Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Winfixer, Amaena, Worlddatinghere, Sexbuddies, And Adultfriendfinder Problems


  • This topic is locked This topic is locked
7 replies to this topic

#1 Battlespace

Battlespace

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:09 PM

Posted 07 April 2006 - 10:04 PM

Hi, I hope this is not too long-

I have a machine with IE 6 that is constantly being hijacked into the following web pages and has slowed down noticeably. The pages come up most often while we are at the Weather Channel, but have come up at other times.

NO - I do not go to the porn sites!



http://www.amaena.com/securityworm5/?aid=vm_tz_scq_2&lid=

http://www.worlddatinghere.com/iframe.php?did=10186

http://www.winfixer.com/download/2006/?p=2...x6h_9&lid=keyin

http://www.sexbuddies.com/signup/join-chat...313735376630%3F

http://adultfriendfinder.com/go/g674873.subdate

http://www.sexbuddies.com/signup/sign-free...313735376630%3F

It started about 6 weeks ago and I have tried the whole gambit of cures. First, here is information about my system and protection. I have XP Home with SP2 and use IE 6 and Outlook. Since I have been hijacked I have been using Mozilla Firefox and have started to like it, but want to have the machine clean no matter what browser I use. I have ZoneAlarm Pro installed, Norton Anti-Virus, Spybot, Ad-Aware, Spyware Blaster, CCLeaner, Blacklight Beta, Trojan Hunter and of course Hijack This. I update all software twice a week and run scans with Norton’s, Spybot, and Ad-Aware daily. My local ISP catches most of the SPAM using software from Vircom.

The Spybot will detect winfixer, correct it and within a few minutes it is back. I ran HJT and had the results analyzed twice and performed all the recommended corrections and still it comes back. I have backed up all my data files to DVDs as I am ready for the splurge on an upgrade to XP Pro and then do a re-format. The sad thing there is that some of the SW I have, such as Office only had a limited number of installs and I will have to buy new if that is the course I take. I am including a HJT log that I made this evening after I performed all the recommended operations you outline in the “Preparation Guide for use before posting a HijackThis Log.” I chose Panda as the on line anti-virus program, and have ran Stinger from McAfee, all with no luck in solving the problem.

Here is the latest log from HJT. Thank you in advance for anything you can do for me.

Logfile of HijackThis v1.99.1
Scan saved at 11:02:25 PM, on 4/7/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hphmon06.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\HP\KBD\KBD.EXE
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\PROGRA~1\SYMANT~2\VPTray.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe
C:\Program Files\Broderbund\Mavis Beacon Teaches Typing 15\minimavis.exe
C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
C:\WINDOWS\system32\hpoipm07.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\notepad.exe
C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\Temporary Directory 1 for HijackThis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...lion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...lion&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cbn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...lion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...lion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...lion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...lion&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...lion&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: WTLHelper Object - {75DC57F8-D831-4AB8-86B7-4F826F4A0873} - C:\WINDOWS\system32\awtst.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - c:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [IS CfgWiz] c:\Program Files\Common Files\Symantec Shared\cfgwiz.exe /GUID NIS /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [SSC_UserPrompt] c:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~2\VPTray.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Enterprise
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.0\THGuard.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - Startup: HP Organize.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HPAiODevice(hp psc 700 series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe
O4 - Global Startup: Personal Coach.lnk = ?
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
O4 - Global Startup: ZoneAlarm Pro.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} - http://download.ebay.com/turbo_lister/US/install.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - https://scan.safety.live.com/resource/downl...lscbase7617.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1121000177434
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1141437266531
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{78B098E9-51D1-45CB-8E06-49CBFE701605}: NameServer = 12.10.53.2,12.127.16.68
O20 - Winlogon Notify: awtst - C:\WINDOWS\system32\awtst.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~2.EXE
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

BC AdBot (Login to Remove)

 


#2 Daemon

Daemon

    Security Expert


  • Members
  • 1,446 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:11:09 PM

Posted 08 April 2006 - 04:44 AM

Please download VundoFix.exe to your desktop.
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will shutdown your computer, click OK.
  • Turn your computer back on.
  • Please post the contents of C:\vundofix.txt and a new HiJackThis log.

Posted Image

Have I helped you? Please consider donating to help me continue with the fight against malware. Click here

#3 Battlespace

Battlespace
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:09 PM

Posted 08 April 2006 - 09:09 AM

Here is the results from Vundo:

VundoFix V4.2.57

Checking Java version...

Java version is 1.4.2.3

Java version is 1.5.0.6

Scan started at 9:58:39 AM 4/8/2006

Listing files found while scanning....

C:\WINDOWS\system32\awtst.dll
C:\WINDOWS\system32\tstwa.ini
C:\WINDOWS\system32\tstwa.bak1
C:\WINDOWS\system32\tstwa.bak2
C:\WINDOWS\system32\tstwa.ini2
C:\WINDOWS\system32\tstwa.tmp

C:\WINDOWS\system32\tstwa.bak1
C:\WINDOWS\system32\tstwa.bak2
C:\WINDOWS\system32\tstwa.tmp
C:\WINDOWS\system32\tstwa.ini
C:\WINDOWS\system32\tstwa.ini2
C:\WINDOWS\system32\awtst.dll
C:\WINDOWS\system32\tstwa.ini2
C:\WINDOWS\system32\tstwa.bak2
C:\WINDOWS\system32\tstwa.tmp
C:\WINDOWS\system32\tstwa.ini
C:\WINDOWS\system32\tstwa.ini2
C:\WINDOWS\system32\awtst.dll
Attempting to delete C:\WINDOWS\system32\awtst.dll
C:\WINDOWS\system32\awtst.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\tstwa.ini
C:\WINDOWS\system32\tstwa.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\tstwa.bak1
C:\WINDOWS\system32\tstwa.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\tstwa.bak2
C:\WINDOWS\system32\tstwa.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\tstwa.ini2
C:\WINDOWS\system32\tstwa.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\tstwa.tmp
C:\WINDOWS\system32\tstwa.tmp Has been deleted!

Performing Repairs to the registry.
Done!



Here is the latest HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 10:04:56 AM, on 4/8/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hphmon06.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\system32\wdfmgr.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\PROGRA~1\SYMANT~2\VPTray.exe
C:\Program Files\Windows Defender\MSASCui.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe
C:\Program Files\Broderbund\Mavis Beacon Teaches Typing 15\minimavis.exe
C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
C:\WINDOWS\system32\hpoipm07.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Documents and Settings\HP_Owner\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...lion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...lion&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cbn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...lion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...lion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...lion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...lion&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...lion&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - c:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [IS CfgWiz] c:\Program Files\Common Files\Symantec Shared\cfgwiz.exe /GUID NIS /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [SSC_UserPrompt] c:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~2\VPTray.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Enterprise
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.0\THGuard.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - Startup: HP Organize.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HPAiODevice(hp psc 700 series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe
O4 - Global Startup: Personal Coach.lnk = ?
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
O4 - Global Startup: ZoneAlarm Pro.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} - http://download.ebay.com/turbo_lister/US/install.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - https://scan.safety.live.com/resource/downl...lscbase7617.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1121000177434
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1141437266531
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{78B098E9-51D1-45CB-8E06-49CBFE701605}: NameServer = 12.10.53.2,12.127.16.68
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~2.EXE
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

#4 Daemon

Daemon

    Security Expert


  • Members
  • 1,446 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:11:09 PM

Posted 08 April 2006 - 01:38 PM

You are running HijackThis from the Desktop; please create a new folder for it and move the program into the new folder

Make sure that you have no browser windows open as this could prevent the fix from working properly. Open HijackThis, scan and when complete, remove the following entries by checking the box to the left and clicking 'fixed checked':

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE


Exit HijackThis when done. Reboot.

Click here to download ewido anti-malware - it is a trial version of the program.
  • Install ewido.
  • When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
  • Launch ewido, there should be an icon on your desktop double-click it.
  • The program will now go to the main screen.
You will need to update ewido to the latest definition files.
  • On the left hand side of the main screen click update
  • Then click on Start Update
The update will start and a progress bar will show the updates being installed. Then:
  • Click on scanner
  • Click on Complete System Scan and the scan will begin (do not open any folders or open the windows control panel while the scan is in progress).
  • While the scan is in progress you will be prompted to clean files, click OK
  • When it asks if you want to clean the first file, put a check in the lower left corner of the box that says "Perform action on all infections" then choose clean and click OK.
  • Once the scan has completed, there will be a button located on the bottom of the screen named Save report
  • Click Save report.
  • Save the report .txt file to your desktop.
Now close ewido.

Rescan with HJT and post a new log here together with the ewido log.
Posted Image

Have I helped you? Please consider donating to help me continue with the fight against malware. Click here

#5 Battlespace

Battlespace
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:09 PM

Posted 08 April 2006 - 11:33 PM

Here are the logs from the ewido scan and the HJT scan performed after the ewido scan. Hope this is what is needed.

Thanks.




---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 12:26:02 AM, 4/9/2006
+ Report-Checksum: 385C9054

+ Scan result:

:mozilla.36:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\rjm3wo8i.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.39:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\rjm3wo8i.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.40:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\rjm3wo8i.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.41:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\rjm3wo8i.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.42:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\rjm3wo8i.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.43:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\rjm3wo8i.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.89:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\rjm3wo8i.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.90:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\rjm3wo8i.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.91:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\rjm3wo8i.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.92:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\rjm3wo8i.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.93:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\rjm3wo8i.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.94:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\rjm3wo8i.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.95:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\rjm3wo8i.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.96:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\rjm3wo8i.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.97:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\rjm3wo8i.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.98:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\rjm3wo8i.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.99:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\rjm3wo8i.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.107:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\rjm3wo8i.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.123:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\rjm3wo8i.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.126:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\rjm3wo8i.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.127:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\rjm3wo8i.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.128:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\rjm3wo8i.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.129:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\rjm3wo8i.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.130:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\rjm3wo8i.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.189:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\rjm3wo8i.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.190:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\rjm3wo8i.default\cookies.txt -> TrackingCookie.Clickbank : Cleaned with backup
:mozilla.191:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\rjm3wo8i.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.202:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\rjm3wo8i.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.203:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\rjm3wo8i.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.204:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\rjm3wo8i.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.206:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\rjm3wo8i.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.219:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\rjm3wo8i.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.220:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\rjm3wo8i.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.246:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\rjm3wo8i.default\cookies.txt -> TrackingCookie.Trafic : Cleaned with backup
:mozilla.253:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\rjm3wo8i.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.254:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\rjm3wo8i.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.255:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\rjm3wo8i.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.256:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\rjm3wo8i.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.257:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\rjm3wo8i.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.258:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\rjm3wo8i.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.350:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\rjm3wo8i.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.351:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\rjm3wo8i.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.352:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\rjm3wo8i.default\cookies.txt -> TrackingCookie.Spinbox : Cleaned with backup
:mozilla.365:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\rjm3wo8i.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.366:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\rjm3wo8i.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.367:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\rjm3wo8i.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.373:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\rjm3wo8i.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.374:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\rjm3wo8i.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.375:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\rjm3wo8i.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.376:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\rjm3wo8i.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.377:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\rjm3wo8i.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.380:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\rjm3wo8i.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup
:mozilla.381:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\rjm3wo8i.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.382:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\rjm3wo8i.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup
:mozilla.383:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\rjm3wo8i.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.384:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\rjm3wo8i.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.385:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\rjm3wo8i.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup
:mozilla.386:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\rjm3wo8i.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup
:mozilla.387:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\rjm3wo8i.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.388:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\rjm3wo8i.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.389:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\rjm3wo8i.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup
:mozilla.395:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\rjm3wo8i.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.396:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\rjm3wo8i.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.397:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\rjm3wo8i.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.398:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\rjm3wo8i.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.399:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\rjm3wo8i.default\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup
:mozilla.400:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\rjm3wo8i.default\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup
:mozilla.401:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\rjm3wo8i.default\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup
:mozilla.402:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\rjm3wo8i.default\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup
:mozilla.403:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\rjm3wo8i.default\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup
:mozilla.404:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\rjm3wo8i.default\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup
:mozilla.405:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\rjm3wo8i.default\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup
:mozilla.406:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\rjm3wo8i.default\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup
:mozilla.407:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\rjm3wo8i.default\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup
:mozilla.408:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\rjm3wo8i.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.419:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\rjm3wo8i.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.420:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\rjm3wo8i.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.421:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\rjm3wo8i.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.422:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\rjm3wo8i.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.423:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\rjm3wo8i.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.424:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\rjm3wo8i.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.450:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\rjm3wo8i.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.455:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\rjm3wo8i.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.477:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\rjm3wo8i.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.483:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\rjm3wo8i.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.484:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\rjm3wo8i.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.485:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\rjm3wo8i.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.486:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\rjm3wo8i.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.487:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\rjm3wo8i.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.488:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\rjm3wo8i.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.489:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\rjm3wo8i.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.490:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\rjm3wo8i.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.491:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\rjm3wo8i.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.492:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\rjm3wo8i.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.493:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\rjm3wo8i.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.494:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\rjm3wo8i.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.495:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\rjm3wo8i.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.496:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\rjm3wo8i.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.497:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\rjm3wo8i.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.523:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\rjm3wo8i.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.525:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\rjm3wo8i.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned with backup
:mozilla.526:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\rjm3wo8i.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.527:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\rjm3wo8i.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.528:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\rjm3wo8i.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.529:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\rjm3wo8i.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.530:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\rjm3wo8i.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.531:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\rjm3wo8i.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.532:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\rjm3wo8i.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.533:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\rjm3wo8i.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.534:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\rjm3wo8i.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.539:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\rjm3wo8i.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.540:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\rjm3wo8i.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.541:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\rjm3wo8i.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.542:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\rjm3wo8i.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.549:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\rjm3wo8i.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.606:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\rjm3wo8i.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.607:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\rjm3wo8i.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.627:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\rjm3wo8i.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.654:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\rjm3wo8i.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.658:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\rjm3wo8i.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.682:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\rjm3wo8i.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned with backup
:mozilla.724:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\rjm3wo8i.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.750:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\rjm3wo8i.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.751:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\rjm3wo8i.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.752:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\rjm3wo8i.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.793:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\rjm3wo8i.default\cookies.txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup
:mozilla.794:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\rjm3wo8i.default\cookies.txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup
:mozilla.807:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\rjm3wo8i.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.808:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\rjm3wo8i.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.809:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\rjm3wo8i.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.814:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\rjm3wo8i.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.815:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\rjm3wo8i.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.816:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\rjm3wo8i.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.863:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\rjm3wo8i.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.864:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\rjm3wo8i.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.865:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\rjm3wo8i.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.866:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\rjm3wo8i.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.867:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\rjm3wo8i.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.868:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\rjm3wo8i.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.869:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\rjm3wo8i.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Cleaned with backup
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@advertising[2].txt -> TrackingCookie.Advertising : Cleaned with backup
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@bluestreak[1].txt -> TrackingCookie.Bluestreak : Cleaned with backup
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@com[1].txt -> TrackingCookie.Com : Cleaned with backup
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@counter.hitslink[2].txt -> TrackingCookie.Hitslink : Cleaned with backup
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@cpvfeed[1].txt -> TrackingCookie.Cpvfeed : Cleaned with backup
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@overture[1].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@server.iad.liveperson[1].txt -> TrackingCookie.Liveperson : Cleaned with backup
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@statcounter[1].txt -> TrackingCookie.Statcounter : Cleaned with backup
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Cleaned with backup
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@statse.webtrendslive[1].txt -> TrackingCookie.Webtrendslive : Cleaned with backup
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@twci.coremetrics[1].txt -> TrackingCookie.Coremetrics : Cleaned with backup
:mozilla.9:C:\Documents and Settings\HP_Owner\My Documents\Old HD\Steve Burzlaff\Application Data\Mozilla\Firefox\Profiles\default.y1y\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.10:C:\Documents and Settings\HP_Owner\My Documents\Old HD\Steve Burzlaff\Application Data\Mozilla\Firefox\Profiles\default.y1y\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.11:C:\Documents and Settings\HP_Owner\My Documents\Old HD\Steve Burzlaff\Application Data\Mozilla\Firefox\Profiles\default.y1y\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.12:C:\Documents and Settings\HP_Owner\My Documents\Old HD\Steve Burzlaff\Application Data\Mozilla\Firefox\Profiles\default.y1y\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.13:C:\Documents and Settings\HP_Owner\My Documents\Old HD\Steve Burzlaff\Application Data\Mozilla\Firefox\Profiles\default.y1y\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.14:C:\Documents and Settings\HP_Owner\My Documents\Old HD\Steve Burzlaff\Application Data\Mozilla\Firefox\Profiles\default.y1y\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.15:C:\Documents and Settings\HP_Owner\My Documents\Old HD\Steve Burzlaff\Application Data\Mozilla\Firefox\Profiles\default.y1y\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.16:C:\Documents and Settings\HP_Owner\My Documents\Old HD\Steve Burzlaff\Application Data\Mozilla\Firefox\Profiles\default.y1y\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.17:C:\Documents and Settings\HP_Owner\My Documents\Old HD\Steve Burzlaff\Application Data\Mozilla\Firefox\Profiles\default.y1y\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.18:C:\Documents and Settings\HP_Owner\My Documents\Old HD\Steve Burzlaff\Application Data\Mozilla\Firefox\Profiles\default.y1y\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.19:C:\Documents and Settings\HP_Owner\My Documents\Old HD\Steve Burzlaff\Application Data\Mozilla\Firefox\Profiles\default.y1y\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.20:C:\Documents and Settings\HP_Owner\My Documents\Old HD\Steve Burzlaff\Application Data\Mozilla\Firefox\Profiles\default.y1y\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.21:C:\Documents and Settings\HP_Owner\My Documents\Old HD\Steve Burzlaff\Application Data\Mozilla\Firefox\Profiles\default.y1y\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.22:C:\Documents and Settings\HP_Owner\My Documents\Old HD\Steve Burzlaff\Application Data\Mozilla\Firefox\Profiles\default.y1y\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.23:C:\Documents and Settings\HP_Owner\My Documents\Old HD\Steve Burzlaff\Application Data\Mozilla\Firefox\Profiles\default.y1y\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.24:C:\Documents and Settings\HP_Owner\My Documents\Old HD\Steve Burzlaff\Application Data\Mozilla\Firefox\Profiles\default.y1y\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.25:C:\Documents and Settings\HP_Owner\My Documents\Old HD\Steve Burzlaff\Application Data\Mozilla\Firefox\Profiles\default.y1y\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.26:C:\Documents and Settings\HP_Owner\My Documents\Old HD\Steve Burzlaff\Application Data\Mozilla\Firefox\Profiles\default.y1y\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.27:C:\Documents and Settings\HP_Owner\My Documents\Old HD\Steve Burzlaff\Application Data\Mozilla\Firefox\Profiles\default.y1y\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.28:C:\Documents and Settings\HP_Owner\My Documents\Old HD\Steve Burzlaff\Application Data\Mozilla\Firefox\Profiles\default.y1y\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.29:C:\Documents and Settings\HP_Owner\My Documents\Old HD\Steve Burzlaff\Application Data\Mozilla\Firefox\Profiles\default.y1y\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.30:C:\Documents and Settings\HP_Owner\My Documents\Old HD\Steve Burzlaff\Application Data\Mozilla\Firefox\Profiles\default.y1y\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.31:C:\Documents and Settings\HP_Owner\My Documents\Old HD\Steve Burzlaff\Application Data\Mozilla\Firefox\Profiles\default.y1y\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.42:C:\Documents and Settings\HP_Owner\My Documents\Old HD\Steve Burzlaff\Application Data\Mozilla\Firefox\Profiles\default.y1y\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
:mozilla.43:C:\Documents and Settings\HP_Owner\My Documents\Old HD\Steve Burzlaff\Application Data\Mozilla\Firefox\Profiles\default.y1y\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
:mozilla.44:C:\Documents and Settings\HP_Owner\My Documents\Old HD\Steve Burzlaff\Application Data\Mozilla\Firefox\Profiles\default.y1y\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
:mozilla.45:C:\Documents and Settings\HP_Owner\My Documents\Old HD\Steve Burzlaff\Application Data\Mozilla\Firefox\Profiles\default.y1y\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
:mozilla.46:C:\Documents and Settings\HP_Owner\My Documents\Old HD\Steve Burzlaff\Application Data\Mozilla\Firefox\Profiles\default.y1y\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
:mozilla.47:C:\Documents and Settings\HP_Owner\My Documents\Old HD\Steve Burzlaff\Application Data\Mozilla\Firefox\Profiles\default.y1y\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
:mozilla.53:C:\Documents and Settings\HP_Owner\My Documents\Old HD\Steve Burzlaff\Application Data\Mozilla\Firefox\Profiles\default.y1y\cookies.txt -> TrackingCookie.Qksrv : Cleaned with backup
:mozilla.54:C:\Documents and Settings\HP_Owner\My Documents\Old HD\Steve Burzlaff\Application Data\Mozilla\Firefox\Profiles\default.y1y\cookies.txt -> TrackingCookie.Qksrv : Cleaned with backup
:mozilla.55:C:\Documents and Settings\HP_Owner\My Documents\Old HD\Steve Burzlaff\Application Data\Mozilla\Firefox\Profiles\default.y1y\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.59:C:\Documents and Settings\HP_Owner\My Documents\Old HD\Steve Burzlaff\Application Data\Mozilla\Firefox\Profiles\default.y1y\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.64:C:\Documents and Settings\HP_Owner\My Documents\Old HD\Steve Burzlaff\Application Data\Mozilla\Firefox\Profiles\default.y1y\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.65:C:\Documents and Settings\HP_Owner\My Documents\Old HD\Steve Burzlaff\Application Data\Mozilla\Firefox\Profiles\default.y1y\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.66:C:\Documents and Settings\HP_Owner\My Documents\Old HD\Steve Burzlaff\Application Data\Mozilla\Firefox\Profiles\default.y1y\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.67:C:\Documents and Settings\HP_Owner\My Documents\Old HD\Steve Burzlaff\Application Data\Mozilla\Firefox\Profiles\default.y1y\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.72:C:\Documents and Settings\HP_Owner\My Documents\Old HD\Steve Burzlaff\Application Data\Mozilla\Firefox\Profiles\default.y1y\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.73:C:\Documents and Settings\HP_Owner\My Documents\Old HD\Steve Burzlaff\Application Data\Mozilla\Firefox\Profiles\default.y1y\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.75:C:\Documents and Settings\HP_Owner\My Documents\Old HD\Steve Burzlaff\Application Data\Mozilla\Firefox\Profiles\default.y1y\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.76:C:\Documents and Settings\HP_Owner\My Documents\Old HD\Steve Burzlaff\Application Data\Mozilla\Firefox\Profiles\default.y1y\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.77:C:\Documents and Settings\HP_Owner\My Documents\Old HD\Steve Burzlaff\Application Data\Mozilla\Firefox\Profiles\default.y1y\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.78:C:\Documents and Settings\HP_Owner\My Documents\Old HD\Steve Burzlaff\Application Data\Mozilla\Firefox\Profiles\default.y1y\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.80:C:\Documents and Settings\HP_Owner\My Documents\Old HD\Steve Burzlaff\Application Data\Mozilla\Firefox\Profiles\default.y1y\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.81:C:\Documents and Settings\HP_Owner\My Documents\Old HD\Steve Burzlaff\Application Data\Mozilla\Firefox\Profiles\default.y1y\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.82:C:\Documents and Settings\HP_Owner\My Documents\Old HD\Steve Burzlaff\Application Data\Mozilla\Firefox\Profiles\default.y1y\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.83:C:\Documents and Settings\HP_Owner\My Documents\Old HD\Steve Burzlaff\Application Data\Mozilla\Firefox\Profiles\default.y1y\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.84:C:\Documents and Settings\HP_Owner\My Documents\Old HD\Steve Burzlaff\Application Data\Mozilla\Firefox\Profiles\default.y1y\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.89:C:\Documents and Settings\HP_Owner\My Documents\Old HD\Steve Burzlaff\Application Data\Mozilla\Firefox\Profiles\default.y1y\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.90:C:\Documents and Settings\HP_Owner\My Documents\Old HD\Steve Burzlaff\Application Data\Mozilla\Firefox\Profiles\default.y1y\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.91:C:\Documents and Settings\HP_Owner\My Documents\Old HD\Steve Burzlaff\Application Data\Mozilla\Firefox\Profiles\default.y1y\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.97:C:\Documents and Settings\HP_Owner\My Documents\Old HD\Steve Burzlaff\Application Data\Mozilla\Firefox\Profiles\default.y1y\cookies.txt -> TrackingCookie.Bluestreak : Cleaned with backup
:mozilla.107:C:\Documents and Settings\HP_Owner\My Documents\Old HD\Steve Burzlaff\Application Data\Mozilla\Firefox\Profiles\default.y1y\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.108:C:\Documents and Settings\HP_Owner\My Documents\Old HD\Steve Burzlaff\Application Data\Mozilla\Firefox\Profiles\default.y1y\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.109:C:\Documents and Settings\HP_Owner\My Documents\Old HD\Steve Burzlaff\Application Data\Mozilla\Firefox\Profiles\default.y1y\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.119:C:\Documents and Settings\HP_Owner\My Documents\Old HD\Steve Burzlaff\Application Data\Mozilla\Firefox\Profiles\default.y1y\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.120:C:\Documents and Settings\HP_Owner\My Documents\Old HD\Steve Burzlaff\Application Data\Mozilla\Firefox\Profiles\default.y1y\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
C:\Documents and Settings\HP_Owner\My Documents\Old HD\Steve Burzlaff\Local Settings\Temp\Cookies\steve burzlaff@com[2].txt -> TrackingCookie.Com : Cleaned with backup
C:\Documents and Settings\HP_Owner\My Documents\Old HD\Steve Burzlaff\Local Settings\Temp\Cookies\steve burzlaff@specificpop[1].txt -> TrackingCookie.Specificpop : Cleaned with backup
C:\Program Files\AdwareAlert\Quarantine\6-3-2006-18-36-24\ 10007.qit -> TrackingCookie.2o7 : Cleaned with backup
C:\Program Files\AdwareAlert\Quarantine\6-3-2006-18-36-24\ 10008.qit -> TrackingCookie.Atdmt : Cleaned with backup
C:\Program Files\AdwareAlert\Quarantine\6-3-2006-18-36-24\ 10022.qit -> TrackingCookie.Doubleclick : Cleaned with backup
C:\Program Files\AdwareAlert\Quarantine\6-3-2006-18-36-24\ 10031.qit -> TrackingCookie.Falkag : Cleaned with backup
C:\Program Files\AdwareAlert\Quarantine\6-3-2006-18-36-24\ 10032.qit -> TrackingCookie.Falkag : Cleaned with backup
C:\Program Files\AdwareAlert\Quarantine\6-3-2006-18-36-24\ 10033.qit -> TrackingCookie.Falkag : Cleaned with backup
C:\Program Files\AdwareAlert\Quarantine\6-3-2006-18-36-24\ 10034.qit -> TrackingCookie.Falkag : Cleaned with backup
C:\Program Files\AdwareAlert\Quarantine\6-3-2006-18-36-24\ 10041.qit -> TrackingCookie.Hypertracker : Cleaned with backup
C:\Program Files\AdwareAlert\Quarantine\6-3-2006-18-36-24\ 10044.qit -> TrackingCookie.Mediaplex : Cleaned with backup
C:\Program Files\AdwareAlert\Quarantine\6-3-2006-18-36-24\ 10045.qit -> TrackingCookie.Pointroll : Cleaned with backup
C:\Program Files\AdwareAlert\Quarantine\6-3-2006-18-36-24\ 10046.qit -> TrackingCookie.Questionmarket : Cleaned with backup
C:\Program Files\AdwareAlert\Quarantine\6-3-2006-18-36-24\ 10054.qit -> TrackingCookie.Valuead : Cleaned with backup
C:\Program Files\AdwareAlert\Quarantine\6-3-2006-18-36-24\ 10055.qit -> TrackingCookie.Valueclick : Cleaned with backup
C:\Program Files\AdwareAlert\Quarantine\6-3-2006-18-36-24\ 10057.qit -> TrackingCookie.Esomniture : Cleaned with backup
C:\WINDOWS\system32\vtsts.dll -> Adware.Virtumonde : Cleaned with backup


::Report End

Logfile of HijackThis v1.99.1
Scan saved at 12:28:04 AM, on 4/9/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hphmon06.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\PROGRA~1\SYMANT~2\VPTray.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Broderbund\Mavis Beacon Teaches Typing 15\minimavis.exe
C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
C:\WINDOWS\system32\hpoipm07.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\HP_Owner\My Documents\Dad's Stuff\spy stuff\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...lion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...lion&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cbn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...lion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...lion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...lion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...lion&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...lion&pf=desktop
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - c:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [IS CfgWiz] c:\Program Files\Common Files\Symantec Shared\cfgwiz.exe /GUID NIS /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [SSC_UserPrompt] c:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~2\VPTray.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Enterprise
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.0\THGuard.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - Startup: HP Organize.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HPAiODevice(hp psc 700 series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe
O4 - Global Startup: Personal Coach.lnk = ?
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
O4 - Global Startup: ZoneAlarm Pro.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} - http://download.ebay.com/turbo_lister/US/install.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - https://scan.safety.live.com/resource/downl...lscbase7617.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1121000177434
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1141437266531
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{78B098E9-51D1-45CB-8E06-49CBFE701605}: NameServer = 12.10.53.2,12.127.16.68
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSched

#6 Daemon

Daemon

    Security Expert


  • Members
  • 1,446 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:11:09 PM

Posted 09 April 2006 - 12:14 AM

Looks better. Grab a copy of this little free application to help control those tracking cookies in future:

http://www.analogx.com/contents/download/network/cookie.htm

How is it running now?
Posted Image

Have I helped you? Please consider donating to help me continue with the fight against malware. Click here

#7 Battlespace

Battlespace
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:09 PM

Posted 09 April 2006 - 06:12 AM

It seems fine. In fact we have not had an incident since I performed the first corrective actions. Thank you for providing this service. I will send a contribution to bleepingcomputer and also all the various sites that I used. Your service is invaluable.

Thank you again.

#8 Daemon

Daemon

    Security Expert


  • Members
  • 1,446 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:11:09 PM

Posted 09 April 2006 - 06:31 AM

You're welcome - glad to help :thumbsup:

To help keep you clean follow the recommendations in the article here:

So how did I get infected?



As this problem has been resolved the topic will be closed. If you need this topic reopened, please email the moderating team - be sure to include the address of the thread and the name you posted under.
Posted Image

Have I helped you? Please consider donating to help me continue with the fight against malware. Click here




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users