen Mannix\Application Data\Mozilla\Firefox\Profiles\m7dwgbws.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.240:C:\Documents and Settings\Gretchen Mannix\Application Data\Mozilla\Firefox\Profiles\m7dwgbws.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.241:C:\Documents and Settings\Gretchen Mannix\Application Data\Mozilla\Firefox\Profiles\m7dwgbws.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.242:C:\Documents and Settings\Gretchen Mannix\Application Data\Mozilla\Firefox\Profiles\m7dwgbws.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.244:C:\Documents and Settings\Gretchen Mannix\Application Data\Mozilla\Firefox\Profiles\m7dwgbws.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.245:C:\Documents and Settings\Gretchen Mannix\Application Data\Mozilla\Firefox\Profiles\m7dwgbws.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup
:mozilla.258:C:\Documents and Settings\Gretchen Mannix\Application Data\Mozilla\Firefox\Profiles\m7dwgbws.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.259:C:\Documents and Settings\Gretchen Mannix\Application Data\Mozilla\Firefox\Profiles\m7dwgbws.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.260:C:\Documents and Settings\Gretchen Mannix\Application Data\Mozilla\Firefox\Profiles\m7dwgbws.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned with backup
:mozilla.274:C:\Documents and Settings\Gretchen Mannix\Application Data\Mozilla\Firefox\Profiles\m7dwgbws.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.275:C:\Documents and Settings\Gretchen Mannix\Application Data\Mozilla\Firefox\Profiles\m7dwgbws.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.283:C:\Documents and Settings\Gretchen Mannix\Application Data\Mozilla\Firefox\Profiles\m7dwgbws.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.284:C:\Documents and Settings\Gretchen Mannix\Application Data\Mozilla\Firefox\Profiles\m7dwgbws.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.285:C:\Documents and Settings\Gretchen Mannix\Application Data\Mozilla\Firefox\Profiles\m7dwgbws.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.286:C:\Documents and Settings\Gretchen Mannix\Application Data\Mozilla\Firefox\Profiles\m7dwgbws.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.287:C:\Documents and Settings\Gretchen Mannix\Application Data\Mozilla\Firefox\Profiles\m7dwgbws.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.288:C:\Documents and Settings\Gretchen Mannix\Application Data\Mozilla\Firefox\Profiles\m7dwgbws.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.289:C:\Documents and Settings\Gretchen Mannix\Application Data\Mozilla\Firefox\Profiles\m7dwgbws.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.290:C:\Documents and Settings\Gretchen Mannix\Application Data\Mozilla\Firefox\Profiles\m7dwgbws.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.291:C:\Documents and Settings\Gretchen Mannix\Application Data\Mozilla\Firefox\Profiles\m7dwgbws.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.292:C:\Documents and Settings\Gretchen Mannix\Application Data\Mozilla\Firefox\Profiles\m7dwgbws.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.293:C:\Documents and Settings\Gretchen Mannix\Application Data\Mozilla\Firefox\Profiles\m7dwgbws.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.294:C:\Documents and Settings\Gretchen Mannix\Application Data\Mozilla\Firefox\Profiles\m7dwgbws.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.295:C:\Documents and Settings\Gretchen Mannix\Application Data\Mozilla\Firefox\Profiles\m7dwgbws.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.296:C:\Documents and Settings\Gretchen Mannix\Application Data\Mozilla\Firefox\Profiles\m7dwgbws.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.297:C:\Documents and Settings\Gretchen Mannix\Application Data\Mozilla\Firefox\Profiles\m7dwgbws.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.298:C:\Documents and Settings\Gretchen Mannix\Application Data\Mozilla\Firefox\Profiles\m7dwgbws.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.299:C:\Documents and Settings\Gretchen Mannix\Application Data\Mozilla\Firefox\Profiles\m7dwgbws.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.300:C:\Documents and Settings\Gretchen Mannix\Application Data\Mozilla\Firefox\Profiles\m7dwgbws.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.301:C:\Documents and Settings\Gretchen Mannix\Application Data\Mozilla\Firefox\Profiles\m7dwgbws.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.302:C:\Documents and Settings\Gretchen Mannix\Application Data\Mozilla\Firefox\Profiles\m7dwgbws.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.303:C:\Documents and Settings\Gretchen Mannix\Application Data\Mozilla\Firefox\Profiles\m7dwgbws.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.304:C:\Documents and Settings\Gretchen Mannix\Application Data\Mozilla\Firefox\Profiles\m7dwgbws.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.305:C:\Documents and Settings\Gretchen Mannix\Application Data\Mozilla\Firefox\Profiles\m7dwgbws.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.306:C:\Documents and Settings\Gretchen Mannix\Application Data\Mozilla\Firefox\Profiles\m7dwgbws.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.307:C:\Documents and Settings\Gretchen Mannix\Application Data\Mozilla\Firefox\Profiles\m7dwgbws.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.308:C:\Documents and Settings\Gretchen Mannix\Application Data\Mozilla\Firefox\Profiles\m7dwgbws.