Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Win Fixer [CLOSED]


  • This topic is locked This topic is locked

#1
yerffej8

yerffej8

    Member

  • Member
  • PipPip
  • 11 posts
Somehow Win Fixer attached itself to my machine and now I can't get rid of it by normal means. Do you have suggestions?

Thanks for your reply
  • 0

Advertisements


#2
Snickets

Snickets

    Visiting Staff

  • Member
  • PipPipPip
  • 425 posts
Hello yerffej8,

Welcome to GeekstoGo my name is Snickets and I will be helping you today!!!

1.Set up a folder by doing the following.
To create a folder:
Click My Computer, then C:\
In the menu bar, File->New->Folder.
That will create a folder named "New Folder", which you can rename to "HJT" or "HijackThis".
Now you have C:\HJT\ folder.

2. Then go here to download the latest version of hijack this 1.99.1 and save this into the folder you created for hijackthis.

3. Double-click on the hijackthis.exe to scan.
Select "Scan and Save Log".
After the scan save the log somewhere where you will remember.
Then go to the location where you saved the hijack this log and open it up, then hit CTRL A to highlight all the text inside, then right click and hit the copy option then paste the contents back into this thread.

Thank you,

Snickets

:tazz:
  • 0

#3
yerffej8

yerffej8

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Logfile of HijackThis v1.99.1
Scan saved at 9:03:09 PM, on 8/26/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\Program Files\Common Files\Stardock\SDMCP.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
C:\Program Files\Fujitsu\fjdvrupd\fjdvrupd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Winamp\Winampa.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Preview AdService\PrevAdServ.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
C:\WINDOWS\System32\igfxext.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\chk2dvag.exe
C:\WINDOWS\Downloaded Program Files\UWFX5LP_0001_0803NetInstaller.exe
C:\WINDOWS\system32\cewlv1.exe
C:\Program Files\Preview AdService\PrevAdKeep.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Southwest Airlines\Ding\Ding.exe
C:\WINDOWS\System32\1XConfig.exe
C:\Program Files\Apoint2K\HidFind.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Symantec Shared\AdBlocking\NSMdtr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Hijackthis\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c.../search/ie.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sbts.edu/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.computers.us.fujitsu.com/
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://mail.redwoodchapel.org/"); (C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\rhbz2ldh.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_02.src"); (C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\rhbz2ldh.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: AdwareFilter - {1028F737-81E7-452B-A860-E50CAD90A08C} - C:\Program Files\AdwareFilterToolBar\AdwareFilter.dll
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [IndicatorUtility] C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
O4 - HKLM\..\Run: [LoadFujitsuQuickTouch] C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
O4 - HKLM\..\Run: [LoadBtnHnd] C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
O4 - HKLM\..\Run: [FJUPDNV_Chitose] C:\Program Files\Fujitsu\fjdvrupd\fjdvrupd.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Preview AdService] C:\Program Files\Preview AdService\PrevAdServ.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [o3Ei3EP] chk2dvag.exe
O4 - HKLM\..\Run: [NI.UWFX5LP_0001_0803] "C:\WINDOWS\Downloaded Program Files\UWFX5LP_0001_0803NetInstaller.exe"
O4 - HKLM\..\Run: [AdwareAlert] C:\Program Files\AdwareAlert\AdwareAlert.Exe -boot
O4 - HKCU\..\Run: [Z0xsROjqO] cewlv1.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: DING!.lnk = C:\Program Files\Southwest Airlines\Ding\Ding.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.computers.us.fujitsu.com/
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.mac...ash/swflash.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: MCPClient - C:\Program Files\Common Files\Stardock\mcpstub.dll
O20 - Winlogon Notify: Sebring - C:\WINDOWS\System32\LgNotify.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: ZESOFT - Unknown owner - C:\WINDOWS\zeta.exe
  • 0

#4
Snickets

Snickets

    Visiting Staff

  • Member
  • PipPipPip
  • 425 posts
Hello yerffej8,

Please read this post completely, it may make it easier for you if you copy and paste this post to a new text document or print it for reference later.

Step 1- Downloading Necessary Programs

1.Please download the trial version of Ewido Security Suite here:
http://www.ewido.net/en/download/

Please read Ewido Setup Instructions
Install it, and update the definitions to the newest files. Do NOT run a scan yet.

2.If you have not already installed Ad-Aware SE 1.06, follow these download and setup instructions, otherwise, check for updates:
Ad-Aware SE Setup
Don't run it yet!


Step 2-The Fix
Go to Start > Run and type in Services.msc then click OK
Click the Extended tab.
Scroll down until you find the service ZESOFT.
Click once on the service to highlight it.
Click Stop
Right-Click on the service.
Click on 'Properties'
Select the 'General' tab
Click the Arrow-down tab on the right-hand side on the 'Start-up Type' box
From the drop-down menu, click on 'Disabled'
Click the 'Apply' tab, then click 'OK'
The service is now stopped and disabled.
***
Open HijackThis
click on "None of the above, just start the program".
click on the "Config" button (bottom right),
click on "Misc Tools"
click on "Delete an NT Service" (a window will pop up)
Enter the below item into that field (make sure there are NO spaces before or after the name): ZESOFT
Click OK.
It should pull up information about the service, then ask if you want to reboot. Click YES.
***

Next, please reboot your computer in SafeMode by doing the following:
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
  • Instead of Windows loading as normal, a menu should appear
  • Select the first option, to run Windows in Safe Mode.
Open Ad-aware and do a full scan. Remove all it finds.

Run Ewido:
  • Click on scanner
  • Click on Complete System Scan and the scan will begin.
  • NOTE: During some scans with ewido it is finding cases of false positives.
  • You will need to step through the process of cleaning files one-by-one.
  • If ewido detects a file you KNOW to be legitimate, select none as the action.
  • DO NOT select "Perform action on all infections"
  • If you are unsure of any entry found select none for now.
  • When the scan is finished, click the Save report button at the bottom of the screen.
  • Save the report to your desktop
Close Ewido

Now scan with HJT and place a checkmark next to each of the following items:
===================================================
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c.../search/ie.html
O4 - HKLM\..\Run: [Preview AdService] C:\Program Files\Preview AdService\PrevAdServ.exe
O4 - HKLM\..\Run: [o3Ei3EP] chk2dvag.exe
O4 - HKLM\..\Run: [NI.UWFX5LP_0001_0803] "C:\WINDOWS\Downloaded Program Files\UWFX5LP_0001_0803NetInstaller.exe"
O4 - HKLM\..\Run: [AdwareAlert] C:\Program Files\AdwareAlert\AdwareAlert.Exe -boot
O4 - HKCU\..\Run: [Z0xsROjqO] cewlv1.exe
O23 - Service: ZESOFT - Unknown owner - C:\WINDOWS\zeta.exe


After checking these entries CLOSE ALL open windows [browsers and programs] EXCEPT HijackThis and click "Fix Checked."
===================================================

Please remove these entries from Add/Remove Programs in the Control Panel(if present).
WindUpdates
AdwareAlert

Please note any other programs that you dont recognize in that list in your next response

Please delete these files and folders using Windows Explorer(if present):
files=blue
folders=red

C:\Program Files\Preview AdService\
C:\Program Files\AdwareAlert\
C:\WINDOWS\system32\chk2dvag.exe
C:\WINDOWS\system32\cewlv1.exe
C:\WINDOWS\zeta.exe
C:\WINDOWS\Downloaded Program Files\UWFX5LP_0001_0803NetInstaller.exe

Please Search for these files below seperately and delete if present using the following instructions:
Go to Start>Run>Search for Files and Folders>and type in the following files:
chk2dvag.exe
cewlv1.exe


Reboot into normal windows.

Please rescan with HijackThis and post the new results in this thread along with the ewido scan results. At this time please let me know how your system is running.

Thank you,

Snickets

:tazz:

Edited by Snickets, 29 August 2005 - 12:15 PM.

  • 0

#5
yerffej8

yerffej8

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Snickets,

Thanks for all your helpful advice. I think I messed up though :tazz:
After I installed Ewido I ran a scan because I was looking at the instruction page and not the page you sent me...sorry about that.

The result is that when I finished the rest of your instructions the file ZESOFT had already been removed. I am not sure what to do now.

Also when I downloaded Ad-Aware SE the program would freeze every time I would check for updates.

Any help you can offer would be much appreciated and I will read more carefully next time.

Jeff
  • 0

#6
Snickets

Snickets

    Visiting Staff

  • Member
  • PipPipPip
  • 425 posts
Hello yerffej8,

That's ok, please skip the step on Adaware and then finish the rest of the instructions.

Please run the rest of the fix as is and make sure to run ewido in safe mode for me.

Please make sure to post the log you have just scanned and created and the log from safe mode.

Also in the list of add/remove programs please remove Winfixer in safe mode as well.

We will get you cleaned up.

HEHEH

Thanks,

Snickets

:tazz:
  • 0

#7
yerffej8

yerffej8

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Snickets,

Thank you, thank you. Things seem to be running normal right now. Here are the two logs you requested. The second one was run in safe mode. Should I continue to run Ewido regularly now that the problem is fixed? Anyway, thanks again and great work.

Jeff

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 1:36:37 PM, 8/29/2005
+ Report-Checksum: F7F67BF3

+ Scan result:

HKLM\SOFTWARE\AutoLoader -> Spyware.AproposMedia : Cleaned with backup
HKLM\SOFTWARE\AutoLoader\AproposClient -> Spyware.AproposMedia : Cleaned with backup
HKLM\SOFTWARE\AutoLoader\owx01QSgVILV -> Spyware.AproposMedia : Cleaned with backup
HKLM\SOFTWARE\AutoLoader\owxM1QSgVILV -> Spyware.AproposMedia : Cleaned with backup
HKLM\SOFTWARE\Avenue Media -> Spyware.InternetOptimizer : Cleaned with backup
HKLM\SOFTWARE\Avenue Media\Internet Optimizer -> Spyware.InternetOptimizer : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{016235BE-59D4-4CEB-ADD5-E2378282A1D9} -> Spyware.AproposMedia : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{1028F737-81E7-452B-A860-E50CAD90A08C} -> Spyware.SpyAssassin : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{B5AB638F-D76C-415B-A8F2-F3CEAC502212} -> Spyware.AproposMedia : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{BC333116-6EA1-40A1-9D07-ECB192DB8CEA} -> Spyware.AproposMedia : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{6BAF0C72-19B4-46E7-A9B0-C272C79442C0} -> Spyware.SafeSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{82B382FD-F0CB-444F-9C9C-1ED4AB39E5C0} -> Spyware.SafeSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{B548B7D8-3D03-4AED-A6A1-4251FAD00C10} -> Spyware.AproposMedia : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{B99A727F-0782-4A71-BCC2-6E1E66414904} -> Spyware.AproposMedia : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{BC333116-6EA1-40A1-9D07-ECB192DB8CEA} -> Spyware.AproposMedia : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{193FC180-7E97-467E-8CDD-B4385F6D20C4} -> Spyware.SafeSearch : Cleaned with backup
HKLM\SOFTWARE\eXactUtil -> Spyware.BargainBuddy : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\AMeOpt -> Spyware.InternetOptimizer : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AutoUpdate -> Spyware.AproposMedia : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DyFuCA -> Spyware.MoneyTree : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Optimizer -> Spyware.InternetOptimizer : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Kapabout -> Spyware.InternetOptimizer : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\salm -> Spyware.180Solutions : Cleaned with backup
HKLM\SOFTWARE\Policies\Avenue Media -> Spyware.InternetOptimizer : Cleaned with backup
HKLM\SOFTWARE\Preview AdService -> Spyware.BlazeFind : Cleaned with backup
HKLM\SOFTWARE\salm -> Spyware.180Solutions : Cleaned with backup
HKLM\SYSTEM\CurrentControlSet\Services\ZESOFT -> Spyware.NaviSearch : Cleaned with backup
HKLM\SYSTEM\CurrentControlSet\Services\ZESOFT\Security -> Spyware.NaviSearch : Cleaned with backup
HKLM\SYSTEM\CurrentControlSet\Services\ZESOFT\Enum -> Spyware.NaviSearch : Cleaned with backup
HKU\S-1-5-21-2993856538-2312660386-3479971185-1003\Software\Apropos -> Spyware.AproposMedia : Cleaned with backup
HKU\S-1-5-21-2993856538-2312660386-3479971185-1003\Software\Avenue Media -> Spyware.InternetOptimizer : Cleaned with backup
HKU\S-1-5-21-2993856538-2312660386-3479971185-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{016235BE-59D4-4CEB-ADD5-E2378282A1D9} -> Spyware.AproposMedia : Cleaned with backup
HKU\S-1-5-21-2993856538-2312660386-3479971185-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1028F737-81E7-452B-A860-E50CAD90A08C} -> Spyware.SpyAssassin : Cleaned with backup
HKU\S-1-5-21-2993856538-2312660386-3479971185-1003\Software\Microsoft\Windows\CurrentVersion\Policies\AMeOpt -> Spyware.InternetOptimizer : Cleaned with backup
HKU\S-1-5-21-2993856538-2312660386-3479971185-1003\Software\Policies\Avenue Media -> Spyware.InternetOptimizer : Cleaned with backup
HKU\S-1-5-21-2993856538-2312660386-3479971185-1003\Software\salm -> Spyware.180Solutions : Cleaned with backup
[2904] C:\Program Files\Preview AdService\PrevAdServ.exe -> Spyware.WinAD : Cleaned with backup
[3012] C:\WINDOWS\Downloaded Program Files\UWFX5LP_0001_0803NetInstaller.exe -> Not-A-Virus.Downloader.Agent.c : Cleaned with backup
[3032] C:\Program Files\Preview AdService\PrevAdKeep.exe -> Spyware.WinAD : Cleaned with backup
:mozilla.22:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qmfwh9q8.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.23:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qmfwh9q8.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.24:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qmfwh9q8.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.25:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qmfwh9q8.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.26:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qmfwh9q8.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.27:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qmfwh9q8.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.28:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qmfwh9q8.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.29:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qmfwh9q8.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.30:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qmfwh9q8.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.31:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qmfwh9q8.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.32:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qmfwh9q8.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.33:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qmfwh9q8.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.34:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qmfwh9q8.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.35:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qmfwh9q8.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.51:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qmfwh9q8.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.52:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qmfwh9q8.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.54:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qmfwh9q8.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.55:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qmfwh9q8.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.56:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qmfwh9q8.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.57:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qmfwh9q8.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.58:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qmfwh9q8.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.59:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qmfwh9q8.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.60:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qmfwh9q8.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.61:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qmfwh9q8.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.62:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qmfwh9q8.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.63:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qmfwh9q8.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.64:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qmfwh9q8.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.65:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qmfwh9q8.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.66:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qmfwh9q8.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.67:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qmfwh9q8.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.68:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qmfwh9q8.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.69:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qmfwh9q8.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.70:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qmfwh9q8.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.71:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qmfwh9q8.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.72:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qmfwh9q8.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.73:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qmfwh9q8.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.74:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qmfwh9q8.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.75:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qmfwh9q8.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.76:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qmfwh9q8.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.77:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qmfwh9q8.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.78:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qmfwh9q8.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.79:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qmfwh9q8.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.80:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qmfwh9q8.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.81:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qmfwh9q8.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.82:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qmfwh9q8.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.83:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qmfwh9q8.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.84:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qmfwh9q8.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.85:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qmfwh9q8.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.86:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qmfwh9q8.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.87:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qmfwh9q8.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.88:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qmfwh9q8.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.89:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qmfwh9q8.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.90:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qmfwh9q8.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.91:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qmfwh9q8.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.92:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qmfwh9q8.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.93:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qmfwh9q8.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.94:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qmfwh9q8.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.95:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qmfwh9q8.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.96:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qmfwh9q8.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.97:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qmfwh9q8.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.98:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qmfwh9q8.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.99:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qmfwh9q8.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.100:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qmfwh9q8.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.101:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qmfwh9q8.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.102:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qmfwh9q8.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.103:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qmfwh9q8.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.104:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qmfwh9q8.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.105:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qmfwh9q8.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.106:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qmfwh9q8.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.107:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qmfwh9q8.default\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.108:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qmfwh9q8.default\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
:mozilla.109:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qmfwh9q8.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.111:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qmfwh9q8.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.116:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qmfwh9q8.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.118:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qmfwh9q8.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.119:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qmfwh9q8.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.120:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qmfwh9q8.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.121:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qmfwh9q8.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.130:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qmfwh9q8.default\cookies.txt -> Spyware.Cookie.Coremetrics : Cleaned with backup
:mozilla.137:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qmfwh9q8.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.147:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qmfwh9q8.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.148:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qmfwh9q8.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.155:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qmfwh9q8.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.156:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qmfwh9q8.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.157:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qmfwh9q8.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.158:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qmfwh9q8.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.159:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qmfwh9q8.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.160:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qmfwh9q8.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.161:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qmfwh9q8.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.162:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qmfwh9q8.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.163:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qmfwh9q8.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.164:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qmfwh9q8.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.165:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qmfwh9q8.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.166:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qmfwh9q8.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.167:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qmfwh9q8.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.168:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qmfwh9q8.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.169:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qmfwh9q8.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.170:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qmfwh9q8.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.171:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qmfwh9q8.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.172:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qmfwh9q8.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.173:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qmfwh9q8.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.174:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qmfwh9q8.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.175:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qmfwh9q8.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.176:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qmfwh9q8.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.177:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qmfwh9q8.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.178:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qmfwh9q8.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.210:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qmfwh9q8.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.211:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qmfwh9q8.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.215:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qmfwh9q8.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.220:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qmfwh9q8.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.221:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qmfwh9q8.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.222:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qmfwh9q8.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.223:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qmfwh9q8.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.240:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qmfwh9q8.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.241:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qmfwh9q8.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.242:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qmfwh9q8.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.243:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qmfwh9q8.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.244:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qmfwh9q8.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.245:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qmfwh9q8.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.248:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qmfwh9q8.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.249:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qmfwh9q8.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.250:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qmfwh9q8.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.259:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qmfwh9q8.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.260:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qmfwh9q8.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.261:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qmfwh9q8.default\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.262:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qmfwh9q8.default\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.282:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qmfwh9q8.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.353:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qmfwh9q8.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.354:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qmfwh9q8.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.377:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qmfwh9q8.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.378:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qmfwh9q8.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.379:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qmfwh9q8.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.380:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qmfwh9q8.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.381:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qmfwh9q8.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.382:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qmfwh9q8.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.384:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qmfwh9q8.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.385:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qmfwh9q8.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.396:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qmfwh9q8.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.402:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qmfwh9q8.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.411:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qmfwh9q8.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.425:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qmfwh9q8.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.426:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qmfwh9q8.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.427:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qmfwh9q8.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.446:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qmfwh9q8.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.447:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qmfwh9q8.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.448:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qmfwh9q8.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.449:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qmfwh9q8.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.450:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qmfwh9q8.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.451:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qmfwh9q8.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.452:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qmfwh9q8.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.453:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qmfwh9q8.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.454:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qmfwh9q8.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.455:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qmfwh9q8.default\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.456:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qmfwh9q8.default\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.472:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qmfwh9q8.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.473:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qmfwh9q8.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.477:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qmfwh9q8.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.478:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qmfwh9q8.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.479:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qmfwh9q8.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.494:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qmfwh9q8.default\cookies.txt -> Spyware.Cookie.Onestat : Cleaned with backup
:mozilla.495:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qmfwh9q8.default\cookies.txt -> Spyware.Cookie.Onestat : Cleaned with backup
:mozilla.620:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qmfwh9q8.default\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.633:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qmfwh9q8.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.683:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qmfwh9q8.default\cookies.txt -> Spyware.Cookie.Targetnet : Cleaned with backup
:mozilla.688:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qmfwh9q8.default\cookies.txt -> Spyware.Cookie.Targetnet : Cleaned with backup
:mozilla.698:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qmfwh9q8.default\cookies.txt -> Spyware.Cookie.Coremetrics : Cleaned with backup
:mozilla.706:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qmfwh9q8.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.715:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qmfwh9q8.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.716:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qmfwh9q8.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.717:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qmfwh9q8.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.718:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qmfwh9q8.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.800:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qmfwh9q8.default\cookies.txt -> Spyware.Cookie.Qksrv : Cleaned with backup
:mozilla.801:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qmfwh9q8.default\cookies.txt -> Spyware.Cookie.Qksrv : Cleaned with backup
:mozilla.806:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qmfwh9q8.default\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.816:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qmfwh9q8.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.817:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qmfwh9q8.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.824:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qmfwh9q8.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.825:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qmfwh9q8.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.830:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qmfwh9q8.default\cookies.txt -> Spyware.Cookie.Bfast : Cleaned with backup
:mozilla.837:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qmfwh9q8.default\cookies.txt -> Spyware.Cookie.Bfast : Cleaned with backup
:mozilla.843:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qmfwh9q8.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.844:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qmfwh9q8.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.845:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qmfwh9q8.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.846:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qmfwh9q8.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.856:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qmfwh9q8.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.859:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qmfwh9q8.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.860:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qmfwh9q8.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.864:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qmfwh9q8.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.878:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qmfwh9q8.default\cookies.txt -> Spyware.Cookie.Sitestat : Cleaned with backup
:mozilla.884:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qmfwh9q8.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.885:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qmfwh9q8.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.886:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qmfwh9q8.default\cookies.txt -> Spyware.Cookie.Sitestat : Cleaned with backup
:mozilla.895:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qmfwh9q8.default\cookies.txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
:mozilla.914:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qmfwh9q8.default\cookies.txt -> Spyware.Cookie.Clickagents : Cleaned with backup
:mozilla.915:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qmfwh9q8.default\cookies.txt -> Spyware.Cookie.Clickagents : Cleaned with backup
:mozilla.916:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qmfwh9q8.default\cookies.txt -> Spyware.Cookie.Clickagents : Cleaned with backup
:mozilla.917:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qmfwh9q8.default\cookies.txt -> Spyware.Cookie.Clickagents : Cleaned with backup
:mozilla.918:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qmfwh9q8.default\cookies.txt -> Spyware.Cookie.Clickagents : Cleaned with backup
:mozilla.922:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qmfwh9q8.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.923:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qmfwh9q8.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.936:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qmfwh9q8.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.937:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qmfwh9q8.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.938:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qmfwh9q8.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.939:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qmfwh9q8.default\cookies.txt -> Spyware.Cookie.247realmedia : Cleaned with backup
:mozilla.948:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qmfwh9q8.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.953:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qmfwh9q8.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.954:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qmfwh9q8.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.956:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qmfwh9q8.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.959:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qmfwh9q8.default\cookies.txt -> Spyware.Cookie.Hitslink : Cleaned with backup
:mozilla.960:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qmfwh9q8.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.963:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qmfwh9q8.default\cookies.txt -> Spyware.Cookie.Hitslink : Cleaned with backup
:mozilla.966:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qmfwh9q8.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.967:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qmfwh9q8.default\cookies.txt -> Spyware.Cookie.Hitslink : Cleaned with backup
:mozilla.27:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\rhbz2ldh.slt\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.28:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\rhbz2ldh.slt\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.29:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\rhbz2ldh.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.30:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\rhbz2ldh.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.31:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\rhbz2ldh.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.32:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\rhbz2ldh.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.33:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\rhbz2ldh.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.34:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\rhbz2ldh.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.35:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\rhbz2ldh.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.36:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\rhbz2ldh.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.37:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\rhbz2ldh.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.38:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\rhbz2ldh.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.39:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\rhbz2ldh.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.41:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\rhbz2ldh.slt\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.42:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\rhbz2ldh.slt\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
:mozilla.43:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\rhbz2ldh.slt\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
:mozilla.44:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\rhbz2ldh.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.45:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\rhbz2ldh.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.46:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\rhbz2ldh.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.47:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\rhbz2ldh.slt\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.48:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\rhbz2ldh.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.49:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\rhbz2ldh.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.50:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\rhbz2ldh.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.51:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\rhbz2ldh.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.52:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\rhbz2ldh.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.53:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\rhbz2ldh.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.54:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\rhbz2ldh.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.55:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\rhbz2ldh.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.56:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\rhbz2ldh.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.57:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\rhbz2ldh.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.58:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\rhbz2ldh.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.59:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\rhbz2ldh.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.60:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\rhbz2ldh.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.61:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\rhbz2ldh.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.62:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\rhbz2ldh.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.63:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\rhbz2ldh.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.64:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\rhbz2ldh.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.67:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\rhbz2ldh.slt\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.70:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\rhbz2ldh.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.71:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\rhbz2ldh.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.72:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\rhbz2ldh.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.73:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\rhbz2ldh.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.74:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\rhbz2ldh.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.75:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\rhbz2ldh.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.76:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\rhbz2ldh.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.77:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\rhbz2ldh.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.78:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\rhbz2ldh.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.79:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\rhbz2ldh.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.80:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\rhbz2ldh.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.81:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\rhbz2ldh.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.82:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\rhbz2ldh.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.83:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\rhbz2ldh.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.84:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\rhbz2ldh.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.85:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\rhbz2ldh.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.86:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\rhbz2ldh.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.87:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\rhbz2ldh.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.88:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\rhbz2ldh.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.89:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\rhbz2ldh.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.90:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\rhbz2ldh.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.91:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\rhbz2ldh.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.92:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\rhbz2ldh.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.96:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\rhbz2ldh.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.97:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\rhbz2ldh.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.117:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\rhbz2ldh.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.119:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\rhbz2ldh.slt\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.120:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\rhbz2ldh.slt\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.121:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\rhbz2ldh.slt\cookies.txt -> Spyware.Cookie.Falkag :
  • 0

#8
Snickets

Snickets

    Visiting Staff

  • Member
  • PipPipPip
  • 425 posts
Hello yerffej8,

If you could please run a new HijackThis scan and post the new log into this thread for me to review as well.

Thank you,

Snickets

:tazz:
  • 0

#9
yerffej8

yerffej8

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Here you go:

Logfile of HijackThis v1.99.1
Scan saved at 10:21:51 PM, on 8/29/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\Program Files\Common Files\Stardock\SDMCP.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\1XConfig.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
C:\Program Files\Fujitsu\fjdvrupd\fjdvrupd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Winamp\Winampa.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\igfxext.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Southwest Airlines\Ding\Ding.exe
C:\Program Files\Apoint2K\HidFind.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\MICROS~3\OFFICE11\OUTLOOK.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Symantec Shared\AdBlocking\NSMdtr.exe
C:\Hijackthis\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c.../search/ie.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sbts.edu/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.computers.us.fujitsu.com/
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://mail.redwoodchapel.org/"); (C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\rhbz2ldh.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_02.src"); (C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\rhbz2ldh.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: (no name) - {1028F737-81E7-452B-A860-E50CAD90A08C} - (no file)
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [IndicatorUtility] C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
O4 - HKLM\..\Run: [LoadFujitsuQuickTouch] C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
O4 - HKLM\..\Run: [LoadBtnHnd] C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
O4 - HKLM\..\Run: [FJUPDNV_Chitose] C:\Program Files\Fujitsu\fjdvrupd\fjdvrupd.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Preview AdService] C:\Program Files\Preview AdService\PrevAdServ.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AdwareAlert] C:\Program Files\AdwareAlert\AdwareAlert.Exe -boot
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: DING!.lnk = C:\Program Files\Southwest Airlines\Ding\Ding.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.computers.us.fujitsu.com/
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.mac...ash/swflash.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: MCPClient - C:\Program Files\Common Files\Stardock\mcpstub.dll
O20 - Winlogon Notify: Sebring - C:\WINDOWS\System32\LgNotify.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
  • 0

#10
Snickets

Snickets

    Visiting Staff

  • Member
  • PipPipPip
  • 425 posts
Hello yerffej8,

There are a couple of things left that we need to take care of to get you cleaned up completely.

1.Click here to download Pocket Killbox by Option^Explicit. Extract it from the zip file then double-click on Killbox.exe to run it. Place the following lines (complete paths) in bold in the "Full Path of File to Delete" box in Killbox, and click the red button with the white X on it after each. Keep track of any files it tells you either could not be found or could not be deleted, as you'll need those later:

C:\Program Files\Preview AdService\PrevAdServ.exe
C:\Program Files\AdwareAlert\AdwareAlert.Exe

For the files that it either couldn't find or couldn't delete, in the killbox again this time, put a mark next to "Delete on Reboot". Copy and paste each file into the file name box, then click the red button with the X after each. It will ask you if you want to reboot each time you click it, answer NO until after you've pasted the last file name, at which time you should answer Yes, please reboot into safe mode at this time.

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run TheKillbox, click here to download and run missingfilesetup.exe. Then try TheKillbox again.

2.Once in safe mode please run HijackThis and place a check next to the following items.
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c.../search/ie.html
O3 - Toolbar: (no name) - {1028F737-81E7-452B-A860-E50CAD90A08C} - (no file)
O4 - HKLM\..\Run: [Preview AdService] C:\Program Files\Preview AdService\PrevAdServ.exe
O4 - HKLM\..\Run: [AdwareAlert] C:\Program Files\AdwareAlert\AdwareAlert.Exe -boot


After checking these entries CLOSE ALL open windows [browsers and programs] EXCEPT HijackThis and click "Fix Checked."
===================================================

3.Please remove these entries from Add/Remove Programs in the Control Panel(if present).
AdwareAlert
Please note any other programs that you dont recognize in that list in your next response

4.Go to Start>Search and at the top select Tools>Folder Options
Select the View tab
Display the contents of system folders
Show hidden files and folders
Uncheck: Hide protected operating system files
Click on Apply.
Next go to the side of the Search box and select All files and folders. Go down to More advanced options.
Be sure the first three boxes are selected:
Search System folders
Search Hidden Files and folders
Search SubFolders

5.Please delete these files and folders using Windows Explorer(if present):
files=blue
folders=red

C:\Program Files\Preview AdService\
C:\Program Files\AdwareAlert\

6.Reboot your computer into normal mode at this time.

7.Please rescan with HijackThis and post a fresh log for me to review.

Thank you,

Snickets

:tazz:
  • 0

Advertisements


#11
yerffej8

yerffej8

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
I followed the instructions but wasn't able to reboot or even open the start menu in safe mode (as a result I could not get into the control panel. So, I did a hard reboot and followed the instructions in normal windows.

In the control panel the following were files I didn't recognize:
Adware Filter
Adware Filter Toolbar
Agere Systems AC'97 Modem
Preview Adservice

Would all of this affect my ability to shutdown or restart normally?
Would it affect my ability to run Adobe Acrobat Reader?
Would it affect my ability to run Mozilla Firefox?

All three of these are not working correctly.

Thanks

Here is the latest hijack log:

Logfile of HijackThis v1.99.1
Scan saved at 7:04:55 PM, on 8/30/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\Program Files\Common Files\Stardock\SDMCP.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
C:\Program Files\Fujitsu\fjdvrupd\fjdvrupd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Winamp\Winampa.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\igfxext.exe
C:\Program Files\Southwest Airlines\Ding\Ding.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\1XConfig.exe
C:\Program Files\Apoint2K\HidFind.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Hijackthis\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c.../search/ie.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sbts.edu/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.computers.us.fujitsu.com/
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://mail.redwoodchapel.org/"); (C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\rhbz2ldh.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_02.src"); (C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\rhbz2ldh.slt\prefs.js)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: (no name) - {1028F737-81E7-452B-A860-E50CAD90A08C} - (no file)
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [IndicatorUtility] C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
O4 - HKLM\..\Run: [LoadFujitsuQuickTouch] C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
O4 - HKLM\..\Run: [LoadBtnHnd] C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
O4 - HKLM\..\Run: [FJUPDNV_Chitose] C:\Program Files\Fujitsu\fjdvrupd\fjdvrupd.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Preview AdService] C:\Program Files\Preview AdService\PrevAdServ.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AdwareAlert] C:\Program Files\AdwareAlert\AdwareAlert.Exe -boot
O4 - HKCU\..\Run: [dlmMgr] "C:\Program Files\Common Files\Adobe\ESD\AdobeDownloadManager.exe" restart=1
O4 - Global Startup: DING!.lnk = C:\Program Files\Southwest Airlines\Ding\Ding.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.computers.us.fujitsu.com/
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.mac...ash/swflash.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: MCPClient - C:\Program Files\Common Files\Stardock\mcpstub.dll
O20 - Winlogon Notify: Sebring - C:\WINDOWS\System32\LgNotify.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
  • 0

#12
Snickets

Snickets

    Visiting Staff

  • Member
  • PipPipPip
  • 425 posts
Hello yerffej8,

Yes I see that some of the files came back and we will need to take another approach to this issue.

There is another way to get to your control panel which I have put into this fix.

Please read this post completely, it may make it easier for you if you copy and paste this post to a new text document or print it for reference later.

1.Click here to download Pocket Killbox by Option^Explicit. Extract it from the zip file then double-click on Killbox.exe to run it. Place the following lines (complete paths) in bold in the "Full Path of File to Delete" box in Killbox, and click the red button with the white X on it after each. Keep track of any files it tells you either could not be found or could not be deleted, as you'll need those later:

C:\Program Files\Preview AdService\PrevAdServ.exe
C:\Program Files\AdwareAlert\AdwareAlert.Exe

For the files that it either couldn't find or couldn't delete, in the killbox again this time, put a mark next to "Delete on Reboot". Copy and paste each file into the file name box, then click the red button with the X after each. It will ask you if you want to reboot each time you click it, answer NO until after you've pasted the last file name, at which time you should answer Yes. Please reboot into safe mode at this time.

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run TheKillbox, click here to download and run missingfilesetup.exe. Then try TheKillbox again.

2.Once in safe mode please run HijackThis and place a check next to the following items.
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c.../search/ie.html
O4 - HKLM\..\Run: [Preview AdService] C:\Program Files\Preview AdService\PrevAdServ.exe
O4 - HKLM\..\Run: [AdwareAlert] C:\Program Files\AdwareAlert\AdwareAlert.Exe -boot


After checking these entries CLOSE ALL open windows [browsers and programs] EXCEPT HijackThis and click "Fix Checked."
===================================================

3.Access your control panel by double clicking on my computer then on the right hand side under options you will see your control panel. Click on this and then find the entry for add/remove programs. Then remove these the programs below if present.
PreviewAdService
AdwareAlert


4.After this is complete close out add/remove programs and then double click on my computer again and then click on your C:\ drive and then follow the paths below to delete the following folders if present.
C:\Program Files\Preview AdService\
C:\Program Files\AdwareAlert\

5.Reboot into normal windows and rescan with HijackThis then post a fresh log in this thread for me to review.

Thank you,
Snickets
:tazz:
  • 0

#13
yerffej8

yerffej8

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Here is the latest log file (It looks like the files are still there :tazz: )

When I put those filepaths into killbox it says that they are already missing. I deleted PreviewAdservice from the add/remove programs, but it said that it had already been deleted. AdwareAlert does not show up anywhere although Adware Filter and Adware toolbar do.


Logfile of HijackThis v1.99.1
Scan saved at 5:49:41 PM, on 8/31/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\Program Files\Common Files\Stardock\SDMCP.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
C:\Program Files\Fujitsu\fjdvrupd\fjdvrupd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Winamp\Winampa.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\igfxext.exe
C:\WINDOWS\System32\1XConfig.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Southwest Airlines\Ding\Ding.exe
C:\Program Files\Apoint2K\HidFind.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Hijackthis\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sbts.edu/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.computers.us.fujitsu.com/
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://mail.redwoodchapel.org/"); (C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\rhbz2ldh.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_02.src"); (C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\rhbz2ldh.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: (no name) - {1028F737-81E7-452B-A860-E50CAD90A08C} - (no file)
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [IndicatorUtility] C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
O4 - HKLM\..\Run: [LoadFujitsuQuickTouch] C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
O4 - HKLM\..\Run: [LoadBtnHnd] C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
O4 - HKLM\..\Run: [FJUPDNV_Chitose] C:\Program Files\Fujitsu\fjdvrupd\fjdvrupd.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Preview AdService] C:\Program Files\Preview AdService\PrevAdServ.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AdwareAlert] C:\Program Files\AdwareAlert\AdwareAlert.Exe -boot
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: DING!.lnk = C:\Program Files\Southwest Airlines\Ding\Ding.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.computers.us.fujitsu.com/
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.mac...ash/swflash.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: MCPClient - C:\Program Files\Common Files\Stardock\mcpstub.dll
O20 - Winlogon Notify: Sebring - C:\WINDOWS\System32\LgNotify.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
  • 0

#14
Snickets

Snickets

    Visiting Staff

  • Member
  • PipPipPip
  • 425 posts
Hello yerffej8,

1.Please go here and download the free trial for SpySweeper.

2.Once installed please open up the program and push on the options tab then click on update definitions.

3.Once the definitions are installed please click on the sweep now tab and do a complete scan and removal of all items found for me.

4.Then please reboot your computer at this time.

5.Then please reopen spysweeper and click on the results tab and copy and paste all of the information that is in this section into your next post. Also please run a new HijackThis scan and post the log from this into the thread as well.


