Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

ebaycamel? huh? hijackthis log for your perusal [RESOLVED]

Started by noseguy , Mar 13 2006 12:40 AM

  • This topic is locked This topic is locked

#1
noseguy
Posted 13 March 2006 - 12:40 AM

noseguy

    Member

  • Member
  • PipPip
  • 14 posts
-Middle schooler got hold of my computer recently, and things are real sludgy lately..
-I don't see a lot of obvious pop-ups, but I know something has taken hold..
One thing I noticed, when I click on my ebay bookmark in internet explorer (I know, I should use firefox), I get a page that says

'http://www.shoppingcamel.com/go/ebay/'

and asks me to choose a language..
I close this window and click the bookmark again, and all is fine..
I ran Spybot and Adaware, but it still comes back... -I didn't find much of anything on a google...

ANYWAYZ..
-here's my HijackThis log. Any help is greatly appreciated..
-Thanks!


Logfile of HijackThis v1.99.1
Scan saved at 10:29:34 PM, on 3/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Nhksrv.exe
C:\PROGRAM FILES\AVPERSONAL\AVGUARD.EXE
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\system32\RioMSC.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\MMKeybd.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\AVPersonal\AVGNT.EXE
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Netropa\Traymon.exe
C:\Program Files\Netropa\OSD.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\Microsoft Works\MSWorks.exe
C:\Documents and Settings\Claire1\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com
N3 - Netscape 7: user_pref("browser.startup.homepage", "www.yahoo.com"); (C:\Documents and Settings\Claire1\Application Data\Mozilla\Profiles\default\mvamvuqz.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Claire1\Application Data\Mozilla\Profiles\default\mvamvuqz.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: GoogleCatch.clsIESpy - {4508E20C-ACAD-11D2-9FC0-00550076E06F} - C:\Program Files\2search\2search.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\MMKeybd.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [AVGCtrl] "C:\Program Files\AVPersonal\AVGNT.EXE" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [2Search] C:\Program Files\2search\main.exe
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Claire1\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Yahoo! Graffiti - http://download.game...ts/y/grt5_x.cab
O16 - DPF: Yahoo! Literati - http://download.game...nts/y/tt3_x.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...ry/msgrchkr.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...StatsClient.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.c...utocomplete.cab
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real...ArcadeRdxIE.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://a.download.to...8.37/ttinst.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.game...aploader_v6.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...423/mcfscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1226B63E-3162-4D9E-BD27-F9B447F4AC5B}: NameServer = 64.85.239.20,64.85.239.21
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\PROGRAM FILES\AVPERSONAL\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\WINDOWS\Nhksrv.exe
O23 - Service: Rio MSC Manager (RioMSC) - Digital Networks North America, Inc. - C:\WINDOWS\system32\RioMSC.exe

Edited by noseguy, 13 March 2006 - 12:50 AM.

  • 0

Advertisements

#2
Trevuren
Posted 13 March 2006 - 01:38 AM

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
Hi noseguy and welcome to the Geeks to Go Forums.

My name is Trevuren and I will be helping you with your log.


1. Download, install, update, configure, and run Ad-Aware SE Personal 1.06.
  • Download Ad-Aware SE Personal 1.06:
  • Install Ad-Aware SE Personal 1.06:
    • Double-click on aawsepersonal.exe to install the program.
    • Follow the default settings for installation.
    • After the program has finished installing uncheck the "Perform a full system scan now", "Update definition file now", and "Open the help file now" boxes.
  • Update Ad-Aware SE Personal 1.06:
    • Double-click the Ad-Aware SE Personal icon on your desktop.
    • Click "Check for updates now" then click "Connect".
    • It will check for any updates. If any are found click "OK" to download and install the updates. Once it has finished click "Finish".
  • Configure Ad-Aware SE Personal 1.06:
    • Click on the Gear button at the top of the window.
    • Click "General" on the left hand side to display the General Settings box.
      • Make sure these items have a green check next to them. If they do not, click once on the circle next to them to put a green checkmark in it.:
        • "Automatically save logfile"
        • "Automatically quarantine objects prior to removal"
        • "Safe Mode (always request confirmation)"
        • "Prompt to update outdated definitions" - change to 7 days from the default 14.
    • Click "Scanning" on the left hand side to display the Scan Settings box.
      • Make sure these items have a green check next to them. If they do not, click once on the circle next to them to put a green checkmark in it.:
      • "Scan within archives"
      • "Select drives & folders to scan" - select your hard drive(s).
      • "Scan active processes"
      • "Scan registry"
      • "Deep-scan registry"
      • "Scan my IE favorites for banned URLs"
      • "Scan my Hosts file"
    • Click "Advanced" on the left hand side to display the Advanced Settings box.
      • Make sure these items have a green check next to them. If they do not, click once on the circle next to them to put a green checkmark in it.:
      • "Move deleted files to Recycle Bin"
      • "Include additional object information"
      • "Include negligible objects information"
      • "Include environment information"
    • Click "Defaults" on the left hand side to display the Default Settings box.
      • Make sure these items have your preferred settings in them.:
      • "Default homepage"
      • "Default searchpage"
    • Click "Tweak" on the left hand side to display the Tweak Settings box.
      • Click the + (plus) sign next to the Log Files section. This will expand the section.
      • Make sure these items have a green check next to them. If they do not, click once on the circle next to them to put a green checkmark in it.:
        • "Include basic Ad-Aware settings in log file"
        • "Include additional Ad-Aware settings in log file"
        • "Include reference summary in log file"
        • "Include alternate data stream details in log file"
      • Click the + (plus) sign next to the Scanning Engine section. This will expand the section.
      • Make sure these items have a green check next to them. If they do not, click once on the circle next to them to put a green checkmark in it.:
        • "Unload recognized processes & modules during scan"
        • "Scan registry for all users instead of current user only"
        • "Obtain command line of scanned processes"
      • Click the + (plus) sign next to the Cleaning Engine section. This will expand the section.
      • Make sure these items have a green check next to them. If they do not, click once on the circle next to them to put a green checkmark in it.:
        • "Always try to unload modules before deletion"
        • "During removal, unload Explorer and IE if necessary"
        • "Let Windows remove files in use at next reboot"
        • "Delete quarantined objects after restoring"
    • Once you are done with these settings, click "Proceed" to save them.
    • This will take you back to the main screen.
  • Run Ad-Aware SE Personal 1.06:
    • Click the "Start" button.
    • Uncheck the "Search for negligible risk entries" entry.
    • Choose the "Use custom scanning options" scan mode.
    • Click the "Next" button.
    • Ad-Aware will begin to scan for malware residing on your computer.
    • Allow the scan to finish.
    • Right-click on any entry in the list and click "Select All" to select the whole list.
    • Click "Next" and choose "OK" at the prompt to quarantine and remove the objects.
2. Please follow the instructions provided, you may want to print out these instructions and use them as a reference.
  • Please download ewido security suite it is a trial version of the program.
    • Install ewido security suite
    • When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
    • Launch ewido, there should be an icon on your desktop double-click it.
    • The program will prompt you to update click the OK button
    • The program will now go to the main screen
  • You will need to update ewido to the latest definition files.
    • On the left hand side of the main screen click update
    • Click on Start
    • The update will start and a progress bar will show the updates being installed.
  • Once the updates are installed do the following:
    • REBOOT into Safe Mode
    • Run EWIDO
    • Click on scanner
    • Click on Start Scan
    • Let the program scan the machine
    • While the scan is in progress you will be prompted to clean files, click OK
  • Once the scan has completed, there will be a button located on the bottom of the screen named Save report
    • Click Save report
    • Save the report to your desktop
  • Reboot your machine and post back a new HJT log and the ewido .txt log file you saved by using Add Reply
Regards,