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.309:C:\Documents and Settings\Gretchen Mannix\Application Data\Mozilla\Firefox\Profiles\m7dwgbws.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.310:C:\Documents and Settings\Gretchen Mannix\Application Data\Mozilla\Firefox\Profiles\m7dwgbws.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.311:C:\Documents and Settings\Gretchen Mannix\Application Data\Mozilla\Firefox\Profiles\m7dwgbws.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.312:C:\Documents and Settings\Gretchen Mannix\Application Data\Mozilla\Firefox\Profiles\m7dwgbws.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.313:C:\Documents and Settings\Gretchen Mannix\Application Data\Mozilla\Firefox\Profiles\m7dwgbws.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.314:C:\Documents and Settings\Gretchen Mannix\Application Data\Mozilla\Firefox\Profiles\m7dwgbws.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.315:C:\Documents and Settings\Gretchen Mannix\Application Data\Mozilla\Firefox\Profiles\m7dwgbws.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.316:C:\Documents and Settings\Gretchen Mannix\Application Data\Mozilla\Firefox\Profiles\m7dwgbws.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.317:C:\Documents and Settings\Gretchen Mannix\Application Data\Mozilla\Firefox\Profiles\m7dwgbws.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.342:C:\Documents and Settings\Gretchen Mannix\Application Data\Mozilla\Firefox\Profiles\m7dwgbws.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.343:C:\Documents and Settings\Gretchen Mannix\Application Data\Mozilla\Firefox\Profiles\m7dwgbws.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.344:C:\Documents and Settings\Gretchen Mannix\Application Data\Mozilla\Firefox\Profiles\m7dwgbws.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.345:C:\Documents and Settings\Gretchen Mannix\Application Data\Mozilla\Firefox\Profiles\m7dwgbws.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.346:C:\Documents and Settings\Gretchen Mannix\Application Data\Mozilla\Firefox\Profiles\m7dwgbws.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.347:C:\Documents and Settings\Gretchen Mannix\Application Data\Mozilla\Firefox\Profiles\m7dwgbws.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.348:C:\Documents and Settings\Gretchen Mannix\Application Data\Mozilla\Firefox\Profiles\m7dwgbws.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.363:C:\Documents and Settings\Gretchen Mannix\Application Data\Mozilla\Firefox\Profiles\m7dwgbws.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.364:C:\Documents and Settings\Gretchen Mannix\Application Data\Mozilla\Firefox\Profiles\m7dwgbws.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.365:C:\Documents and Settings\Gretchen Mannix\Application Data\Mozilla\Firefox\Profiles\m7dwgbws.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.366:C:\Documents and Settings\Gretchen Mannix\Application Data\Mozilla\Firefox\Profiles\m7dwgbws.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.367:C:\Documents and Settings\Gretchen Mannix\Application Data\Mozilla\Firefox\Profiles\m7dwgbws.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.368:C:\Documents and Settings\Gretchen Mannix\Application Data\Mozilla\Firefox\Profiles\m7dwgbws.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.369:C:\Documents and Settings\Gretchen Mannix\Application Data\Mozilla\Firefox\Profiles\m7dwgbws.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.370:C:\Documents and Settings\Gretchen Mannix\Application Data\Mozilla\Firefox\Profiles\m7dwgbws.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.371:C:\Documents and Settings\Gretchen Mannix\Application Data\Mozilla\Firefox\Profiles\m7dwgbws.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.372:C:\Documents and Settings\Gretchen Mannix\Application Data\Mozilla\Firefox\Profiles\m7dwgbws.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.373:C:\Documents and Settings\Gretchen Mannix\Application Data\Mozilla\Firefox\Profiles\m7dwgbws.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.374:C:\Documents and Settings\Gretchen Mannix\Application Data\Mozilla\Firefox\Profiles\m7dwgbws.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.375:C:\Documents and Settings\Gretchen Mannix\Application Data\Mozilla\Firefox\Profiles\m7dwgbws.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.376:C:\Documents and Settings\Gretchen Mannix\Application Data\Mozilla\Firefox\Profiles\m7dwgbws.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.377:C:\Documents and Settings\Gretchen Mannix\Application Data\Mozilla\Firefox\Profiles\m7dwgbws.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.378:C:\Documents and Settings\Gretchen Mannix\Application Data\Mozilla\Firefox\Profiles\m7dwgbws.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.379:C:\Documents and Settings\Gretchen Mannix\Application Data\Mozilla\Firefox\Profiles\m7dwgbws.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.380:C:\Documents and Settings\Gretchen Mannix\Application Data\Mozilla\Firefox\Profiles\m7dwgbws.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.381:C:\Documents and Settings\Gretchen Mannix\Application Data\Mozilla\Firefox\Profiles\m7dwgbws.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.420:C:\Documents and Settings\Gretchen Mannix\Application Data\Mozilla\Firefox\Profiles\m7dwgbws.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.442:C:\Documents and Settings\Gretchen Mannix\Application Data\Mozilla\Firefox\Profiles\m7dwgbws.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.443:C:\Documents and Settings\Gretchen Mannix\Application Data\Mozilla\Firefox\Profiles\m7dwgbws.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.446:C:\Documents and Settings\Gretchen Mannix\Application Data\Mozilla\Firefox\Profiles\m7dwgbws.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.447:C:\Documents and Settings\Gretchen Mannix\Application Data\Mozilla\Firefox\Profiles\m7dwgbws.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.448:C:\Documents and Settings\Gretchen Mannix\Application Data\Mozilla\Firefox\Profiles\m7dwgbws.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.449:C:\Documents and Settings\Gretchen Mannix\Application Data\Mozilla\Firefox\Profiles\m7dwgbws.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.450:C:\Documents and Settings\Gretchen Mannix\Application Data\Mozilla\Firefox\Profiles\m7dwgbws.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.457:C:\Documents and Settings\Gretchen Mannix\Application Data\Mozilla\Firefox\Profiles\m7dwgbws.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.458:C:\Documents and Settings\Gretchen Mannix\Application Data\Mozilla\Firefox\Profiles\m7dwgbws.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.459:C:\Documents and Settings\Gretchen Mannix\Application Data\Mozilla\Firefox\Profiles\m7dwgbws.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.460:C:\Documents and Settings\Gretchen Mannix\Application Data\Mozilla\Firefox\Profiles\m7dwgbws.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.461:C:\Documents and Settings\Gretchen Mannix\Application Data\Mozilla\Firefox\Profiles\m7dwgbws.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.482:C:\Documents and Settings\Gretchen Mannix\Application Data\Mozilla\Firefox\Profiles\m7dwgbws.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.483:C:\Documents and Settings\Gretchen Mannix\Application Data\Mozilla\Firefox\Profiles\m7dwgbws.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.486:C:\Documents and Settings\Gretchen Mannix\Application Data\Mozilla\Firefox\Profiles\m7dwgbws.default\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup
:mozilla.487:C:\Documents and Settings\Gretchen Mannix\Application Data\Mozilla\Firefox\Profiles\m7dwgbws.default\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup
:mozilla.546:C:\Documents and Settings\Gretchen Mannix\Application Data\Mozilla\Firefox\Profiles\m7dwgbws.default\cookies.txt -> TrackingCookie.Commission-junction : Cleaned with backup
:mozilla.549:C:\Documents and Settings\Gretchen Mannix\Application Data\Mozilla\Firefox\Profiles\m7dwgbws.default\cookies.txt -> TrackingCookie.Commission-junction : Cleaned with backup
:mozilla.580:C:\Documents and Settings\Gretchen Mannix\Application Data\Mozilla\Firefox\Profiles\m7dwgbws.default\cookies.txt -> TrackingCookie.Bfast : Cleaned with backup
:mozilla.582:C:\Documents and Settings\Gretchen Mannix\Application Data\Mozilla\Firefox\Profiles\m7dwgbws.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.584:C:\Documents and Settings\Gretchen Mannix\Application Data\Mozilla\Firefox\Profiles\m7dwgbws.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.591:C:\Documents and Settings\Gretchen Mannix\Application Data\Mozilla\Firefox\Profiles\m7dwgbws.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.624:C:\Documents and Settings\Gretchen Mannix\Application Data\Mozilla\Firefox\Profiles\m7dwgbws.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.625:C:\Documents and Settings\Gretchen Mannix\Application Data\Mozilla\Firefox\Profiles\m7dwgbws.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.626:C:\Documents and Settings\Gretchen Mannix\Application Data\Mozilla\Firefox\Profiles\m7dwgbws.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.632:C:\Documents and Settings\Gretchen Mannix\Application Data\Mozilla\Firefox\Profiles\m7dwgbws.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.648:C:\Documents and Settings\Gretchen Mannix\Application Data\Mozilla\Firefox\Profiles\m7dwgbws.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup
:mozilla.649:C:\Documents and Settings\Gretchen Mannix\Application Data\Mozilla\Firefox\Profiles\m7dwgbws.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup
:mozilla.657:C:\Documents and Settings\Gretchen Mannix\Application Data\Mozilla\Firefox\Profiles\m7dwgbws.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.658:C:\Documents and Settings\Gretchen Mannix\Application Data\Mozilla\Firefox\Profiles\m7dwgbws.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.659:C:\Documents and Settings\Gretchen Mannix\Application Data\Mozilla\Firefox\Profiles\m7dwgbws.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.669:C:\Documents and Settings\Gretchen Mannix\Application Data\Mozilla\Firefox\Profiles\m7dwgbws.default\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup
:mozilla.673:C:\Documents and Settings\Gretchen Mannix\Application Data\Mozilla\Firefox\Profiles\m7dwgbws.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.685:C:\Documents and Settings\Gretchen Mannix\Application Data\Mozilla\Firefox\Profiles\m7dwgbws.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned with backup
:mozilla.686:C:\Documents and Settings\Gretchen Mannix\Application Data\Mozilla\Firefox\Profiles\m7dwgbws.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned with backup
:mozilla.687:C:\Documents and Settings\Gretchen Mannix\Application Data\Mozilla\Firefox\Profiles\m7dwgbws.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned with backup
