Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Need help once more. [RESOLVED]

Started by CompKid416 , Mar 16 2006 05:39 PM

  • This topic is locked This topic is locked

#1
CompKid416
Posted 16 March 2006 - 05:39 PM

CompKid416

    Member

  • Member
  • PipPip
  • 59 posts
Hi again. You guys helped me clear out something before, and I could use your assistance once more.

While running Ad-AwareSE, I have found a new trojan. Seems like it's from LimeWire. It is Win32.Trojan.Downloader. Now, surprisingly, something has been wierd with my internet. Like when I browse a site such as ESPN.com, it looks all distorted. Is the trojan causing this?

Here is my hijackthislog.

Logfile of HijackThis v1.99.1
Scan saved at 3:38:57 PM, on 3/16/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\rpjdvz.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\dinst.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Stanley Young\Desktop\BFU\BFU.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.VeryCD.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.VeryCD.com
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: URLLink - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet7_22.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: BitComet Toolbar Helper - {6A373B7E-496E-424f-A9BE-486A5E9AB018} - C:\Program Files\BitComet Toolbar\v2.0.0.1\BitComet_Toolbar.dll
O2 - BHO: BestOffers Shopping BHO - {F5DE8ADB-4A69-4e56-96AB-823171C8E9D8} - C:\Program Files\TBONAS\TBONlchr.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: BitComet Toolbar - {2E608F70-C430-4bc5-96F6-608E02EBA5B2} - C:\Program Files\BitComet Toolbar\v2.0.0.1\BitComet_Toolbar.dll
O3 - Toolbar: BestOffers Shopping v1.20 - {7FD44536-9DF0-4034-939F-5BD4D98E3187} - C:\Program Files\TBONAS\TBONlchr.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\PROGRA~1\AIM\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Dinst] C:\WINDOWS\dinst.exe
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s
O4 - HKLM\..\Run: [fvuwsbv] C:\WINDOWS\system32\rpjdvz.exe r
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmat...enWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall-bet...all/xscan60.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1138556269546
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab32846.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - http://fdl.msn.com/z...s/heartbeat.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

Please try to help me get rid of this.
  • 0

Advertisements

#2
Flrman1
Posted 16 March 2006 - 09:43 PM

Flrman1

    Malware Assassin

  • Retired Staff
  • 6,596 posts
Is there some reason that you didn't follow through with this thread?:

http://www.geekstogo...opic=100333&hl=

You didn't post back the info requested nor did you bother to come back and say thanks to loophole. We volunteer our free time here because we enjoy helping people and we get a great deal of satisfaction from defeating the bad guys who create this malware. All we ask is that you show a little appreciation and follow through on a thread until it is complete. Otherwise we feel that our time has been wasted. Developing a track record like that will cause the helpers here to not want to help you.

I am willing to help you, but I want assurance that you will continue with this until we are finished. Just let me know what you intend to do and we will proceed accordingly.

Thank you fo your cooperation,

Mark.
  • 0

#3
CompKid416
Posted 16 March 2006 - 10:01 PM

CompKid416

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts
Oh, my bad.

I think I may have just forgot about the entire thing. Much apologies. I think I was really busy and just totally forgot.

Sorry, it won't happen again. I really want to finally rid myself of this malware once and for all.
  • 0

#4
Flrman1
Posted 16 March 2006 - 10:23 PM

Flrman1

    Malware Assassin

  • Retired Staff
  • 6,596 posts
* Go to Add/Remove programs and uninstall New.Net (NewDotNet). If it will not uninstall do this:

First Click here to download LspFix

You may not need it, but go ahead and download it just in case.


Now go here and scroll to the bottom of the page to Precedure 4 and download and run the New.Net uninstaller.

If you lose your internet connection after running the New.Net uninstaller, Run LspFix, and click Finish. (Don't do anything else)

That should restore the internet connection.


* Also in Add/Remove programs uninstall BestOffers. Anyting you see with BestOffers in th name, uninstall it.


* Download the trial version of Ewido Security Suite here.
  • Install ewido.
  • During the installation, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
  • Launch ewido
  • It will prompt you to update click the OK button and it will go to the main screen
  • On the left side of the main screen click update
  • Click on Start and let it update.
  • DO NOT run a scan yet. You will do that later in safe mode.
* Click here for info on how to boot to safe mode if you don't already know how.


* Now copy these instructions to notepad and save them to your desktop. You will need them to refer to in safe mode.


* Restart your computer into safe mode now. Perform the following steps in safe mode:


* Run Ewido:
  • Click on scanner
  • Click Complete System Scan and the scan will begin.
  • During the scan it will prompt you to clean files, click OK
  • When the scan is finished, look at the bottom of the screen and click the Save report button.
  • Save the report to your desktop

* Restart back into Windows normally now.


* Come back here and post a new HijackThis log, as well as the log from the Ewido scan.





Old canned with Cleanup:


*Download Cleanup from here
  • Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu).
  • Click the Options... button on the right.
  • Move the arrow down to "Custom CleanUp!"
  • Put a check next to the following (Make sure nothing else is checked!):
    • Empty Recycle Bins
    • Delete Cookies
    • Cleanup! All Users
    Click OK
  • DO NOT RUN IT YET

* Download the trial version of Ewido Security Suite here.
  • Install ewido.
  • During the installation, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
  • Launch ewido
  • It will prompt you to update click the OK button and it will go to the main screen
  • On the left side of the main screen click update
  • Click on Start and let it update.
  • DO NOT run a scan yet. You will do that later in safe mode.
* Click here for info on how to boot to safe mode if you don't already know how.


* Now copy these instructions to notepad and save them to your desktop. You will need them to refer to in safe mode.


* Restart your computer into safe mode now. Perform the following steps in safe mode:


* Run Ewido:
  • Click on scanner
  • Click Complete System Scan and the scan will begin.
  • During the scan it will prompt you to clean files, click OK
  • When the scan is finished, look at the bottom of the screen and click the Save report button.
  • Save the report to your desktop


* Run Cleanup:
  • Click on the "Cleanup" button and let it run.
  • Once its done, close the program.

* Go to Control Panel > Internet Options. Click on the Programs tab then click the "Reset Web Settings" button. Click Apply then OK.


* Restart back into Windows normally now.


* Come back here and post a new HijackThis log, as well as the log from the Ewido scan.
  • 0

#5
CompKid416
Posted 16 March 2006 - 10:31 PM

CompKid416

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts
Hmm, okay. I appreiciate the help.

Just one quick Q. For the Best Offers thing, when I try to uninstall it, it leads me up to this. Shall I continue to follow the link and the directions? http://www.bestoffer....com/uninstall/

Here is the hijackthis log:

Logfile of HijackThis v1.99.1
Scan saved at 9:10:59 PM, on 3/16/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\fuiaitf.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\DOCUME~1\STANLE~1\LOCALS~1\Temp\aurareco.exe
C:\WINDOWS\System32\svchost.exe
C:\DOCUME~1\STANLE~1\LOCALS~1\Temp\dinst.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.VeryCD.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.VeryCD.com
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: BitComet Toolbar Helper - {6A373B7E-496E-424f-A9BE-486A5E9AB018} - C:\Program Files\BitComet Toolbar\v2.0.0.1\BitComet_Toolbar.dll
O2 - BHO: BestOffers Shopping BHO - {F5DE8ADB-4A69-4e56-96AB-823171C8E9D8} - C:\Program Files\TBONAS\TBONlchr.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: BitComet Toolbar - {2E608F70-C430-4bc5-96F6-608E02EBA5B2} - C:\Program Files\BitComet Toolbar\v2.0.0.1\BitComet_Toolbar.dll
O3 - Toolbar: BestOffers Shopping v1.20 - {7FD44536-9DF0-4034-939F-5BD4D98E3187} - C:\Program Files\TBONAS\TBONlchr.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\PROGRA~1\AIM\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [amrxily] C:\WINDOWS\system32\fuiaitf.exe r
O4 - HKLM\..\Run: [Dinst] C:\WINDOWS\dinst.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmat...enWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall-bet...all/xscan60.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1138556269546
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab32846.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - http://fdl.msn.com/z...s/heartbeat.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe


---------

Here is the ewidolog.

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 9:07:52 PM, 3/16/2006
+ Report-Checksum: 82FF80E6

+ Scan result:

HKLM\SOFTWARE\Classes\CLSID\{3D782BB3-F2A5-11D3-BF4C-000000000000} -> Adware.ActivShopper : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{7FD44536-9DF0-4034-939F-5BD4D98E3187} -> Adware.Generic : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{F5DE8ADB-4A69-4e56-96AB-823171C8E9D8} -> Adware.Generic : Cleaned with backup
HKLM\SOFTWARE\Classes\PROTOCOLS\Name-Space Handler\res -> Adware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{7FD44536-9DF0-4034-939F-5BD4D98E3187} -> Adware.Generic : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F5DE8ADB-4A69-4e56-96AB-823171C8E9D8} -> Adware.Generic : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\bsto-1 -> Adware.BetterInternet : Cleaned with backup
HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\ZepMon -> Adware.BetterInternet : Cleaned with backup
HKLM\SYSTEM\CurrentControlSet\Services\SvcProc -> Adware.BetterInternet : Cleaned with backup
HKLM\SYSTEM\CurrentControlSet\Services\SvcProc\Security -> Adware.BetterInternet : Cleaned with backup
HKLM\SYSTEM\CurrentControlSet\Services\SvcProc\Enum -> Adware.BetterInternet : Cleaned with backup
HKU\S-1-5-21-2376399851-377568584-4290506280-1006\Software\aurora -> Adware.BetterInternet : Cleaned with backup
HKU\S-1-5-21-2376399851-377568584-4290506280-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00F1D395-4744-40F0-A611-980F61AE2C59} -> Adware.DrSearch : Cleaned with backup
HKU\S-1-5-21-2376399851-377568584-4290506280-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7FD44536-9DF0-4034-939F-5BD4D98E3187} -> Adware.Generic : Cleaned with backup
HKU\S-1-5-21-2376399851-377568584-4290506280-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F5DE8ADB-4A69-4E56-96AB-823171C8E9D8} -> Adware.Generic : Cleaned with backup
[876] C:\WINDOWS\system32\fvqunzf.exe -> Trojan.Agent.ay : Cleaned with backup
:mozilla.15:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.16:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.17:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.18:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.19:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.20:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.21:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.22:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.35:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.36:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.43:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.44:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.45:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.46:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.48:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.49:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.50:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.51:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.52:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.53:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.61:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.62:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.63:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.64:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.65:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.66:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.68:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.69:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.77:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.82:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.83:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.84:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.85:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.86:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.87:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.88:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.89:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.90:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.91:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.92:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.93:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.105:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.106:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.107:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.108:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.109:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.110:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.111:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.112:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.113:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.114:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.115:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.116:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.117:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.118:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.119:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.120:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.121:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.122:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.123:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.124:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.125:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.142:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.146:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.149:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.150:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.151:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.152:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.154:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.155:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.156:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.157:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.158:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.159:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.160:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.165:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.171:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.172:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.173:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.174:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.175:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.177:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.199:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned with backup
:mozilla.211:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.212:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.213:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.214:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.215:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.216:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.217:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.218:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.219:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.220:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.221:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.222:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.223:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.224:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.225:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.226:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.227:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.228:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.229:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.230:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.231:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.232:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.233:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.234:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.235:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.236:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.237:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.238:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.239:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.240:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.241:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.251:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.261:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup
:mozilla.262:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup
:mozilla.263:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup
:mozilla.264:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup
:mozilla.265:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup
:mozilla.266:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup
:mozilla.267:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup
:mozilla.268:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.269:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.270:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.271:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.272:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.273:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.274:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.275:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.276:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.277:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.278:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.279:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.280:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.303:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned with backup
:mozilla.325:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.Linksynergy : Cleaned with backup
:mozilla.326:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.Linksynergy : Cleaned with backup
:mozilla.327:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.Linksynergy : Cleaned with backup
:mozilla.328:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.334:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.341:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.342:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.343:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.344:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.345:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.352:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup
:mozilla.353:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup
:mozilla.361:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
:mozilla.375:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.379:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.381:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.389:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.414:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup
:mozilla.415:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup
:mozilla.446:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.447:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.448:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.449:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.464:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.Hypertracker : Cleaned with backup
:mozilla.526:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned with backup
:mozilla.527:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned with backup
:mozilla.528:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned with backup
:mozilla.529:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned with backup
:mozilla.530:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.Casinotropez : Cleaned with backup
:mozilla.533:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.591:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.592:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.594:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.Bfast : Cleaned with backup
:mozilla.599:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup
:mozilla.600:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup
:mozilla.604:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.605:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned with backup
:mozilla.637:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned with backup
:mozilla.639:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned with backup
:mozilla.640:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned with backup
:mozilla.649:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup
:mozilla.650:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup
:mozilla.659:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.Realtracker : Cleaned with backup
:mozilla.660:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.Realtracker : Cleaned with backup
:mozilla.664:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.Coremetrics : Cleaned with backup
:mozilla.682:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.683:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.695:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.Paycounter : Cleaned with backup
:mozilla.711:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.712:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.713:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.714:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.Targetnet : Cleaned with backup
C:\Documents and Settings\Stanley Young\Cookies\stanley young@abetterinternet[2].txt -> TrackingCookie.Abetterinternet : Cleaned with backup
C:\Documents and Settings\Stanley Young\Cookies\stanley [email protected][2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Stanley Young\Cookies\stanley young@advertising[1].txt -> TrackingCookie.Advertising : Cleaned with backup
C:\Documents and Settings\Stanley Young\Cookies\stanley young@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Stanley Young\Cookies\stanley young@bestoffersnetworks[2].txt -> TrackingCookie.Bestoffersnetworks : Cleaned with backup
C:\Documents and Settings\Stanley Young\Cookies\stanley young@burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned with backup
C:\Documents and Settings\Stanley Young\Cookies\stanley [email protected][2].txt -> TrackingCookie.Enhance : Cleaned with backup
C:\Documents and Settings\Stanley Young\Cookies\stanley young@cliks[2].txt -> TrackingCookie.Cliks : Cleaned with backup
C:\Documents and Settings\Stanley Young\Cookies\stanley young@com[2].txt -> TrackingCookie.Com : Cleaned with backup
C:\Documents and Settings\Stanley Young\Cookies\stanley young@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned with backup
C:\Documents and Settings\Stanley Young\Cookies\stanley young@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Stanley Young\Cookies\stanley [email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Stanley Young\Cookies\stanley [email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Stanley Young\Cookies\stanley [email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Stanley Young\Cookies\stanley [email protected][1].txt -> TrackingCookie.Adjuggler : Cleaned with backup
C:\Documents and Settings\Stanley Young\Cookies\stanley young@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned with backup
C:\Documents and Settings\Stanley Young\Cookies\stanley young@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : Cleaned with backup
C:\Documents and Settings\Stanley Young\Cookies\stanley [email protected][2].txt -> TrackingCookie.Burstbeacon : Cleaned with backup
C:\Program Files\TBONAS\TBONlchr.dll -> Adware.ActivShopper : Cleaned with backup
C:\WINDOWS\dinst.exe -> Adware.BetterInternet : Cleaned with backup
C:\WINDOWS\Nail.exe -> Adware.BetterInternet : Cleaned with backup
C:\WINDOWS\NDNuninstall6_38.exe -> Adware.NewDotNet : Cleaned with backup
C:\WINDOWS\NDNuninstall7_22.exe -> Adware.NewDotNet : Cleaned with backup
C:\WINDOWS\svcproc.exe -> Adware.BetterInternet : Cleaned with backup
C:\WINDOWS\SYSTEM32\DrPMon.dll -> Adware.BetterInternet : Cleaned with backup
C:\WINDOWS\SYSTEM32\fvqunzf.exe -> Trojan.Agent.ay : Cleaned with backup


::Report End

Edited by CompKid416, 16 March 2006 - 11:12 PM.

  • 0

#6
Flrman1
Posted 17 March 2006 - 06:46 PM

Flrman1

    Malware Assassin

  • Retired Staff
  • 6,596 posts
No, don't use that Best Offers uninstaller. We'll remove it manually.

* Click here to download ATF Cleaner by Atribune and save it to your desktop.
  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main choose: Select All
  • Click the Empty Selected button.
  • If you use Firefox:
  • Click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
  • If you use Opera:
  • Click Opera at the top and choose: Select All
  • Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
[*]Click Exit on the Main menu to close the program.
[/list]
* Click Here and download Killbox and save it to your desktop.


* Click here for info on how to boot to safe mode if you don't already know how.


* Now copy these instructions to notepad and save them to your desktop. You will need them to refer to.


* Run Hijack This again and put a check by these. Close ALL windows except HijackThis and click "Fix checked"

F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe

O2 - BHO: BestOffers Shopping BHO - {F5DE8ADB-4A69-4e56-96AB-823171C8E9D8} - C:\Program Files\TBONAS\TBONlchr.dll

O3 - Toolbar: BestOffers Shopping v1.20 - {7FD44536-9DF0-4034-939F-5BD4D98E3187} - C:\Program Files\TBONAS\TBONlchr.dll

O4 - HKLM\..\Run: [amrxily] C:\WINDOWS\system32\fuiaitf.exe r

O4 - HKLM\..\Run: [Dinst] C:\WINDOWS\dinst.exe


* Restart your computer into safe mode now. Perform the following steps in safe mode:


* Double-click on Killbox.exe to run it.
  • Put a tick by Standard File Kill.
  • In the "Full Path of File to Delete" box, copy and paste each of the following lines one at a time:

    C:\Program Files\TBONAS

    C:\WINDOWS\system32\fuiaitf.exe

    C:\WINDOWS\dinst.exe

  • Click on the button that has the red circle with the X in the middle after you enter each file.
  • It will ask for confimation to delete the file.
  • Click Yes.
  • Continue with that procedure until you have pasted all of these in the "Paste Full Path of File to Delete" box.
  • Killbox may tell you that one or more files do not exist.
  • If that happens, just continue on with all the files. Be sure you don't miss any.
  • Exit the Killbox.

* Restart back into Windows normally now.


* Run ActiveScan online virus scan here

When the scan is finished, save the results from the scan!

Post a new HiJackThis log along with the results from ActiveScan
  • 0

#7
CompKid416
Posted 17 March 2006 - 08:16 PM

CompKid416

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts
Hmm, a couple things went wierd. In my hijackthis log, it never had:
O4 - HKLM\..\Run: [amrxily] C:\WINDOWS\system32\fuiaitf.exe r. Then, Killbox couldn't detect these two files, saying that it wasn't there, etc..:
O4 - HKLM\..\Run: [amrxily] C:\WINDOWS\system32\fuiaitf.exe r
C:\WINDOWS\dinst.exe

OK, so yeah. Also, whenever I try to install IE, I can never find it. ActiveScan doesn't allow Mozilla users to scan, so yeah.

Logfile of HijackThis v1.99.1
Scan saved at 6:15:38 PM, on 3/17/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\wanmpsvc.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\system32\qkrxtji.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\DOCUME~1\STANLE~1\LOCALS~1\Temp\aurareco.exe
C:\Program Files\iTunes\iTunesHelper.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
C:\DOCUME~1\STANLE~1\LOCALS~1\Temp\dinst.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.savewealt...ort/ie6/search/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.savewealth.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.savewealth.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.VeryCD.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.savewealt...t/ie6/complete/
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: BitComet Toolbar Helper - {6A373B7E-496E-424f-A9BE-486A5E9AB018} - C:\Program Files\BitComet Toolbar\v2.0.0.1\BitComet_Toolbar.dll
O2 - BHO: BestOffers Shopping BHO - {F5DE8ADB-4A69-4e56-96AB-823171C8E9D8} - C:\Program Files\TBONAS\TBONlchr.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: BitComet Toolbar - {2E608F70-C430-4bc5-96F6-608E02EBA5B2} - C:\Program Files\BitComet Toolbar\v2.0.0.1\BitComet_Toolbar.dll
O3 - Toolbar: BestOffers Shopping v1.20 - {7FD44536-9DF0-4034-939F-5BD4D98E3187} - C:\Program Files\TBONAS\TBONlchr.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\PROGRA~1\AIM\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [Dinst] C:\WINDOWS\dinst.exe
O4 - HKLM\..\Run: [vvzvmh] C:\WINDOWS\system32\qkrxtji.exe r
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmat...enWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.savewealth.com
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall-bet...all/xscan60.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1138556269546
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab32846.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - http://fdl.msn.com/z...s/heartbeat.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
  • 0

#8
Flrman1
Posted 17 March 2006 - 10:23 PM

Flrman1

    Malware Assassin

  • Retired Staff
  • 6,596 posts

OK, so yeah. Also, whenever I try to install IE, I can never find it. ActiveScan doesn't allow Mozilla users to scan, so yeah.

What do you mean "whenever I try to install IE"?. You mean when you try to open it? :tazz:
  • 0

#9
Flrman1
Posted 17 March 2006 - 10:26 PM

Flrman1

    Malware Assassin

  • Retired Staff
  • 6,596 posts
* Update ewido:
  • Launch ewido
  • On the left side of the main screen click update
  • Click on Start and let it update.
  • DO NOT run a scan yet. You will do that later in safe mode.


* Click here to download Nailfix.zip.
  • Save the file to your desktop.
  • Unzip Nailfix.zip to extract the files it contains.
  • Do not do anything with it yet. You will run the Nailfix.cmd file later in safe mode.

* Click here for info on how to boot to safe mode if you don't already know how.


* Now copy these instructions to notepad and save them to your desktop. You will need them to refer to in safe mode.


* Restart your computer into safe mode now. Perform the following steps in safe mode:


* Once in Safe Mode, double-click on Nailfix.cmd. Your desktop and icons will disappear and reappear, and a window should open and close very quickly --- this is normal.


* Run Ewido:
  • Click on scanner
  • Click Complete System Scan and the scan will begin.
  • During the scan it will prompt you to clean files, click OK
  • When the scan is finished, look at the bottom of the screen and click the Save report button.
  • Save the report to your desktop


* Run Cleanup:
  • Click on the "Cleanup" button and let it run.
  • Once its done, close the program.

* Go to Control Panel > Internet Options. Click on the Programs tab then click the "Reset Web Settings" button. Click Apply then OK.


* Restart back into Windows normally now.


* Come back here and post a new HijackThis log, as well as the log from the Ewido scan.
  • 0

#10
CompKid416
Posted 17 March 2006 - 10:26 PM

CompKid416

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts
Oh, like when I finished installing IE 6.0. I doubleclicked on the installer, the thing fully installed, and it rebooted my comp. Then, when I try to look for it, it's just not there.

So, that's why I can't ActiveScan my comp.
  • 0

Advertisements

#11
Flrman1
Posted 17 March 2006 - 11:00 PM

Flrman1

    Malware Assassin

  • Retired Staff
  • 6,596 posts
Why are you trying to install IE? You already have/had it! :tazz:

You cannot just simply uninstall and reinstall IE in XP like you could in older Windows versions. I have no idea what you have done or are trying to do.
  • 0

#12
CompKid416
Posted 17 March 2006 - 11:15 PM

CompKid416

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts
Oh, okay. Here's what I've been trying to do:

Since you told me to go to ActiveScan and have it run on my comp, I had to access IE. However, I don't have IE (it seems, because I can't find it nor is it even in my programs), I figured I had to d/l it.

Here's the HiJackThis log:

Logfile of HijackThis v1.99.1
Scan saved at 9:11:25 PM, on 3/17/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.savewealt...ort/ie6/search/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.savewealth.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.savewealth.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.VeryCD.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.savewealt...t/ie6/complete/
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: BitComet Toolbar Helper - {6A373B7E-496E-424f-A9BE-486A5E9AB018} - C:\Program Files\BitComet Toolbar\v2.0.0.1\BitComet_Toolbar.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: BitComet Toolbar - {2E608F70-C430-4bc5-96F6-608E02EBA5B2} - C:\Program Files\BitComet Toolbar\v2.0.0.1\BitComet_Toolbar.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\PROGRA~1\AIM\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [Dinst] C:\WINDOWS\dinst.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmat...enWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.savewealth.com
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall-bet...all/xscan60.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1138556269546
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab32846.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - http://fdl.msn.com/z...s/heartbeat.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

Here's the Ewido:

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 9:02:04 PM, 3/17/2006
+ Report-Checksum: A600284A

+ Scan result:

HKLM\SOFTWARE\Classes\CLSID\{3D782BB3-F2A5-11D3-BF4C-000000000000} -> Adware.ActivShopper : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{7FD44536-9DF0-4034-939F-5BD4D98E3187} -> Adware.Generic : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{F5DE8ADB-4A69-4e56-96AB-823171C8E9D8} -> Adware.Generic : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{7FD44536-9DF0-4034-939F-5BD4D98E3187} -> Adware.Generic : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F5DE8ADB-4A69-4e56-96AB-823171C8E9D8} -> Adware.Generic : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\bsto-1 -> Adware.BetterInternet : Cleaned with backup
HKU\S-1-5-21-2376399851-377568584-4290506280-1006\Software\aurora -> Adware.BetterInternet : Cleaned with backup
HKU\S-1-5-21-2376399851-377568584-4290506280-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7FD44536-9DF0-4034-939F-5BD4D98E3187} -> Adware.Generic : Cleaned with backup
HKU\S-1-5-21-2376399851-377568584-4290506280-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F5DE8ADB-4A69-4E56-96AB-823171C8E9D8} -> Adware.Generic : Cleaned with backup
[860] C:\WINDOWS\system32\rjwngxm.exe -> Trojan.Agent.ay : Cleaned with backup
:mozilla.12:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.19:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.20:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.21:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.23:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.24:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.29:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.33:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.34:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.35:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.40:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.41:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.42:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.43:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.44:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.49:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.50:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.51:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.52:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.53:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.54:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.64:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.65:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.66:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.67:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.68:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.69:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.70:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.71:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.73:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.74:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.75:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.76:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.77:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.78:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.79:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.80:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.81:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.82:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.83:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.84:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.85:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.86:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.87:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned with backup
:mozilla.88:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.89:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.90:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.Hypertracker : Cleaned with backup
:mozilla.91:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.92:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.93:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.94:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.95:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.100:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.102:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.103:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.104:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.Addynamix : Cleaned with backup
:mozilla.105:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.Addynamix : Cleaned with backup
:mozilla.106:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.Addynamix : Cleaned with backup
:mozilla.112:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.113:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.114:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.122:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.124:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.125:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.126:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.127:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.128:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.129:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.130:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.131:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.132:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.136:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.137:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.144:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.145:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.146:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.147:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.148:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.149:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.150:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.155:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
:mozilla.156:C:\Documents and Settings\Stanley Young\Application Data\Mozilla\Firefox\Profiles\vcgfkkfv.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
C:\Documents and Settings\Stanley Young\Cookies\stanley young@advertising[1].txt -> TrackingCookie.Advertising : Cleaned with backup
C:\Documents and Settings\Stanley Young\Cookies\stanley young@bestoffersnetworks[2].txt -> TrackingCookie.Bestoffersnetworks : Cleaned with backup
C:\Documents and Settings\Stanley Young\Cookies\stanley young@cliks[2].txt -> TrackingCookie.Cliks : Cleaned with backup
C:\Documents and Settings\Stanley Young\Cookies\stanley young@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup
C:\Program Files\Hijackthis\backups\backup-20060317-174915-133.dll -> Adware.ActivShopper : Cleaned with backup
C:\Program Files\TBONAS\TBONlchr.dll -> Adware.ActivShopper : Cleaned with backup
C:\WINDOWS\SYSTEM32\rjwngxm.exe -> Trojan.Agent.ay : Cleaned with backup


::Report End
  • 0

#13
Flrman1
Posted 18 March 2006 - 09:07 AM

Flrman1

    Malware Assassin

  • Retired Staff
  • 6,596 posts
Go to Start > Run and type in:

iexplore.exe

Click OK.

Does IE launch?
  • 0

#14
CompKid416
Posted 18 March 2006 - 11:07 AM

CompKid416

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts
Doh. Yeah, it launches. Why didn't I think of this earlier? :tazz:.

My bad. I'm not a total expert at computers yet.
  • 0

#15
Flrman1
Posted 18 March 2006 - 11:33 AM

Flrman1

    Malware Assassin

  • Retired Staff
  • 6,596 posts
Run ActiveScan online virus scan here

When the scan is finished, save the results from the scan!

Post a new HiJackThis log along with the results from ActiveScan
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP