Mobile/PDA About Us Advertise here
User User name Password  
  Not registered yet? Register here.
Lost your password? Click here. 		 
  Home   News   Guides   Downloads   Glossary   Hardware   Profiles   Forums   v4  
 Advertise at AfterDawn.com     Link to us!     Private messages     Compose a private message     List of all updated threads     Threads without replies     Search messages
Sunday 24.11.2024 / 16:24
Search AfterDawn Forums:        In English   Suomeksi   På svenska
afterdawn.com > forums > software, operating systems and more > windows - virus and spyware problems > unclean computer - ulwindowseek popups
Show topics
 
Forums
Forums
Unclean Computer - UlWindowSeek popups
  Jump to:
 
Posted Message
Page:< Previous12
DZG
Newbie
_ 		4. June 2006 @ 04:41 _ Link to this message    Send private message to this user   
Hi. I'm having the same problem with DiRect...
Could you help, too?

Hijack This
Logfile of HijackThis v1.99.1
Scan saved at 8:39:29 PM, on 6/4/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
D:\WINDOWS2\System32\smss.exe
D:\WINDOWS2\system32\winlogon.exe
D:\WINDOWS2\system32\services.exe
D:\WINDOWS2\system32\lsass.exe
D:\WINDOWS2\system32\svchost.exe
D:\WINDOWS2\System32\svchost.exe
D:\WINDOWS2\system32\spoolsv.exe
D:\WINDOWS2\system32\drivers\KodakCCS.exe
C:\Useful Drive C\Monti's Files\Alias\Maya7.0\docs\wrapper.exe
D:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
D:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\Useful Drive C\Monti's Files\Alias\Maya7.0\docs\jre\bin\java.exe
D:\WINDOWS2\system32\svchost.exe
D:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
D:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
D:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
D:\WINDOWS2\explorer.exe
D:\PROGRA~1\TRENDM~1\INTERN~1\PccGuide.exe
D:\WINDOWS2\system32\ctfmon.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\WINDOWS2\NOTEPAD.EXE
D:\Documents and Settings\IMBAO\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = D:\windows\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = D:\windows\system32\blank.htm
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS2\system32\ctfmon.exe
O20 - Winlogon Notify: winopn32 - D:\WINDOWS2\SYSTEM32\winopn32.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - D:\WINDOWS2\system32\drivers\KodakCCS.exe
O23 - Service: Maya 7.0 Documentation Server (maya70docserver) - Unknown owner - C:\Useful Drive C\Monti's Files\Alias\Maya7.0\docs\wrapper.exe" -s "C:\Useful Drive C\Monti's Files\Alias\Maya7.0\docs\Wrapper.conf (file missing)
O23 - Service: RaySat_3dsmax8 Server (mi-raysat_3dsmax8) - Unknown owner - C:\Useful Drive C\Monti's Files\Autodesk\3DS Max\mentalray\satellite\raysat_3dsmax8server.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - D:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - D:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - D:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - D:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

SmitfraudFix
SmitFraudFix v2.53

Scan done at 20:38:57.87, Sun 06/04/2006
Run from D:\Documents and Settings\IMBAO\Desktop\SmitFraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix ran in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» D:\


»»»»»»»»»»»»»»»»»»»»»»»» D:\WINDOWS2


»»»»»»»»»»»»»»»»»»»»»»»» D:\WINDOWS2\system


»»»»»»»»»»»»»»»»»»»»»»»» D:\WINDOWS2\Web


»»»»»»»»»»»»»»»»»»»»»»»» D:\WINDOWS2\system32


»»»»»»»»»»»»»»»»»»»»»»»» D:\Documents and Settings\IMBAO\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» D:\DOCUME~1\IMBAO\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» D:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components



»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End




What should I do?
[ + quote]
Advertisement
_ 		__
tapiiri
Senior Member
_ 		4. June 2006 @ 04:53 _ Link to this message    Send private message to this user   
Hi DZG, JaPk is busy.
Your smithfraudfix rapport is ok. But you have MediaTickets malware

Download Killbox to your desktop -> http://www.downloads.subratam.org/KillBox.zip
Unzip it to your desktop.

Run Killbox.exe
-> Choose Delete on Reboot
-> Click All Files option.

Copy the following lines to your clipboard (choose text with your mouse, press CTRL+C or copy)

D:\WINDOWS2\SYSTEM32\winopn32.dll

Then go back to Killbox
-> go to File
-> choose Paste from Clipboard
-> Click the red-white Delete File option.
-> Click Yes to Delete on Reboot question
-> Click OK to any PendingFileRenameOperations requests (and tell me if you get any of these!)
-> Restart your computer if Killbox won't do it.

(If you get this error when running Killbox: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid.", download Missingfilessetup.exe form here to your desktop and run the file, then try running killbox -> http://www.eudaemonia.me.uk/downloads/Files/missingfilesetup.exe)

Scan HijackThis and check:

O20 - Winlogon Notify: winopn32 - D:\WINDOWS2\SYSTEM32\winopn32.dll

Close all windows exept HijackThis and click fix checked.

Boot your comp

Send a fresh HijackThis log
[ + quote]
Jaa- ei tuollaasia spämmäreitä ookkaa -> tapiiri

http://www.virustorjunta.net/index.php
DZG
Newbie
_ 		4. June 2006 @ 05:11 _ Link to this message    Send private message to this user   
Hmm... So far there aren't any popups... :)
I hope this works!

HijackThis
Logfile of HijackThis v1.99.1
Scan saved at 9:09:29 PM, on 6/4/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
D:\WINDOWS2\System32\smss.exe
D:\WINDOWS2\system32\winlogon.exe
D:\WINDOWS2\system32\services.exe
D:\WINDOWS2\system32\lsass.exe
D:\WINDOWS2\system32\svchost.exe
D:\WINDOWS2\System32\svchost.exe
D:\WINDOWS2\system32\spoolsv.exe
D:\WINDOWS2\system32\drivers\KodakCCS.exe
C:\Useful Drive C\Monti's Files\Alias\Maya7.0\docs\wrapper.exe
D:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
D:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
D:\WINDOWS2\system32\svchost.exe
D:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
D:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\Useful Drive C\Monti's Files\Alias\Maya7.0\docs\jre\bin\java.exe
D:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
D:\WINDOWS2\Explorer.EXE
D:\Documents and Settings\IMBAO\Desktop\HijackThis.exe
D:\WINDOWS2\system32\ctfmon.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = D:\windows\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = D:\windows\system32\blank.htm
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS2\system32\ctfmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - D:\WINDOWS2\system32\drivers\KodakCCS.exe
O23 - Service: Maya 7.0 Documentation Server (maya70docserver) - Unknown owner - C:\Useful Drive C\Monti's Files\Alias\Maya7.0\docs\wrapper.exe" -s "C:\Useful Drive C\Monti's Files\Alias\Maya7.0\docs\Wrapper.conf (file missing)
O23 - Service: RaySat_3dsmax8 Server (mi-raysat_3dsmax8) - Unknown owner - C:\Useful Drive C\Monti's Files\Autodesk\3DS Max\mentalray\satellite\raysat_3dsmax8server.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - D:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - D:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - D:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - D:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
[ + quote]
tapiiri
Senior Member
_ 		4. June 2006 @ 05:29 _ Link to this message    Send private message to this user   
Its gone,

check those:


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = D:\windows\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = D:\windows\system32\blank.htm

delete that file:

D:\windows\system32\ >>blank.htm

Boot comp.

If appears popups send a fresh HijackThis log

[ + quote]
Jaa- ei tuollaasia spämmäreitä ookkaa -> tapiiri

http://www.virustorjunta.net/index.php
DZG
Newbie
_ 		4. June 2006 @ 05:36 _ Link to this message    Send private message to this user   
Hooray! Currently, there hasn't been any popups!

Thank you so much, tapiiri!

:) :) :)
[ + quote]
tapiiri
Senior Member
_ 		4. June 2006 @ 05:39 _ Link to this message    Send private message to this user   
You're Wellcome.
[ + quote]
Jaa- ei tuollaasia spämmäreitä ookkaa -> tapiiri

http://www.virustorjunta.net/index.php
notdan
Newbie
_ 		4. June 2006 @ 07:28 _ Link to this message    Send private message to this user   
Hey. I have the same problem as all the people in this thread. I've read pratically all these comments and I still haven't been able to remove it. Anyone willing to help? Would be greatly appreciated.

HijackThis Log
Logfile of HijackThis v1.99.1
Scan saved at 16:26:26, on 04/06/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
D:\wamp\apache2\bin\Apache.exe
D:\wamp\mysql\bin\mysqld-nt.exe
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe
D:\wamp\apache2\bin\Apache.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\stardock\TrayServer.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\acer\epm\epm-dm.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\UberIcon\UberIcon Manager.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Messenger\msmsgs.exe
D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Belkin\Bluetooth Software\BTTray.exe
D:\wamp\wampserver.exe
C:\Program Files\Rainlendar\Rainlendar.exe
D:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
D:\Program Files\Samurize\Client.exe
D:\Program Files\Samurize\Client.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\Grisoft\AVG7\avgwb.dat
C:\Program Files\Opera\Opera.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\SecuritySuite.exe
C:\Documents and Settings\Not Dan\Desktop\hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=http://www....
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [1A:Stardock TrayMonitor] "C:\Program Files\Common Files\stardock\TrayServer.exe"
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe
O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_RegCleaner] C:\PROGRA~1\Grisoft\AVG7\avgregcl.exe /BOOT
O4 - HKLM\..\Run: [HP Software Update] D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Transparent Analog Clock] <NonRun>
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\PROGRA~1\STARDOCK\WINCUS~1\BOOTSKIN\BootSkin.exe" /StartupJobs
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: WampServer.lnk = D:\wamp\wampserver.exe
O4 - Startup: Rainlendar.lnk = C:\Program Files\Rainlendar\Rainlendar.exe
O4 - Startup: Client FooBar.lnk = D:\Program Files\Samurize\Client.exe
O4 - Startup: Client desk.lnk = D:\Program Files\Samurize\Client.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Use as &Display Picture - C:\Program Files\IEDP2\IEDP.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {13EC55CF-D993-475B-9ACA-F4A384957956} (Controller Class) - https://www.windowsonecare.com/install/cli/1.0.0971.12/WinSSWebAgent.CAB
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31...
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by104fd.bay104.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1123
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSw...
O16 - DPF: {97B79133-88F0-45F0-8D57-0F2EF27D9C66} - http://85.255.114.166/1/rdgGB2404.exe
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://messenger.zone.msn.com/binary/ZAxRcMgr.cab
O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSw...
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: wbsys.dll MsgPlusLoader.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: MCPClient - C:\PROGRA~1\COMMON~1\Stardock\mcpstub.dll
O20 - Winlogon Notify: WB - C:\PROGRA~1\STARDOCK\OBJECT~1\WINDOW~1\fastload.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winqpa32 - C:\WINDOWS\SYSTEM32\winqpa32.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: wampapache - Unknown owner - D:\wamp\apache2\bin\Apache.exe" -k runservice (file missing)
O23 - Service: wampmysqld - Unknown owner - D:\wamp\mysql\bin\mysqld-nt.exe

Thanks
[ + quote]
BunkrKing
Newbie
_ 		4. June 2006 @ 10:31 _ Link to this message    Send private message to this user   
Ok, it seems that my PC is running much better now =). Here is my latest HjT log.


Logfile of HijackThis v1.99.1
Scan saved at 2:28:01 PM, on 6/4/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
C:\Program Files\Pure Networks\Router Service\pnroutsv.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\VetMsg.exe
C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust Anti-Spam\QSP-4.0.380.0\QOELoader.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVRID.exe
C:\WINDOWS\System32\svchost.exe
C:\HJT\HijackThis.exe

O4 - HKLM\..\Run: [CaISSDT] "C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe"
O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust Anti-Spam\QSP-4.0.380.0\QOELoader.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVRID.exe"
O4 - HKCU\..\Run: [VoipBuster] "C:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe" -nosplash -minimized
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .PDF: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O18 - Protocol: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\puresp.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Bluetooth Service (btwdins) - Unknown owner - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Pure Networks Network Magic Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
O23 - Service: Pure Networks Router Manager (pnrouter) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Router Service\pnroutsv.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\VetMsg.exe

And I can't thank you enough man. These pop-ups were driving me insane.
[ + quote]
JaPK
Senior Member
_ 		4. June 2006 @ 19:49 _ Link to this message    Send private message to this user   
@BunkrKing
Ok good, you're clean and welcome :)

You don't have a firewall on your computer. Download and install one firewall.

These are good (free) firewalls:
ZoneAlarm --> http://www.zonelabs.com
Kerio--> http://www.sunbelt-software.com/Kerio.cfm
Outpost-> http://www.agnitum.com

Then you have an outdated java, update it to latest version (1.5 update 07).

1. Click "Start"-> "Control panel" -> Double-click Java icon (coffee cup)
2. Move to "Update" tab and update Java by clicking "Update Now". After that do a restart.
3. If you can't make automatic update, get new version manually from here -> http://java.sun.com/j2se/1.5.0/download.jsp
4. After updating, uninstall the old Java if found from Add/Remove Programs, named as Java 2 Runtime Environment, SE v1.4.2_03


Now that you're clean, here are some tips how to stay clean.

-> Stand Up and Be Counted, Malware Complaints -> http://www.malwarecomplaints.info
The site offers people who have been (or are) victims of malware the opportunity to document their story and, in that way, launch a complaint against the malware and the makers of the malware.

-> Clear your system restore -> http://www.microsoft.com/windowsxp/using/helpandsupport/learnmore...
This will clear the system restore folders from possible malware that was left behind during the cleaning process. Remember to create a new restore point after the cleaning.

-> Use CCleaner -> http://www.ccleaner.com
Download and install CCleaner. Clean your registry and temporary files with it regularly.

-> Use Ad-Aware -> http://www.bleepingcomputer.com/forums/?showtutorial=48
Download and install Ad-Aware. Update it and scan your computer regularly with it.

-> Use Ewido -> http://www.ewido.net/en
Download and install Ewido. Update it and scan your computer regularly with it.

-> Install SpywareBlaster -> http://www.javacoolsoftware.com/spywareblaster.html
SpywareBlaster will prevent spyware from being installed to your computer.

-> Install MVPS Hosts file -> http://mvps.org/winhelp2002/hosts.htm
This prevents your computer from connecting to harmful sites.

-> Change your browser to Firefox -> http://www.mozilla.org
Firefox is faster, safer and quicker browser than Internet Explorer.

-> Keep your systen up-to-date -> http://windowsupdate.microsoft.com
Visit Windows Update regularly.

-> Keep your antivirus and firewall up-to-date
Scan your computer regularly with your antivirus.

-> Read this article by TonyKlein -> http://castlecops.com/postlite7736-.html
So how did I get infected in the first place?

Stay clean ;)
[ + quote]
I have moved from AD, I won''t be taking new HijackThis logs from here. Reason: The AD''s Unsupportive athmosphere.
purkake
Newbie
_ 		5. June 2006 @ 00:30 _ Link to this message    Send private message to this user   
Hello, I also have a problem with the ULWindowSEEK and ULWindowURL.

Here is my log:

Logfile of HijackThis v1.99.1
Scan saved at 11:30:16, on 5.06.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\WINDOWS\system32\e5d7607b.exe
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\Program Files\F-Secure\Common\FNRB32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\Program Files\F-Secure\Common\FIH32.EXE
C:\Program Files\eMule\emule.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Purka\Desktop\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-DCF7-F96DA086B434} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {56F1D444-11BF-4879-A12B-79CF0177F038} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [e5d7607b.exe] C:\WINDOWS\system32\e5d7607b.exe
O4 - HKLM\..\RunServices: [winupdate.exe] C:\WINDOWS\System32\winupdate.exe
O4 - HKLM\..\RunServices: [Microsoft Update] wumgrd.exe
O4 - HKLM\..\RunServices: [exploer.exe] C:\WINDOWS\System32\exploer.exe
O4 - HKLM\..\RunServices: [ltwob] C:\WINDOWS\System32\formatsys.exe
O4 - HKLM\..\RunServices: [serpe] C:\WINDOWS\System32\serbw.exe
O4 - HKCU\..\RunServices: [winupdate.exe] C:\WINDOWS\System32\winupdate.exe
O4 - HKCU\..\RunServices: [exploer.exe] C:\WINDOWS\System32\exploer.exe
O4 - HKCU\..\RunServices: [aux.exe] \\?\C:\WINDOWS\System32\aux.exe
O4 - HKCU\..\RunServices: [regdata.exe] C:\WINDOWS\System32\regdata.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O16 - DPF: {11111111-1111-1111-1111-111111113456} - file://c:\info6_s.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x8...
O17 - HKLM\System\CCS\Services\Tcpip\..\{B00F237F-28CA-4237-8666-F2B632817A20}: NameServer = 194.126.115.18 194.126.101.34
O20 - AppInit_DLLs: MsgPlusLoader.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O21 - SSODL: SysTray - {E61B5E20-DE35-11CF-9C87-1579005127ED} - (no file)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
O23 - Service: F-Secure Authentication Agent (FSAA) - F-Secure Corporation. All Rights Reserved. - C:\Program Files\F-Secure\Common\FSAA.EXE
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

Thanks in advance ;)
[ + quote]
tapiiri
Senior Member
_ 		5. June 2006 @ 07:16 _ Link to this message    Send private message to this user   
Hi purkake and notdan

Why you didn't open own thread, please. You'll get help, too
It' more difficult to us make instructions in this way

This instuction is to both of you :
Please download ewido anti malware it is a free version of the program -> http://www.ewido.net/en/download/

1. Install ewido security suite
2. When installing, under "Additional Options" uncheck..
* Install background guard
* Install scan via context menu
3. Launch ewido, there should be an icon on your desktop, double-click it.
4. The program will now open to the main screen.
5. When you run ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment.
6. You will need to update ewido to the latest definition files.
* On the left hand side of the main screen click update.
* Then click on Start Update.
7. The update will start and a progress bar will show the updates being installed.
(the status bar at the bottom will display ("Update successful")

If you are having problems with the updater, you can use this link to manually update ewido.
ewido manual updates -> http://www.ewido.net/en/download/updates/

Once the updates are installed do the following:

Reboot your computer in SafeMode by doing the following:

1. Restart your computer
2. After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3. Instead of Windows loading as normal, a menu should appear
4. Select the first option, to run Windows in Safe Mode.

Then launch ewido:

* Click on scanner
* Click settings
* put mark to Scan every file
* Click on scanner
* Click on Complete System Scan and the scan will begin.
* You will be prompted to clean the first infection.
* Select "Perform action on all infections", then proceed.
* Once the scan has completed, there will be a button located on the bottom of the screen named Save report
* Click Save report.
* Save the report .txt file to your desktop or a location where you can find it easily.

Close ewido anti-malware.

Reboot back to normal mode

Send ewido report and a fresh HjT log.
[ + quote]
Jaa- ei tuollaasia spämmäreitä ookkaa -> tapiiri

http://www.virustorjunta.net/index.php
purkake
Newbie
_ 		5. June 2006 @ 12:23 _ Link to this message    Send private message to this user   
Nice to see some Finnish people here, I'm from Estonia :) Also it seems that the pop-ups stopped...
So here are the reports:

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 23:05:33, 5.06.2006
+ Report-Checksum: 13DA76DC

+ Scan result:

HKLM\SOFTWARE\Classes\ClientAX.ClientInstaller -> Adware.180Solutions : Cleaned with backup
HKLM\SOFTWARE\Classes\ClientAX.ClientInstaller\CLSID -> Adware.180Solutions : Cleaned with backup
HKLM\SOFTWARE\Classes\ClientAX.ClientInstaller\CurVer -> Adware.180Solutions : Cleaned with backup
HKLM\SOFTWARE\Classes\ClientAX.ClientInstaller.1 -> Adware.180Solutions : Cleaned with backup
HKLM\SOFTWARE\Classes\ClientAX.RequiredComponent -> Adware.Zango : Cleaned with backup
HKLM\SOFTWARE\Classes\ClientAX.RequiredComponent\CLSID -> Adware.Zango : Cleaned with backup
HKLM\SOFTWARE\Classes\ClientAX.RequiredComponent\CurVer -> Adware.Zango : Cleaned with backup
HKLM\SOFTWARE\Classes\ClientAX.RequiredComponent.1 -> Adware.Zango : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{56F1D444-11BF-4879-A12B-79CF0177F038} -> Adware.180Solutions : Cleaned with backup
HKLM\SOFTWARE\WildMedia -> Adware.MidAddle : Cleaned with backup
HKLM\SOFTWARE\WildMedia\LicenseStores -> Adware.MidAddle : Cleaned with backup
HKLM\SOFTWARE\zango -> Adware.Zango : Cleaned with backup
[240] C:\WINDOWS\system32\winyxb32.dll -> Trojan.Agent.qt : Cleaned with backup
C:\Documents and Settings\All Users\Application Data\SecTaskMan\QuickSearchBar1_27.dll.q_D9FB003_q -> Adware.Quick : Cleaned with backup
:mozilla.6:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies-1.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.7:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies-1.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.8:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies-1.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.9:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies-1.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.10:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies-1.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.11:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies-1.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.22:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies-1.txt -> TrackingCookie.Adbutler : Cleaned with backup
:mozilla.24:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies-1.txt -> TrackingCookie.Adbutler : Cleaned with backup
:mozilla.31:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies-1.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.32:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies-1.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.33:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies-1.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.34:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies-1.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.35:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies-1.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.36:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies-1.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.37:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies-1.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.38:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies-1.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.39:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies-1.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.40:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies-1.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.41:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies-1.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.42:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies-1.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.43:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies-1.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.44:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies-1.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.45:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies-1.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.46:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies-1.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.47:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies-1.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.48:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies-1.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.49:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies-1.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.50:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies-1.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.51:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies-1.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.52:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies-1.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.56:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies-1.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.57:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies-1.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.58:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies-1.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.59:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies-1.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.60:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies-1.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.61:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies-1.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.62:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies-1.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.63:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies-1.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.64:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies-1.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.65:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies-1.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.66:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies-1.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.67:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies-1.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.68:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies-1.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.69:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies-1.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.70:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies-1.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.71:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies-1.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.72:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies-1.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.73:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies-1.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.74:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies-1.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.75:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies-1.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.76:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies-1.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.77:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies-1.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.78:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies-1.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.79:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies-1.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.82:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies-1.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.83:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies-1.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.84:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies-1.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.85:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies-1.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.103:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies-1.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.104:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies-1.txt -> TrackingCookie.Xxxcounter : Cleaned with backup
:mozilla.105:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies-1.txt -> TrackingCookie.Sextracker : Cleaned with backup
:mozilla.106:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies-1.txt -> TrackingCookie.Sextracker : Cleaned with backup
:mozilla.109:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies-1.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.110:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies-1.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.111:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies-1.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.112:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies-1.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.137:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies-1.txt -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.138:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies-1.txt -> TrackingCookie.Qksrv : Cleaned with backup
:mozilla.139:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies-1.txt -> TrackingCookie.Qksrv : Cleaned with backup
:mozilla.142:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies-1.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.143:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies-1.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.144:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies-1.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.145:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies-1.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.146:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies-1.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.147:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies-1.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.148:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies-1.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.149:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies-1.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.150:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies-1.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.151:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies-1.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.152:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies-1.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.153:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies-1.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.154:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies-1.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.155:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies-1.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.156:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies-1.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.157:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies-1.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.158:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies-1.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.159:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies-1.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.160:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies-1.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.161:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies-1.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.162:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies-1.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.163:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies-1.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.164:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies-1.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.165:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies-1.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.166:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies-1.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.167:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies-1.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.168:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies-1.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.169:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies-1.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.192:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies-1.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.193:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies-1.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.194:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies-1.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.198:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies-1.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.199:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies-1.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.200:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies-1.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.201:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies-1.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.202:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies-1.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.203:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies-1.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.210:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies-1.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.211:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies-1.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.212:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies-1.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.213:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies-1.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.214:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies-1.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.215:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies-1.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.216:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies-1.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.217:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies-1.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.218:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies-1.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.227:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies-1.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.228:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies-1.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.230:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies-1.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.235:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies-1.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.236:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies-1.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.237:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies-1.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.238:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies-1.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.239:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies-1.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.240:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies-1.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.241:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies-1.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.278:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies-1.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.279:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies-1.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.280:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies-1.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.281:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies-1.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.282:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies-1.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.283:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies-1.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.286:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies-1.txt -> TrackingCookie.Clickzs : Cleaned with backup
:mozilla.287:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies-1.txt -> TrackingCookie.Clickzs : Cleaned with backup
:mozilla.311:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies-1.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.312:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies-1.txt -> TrackingCookie.Valueclick : Cleaned with backup
:mozilla.313:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies-1.txt -> TrackingCookie.Valueclick : Cleaned with backup
:mozilla.314:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies-1.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.315:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies-1.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.316:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies-1.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.317:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies-1.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.318:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies-1.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.322:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies-1.txt -> TrackingCookie.Adjuggler : Cleaned with backup
:mozilla.323:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies-1.txt -> TrackingCookie.Adjuggler : Cleaned with backup
:mozilla.324:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies-1.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.325:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies-1.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.326:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies-1.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.397:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies-1.txt -> TrackingCookie.Clickhype : Cleaned with backup
:mozilla.424:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies-1.txt -> TrackingCookie.Spylog : Cleaned with backup
:mozilla.429:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies-1.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.430:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies-1.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.431:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies-1.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.432:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies-1.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.433:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies-1.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.434:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies-1.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.435:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies-1.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.436:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies-1.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.437:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies-1.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.438:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies-1.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.439:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies-1.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.440:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies-1.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.441:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies-1.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.442:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies-1.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.443:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies-1.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.444:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies-1.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.445:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies-1.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.446:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies-1.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.447:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies-1.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.448:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies-1.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.449:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies-1.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.450:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies-1.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.451:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies-1.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.452:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies-1.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.453:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies-1.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.454:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies-1.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.455:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies-1.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.456:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies-1.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.457:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies-1.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.464:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies-1.txt -> TrackingCookie.Targetnet : Cleaned with backup
:mozilla.465:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies-1.txt -> TrackingCookie.Targetnet : Cleaned with backup
:mozilla.468:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies-1.txt -> TrackingCookie.Revenue : Cleaned with backup
:mozilla.471:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies-1.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.496:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies-1.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.497:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies-1.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.511:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies-1.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.512:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies-1.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.513:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies-1.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.514:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies-1.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.538:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies-1.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.539:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies-1.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.540:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies-1.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.541:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies-1.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.557:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies-1.txt -> TrackingCookie.Bfast : Cleaned with backup
:mozilla.559:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies-1.txt -> TrackingCookie.Trafic : Cleaned with backup
:mozilla.564:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies-1.txt -> TrackingCookie.Centrport : Cleaned with backup
:mozilla.565:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies-1.txt -> TrackingCookie.Centrport : Cleaned with backup
:mozilla.601:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies-1.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.616:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies-1.txt -> TrackingCookie.Hotlog : Cleaned with backup
:mozilla.632:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies-1.txt -> TrackingCookie.Yadro : Cleaned with backup
:mozilla.677:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies-1.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.687:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies-1.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.688:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies-1.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.689:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies-1.txt -> TrackingCookie.Bridgetrack : Cleaned with backup
:mozilla.690:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies-1.txt -> TrackingCookie.Bridgetrack : Cleaned with backup
:mozilla.691:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies-1.txt -> TrackingCookie.Bridgetrack : Cleaned with backup
:mozilla.717:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies-1.txt -> TrackingCookie.Ivwbox : Cleaned with backup
:mozilla.720:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies-1.txt -> TrackingCookie.Clickzs : Cleaned with backup
:mozilla.721:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies-1.txt -> TrackingCookie.Clickzs : Cleaned with backup
:mozilla.734:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies-1.txt -> TrackingCookie.Adocean : Cleaned with backup
:mozilla.735:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies-1.txt -> TrackingCookie.Adocean : Cleaned with backup
:mozilla.736:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies-1.txt -> TrackingCookie.Adocean : Cleaned with backup
:mozilla.737:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies-1.txt -> TrackingCookie.Adocean : Cleaned with backup
:mozilla.750:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies-1.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.751:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies-1.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.761:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies-1.txt -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.783:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies-1.txt -> TrackingCookie.Masterstats : Cleaned with backup
:mozilla.789:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies-1.txt -> TrackingCookie.Bluestreak : Cleaned with backup
:mozilla.806:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies-1.txt -> TrackingCookie.Web-stat : Cleaned with backup
:mozilla.807:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies-1.txt -> TrackingCookie.Web-stat : Cleaned with backup
:mozilla.831:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies-1.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
:mozilla.868:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies-1.txt -> TrackingCookie.Paycounter : Cleaned with backup
:mozilla.884:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies-1.txt -> TrackingCookie.Dbbsrv : Cleaned with backup
:mozilla.888:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies-1.txt -> TrackingCookie.Adtech : Cleaned with backup
:mozilla.889:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies-1.txt -> TrackingCookie.Adtech : Cleaned with backup
:mozilla.892:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies-1.txt -> TrackingCookie.Goclick : Cleaned with backup
:mozilla.893:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies-1.txt -> TrackingCookie.Clickzs : Cleaned with backup
:mozilla.894:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies-1.txt -> TrackingCookie.Clickzs : Cleaned with backup
:mozilla.923:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies-1.txt -> TrackingCookie.Burstbeacon : Cleaned with backup
:mozilla.925:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies-1.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.929:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies-1.txt -> TrackingCookie.Valueclick : Cleaned with backup
:mozilla.933:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies-1.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.940:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies-1.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.955:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies-1.txt -> TrackingCookie.Clickzs : Cleaned with backup
:mozilla.956:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies-1.txt -> TrackingCookie.Clickzs : Cleaned with backup
:mozilla.960:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies-1.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.961:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies-1.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.970:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies-1.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.22:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.26:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.28:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.29:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.30:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.31:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.32:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.33:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.34:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.35:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.36:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.37:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.38:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.39:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.60:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.61:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.62:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.63:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.64:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.67:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup
:mozilla.95:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.96:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.97:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.98:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.99:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.100:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.101:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.102:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.103:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.104:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.105:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.106:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.107:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.108:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.109:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.110:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.115:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.120:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.121:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.122:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.123:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.124:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.125:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.126:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.127:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.128:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.129:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.130:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.134:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies.txt -> TrackingCookie.Adocean : Cleaned with backup
:mozilla.135:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies.txt -> TrackingCookie.Adocean : Cleaned with backup
:mozilla.147:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.148:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.149:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.150:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.160:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies.txt -> TrackingCookie.Sextracker : Cleaned with backup
:mozilla.202:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.229:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.230:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.231:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.241:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup
:mozilla.242:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup
:mozilla.257:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies.txt -> TrackingCookie.Targetnet : Cleaned with backup
:mozilla.268:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies.txt -> TrackingCookie.Spylog : Cleaned with backup
:mozilla.274:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.279:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.281:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.289:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.290:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.291:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.292:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.293:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.294:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.295:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.296:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.297:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.298:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.299:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.301:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.302:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.337:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.338:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.339:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.346:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.347:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.348:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.349:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies.txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup
:mozilla.357:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup
:mozilla.450:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies.txt -> TrackingCookie.Weborama : Cleaned with backup
:mozilla.451:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies.txt -> TrackingCookie.Estat : Cleaned with backup
:mozilla.454:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies.txt -> TrackingCookie.Smartadserver : Cleaned with backup
:mozilla.455:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.478:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup
:mozilla.479:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup
:mozilla.484:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned with backup
:mozilla.491:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.497:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.498:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.511:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies.txt -> TrackingCookie.Ivwbox : Cleaned with backup
:mozilla.519:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.520:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.521:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.531:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies.txt -> TrackingCookie.Bfast : Cleaned with backup
:mozilla.547:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies.txt -> TrackingCookie.Hotlog : Cleaned with backup
:mozilla.555:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup
:mozilla.556:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup
:mozilla.557:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup
:mozilla.592:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup
:mozilla.593:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup
:mozilla.594:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.595:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.596:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.609:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.616:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.617:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.618:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.619:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.620:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.629:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.635:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.639:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies.txt -> TrackingCookie.Yadro : Cleaned with backup
:mozilla.645:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies.txt -> TrackingCookie.Web-stat : Cleaned with backup
:mozilla.646:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies.txt -> TrackingCookie.Web-stat : Cleaned with backup
:mozilla.662:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies.txt -> TrackingCookie.Etracker : Cleaned with backup
:mozilla.663:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies.txt -> TrackingCookie.Etracker : Cleaned with backup
:mozilla.669:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.670:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.671:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.672:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.673:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.674:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.719:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup
:mozilla.720:C:\Documents and Settings\Purka\Application Data\Mozilla\Firefox\Profiles\default.ecy\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup
C:\Documents and Settings\Purka\Cookies\purka@qksrv[1].txt -> TrackingCookie.Qksrv : Cleaned with backup
C:\Documents and Settings\Purka\Desktop\Purka oma\colin_macrae_rally_4_keygen.exe -> Trojan.Agent.qt : Cleaned with backup
C:\Documents and Settings\Purka\Local Settings\Temp\cli100C.tmp -> Trojan.Agent.qt : Cleaned with backup
C:\Documents and Settings\Purka\Local Settings\Temp\cli100F.tmp -> Trojan.Agent.qt : Cleaned with backup
C:\Documents and Settings\Purka\Local Settings\Temp\cli1013.tmp -> Trojan.Agent.qt : Cleaned with backup
C:\Documents and Settings\Purka\Local Settings\Temp\cli1016.tmp -> Trojan.Agent.qt : Cleaned with backup
C:\Documents and Settings\Purka\Local Settings\Temp\cli1017.tmp -> Trojan.Agent.qt : Cleaned with backup
C:\Documents and Settings\Purka\Local Settings\Temp\cli101E.tmp -> Trojan.Agent.qt : Cleaned with backup
C:\Documents and Settings\Purka\Local Settings\Temp\cli101F.tmp -> Trojan.Agent.qt : Cleaned with backup
C:\Documents and Settings\Purka\Local Settings\Temp\cli1029.tmp -> Trojan.Agent.qt : Cleaned with backup
C:\Documents and Settings\Purka\Local Settings\Temp\cli102A.tmp -> Trojan.Agent.qt : Cleaned with backup
C:\Documents and Settings\Purka\Local Settings\Temp\cliFCB.tmp -> Trojan.Agent.qt : Cleaned with backup
C:\Documents and Settings\Purka\Local Settings\Temp\cliFD7.tmp -> Trojan.Agent.qt : Cleaned with backup
C:\Documents and Settings\Purka\Local Settings\Temp\cliFEE.tmp -> Trojan.Agent.qt : Cleaned with backup
C:\Documents and Settings\Purka\Local Settings\Temp\winFE0.tmp -> Downloader.IstBar.eq : Cleaned with backup
C:\Documents and Settings\Purka\Local Settings\Temporary Internet Files\Content.IE5\0AKLV5XP\srvkws[1].exe -> Trojan.Dialer.oy : Cleaned with backup
C:\Documents and Settings\Purka\Local Settings\Temporary Internet Files\Content.IE5\DKFBHU50\srvpus[1].exe -> Trojan.Dialer.oy : Cleaned with backup
C:\Documents and Settings\Purka\Local Settings\Temporary Internet Files\Content.IE5\FGHIM50Y\rdgEE2404[2].exe -> Downloader.Small.czm : Cleaned with backup
C:\Documents and Settings\Purka\Local Settings\Temporary Internet Files\Content.IE5\FGHIM50Y\srvcae[1].exe -> Trojan.Dialer.oy : Cleaned with backup
C:\Documents and Settings\Purka\Local Settings\Temporary Internet Files\Content.IE5\FGHIM50Y\srvlgh[1].exe -> Trojan.Dialer.oy : Cleaned with backup
C:\Documents and Settings\Purka\Local Settings\Temporary Internet Files\Content.IE5\FGHIM50Y\wizip32[1].exe -> Hijacker.Small.kx : Cleaned with backup
C:\Documents and Settings\Purka\Local Settings\Temporary Internet Files\Content.IE5\SLC9IFYP\srvlqa[1].exe -> Trojan.Dialer.oy : Cleaned with backup
C:\Documents and Settings\Purka\Local Settings\Temporary Internet Files\Content.IE5\SLC9IFYP\srvvqt[1].exe -> Trojan.Dialer.oy : Cleaned with backup
C:\Program Files\FileSubmit\Alien Vs Predator\NNEZTA388.exe -> Adware.NewDotNet : Cleaned with backup
C:\Program Files\FileSubmit\Alien Vs Predator\TBEZA127Q.exe -> Adware.Quick : Cleaned with backup
C:\Program Files\INSTAFIN -> Adware.404Search : Cleaned with backup
C:\Program Files\INSTAFIN\Cache -> Adware.404Search : Cleaned with backup
C:\Program Files\INSTAFIN\Cache\instafintb0300.cfg -> Adware.404Search : Cleaned with backup
C:\Program Files\INSTAFIN\Cache\NewCfg -> Adware.404Search : Cleaned with backup
C:\Program Files\INSTAFIN\Uninstall.exe -> Adware.404Search : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\ClientAX.dll -> Adware.180Solutions : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\rdgEE2404.exe -> Downloader.Small.czm : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\CONFLICT.10\rdgEE2404.exe -> Downloader.Small.czm : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\CONFLICT.11\rdgEE2404.exe -> Downloader.Small.czm : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\CONFLICT.2\rdgEE2404.exe -> Downloader.Small.czm : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\CONFLICT.3\rdgEE2404.exe -> Downloader.Small.czm : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\CONFLICT.4\rdgEE2404.exe -> Downloader.Small.czm : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\CONFLICT.5\rdgEE2404.exe -> Downloader.Small.czm : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\CONFLICT.6\rdgEE2404.exe -> Downloader.Small.czm : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\CONFLICT.7\rdgEE2404.exe -> Downloader.Small.czm : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\CONFLICT.8\rdgEE2404.exe -> Downloader.Small.czm : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\CONFLICT.9\rdgEE2404.exe -> Downloader.Small.czm : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\rdgEE2404.exe -> Downloader.Small.czm : Cleaned with backup
C:\WINDOWS\iLookup -> Adware.eZula : Cleaned with backup
C:\WINDOWS\iLookup\ezStub22.exe -> Adware.eZula : Cleaned with backup
C:\WINDOWS\iNetPal\ezTSetup.exe -> Dropper.Small.sc : Cleaned with backup
C:\WINDOWS\NDNuninstall6_38.exe -> Adware.NewDotNet : Cleaned with backup
C:\WINDOWS\system32\paydial.exe -> Trojan.Killav.db : Cleaned with backup
C:\WINDOWS\system32\silent.exe -> Adware.WinFetcher : Cleaned with backup
C:\WINDOWS\system32\WebRebates_Auto_InstallSilent.exe -> Adware.WebRebates : Cleaned with backup
C:\WINDOWS\system32\winyxb32.dll -> Trojan.Agent.qt : Cleaned with backup
C:\WINDOWS\Temp\win18E.tmp.exe -> Trojan.Dialer.oy : Cleaned with backup
C:\WINDOWS\Temp\win18F.tmp.exe -> Trojan.Dialer.oy : Cleaned with backup
C:\WINDOWS\Temp\win201.tmp.exe -> Trojan.Dialer.oy : Cleaned with backup
C:\WINDOWS\Temp\win251.tmp.exe -> Trojan.Dialer.oy : Cleaned with backup
C:\WINDOWS\Temp\win3CF.tmp.exe -> Trojan.Dialer.oy : Cleaned with backup
C:\WINDOWS\Temp\win3FC.tmp.exe -> Trojan.Dialer.oy : Cleaned with backup


::Report End

Logfile of HijackThis v1.99.1
Scan saved at 23:17:16, on 5.06.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\D-Tools\daemon.exe
C:\WINDOWS\system32\e5d7607b.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\Program Files\F-Secure\Common\FNRB32.EXE
C:\Program Files\F-Secure\Common\FIH32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\Program Files\Windows NT\Accessories\WORDPAD.EXE
C:\Documents and Settings\Purka\Desktop\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-DCF7-F96DA086B434} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [e5d7607b.exe] C:\WINDOWS\system32\e5d7607b.exe
O4 - HKLM\..\RunServices: [winupdate.exe] C:\WINDOWS\System32\winupdate.exe
O4 - HKLM\..\RunServices: [Microsoft Update] wumgrd.exe
O4 - HKLM\..\RunServices: [exploer.exe] C:\WINDOWS\System32\exploer.exe
O4 - HKLM\..\RunServices: [ltwob] C:\WINDOWS\System32\formatsys.exe
O4 - HKLM\..\RunServices: [serpe] C:\WINDOWS\System32\serbw.exe
O4 - HKCU\..\Run: [e5d7607b.exe] C:\Documents and Settings\Purka\Local Settings\Application Data\e5d7607b.exe
O4 - HKCU\..\RunServices: [winupdate.exe] C:\WINDOWS\System32\winupdate.exe
O4 - HKCU\..\RunServices: [exploer.exe] C:\WINDOWS\System32\exploer.exe
O4 - HKCU\..\RunServices: [aux.exe] \\?\C:\WINDOWS\System32\aux.exe
O4 - HKCU\..\RunServices: [regdata.exe] C:\WINDOWS\System32\regdata.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O16 - DPF: {11111111-1111-1111-1111-111111113456} - file://c:\info6_s.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x8...
O16 - DPF: {97B79133-88F0-45F0-8D57-0F2EF27D9C66} - http://85.255.114.166/1/rdgEE2404.exe
O20 - AppInit_DLLs: MsgPlusLoader.dll
O20 - Winlogon Notify: winyxb32 - winyxb32.dll (file missing)
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O21 - SSODL: SysTray - {E61B5E20-DE35-11CF-9C87-1579005127ED} - (no file)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
O23 - Service: F-Secure Authentication Agent (FSAA) - F-Secure Corporation. All Rights Reserved. - C:\Program Files\F-Secure\Common\FSAA.EXE
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

that's all.
[ + quote]

This message has been edited since posting. Last time this message was edited on 5. June 2006 @ 12:35
tapiiri
Senior Member
_ 		5. June 2006 @ 13:04 _ Link to this message    Send private message to this user   
Greetings to Esthonia :)

Scan HijackThis and check these:

O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-DCF7-F96DA086B434} - (no file)
O4 - HKLM\..\Run: [e5d7607b.exe] C:\WINDOWS\system32\e5d7607b.exe
O4 - HKLM\..\RunServices: [winupdate.exe] C:\WINDOWS\System32\winupdate.exe
O4 - HKLM\..\RunServices: [Microsoft Update] wumgrd.exe
O4 - HKLM\..\RunServices: [exploer.exe] C:\WINDOWS\System32\exploer.exe
O4 - HKLM\..\RunServices: [ltwob] C:\WINDOWS\System32\formatsys.exe
O4 - HKLM\..\RunServices: [serpe] C:\WINDOWS\System32\serbw.exe
O4 - HKCU\..\Run: [e5d7607b.exe] C:\Documents and Settings\Purka\Local Settings\Application Data\e5d7607b.exe
O4 - HKCU\..\RunServices: [winupdate.exe] C:\WINDOWS\System32\winupdate.exe
O4 - HKCU\..\RunServices: [exploer.exe] C:\WINDOWS\System32\exploer.exe
O4 - HKCU\..\RunServices: [aux.exe] \\?\C:\WINDOWS\System32\aux.exe
O4 - HKCU\..\RunServices: [regdata.exe] C:\WINDOWS\System32\regdata.exe
O20 - Winlogon Notify: winyxb32 - winyxb32.dll (file missing)

Close all windows exept HijackThis and click Fix cheked.

Boot your comp to safe mode and delete these ;

C:\WINDOWS\system32\ >>e5d7607b.exe
C:\WINDOWS\System32\ >>winupdate.exe
C:\WINDOWS\System32\ >>exploer.exe
C:\WINDOWS\System32\ >>formatsys.exe
C:\WINDOWS\System32\ >>serbw.exe
C:\Documents and Settings\Purka\Local Settings\Application Data\ >>e5d7607b.exe
C:\WINDOWS\System32\ >>aux.exe
C:\WINDOWS\System32\ >>regdata.exe

And find this and delete:
wumgrd.exe

Boot normally and send a fresh log

[ + quote]
Jaa- ei tuollaasia spämmäreitä ookkaa -> tapiiri

http://www.virustorjunta.net/index.php
purkake
Newbie
_ 		5. June 2006 @ 15:17 _ Link to this message    Send private message to this user   
Okay so I did the HijackThis thing, but when I went to safe mode to delete the files you said I couldn't find a single one of them...(I have done the turn-hidden-files-visible thing from a tutorial before)

So here's the latest log:

Logfile of HijackThis v1.99.1
Scan saved at 2:16:49, on 6.06.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\D-Tools\daemon.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\Program Files\F-Secure\Common\FNRB32.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\F-Secure\Common\FIH32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Purka\Desktop\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O16 - DPF: {11111111-1111-1111-1111-111111113456} - file://c:\info6_s.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x8...
O16 - DPF: {97B79133-88F0-45F0-8D57-0F2EF27D9C66} - http://85.255.114.166/1/rdgEE2404.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{B00F237F-28CA-4237-8666-F2B632817A20}: NameServer = 194.126.115.18 194.126.101.34
O20 - AppInit_DLLs: MsgPlusLoader.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O21 - SSODL: SysTray - {E61B5E20-DE35-11CF-9C87-1579005127ED} - (no file)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
O23 - Service: F-Secure Authentication Agent (FSAA) - F-Secure Corporation. All Rights Reserved. - C:\Program Files\F-Secure\Common\FSAA.EXE
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
[ + quote]
tapiiri
Senior Member
_ 		6. June 2006 @ 07:31 _ Link to this message    Send private message to this user   
Hi purkake

Jees, it was only in registry :)

Scan hijack and fix this:

O16 - DPF: {11111111-1111-1111-1111-111111113456} - file://c:\info6_s.cab

Boot comp. Its clean after that :)
[ + quote]
Jaa- ei tuollaasia spämmäreitä ookkaa -> tapiiri

http://www.virustorjunta.net/index.php
purkake
Newbie
_ 		6. June 2006 @ 09:58 _ Link to this message    Send private message to this user   
Well, what can I say... Thank you very much.

It is good too see that there are still nice, helpful people left in the internet.

Cheers, purkake
[ + quote]
tapiiri
Senior Member
_ 		6. June 2006 @ 13:57 _ Link to this message    Send private message to this user   
You're wellcome
[ + quote]
Jaa- ei tuollaasia spämmäreitä ookkaa -> tapiiri

http://www.virustorjunta.net/index.php
scoob69
Newbie
_ 		7. June 2006 @ 23:13 _ Link to this message    Send private message to this user   
Hi there,

I'm having the same problem with ULWindowUrl and ULWindowSeek. I tried following the steps you've given to previous posters but I feel like i'm getting tied in knots here.

Can you kindly assist.

Many thanx in advance.......

Logfile of HijackThis v1.99.1
Scan saved at 09:47:34, on 08/06/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\System32\ibmpmsvc.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\alg.exe
C:\Program Files\AccessManager\Client\AMBroker.exe
C:\WINNT\System32\Ati2evxx.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\AccessManager\PMAC\sp_SWIns.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\AccessManager\Client\sygman.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINNT\System32\CCM\CcmExec.exe
C:\WINNT\System32\wbem\wmiprvse.exe
C:\WINNT\System32\wbem\wmiprvse.exe
C:\WINNT\System32\tp4serv.exe
C:\WINNT\LTSMMSG.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\program files\halliburton\halhelp\halhelp.exe
C:\WINNT\System32\AEIWLSTA.EXE
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINNT\AGRSMMSG.exe
C:\WINNT\System32\RunDll32.exe
C:\Program Files\AccessManager\Client\AccessMgr.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\corega\CG-WLCB54GS\WlanMon.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Documents and Settings\Scott.Richardson\Application Data\My-disgo\MyKey disgo.exe
C:\WINNT\System32\ctfmon.exe
C:\Program Files\Common Files\ARS Company\Agent\Agent.exe
C:\Program Files\Symantec AntiVirus\DoScan.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Halliburton\DispXP\DispXP.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\Gcc.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\OdHost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Winamp\Winamp.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\SecuritySuite.exe
C:\WINNT\explorer.exe
C:\WINNT\system32\rundll32.exe
C:\Documents and Settings\Scott.Richardson\My Documents\Anti-Spyware\HijackThis_v1.99.1.exe
C:\WINNT\TEMP\win73.tmp.exe
C:\WINNT\System32\wuauclt.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://halworld.halnet.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Halliburton Company
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = corp.halliburton.com;halnet.com;<local>
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: ViewerHelper Class - {78104A01-8E71-4F30-9A36-3793799615B4} - C:\Program Files\Microsoft\Rights Management Add-on\mime_filter.dll
O2 - BHO: Google Desktop Search Capture - {7c1ce531-09e9-4fc5-9803-1c2956615786} - C:\Program Files\Google\Google Desktop Search\GoogleDesktopIE.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [TrackPointSrv] tp4serv.exe
O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [HalHelp] c:\program files\halliburton\halhelp\halhelp.exe
O4 - HKLM\..\Run: [AEIWLSTA.EXE] AEIWLSTA.EXE START
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SoundFusion] RunDll32 cwcprops.cpl,CrystalControlWnd
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
O4 - HKLM\..\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE
O4 - HKLM\..\Run: [PRF] C:\Program Files\PRF\RunPRF.EXE N:\HXPLtop.prf
O4 - HKLM\..\Run: [DIRECT!] C:\PROGRA~1\COURIO~1\IDENTI~1\direct.exe
O4 - HKLM\..\Run: [AccessManager] C:\Program Files\AccessManager\Client\AccessMgr.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [corega K.K. CG-WLCB54GS] C:\Program Files\corega\CG-WLCB54GS\WlanMon.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [SpyHunter] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe
O4 - HKCU\..\Run: [My-disgo] C:\Documents and Settings\Scott.Richardson\Application Data\My-disgo\MyKey disgo.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\System32\ctfmon.exe
O4 - HKCU\..\Run: [AMP Agent] C:\Program Files\Common Files\ARS Company\Agent\Agent.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: DispXP.lnk = ?
O4 - Global Startup: Wireless-G Notebook Adapter.lnk = C:\Program Files\Linksys\Wireless-G Notebook Adapter\Gcc.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {685ec120-f786-4498-a8f0-794d47916161} - C:\Program Files\Microsoft\Rights Management Add-on\mime_filter.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Microsoft\Rights Management Add-on\rma_resource.dll,-40971 - {685ec120-f786-4498-a8f0-794d47916161} - C:\Program Files\Microsoft\Rights Management Add-on\mime_filter.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @C:\Program Files\Microsoft\Rights Management Add-on\rma_resource.dll,-205 - {aede78a6-42b6-4c3c-96eb-5ae6dbec4859} - C:\Program Files\Microsoft\Rights Management Add-on\mime_filter.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Microsoft\Rights Management Add-on\rma_resource.dll,-40970 - {aede78a6-42b6-4c3c-96eb-5ae6dbec4859} - C:\Program Files\Microsoft\Rights Management Add-on\mime_filter.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: (no name) - {685ec120-f786-4498-a8f0-794d47916161} - C:\Program Files\Microsoft\Rights Management Add-on\mime_filter.dll (HKCU)
O9 - Extra 'Tools' menuitem: @C:\Program Files\Microsoft\Rights Management Add-on\rma_resource.dll,-40971 - {685ec120-f786-4498-a8f0-794d47916161} - C:\Program Files\Microsoft\Rights Management Add-on\mime_filter.dll (HKCU)
O9 - Extra button: @C:\Program Files\Microsoft\Rights Management Add-on\rma_resource.dll,-205 - {aede78a6-42b6-4c3c-96eb-5ae6dbec4859} - C:\Program Files\Microsoft\Rights Management Add-on\mime_filter.dll (HKCU)
O9 - Extra 'Tools' menuitem: @C:\Program Files\Microsoft\Rights Management Add-on\rma_resource.dll,-40970 - {aede78a6-42b6-4c3c-96eb-5ae6dbec4859} - C:\Program Files\Microsoft\Rights Management Add-on\mime_filter.dll (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://halworld.halnet.com/
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://www.loksatta.com/daily/dynamic/wfplayer/tdserver.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/cl...
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = power.tech.int.digex.com
O17 - HKLM\Software\..\Telephony: DomainName = power.tech.int.digex.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = power.tech.int.digex.com
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: rmh - {23C585BB-48FF-4865-8934-185F0A7EB84C} - C:\Program Files\Microsoft\Rights Management Add-on\mime_filter.dll
O18 - Filter: application/msword - {DFF82902-0B96-3B98-6F62-D655E146A23A} - C:\Program Files\Microsoft\Rights Management Add-on\mime_filter.dll
O18 - Filter hijack: application/octet-stream - {F969FE8E-1937-45AD-AF42-8A4D11CBDC2A} - C:\Program Files\Microsoft\Rights Management Add-on\mime_filter.dll
O18 - Filter: application/vnd-backup-octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINNT\System32\mscoree.dll
O18 - Filter: application/vnd-viewer - {CD4527E8-4FC7-48DB-9806-10537B501237} - (no file)
O18 - Filter: application/vnd.ms-excel - {DFF82902-0B96-3B98-6F62-D655E146A23A} - C:\Program Files\Microsoft\Rights Management Add-on\mime_filter.dll
O18 - Filter: application/vnd.ms-powerpoint - {DFF82902-0B96-3B98-6F62-D655E146A23A} - C:\Program Files\Microsoft\Rights Management Add-on\mime_filter.dll
O18 - Filter: application/x-microsoft-rpmsg-message - {DFF82902-0B96-3B98-6F62-D655E146A23A} - C:\Program Files\Microsoft\Rights Management Add-on\mime_filter.dll
O20 - Winlogon Notify: NavLogon - C:\WINNT\System32\NavLogon.dll
O20 - Winlogon Notify: winqio32 - C:\WINNT\SYSTEM32\winqio32.dll
O23 - Service: Access Manager Configuration Service (AMBroker) - MCI, Inc. - C:\Program Files\AccessManager\Client\AMBroker.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\System32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Visual Insight DA Plugin (DAPlugin) - MCI, Inc. - C:\Program Files\AccessManager\Client\DAPlugin.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: Contivity VPN Service (ExtranetAccess) - Nortel Networks NA, Inc. - C:\Program Files\IP VPN Remote Services\Extranet_serv.exe
O23 - Service: HalXP API Check (HXPAPIC) - Unknown owner - C:\WINNT\System32\hxpapics.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINNT\System32\ibmpmsvc.exe
O23 - Service: NICSer_WPC54G - Unknown owner - C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
O23 - Service: OracleOraHome81ClientCache - Unknown owner - C:\Oracle\Ora81\BIN\ONRSD.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SP Software Installer - Smartpipes, Inc. - C:\Program Files\AccessManager\PMAC\sp_SWIns.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Visual Insight Dial Analysis (sp_spi_da) - Smartpipes, Inc. - C:\Program Files\AccessManager\SMOC\spi_da.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: SSA Integration Manager (Sygman) - MCI, Inc. - C:\Program Files\AccessManager\Client\sygman.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
[ + quote]
tapiiri
Senior Member
_ 		8. June 2006 @ 07:43 _ Link to this message    Send private message to this user   
Hi scoob69,


Please download ewido anti malware it is a free version of the program -> http://www.ewido.net/en/download/

1. Install ewido security suite
2. When installing, under "Additional Options" uncheck..
* Install background guard
* Install scan via context menu
3. Launch ewido, there should be an icon on your desktop, double-click it.
4. The program will now open to the main screen.
5. When you run ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment.
6. You will need to update ewido to the latest definition files.
* On the left hand side of the main screen click update.
* Then click on Start Update.
7. The update will start and a progress bar will show the updates being installed.
(the status bar at the bottom will display ("Update successful")

If you are having problems with the updater, you can use this link to manually update ewido.
ewido manual updates -> http://www.ewido.net/en/download/updates/

Once the updates are installed do the following:

Reboot your computer in SafeMode by doing the following:

1. Restart your computer
2. After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3. Instead of Windows loading as normal, a menu should appear
4. Select the first option, to run Windows in Safe Mode.

Then launch ewido:

* Click on scanner
* Click settings
* put mark to Scan every file
* Click on scanner
* Click on Complete System Scan and the scan will begin.
* You will be prompted to clean the first infection.
* Select "Perform action on all infections", then proceed.
* Once the scan has completed, there will be a button located on the bottom of the screen named Save report
* Click Save report.
* Save the report .txt file to your desktop or a location where you can find it easily.

Close ewido anti-malware.

Reboot back to normal mode

Send ewido report and a fresh HjT log.
[ + quote]
Jaa- ei tuollaasia spämmäreitä ookkaa -> tapiiri

http://www.virustorjunta.net/index.php
Advertisement
_ 		__
 
_
scoob69
Newbie
_ 		8. June 2006 @ 20:25 _ Link to this message    Send private message to this user   
Hi Tapiiri,

Thanks for helping me with this.....

I done as you suggested. Please see log file and HjT report below.

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 06:48:56, 09/06/2006
+ Report-Checksum: E6310C6B

+ Scan result:

:mozilla.27:C:\Documents and Settings\Scott.Richardson\Application Data\Mozilla\Firefox\Profiles\y2h9v6b7.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup
:mozilla.40:C:\Documents and Settings\Scott.Richardson\Application Data\Mozilla\Firefox\Profiles\y2h9v6b7.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.41:C:\Documents and Settings\Scott.Richardson\Application Data\Mozilla\Firefox\Profiles\y2h9v6b7.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.42:C:\Documents and Settings\Scott.Richardson\Application Data\Mozilla\Firefox\Profiles\y2h9v6b7.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.43:C:\Documents and Settings\Scott.Richardson\Application Data\Mozilla\Firefox\Profiles\y2h9v6b7.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.53:C:\Documents and Settings\Scott.Richardson\Application Data\Mozilla\Firefox\Profiles\y2h9v6b7.default\cookies.txt -> TrackingCookie.Yadro : Cleaned with backup
:mozilla.54:C:\Documents and Settings\Scott.Richardson\Application Data\Mozilla\Firefox\Profiles\y2h9v6b7.default\cookies.txt -> TrackingCookie.Yadro : Cleaned with backup
:mozilla.63:C:\Documents and Settings\Scott.Richardson\Application Data\Mozilla\Firefox\Profiles\y2h9v6b7.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.64:C:\Documents and Settings\Scott.Richardson\Application Data\Mozilla\Firefox\Profiles\y2h9v6b7.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.65:C:\Documents and Settings\Scott.Richardson\Application Data\Mozilla\Firefox\Profiles\y2h9v6b7.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.87:C:\Documents and Settings\Scott.Richardson\Application Data\Mozilla\Firefox\Profiles\y2h9v6b7.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
C:\Documents and Settings\Scott.Richardson\Local Settings\Temporary Internet Files\Content.IE5\012F4H6V\srvdkn[1].exe -> Trojan.Dialer.oy : Cleaned with backup
C:\Documents and Settings\Scott.Richardson\Local Settings\Temporary Internet Files\Content.IE5\012F4H6V\srvrub[1].exe -> Trojan.Dialer.oy : Cleaned with backup
C:\Documents and Settings\Scott.Richardson\Local Settings\Temporary Internet Files\Content.IE5\25KLFJZN\srvjht[1].exe -> Trojan.Dialer.oy : Cleaned with backup
C:\Documents and Settings\Scott.Richardson\Local Settings\Temporary Internet Files\Content.IE5\COX4SAW2\srvioj[1].exe -> Trojan.Dialer.oy : Cleaned with backup
C:\Documents and Settings\Scott.Richardson\Local Settings\Temporary Internet Files\Content.IE5\NPI285BU\srvdis[1].exe -> Trojan.Dialer.oy : Cleaned with backup
C:\WINNT\temp\win250.tmp.exe -> Trojan.Dialer.oy : Cleaned with backup
C:\WINNT\temp\win255.tmp.exe -> Trojan.Dialer.oy : Cleaned with backup
C:\WINNT\temp\win258.tmp.exe -> Trojan.Dialer.oy : Cleaned with backup
C:\WINNT\temp\win25B.tmp.exe -> Trojan.Dialer.oy : Cleaned with backup
C:\WINNT\temp\win2B1.tmp.exe -> Trojan.Dialer.oy : Cleaned with backup


::Report End

Logfile of HijackThis v1.99.1
Scan saved at 07:16:58, on 09/06/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\System32\ibmpmsvc.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\alg.exe
C:\Program Files\AccessManager\Client\AMBroker.exe
C:\WINNT\System32\Ati2evxx.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\AccessManager\PMAC\sp_SWIns.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\AccessManager\Client\sygman.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINNT\System32\CCM\CcmExec.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\wbem\wmiprvse.exe
C:\WINNT\System32\tp4serv.exe
C:\WINNT\LTSMMSG.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\program files\halliburton\halhelp\halhelp.exe
C:\WINNT\System32\AEIWLSTA.EXE
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINNT\AGRSMMSG.exe
C:\WINNT\System32\RunDll32.exe
C:\Program Files\AccessManager\Client\AccessMgr.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\corega\CG-WLCB54GS\WlanMon.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Symantec AntiVirus\DoScan.exe
C:\Documents and Settings\Scott.Richardson\Application Data\My-disgo\MyKey disgo.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\WINNT\System32\ctfmon.exe
C:\Program Files\Common Files\ARS Company\Agent\Agent.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Halliburton\DispXP\DispXP.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\Gcc.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\OdHost.exe
C:\WINNT\System32\wbem\wmiprvse.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Scott.Richardson\My Documents\Anti-Spyware\HijackThis_v1.99.1.exe
C:\WINNT\System32\wbem\wmiprvse.exe
C:\WINNT\system32\NOTEPAD.EXE

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://halworld.halnet.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Halliburton Company
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = corp.halliburton.com;halnet.com;<local>
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: ViewerHelper Class - {78104A01-8E71-4F30-9A36-3793799615B4} - C:\Program Files\Microsoft\Rights Management Add-on\mime_filter.dll
O2 - BHO: Google Desktop Search Capture - {7c1ce531-09e9-4fc5-9803-1c2956615786} - C:\Program Files\Google\Google Desktop Search\GoogleDesktopIE.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [TrackPointSrv] tp4serv.exe
O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [HalHelp] c:\program files\halliburton\halhelp\halhelp.exe
O4 - HKLM\..\Run: [AEIWLSTA.EXE] AEIWLSTA.EXE START
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SoundFusion] RunDll32 cwcprops.cpl,CrystalControlWnd
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
O4 - HKLM\..\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE
O4 - HKLM\..\Run: [PRF] C:\Program Files\PRF\RunPRF.EXE N:\HXPLtop.prf
O4 - HKLM\..\Run: [DIRECT!] C:\PROGRA~1\COURIO~1\IDENTI~1\direct.exe
O4 - HKLM\..\Run: [AccessManager] C:\Program Files\AccessManager\Client\AccessMgr.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [corega K.K. CG-WLCB54GS] C:\Program Files\corega\CG-WLCB54GS\WlanMon.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [SpyHunter] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [My-disgo] C:\Documents and Settings\Scott.Richardson\Application Data\My-disgo\MyKey disgo.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\System32\ctfmon.exe
O4 - HKCU\..\Run: [AMP Agent] C:\Program Files\Common Files\ARS Company\Agent\Agent.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: DispXP.lnk = ?
O4 - Global Startup: Wireless-G Notebook Adapter.lnk = C:\Program Files\Linksys\Wireless-G Notebook Adapter\Gcc.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {685ec120-f786-4498-a8f0-794d47916161} - C:\Program Files\Microsoft\Rights Management Add-on\mime_filter.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Microsoft\Rights Management Add-on\rma_resource.dll,-40971 - {685ec120-f786-4498-a8f0-794d47916161} - C:\Program Files\Microsoft\Rights Management Add-on\mime_filter.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @C:\Program Files\Microsoft\Rights Management Add-on\rma_resource.dll,-205 - {aede78a6-42b6-4c3c-96eb-5ae6dbec4859} - C:\Program Files\Microsoft\Rights Management Add-on\mime_filter.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Microsoft\Rights Management Add-on\rma_resource.dll,-40970 - {aede78a6-42b6-4c3c-96eb-5ae6dbec4859} - C:\Program Files\Microsoft\Rights Management Add-on\mime_filter.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: (no name) - {685ec120-f786-4498-a8f0-794d47916161} - C:\Program Files\Microsoft\Rights Management Add-on\mime_filter.dll (HKCU)
O9 - Extra 'Tools' menuitem: @C:\Program Files\Microsoft\Rights Management Add-on\rma_resource.dll,-40971 - {685ec120-f786-4498-a8f0-794d47916161} - C:\Program Files\Microsoft\Rights Management Add-on\mime_filter.dll (HKCU)
O9 - Extra button: @C:\Program Files\Microsoft\Rights Management Add-on\rma_resource.dll,-205 - {aede78a6-42b6-4c3c-96eb-5ae6dbec4859} - C:\Program Files\Microsoft\Rights Management Add-on\mime_filter.dll (HKCU)
O9 - Extra 'Tools' menuitem: @C:\Program Files\Microsoft\Rights Management Add-on\rma_resource.dll,-40970 - {aede78a6-42b6-4c3c-96eb-5ae6dbec4859} - C:\Program Files\Microsoft\Rights Management Add-on\mime_filter.dll (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://halworld.halnet.com/
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://www.loksatta.com/daily/dynamic/wfplayer/tdserver.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/cl...
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = power.tech.int.digex.com
O17 - HKLM\Software\..\Telephony: DomainName = power.tech.int.digex.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = power.tech.int.digex.com
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: rmh - {23C585BB-48FF-4865-8934-185F0A7EB84C} - C:\Program Files\Microsoft\Rights Management Add-on\mime_filter.dll
O18 - Filter: application/msword - {DFF82902-0B96-3B98-6F62-D655E146A23A} - C:\Program Files\Microsoft\Rights Management Add-on\mime_filter.dll
O18 - Filter hijack: application/octet-stream - {F969FE8E-1937-45AD-AF42-8A4D11CBDC2A} - C:\Program Files\Microsoft\Rights Management Add-on\mime_filter.dll
O18 - Filter: application/vnd-backup-octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINNT\System32\mscoree.dll
O18 - Filter: application/vnd-viewer - {CD4527E8-4FC7-48DB-9806-10537B501237} - (no file)
O18 - Filter: application/vnd.ms-excel - {DFF82902-0B96-3B98-6F62-D655E146A23A} - C:\Program Files\Microsoft\Rights Management Add-on\mime_filter.dll
O18 - Filter: application/vnd.ms-powerpoint - {DFF82902-0B96-3B98-6F62-D655E146A23A} - C:\Program Files\Microsoft\Rights Management Add-on\mime_filter.dll
O18 - Filter: application/x-microsoft-rpmsg-message - {DFF82902-0B96-3B98-6F62-D655E146A23A} - C:\Program Files\Microsoft\Rights Management Add-on\mime_filter.dll
O20 - Winlogon Notify: NavLogon - C:\WINNT\System32\NavLogon.dll
O20 - Winlogon Notify: winqio32 - winqio32.dll (file missing)
O23 - Service: Access Manager Configuration Service (AMBroker) - MCI, Inc. - C:\Program Files\AccessManager\Client\AMBroker.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\System32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Visual Insight DA Plugin (DAPlugin) - MCI, Inc. - C:\Program Files\AccessManager\Client\DAPlugin.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: Contivity VPN Service (ExtranetAccess) - Nortel Networks NA, Inc. - C:\Program Files\IP VPN Remote Services\Extranet_serv.exe
O23 - Service: HalXP API Check (HXPAPIC) - Unknown owner - C:\WINNT\System32\hxpapics.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINNT\System32\ibmpmsvc.exe
O23 - Service: NICSer_WPC54G - Unknown owner - C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
O23 - Service: OracleOraHome81ClientCache - Unknown owner - C:\Oracle\Ora81\BIN\ONRSD.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SP Software Installer - Smartpipes, Inc. - C:\Program Files\AccessManager\PMAC\sp_SWIns.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Visual Insight Dial Analysis (sp_spi_da) - Smartpipes, Inc. - C:\Program Files\AccessManager\SMOC\spi_da.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: SSA Integration Manager (Sygman) - MCI, Inc. - C:\Program Files\AccessManager\Client\sygman.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZoneLabs\vsmon.exe
[ + quote]
 
Page:< Previous12
afterdawn.com > forums > software, operating systems and more > windows - virus and spyware problems > unclean computer - ulwindowseek popups
 

Digital video: AfterDawn.com | AfterDawn Forums
Music: MP3Lizard.com
Gaming: Blasteroids.com | Blasteroids Forums | Compare game prices
Software: Software downloads
Blogs: User profile pages
RSS feeds: AfterDawn.com News | Software updates | AfterDawn Forums
International: AfterDawn in Finnish | AfterDawn in Swedish | AfterDawn in Norwegian | download.fi
Navigate: Search | Site map
About us: About AfterDawn Ltd | Advertise on our sites | Rules, Restrictions, Legal disclaimer & Privacy policy
Contact us: Send feedback | Contact our media sales team
 
  © 1999-2024 by AfterDawn Ltd.

  IDG TechNetwork