Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Outer Info/www.error404site.com Popups/ Etrust Ez Antivirus Finding Errors In C:\windows\temp\win***.tmp Files


  • Please log in to reply
18 replies to this topic

#1 mrc7928

mrc7928

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:50 AM

Posted 05 July 2006 - 09:52 PM

Logfile of HijackThis v1.99.1
Scan saved at 10:46:35 PM, on 7/5/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Common Files\AOL\1137955663\ee\AOLSoftware.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVRID.exe
C:\PROGRA~1\ICROSO~1\alg.exe
C:\Program Files\VideoMate\ComproPVR\ComproPVR.exe
C:\Program Files\VideoMate\ComproPVR\Common\ComproRemote.exe
C:\Program Files\NETGEAR WG311v2 Adapter\wlancfg5.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\ISafe.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\VetMsg.exe
c:\program files\common files\aol\1137955663\ee\aim6.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\HijackThis\HijackThis.exe

R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: CitiUSBrowserHelper Class - {387EDF53-1CF2-4523-BC2F-13462651BE8C} - C:\WINDOWS\system32\BhoCitUS.dll
O2 - BHO: (no name) - {5f4c3d09-b3b9-4f88-aa82-31332fee1c08} - C:\WINDOWS\system32\hp100.tmp
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1137955663\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [CitiVAN] C:\Program Files\Citi Virtual Account Numbers\CitiVAN.exe /dontopenmycards
O4 - HKLM\..\Run: [CaISSDT] "C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe"
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKCU\..\Run: [Taua] "C:\PROGRA~1\ICROSO~1\alg.exe" -vt yazb
O4 - HKCU\..\Run: [Kzieewon] C:\WINDOWS\system32\?ystem32\m?hta.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: ComproPVR Schedule.lnk = ?
O4 - Global Startup: ComproRemote.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NETGEAR WG311v2 Smart Configuration.lnk = C:\Program Files\NETGEAR WG311v2 Adapter\wlancfg5.exe
O4 - Global Startup: TweakYC.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Citi - {4C730913-3961-439b-83D5-F4E445520422} - C:\Program Files\Citi Virtual Account Numbers\CitiVAN.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\GameClient.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1123
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/shock...ash/swflash.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\smss.dll
O20 - Winlogon Notify: wintwt32 - C:\WINDOWS\SYSTEM32\wintwt32.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\ISafe.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\VetMsg.exe

BC AdBot (Login to Remove)

 


#2 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 06 July 2006 - 06:33 AM

Hi mrc7928 and Welcome to the Bleeping Computer!


First download ewido anti-spyware from HERE and save that file to your desktop.
This is a 30 day trial of the program
  • Once you have downloaded ewido anti-spyware, locate the icon on the desktop and double-click it to launch the set up program.
  • Once the setup is complete you will need run ewido and update the definition files.
  • On the main screen select the icon "Update" then select the "Update now" link.
    • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
  • Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  • Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
  • Under "Reports"
    • Select "Automatically generate report after every scan"
    • Un-Select "Only if threats were found"
Close ewido anti-spyware, Do Not run a scan just yet, we will shortly.


Download smitRem.exe ©noahdfear, and save the file to your desktop.
Double click on the file to extract it to it's own folder on the desktop.


Place a shortcut to Panda ActiveScan on your desktop (in Internet Explorer, right click on Panda ActiveScan link select "Copy Shortcut" then right click on your desktop and select "Paste Shortcut" or in FireFox right-click the link and select "Save Link As" and save it to your desktop).


Next, please reboot your computer in SafeMode by doing the following:
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
  • Instead of Windows loading as normal, a menu should appear
  • Select the first option, to run Windows in Safe Mode.
Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen.
Wait for the tool to complete and disk cleanup to finish.

The tool will create a log named smitfiles.txt in the root of your drive, eg; Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.
  • Lauch ewido-anti-spyware by double-clicking the icon on your desktop.
  • Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
  • ewido will now begin the scanning process, be patient this may take a little time.
    Once the scan is complete do the following:
  • If you have any infections you will prompted, then select "Apply all actions"
  • Next select the "Reports" icon at the top.
  • Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
  • Close out Ewido Anti-Spyware.
IMPORTANT: Do not open any other windows or programs while ewido is scanning, it may interfere with the scanning proccess.



Next go to Control Panel click Display > Desktop > Customize Desktop > Web > Uncheck "Security Info" if present.



Reboot back into Windows and click the Panda ActiveScan shortcut.
  • Once you are on the Panda site click the Scan your PC button.
  • A new window will open...click the Check Now button.
    • Enter your Country
    • Enter your State/Province
    • Enter your e-mail address and click send
    • Select either Home User or Company
    • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When the download is complete, click on My Computer to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.
Post the contents of the Panda scan report, along with a new HijackThis Log, the contents of smitfiles.txt and the Ewido Log by using Add Reply.

#3 mrc7928

mrc7928
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  

Posted 06 July 2006 - 08:35 PM

Thanks for your help so far. Here are the results of the scans:

Hijack This Log:

Logfile of HijackThis v1.99.1
Scan saved at 9:30:39 PM, on 7/6/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\ISafe.exe
C:\Program Files\Common Files\AOL\1137955663\ee\AOLSoftware.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\VetMsg.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Citi Virtual Account Numbers\CitiVAN.exe
C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVTray.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVRID.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\WINDOWS\system32\?ystem32\m?hta.exe
C:\Program Files\VideoMate\ComproPVR\ComproPVR.exe
C:\Program Files\VideoMate\ComproPVR\Common\ComproRemote.exe
C:\Program Files\NETGEAR WG311v2 Adapter\wlancfg5.exe
C:\PROGRA~1\ICROSO~1\alg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\HijackThis\HijackThis.exe

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: CitiUSBrowserHelper Class - {387EDF53-1CF2-4523-BC2F-13462651BE8C} - C:\WINDOWS\system32\BhoCitUS.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1137955663\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [CitiVAN] C:\Program Files\Citi Virtual Account Numbers\CitiVAN.exe /dontopenmycards
O4 - HKLM\..\Run: [CaISSDT] "C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe"
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [Kzieewon] C:\WINDOWS\system32\?ystem32\m?hta.exe
O4 - HKCU\..\Run: [Taua] "C:\PROGRA~1\ICROSO~1\alg.exe" -vt ndrv
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: ComproPVR Schedule.lnk = ?
O4 - Global Startup: ComproRemote.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NETGEAR WG311v2 Smart Configuration.lnk = C:\Program Files\NETGEAR WG311v2 Adapter\wlancfg5.exe
O4 - Global Startup: TweakYC.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Citi - {4C730913-3961-439b-83D5-F4E445520422} - C:\Program Files\Citi Virtual Account Numbers\CitiVAN.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\GameClient.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1123
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/shock...ash/swflash.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\smss.dll
O20 - Winlogon Notify: wintwt32 - C:\WINDOWS\SYSTEM32\wintwt32.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\ISafe.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\VetMsg.exe

smitfiles.txt:


smitRem © log file
version 3.0

by noahdfear


Microsoft Windows XP [Version 5.1.2600]
"IE"="6.0000"
The current date is: Thu 07/06/2006
The current time is: 20:03:40.70

Running from
C:\Documents and Settings\Matthew Cashman\Desktop\smitRem

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Pre-run SharedTask Export

(GetSTS.exe) SharedTaskScheduler exporter by Lawrence Abrams (Grinler)
Copyright© 2006 BleepingComputer.com

Registry Pseudo-Format Mode (Not a valid reg file):

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
"{af3fd9a8-1287-4159-9212-9a5b4494af70}"="ecosystems"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32]
@="%SystemRoot%\System32\browseui.dll"


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32]
@="%SystemRoot%\System32\browseui.dll"


[HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{af3fd9a8-1287-4159-9212-9a5b4494af70}\InProcServer32]
@="C:\WINDOWS\system32\guxxa.dll"


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

checking for ShudderLTD key

ShudderLTD key not present!

checking for PSGuard.com key


PSGuard.com key not present!


checking for WinHound.com key


WinHound.com key not present!


checking for drsmartload2 key


drsmartload2 key not present!

spyaxe uninstaller NOT present
Winhound uninstaller NOT present
SpywareStrike uninstaller NOT present
AlfaCleaner uninstaller NOT present
SpyFalcon uninstaller NOT present
SpywareQuake uninstaller NOT present
SpywareSheriff uninstaller NOT present

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Existing Pre-run Files


~~~ Program Files ~~~



~~~ Shortcuts ~~~



~~~ Favorites ~~~

Antivirus Test Online.url


~~~ system32 folder ~~~

regperf.exe
simpole.tlb
stdole3.tlb
atmclk.exe
dcomcfg.exe
amcompat.tlb
nscompat.tlb
1024 dir
ld****.tmp


~~~ Icons in System32 ~~~

ot.ico


~~~ Windows directory ~~~



~~~ Drive root ~~~


~~~ Miscellaneous Files/folders ~~~




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 788 'explorer.exe'
Killing PID 788 'explorer.exe'

Starting registry repairs

Registry repairs complete

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

SharedTask Export after registry fix

(GetSTS.exe) SharedTaskScheduler exporter by Lawrence Abrams (Grinler)
Copyright© 2006 BleepingComputer.com

Registry Pseudo-Format Mode (Not a valid reg file):

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32]
@="%SystemRoot%\System32\browseui.dll"


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32]
@="%SystemRoot%\System32\browseui.dll"


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Deleting files

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Remaining Post-run Files


~~~ Program Files ~~~



~~~ Shortcuts ~~~



~~~ Favorites ~~~



~~~ system32 folder ~~~



~~~ Icons in System32 ~~~



~~~ Windows directory ~~~



~~~ Drive root ~~~


~~~ Miscellaneous Files/folders ~~~


~~~ Wininet.dll ~~~

CLEAN! :thumbsup:


Ewido Log:

---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 9:01:47 PM 7/6/2006

+ Scan result:



C:\WINDOWS\Downloaded Program Files\YazzleActiveX.ocx -> Adware.MediaTickets : Cleaned with backup (quarantined).
C:\Program Files\Μicrosoft\alg.exe -> Downloader.PurityScan.co : Cleaned with backup (quarantined).
:mozilla.350:C:\Documents and Settings\Matthew Cashman\Application Data\Mozilla\Firefox\Profiles\siq8uf50.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned with backup (quarantined).
:mozilla.348:C:\Documents and Settings\Matthew Cashman\Application Data\Mozilla\Firefox\Profiles\siq8uf50.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.351:C:\Documents and Settings\Matthew Cashman\Application Data\Mozilla\Firefox\Profiles\siq8uf50.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.352:C:\Documents and Settings\Matthew Cashman\Application Data\Mozilla\Firefox\Profiles\siq8uf50.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.353:C:\Documents and Settings\Matthew Cashman\Application Data\Mozilla\Firefox\Profiles\siq8uf50.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.354:C:\Documents and Settings\Matthew Cashman\Application Data\Mozilla\Firefox\Profiles\siq8uf50.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.355:C:\Documents and Settings\Matthew Cashman\Application Data\Mozilla\Firefox\Profiles\siq8uf50.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.356:C:\Documents and Settings\Matthew Cashman\Application Data\Mozilla\Firefox\Profiles\siq8uf50.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.357:C:\Documents and Settings\Matthew Cashman\Application Data\Mozilla\Firefox\Profiles\siq8uf50.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.358:C:\Documents and Settings\Matthew Cashman\Application Data\Mozilla\Firefox\Profiles\siq8uf50.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.359:C:\Documents and Settings\Matthew Cashman\Application Data\Mozilla\Firefox\Profiles\siq8uf50.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.360:C:\Documents and Settings\Matthew Cashman\Application Data\Mozilla\Firefox\Profiles\siq8uf50.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.361:C:\Documents and Settings\Matthew Cashman\Application Data\Mozilla\Firefox\Profiles\siq8uf50.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.362:C:\Documents and Settings\Matthew Cashman\Application Data\Mozilla\Firefox\Profiles\siq8uf50.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.363:C:\Documents and Settings\Matthew Cashman\Application Data\Mozilla\Firefox\Profiles\siq8uf50.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.364:C:\Documents and Settings\Matthew Cashman\Application Data\Mozilla\Firefox\Profiles\siq8uf50.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.365:C:\Documents and Settings\Matthew Cashman\Application Data\Mozilla\Firefox\Profiles\siq8uf50.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.366:C:\Documents and Settings\Matthew Cashman\Application Data\Mozilla\Firefox\Profiles\siq8uf50.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.367:C:\Documents and Settings\Matthew Cashman\Application Data\Mozilla\Firefox\Profiles\siq8uf50.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.368:C:\Documents and Settings\Matthew Cashman\Application Data\Mozilla\Firefox\Profiles\siq8uf50.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.369:C:\Documents and Settings\Matthew Cashman\Application Data\Mozilla\Firefox\Profiles\siq8uf50.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.370:C:\Documents and Settings\Matthew Cashman\Application Data\Mozilla\Firefox\Profiles\siq8uf50.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.371:C:\Documents and Settings\Matthew Cashman\Application Data\Mozilla\Firefox\Profiles\siq8uf50.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.372:C:\Documents and Settings\Matthew Cashman\Application Data\Mozilla\Firefox\Profiles\siq8uf50.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.373:C:\Documents and Settings\Matthew Cashman\Application Data\Mozilla\Firefox\Profiles\siq8uf50.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.374:C:\Documents and Settings\Matthew Cashman\Application Data\Mozilla\Firefox\Profiles\siq8uf50.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.375:C:\Documents and Settings\Matthew Cashman\Application Data\Mozilla\Firefox\Profiles\siq8uf50.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.376:C:\Documents and Settings\Matthew Cashman\Application Data\Mozilla\Firefox\Profiles\siq8uf50.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.377:C:\Documents and Settings\Matthew Cashman\Application Data\Mozilla\Firefox\Profiles\siq8uf50.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.378:C:\Documents and Settings\Matthew Cashman\Application Data\Mozilla\Firefox\Profiles\siq8uf50.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.379:C:\Documents and Settings\Matthew Cashman\Application Data\Mozilla\Firefox\Profiles\siq8uf50.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.380:C:\Documents and Settings\Matthew Cashman\Application Data\Mozilla\Firefox\Profiles\siq8uf50.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.381:C:\Documents and Settings\Matthew Cashman\Application Data\Mozilla\Firefox\Profiles\siq8uf50.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.382:C:\Documents and Settings\Matthew Cashman\Application Data\Mozilla\Firefox\Profiles\siq8uf50.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.383:C:\Documents and Settings\Matthew Cashman\Application Data\Mozilla\Firefox\Profiles\siq8uf50.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.384:C:\Documents and Settings\Matthew Cashman\Application Data\Mozilla\Firefox\Profiles\siq8uf50.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.385:C:\Documents and Settings\Matthew Cashman\Application Data\Mozilla\Firefox\Profiles\siq8uf50.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.386:C:\Documents and Settings\Matthew Cashman\Application Data\Mozilla\Firefox\Profiles\siq8uf50.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.387:C:\Documents and Settings\Matthew Cashman\Application Data\Mozilla\Firefox\Profiles\siq8uf50.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.388:C:\Documents and Settings\Matthew Cashman\Application Data\Mozilla\Firefox\Profiles\siq8uf50.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.389:C:\Documents and Settings\Matthew Cashman\Application Data\Mozilla\Firefox\Profiles\siq8uf50.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.390:C:\Documents and Settings\Matthew Cashman\Application Data\Mozilla\Firefox\Profiles\siq8uf50.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.391:C:\Documents and Settings\Matthew Cashman\Application Data\Mozilla\Firefox\Profiles\siq8uf50.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.392:C:\Documents and Settings\Matthew Cashman\Application Data\Mozilla\Firefox\Profiles\siq8uf50.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.393:C:\Documents and Settings\Matthew Cashman\Application Data\Mozilla\Firefox\Profiles\siq8uf50.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.394:C:\Documents and Settings\Matthew Cashman\Application Data\Mozilla\Firefox\Profiles\siq8uf50.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.395:C:\Documents and Settings\Matthew Cashman\Application Data\Mozilla\Firefox\Profiles\siq8uf50.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.396:C:\Documents and Settings\Matthew Cashman\Application Data\Mozilla\Firefox\Profiles\siq8uf50.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.397:C:\Documents and Settings\Matthew Cashman\Application Data\Mozilla\Firefox\Profiles\siq8uf50.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.398:C:\Documents and Settings\Matthew Cashman\Application Data\Mozilla\Firefox\Profiles\siq8uf50.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.477:C:\Documents and Settings\Matthew Cashman\Application Data\Mozilla\Firefox\Profiles\siq8uf50.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.580:C:\Documents and Settings\Matthew Cashman\Application Data\Mozilla\Firefox\Profiles\siq8uf50.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.657:C:\Documents and Settings\Matthew Cashman\Application Data\Mozilla\Firefox\Profiles\siq8uf50.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.666:C:\Documents and Settings\Matthew Cashman\Application Data\Mozilla\Firefox\Profiles\siq8uf50.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.675:C:\Documents and Settings\Matthew Cashman\Application Data\Mozilla\Firefox\Profiles\siq8uf50.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.422:C:\Documents and Settings\Matthew Cashman\Application Data\Mozilla\Firefox\Profiles\siq8uf50.default\cookies.txt -> TrackingCookie.Ad-flow : Cleaned with backup (quarantined).
:mozilla.423:C:\Documents and Settings\Matthew Cashman\Application Data\Mozilla\Firefox\Profiles\siq8uf50.default\cookies.txt -> TrackingCookie.Ad-flow : Cleaned with backup (quarantined).
:mozilla.424:C:\Documents and Settings\Matthew Cashman\Application Data\Mozilla\Firefox\Profiles\siq8uf50.default\cookies.txt -> TrackingCookie.Ad-flow : Cleaned with backup (quarantined).
:mozilla.421:C:\Documents and Settings\Matthew Cashman\Application Data\Mozilla\Firefox\Profiles\siq8uf50.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).
:mozilla.302:C:\Documents and Settings\Matthew Cashman\Application Data\Mozilla\Firefox\Profiles\siq8uf50.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.303:C:\Documents and Settings\Matthew Cashman\Application Data\Mozilla\Firefox\Profiles\siq8uf50.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.304:C:\Documents and Settings\Matthew Cashman\Application Data\Mozilla\Firefox\Profiles\siq8uf50.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.305:C:\Documents and Settings\Matthew Cashman\Application Data\Mozilla\Firefox\Profiles\siq8uf50.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.306:C:\Documents and Settings\Matthew Cashman\Application Data\Mozilla\Firefox\Profiles\siq8uf50.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.307:C:\Documents and Settings\Matthew Cashman\Application Data\Mozilla\Firefox\Profiles\siq8uf50.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.757:C:\Documents and Settings\Matthew Cashman\Application Data\Mozilla\Firefox\Profiles\siq8uf50.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup (quarantined).
:mozilla.758:C:\Documents and Settings\Matthew Cashman\Application Data\Mozilla\Firefox\Profiles\siq8uf50.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup (quarantined).
:mozilla.759:C:\Documents and Settings\Matthew Cashman\Application Data\Mozilla\Firefox\Profiles\siq8uf50.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup (quarantined).
:mozilla.437:C:\Documents and Settings\Matthew Cashman\Application Data\Mozilla\Firefox\Profiles\siq8uf50.default\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup (quarantined).
:mozilla.438:C:\Documents and Settings\Matthew Cashman\Application Data\Mozilla\Firefox\Profiles\siq8uf50.default\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup (quarantined).
:mozilla.64:C:\Documents and Settings\Matthew Cashman\Application Data\Mozilla\Firefox\Profiles\siq8uf50.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.65:C:\Documents and Settings\Matthew Cashman\Application Data\Mozilla\Firefox\Profiles\siq8uf50.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.66:C:\Documents and Settings\Matthew Cashman\Application Data\Mozilla\Firefox\Profiles\siq8uf50.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.67:C:\Documents and Settings\Matthew Cashman\Application Data\Mozilla\Firefox\Profiles\siq8uf50.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.68:C:\Documents and Settings\Matthew Cashman\Application Data\Mozilla\Firefox\Profiles\siq8uf50.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.21:C:\Documents and Settings\Matthew Cashman\Application Data\Mozilla\Firefox\Profiles\siq8uf50.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
:mozilla.177:C:\Documents and Settings\Matthew Cashman\Application Data\Mozilla\Firefox\Profiles\siq8uf50.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup (quarantined).
:mozilla.178:C:\Documents and Settings\Matthew Cashman\Application Data\Mozilla\Firefox\Profiles\siq8uf50.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup (quarantined).
:mozilla.195:C:\Documents and Settings\Matthew Cashman\Application Data\Mozilla\Firefox\Profiles\siq8uf50.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned with backup (quarantined).
:mozilla.157:C:\Documents and Settings\Matthew Cashman\Application Data\Mozilla\Firefox\Profiles\siq8uf50.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
:mozilla.161:C:\Documents and Settings\Matthew Cashman\Application Data\Mozilla\Firefox\Profiles\siq8uf50.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
:mozilla.166:C:\Documents and Settings\Matthew Cashman\Application Data\Mozilla\Firefox\Profiles\siq8uf50.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
:mozilla.167:C:\Documents and Settings\Matthew Cashman\Application Data\Mozilla\Firefox\Profiles\siq8uf50.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
:mozilla.100:C:\Documents and Settings\Matthew Cashman\Application Data\Mozilla\Firefox\Profiles\siq8uf50.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.101:C:\Documents and Settings\Matthew Cashman\Application Data\Mozilla\Firefox\Profiles\siq8uf50.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.102:C:\Documents and Settings\Matthew Cashman\Application Data\Mozilla\Firefox\Profiles\siq8uf50.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.103:C:\Documents and Settings\Matthew Cashman\Application Data\Mozilla\Firefox\Profiles\siq8uf50.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.104:C:\Documents and Settings\Matthew Cashman\Application Data\Mozilla\Firefox\Profiles\siq8uf50.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.99:C:\Documents and Settings\Matthew Cashman\Application Data\Mozilla\Firefox\Profiles\siq8uf50.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.335:C:\Documents and Settings\Matthew Cashman\Application Data\Mozilla\Firefox\Profiles\siq8uf50.default\cookies.txt -> TrackingCookie.Clickbank : Cleaned with backup (quarantined).
:mozilla.310:C:\Documents and Settings\Matthew Cashman\Application Data\Mozilla\Firefox\Profiles\siq8uf50.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup (quarantined).
:mozilla.294:C:\Documents and Settings\Matthew Cashman\Application Data\Mozilla\Firefox\Profiles\siq8uf50.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned with backup (quarantined).
:mozilla.295:C:\Documents and Settings\Matthew Cashman\Application Data\Mozilla\Firefox\Profiles\siq8uf50.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned with backup (quarantined).
:mozilla.296:C:\Documents and Settings\Matthew Cashman\Application Data\Mozilla\Firefox\Profiles\siq8uf50.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned with backup (quarantined).
:mozilla.37:C:\Documents and Settings\Matthew Cashman\Application Data\Mozilla\Firefox\Profiles\siq8uf50.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
:mozilla.560:C:\Documents and Settings\Matthew Cashman\Application Data\Mozilla\Firefox\Profiles\siq8uf50.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.561:C:\Documents and Settings\Matthew Cashman\Application Data\Mozilla\Firefox\Profiles\siq8uf50.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.562:C:\Documents and Settings\Matthew Cashman\Application Data\Mozilla\Firefox\Profiles\siq8uf50.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.563:C:\Documents and Settings\Matthew Cashman\Application Data\Mozilla\Firefox\Profiles\siq8uf50.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.564:C:\Documents and Settings\Matthew Cashman\Application Data\Mozilla\Firefox\Profiles\siq8uf50.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.565:C:\Documents and Settings\Matthew Cashman\Application Data\Mozilla\Firefox\Profiles\siq8uf50.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.432:C:\Documents and Settings\Matthew Cashman\Application Data\Mozilla\Firefox\Profiles\siq8uf50.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup (quarantined).
:mozilla.433:C:\Documents and Settings\Matthew Cashman\Application Data\Mozilla\Firefox\Profiles\siq8uf50.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup (quarantined).
:mozilla.434:C:\Documents and Settings\Matthew Cashman\Application Data\Mozilla\Firefox\Profiles\siq8uf50.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup (quarantined).
:mozilla.435:C:\Documents and Settings\Matthew Cashman\Application Data\Mozilla\Firefox\Profiles\siq8uf50.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup (quarantined).
:mozilla.449:C:\Documents and Settings\Matthew Cashman\Application Data\Mozilla\Firefox\Profiles\siq8uf50.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.94:C:\Documents and Settings\Matthew Cashman\Application Data\Mozilla\Firefox\Profiles\siq8uf50.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
:mozilla.96:C:\Documents and Settings\Matthew Cashman\Application Data\Mozilla\Firefox\Profiles\siq8uf50.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
:mozilla.97:C:\Documents and Settings\Matthew Cashman\Application Data\Mozilla\Firefox\Profiles\siq8uf50.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
:mozilla.314:C:\Documents and Settings\Matthew Cashman\Application Data\Mozilla\Firefox\Profiles\siq8uf50.default\cookies.txt -> TrackingCookie.Findwhat : Cleaned with backup (quarantined).
:mozilla.320:C:\Documents and Settings\Matthew Cashman\Application Data\Mozilla\Firefox\Profiles\siq8uf50.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup (quarantined).
:mozilla.337:C:\Documents and Settings\Matthew Cashman\Application Data\Mozilla\Firefox\Profiles\siq8uf50.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup (quarantined).
:mozilla.340:C:\Documents and Settings\Matthew Cashman\Application Data\Mozilla\Firefox\Profiles\siq8uf50.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup (quarantined).
:mozilla.863:C:\Documents and Settings\Matthew Cashman\Application Data\Mozilla\Firefox\Profiles\siq8uf50.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup (quarantined).
:mozilla.864:C:\Documents and Settings\Matthew Cashman\Application Data\Mozilla\Firefox\Profiles\siq8uf50.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup (quarantined).
:mozilla.132:C:\Documents and Settings\Matthew Cashman\Application Data\Mozilla\Firefox\Profiles\siq8uf50.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.133:C:\Documents and Settings\Matthew Cashman\Application Data\Mozilla\Firefox\Profiles\siq8uf50.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.134:C:\Documents and Settings\Matthew Cashman\Application Data\Mozilla\Firefox\Profiles\siq8uf50.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.135:C:\Documents and Settings\Matthew Cashman\Application Data\Mozilla\Firefox\Profiles\siq8uf50.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.136:C:\Documents and Settings\Matthew Cashman\Application Data\Mozilla\Firefox\Profiles\siq8uf50.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.138:C:\Documents and Settings\Matthew Cashman\Application Data\Mozilla\Firefox\Profiles\siq8uf50.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.248:C:\Documents and Settings\Matthew Cashman\Application Data\Mozilla\Firefox\Profiles\siq8uf50.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.249:C:\Documents and Settings\Matthew Cashman\Application Data\Mozilla\Firefox\Profiles\siq8uf50.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.250:C:\Documents and Settings\Matthew Cashman\Application Data\Mozilla\Firefox\Profiles\siq8uf50.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.251:C:\Documents and Settings\Matthew Cashman\Application Data\Mozilla\Firefox\Profiles\siq8uf50.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.252:C:\Documents and Settings\Matthew Cashman\Application Data\Mozilla\Firefox\Profiles\siq8uf50.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.313:C:\Documents and Settings\Matthew Cashman\Application Data\Mozilla\Firefox\Profiles\siq8uf50.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).
:mozilla.809:C:\Documents and Settings\Matthew Cashman\Application Data\Mozilla\Firefox\Profiles\siq8uf50.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).
:mozilla.810:C:\Documents and Settings\Matthew Cashman\Application Data\Mozilla\Firefox\Profiles\siq8uf50.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).
:mozilla.811:C:\Documents and Settings\Matthew Cashman\Application Data\Mozilla\Firefox\Profiles\siq8uf50.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).
:mozilla.812:C:\Documents and Settings\Matthew Cashman\Application Data\Mozilla\Firefox\Profiles\siq8uf50.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).
:mozilla.813:C:\Documents and Settings\Matthew Cashman\Application Data\Mozilla\Firefox\Profiles\siq8uf50.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).
:mozilla.814:C:\Documents and Settings\Matthew Cashman\Application Data\Mozilla\Firefox\Profiles\siq8uf50.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).
:mozilla.798:C:\Documents and Settings\Matthew Cashman\Application Data\Mozilla\Firefox\Profiles\siq8uf50.default\cookies.txt -> TrackingCookie.Masterstats : Cleaned with backup (quarantined).
:mozilla.196:C:\Documents and Settings\Matthew Cashman\Application Data\Mozilla\Firefox\Profiles\siq8uf50.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup (quarantined).
:mozilla.22:C:\Documents and Settings\Matthew Cashman\Application Data\Mozilla\Firefox\Profiles\siq8uf50.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
:mozilla.23:C:\Documents and Settings\Matthew Cashman\Application Data\Mozilla\Firefox\Profiles\siq8uf50.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
:mozilla.665:C:\Documents and Settings\Matthew Cashman\Application Data\Mozilla\Firefox\Profiles\siq8uf50.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
:mozilla.169:C:\Documents and Settings\Matthew Cashman\Application Data\Mozilla\Firefox\Profiles\siq8uf50.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
:mozilla.170:C:\Documents and Settings\Matthew Cashman\Application Data\Mozilla\Firefox\Profiles\siq8uf50.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
:mozilla.171:C:\Documents and Settings\Matthew Cashman\Application Data\Mozilla\Firefox\Profiles\siq8uf50.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
:mozilla.172:C:\Documents and Settings\Matthew Cashman\Application Data\Mozilla\Firefox\Profiles\siq8uf50.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
:mozilla.173:C:\Documents and Settings\Matthew Cashman\Application Data\Mozilla\Firefox\Profiles\siq8uf50.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
:mozilla.680:C:\Documents and Settings\Matthew Cashman\Application Data\Mozilla\Firefox\Profiles\siq8uf50.default\cookies.txt -> TrackingCookie.Pro-market : Cleaned with backup (quarantined).
:mozilla.681:C:\Documents and Settings\Matthew Cashman\Application Data\Mozilla\Firefox\Profiles\siq8uf50.default\cookies.txt -> TrackingCookie.Pro-market : Cleaned with backup (quarantined).
:mozilla.682:C:\Documents and Settings\Matthew Cashman\Application Data\Mozilla\Firefox\Profiles\siq8uf50.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned with backup (quarantined).
:mozilla.683:C:\Documents and Settings\Matthew Cashman\Application Data\Mozilla\Firefox\Profiles\siq8uf50.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned with backup (quarantined).
:mozilla.197:C:\Documents and Settings\Matthew Cashman\Application Data\Mozilla\Firefox\Profiles\siq8uf50.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
:mozilla.198:C:\Documents and Settings\Matthew Cashman\Application Data\Mozilla\Firefox\Profiles\siq8uf50.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
:mozilla.199:C:\Documents and Settings\Matthew Cashman\Application Data\Mozilla\Firefox\Profiles\siq8uf50.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
:mozilla.200:C:\Documents and Settings\Matthew Cashman\Application Data\Mozilla\Firefox\Profiles\siq8uf50.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
:mozilla.691:C:\Documents and Settings\Matthew Cashman\Application Data\Mozilla\Firefox\Profiles\siq8uf50.default\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup (quarantined).
:mozilla.572:C:\Documents and Settings\Matthew Cashman\Application Data\Mozilla\Firefox\Profiles\siq8uf50.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup (quarantined).
:mozilla.573:C:\Documents and Settings\Matthew Cashman\Application Data\Mozilla\Firefox\Profiles\siq8uf50.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup (quarantined).
:mozilla.574:C:\Documents and Settings\Matthew Cashman\Application Data\Mozilla\Firefox\Profiles\siq8uf50.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup (quarantined).
:mozilla.575:C:\Documents and Settings\Matthew Cashman\Application Data\Mozilla\Firefox\Profiles\siq8uf50.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup (quarantined).
:mozilla.576:C:\Documents and Settings\Matthew Cashman\Application Data\Mozilla\Firefox\Profiles\siq8uf50.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup (quarantined).
:mozilla.577:C:\Documents and Settings\Matthew Cashman\Application Data\Mozilla\Firefox\Profiles\siq8uf50.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup (quarantined).
:mozilla.297:C:\Documents and Settings\Matthew Cashman\Application Data\Mozilla\Firefox\Profiles\siq8uf50.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.298:C:\Documents and Settings\Matthew Cashman\Application Data\Mozilla\Firefox\Profiles\siq8uf50.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.299:C:\Documents and Settings\Matthew Cashman\Application Data\Mozilla\Firefox\Profiles\siq8uf50.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.300:C:\Documents and Settings\Matthew Cashman\Application Data\Mozilla\Firefox\Profiles\siq8uf50.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.301:C:\Documents and Settings\Matthew Cashman\Application Data\Mozilla\Firefox\Profiles\siq8uf50.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.504:C:\Documents and Settings\Matthew Cashman\Application Data\Mozilla\Firefox\Profiles\siq8uf50.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.505:C:\Documents and Settings\Matthew Cashman\Application Data\Mozilla\Firefox\Profiles\siq8uf50.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.506:C:\Documents and Settings\Matthew Cashman\Application Data\Mozilla\Firefox\Profiles\siq8uf50.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.507:C:\Documents and Settings\Matthew Cashman\Application Data\Mozilla\Firefox\Profiles\siq8uf50.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.508:C:\Documents and Settings\Matthew Cashman\Application Data\Mozilla\Firefox\Profiles\siq8uf50.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.509:C:\Documents and Settings\Matthew Cashman\Application Data\Mozilla\Firefox\Profiles\siq8uf50.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.510:C:\Documents and Settings\Matthew Cashman\Application Data\Mozilla\Firefox\Profiles\siq8uf50.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.511:C:\Documents and Settings\Matthew Cashman\Application Data\Mozilla\Firefox\Profiles\siq8uf50.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.512:C:\Documents and Settings\Matthew Cashman\Application Data\Mozilla\Firefox\Profiles\siq8uf50.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.513:C:\Documents and Settings\Matthew Cashman\Application Data\Mozilla\Firefox\Profiles\siq8uf50.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.514:C:\Documents and Settings\Matthew Cashman\Application Data\Mozilla\Firefox\Profiles\siq8uf50.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.515:C:\Documents and Settings\Matthew Cashman\Application Data\Mozilla\Firefox\Profiles\siq8uf50.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.516:C:\Documents and Settings\Matthew Cashman\Application Data\Mozilla\Firefox\Profiles\siq8uf50.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.517:C:\Documents and Settings\Matthew Cashman\Application Data\Mozilla\Firefox\Profiles\siq8uf50.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.518:C:\Documents and Settings\Matthew Cashman\Application Data\Mozilla\Firefox\Profiles\siq8uf50.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.519:C:\Documents and Settings\Matthew Cashman\Application Data\Mozilla\Firefox\Profiles\siq8uf50.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.520:C:\Documents and Settings\Matthew Cashman\Application Data\Mozilla\Firefox\Profiles\siq8uf50.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.521:C:\Documents and Settings\Matthew Cashman\Application Data\Mozilla\Firefox\Profiles\siq8uf50.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.522:C:\Documents and Settings\Matthew Cashman\Application Data\Mozilla\Firefox\Profiles\siq8uf50.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.523:C:\Documents and Settings\Matthew Cashman\Application Data\Mozilla\Firefox\Profiles\siq8uf50.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.524:C:\Documents and Settings\Matthew Cashman\Application Data\Mozilla\Firefox\Profiles\siq8uf50.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.525:C:\Documents and Settings\Matthew Cashman\Application Data\Mozilla\Firefox\Profiles\siq8uf50.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.526:C:\Documents and Settings\Matthew Cashman\Application Data\Mozilla\Firefox\Profiles\siq8uf50.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.527:C:\Documents and Settings\Matthew Cashman\Application Data\Mozilla\Firefox\Profiles\siq8uf50.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.528:C:\Documents and Settings\Matthew Cashman\Application Data\Mozilla\Firefox\Profiles\siq8uf50.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.529:C:\Documents and Settings\Matthew Cashman\Application Data\Mozilla\Firefox\Profiles\siq8uf50.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.530:C:\Documents and Settings\Matthew Cashman\Application Data\Mozilla\Firefox\Profiles\siq8uf50.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.531:C:\Documents and Settings\Matthew Cashman\Application Data\Mozilla\Firefox\Profiles\siq8uf50.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.532:C:\Documents and Settings\Matthew Cashman\Application Data\Mozilla\Firefox\Profiles\siq8uf50.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.533:C:\Documents and Settings\Matthew Cashman\Application Data\Mozilla\Firefox\Profiles\siq8uf50.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.534:C:\Documents and Settings\Matthew Cashman\Application Data\Mozilla\Firefox\Profiles\siq8uf50.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.535:C:\Documents and Settings\Matthew Cashman\Application Data\Mozilla\Firefox\Profiles\siq8uf50.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.536:C:\Documents and Settings\Matthew Cashman\Application Data\Mozilla\Firefox\Profiles\siq8uf50.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.537:C:\Documents and Settings\Matthew Cashman\Application Data\Mozilla\Firefox\Profiles\siq8uf50.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.538:C:\Documents and Settings\Matthew Cashman\Application Data\Mozilla\Firefox\Profiles\siq8uf50.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.539:C:\Documents and Settings\Matthew Cashman\Application Data\Mozilla\Firefox\Profiles\siq8uf50.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.540:C:\Documents and Settings\Matthew Cashman\Application Data\Mozilla\Firefox\Profiles\siq8uf50.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.541:C:\Documents and Settings\Matthew Cashman\Application Data\Mozilla\Firefox\Profiles\siq8uf50.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.542:C:\Documents and Settings\Matthew Cashman\Application Data\Mozilla\Firefox\Profiles\siq8uf50.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.543:C:\Documents and Settings\Matthew Cashman\Application Data\Mozilla\Firefox\Profiles\siq8uf50.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.544:C:\Documents and Settings\Matthew Cashman\Application Data\Mozilla\Firefox\Profiles\siq8uf50.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.545:C:\Documents and Settings\Matthew Cashman\Application Data\Mozilla\Firefox\Profiles\siq8uf50.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.436:C:\Documents and Settings\Matthew Cashman\Application Data\Mozilla\Firefox\Profiles\siq8uf50.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup (quarantined).
:mozilla.318:C:\Documents and Settings\Matthew Cashman\Application Data\Mozilla\Firefox\Profiles\siq8uf50.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.319:C:\Documents and Settings\Matthew Cashman\Application Data\Mozilla\Firefox\Profiles\siq8uf50.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.158:C:\Documents and Settings\Matthew Cashman\Application Data\Mozilla\Firefox\Profiles\siq8uf50.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
:mozilla.159:C:\Documents and Settings\Matthew Cashman\Application Data\Mozilla\Firefox\Profiles\siq8uf50.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
:mozilla.160:C:\Documents and Settings\Matthew Cashman\Application Data\Mozilla\Firefox\Profiles\siq8uf50.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
:mozilla.168:C:\Documents and Settings\Matthew Cashman\Application Data\Mozilla\Firefox\Profiles\siq8uf50.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
:mozilla.723:C:\Documents and Settings\Matthew Cashman\Application Data\Mozilla\Firefox\Profiles\siq8uf50.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup (quarantined).
:mozilla.76:C:\Documents and Settings\Matthew Cashman\Application Data\Mozilla\Firefox\Profiles\siq8uf50.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.77:C:\Documents and Settings\Matthew Cashman\Application Data\Mozilla\Firefox\Profiles\siq8uf50.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quaran

#4 mrc7928

mrc7928
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:50 AM

Posted 06 July 2006 - 08:42 PM

My last post was too long. Here's the remainder:

:mozilla.77:C:\Documents and Settings\Matthew Cashman\Application Data\Mozilla\Firefox\Profiles\siq8uf50.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.78:C:\Documents and Settings\Matthew Cashman\Application Data\Mozilla\Firefox\Profiles\siq8uf50.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.79:C:\Documents and Settings\Matthew Cashman\Application Data\Mozilla\Firefox\Profiles\siq8uf50.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.80:C:\Documents and Settings\Matthew Cashman\Application Data\Mozilla\Firefox\Profiles\siq8uf50.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.81:C:\Documents and Settings\Matthew Cashman\Application Data\Mozilla\Firefox\Profiles\siq8uf50.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.82:C:\Documents and Settings\Matthew Cashman\Application Data\Mozilla\Firefox\Profiles\siq8uf50.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.83:C:\Documents and Settings\Matthew Cashman\Application Data\Mozilla\Firefox\Profiles\siq8uf50.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.84:C:\Documents and Settings\Matthew Cashman\Application Data\Mozilla\Firefox\Profiles\siq8uf50.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.85:C:\Documents and Settings\Matthew Cashman\Application Data\Mozilla\Firefox\Profiles\siq8uf50.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.281:C:\Documents and Settings\Matthew Cashman\Application Data\Mozilla\Firefox\Profiles\siq8uf50.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
:mozilla.287:C:\Documents and Settings\Matthew Cashman\Application Data\Mozilla\Firefox\Profiles\siq8uf50.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
:mozilla.288:C:\Documents and Settings\Matthew Cashman\Application Data\Mozilla\Firefox\Profiles\siq8uf50.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
:mozilla.289:C:\Documents and Settings\Matthew Cashman\Application Data\Mozilla\Firefox\Profiles\siq8uf50.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
:mozilla.290:C:\Documents and Settings\Matthew Cashman\Application Data\Mozilla\Firefox\Profiles\siq8uf50.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
:mozilla.291:C:\Documents and Settings\Matthew Cashman\Application Data\Mozilla\Firefox\Profiles\siq8uf50.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
:mozilla.292:C:\Documents and Settings\Matthew Cashman\Application Data\Mozilla\Firefox\Profiles\siq8uf50.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
:mozilla.86:C:\Documents and Settings\Matthew Cashman\Application Data\Mozilla\Firefox\Profiles\siq8uf50.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.87:C:\Documents and Settings\Matthew Cashman\Application Data\Mozilla\Firefox\Profiles\siq8uf50.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.88:C:\Documents and Settings\Matthew Cashman\Application Data\Mozilla\Firefox\Profiles\siq8uf50.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.89:C:\Documents and Settings\Matthew Cashman\Application Data\Mozilla\Firefox\Profiles\siq8uf50.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.90:C:\Documents and Settings\Matthew Cashman\Application Data\Mozilla\Firefox\Profiles\siq8uf50.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.91:C:\Documents and Settings\Matthew Cashman\Application Data\Mozilla\Firefox\Profiles\siq8uf50.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.92:C:\Documents and Settings\Matthew Cashman\Application Data\Mozilla\Firefox\Profiles\siq8uf50.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.93:C:\Documents and Settings\Matthew Cashman\Application Data\Mozilla\Firefox\Profiles\siq8uf50.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.95:C:\Documents and Settings\Matthew Cashman\Application Data\Mozilla\Firefox\Profiles\siq8uf50.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.761:C:\Documents and Settings\Matthew Cashman\Application Data\Mozilla\Firefox\Profiles\siq8uf50.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
:mozilla.762:C:\Documents and Settings\Matthew Cashman\Application Data\Mozilla\Firefox\Profiles\siq8uf50.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
:mozilla.763:C:\Documents and Settings\Matthew Cashman\Application Data\Mozilla\Firefox\Profiles\siq8uf50.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).


::Report end

Panda Scan Results:


Incident Status Location

Adware:Adware/PurityScan Not disinfected c:\progra~1\icroso~1\alg.exe
Adware:Adware/PurityScan Not disinfected c:\windows\system32\?ystem32\m?hta.exe
Adware:Adware/SuperSpider Not disinfected C:\WINDOWS\system32\wintwt32.dll
Adware:adware/yazzle Not disinfected Windows Registry
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Matthew Cashman\Application Data\Mozilla\Firefox\Profiles\siq8uf50.default\cookies.txt[.go.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Matthew Cashman\Application Data\Mozilla\Firefox\Profiles\siq8uf50.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\Matthew Cashman\Application Data\Mozilla\Firefox\Profiles\siq8uf50.default\cookies.txt[.adultfriendfinder.com/]
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Matthew Cashman\Application Data\Mozilla\Firefox\Profiles\siq8uf50.default\cookies.txt[.apmebf.com/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Matthew Cashman\Application Data\Mozilla\Firefox\Profiles\siq8uf50.default\cookies.txt[.atwola.com/]
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Matthew Cashman\Application Data\Mozilla\Firefox\Profiles\siq8uf50.default\cookies.txt[.belnk.com/]
Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\Matthew Cashman\Application Data\Mozilla\Firefox\Profiles\siq8uf50.default\cookies.txt[.bravenet.com/]
Spyware:Cookie/did-it Not disinfected C:\Documents and Settings\Matthew Cashman\Application Data\Mozilla\Firefox\Profiles\siq8uf50.default\cookies.txt[.did-it.com/]
Spyware:Cookie/Entrepreneur Not disinfected C:\Documents and Settings\Matthew Cashman\Application Data\Mozilla\Firefox\Profiles\siq8uf50.default\cookies.txt[.entrepreneur.com/]
Spyware:Cookie/MediaTickets Not disinfected C:\Documents and Settings\Matthew Cashman\Application Data\Mozilla\Firefox\Profiles\siq8uf50.default\cookies.txt[.kinghost.com/]
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Matthew Cashman\Application Data\Mozilla\Firefox\Profiles\siq8uf50.default\cookies.txt[.maxserving.com/]
Spyware:Cookie/Peel Not disinfected C:\Documents and Settings\Matthew Cashman\Application Data\Mozilla\Firefox\Profiles\siq8uf50.default\cookies.txt[.peel.com/]
Spyware:Cookie/Target Not disinfected C:\Documents and Settings\Matthew Cashman\Application Data\Mozilla\Firefox\Profiles\siq8uf50.default\cookies.txt[.target.com/]
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Matthew Cashman\Desktop\smitRem\Process.exe
Adware:Adware/PurityScan Not disinfected C:\Documents and Settings\Matthew Cashman\Local Settings\Temp\!update.exe
Adware:Adware/PurityScan Not disinfected C:\Documents and Settings\Matthew Cashman\Local Settings\Temporary Internet Files\Content.IE5\4L2F6BC1\!update-4095[1].0000
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Matthew Cashman\My Documents\smitRem.exe[smitRem/Process.exe]
Adware:Adware/PurityScan Not disinfected C:\Program Files\?icrosoft\alg.exe

#5 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 07 July 2006 - 06:11 AM

Open FireFox and Click Tools--> Options--> Privacy

Click Clear by everything but Saved Passwords.

Can you repost the Panda log,it got cut off at this entry

Adware:Adware/PurityScan Not disinfected C:\Program Files\?icrosoft\alg.exe


Please post an uninstall list,
  • Start HijackThis
  • Click on the Config button
  • Click on the Misc Tools button
  • Click on the Open Uninstall Manager button.
  • Click on the Save list... button and specify where you would like to save this file.
  • When you press Save button a notepad will open with the contents of that file.
  • Simply copy and paste the contents of that notepad into this topic please.


#6 mrc7928

mrc7928
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:50 AM

Posted 08 July 2006 - 11:37 AM

Cleared everything except for the saved passwords.

The Panda log saved on my computer is the same as the one posted and does not continue below what I had pasted so I ran it again and created a new log. Here it is:



Incident Status Location

Adware:Adware/PurityScan Not disinfected c:\windows\system32\?ystem32\m?hta.exe
Adware:Adware/SuperSpider Not disinfected C:\WINDOWS\system32\wintwt32.dll
Adware:adware/yazzle Not disinfected Windows Registry
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Matthew Cashman\Application Data\Mozilla\Firefox\Profiles\siq8uf50.default\cookies.txt[.go.com/]
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Matthew Cashman\Desktop\smitRem\Process.exe
Adware:Adware/PurityScan Not disinfected C:\Documents and Settings\Matthew Cashman\Local Settings\Temp\!update.exe
Adware:Adware/PurityScan Not disinfected C:\Documents and Settings\Matthew Cashman\Local Settings\Temporary Internet Files\Content.IE5\4L2F6BC1\!update-4095[1].0000
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Matthew Cashman\My Documents\smitRem.exe[smitRem/Process.exe]



Here is the hijack this uninstall log:

Ad-Aware SE Personal
Adobe Photoshop 7.0
Adobe Reader 7.0.5
AOL Uninstaller (Choose which Products to Remove)
ATI - Software Uninstall Utility
ATI Display Driver
BlackBerry Desktop Software 4.0
BlackBerry Desktop Software 4.0
CA eTrust EZ Antivirus
Canon Camera Window for ZoomBrowser EX
Canon i960
Canon PhotoRecord
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Utilities Easy-PhotoPrint
Canon Utilities Easy-PhotoPrint Plus
Canon Utilities ZoomBrowser EX
Citi Virtual Account Numbers
ComproDVD
ComproFM
ComproPVR
Diablo II
DVD Decrypter (Remove Only)
DVD Shrink 3.2
ewido anti-spyware 4.0
exPressit S.E. 2.1
Full Tilt Poker
Golden Tee Golf Course Addon #1
Google Video Player
HijackThis 1.99.1
J2SE Runtime Environment 5.0 Update 6
Logitech Harmony Remote Client
Macromedia Flash Player 8
Macromedia Shockwave Player
Microsoft Office XP Professional with FrontPage
Mozilla Firefox (1.5.0.4)
Nero 6 Ultra Edition
NETGEAR WG311v2 802.11g Wireless PCI Adapter
Panda ActiveScan
PartyPoker
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918439)
Soldat 1.3.1
SoundMAX
Spybot - Search & Destroy 1.4
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB910437)
VideoMate TV driver
Viewpoint Media Player
Winamp (remove only)
Windows Installer 3.1 (KB893803)
Windows Media Encoder 9 Series
Windows Media Encoder 9 Series
Windows NT Messaging
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Service Pack 2
WinRAR archiver
WinZip




#7 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 09 July 2006 - 07:03 AM

Please download the Killbox by Option^Explicit.

Note: In the event you already have Killbox, this is a new version that I need you to download.
  • Save it to your desktop.
  • Please double-click Killbox.exe to run it.
  • Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

    C:\WINDOWS\system32\wintwt32.dll

  • Return to Killbox, go to the File menu, and choose Paste from Clipboard.
  • Select Delete on Reboot and Unregister .dll before Deleting
  • then Click on the All Files button.
  • Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).
If your computer does not restart automatically, please restart it manually.

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run Killbox, click here to download and run missingfilesetup.exe. Then try Killbox again.


Restart Normal and Open HijackThis-> Click "Do a System Scan Only" and put a check by these but DO NOT hit the Fix Checked button yet

O20 - Winlogon Notify: wintwt32 - C:\WINDOWS\SYSTEM32\wintwt32.dll

Now Make sure ALL WINDOWS and BROWSERS are CLOSED and hit the Fix Checked Button



Now,Navigate Here--> Download and Run the OuterInfo Uninstaller.


Restart the Machine and post back with a fresh HijackThis log.

#8 mrc7928

mrc7928
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  

Posted 09 July 2006 - 09:39 AM

Thanks again for all your help.

Ran Killbox and did not get any errors after deleting the file.

Ran Hijack this and fixed the file listed below.

Ran the outer info uninstaller.

Here's my new Hijack This log:


Logfile of HijackThis v1.99.1
Scan saved at 10:34:42 AM, on 7/9/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\ISafe.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\VetMsg.exe
C:\Program Files\Common Files\AOL\1137955663\ee\AOLSoftware.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Citi Virtual Account Numbers\CitiVAN.exe
C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVTray.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVRID.exe
C:\WINDOWS\system32\?ystem32\m?hta.exe
C:\PROGRA~1\ICROSO~1\alg.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\VideoMate\ComproPVR\ComproPVR.exe
C:\Program Files\VideoMate\ComproPVR\Common\ComproRemote.exe
C:\Program Files\NETGEAR WG311v2 Adapter\wlancfg5.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HijackThis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: CitiUSBrowserHelper Class - {387EDF53-1CF2-4523-BC2F-13462651BE8C} - C:\WINDOWS\system32\BhoCitUS.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1137955663\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [CitiVAN] C:\Program Files\Citi Virtual Account Numbers\CitiVAN.exe /dontopenmycards
O4 - HKLM\..\Run: [CaISSDT] "C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe"
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKCU\..\Run: [Kzieewon] C:\WINDOWS\system32\?ystem32\m?hta.exe
O4 - HKCU\..\Run: [Taua] "C:\PROGRA~1\ICROSO~1\alg.exe" -vt ndrv
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: ComproPVR Schedule.lnk = ?
O4 - Global Startup: ComproRemote.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NETGEAR WG311v2 Smart Configuration.lnk = C:\Program Files\NETGEAR WG311v2 Adapter\wlancfg5.exe
O4 - Global Startup: TweakYC.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Citi - {4C730913-3961-439b-83D5-F4E445520422} - C:\Program Files\Citi Virtual Account Numbers\CitiVAN.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\GameClient.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1123
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/shock...ash/swflash.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\smss.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\ISafe.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\VetMsg.exe

#9 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 09 July 2006 - 01:15 PM

Looks like the Uninstaller didnt work.


Go to Safe Mode and Open Killbox

Copy&Paste each entry below,one at a time,into Killbox

C:\WINDOWS\system32\system32

C:\Program Files\Microsoft


If the folder exist,the name will light up in blue inside Killbox

For each entry,place a tick by any of these selections available

"Standard File Kill"
"End Explorer Shell while Killing File"
"Unregister .dll before Deleting"
"Deltree(Include Subdirectories)"


Click the Red Circle with the White X in the Middle to Delete


Open HijackThis-> Click "Do a System Scan Only" and put a check by these but DO NOT hit the Fix Checked button yet

O4 - HKCU\..\Run: [Kzieewon] C:\WINDOWS\system32\?ystem32\m?hta.exe

O4 - HKCU\..\Run: [Taua] "C:\PROGRA~1\ICROSO~1\alg.exe" -vt ndrv

O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1123

O20 - AppInit_DLLs: C:\WINDOWS\system32\smss.dll

Now Make sure ALL WINDOWS and BROWSERS are CLOSED and hit the Fix Checked Button


Use Killbox again,this time use Delete on Reboot and Unregister .dll before Deleting options.

Delete this file on reboot--> C:\WINDOWS\system32\smss.dll


Restart Normal and Please run the F-Secure Online Scanner

Note: This Scanner is for Internet Explorer Only!
  • Follow the Instruction on the F-Secure page for proper installation.
  • Accept the License Agreement.
  • Once the ActiveX installs,Click Full System Scan
  • Once the download completes,the scan will begin automatically.
  • The scan will take some time to finish,so please be patient.
  • When the scan completes, click the Automatic cleaning (recommended) button.
  • Click the Show Report button and Copy&Paste the entire report in your next reply along with a fresh HijackThis log.


#10 mrc7928

mrc7928
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:50 AM

Posted 10 July 2006 - 08:29 PM

Tried using Killbox to delete C:\windows\system32\system32 and c:\Program Files\Microsoft. Neither showed up blue or allowed me to delete.

Did Hijack This scan.

Tried to fix 4 listed files from your previous post and got the following error:


{\rtf1\ansi\ansicpg1252\deff0\deflang1033{\fonttbl{\f0\fswiss\fcharset0 Arial;}}
{\*\generator Msftedit 5.41.15.1507;}\viewkind4\uc1\pard\f0\fs20 An unexpected error has occurred at procedure: modBackup_MakeBackup(sItem=O20 - AppInit_DLLs: C:\\WINDOWS\\system32\\smss.dll)\par
Error #5 - Invalid procedure call or argument\par
\par
Please email me at merijn@spywareinfo.com, reporting the following:\par
* What you were trying to fix when the error occurred, if applicable\par
* How you can reproduce the error\par
* A complete HijackThis scan log, if possible\par
\par
Windows version: Windows NT 5.01.2600\par
MSIE version: 6.0.2900.2180\par
HijackThis version: 1.99.1\par
\par
This message has been copied to your clipboard.\par
Click OK to continue the rest of the scan.\par
}

Clicked OKAY and it continued with fix.

Deleted and unregistered c:\windows\system32\smss.dll

Ran the f-secure scanner and below is the log


Sunday, July 09, 2006 22:30:29 - 06:46:30

Computer name: MATT
Scanning type: Scan system for viruses, rootkits, spyware
Target: C:\
Result: 2 malware found
ClickSpring (spyware)

* System (Disinfected)

Trojan-Downloader.Win32.PurityScan.co (virus)

* C:\PROGRAM FILES\?ICROSOFT\ALG.EXE

Statistics
Scanned:

* Files: 20657
* System: 3790
* Not scanned: 2

Actions:

* Disinfected: 1
* Renamed: 0
* Deleted: 0
* None: 1
* Submitted: 0

Files not scanned:

* C:\PAGEFILE.SYS
* C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT

Ran the automatic cleaning.

Ran hijack this and below is the report:


Logfile of HijackThis v1.99.1
Scan saved at 10:34:42 AM, on 7/9/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\ISafe.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\VetMsg.exe
C:\Program Files\Common Files\AOL\1137955663\ee\AOLSoftware.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Citi Virtual Account Numbers\CitiVAN.exe
C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVTray.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVRID.exe
C:\WINDOWS\system32\?ystem32\m?hta.exe
C:\PROGRA~1\ICROSO~1\alg.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\VideoMate\ComproPVR\ComproPVR.exe
C:\Program Files\VideoMate\ComproPVR\Common\ComproRemote.exe
C:\Program Files\NETGEAR WG311v2 Adapter\wlancfg5.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HijackThis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: CitiUSBrowserHelper Class - {387EDF53-1CF2-4523-BC2F-13462651BE8C} - C:\WINDOWS\system32\BhoCitUS.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1137955663\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [CitiVAN] C:\Program Files\Citi Virtual Account Numbers\CitiVAN.exe /dontopenmycards
O4 - HKLM\..\Run: [CaISSDT] "C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe"
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKCU\..\Run: [Kzieewon] C:\WINDOWS\system32\?ystem32\m?hta.exe
O4 - HKCU\..\Run: [Taua] "C:\PROGRA~1\ICROSO~1\alg.exe" -vt ndrv
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: ComproPVR Schedule.lnk = ?
O4 - Global Startup: ComproRemote.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NETGEAR WG311v2 Smart Configuration.lnk = C:\Program Files\NETGEAR WG311v2 Adapter\wlancfg5.exe
O4 - Global Startup: TweakYC.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Citi - {4C730913-3961-439b-83D5-F4E445520422} - C:\Program Files\Citi Virtual Account Numbers\CitiVAN.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\GameClient.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1123
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/shock...ash/swflash.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\smss.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\ISafe.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\VetMsg.exe

Edited by mrc7928, 10 July 2006 - 08:30 PM.


#11 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 11 July 2006 - 04:58 AM

Lets see what is in your program files folder...

Click start> run> type cmd.exe and hit enter.

Copy this line:

dir "C:\program files" /a > pgfiles.txt & start pgfiles.txt

Paste it into the open cmd window & hit enter.

Notepad should popup with log.
Please post its contents.

#12 mrc7928

mrc7928
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  

Posted 11 July 2006 - 05:56 AM

Volume in drive C is WD HD
Volume Serial Number is C56D-05A0

Directory of C:\program files

07/11/2006 06:55 AM <DIR> .
07/11/2006 06:55 AM <DIR> ..
01/28/2006 05:20 PM <DIR> Adobe
01/22/2006 10:08 PM <DIR> Ahead
01/22/2006 02:56 PM <DIR> Analog Devices
06/24/2006 09:51 AM <DIR> AOD
06/24/2006 09:51 AM <DIR> AOL
01/22/2006 02:39 PM <DIR> ATI Technologies
03/29/2006 09:57 PM <DIR> CA
01/22/2006 03:05 PM <DIR> Canon
07/08/2006 08:37 AM <DIR> Citi Virtual Account Numbers
07/04/2006 02:08 PM <DIR> Common Files
01/22/2006 02:07 PM <DIR> ComPlus Applications
01/22/2006 02:53 PM <DIR> Compro
01/22/2006 02:53 PM <DIR> CyberLink
05/06/2006 05:34 PM <DIR> Diablo II
04/25/2006 04:37 PM <DIR> DVD Decrypter
02/02/2006 01:25 PM <DIR> DVD Shrink
07/09/2006 05:50 AM <DIR> ewido anti-spyware 4.0
06/20/2006 02:36 PM <DIR> exPressit S.E. 2.1
05/18/2006 11:46 AM <DIR> Full Tilt Poker
01/28/2006 09:10 PM <DIR> Google
07/09/2006 09:40 PM <DIR> HijackThis
04/17/2006 07:46 PM <DIR> InstallShield Installation Information
07/08/2006 08:39 AM <DIR> Internet Explorer
01/24/2006 05:10 PM <DIR> Java
07/04/2006 10:32 PM <DIR> Lavasoft
02/05/2006 04:41 PM <DIR> Logitech
01/22/2006 05:30 PM <DIR> Messenger
01/22/2006 05:34 PM <DIR> Microsoft ActiveSync
01/22/2006 02:10 PM <DIR> microsoft frontpage
01/22/2006 05:34 PM <DIR> Microsoft Office
01/22/2006 02:21 PM <DIR> Movie Maker
07/11/2006 06:47 AM <DIR> Mozilla Firefox
01/22/2006 02:07 PM <DIR> MSN
01/22/2006 02:07 PM <DIR> MSN Gaming Zone
07/08/2006 08:40 AM <DIR> NETGEAR WG311v2 Adapter
01/22/2006 02:19 PM <DIR> NetMeeting
01/22/2006 02:09 PM <DIR> Online Services
04/16/2006 08:20 PM <DIR> Outlook Express
07/03/2006 01:26 PM <DIR> PartyGaming
01/22/2006 03:05 PM <DIR> RAW Image Task
01/22/2006 03:05 PM <DIR> RemoteCapture Task
07/04/2006 10:43 AM <DIR> Research In Motion
07/04/2006 02:17 PM <DIR> Spybot - Search & Destroy
01/22/2006 02:13 PM <DIR> Uninstall Information
04/17/2006 07:46 PM <DIR> VideoMate
06/24/2006 09:51 AM <DIR> Viewpoint
01/22/2006 10:08 PM <DIR> Winamp
01/22/2006 02:45 PM <DIR> Windows Media Components
02/17/2006 04:01 AM <DIR> Windows Media Player
06/13/2006 09:10 PM <DIR> Windows NT
01/22/2006 02:07 PM <DIR> WindowsUpdate
07/08/2006 08:41 AM <DIR> WinRAR
07/08/2006 08:41 AM <DIR> WinZip
01/22/2006 02:10 PM <DIR> xerox
0 File(s) 0 bytes
56 Dir(s) 216,679,809,024 bytes free

#13 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 12 July 2006 - 03:38 AM

Lets try this another way.

Copy the text below to a blank notepad page and save it to the desktop with the name find.bat


dir \alg.exe /a h /s > File.txt


Double Click find.bat and wait for the dos window to close.

File.txt should automatically appear on the desktop,post the entire contents of that text file in the next reply.

#14 mrc7928

mrc7928
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:50 AM

Posted 12 July 2006 - 06:44 AM

Volume in drive C is WD HD
Volume Serial Number is C56D-05A0

Directory of C:\WINDOWS\$NtServicePackUninstall$

08/28/2002 11:41 PM 41,984 alg.exe
1 File(s) 41,984 bytes

Directory of C:\WINDOWS\ServicePackFiles\i386

08/04/2004 01:56 AM 44,544 alg.exe
1 File(s) 44,544 bytes

Directory of C:\WINDOWS\system32

08/04/2004 01:56 AM 44,544 alg.exe
1 File(s) 44,544 bytes

#15 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 12 July 2006 - 02:43 PM

Now this is getting interesting,havent had this much trouble with purity in a while!


Lets see what is in your program files\common files folder...

Click start> run> type cmd.exe and hit enter.

Copy this line:

dir "C:\program files\common files" /a > pgfiles.txt & start pgfiles.txt

Paste it into the open cmd window & hit enter.

Notepad should popup with log.
Please post its contents.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users