Trevuren
  • 0

#3
noseguy
Posted 15 March 2006 - 01:56 AM

noseguy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Thanks for the fast response. I did as you said, here are the logs from ewido and hijackthis..
-things feel better, now..

--------------------------------------------------------------------------

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 2:57:14 AM, 3/14/2006
+ Report-Checksum: A749A69F

+ Scan result:

HKLM\SOFTWARE\Classes\CLSID\{4508E20C-ACAD-11D2-9FC0-00550076E06F} -> Adware.2Search : Cleaned with backup
HKLM\SOFTWARE\Classes\PROTOCOLS\Name-Space Handler\res -> Adware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\AUI -> Adware.WebSearch : Cleaned with backup
:mozilla.17:C:\Documents and Settings\Claire1\Application Data\Mozilla\Firefox\Profiles\wbau7kqd.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.18:C:\Documents and Settings\Claire1\Application Data\Mozilla\Firefox\Profiles\wbau7kqd.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.19:C:\Documents and Settings\Claire1\Application Data\Mozilla\Firefox\Profiles\wbau7kqd.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.20:C:\Documents and Settings\Claire1\Application Data\Mozilla\Firefox\Profiles\wbau7kqd.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.21:C:\Documents and Settings\Claire1\Application Data\Mozilla\Firefox\Profiles\wbau7kqd.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.22:C:\Documents and Settings\Claire1\Application Data\Mozilla\Firefox\Profiles\wbau7kqd.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.23:C:\Documents and Settings\Claire1\Application Data\Mozilla\Firefox\Profiles\wbau7kqd.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.24:C:\Documents and Settings\Claire1\Application Data\Mozilla\Firefox\Profiles\wbau7kqd.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.28:C:\Documents and Settings\Claire1\Application Data\Mozilla\Firefox\Profiles\wbau7kqd.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.29:C:\Documents and Settings\Claire1\Application Data\Mozilla\Firefox\Profiles\wbau7kqd.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.30:C:\Documents and Settings\Claire1\Application Data\Mozilla\Firefox\Profiles\wbau7kqd.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.34:C:\Documents and Settings\Claire1\Application Data\Mozilla\Firefox\Profiles\wbau7kqd.default\cookies.txt -> TrackingCookie.Ad-logics : Cleaned with backup
:mozilla.36:C:\Documents and Settings\Claire1\Application Data\Mozilla\Firefox\Profiles\wbau7kqd.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.37:C:\Documents and Settings\Claire1\Application Data\Mozilla\Firefox\Profiles\wbau7kqd.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.38:C:\Documents and Settings\Claire1\Application Data\Mozilla\Firefox\Profiles\wbau7kqd.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.39:C:\Documents and Settings\Claire1\Application Data\Mozilla\Firefox\Profiles\wbau7kqd.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.40:C:\Documents and Settings\Claire1\Application Data\Mozilla\Firefox\Profiles\wbau7kqd.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.63:C:\Documents and Settings\Claire1\Application Data\Mozilla\Firefox\Profiles\wbau7kqd.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.64:C:\Documents and Settings\Claire1\Application Data\Mozilla\Firefox\Profiles\wbau7kqd.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.68:C:\Documents and Settings\Claire1\Application Data\Mozilla\Firefox\Profiles\wbau7kqd.default\cookies.txt -> TrackingCookie.Centrport : Cleaned with backup
:mozilla.74:C:\Documents and Settings\Claire1\Application Data\Mozilla\Firefox\Profiles\wbau7kqd.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.75:C:\Documents and Settings\Claire1\Application Data\Mozilla\Firefox\Profiles\wbau7kqd.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.90:C:\Documents and Settings\Claire1\Application Data\Mozilla\Firefox\Profiles\wbau7kqd.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.91:C:\Documents and Settings\Claire1\Application Data\Mozilla\Firefox\Profiles\wbau7kqd.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.92:C:\Documents and Settings\Claire1\Application Data\Mozilla\Firefox\Profiles\wbau7kqd.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.93:C:\Documents and Settings\Claire1\Application Data\Mozilla\Firefox\Profiles\wbau7kqd.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.94:C:\Documents and Settings\Claire1\Application Data\Mozilla\Firefox\Profiles\wbau7kqd.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.95:C:\Documents and Settings\Claire1\Application Data\Mozilla\Firefox\Profiles\wbau7kqd.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.96:C:\Documents and Settings\Claire1\Application Data\Mozilla\Firefox\Profiles\wbau7kqd.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.97:C:\Documents and Settings\Claire1\Application Data\Mozilla\Firefox\Profiles\wbau7kqd.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.98:C:\Documents and Settings\Claire1\Application Data\Mozilla\Firefox\Profiles\wbau7kqd.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.99:C:\Documents and Settings\Claire1\Application Data\Mozilla\Firefox\Profiles\wbau7kqd.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.100:C:\Documents and Settings\Claire1\Application Data\Mozilla\Firefox\Profiles\wbau7kqd.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.101:C:\Documents and Settings\Claire1\Application Data\Mozilla\Firefox\Profiles\wbau7kqd.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.102:C:\Documents and Settings\Claire1\Application Data\Mozilla\Firefox\Profiles\wbau7kqd.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.103:C:\Documents and Settings\Claire1\Application Data\Mozilla\Firefox\Profiles\wbau7kqd.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.104:C:\Documents and Settings\Claire1\Application Data\Mozilla\Firefox\Profiles\wbau7kqd.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.105:C:\Documents and Settings\Claire1\Application Data\Mozilla\Firefox\Profiles\wbau7kqd.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.106:C:\Documents and Settings\Claire1\Application Data\Mozilla\Firefox\Profiles\wbau7kqd.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.107:C:\Documents and Settings\Claire1\Application Data\Mozilla\Firefox\Profiles\wbau7kqd.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.108:C:\Documents and Settings\Claire1\Application Data\Mozilla\Firefox\Profiles\wbau7kqd.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.109:C:\Documents and Settings\Claire1\Application Data\Mozilla\Firefox\Profiles\wbau7kqd.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.110:C:\Documents and Settings\Claire1\Application Data\Mozilla\Firefox\Profiles\wbau7kqd.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.111:C:\Documents and Settings\Claire1\Application Data\Mozilla\Firefox\Profiles\wbau7kqd.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.112:C:\Documents and Settings\Claire1\Application Data\Mozilla\Firefox\Profiles\wbau7kqd.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.113:C:\Documents and Settings\Claire1\Application Data\Mozilla\Firefox\Profiles\wbau7kqd.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.114:C:\Documents and Settings\Claire1\Application Data\Mozilla\Firefox\Profiles\wbau7kqd.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.115:C:\Documents and Settings\Claire1\Application Data\Mozilla\Firefox\Profiles\wbau7kqd.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.116:C:\Documents and Settings\Claire1\Application Data\Mozilla\Firefox\Profiles\wbau7kqd.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.117:C:\Documents and Settings\Claire1\Application Data\Mozilla\Firefox\Profiles\wbau7kqd.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.118:C:\Documents and Settings\Claire1\Application Data\Mozilla\Firefox\Profiles\wbau7kqd.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.119:C:\Documents and Settings\Claire1\Application Data\Mozilla\Firefox\Profiles\wbau7kqd.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.120:C:\Documents and Settings\Claire1\Application Data\Mozilla\Firefox\Profiles\wbau7kqd.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.121:C:\Documents and Settings\Claire1\Application Data\Mozilla\Firefox\Profiles\wbau7kqd.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.122:C:\Documents and Settings\Claire1\Application Data\Mozilla\Firefox\Profiles\wbau7kqd.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.123:C:\Documents and Settings\Claire1\Application Data\Mozilla\Firefox\Profiles\wbau7kqd.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.124:C:\Documents and Settings\Claire1\Application Data\Mozilla\Firefox\Profiles\wbau7kqd.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.125:C:\Documents and Settings\Claire1\Application Data\Mozilla\Firefox\Profiles\wbau7kqd.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.126:C:\Documents and Settings\Claire1\Application Data\Mozilla\Firefox\Profiles\wbau7kqd.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.127:C:\Documents and Settings\Claire1\Application Data\Mozilla\Firefox\Profiles\wbau7kqd.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.128:C:\Documents and Settings\Claire1\Application Data\Mozilla\Firefox\Profiles\wbau7kqd.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.129:C:\Documents and Settings\Claire1\Application Data\Mozilla\Firefox\Profiles\wbau7kqd.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.130:C:\Documents and Settings\Claire1\Application Data\Mozilla\Firefox\Profiles\wbau7kqd.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.131:C:\Documents and Settings\Claire1\Application Data\Mozilla\Firefox\Profiles\wbau7kqd.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.132:C:\Documents and Settings\Claire1\Application Data\Mozilla\Firefox\Profiles\wbau7kqd.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.133:C:\Documents and Settings\Claire1\Application Data\Mozilla\Firefox\Profiles\wbau7kqd.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.134:C:\Documents and Settings\Claire1\Application Data\Mozilla\Firefox\Profiles\wbau7kqd.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.136:C:\Documents and Settings\Claire1\Application Data\Mozilla\Firefox\Profiles\wbau7kqd.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.137:C:\Documents and Settings\Claire1\Application Data\Mozilla\Firefox\Profiles\wbau7kqd.default\cookies.txt -> TrackingCookie.Euniverseads : Cleaned with backup
:mozilla.138:C:\Documents and Settings\Claire1\Application Data\Mozilla\Firefox\Profiles\wbau7kqd.default\cookies.txt -> TrackingCookie.Euniverseads : Cleaned with backup
:mozilla.192:C:\Documents and Settings\Claire1\Application Data\Mozilla\Firefox\Profiles\wbau7kqd.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.193:C:\Documents and Settings\Claire1\Application Data\Mozilla\Firefox\Profiles\wbau7kqd.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.226:C:\Documents and Settings\Claire1\Application Data\Mozilla\Firefox\Profiles\wbau7kqd.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned with backup
:mozilla.227:C:\Documents and Settings\Claire1\Application Data\Mozilla\Firefox\Profiles\wbau7kqd.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned with backup
:mozilla.228:C:\Documents and Settings\Claire1\Application Data\Mozilla\Firefox\Profiles\wbau7kqd.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.232:C:\Documents and Settings\Claire1\Application Data\Mozilla\Firefox\Profiles\wbau7kqd.default\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup
:mozilla.241:C:\Documents and Settings\Claire1\Application Data\Mozilla\Firefox\Profiles\wbau7kqd.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.242:C:\Documents and Settings\Claire1\Application Data\Mozilla\Firefox\Profiles\wbau7kqd.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.243:C:\Documents and Settings\Claire1\Application Data\Mozilla\Firefox\Profiles\wbau7kqd.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.244:C:\Documents and Settings\Claire1\Application Data\Mozilla\Firefox\Profiles\wbau7kqd.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.256:C:\Documents and Settings\Claire1\Application Data\Mozilla\Firefox\Profiles\wbau7kqd.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.258:C:\Documents and Settings\Claire1\Application Data\Mozilla\Firefox\Profiles\wbau7kqd.default\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup
:mozilla.259:C:\Documents and Settings\Claire1\Application Data\Mozilla\Firefox\Profiles\wbau7kqd.default\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup
:mozilla.260:C:\Documents and Settings\Claire1\Application Data\Mozilla\Firefox\Profiles\wbau7kqd.default\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup
:mozilla.261:C:\Documents and Settings\Claire1\Application Data\Mozilla\Firefox\Profiles\wbau7kqd.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.262:C:\Documents and Settings\Claire1\Application Data\Mozilla\Firefox\Profiles\wbau7kqd.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.263:C:\Documents and Settings\Claire1\Application Data\Mozilla\Firefox\Profiles\wbau7kqd.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.264:C:\Documents and Settings\Claire1\Application Data\Mozilla\Firefox\Profiles\wbau7kqd.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.265:C:\Documents and Settings\Claire1\Application Data\Mozilla\Firefox\Profiles\wbau7kqd.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.266:C:\Documents and Settings\Claire1\Application Data\Mozilla\Firefox\Profiles\wbau7kqd.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.267:C:\Documents and Settings\Claire1\Application Data\Mozilla\Firefox\Profiles\wbau7kqd.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.268:C:\Documents and Settings\Claire1\Application Data\Mozilla\Firefox\Profiles\wbau7kqd.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.269:C:\Documents and Settings\Claire1\Application Data\Mozilla\Firefox\Profiles\wbau7kqd.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.270:C:\Documents and Settings\Claire1\Application Data\Mozilla\Firefox\Profiles\wbau7kqd.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.271:C:\Documents and Settings\Claire1\Application Data\Mozilla\Firefox\Profiles\wbau7kqd.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.272:C:\Documents and Settings\Claire1\Application Data\Mozilla\Firefox\Profiles\wbau7kqd.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.273:C:\Documents and Settings\Claire1\Application Data\Mozilla\Firefox\Profiles\wbau7kqd.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.274:C:\Documents and Settings\Claire1\Application Data\Mozilla\Firefox\Profiles\wbau7kqd.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.278:C:\Documents and Settings\Claire1\Application Data\Mozilla\Firefox\Profiles\wbau7kqd.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.279:C:\Documents and Settings\Claire1\Application Data\Mozilla\Firefox\Profiles\wbau7kqd.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.285:C:\Documents and Settings\Claire1\Application Data\Mozilla\Firefox\Profiles\wbau7kqd.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.293:C:\Documents and Settings\Claire1\Application Data\Mozilla\Firefox\Profiles\wbau7kqd.default\cookies.txt -> TrackingCookie.Weborama : Cleaned with backup
:mozilla.338:C:\Documents and Settings\Claire1\Application Data\Mozilla\Firefox\Profiles\wbau7kqd.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.339:C:\Documents and Settings\Claire1\Application Data\Mozilla\Firefox\Profiles\wbau7kqd.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.340:C:\Documents and Settings\Claire1\Application Data\Mozilla\Firefox\Profiles\wbau7kqd.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.341:C:\Documents and Settings\Claire1\Application Data\Mozilla\Firefox\Profiles\wbau7kqd.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.342:C:\Documents and Settings\Claire1\Application Data\Mozilla\Firefox\Profiles\wbau7kqd.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.343:C:\Documents and Settings\Claire1\Application Data\Mozilla\Firefox\Profiles\wbau7kqd.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.344:C:\Documents and Settings\Claire1\Application Data\Mozilla\Firefox\Profiles\wbau7kqd.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.345:C:\Documents and Settings\Claire1\Application Data\Mozilla\Firefox\Profiles\wbau7kqd.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.346:C:\Documents and Settings\Claire1\Application Data\Mozilla\Firefox\Profiles\wbau7kqd.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.354:C:\Documents and Settings\Claire1\Application Data\Mozilla\Firefox\Profiles\wbau7kqd.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.368:C:\Documents and Settings\Claire1\Application Data\Mozilla\Firefox\Profiles\wbau7kqd.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned with backup
:mozilla.6:C:\Documents and Settings\Claire1\Application Data\Mozilla\Profiles\default\mvamvuqz.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.42:C:\Documents and Settings\Claire1\Application Data\Mozilla\Profiles\default\mvamvuqz.slt\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.47:C:\Documents and Settings\Claire1\Application Data\Mozilla\Profiles\default\mvamvuqz.slt\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.48:C:\Documents and Settings\Claire1\Application Data\Mozilla\Profiles\default\mvamvuqz.slt\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
C:\Documents and Settings\Claire1\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Claire1\Cookies\[email protected][1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Claire1\Cookies\[email protected][1].txt -> TrackingCookie.Euroclick : Cleaned with backup
C:\Documents and Settings\Claire1\Cookies\[email protected][2].txt -> TrackingCookie.Specificclick : Cleaned with backup
C:\Documents and Settings\Claire1\Cookies\claire1@adorigin[2].txt -> TrackingCookie.Adorigin : Cleaned with backup
C:\Documents and Settings\Claire1\Cookies\[email protected][1].txt -> TrackingCookie.Realcastmedia : Cleaned with backup
C:\Documents and Settings\Claire1\Cookies\[email protected][2].txt -> TrackingCookie.X10 : Cleaned with backup
C:\Documents and Settings\Claire1\Cookies\claire1@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Claire1\Cookies\claire1@burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned with backup
C:\Documents and Settings\Claire1\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Claire1\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Claire1\Cookies\claire1@com[2].txt -> TrackingCookie.Com : Cleaned with backup
C:\Documents and Settings\Claire1\Cookies\[email protected][2].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Claire1\Cookies\[email protected][1].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\Claire1\Cookies\[email protected][2].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Claire1\Cookies\[email protected][1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Claire1\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Claire1\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Claire1\Cookies\[email protected][1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Claire1\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Claire1\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Claire1\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Claire1\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Claire1\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Claire1\Cookies\[email protected][1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Claire1\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Claire1\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Claire1\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Claire1\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Claire1\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Claire1\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Claire1\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Claire1\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Claire1\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Claire1\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Claire1\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Claire1\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Claire1\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Claire1\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Claire1\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Claire1\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Claire1\Cookies\[email protected][1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Claire1\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Claire1\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Claire1\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Claire1\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Claire1\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Claire1\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Claire1\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Claire1\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Claire1\Cookies\[email protected][1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Claire1\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Claire1\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Claire1\Cookies\[email protected][1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Claire1\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Claire1\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Claire1\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Claire1\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Claire1\Cookies\[email protected][1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Claire1\Cookies\[email protected][1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Claire1\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Claire1\Cookies\[email protected][1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Claire1\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Claire1\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Claire1\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Claire1\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Claire1\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Claire1\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Claire1\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Claire1\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Claire1\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Claire1\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Claire1\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Claire1\Cookies\[email protected][1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Claire1\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Claire1\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Claire1\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Claire1\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Claire1\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Claire1\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Claire1\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Claire1\Cookies\[email protected][1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Claire1\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Claire1\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Claire1\Cookies\[email protected][1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Claire1\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Claire1\Cookies\[email protected][1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Claire1\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Claire1\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Claire1\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Claire1\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Claire1\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Claire1\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Claire1\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Claire1\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Claire1\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Claire1\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Claire1\Cookies\[email protected][1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Claire1\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Claire1\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Claire1\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Claire1\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Claire1\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Claire1\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Claire1\Cookies\[email protected][1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Claire1\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Claire1\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Claire1\Cookies\[email protected][1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Claire1\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Claire1\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Claire1\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Claire1\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Claire1\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Claire1\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Claire1\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Claire1\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Claire1\Cookies\[email protected][1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Claire1\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Claire1\Cookies\[email protected][1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Claire1\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Claire1\Cookies\[email protected][1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Claire1\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Claire1\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Claire1\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Claire1\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Claire1\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Claire1\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Claire1\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Claire1\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Claire1\Cookies\[email protected][1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Claire1\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Claire1\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Claire1\Cookies\[email protected][1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Claire1\Cookies\[email protected][1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Claire1\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Claire1\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Claire1\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Claire1\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Claire1\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Claire1\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Claire1\Cookies\[email protected][1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Claire1\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Claire1\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Claire1\Cookies\[email protected][1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Claire1\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Claire1\Cookies\[email protected][1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Claire1\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Claire1\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Claire1\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Claire1\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Claire1\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Claire1\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Claire1\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Claire1\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Claire1\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Claire1\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Claire1\Cookies\[email protected][1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Claire1\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Claire1\Cookies\[email protected][1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Claire1\Cookies\[email protected][1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Claire1\Cookies\[email protected][1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Claire1\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Claire1\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Claire1\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Claire1\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Claire1\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Claire1\Cookies\[email protected][1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Claire1\Cookies\[email protected][1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Claire1\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Claire1\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Claire1\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Claire1\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Claire1\Cookies\[email protected][1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Claire1\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Claire1\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Claire1\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Claire1\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Claire1\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Claire1\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Claire1\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Claire1\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Claire1\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Claire1\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Claire1\Cookies\[email protected][1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Claire1\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Claire1\Cookies\[email protected][1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Claire1\Cookies\[email protected][1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Claire1\Cookies\[email protected][1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Claire1\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Claire1\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Claire1\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Claire1\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Claire1\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Claire1\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Claire1\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Claire1\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Claire1\Cookies\[email protected][1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Claire1\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Claire1\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Claire1\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Claire1\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Claire1\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Claire1\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Claire1\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Claire1\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Claire1\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Claire1\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Claire1\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Claire1\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Claire1\Cookies\[email protected][1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Claire1\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Claire1\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Claire1\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Claire1\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Claire1\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Claire1\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Claire1\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Claire1\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Claire1\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Claire1\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Claire1\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Claire1\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Claire1\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Claire1\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Claire1\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Claire1\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Claire1\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Claire1\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Claire1\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Claire1\Cookies\[email protected][1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Claire1\Cookies\claire1@e
  • 0

#4
Trevuren
Posted 15 March 2006 - 10:40 AM

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
Please provise a fresh HJT log as requested,


Thanks,

Trevuren
  • 0

#5
noseguy
Posted 16 March 2006 - 12:00 AM

noseguy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Sorry bout that,
I didn't notice it was cut-off.
Here's a fresh hjt log..

---------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 9:53:38 PM, on 3/15/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Claire1\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com
N3 - Netscape 7: user_pref("browser.startup.homepage", "www.yahoo.com"); (C:\Documents and Settings\Claire1\Application Data\Mozilla\Profiles\default\mvamvuqz.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Claire1\Application Data\Mozilla\Profiles\default\mvamvuqz.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\MMKeybd.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [AVGCtrl] "C:\Program Files\AVPersonal\AVGNT.EXE" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [2Search] C:\Program Files\2search\main.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Claire1\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Yahoo! Graffiti - http://download.game...ts/y/grt5_x.cab
O16 - DPF: Yahoo! Literati - http://download.game...nts/y/tt3_x.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...ry/msgrchkr.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...StatsClient.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.c...utocomplete.cab
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real...ArcadeRdxIE.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://a.download.to...8.37/ttinst.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.game...aploader_v6.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...423/mcfscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1226B63E-3162-4D9E-BD27-F9B447F4AC5B}: NameServer = 64.85.239.20,64.85.239.21
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\PROGRAM FILES\AVPERSONAL\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\WINDOWS\Nhksrv.exe
O23 - Service: Rio MSC Manager (RioMSC) - Digital Networks North America, Inc. - C:\WINDOWS\system32\RioMSC.exe
  • 0

#6
Trevuren
Posted 16 March 2006 - 12:49 AM

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
Please Download the following tool.
  • Download WinPFind
    • Right Click the Zip Folder and Select "Extract All"
    • Extract it somewhere you will remember like the Desktop
    • Dont do anything with it yet!
  • Reboot into Safe Mode

    Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

  • Doubleclick WinPFind.exe
    • Click "Start Scan"
    • It will scan the entire System, so please be patient!
    • Once the Scan is Complete
    • Go to the WinPFind folder
    • Locate WinPFind.txt
    • Place those results in the next post!
  • Reboot back to Normal Mode!
Regards,

Trevuren

Edited by Trevuren, 16 March 2006 - 12:50 AM.

  • 0

#7
noseguy
Posted 17 March 2006 - 06:33 PM

noseguy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Hi,
Sorry for the drawn-out delay..
Here's that text..
--------------------------------------------------

WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Product Name: Microsoft Windows XP Current Build: Service Pack 2 Current Build Number: 2600
Internet Explorer Version: 6.0.2900.2180

»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»

Checking %SystemDrive% folder...

Checking %ProgramFilesDir% folder...

Checking %WinDir% folder...
PECompact2 1/29/2005 11:34:48 AM 12333557 C:\WINDOWS\LPT$VPN.381
qoologic 1/29/2005 11:34:48 AM 12333557 C:\WINDOWS\LPT$VPN.381
SAHAgent 1/29/2005 11:34:48 AM 12333557 C:\WINDOWS\LPT$VPN.381
UPX! 1/29/2005 11:34:48 AM 170053 C:\WINDOWS\tsc.exe
PECompact2 1/29/2005 11:34:48 AM 12333557 C:\WINDOWS\VPTNFILE.381
qoologic 1/29/2005 11:34:48 AM 12333557 C:\WINDOWS\VPTNFILE.381
SAHAgent 1/29/2005 11:34:48 AM 12333557 C:\WINDOWS\VPTNFILE.381
UPX! 1/29/2005 11:34:48 AM 1044560 C:\WINDOWS\vsapi32.dll
aspack 1/29/2005 11:34:48 AM 1044560 C:\WINDOWS\vsapi32.dll

Checking %System% folder...
PEC2 8/18/2001 4:00:00 AM 41397 C:\WINDOWS\SYSTEM32\DFRG.MSC
PEC2 2/14/1997 9:24:14 PM 197171 C:\WINDOWS\SYSTEM32\Dwapilib.tlb
PECompact2 2/7/2006 9:23:40 PM 4513120 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 2/7/2006 9:23:40 PM 4513120 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 8/3/2004 11:56:36 PM 708096 C:\WINDOWS\SYSTEM32\ntdll.dll
Umonitor 8/3/2004 11:56:44 PM 657920 C:\WINDOWS\SYSTEM32\rasdlg.dll
winsync 8/18/2001 4:00:00 AM 1309184 C:\WINDOWS\SYSTEM32\WBDBASE.DEU

Checking %System%\Drivers folder and sub-folders...
PTech 8/3/2004 9:41:38 PM 1309184 C:\WINDOWS\SYSTEM32\drivers\mtlstrm.sys

Items found in C:\WINDOWS\SYSTEM32\drivers\ETC\hosts


Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
3/16/2006 11:36:32 PM S 2048 C:\WINDOWS\BOOTSTAT.DAT
2/14/2006 4:37:58 PM H 0 C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\438592bd0a35d9254fb9860cffa394f2\BIT2.tmp
3/16/2006 11:36:24 PM H 8192 C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG
3/16/2006 11:37:34 PM H 1024 C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG
3/16/2006 11:36:34 PM H 16384 C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG
3/16/2006 11:37:36 PM H 65536 C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG
3/16/2006 11:37:38 PM H 1024000 C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG
2/15/2006 9:38:16 PM H 1024 C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\NTUSER.DAT.LOG
2/22/2006 6:15:04 PM HS 388 C:\WINDOWS\SYSTEM32\Microsoft\Protect\S-1-5-18\User\09269cd4-9d1d-42c1-972c-404a91fcb7a2
2/22/2006 6:15:04 PM HS 24 C:\WINDOWS\SYSTEM32\Microsoft\Protect\S-1-5-18\User\Preferred
3/16/2006 11:35:34 PM H 6 C:\WINDOWS\Tasks\SA.DAT

Checking for CPL files...
Microsoft Corporation 8/3/2004 11:56:58 PM 68608 C:\WINDOWS\SYSTEM32\access.cpl
Microsoft Corporation 8/3/2004 11:56:58 PM 549888 C:\WINDOWS\SYSTEM32\appwiz.cpl
Microsoft Corporation 8/3/2004 11:56:58 PM 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl
Microsoft Corporation 8/3/2004 11:56:58 PM 135168 C:\WINDOWS\SYSTEM32\desk.cpl
Microsoft Corporation 8/3/2004 11:56:58 PM 80384 C:\WINDOWS\SYSTEM32\firewall.cpl
Microsoft Corporation 8/3/2004 11:56:58 PM 155136 C:\WINDOWS\SYSTEM32\hdwwiz.cpl
Microsoft Corporation 8/3/2004 11:56:58 PM 358400 C:\WINDOWS\SYSTEM32\inetcpl.cpl
Microsoft Corporation 8/3/2004 11:56:58 PM 129536 C:\WINDOWS\SYSTEM32\intl.cpl
Microsoft Corporation 8/3/2004 11:56:58 PM 380416 C:\WINDOWS\SYSTEM32\irprops.cpl
Microsoft Corporation 8/3/2004 11:56:58 PM 68608 C:\WINDOWS\SYSTEM32\joy.cpl
Sun Microsystems, Inc. 6/3/2005 2:52:54 AM 49265 C:\WINDOWS\SYSTEM32\jpicpl32.cpl
Microsoft Corporation 8/18/2001 4:00:00 AM 187904 C:\WINDOWS\SYSTEM32\MAIN.CPL
Microsoft Corporation 8/3/2004 11:56:58 PM 618496 C:\WINDOWS\SYSTEM32\mmsys.cpl
Microsoft Corporation 8/18/2001 4:00:00 AM 35840 C:\WINDOWS\SYSTEM32\NCPA.CPL
Microsoft Corporation 8/3/2004 11:56:58 PM 25600 C:\WINDOWS\SYSTEM32\netsetup.cpl
Microsoft Corporation 8/3/2004 11:56:58 PM 257024 C:\WINDOWS\SYSTEM32\nusrmgr.cpl
NVIDIA Corporation 10/6/2003 1:16:00 PM 73728 C:\WINDOWS\SYSTEM32\nvtuicpl.cpl
Microsoft Corporation 8/3/2004 11:56:58 PM 32768 C:\WINDOWS\SYSTEM32\odbccp32.cpl
Sun Microsystems 5/17/2002 5:04:56 PM 45154 C:\WINDOWS\SYSTEM32\plugincpl131_04.cpl
Microsoft Corporation 8/3/2004 11:56:58 PM 114688 C:\WINDOWS\SYSTEM32\powercfg.cpl
Microsoft Corporation 8/3/2004 11:56:58 PM 298496 C:\WINDOWS\SYSTEM32\sysdm.cpl
Microsoft Corporation 8/18/2001 4:00:00 AM 28160 C:\WINDOWS\SYSTEM32\TELEPHON.CPL
Microsoft Corporation 8/3/2004 11:56:58 PM 94208 C:\WINDOWS\SYSTEM32\timedate.cpl
Microsoft Corporation 8/3/2004 11:56:58 PM 148480 C:\WINDOWS\SYSTEM32\wscui.cpl
Microsoft Corporation 5/26/2005 3:16:30 AM 174360 C:\WINDOWS\SYSTEM32\wuaucpl.cpl
Microsoft Corporation 8/18/2001 4:00:00 AM 187904 C:\WINDOWS\SYSTEM32\DLLCACHE\main.cpl
Microsoft Corporation 8/18/2001 4:00:00 AM 35840 C:\WINDOWS\SYSTEM32\DLLCACHE\ncpa.cpl
Microsoft Corporation 8/18/2001 4:00:00 AM 28160 C:\WINDOWS\SYSTEM32\DLLCACHE\telephon.cpl
Microsoft Corporation 5/26/2005 3:16:30 AM 174360 C:\WINDOWS\SYSTEM32\DLLCACHE\wuaucpl.cpl

»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»

Checking files in %ALLUSERSPROFILE%\Startup folder...
11/15/2001 5:31:16 AM HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DESKTOP.INI

Checking files in %ALLUSERSPROFILE%\Application Data folder...
11/15/2001 5:23:32 AM HS 62 C:\Documents and Settings\All Users\Application Data\DESKTOP.INI
3/16/2006 3:53:36 PM 7 C:\Documents and Settings\All Users\Application Data\DirectCDUserName.txt
2/20/2006 10:49:10 PM 1387 C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache

Checking files in %USERPROFILE%\Startup folder...
11/15/2001 5:31:16 AM HS 84 C:\Documents and Settings\Claire1\Start Menu\Programs\Startup\DESKTOP.INI

Checking files in %USERPROFILE%\Application Data folder...
11/15/2001 5:23:32 AM HS 62 C:\Documents and Settings\Claire1\Application Data\DESKTOP.INI
11/18/2005 8:43:56 PM 0 C:\Documents and Settings\Claire1\Application Data\dm.ini
1/31/2005 6:34:08 AM 58112 C:\Documents and Settings\Claire1\Application Data\GDIPFONTCACHEV1.DAT

»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
SV1 =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\AntiVir/Win
{a7cda720-84ee-11d0-b5c0-00001b3ca278} = C:\Program Files\AVPersonal\AVShlExt.DLL
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\BriefcaseMenu
{85BBD920-42A0-1069-A2E4-08002B30309D} = syncui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Yahoo! Mail
{5464D816-CF16-4784-B9F3-75C0DB52B499} = C:\PROGRA~1\Yahoo!\Common\ymmapi.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Start Menu Pin = %SystemRoot%\system32\SHELL32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\AntiVir/Win
{a7cda720-84ee-11d0-b5c0-00001b3ca278} = C:\Program Files\AVPersonal\AVShlExt.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\BriefcaseMenu
{85BBD920-42A0-1069-A2E4-08002B30309D} = syncui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{F9DB5320-233E-11D1-9F84-707F02C10627}
= C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
AcroIEHlprObj Class = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}
= C:\PROGRA~1\SPYBOT~1\SDHelper.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9394EDE7-C8B5-483E-8773-474BF36AF6E4}
ST = C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}
MSNToolBandBHO = C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD}
&Yahoo! Messenger = C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Tip of the Day = %SystemRoot%\System32\shdocvw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} = MSN : C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
MenuText = Sun Java Console : C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{4528BBE0-4E08-11D5-AD55-00010333D0AD}
ButtonText = Messenger :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}
ButtonText = AIM : C:\Program Files\AIM95\aim.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
MenuText = :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{d9288080-1baa-4bc4-9cf8-a92d743db949}
ButtonText = Run IMVU : C:\Documents and Settings\Claire1\Start Menu\Programs\IMVU\Run IMVU.lnk
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{E023F504-0C5A-4750-A1E7-A9046DEA8A21}
ButtonText = MoneySide :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}
ButtonText = Messenger : C:\Program Files\Messenger\msmsgs.exe

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{30D02401-6A81-11D0-8274-00C04FD5AE38}
Search Band = %SystemRoot%\System32\browseui.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}
=
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD}
&Yahoo! Messenger = C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{9404901D-06DA-4B23-A0EE-3EA4F64EC9B3}
MoneySide = C:\Program Files\Microsoft Money\System\mnyviewer.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E61-B078-11D0-89E4-00C04FC9E26E}
Favorites Band = %SystemRoot%\System32\shdocvw.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E62-B078-11D0-89E4-00C04FC9E26E}
History Band = %SystemRoot%\System32\shdocvw.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E64-B078-11D0-89E4-00C04FC9E26E}
Explorer Band = %SystemRoot%\System32\shdocvw.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\System32\browseui.dll
{40D41A8B-D79B-43D7-99A7-9EE0F344C385} = AIM Search : C:\Program Files\AIM Toolbar\AIMBar.dll
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} = MSN : C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
nwiz nwiz.exe /install
NvCplDaemon RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
Microsoft Works Update Detection C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
DellTouch C:\WINDOWS\MMKeybd.exe
AdaptecDirectCD "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
AVGCtrl "C:\Program Files\AVPersonal\AVGNT.EXE" /min
SunJavaUpdateSched C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
iTunesHelper "C:\Program Files\iTunes\iTunesHelper.exe"
QuickTime Task "C:\Program Files\QuickTime\qttask.exe" -atboottime
2Search C:\Program Files\2search\main.exe
MSConfig C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
IMAIL Installed = 1
MAPI Installed = 1
MSFS Installed = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
Creative Detector C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state
system.ini 0
win.ini 0
bootini 2
services 0
startup 0


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} =
{0DF44EAA-FF21-4412-828E-260A8728E7F1} =


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
dontdisplaylastusername 0
legalnoticecaption
legalnoticetext
shutdownwithoutlogon 1
undockwithoutlogon 1


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun 0


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
PostBootReminder {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
CDBurn {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll
WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll
SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,
Shell = Explorer.exe
System =

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
= crypt32.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
= cryptnet.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
= cscdll.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
= sclgntfy.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
= WlNotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
= wlnotify.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
Debugger = ntsd -d

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLs


»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WinPFind v1.4.1 - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 3/16/2006 11:46:43 PM
  • 0

#8
Trevuren
Posted 17 March 2006 - 07:35 PM

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order in which they are mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes.
  • First we need to make all files and folders VISIBLE:
    • Go to start>control panel>folder options>view (tab)
    • Choose to "show hidden files and folders,"
    • Uncheck the "hide protected operating system files" and the "hide extensions for know file types" boxes.
    • Close the window with ok
  • Please RUN HijackThis.
    . Click the SCAN button to produce a log.

  • Place a check mark beside each one of the following items:

    O4 - HKLM\..\Run: [2Search] C:\Program Files\2search\main.exe
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

  • Now with all the items selected, and all windows closed except for HJT, delete them by clicking the FIX checked button. Close the HijackThis window.

  • Reboot Your System in Safe Mode

    How to use the F8 method to Start Your Computer in Safe Mode

    • Restart the computer.
    • As soon as BIOS is loaded begin tapping the F8 key until the Advanced Options menu appears.
    • Use the arrow keys to select the Safe mode menu item
    • Press Enter.
  • Using Windows Explorer, locate the following folder, and DELETE it (if still present):

    C:\Program Files\2search<==Folder and content

  • Exit Explorer, and REBOOT BACK INTO NORMAL MODE

  • Finally, RUN Hijackthis again and produce a new HJT log. Post it in the forum so we can check how everything looks now.
Regards,

Trevuren
  • 0

#9
noseguy
Posted 19 March 2006 - 01:42 AM

noseguy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Logfile of HijackThis v1.99.1
Scan saved at 11:36:53 PM, on 3/18/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Claire1\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com
N3 - Netscape 7: user_pref("browser.startup.homepage", "www.yahoo.com"); (C:\Documents and Settings\Claire1\Application Data\Mozilla\Profiles\default\mvamvuqz.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Claire1\Application Data\Mozilla\Profiles\default\mvamvuqz.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\MMKeybd.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [AVGCtrl] "C:\Program Files\AVPersonal\AVGNT.EXE" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Claire1\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Yahoo! Graffiti - http://download.game...ts/y/grt5_x.cab
O16 - DPF: Yahoo! Literati - http://download.game...nts/y/tt3_x.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...ry/msgrchkr.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...StatsClient.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.c...utocomplete.cab
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real...ArcadeRdxIE.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://a.download.to...8.37/ttinst.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.game...aploader_v6.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...423/mcfscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1226B63E-3162-4D9E-BD27-F9B447F4AC5B}: NameServer = 64.85.239.20,64.85.239.21
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\PROGRAM FILES\AVPERSONAL\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\WINDOWS\Nhksrv.exe
O23 - Service: Rio MSC Manager (RioMSC) - Digital Networks North America, Inc. - C:\WINDOWS\system32\RioMSC.exe

-thanks again..
  • 0

#10
Trevuren
Posted 19 March 2006 - 12:37 PM

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.


Your log looks good. If you have no more malware-related problems that you are aware of, just give me the OK and we can start the final but essential cleanup procedures and recommendations.

Trevuren
  • 0

#11
Trevuren
Posted 29 March 2006 - 10:07 PM

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :whistling:

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP