Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Surf Sidekick 3, Webhancer, Other Evil


  • This topic is locked This topic is locked
13 replies to this topic

#1 sofia_e

sofia_e

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:01 PM

Posted 25 March 2006 - 10:41 PM

I have run Ad-aware and Spybot multiple times, but they have been unsuccessful in removing something called "Command Service". I'm able to get rid of the Surf Sidekick and WebHancer for short periods of time, but they continually return. I'm getting excessive pop-ups and it's driving me crazy. If anyone can help I would be so grateful. Thanks!

Logfile of HijackThis v1.99.1
Scan saved at 10:32:09 PM, on 3/25/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\System32\1XConfig.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\BacsTray.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\winlog.exe
C:\windows\mousepad5.exe
C:\WINDOWS\SYSC00.exe
C:\WINDOWS\lplzvhiA.exe
C:\WINDOWS\errorhandler.exe
C:\WINDOWS\system32\7D7D8287898989.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\sys11-1328789840.exe
C:\WINDOWS\ms048789840-132.exe
C:\windows\eee2.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\srshost.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\PROGRA~1\Webshots\webshots.scr
C:\Program Files\iPod\bin\iPodService.exe
C:\DOCUME~1\Sofia\LOCALS~1\Temp\cinfo.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
C:\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll
F2 - REG:system.ini: UserInit=userinit.exe
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [bacstray] BacsTray.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [eDonkey2000] "C:\Program Files\eDonkey2000\edonkey2000.exe" -t
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [outlook] C:\Program Files\outlook\outlook.exe /auto
O4 - HKLM\..\Run: [winlog] winlog.exe
O4 - HKLM\..\Run: [keyboard] C:\windows\keyboard5.exe
O4 - HKLM\..\Run: [mousepad] C:\windows\mousepad5.exe
O4 - HKLM\..\Run: [newname] C:\windows\newname5.exe
O4 - HKLM\..\Run: [TheMonitor] C:\WINDOWS\SYSC00.exe
O4 - HKLM\..\Run: [lplzvhiA] C:\WINDOWS\lplzvhiA.exe
O4 - HKLM\..\Run: [errorhandler] C:\WINDOWS\errorhandler.exe
O4 - HKLM\..\Run: [loadadv64] C:\WINDOWS\system32\loadadv64
O4 - HKLM\..\Run: [8D8D92979999999B] 7D7D8287898989.exe
O4 - HKLM\..\Run: [expload.exe] C:\WINDOWS\system32\expload.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [sys11-1328789840] C:\WINDOWS\sys11-1328789840.exe
O4 - HKLM\..\Run: [ms048789840-132] C:\WINDOWS\ms048789840-132.exe
O4 - HKLM\..\Run: [14=4] C:\windows\eee2.exe
O4 - HKLM\..\Run: [sys02328789840-1] C:\WINDOWS\sys02328789840-1.exe
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKLM\..\RunServices: [winlog] winlog.exe
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [srshost.exe] C:\WINDOWS\system32\srshost.exe
O4 - HKCU\..\Run: [EQAdvice] "C:\Program Files\EQAdvice\EQAdvice.exe"
O4 - HKCU\..\Run: [CU1] C:\Program Files\Common Files\VCClient\VCClient.exe
O4 - HKCU\..\Run: [CU2] C:\Program Files\Common Files\VCClient\VCMain.exe
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll (file missing)
O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
O16 - DPF: {D0B5B58D-8CB9-4EDB-8BB0-9D34AEF727CF} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/d.../ITDetector.cab
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = nyu.edu
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = nyu.edu
O20 - AppInit_DLLs: repairs303169563.dll
O20 - Winlogon Notify: Controls Folder - C:\WINDOWS\system32\enn6l15s1.dll (file missing)
O20 - Winlogon Notify: Dynamic Directory - C:\WINDOWS\system32\IIXWAN.DLL (file missing)
O20 - Winlogon Notify: Sebring - C:\WINDOWS\System32\LgNotify.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe

BC AdBot (Login to Remove)

 


#2 Rawe

Rawe

  • Members
  • 2,363 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:06:01 AM

Posted 26 March 2006 - 07:39 AM

Hello and welcome.. :thumbsup: Lets get started.

==

Through Add/Remove programs, uninstall the following entries if present:

EQAdvice
SurfSideKick 3
SurfSideKick


==

Next:

Please print these instructions out, or write them down, as you can't read them during the fix.

1. Please download The Avenger by Swandog46 to your Desktop.
  • Click on Avenger.zip to open the file
  • Extract Avenger.exe to your desktop.
2. Copy all the text in bold contained in the quotebox below to a blank notepad file:

Files to delete:
C:\windows\keyboard5.exe
C:\windows\mousepad5.exe
C:\windows\newname5.exe
C:\WINDOWS\SYSC00.exe
C:\WINDOWS\lplzvhiA.exe
C:\WINDOWS\errorhandler.exe
C:\WINDOWS\system32\loadadv64
C:\WINDOWS\system32\expload.exe
C:\WINDOWS\sys11-1328789840.exe
C:\WINDOWS\ms048789840-132.exe
C:\windows\eee2.exe
C:\WINDOWS\sys02328789840-1.exe
C:\WINDOWS\system32\winlog.exe
C:\WINDOWS\system32\srshost.exe
C:\WINDOWS\system32\dmonwv.dll
C:\Windows\system32\repairs303169563.dll
C:\WINDOWS\system32\enn6l15s1.dll
C:\WINDOWS\system32\IIXWAN.DLL

Folders to delete:
C:\Program Files\EQAdvice\
C:\Program Files\Common Files\VCClient\
C:\Program Files\SurfSideKick 3\
C:\Program Files\outlook\


Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


3. Now, start The Avenger program by clicking on its icon on your desktop.
  • Under "Script file to execute" choose "Input Script Manually".
  • Now click on the Magnifying Glass icon which will open a new window titled "View/edit script"
  • Paste the text copied to the notepad file into this window
  • Click Done
  • Now click on the Green Light to begin execution of the script
  • Answer "Yes" twice when prompted.
The Avenger will automatically do the following:
  • Restarts your computer. ( In cases where the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)
  • On reboot, it briefly opens a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
5. Please copy/paste all the contents of avenger.txt into your reply along with a fresh HJT log by using AddReply. :flowers:

Edited by Rawe, 26 March 2006 - 07:41 AM.

Hi there, stranger!

#3 sofia_e

sofia_e
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:01 PM

Posted 26 March 2006 - 12:33 PM

Thanks so much for taking the time to help me! Here is the Avenger log file:

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\wqxvfgqy

*******************

Script file located at: \??\C:\Documents and Settings\kkenxpyk.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\windows\keyboard5.exe deleted successfully.
File C:\windows\mousepad5.exe deleted successfully.
File C:\windows\newname5.exe deleted successfully.
File C:\WINDOWS\SYSC00.exe deleted successfully.
File C:\WINDOWS\lplzvhiA.exe deleted successfully.
File C:\WINDOWS\errorhandler.exe deleted successfully.
File C:\WINDOWS\system32\loadadv64 deleted successfully.
File C:\WINDOWS\system32\expload.exe deleted successfully.
File C:\WINDOWS\sys11-1328789840.exe deleted successfully.
File C:\WINDOWS\ms048789840-132.exe deleted successfully.
File C:\windows\eee2.exe deleted successfully.


File C:\WINDOWS\sys02328789840-1.exe not found!
Deletion of file C:\WINDOWS\sys02328789840-1.exe failed!

Could not process line:
C:\WINDOWS\sys02328789840-1.exe
Status: 0xc0000034

File C:\WINDOWS\system32\winlog.exe deleted successfully.
File C:\WINDOWS\system32\srshost.exe deleted successfully.


File C:\WINDOWS\system32\dmonwv.dll not found!
Deletion of file C:\WINDOWS\system32\dmonwv.dll failed!

Could not process line:
C:\WINDOWS\system32\dmonwv.dll
Status: 0xc0000034

File C:\Windows\system32\repairs303169563.dll deleted successfully.


File C:\WINDOWS\system32\enn6l15s1.dll not found!
Deletion of file C:\WINDOWS\system32\enn6l15s1.dll failed!

Could not process line:
C:\WINDOWS\system32\enn6l15s1.dll
Status: 0xc0000034



File C:\WINDOWS\system32\IIXWAN.DLL not found!
Deletion of file C:\WINDOWS\system32\IIXWAN.DLL failed!

Could not process line:
C:\WINDOWS\system32\IIXWAN.DLL
Status: 0xc0000034



Folder C:\Program Files\EQAdvice not found!
Deletion of folder C:\Program Files\EQAdvice failed!

Could not process line:
C:\Program Files\EQAdvice
Status: 0xc0000034



Folder C:\Program Files\Common Files\VCClient not found!
Deletion of folder C:\Program Files\Common Files\VCClient failed!

Could not process line:
C:\Program Files\Common Files\VCClient
Status: 0xc0000034

Folder C:\Program Files\SurfSideKick 3 deleted successfully.


Folder C:\Program Files\outlook not found!
Deletion of folder C:\Program Files\outlook failed!

Could not process line:
C:\Program Files\outlook
Status: 0xc0000034


Completed script processing.

*******************

Finished! Terminate.


And here is the new HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 12:30:49 PM, on 3/26/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\System32\1XConfig.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\BacsTray.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\7D7D8287898989.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\PROGRA~1\Webshots\webshots.scr
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll (file missing)
F2 - REG:system.ini: UserInit=userinit.exe
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [bacstray] BacsTray.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [eDonkey2000] "C:\Program Files\eDonkey2000\edonkey2000.exe" -t
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [outlook] C:\Program Files\outlook\outlook.exe /auto
O4 - HKLM\..\Run: [winlog] winlog.exe
O4 - HKLM\..\Run: [keyboard] C:\windows\keyboard5.exe
O4 - HKLM\..\Run: [mousepad] C:\windows\mousepad5.exe
O4 - HKLM\..\Run: [newname] C:\windows\newname5.exe
O4 - HKLM\..\Run: [TheMonitor] C:\WINDOWS\SYSC00.exe
O4 - HKLM\..\Run: [lplzvhiA] C:\WINDOWS\lplzvhiA.exe
O4 - HKLM\..\Run: [errorhandler] C:\WINDOWS\errorhandler.exe
O4 - HKLM\..\Run: [loadadv64] C:\WINDOWS\system32\loadadv64
O4 - HKLM\..\Run: [8D8D92979999999B] 7D7D8287898989.exe
O4 - HKLM\..\Run: [expload.exe] C:\WINDOWS\system32\expload.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [sys11-1328789840] C:\WINDOWS\sys11-1328789840.exe
O4 - HKLM\..\Run: [ms048789840-132] C:\WINDOWS\ms048789840-132.exe
O4 - HKLM\..\Run: [14=4] C:\windows\eee2.exe
O4 - HKLM\..\Run: [sys02328789840-1] C:\WINDOWS\sys02328789840-1.exe
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKLM\..\RunServices: [winlog] winlog.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [srshost.exe] C:\WINDOWS\system32\srshost.exe
O4 - HKCU\..\Run: [EQAdvice] "C:\Program Files\EQAdvice\EQAdvice.exe"
O4 - HKCU\..\Run: [CU1] C:\Program Files\Common Files\VCClient\VCClient.exe
O4 - HKCU\..\Run: [CU2] C:\Program Files\Common Files\VCClient\VCMain.exe
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll (file missing)
O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.media-motor.net
O15 - Trusted Zone: *.popuppers.com
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
O16 - DPF: {D0B5B58D-8CB9-4EDB-8BB0-9D34AEF727CF} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/d.../ITDetector.cab
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = nyu.edu
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = nyu.edu
O20 - AppInit_DLLs: repairs303169563.dll
O20 - Winlogon Notify: Controls Folder - C:\WINDOWS\system32\enn6l15s1.dll (file missing)
O20 - Winlogon Notify: Dynamic Directory - C:\WINDOWS\system32\IIXWAN.DLL (file missing)
O20 - Winlogon Notify: Sebring - C:\WINDOWS\System32\LgNotify.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe

#4 Rawe

Rawe

  • Members
  • 2,363 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:06:01 AM

Posted 26 March 2006 - 12:55 PM

Hi again, lets continue. :thumbsup:

1. Please download Ewido Anti-Malware
  • Install ewido anti-malware
  • Launch ewido, there should be an icon on your desktop, double-click it.
  • The program will now open to the main screen.
  • When you run ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment.

    You will need to update ewido to the latest definition files.
    • On the left hand side of the main screen click update.
    • Then click on Start Update.
  • The update will start and a progress bar will show the updates being installed.
    (the status bar at the bottom will display ("Update successful")
  • Exit Ewido, do not run the scan yet!
If you are having problems with the updater, you can use this link to manually update ewido.
ewido manual updates

2. Please download Brute Force Uninstaller to your desktop.
  • Right click the BFU folder on your desktop, and choose Extract All
  • Click "Next"
  • In the box to choose where to extract the files to,
  • Click "Browse"
  • Click on the + sign next to "My Computer"
  • Click on "Local Disk (C:) or whatever your primary drive is
  • Click "Make New Folder"
  • Type in BFU
  • Click "Next", and Uncheck the "Show Extracted Files" box and then click "Finish".
3. RIGHT-CLICK HERE and choose "Save As" (in IE it's "Save Target As") in order to download Alcra PLUS Remover.
Save it in the same folder you made earlier (c:\BFU).

Do not do anything with these yet!

Reboot your computer into Safe Mode. You can do this by restarting your computer and continually tapping F8 until a menu appears. Highlight Safe Mode and hit enter.

4. Once in Safe Mode, Open Ewido:
  • Click on scanner
  • Click on Complete System Scan and the scan will begin.
  • You will be prompted to clean the first infection.
  • Select "Perform action on all infections", then proceed.
  • Once the scan has completed, there will be a button located on the bottom of the screen named Save report
  • Click Save report.
  • Save the report .txt file to your desktop or a location where you can find it easily.
Close ewido anti-malware.

5. Then, please go to Start > My Computer and navigate to the C:\BFU folder.
  • Start the Brute Force Uninstaller by doubleclicking BFU.exe
  • In the scriptline to execute field type or paste c:\bfu\alcanshorty.bfu
  • Press Execute and let it do it’s job. (You ought to see a progress bar if you did this correctly.)
  • Wait for the complete script execution box to pop up and press OK.
  • Press exit to terminate the BFU program.
Reboot into normal windows and post the contents of Ewido text report that you saved and a new HiJackThis log. :flowers:
Hi there, stranger!

#5 sofia_e

sofia_e
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:01 PM

Posted 26 March 2006 - 02:54 PM

Here is the Ewido report:

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 2:43:23 PM, 3/26/2006
+ Report-Checksum: 79957A39

+ Scan result:

HKLM\SOFTWARE\Classes\CLSID\{00000000-0000-0000-0000-000000000010} -> Adware.Generic : Cleaned with backup
HKLM\SOFTWARE\SurfSideKick3 -> Adware.SurfSide : Cleaned with backup
HKLM\SOFTWARE\SurfSideKick3\Internet Explorer -> Adware.SurfSide : Cleaned with backup
HKU\S-1-5-21-1935910708-3478852329-3426361989-1008\Software\DNS -> Adware.Shorty : Cleaned with backup
HKU\S-1-5-21-1935910708-3478852329-3426361989-1008\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-0000-0000-0000-000000000010} -> Adware.Generic : Cleaned with backup
HKU\S-1-5-21-1935910708-3478852329-3426361989-1008\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6001CDF7-6F45-471B-A203-0225615E35A7} -> Adware.Generic : Cleaned with backup
HKU\S-1-5-21-1935910708-3478852329-3426361989-1008\Software\SurfSideKick3 -> Adware.SurfSide : Cleaned with backup
HKU\S-1-5-21-1935910708-3478852329-3426361989-1008\Software\SurfSideKick3\Internet Explorer -> Adware.SurfSide : Cleaned with backup
C:\avenger\backup.zip/avenger/eee2.exe -> Adware.MediaMotor : Cleaned with backup
C:\avenger\backup.zip/avenger/expload.exe -> Dropper.Agent.hl : Cleaned with backup
C:\avenger\backup.zip/avenger/keyboard5.exe -> Downloader.VB.zl : Cleaned with backup
C:\avenger\backup.zip/avenger/mousepad5.exe -> Hijacker.VB.ly : Cleaned with backup
C:\avenger\backup.zip/avenger/newname5.exe -> Downloader.Adload.ae : Cleaned with backup
C:\avenger\backup.zip/avenger/srshost.exe -> Proxy.Agent.hy : Cleaned with backup
C:\avenger\backup.zip/avenger/SYSC00.exe -> Trojan.VB.tg : Cleaned with backup
C:\avenger\backup.zip/avenger/winlog.exe -> Backdoor.Rbot : Cleaned with backup
:mozilla.7:C:\Documents and Settings\LocalService\Application Data\Mozilla\Firefox\Profiles\0umbjdqn.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned with backup
:mozilla.8:C:\Documents and Settings\LocalService\Application Data\Mozilla\Firefox\Profiles\0umbjdqn.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.9:C:\Documents and Settings\LocalService\Application Data\Mozilla\Firefox\Profiles\0umbjdqn.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.10:C:\Documents and Settings\LocalService\Application Data\Mozilla\Firefox\Profiles\0umbjdqn.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.11:C:\Documents and Settings\LocalService\Application Data\Mozilla\Firefox\Profiles\0umbjdqn.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.12:C:\Documents and Settings\LocalService\Application Data\Mozilla\Firefox\Profiles\0umbjdqn.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.13:C:\Documents and Settings\LocalService\Application Data\Mozilla\Firefox\Profiles\0umbjdqn.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.14:C:\Documents and Settings\LocalService\Application Data\Mozilla\Firefox\Profiles\0umbjdqn.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.23:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.32:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.38:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.Coremetrics : Cleaned with backup
:mozilla.43:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.44:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.45:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.51:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.52:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.53:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.54:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.55:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.56:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.57:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.58:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.59:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.60:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.61:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.62:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.63:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.64:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.65:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.66:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.67:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.68:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.69:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.70:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.71:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.72:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.73:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.74:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.75:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.76:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.77:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.78:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.79:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.80:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.81:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.82:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.83:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.84:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.85:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.86:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.87:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.88:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.89:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.90:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.91:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.92:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.93:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.94:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.95:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.96:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.97:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.98:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.99:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.100:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.125:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.126:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.127:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.128:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.129:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.130:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.131:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.139:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.151:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.152:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.153:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.154:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.155:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.156:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.157:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned with backup
:mozilla.158:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.159:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.160:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.161:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.162:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.163:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.164:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.165:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.166:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.167:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.168:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.169:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.170:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.171:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.172:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.173:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.174:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.175:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.176:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.177:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.178:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.179:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.180:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.181:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.182:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.183:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.184:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.185:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.186:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.187:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.188:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.189:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.190:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.191:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.192:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.193:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.194:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.195:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.196:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.197:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.198:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.199:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.200:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.201:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.202:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.203:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.204:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.205:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.208:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.222:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.223:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.Addynamix : Cleaned with backup
:mozilla.224:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.Addynamix : Cleaned with backup
:mozilla.225:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.Addynamix : Cleaned with backup
:mozilla.226:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.Addynamix : Cleaned with backup
:mozilla.239:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.240:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.241:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.242:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.243:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.244:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.245:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.Addynamix : Cleaned with backup
:mozilla.246:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.Addynamix : Cleaned with backup
:mozilla.247:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.Addynamix : Cleaned with backup
:mozilla.248:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.Addynamix : Cleaned with backup
:mozilla.249:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.Addynamix : Cleaned with backup
:mozilla.250:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.Addynamix : Cleaned with backup
:mozilla.251:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.Addynamix : Cleaned with backup
:mozilla.252:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.253:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.254:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.255:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.256:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.259:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup
:mozilla.260:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup
:mozilla.278:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.279:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.280:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.281:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.282:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.283:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.284:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.285:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.317:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.318:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.319:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.320:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.335:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.336:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.337:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.338:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.339:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.340:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.341:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.345:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.346:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.362:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned with backup
:mozilla.370:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.371:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.372:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.373:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.374:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.375:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.379:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.399:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.Findwhat : Cleaned with backup
:mozilla.430:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.Starware : Cleaned with backup
:mozilla.431:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.Starware : Cleaned with backup
:mozilla.432:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.Starware : Cleaned with backup
:mozilla.442:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.Hypertracker : Cleaned with backup
:mozilla.526:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.527:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.530:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.538:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.552:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.561:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.562:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.563:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.564:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.565:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.568:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup
:mozilla.582:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned with backup
:mozilla.583:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned with backup
:mozilla.594:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.595:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.596:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.597:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.598:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.629:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.630:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.631:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.632:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.641:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.642:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.643:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.644:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.645:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.646:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.647:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.648:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.649:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.683:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup
:mozilla.684:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup
:mozilla.685:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup
:mozilla.686:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup
:mozilla.687:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup
:mozilla.688:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup
:mozilla.689:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup
:mozilla.704:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.Yadro : Cleaned with backup
:mozilla.705:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.Yadro : Cleaned with backup
:mozilla.706:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.707:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.708:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.709:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.710:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.711:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.715:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.716:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.717:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.718:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.719:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.720:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.721:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.722:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.723:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.724:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.725:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.726:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.727:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.728:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.729:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.730:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.731:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.732:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.736:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.737:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.738:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.739:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.740:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.741:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.750:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.751:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.752:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.753:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.756:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.Enhance : Cleaned with backup
:mozilla.757:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.Goclick : Cleaned with backup
:mozilla.758:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.Goclick : Cleaned with backup
:mozilla.763:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup
:mozilla.764:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup
:mozilla.765:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup
:mozilla.768:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.794:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup
:mozilla.795:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup
:mozilla.809:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.810:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.811:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.812:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.821:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned with backup
:mozilla.822:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.829:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.830:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.831:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.832:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.833:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.834:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.835:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.836:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.837:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.838:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.839:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup
:mozilla.840:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup
:mozilla.843:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.844:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.845:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.846:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.847:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.848:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.849:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt

#6 Rawe

Rawe

  • Members
  • 2,363 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:06:01 AM

Posted 26 March 2006 - 11:35 PM

Could you post the rest of the Ewido log aswell as a fresh HijackThis log please, your Ewido log got cut off :thumbsup:
Hi there, stranger!

#7 sofia_e

sofia_e
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:01 PM

Posted 27 March 2006 - 10:12 AM

Oops! Sorry, I didn't notice. Here is the rest of the ewido report:

:mozilla.849:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.850:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.851:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.852:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.853:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.863:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.Realtracker : Cleaned with backup
:mozilla.864:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.Realtracker : Cleaned with backup
:mozilla.889:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup
:mozilla.890:C:\Documents and Settings\Sofia\Application Data\Mozilla\Firefox\Profiles\2gh3i4tp.default\cookies.txt -> TrackingCookie.Starware : Cleaned with backup
C:\Documents and Settings\Sofia\Application Data\Αdobe\dvdplay.exe -> Downloader.PurityScan.w : Cleaned with backup
C:\Documents and Settings\Sofia\Cookies\sofia@112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Sofia\Cookies\sofia@aavalue[2].txt -> TrackingCookie.Aavalue : Cleaned with backup
C:\Documents and Settings\Sofia\Cookies\sofia@ad.adition[2].txt -> TrackingCookie.Adition : Cleaned with backup
C:\Documents and Settings\Sofia\Cookies\sofia@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Sofia\Cookies\sofia@ad1.clickhype[1].txt -> TrackingCookie.Clickhype : Cleaned with backup
C:\Documents and Settings\Sofia\Cookies\sofia@addcontrol[1].txt -> TrackingCookie.Addcontrol : Cleaned with backup
C:\Documents and Settings\Sofia\Cookies\sofia@adopt.euroclick[1].txt -> TrackingCookie.Euroclick : Cleaned with backup
C:\Documents and Settings\Sofia\Cookies\sofia@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : Cleaned with backup
C:\Documents and Settings\Sofia\Cookies\sofia@adorigin[2].txt -> TrackingCookie.Adorigin : Cleaned with backup
C:\Documents and Settings\Sofia\Cookies\sofia@ads.realcastmedia[2].txt -> TrackingCookie.Realcastmedia : Cleaned with backup
C:\Documents and Settings\Sofia\Cookies\sofia@ads1.revenue[1].txt -> TrackingCookie.Revenue : Cleaned with backup
C:\Documents and Settings\Sofia\Cookies\sofia@ads15.bpath[2].txt -> TrackingCookie.Bpath : Cleaned with backup
C:\Documents and Settings\Sofia\Cookies\sofia@affiliates.x10[1].txt -> TrackingCookie.X10 : Cleaned with backup
C:\Documents and Settings\Sofia\Cookies\sofia@anat.tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned with backup
C:\Documents and Settings\Sofia\Cookies\sofia@banners.searchingbooth[2].txt -> TrackingCookie.Searchingbooth : Cleaned with backup
C:\Documents and Settings\Sofia\Cookies\sofia@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned with backup
C:\Documents and Settings\Sofia\Cookies\sofia@c.enhance[2].txt -> TrackingCookie.Enhance : Cleaned with backup
C:\Documents and Settings\Sofia\Cookies\sofia@chicagosuntimes.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Sofia\Cookies\sofia@cnn.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Sofia\Cookies\sofia@com[2].txt -> TrackingCookie.Com : Cleaned with backup
C:\Documents and Settings\Sofia\Cookies\sofia@cpvfeed[1].txt -> TrackingCookie.Cpvfeed : Cleaned with backup
C:\Documents and Settings\Sofia\Cookies\sofia@cz3.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned with backup
C:\Documents and Settings\Sofia\Cookies\sofia@e-2dj6wjk4eldpalp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Sofia\Cookies\sofia@e-2dj6wjk4gjdjobp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Sofia\Cookies\sofia@e-2dj6wjkyaiczocp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Sofia\Cookies\sofia@e-2dj6wjl4kgajskp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Sofia\Cookies\sofia@entrepreneur.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Sofia\Cookies\sofia@eztracks.aavalue[2].txt -> TrackingCookie.Aavalue : Cleaned with backup
C:\Documents and Settings\Sofia\Cookies\sofia@hypertracker[2].txt -> TrackingCookie.Hypertracker : Cleaned with backup
C:\Documents and Settings\Sofia\Cookies\sofia@ilead.itrack[1].txt -> TrackingCookie.Itrack : Cleaned with backup
C:\Documents and Settings\Sofia\Cookies\sofia@image.masterstats[1].txt -> TrackingCookie.Masterstats : Cleaned with backup
C:\Documents and Settings\Sofia\Cookies\sofia@ivwbox[1].txt -> TrackingCookie.Ivwbox : Cleaned with backup
C:\Documents and Settings\Sofia\Cookies\sofia@kmpads[1].txt -> TrackingCookie.Kmpads : Cleaned with backup
C:\Documents and Settings\Sofia\Cookies\sofia@login.tracking101[1].txt -> TrackingCookie.Tracking101 : Cleaned with backup
C:\Documents and Settings\Sofia\Cookies\sofia@lovefreegames.aavalue[1].txt -> TrackingCookie.Aavalue : Cleaned with backup
C:\Documents and Settings\Sofia\Cookies\sofia@media.top-banners[1].txt -> TrackingCookie.Top-banners : Cleaned with backup
C:\Documents and Settings\Sofia\Cookies\sofia@microsofteup.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Sofia\Cookies\sofia@microsoftwga.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Sofia\Cookies\sofia@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Sofia\Cookies\sofia@partygaming.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Sofia\Cookies\sofia@paypopup[2].txt -> TrackingCookie.Paypopup : Cleaned with backup
C:\Documents and Settings\Sofia\Cookies\sofia@rotator.adjuggler[2].txt -> TrackingCookie.Adjuggler : Cleaned with backup
C:\Documents and Settings\Sofia\Cookies\sofia@sales.liveperson[2].txt -> TrackingCookie.Liveperson : Cleaned with backup
C:\Documents and Settings\Sofia\Cookies\sofia@server3.web-stat[2].txt -> TrackingCookie.Web-stat : Cleaned with backup
C:\Documents and Settings\Sofia\Cookies\sofia@starware[2].txt -> TrackingCookie.Starware : Cleaned with backup
C:\Documents and Settings\Sofia\Cookies\sofia@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : Cleaned with backup
C:\Documents and Settings\Sofia\Cookies\sofia@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned with backup
C:\Documents and Settings\Sofia\Cookies\sofia@webstat[1].txt -> TrackingCookie.Web-stat : Cleaned with backup
C:\Documents and Settings\Sofia\Cookies\sofia@www.adtrak[2].txt -> TrackingCookie.Adtrak : Cleaned with backup
C:\Documents and Settings\Sofia\Cookies\sofia@www.burstbeacon[2].txt -> TrackingCookie.Burstbeacon : Cleaned with backup
C:\Documents and Settings\Sofia\Cookies\sofia@www.burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned with backup
C:\Documents and Settings\Sofia\Cookies\sofia@www.myaffiliateprogram[1].txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup
C:\Documents and Settings\Sofia\Cookies\sofia@www.web-stat[2].txt -> TrackingCookie.Web-stat : Cleaned with backup
C:\Documents and Settings\Sofia\Cookies\sofia@yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Sofia\Cookies\sofia@zedo[2].txt -> TrackingCookie.Zedo : Cleaned with backup
C:\Documents and Settings\Sofia\Local Settings\Temp\!update.exe -> Downloader.PurityScan.w : Cleaned with backup
C:\Documents and Settings\Sofia\Local Settings\Temp\1.exe -> Dropper.Agent.hl : Cleaned with backup
C:\Documents and Settings\Sofia\Local Settings\Temp\637win.exe -> Dropper.Agent.hl : Cleaned with backup
C:\Documents and Settings\Sofia\Local Settings\Temp\Cookies\sofia@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Sofia\Local Settings\Temp\Cookies\sofia@adopt.euroclick[1].txt -> TrackingCookie.Euroclick : Cleaned with backup
C:\Documents and Settings\Sofia\Local Settings\Temp\Cookies\sofia@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : Cleaned with backup
C:\Documents and Settings\Sofia\Local Settings\Temp\Cookies\sofia@ads1.revenue[1].txt -> TrackingCookie.Revenue : Cleaned with backup
C:\Documents and Settings\Sofia\Local Settings\Temp\Cookies\sofia@banners.searchingbooth[1].txt -> TrackingCookie.Searchingbooth : Cleaned with backup
C:\Documents and Settings\Sofia\Local Settings\Temp\Cookies\sofia@c.enhance[1].txt -> TrackingCookie.Enhance : Cleaned with backup
C:\Documents and Settings\Sofia\Local Settings\Temp\Cookies\sofia@cpvfeed[1].txt -> TrackingCookie.Cpvfeed : Cleaned with backup
C:\Documents and Settings\Sofia\Local Settings\Temp\Cookies\sofia@kmpads[1].txt -> TrackingCookie.Kmpads : Cleaned with backup
C:\Documents and Settings\Sofia\Local Settings\Temp\Cookies\sofia@login.tracking101[2].txt -> TrackingCookie.Tracking101 : Cleaned with backup
C:\Documents and Settings\Sofia\Local Settings\Temp\Cookies\sofia@partygaming.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Sofia\Local Settings\Temp\Cookies\sofia@paypopup[2].txt -> TrackingCookie.Paypopup : Cleaned with backup
C:\Documents and Settings\Sofia\Local Settings\Temp\Cookies\sofia@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Cleaned with backup
C:\Documents and Settings\Sofia\Local Settings\Temp\D1B30.tmp/slk8x2peu.exe -> Adware.Suggestor : Cleaned with backup
C:\Documents and Settings\Sofia\Local Settings\Temp\D1B30.tmp/faotvpap7.exe -> Trojan.Runner.h : Cleaned with backup
C:\Documents and Settings\Sofia\Local Settings\Temp\drsmartload482a.exe -> Downloader.VB.vz : Cleaned with backup
C:\Documents and Settings\Sofia\Local Settings\Temp\echo.exe -> Dropper.Small.qn : Cleaned with backup
C:\Documents and Settings\Sofia\Local Settings\Temp\executor.exe -> Dropper.Agent.hl : Cleaned with backup
C:\Documents and Settings\Sofia\Local Settings\Temp\exp.exe -> Downloader.Small.abd : Cleaned with backup
C:\Documents and Settings\Sofia\Local Settings\Temp\f22928138.exe -> Downloader.Qoologic.bj : Cleaned with backup
C:\Documents and Settings\Sofia\Local Settings\Temp\f24570180.exe -> Downloader.Qoologic.bj : Cleaned with backup
C:\Documents and Settings\Sofia\Local Settings\Temp\gokm.exe -> Downloader.Agent.afi : Cleaned with backup
C:\Documents and Settings\Sofia\Local Settings\Temp\i482.tmp -> Adware.SurfSide : Cleaned with backup
C:\Documents and Settings\Sofia\Local Settings\Temp\insta.exe -> Downloader.Small.ckq : Cleaned with backup
C:\Documents and Settings\Sofia\Local Settings\Temp\loadadv640.exe -> Downloader.Harnig.bc : Cleaned with backup
C:\Documents and Settings\Sofia\Local Settings\Temp\mcwin.exe -> Dropper.Agent.hl : Cleaned with backup
C:\Documents and Settings\Sofia\Local Settings\Temp\million.exe -> Dropper.Agent.hl : Cleaned with backup
C:\Documents and Settings\Sofia\Local Settings\Temp\pre1.exe -> Dropper.Agent.hl : Cleaned with backup
C:\Documents and Settings\Sofia\Local Settings\Temp\pre2.exe -> Dropper.Agent.hl : Cleaned with backup
C:\Documents and Settings\Sofia\Local Settings\Temp\temp.fr205E -> Adware.Look2Me : Cleaned with backup
C:\Documents and Settings\Sofia\Local Settings\Temp\temp.fr4079\Programs\webhdll.dll -> Adware.WebHancer : Cleaned with backup
C:\Documents and Settings\Sofia\Local Settings\Temp\temp.fr4079\Programs\whiehlpr.dll -> Adware.WebHancer : Cleaned with backup
C:\Documents and Settings\Sofia\Local Settings\Temp\temp.fr6C59 -> Adware.Look2Me : Cleaned with backup
C:\Documents and Settings\Sofia\Local Settings\Temp\Temporary Internet Files\Content.IE5\4QIY5IME\ZICORN001[1].exe -> Adware.ZenoSearch : Cleaned with backup
C:\Documents and Settings\Sofia\Local Settings\Temp\Temporary Internet Files\Content.IE5\6G8R7NRD\installerwnus[1].exe -> Downloader.Qoologic.at : Cleaned with backup
C:\Documents and Settings\Sofia\Local Settings\Temp\tmp1D8.tmp -> Backdoor.PPdoor.al : Cleaned with backup
C:\Documents and Settings\Sofia\Local Settings\Temp\Transpd.dll -> Adware.Agent : Cleaned with backup
C:\Documents and Settings\Sofia\Local Settings\Temp\z1.exe -> Dropper.Agent.hl : Cleaned with backup
C:\Documents and Settings\Sofia\Local Settings\Temp\z3.exe -> Dropper.Agent.hl : Cleaned with backup
C:\krw1dn.exe -> Downloader.Agent.afi : Cleaned with backup
C:\NNSCAA638.EXE -> Adware.NewDotNet : Cleaned with backup
C:\visfx500.exe -> Dropper.Agent.aie : Cleaned with backup
C:\WINDOWS\5090.exe/eee2.exe -> Adware.MediaMotor : Cleaned with backup
C:\WINDOWS\CheckS02.exe -> Trojan.VB.tg : Cleaned with backup
C:\WINDOWS\country.exe -> Not-A-Virus.Exploit.HTML.Mht : Cleaned with backup
C:\WINDOWS\keyboard4.exe -> Downloader.VB.zk : Cleaned with backup
C:\WINDOWS\kl1.exe -> Not-A-Virus.Exploit.HTML.Mht : Cleaned with backup
C:\WINDOWS\NDNuninstall7_22.exe -> Adware.NewDotNet : Cleaned with backup
C:\WINDOWS\SET1F.tmp -> Adware.WebHancer : Cleaned with backup
C:\WINDOWS\sys011328789840-2006.exe -> Downloader.VB.tw : Cleaned with backup
C:\WINDOWS\SYSTEM32\2.exe -> Dropper.Agent.hl : Cleaned with backup
C:\WINDOWS\SYSTEM32\7D7D8287898989.exe -> Trojan.VB.aft : Cleaned with backup
C:\WINDOWS\SYSTEM32\adpopperwin.exe -> Dropper.Agent.hl : Cleaned with backup
C:\WINDOWS\SYSTEM32\dbneml3r.dll -> Backdoor.PPdoor.bp : Cleaned with backup
C:\WINDOWS\SYSTEM32\dhcp_037.exe -> Backdoor.PPdoor.bq : Cleaned with backup
C:\WINDOWS\SYSTEM32\hjoegfne.dll -> Adware.Agent : Cleaned with backup
C:\WINDOWS\SYSTEM32\i0jqla151d.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\SYSTEM32\instawin.exe -> Dropper.Agent.hl : Cleaned with backup
C:\WINDOWS\SYSTEM32\mcspy.exe -> Downloader.Small.ckq : Cleaned with backup
C:\WINDOWS\SYSTEM32\mpupgrd.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\SYSTEM32\n4r20e9oeh.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\SYSTEM32\pre1.exe -> Dropper.Agent.hl : Cleaned with backup
C:\WINDOWS\SYSTEM32\pre2.exe -> Dropper.Agent.hl : Cleaned with backup
C:\WINDOWS\SYSTEM32\qkdsregr.exe -> Adware.ZenoSearch : Cleaned with backup
C:\WINDOWS\SYSTEM32\qpdsregj.exe -> Adware.ZenoSearch : Cleaned with backup
C:\WINDOWS\SYSTEM32\rk.bin -> Adware.RK : Cleaned with backup
C:\WINDOWS\SYSTEM32\tobundle.exe -> Dropper.Agent.hl : Cleaned with backup
C:\WINDOWS\SYSTEM32\usrsosys.dll -> Backdoor.PPdoor.bq : Cleaned with backup
C:\WINDOWS\SYSTEM32\winspy.exe -> Downloader.Small.ckq : Cleaned with backup
C:\WINDOWS\SYSTEM32\z2.exe -> Dropper.Agent.hl : Cleaned with backup
C:\WINDOWS\SYSTEM32\zz.exe -> Dropper.Agent.hl : Cleaned with backup
C:\WINDOWS\SYSTEM32\{8110581C-FEA4-47AC-ADBC-DE958DD0F354}.dll -> Trojan.VB.aft : Cleaned with backup
C:\WINDOWS\Temp\Cookies\sofia@kmpads[1].txt -> TrackingCookie.Kmpads : Cleaned with backup
C:\WINDOWS\unin101.exe -> Trojan.VB.tg : Cleaned with backup
C:\WINDOWS\uniq -> Not-A-Virus.Exploit.HTML.Mht : Cleaned with backup
C:\WINDOWS\uni_eh.exe -> Trojan.VB.tg : Cleaned with backup
C:\WINDOWS\whCC-GIANT.exe/WhAgent.exe -> Adware.WebHancer : Cleaned with backup
C:\WINDOWS\Zpkqvgtv.dll -> Adware.BookedSpace : Cleaned with backup


::Report End

#8 sofia_e

sofia_e
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:01 PM

Posted 27 March 2006 - 10:14 AM

And here is the HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 10:13:14 AM, on 3/27/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\System32\1XConfig.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\BacsTray.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\PROGRA~1\Webshots\webshots.scr
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Final Draft 7\Final Draft.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll (file missing)
F2 - REG:system.ini: UserInit=userinit.exe
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [bacstray] BacsTray.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [eDonkey2000] "C:\Program Files\eDonkey2000\edonkey2000.exe" -t
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [outlook] C:\Program Files\outlook\outlook.exe /auto
O4 - HKLM\..\Run: [winlog] winlog.exe
O4 - HKLM\..\Run: [keyboard] C:\windows\keyboard5.exe
O4 - HKLM\..\Run: [mousepad] C:\windows\mousepad5.exe
O4 - HKLM\..\Run: [newname] C:\windows\newname5.exe
O4 - HKLM\..\Run: [TheMonitor] C:\WINDOWS\SYSC00.exe
O4 - HKLM\..\Run: [lplzvhiA] C:\WINDOWS\lplzvhiA.exe
O4 - HKLM\..\Run: [errorhandler] C:\WINDOWS\errorhandler.exe
O4 - HKLM\..\Run: [loadadv64] C:\WINDOWS\system32\loadadv64
O4 - HKLM\..\Run: [expload.exe] C:\WINDOWS\system32\expload.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [sys11-1328789840] C:\WINDOWS\sys11-1328789840.exe
O4 - HKLM\..\Run: [ms048789840-132] C:\WINDOWS\ms048789840-132.exe
O4 - HKLM\..\Run: [14=4] C:\windows\eee2.exe
O4 - HKLM\..\Run: [sys02328789840-1] C:\WINDOWS\sys02328789840-1.exe
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKLM\..\RunServices: [winlog] winlog.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [srshost.exe] C:\WINDOWS\system32\srshost.exe
O4 - HKCU\..\Run: [EQAdvice] "C:\Program Files\EQAdvice\EQAdvice.exe"
O4 - HKCU\..\Run: [CU1] C:\Program Files\Common Files\VCClient\VCClient.exe
O4 - HKCU\..\Run: [CU2] C:\Program Files\Common Files\VCClient\VCMain.exe
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll (file missing)
O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.media-motor.net
O15 - Trusted Zone: *.popuppers.com
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
O16 - DPF: {D0B5B58D-8CB9-4EDB-8BB0-9D34AEF727CF} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/d.../ITDetector.cab
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = nyu.edu
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = nyu.edu
O20 - AppInit_DLLs: repairs303169563.dll
O20 - Winlogon Notify: Controls Folder - C:\WINDOWS\system32\enn6l15s1.dll (file missing)
O20 - Winlogon Notify: Dynamic Directory - C:\WINDOWS\system32\IIXWAN.DLL (file missing)
O20 - Winlogon Notify: Sebring - C:\WINDOWS\System32\LgNotify.dll
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe

#9 Rawe

Rawe

  • Members
  • 2,363 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:06:01 AM

Posted 27 March 2006 - 12:18 PM

Hi, lets continue :thumbsup:

==

Please do the following:
  • Download WinPFind
  • Right-click the Zip folder and Select "Extract All"
  • Extract it somewhere you will remember like the Desktop.
  • Dont do anything with it yet.
==

Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.


==

Once in Safe Mode, please run a scan with HijackThis and check the following objects for removal if present:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll (file missing)
O4 - HKLM\..\Run: [outlook] C:\Program Files\outlook\outlook.exe /auto
O4 - HKLM\..\Run: [winlog] winlog.exe
O4 - HKLM\..\Run: [keyboard] C:\windows\keyboard5.exe
O4 - HKLM\..\Run: [mousepad] C:\windows\mousepad5.exe
O4 - HKLM\..\Run: [newname] C:\windows\newname5.exe
O4 - HKLM\..\Run: [TheMonitor] C:\WINDOWS\SYSC00.exe
O4 - HKLM\..\Run: [lplzvhiA] C:\WINDOWS\lplzvhiA.exe
O4 - HKLM\..\Run: [errorhandler] C:\WINDOWS\errorhandler.exe
O4 - HKLM\..\Run: [loadadv64] C:\WINDOWS\system32\loadadv64
O4 - HKLM\..\Run: [expload.exe] C:\WINDOWS\system32\expload.exe
O4 - HKLM\..\Run: [sys11-1328789840] C:\WINDOWS\sys11-1328789840.exe
O4 - HKLM\..\Run: [ms048789840-132] C:\WINDOWS\ms048789840-132.exe
O4 - HKLM\..\Run: [14=4] C:\windows\eee2.exe
O4 - HKLM\..\Run: [sys02328789840-1] C:\WINDOWS\sys02328789840-1.exe
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKLM\..\RunServices: [winlog] winlog.exe
O4 - HKCU\..\Run: [srshost.exe] C:\WINDOWS\system32\srshost.exe
O4 - HKCU\..\Run: [EQAdvice] "C:\Program Files\EQAdvice\EQAdvice.exe"
O4 - HKCU\..\Run: [CU1] C:\Program Files\Common Files\VCClient\VCClient.exe
O4 - HKCU\..\Run: [CU2] C:\Program Files\Common Files\VCClient\VCMain.exe
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll (file missing)
O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll (file missing)
O15 - Trusted Zone: *.media-motor.net
O15 - Trusted Zone: *.popuppers.com
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O20 - AppInit_DLLs: repairs303169563.dll
O20 - Winlogon Notify: Controls Folder - C:\WINDOWS\system32\enn6l15s1.dll (file missing)
O20 - Winlogon Notify: Dynamic Directory - C:\WINDOWS\system32\IIXWAN.DLL (file missing)


Close ALL other open windows except for HijackThis and hit FIX CHECKED.

==

Double-click WinPFind.exe on your Desktop:
Click "Start Scan"
It will scan the entire System, so please be patient!
Once the Scan is Complete:
  • Go to the WinPFind folder
  • Locate WinPFind.txt
  • Place those results in the next post.
==

Reboot back into Normal mode and post back with a fresh HijackThis log aswell as the WinPFind.txt log :flowers:
Hi there, stranger!

#10 sofia_e

sofia_e
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:01 PM

Posted 27 March 2006 - 10:15 PM

Here is the WinPFind log:

»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Product Name: Microsoft Windows XP Current Build: Service Pack 2 Current Build Number: 2600
Internet Explorer Version: 6.0.2900.2180

»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»

Checking %SystemDrive% folder...
UPX! 3/21/2006 1:35:02 PM 601088 C:\315502.exe
UPX! 3/25/2006 4:30:56 PM 1144839 C:\stng260.exe

Checking %ProgramFilesDir% folder...
UPX! 3/27/2005 9:43:56 PM 567722 C:\Program Files\XviD_Install.exe

Checking %WinDir% folder...

Checking %System% folder...
PEC2 3/19/2004 5:35:10 PM 41397 C:\WINDOWS\SYSTEM32\DFRG.MSC
PEC2 10/26/2004 5:38:24 PM 716800 C:\WINDOWS\SYSTEM32\DivX.dll
PECompact2 10/26/2004 5:38:24 PM 716800 C:\WINDOWS\SYSTEM32\DivX.dll
PTech 8/29/2005 1:27:12 PM 520968 C:\WINDOWS\SYSTEM32\LegitCheckControl.DLL
PECompact2 11/2/2005 12:34:18 AM 2368864 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 11/2/2005 12:34:18 AM 2368864 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 8/4/2004 2:56:36 AM 708096 C:\WINDOWS\SYSTEM32\ntdll.dll
Umonitor 8/4/2004 2:56:44 AM 657920 C:\WINDOWS\SYSTEM32\rasdlg.dll
winsync 3/19/2004 5:44:18 PM 1309184 C:\WINDOWS\SYSTEM32\WBDBASE.DEU

Checking %System%\Drivers folder and sub-folders...
PTech 8/4/2004 12:41:38 AM 1309184 C:\WINDOWS\SYSTEM32\drivers\mtlstrm.sys

Items found in C:\WINDOWS\SYSTEM32\drivers\ETC\HOSTS
127.0.0.1 www.qoologic.com
127.0.0.1 www.urllogic.com


Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
3/27/2006 9:40:26 PM S 2048 C:\WINDOWS\BOOTSTAT.DAT
3/21/2006 4:07:28 PM HS 0 C:\WINDOWS\SYSTEM32\cmd.com
3/21/2006 4:07:28 PM HS 0 C:\WINDOWS\SYSTEM32\netstat.com
3/21/2006 4:07:28 PM HS 0 C:\WINDOWS\SYSTEM32\ping.com
3/21/2006 4:07:28 PM HS 0 C:\WINDOWS\SYSTEM32\regedit.com
3/21/2006 4:07:28 PM HS 0 C:\WINDOWS\SYSTEM32\taskkill.com
3/21/2006 4:07:28 PM HS 0 C:\WINDOWS\SYSTEM32\tasklist.com
3/21/2006 4:07:28 PM HS 0 C:\WINDOWS\SYSTEM32\tracert.com
3/27/2006 9:40:16 PM H 8192 C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG
3/27/2006 9:40:40 PM H 1024 C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG
3/27/2006 9:40:28 PM H 16384 C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG
3/27/2006 9:49:36 PM H 266240 C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG
3/27/2006 9:40:32 PM H 1064960 C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG
2/21/2006 11:47:12 PM HS 388 C:\WINDOWS\SYSTEM32\Microsoft\Protect\S-1-5-18\User\827832de-d6a2-414f-9fc9-981031b53a0a
2/21/2006 11:47:12 PM HS 24 C:\WINDOWS\SYSTEM32\Microsoft\Protect\S-1-5-18\User\Preferred
3/27/2006 9:39:16 PM H 6 C:\WINDOWS\Tasks\SA.DAT

Checking for CPL files...
8/19/2003 2:20:04 AM 180224 C:\WINDOWS\SYSTEM32\ac3filter.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 549888 C:\WINDOWS\SYSTEM32\appwiz.cpl
Broadcom Corporation 5/14/2003 6:47:38 PM 815104 C:\WINDOWS\SYSTEM32\B57exp.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 135168 C:\WINDOWS\SYSTEM32\desk.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 80384 C:\WINDOWS\SYSTEM32\firewall.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 155136 C:\WINDOWS\SYSTEM32\hdwwiz.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 358400 C:\WINDOWS\SYSTEM32\inetcpl.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 129536 C:\WINDOWS\SYSTEM32\intl.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 380416 C:\WINDOWS\SYSTEM32\irprops.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 68608 C:\WINDOWS\SYSTEM32\joy.cpl
Sun Microsystems, Inc. 11/10/2005 1:03:50 PM 49265 C:\WINDOWS\SYSTEM32\jpicpl32.cpl
Microsoft Corporation 3/19/2004 5:38:44 PM 187904 C:\WINDOWS\SYSTEM32\MAIN.CPL
Microsoft Corporation 8/4/2004 2:56:58 AM 618496 C:\WINDOWS\SYSTEM32\mmsys.cpl
Microsoft Corporation 3/19/2004 5:40:24 PM 35840 C:\WINDOWS\SYSTEM32\NCPA.CPL
Microsoft Corporation 8/4/2004 2:56:58 AM 25600 C:\WINDOWS\SYSTEM32\netsetup.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 257024 C:\WINDOWS\SYSTEM32\nusrmgr.cpl
NVIDIA Corporation 10/26/2004 12:01:00 PM 73728 C:\WINDOWS\SYSTEM32\nvtuicpl.cpl
Microsoft Corporation 3/19/2004 5:41:00 PM 36864 C:\WINDOWS\SYSTEM32\NWC.CPL
Microsoft Corporation 8/4/2004 2:56:58 AM 32768 C:\WINDOWS\SYSTEM32\odbccp32.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 114688 C:\WINDOWS\SYSTEM32\powercfg.cpl
Intel® Corporation 12/19/2003 12:39:16 PM 77824 C:\WINDOWS\SYSTEM32\PRAppltW.cpl
SigmaTel Inc. 4/6/2004 11:13:18 AM 102481 C:\WINDOWS\SYSTEM32\stac97.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 298496 C:\WINDOWS\SYSTEM32\sysdm.cpl
Microsoft Corporation 3/19/2004 5:43:36 PM 28160 C:\WINDOWS\SYSTEM32\TELEPHON.CPL
Microsoft Corporation 8/4/2004 2:56:58 AM 94208 C:\WINDOWS\SYSTEM32\timedate.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 148480 C:\WINDOWS\SYSTEM32\wscui.cpl
Microsoft Corporation 5/26/2005 5:16:30 AM 174360 C:\WINDOWS\SYSTEM32\wuaucpl.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 155136 C:\WINDOWS\SYSTEM32\DLLCACHE\hdwwiz.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 129536 C:\WINDOWS\SYSTEM32\DLLCACHE\intl.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 68608 C:\WINDOWS\SYSTEM32\DLLCACHE\joy.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 618496 C:\WINDOWS\SYSTEM32\DLLCACHE\mmsys.cpl
Microsoft Corporation 3/19/2004 5:40:24 PM 35840 C:\WINDOWS\SYSTEM32\DLLCACHE\ncpa.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 257024 C:\WINDOWS\SYSTEM32\DLLCACHE\nusrmgr.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 32768 C:\WINDOWS\SYSTEM32\DLLCACHE\odbccp32.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 114688 C:\WINDOWS\SYSTEM32\DLLCACHE\powercfg.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 155648 C:\WINDOWS\SYSTEM32\DLLCACHE\sapi.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 298496 C:\WINDOWS\SYSTEM32\DLLCACHE\sysdm.cpl
Microsoft Corporation 3/19/2004 5:43:36 PM 28160 C:\WINDOWS\SYSTEM32\DLLCACHE\telephon.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 94208 C:\WINDOWS\SYSTEM32\DLLCACHE\timedate.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 148480 C:\WINDOWS\SYSTEM32\DLLCACHE\wscui.cpl
Microsoft Corporation 5/26/2005 5:16:30 AM 174360 C:\WINDOWS\SYSTEM32\DLLCACHE\wuaucpl.cpl
NVIDIA Corporation 1/8/2004 3:26:00 PM 143360 C:\WINDOWS\SYSTEM32\ReinstallBackups\0009\DriverFiles\nvtuicpl.cpl

»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»

Checking files in %ALLUSERSPROFILE%\Startup folder...
3/20/2004 12:58:38 PM HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DESKTOP.INI
12/31/2005 5:20:36 PM 779 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hp psc 1000 series.lnk
12/31/2005 5:11:48 PM 779 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hpoddt01.exe.lnk

Checking files in %ALLUSERSPROFILE%\Application Data folder...
10/23/2005 11:38:04 PM H 26 C:\Documents and Settings\All Users\Application Data\.119889580931711767808769176
10/23/2005 11:36:48 PM H 21 C:\Documents and Settings\All Users\Application Data\.311018984119889580931149468956
3/20/2004 12:50:30 PM HS 62 C:\Documents and Settings\All Users\Application Data\DESKTOP.INI
12/31/2005 5:16:00 PM 203 C:\Documents and Settings\All Users\Application Data\hpzinstall.log
3/23/2006 5:46:06 PM 1387 C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache

Checking files in %USERPROFILE%\Startup folder...
3/20/2004 12:58:38 PM HS 84 C:\Documents and Settings\Sofia\Start Menu\Programs\Startup\DESKTOP.INI
3/6/2006 2:23:42 AM 676 C:\Documents and Settings\Sofia\Start Menu\Programs\Startup\Webshots.lnk

Checking files in %USERPROFILE%\Application Data folder...
3/20/2004 12:50:30 PM HS 62 C:\Documents and Settings\Sofia\Application Data\DESKTOP.INI
9/6/2004 3:17:50 PM 0 C:\Documents and Settings\Sofia\Application Data\dm.ini
3/26/2006 12:16:42 PM 512169 C:\Documents and Settings\Sofia\Application Data\Sskknwrd.dll

»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
=

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
{431D771A-4D0C-4B8B-850C-059521239EBC} = C:\WINDOWS\system32\MKWMDMSP.DLL
{F4E9B004-D9DC-455C-9D2A-7B921CC8217D} = C:\WINDOWS\system32\guard.tmp
{11551A07-7D8F-495B-8433-32464BD3ABF0} = C:\WINDOWS\system32\stimeng.dll
{84D790DE-3660-47D4-BB3A-06D6EF7E499F} = C:\WINDOWS\system32\DSSERIAL.DLL
{E4B5D612-0CF1-4274-8EF0-40D702F41B28} = C:\WINDOWS\system32\MZVBVM50.DLL
{30924296-512A-442F-BB00-38A00B188631} = C:\WINDOWS\system32\IIXWAN.DLL

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\ewido
{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E} = C:\Program Files\ewido anti-malware\context.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\gsnnfxxq
{5fe94c1a-b4a5-4d92-9b4f-2127396cd211} =
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu
{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2} = C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Start Menu Pin = %SystemRoot%\system32\SHELL32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu
{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2} = C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ewido
{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E} = C:\Program Files\ewido anti-malware\context.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{CE3A44D8-BC88-4D62-A890-42D96245F8D6}
= C:\WINDOWS\system32\dmonwv.dll

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Tip of the Day = %SystemRoot%\System32\shdocvw.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{FE54FA40-D68C-11d2-98FA-00C0F0318AFE}
Real.com = C:\WINDOWS\System32\Shdocvw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
{0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} = Web assistant : C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = Norton AntiVirus : C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
{2318C2B1-4965-11d4-9B18-009027A5CD4F} = &Google : c:\program files\google\googletoolbar2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
MenuText = Sun Java Console : C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{92780B25-18CC-41C8-B9BE-3C9C571A8263}
ButtonText = Research :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}
ButtonText = AIM : C:\Program Files\AIM\aim.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
ButtonText = Real.com :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{d81ca86b-ef63-42af-bee3-4502d9a03c2d}
ButtonText = MUSICMATCH MX Web Player :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}
ButtonText = Messenger : C:\Program Files\Messenger\msmsgs.exe

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}
=

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\System32\browseui.dll
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = Norton AntiVirus : C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\System32\browseui.dll
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll
{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} = Web assistant : C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
NvCplDaemon RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
nwiz nwiz.exe /installquiet
Apoint C:\Program Files\Apoint\Apoint.exe
SunJavaUpdateSched C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
bacstray BacsTray.exe
PRONoMgr.exe C:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
dla C:\WINDOWS\system32\dla\tfswctrl.exe
PCMService "C:\Program Files\Dell\Media Experience\PCMService.exe"
DVDLauncher "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
Dell QuickSet C:\Program Files\Dell\QuickSet\quickset.exe
TkBellExe "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
ViewMgr C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
Symantec NetDriver Monitor C:\PROGRA~1\SYMNET~1\SNDMon.exe
mmtask C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe
eDonkey2000 "C:\Program Files\eDonkey2000\edonkey2000.exe" -t
iTunesHelper "C:\Program Files\iTunes\iTunesHelper.exe"
QuickTime Task "C:\Program Files\QuickTime\qttask.exe" -atboottime
BCMSMMSG BCMSMMSG.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
IMAIL Installed = 1
MAPI Installed = 1
MSFS Installed = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
DellSupport "C:\Program Files\Dell Support\DSAgnt.exe" /startup
ctfmon.exe C:\WINDOWS\system32\ctfmon.exe

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} =
{0DF44EAA-FF21-4412-828E-260A8728E7F1} =


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
dontdisplaylastusername 0
legalnoticecaption
legalnoticetext
shutdownwithoutlogon 1
undockwithoutlogon 1


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun 0

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
PostBootReminder {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
CDBurn {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll
WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll
SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = userinit.exe
Shell = explorer.exe
System =

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
= crypt32.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
= cryptnet.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
= cscdll.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
= sclgntfy.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Sebring
= C:\WINDOWS\System32\LgNotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
= WlNotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
= wlnotify.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
Debugger = ntsd -d

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLs


»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WinPFind v1.4.1 - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 3/27/2006 9:57:14 PM

#11 sofia_e

sofia_e
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:01 PM

Posted 27 March 2006 - 10:18 PM

And here is the HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 10:16:49 PM, on 3/27/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\System32\1XConfig.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\BacsTray.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\PROGRA~1\Webshots\webshots.scr
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\HijackThis\HijackThis.exe

F2 - REG:system.ini: UserInit=userinit.exe
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [bacstray] BacsTray.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [eDonkey2000] "C:\Program Files\eDonkey2000\edonkey2000.exe" -t
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
O16 - DPF: {D0B5B58D-8CB9-4EDB-8BB0-9D34AEF727CF} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/d.../ITDetector.cab
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = nyu.edu
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = nyu.edu
O20 - Winlogon Notify: Sebring - C:\WINDOWS\System32\LgNotify.dll
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe

#12 Rawe

Rawe

  • Members
  • 2,363 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:06:01 AM

Posted 28 March 2006 - 12:45 AM

Hi again. :thumbsup:

==

Please download the Killbox by Option^Explicit.

Note: In the event you already have Killbox, this is a new version that I need you to download.
  • Save it to your desktop.
  • Please double-click Killbox.exe to run it.
  • Select:
    • Delete on Reboot
    • then Click on the All Files button.
  • Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

    C:\WINDOWS\SYSTEM32\cmd.com
    C:\WINDOWS\SYSTEM32\netstat.com
    C:\WINDOWS\SYSTEM32\ping.com
    C:\WINDOWS\SYSTEM32\regedit.com
    C:\WINDOWS\SYSTEM32\taskkill.com
    C:\WINDOWS\SYSTEM32\tasklist.com
    C:\WINDOWS\SYSTEM32\tracert.com
    C:\315502.exe
    C:\Documents and Settings\Sofia\Application Data\Sskknwrd.dll
    C:\WINDOWS\system32\stimeng.dll
    C:\WINDOWS\system32\guard.tmp
    C:\WINDOWS\system32\IIXWAN.DLL
    C:\WINDOWS\system32\dmonwv.dll


  • Return to Killbox, go to the File menu, and choose Paste from Clipboard.
  • Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).
If your computer does not restart automatically, please restart it manually.

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run Killbox, click here to download and run missingfilesetup.exe. Then try Killbox again.

==

Let me know how's the system running now. :flowers:
Hi there, stranger!

#13 sofia_e

sofia_e
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:01 PM

Posted 28 March 2006 - 10:31 AM

The system is running beautifully now. Thank you so so much for your time and patience! Yay!

#14 Rawe

Rawe

  • Members
  • 2,363 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:06:01 AM

Posted 28 March 2006 - 11:36 AM

You're welcome. Glad I was able to help out. :thumbsup:

==

Please read here how to clear old restore points and create a new one.

Stand Up and Be Counted ---> Malware Complaints <--- where you can make difference!

The site offers people who have been (or are) victims of malware the opportunity to document their story and, in that way, launch a complaint against the malware and the makers of the malware.

Here's some tips for future to prevent spyware;

Detect and Remove Programs:
  • How to use Ad-Aware to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Ad-Aware.
  • How to use Spybot to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Spybot. Similar to Ad-Aware, I strongly recommend both to catch most spyware.
Prevention Programs:
  • Spywareblaster <= SpywareBlaster will prevent spyware from being installed. (My favourite)
  • Spywareguard <= SpywareGuard offers realtime protection from spyware installation attempts.
  • MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer
  • Google Toolbar <= Get the free google toolbar to help stop pop up windows.
Other necessary Programs:
  • AntiVirus Program <= An AntiVirus program is a must! Whether it is a free version like AVG or Anti-Vir, or a shareware version like Norton or Kaspersky, this is a must have.
  • Firewall <= A firewall is definatley a must have. Two good free versions are Sygate and ZoneLabs.
  • More Secure Browser <= Internet Explorer is not the most secure and best browser. There are safer and better alternatives available. I recommend Firefox.
And also see TonyKlein's good advice;
So how did I get infected in the first place? (My favourite)


Since this issue appears to be resolved, this Topic has been closed. Should you need this Topic reopened, please PM a Staff member with the address of this thread. :flowers:
Hi there, stranger!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users