:mozilla.688:C:\Documents and Settings\Gretchen Mannix\Application Data\Mozilla\Firefox\Profiles\m7dwgbws.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned with backup
:mozilla.693:C:\Documents and Settings\Gretchen Mannix\Application Data\Mozilla\Firefox\Profiles\m7dwgbws.default\cookies.txt -> TrackingCookie.Coremetrics : Cleaned with backup
:mozilla.696:C:\Documents and Settings\Gretchen Mannix\Application Data\Mozilla\Firefox\Profiles\m7dwgbws.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned with backup
:mozilla.697:C:\Documents and Settings\Gretchen Mannix\Application Data\Mozilla\Firefox\Profiles\m7dwgbws.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned with backup
:mozilla.698:C:\Documents and Settings\Gretchen Mannix\Application Data\Mozilla\Firefox\Profiles\m7dwgbws.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned with backup
:mozilla.722:C:\Documents and Settings\Gretchen Mannix\Application Data\Mozilla\Firefox\Profiles\m7dwgbws.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned with backup
:mozilla.752:C:\Documents and Settings\Gretchen Mannix\Application Data\Mozilla\Firefox\Profiles\m7dwgbws.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.753:C:\Documents and Settings\Gretchen Mannix\Application Data\Mozilla\Firefox\Profiles\m7dwgbws.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.755:C:\Documents and Settings\Gretchen Mannix\Application Data\Mozilla\Firefox\Profiles\m7dwgbws.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.780:C:\Documents and Settings\Gretchen Mannix\Application Data\Mozilla\Firefox\Profiles\m7dwgbws.default\cookies.txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup
:mozilla.783:C:\Documents and Settings\Gretchen Mannix\Application Data\Mozilla\Firefox\Profiles\m7dwgbws.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.784:C:\Documents and Settings\Gretchen Mannix\Application Data\Mozilla\Firefox\Profiles\m7dwgbws.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.785:C:\Documents and Settings\Gretchen Mannix\Application Data\Mozilla\Firefox\Profiles\m7dwgbws.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.787:C:\Documents and Settings\Gretchen Mannix\Application Data\Mozilla\Firefox\Profiles\m7dwgbws.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned with backup
:mozilla.794:C:\Documents and Settings\Gretchen Mannix\Application Data\Mozilla\Firefox\Profiles\m7dwgbws.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.795:C:\Documents and Settings\Gretchen Mannix\Application Data\Mozilla\Firefox\Profiles\m7dwgbws.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.796:C:\Documents and Settings\Gretchen Mannix\Application Data\Mozilla\Firefox\Profiles\m7dwgbws.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.797:C:\Documents and Settings\Gretchen Mannix\Application Data\Mozilla\Firefox\Profiles\m7dwgbws.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.840:C:\Documents and Settings\Gretchen Mannix\Application Data\Mozilla\Firefox\Profiles\m7dwgbws.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.842:C:\Documents and Settings\Gretchen Mannix\Application Data\Mozilla\Firefox\Profiles\m7dwgbws.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup
:mozilla.844:C:\Documents and Settings\Gretchen Mannix\Application Data\Mozilla\Firefox\Profiles\m7dwgbws.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup
:mozilla.845:C:\Documents and Settings\Gretchen Mannix\Application Data\Mozilla\Firefox\Profiles\m7dwgbws.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup
:mozilla.862:C:\Documents and Settings\Gretchen Mannix\Application Data\Mozilla\Firefox\Profiles\m7dwgbws.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup
:mozilla.865:C:\Documents and Settings\Gretchen Mannix\Application Data\Mozilla\Firefox\Profiles\m7dwgbws.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.867:C:\Documents and Settings\Gretchen Mannix\Application Data\Mozilla\Firefox\Profiles\m7dwgbws.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.868:C:\Documents and Settings\Gretchen Mannix\Application Data\Mozilla\Firefox\Profiles\m7dwgbws.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.869:C:\Documents and Settings\Gretchen Mannix\Application Data\Mozilla\Firefox\Profiles\m7dwgbws.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.876:C:\Documents and Settings\Gretchen Mannix\Application Data\Mozilla\Firefox\Profiles\m7dwgbws.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
:mozilla.881:C:\Documents and Settings\Gretchen Mannix\Application Data\Mozilla\Firefox\Profiles\m7dwgbws.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.912:C:\Documents and Settings\Gretchen Mannix\Application Data\Mozilla\Firefox\Profiles\m7dwgbws.default\cookies.txt -> TrackingCookie.Goclick : Cleaned with backup
:mozilla.913:C:\Documents and Settings\Gretchen Mannix\Application Data\Mozilla\Firefox\Profiles\m7dwgbws.default\cookies.txt -> TrackingCookie.Goclick : Cleaned with backup
:mozilla.966:C:\Documents and Settings\Gretchen Mannix\Application Data\Mozilla\Firefox\Profiles\m7dwgbws.default\cookies.txt -> TrackingCookie.Starware : Cleaned with backup
:mozilla.967:C:\Documents and Settings\Gretchen Mannix\Application Data\Mozilla\Firefox\Profiles\m7dwgbws.default\cookies.txt -> TrackingCookie.Starware : Cleaned with backup
:mozilla.968:C:\Documents and Settings\Gretchen Mannix\Application Data\Mozilla\Firefox\Profiles\m7dwgbws.default\cookies.txt -> TrackingCookie.Starware : Cleaned with backup
:mozilla.974:C:\Documents and Settings\Gretchen Mannix\Application Data\Mozilla\Firefox\Profiles\m7dwgbws.default\cookies.txt -> TrackingCookie.Centrport : Cleaned with backup
:mozilla.975:C:\Documents and Settings\Gretchen Mannix\Application Data\Mozilla\Firefox\Profiles\m7dwgbws.default\cookies.txt -> TrackingCookie.Centrport : Cleaned with backup
:mozilla.991:C:\Documents and Settings\Gretchen Mannix\Application Data\Mozilla\Firefox\Profiles\m7dwgbws.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Gretchen Mannix\Cookies\gretchen mannix@ads.addynamix[1].txt -> TrackingCookie.Addynamix : Cleaned with backup
C:\Documents and Settings\Gretchen Mannix\Cookies\gretchen mannix@ads.pointroll[1].txt -> TrackingCookie.Pointroll : Cleaned with backup
C:\Documents and Settings\Gretchen Mannix\Cookies\gretchen mannix@as-us.falkag[1].txt -> TrackingCookie.Falkag : Cleaned with backup
C:\Documents and Settings\Gretchen Mannix\Cookies\gretchen mannix@bluestreak[1].txt -> TrackingCookie.Bluestreak : Cleaned with backup
C:\Documents and Settings\Gretchen Mannix\Cookies\gretchen mannix@cc.bridgetrack[2].txt -> TrackingCookie.Bridgetrack : Cleaned with backup
C:\Documents and Settings\Gretchen Mannix\Cookies\gretchen mannix@centrport[2].txt -> TrackingCookie.Centrport : Cleaned with backup
C:\Documents and Settings\Gretchen Mannix\Cookies\gretchen mannix@citi.bridgetrack[1].txt -> TrackingCookie.Bridgetrack : Cleaned with backup
C:\Documents and Settings\Gretchen Mannix\Cookies\gretchen mannix@edge.ru4[1].txt -> TrackingCookie.Ru4 : Cleaned with backup
C:\Documents and Settings\Gretchen Mannix\Cookies\gretchen mannix@fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned with backup
C:\Documents and Settings\Gretchen Mannix\Cookies\gretchen mannix@h.starware[2].txt -> TrackingCookie.Starware : Cleaned with backup
C:\Documents and Settings\Gretchen Mannix\Cookies\gretchen mannix@overture[2].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\Gretchen Mannix\Cookies\gretchen mannix@perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\Gretchen Mannix\Cookies\gretchen mannix@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\Gretchen Mannix\Cookies\gretchen mannix@sel.as-us.falkag[1].txt -> TrackingCookie.Falkag : Cleaned with backup
C:\Documents and Settings\Gretchen Mannix\Cookies\gretchen mannix@serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\Gretchen Mannix\Cookies\gretchen mannix@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Cleaned with backup
C:\Documents and Settings\Gretchen Mannix\Cookies\gretchen mannix@trafficmp[1].txt -> TrackingCookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\Gretchen Mannix\Cookies\gretchen mannix@www.starware[1].txt -> TrackingCookie.Starware : Cleaned with backup
C:\Documents and Settings\Gretchen Mannix\Cookies\gretchen mannix@z1.adserver[2].txt -> TrackingCookie.Adserver : Cleaned with backup
C:\Documents and Settings\Gretchen Mannix\Cookies\gretchen mannix@zedo[1].txt -> TrackingCookie.Zedo : Cleaned with backup
C:\Documents and Settings\Gretchen Mannix\Local Settings\Temp\Cookies\gretchen mannix@addynamix[1].txt -> TrackingCookie.Addynamix : Cleaned with backup
C:\Documents and Settings\Gretchen Mannix\Local Settings\Temp\Cookies\gretchen mannix@advertising[1].txt -> TrackingCookie.Advertising : Cleaned with backup
C:\Documents and Settings\Gretchen Mannix\Local Settings\Temp\Cookies\gretchen mannix@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Gretchen Mannix\Local Settings\Temp\Cookies\gretchen mannix@bfast[2].txt -> TrackingCookie.Bfast : Cleaned with backup
C:\Documents and Settings\Gretchen Mannix\Local Settings\Temp\Cookies\gretchen mannix@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Gretchen Mannix\Local Settings\Temp\Cookies\gretchen mannix@findwhat[1].txt -> TrackingCookie.Findwhat : Cleaned with backup
C:\Documents and Settings\Gretchen Mannix\Local Settings\Temp\Cookies\gretchen mannix@hg1.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Gretchen Mannix\Local Settings\Temp\Cookies\gretchen mannix@hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Gretchen Mannix\Local Settings\Temp\Cookies\gretchen mannix@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\Gretchen Mannix\Local Settings\Temp\Cookies\gretchen mannix@pointroll[2].txt -> TrackingCookie.Pointroll : Cleaned with backup
C:\Documents and Settings\Gretchen Mannix\Local Settings\Temp\Cookies\gretchen mannix@servedby.advertising[2].txt -> TrackingCookie.Advertising : Cleaned with backup
C:\Documents and Settings\Gretchen Mannix\Local Settings\Temp\Cookies\gretchen mannix@x10[1].txt -> TrackingCookie.X10 : Cleaned with backup
C:\Documents and Settings\Gretchen Mannix\Local Settings\Temp\Cookies\gretchen mannix@z1.adserver[1].txt -> TrackingCookie.Adserver : Cleaned with backup
C:\Documents and Settings\Gretchen Mannix\Start Menu\Programs\WhenU -> Adware.SaveNow : Cleaned with backup
C:\Documents and Settings\Gretchen Mannix\Start Menu\Programs\WhenU\Learn More About Save!.url -> Adware.SaveNow : Cleaned with backup
C:\Documents and Settings\Gretchen Mannix\Start Menu\Programs\WhenU\Learn More About SaveNow.url -> Adware.SaveNow : Cleaned with backup
C:\Documents and Settings\Gretchen Mannix\Start Menu\Programs\WhenU\WhenU.com Website.url -> Adware.SaveNow : Cleaned with backup
C:\Program Files\Save -> Adware.SaveNow : Cleaned with backup
C:\Program Files\Save\ReadMe.txt -> Adware.SaveNow : Cleaned with backup
C:\Program Files\Save\save.db -> Adware.SaveNow : Cleaned with backup
C:\Program Files\Save\save.htm -> Adware.SaveNow : Cleaned with backup
C:\WINNT\base64.tmp -> Worm.NetSky.q : Cleaned with backup


::Report End+ Created on: 3:47:12 AM, 5/26/2006
+ Report-Checksum: 9BA0BAC1

0: System Process
8: System Process
168: \SystemRoot\System32\smss.exe
192: \??\C:\WINNT\system32\csrss.exe
212: \??\C:\WINNT\system32\winlogon.exe
236: C:\WINNT\System32\cidaemon.exe
240: C:\WINNT\system32\services.exe
252: C:\WINNT\system32\lsass.exe
424: C:\WINNT\system32\svchost.exe
456: C:\WINNT\system32\spoolsv.exe
524: C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
544: C:\Program Files\Alwil Software\Avast4\ashServ.exe
572: C:\WINNT\System32\cisvc.exe
588: C:\WINNT\System32\svchost.exe
604: C:\Program Files\ewido anti-malware\ewidoctrl.exe
620: C:\Program Files\ewido anti-malware\ewidoguard.exe
692: C:\WINNT\system32\regsvc.exe
736: C:\WINNT\system32\MSTask.exe
788: C:\WINNT\System32\WBEM\WinMgmt.exe
852: C:\WINNT\system32\MsPMSPSv.exe
864: C:\WINNT\system32\svchost.exe
1052: C:\Program Files\Mozilla Firefox\firefox.exe
1064: C:\WINNT\Explorer.EXE
1216: C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
1228: C:\WINNT\system32\dcomcfg.exe
1236: C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
1240: C:\Program Files\Common Files\Roxio Shared\Project Selector\projselector.exe
1272: C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb04.exe
1280: C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
1312: C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
1352: C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
1440: C:\Program Files\ewido anti-malware\SecuritySuite.exe

Whew.
[ + quote]
JaPK
Senior Member
_ 		26. May 2006 @ 01:51 _ Link to this message    Send private message to this user   
Ok very good, now we'll get the rest of the infections cleaned, including the SpyQuake....

Restart your computer to the safemode and choose your normal user account -> http://www.pchell.com/support/safemode.shtml

When in safemode, open SmitfraudFix folder and doubleclick the file smitfraudfix.cmd
Choose option #2 - Clean by typing 2 and pressing "Enter" in order to remove the infected files.

You are asked: "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove your desktop wallpaper and the infected registry keys.

The tool checks if wininet.dll file is infected. You might be asked to replace the infected .dll (if found); answer "Yes" by typing Y and press "Enter".

The tool might have to restart your computer; if it won't do it, restart your computer back to normal mode.
A textfile will appear after the cleaning process, copy this file and paste it to here.

Tha log is saved to your local diskdrive, usually C:\rapport.txt.

Warning : Running option 2 in a clean computer will delete your desktop wallpaper.

Post a new HijackThis log and contents of C:\rapport.txt
[ + quote]
gretel
Suspended due to non-functional email address
_ 		26. May 2006 @ 03:20 _ Link to this message    Send private message to this user   
Can't delet WINNT:/system32 files in Fraudfix clean mode - says being used by another process
[ + quote]
JaPK
Senior Member
_ 		26. May 2006 @ 03:28 _ Link to this message    Send private message to this user   
Did you run SmitfraudFix with option 2 ?

Could you post the whole error message? Did you try from safe mode?

Please post the contents of C:\Rapport.txt to here.
[ + quote]

This message has been edited since posting. Last time this message was edited on 26. May 2006 @ 03:29
gretel
Suspended due to non-functional email address
_ 		26. May 2006 @ 06:38 _ Link to this message    Send private message to this user   
I think I was too tired. When I woke up just now and tried to do that I found I hadn't yet clicked yes to cleaning the registry. Have to reboot.
[ + quote]
gretel
Suspended due to non-functional email address
_ 		26. May 2006 @ 07:02 _ Link to this message    Send private message to this user   
I had left it in safe mode when I went to sleep - hadn't tried to update the register in FixFraud - it wouldn't let me now - do I have to reboot in safe mode or is normal mode ok to run fixFraud again?
[ + quote]
gretel
Suspended due to non-functional email address
_ 		26. May 2006 @ 07:09 _ Link to this message    Send private message to this user   
Also - Avast has told me I should turn off reorder in windows to get rid of virus - should I have done this before I started the whole process?
[ + quote]
JaPK
Senior Member
_ 		26. May 2006 @ 09:37 _ Link to this message    Send private message to this user   
Ok I'm not really sure what you mean by that because I don't use Avast. But I think that you could turn it off before the cleaning if Avast needs it to be done.
[ + quote]
gretel
Suspended due to non-functional email address
_ 		26. May 2006 @ 10:16 _ Link to this message    Send private message to this user   
Well, I think it's clean. Thank you so much for all your help. One last question: do I need both an anti-virus (like avast or AVG) AND the anti-malware Ewido or just one? Again - thanks for your patience.
[ + quote]
JaPK
Senior Member
_ 		26. May 2006 @ 10:36 _ Link to this message    Send private message to this user   
Please post the contents of C:\rapport.txt so we can see if you're clean...

You can keep Avast and Ewido and scan your computer regularly with those....
[ + quote]

This message has been edited since posting. Last time this message was edited on 26. May 2006 @ 10:36
gretel
Suspended due to non-functional email address
_ 		26. May 2006 @ 10:46 _ Link to this message    Send private message to this user   
Here's rapport - although after this ewido found 17 cookie tracking files in FireFox msgr7 that are now quarantined. Here's report from that too - these are files that were quarantined

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 12:44:37 PM, 5/26/2006
+ Report-Checksum: D2D7264D

+ Scan result:

:mozilla.26:C:\Documents and Settings\Gretchen Mannix\Application Data\Mozilla\Firefox\Profiles\m7dwgbws.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.28:C:\Documents and Settings\Gretchen Mannix\Application Data\Mozilla\Firefox\Profiles\m7dwgbws.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.29:C:\Documents and Settings\Gretchen Mannix\Application Data\Mozilla\Firefox\Profiles\m7dwgbws.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.30:C:\Documents and Settings\Gretchen Mannix\Application Data\Mozilla\Firefox\Profiles\m7dwgbws.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.31:C:\Documents and Settings\Gretchen Mannix\Application Data\Mozilla\Firefox\Profiles\m7dwgbws.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.32:C:\Documents and Settings\Gretchen Mannix\Application Data\Mozilla\Firefox\Profiles\m7dwgbws.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.33:C:\Documents and Settings\Gretchen Mannix\Application Data\Mozilla\Firefox\Profiles\m7dwgbws.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.34:C:\Documents and Settings\Gretchen Mannix\Application Data\Mozilla\Firefox\Profiles\m7dwgbws.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.35:C:\Documents and Settings\Gretchen Mannix\Application Data\Mozilla\Firefox\Profiles\m7dwgbws.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.36:C:\Documents and Settings\Gretchen Mannix\Application Data\Mozilla\Firefox\Profiles\m7dwgbws.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.37:C:\Documents and Settings\Gretchen Mannix\Application Data\Mozilla\Firefox\Profiles\m7dwgbws.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.38:C:\Documents and Settings\Gretchen Mannix\Application Data\Mozilla\Firefox\Profiles\m7dwgbws.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.39:C:\Documents and Settings\Gretchen Mannix\Application Data\Mozilla\Firefox\Profiles\m7dwgbws.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.40:C:\Documents and Settings\Gretchen Mannix\Application Data\Mozilla\Firefox\Profiles\m7dwgbws.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.41:C:\Documents and Settings\Gretchen Mannix\Application Data\Mozilla\Firefox\Profiles\m7dwgbws.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.42:C:\Documents and Settings\Gretchen Mannix\Application Data\Mozilla\Firefox\Profiles\m7dwgbws.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.43:C:\Documents and Settings\Gretchen Mannix\Application Data\Mozilla\Firefox\Profiles\m7dwgbws.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup


::Report End

SmitFraudFix v2.48

Scan done at 2:14:21.49, Fri 05/26/2006
Run from C:\Desktop\smitfraudFix
OS: Microsoft Windows 2000 [Version 5.00.2195]
Fix ran in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINNT


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINNT\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINNT\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINNT\system32

C:\WINNT\system32\dcomcfg.exe FOUND !
C:\WINNT\system32\hp????.tmp FOUND !
C:\WINNT\system32\ld????.tmp FOUND !
C:\WINNT\system32\ot.ico FOUND !
C:\WINNT\system32\regperf.exe FOUND !
C:\WINNT\system32\simpole.tlb FOUND !
C:\WINNT\system32\stdole3.tlb FOUND !
C:\WINNT\system32\ts.ico FOUND !
C:\WINNT\system32\1024\ FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Gretchen Mannix\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\GRETCH~1\FAVORI~1

C:\DOCUME~1\GRETCH~1\FAVORI~1\Antivirus Test Online.url FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

C:\Program Files\Security Toolbar\ FOUND !
C:\Program Files\SpywareQuake.com\ FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{0c7416f0-dd23-420f-97f5-aae352ea2bf1}"="glochid"

[HKEY_CLASSES_ROOT\CLSID\{0c7416f0-dd23-420f-97f5-aae352ea2bf1}\InProcServer32]
@="C:\WINNT\system32\wfkduei.dll"

[HKEY_CURRENT_USER\Software\Classes\CLSID\{0c7416f0-dd23-420f-97f5-aae352ea2bf1}\InProcServer32]
@="C:\WINNT\system32\wfkduei.dll"


»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End
[ + quote]
JaPK
Senior Member
_ 		26. May 2006 @ 10:57 _ Link to this message    Send private message to this user   
Ok not clean yet...

Restart your computer to the safemode and choose your normal user account -> http://www.pchell.com/support/safemode.shtml

When in safemode, open SmitfraudFix folder and doubleclick the file smitfraudfix.cmd
Choose option #2 - Clean by typing 2 and pressing "Enter" in order to remove the infected files.

You are asked: "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove your desktop wallpaper and the infected registry keys.

The tool checks if wininet.dll file is infected. You might be asked to replace the infected .dll (if found); answer "Yes" by typing Y and press "Enter".

The tool might have to restart your computer; if it won't do it, restart your computer back to normal mode.
A textfile will appear after the cleaning process, copy this file and paste it to here.

Tha log is saved to your local diskdrive, usually C:\rapport.txt.

Warning : Running option 2 in a clean computer will delete your desktop wallpaper.

So post the new contents of C:\rapport.txt when you're ready...
[ + quote]

This message has been edited since posting. Last time this message was edited on 26. May 2006 @ 10:58
gretel
Suspended due to non-functional email address
_ 		26. May 2006 @ 11:40 _ Link to this message    Send private message to this user   
Here's rapport -- now 2 pass2 icons are in c:\ - from registry cleaning I guess. Do I leave them there?

SmitFraudFix v2.48

Scan done at 14:14:12.57, Fri 05/26/2006
Run from C:\Desktop\smitfraudFix
OS: Microsoft Windows 2000 [Version 5.00.2195]
Fix ran in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End
[ + quote]
JaPK
Senior Member
_ 		26. May 2006 @ 21:50 _ Link to this message    Send private message to this user   
Ok now it is looking clean, please post a one more HijackThi log to here so we can see if there is some leftovers...

You can delete those temporary files from C:\
[ + quote]

This message has been edited since posting. Last time this message was edited on 26. May 2006 @ 21:50
gretel
Suspended due to non-functional email address
_ 		26. May 2006 @ 21:59 _ Link to this message    Send private message to this user   
Here is hijack file - by the temp files I can delete - you mean the Pass2 files or ones in the temp folder? Thanks

Logfile of HijackThis v1.99.1
Scan saved at 12:52:39 AM, on 5/27/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINNT\System32\cisvc.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Agnitum\Outpost Firewall\outpost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\MsPMSPSv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Common Files\Roxio Shared\Project Selector\projselector.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINNT\System32\cidaemon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [projselector] "C:\Program Files\Common Files\Roxio Shared\Project Selector\projselector.exe" -r
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [OutpostFeedBack] C:\Program Files\Agnitum\Outpost Firewall\feedback.exe /dump:os_startup
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Outpost Firewall] "C:\Program Files\Agnitum\Outpost Firewall\outpost.exe" /waitservice
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Outpost Firewall Pro Quick Tune - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\Program Files\Agnitum\Outpost Firewall\Plugins\BrowserBar\ie_bar.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://us-housecall.trendmicro-europe.com/housecall/applet/html/n...
O20 - AppInit_DLLs: C:\PROGRA~1\Agnitum\OUTPOS~1\wl_hook.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum Ltd. - C:\Program Files\Agnitum\Outpost Firewall\outpost.exe
[ + quote]
JaPK
Senior Member
_ 		26. May 2006 @ 22:14 _ Link to this message    Send private message to this user   
Hi gretel, you're clean now =)

You can use CCleaner for deleting temp files (below)

Now that you're clean, here are some tips how to stay clean.

-> Stand Up and Be Counted, Malware Complaints -> http://www.malwarecomplaints.info
The site offers people who have been (or are) victims of malware the opportunity to document their story and, in that way, launch a complaint against the malware and the makers of the malware.

-> Use CCleaner -> http://www.ccleaner.com
Download and install CCleaner. Clean your registry and temporary files with it regularly.

-> Use Ad-Aware -> http://www.bleepingcomputer.com/forums/?showtutorial=48
Download and install Ad-Aware. Update it and scan your computer regularly with it.

-> Use Ewido -> http://www.ewido.net/en
Download and install Ewido. Update it and scan your computer regularly with it.

-> Install SpywareBlaster -> http://www.javacoolsoftware.com/spywareblaster.html
SpywareBlaster will prevent spyware from being installed to your computer.

-> Install MVPS Hosts file -> http://mvps.org/winhelp2002/hosts.htm
This prevents your computer from connecting to harmful sites.

-> Change your browser to Firefox -> http://www.mozilla.org
Firefox is faster, safer and quicker browser than Internet Explorer.

-> Keep your systen up-to-date -> http://windowsupdate.microsoft.com
Visit Windows Update regularly.

-> Keep your antivirus and firewall up-to-date
Scan your computer regularly with your antivirus.

-> Read this article by TonyKlein -> http://castlecops.com/postlite7736-.html
So how did I get infected in the first place?

Stay clean ;)
[ + quote]
gretel
Suspended due to non-functional email address
_ 		26. May 2006 @ 23:21 _ Link to this message    Send private message to this user   
:) you too (: I'll do all those things! Thank you
[ + quote]
Advertisement
_ 		__
 
_
JaPK
Senior Member
_ 		27. May 2006 @ 08:22 _ Link to this message    Send private message to this user   
You're welcome :)
[ + quote]
I have moved from AD, I won''t be taking new HijackThis logs from here. Reason: The AD''s Unsupportive athmosphere.

This message has been edited since posting. Last time this message was edited on 27. May 2006 @ 08:22
afterdawn.com > forums > software, operating systems and more > windows - virus and spyware problems > gretel
 

Digital video: AfterDawn.com | AfterDawn Forums
Music: MP3Lizard.com
Gaming: Blasteroids.com | Blasteroids Forums | Compare game prices
Software: Software downloads
Blogs: User profile pages
RSS feeds: AfterDawn.com News | Software updates | AfterDawn Forums
International: AfterDawn in Finnish | AfterDawn in Swedish | AfterDawn in Norwegian | download.fi
Navigate: Search | Site map
About us: About AfterDawn Ltd | Advertise on our sites | Rules, Restrictions, Legal disclaimer & Privacy policy
Contact us: Send feedback | Contact our media sales team
 
  © 1999-2025 by AfterDawn Ltd.

  IDG TechNetwork