Thank you,

Snickets

:tazz:
  • 0

#15
yerffej8

yerffej8

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Here is the SpySweeper session log:
********
11:40 AM: |··· Start of Session, Thursday, September 01, 2005 ···|
11:40 AM: Spy Sweeper started
11:40 AM: Sweep initiated using definitions version 525
11:40 AM: Starting Memory Sweep
11:42 AM: Memory Sweep Complete, Elapsed Time: 00:02:09
11:42 AM: Starting Registry Sweep
11:42 AM: Found Adware: apropos
11:42 AM: HKU\S-1-5-21-2993856538-2312660386-3479971185-1003\software\aprps\ (7 subtraces) (ID = 103740)
11:42 AM: HKLM\software\aprps\ (8 subtraces) (ID = 103741)
11:42 AM: Found Adware: blazefind
11:42 AM: HKLM\software\microsoft\windows\currentversion\run\ || preview adservice (ID = 104534)
11:42 AM: HKLM\software\microsoft\windows\currentversion\uninstall\preview adservice\ (2 subtraces) (ID = 104549)
11:42 AM: Registry Sweep Complete, Elapsed Time:00:00:04
11:42 AM: Starting Cookie Sweep
11:42 AM: Found Spy Cookie: primaryads cookie
11:42 AM: owner@1.primaryads[1].txt (ID = 3190)
11:42 AM: Found Spy Cookie: 2o7.net cookie
11:42 AM: owner@2o7[1].txt (ID = 1957)
11:42 AM: Found Spy Cookie: 64.62.232 cookie
11:42 AM: owner@64.62.232[1].txt (ID = 1987)
11:42 AM: owner@64.62.232[2].txt (ID = 1987)
11:42 AM: Found Spy Cookie: 888 cookie
11:42 AM: owner@888[2].txt (ID = 2019)
11:42 AM: owner@888[3].txt (ID = 2019)
11:42 AM: Found Spy Cookie: websponsors cookie
11:42 AM: owner@a.websponsors[2].txt (ID = 3665)
11:42 AM: Found Spy Cookie: go.com cookie
11:42 AM: owner@abc.go[1].txt (ID = 2729)
11:42 AM: Found Spy Cookie: about cookie
11:42 AM: owner@about[1].txt (ID = 2037)
11:42 AM: owner@about[2].txt (ID = 2037)
11:42 AM: owner@adisney.go[1].txt (ID = 2729)
11:42 AM: Found Spy Cookie: adknowledge cookie
11:42 AM: owner@adknowledge[2].txt (ID = 2072)
11:42 AM: Found Spy Cookie: hbmediapro cookie
11:42 AM: owner@adopt.hbmediapro[2].txt (ID = 2768)
11:42 AM: Found Spy Cookie: precisead cookie
11:42 AM: owner@adopt.precisead[1].txt (ID = 3182)
11:42 AM: Found Spy Cookie: specificclick.com cookie
11:42 AM: owner@adopt.specificclick[2].txt (ID = 3400)
11:42 AM: Found Spy Cookie: adrevolver cookie
11:42 AM: owner@adrevolver[2].txt (ID = 2088)
11:42 AM: owner@adrevolver[3].txt (ID = 2088)
11:42 AM: owner@adrevolver[4].txt (ID = 2088)
11:42 AM: Found Spy Cookie: addynamix cookie
11:42 AM: owner@ads.addynamix[1].txt (ID = 2062)
11:42 AM: Found Spy Cookie: cc214142 cookie
11:42 AM: owner@ads.cc214142[1].txt (ID = 2367)
11:42 AM: Found Spy Cookie: pointroll cookie
11:42 AM: owner@ads.pointroll[2].txt (ID = 3148)
11:42 AM: Found Spy Cookie: advertising cookie
11:42 AM: owner@advertising[2].txt (ID = 2175)
11:42 AM: Found Spy Cookie: associated new media cookie
11:42 AM: owner@anm.co[2].txt (ID = 2223)
11:42 AM: Found Spy Cookie: apmebf cookie
11:42 AM: owner@apmebf[1].txt (ID = 2229)
11:42 AM: Found Spy Cookie: falkag cookie
11:42 AM: owner@as-us.falkag[2].txt (ID = 2650)
11:42 AM: Found Spy Cookie: ask cookie
11:42 AM: owner@ask[2].txt (ID = 2245)
11:42 AM: Found Spy Cookie: atlas dmt cookie
11:42 AM: owner@atdmt[2].txt (ID = 2253)
11:42 AM: Found Spy Cookie: belnk cookie
11:42 AM: owner@ath.belnk[1].txt (ID = 2293)
11:42 AM: Found Spy Cookie: a cookie
11:42 AM: owner@a[2].txt (ID = 2027)
11:42 AM: Found Spy Cookie: banners cookie
11:42 AM: owner@banners[2].txt (ID = 2282)
11:42 AM: Found Spy Cookie: banner cookie
11:42 AM: owner@banner[2].txt (ID = 2276)
11:42 AM: Found Spy Cookie: freestats.net cookie
11:42 AM: owner@beatbush.freestats[1].txt (ID = 2705)
11:42 AM: owner@belnk[2].txt (ID = 2292)
11:42 AM: Found Spy Cookie: burstnet cookie
11:42 AM: owner@burstnet[2].txt (ID = 2336)
11:42 AM: Found Spy Cookie: casalemedia cookie
11:42 AM: owner@casalemedia[2].txt (ID = 2354)
11:42 AM: Found Spy Cookie: cassava cookie
11:42 AM: owner@cassava[1].txt (ID = 2362)
11:42 AM: Found Spy Cookie: centrport net cookie
11:42 AM: owner@centrport[1].txt (ID = 2374)
11:42 AM: Found Spy Cookie: clickbank cookie
11:42 AM: owner@clickbank[1].txt (ID = 2398)
11:42 AM: Found Spy Cookie: howstuffworks cookie
11:42 AM: owner@computer.howstuffworks[1].txt (ID = 2806)
11:42 AM: Found Spy Cookie: com.com cookie
11:42 AM: owner@com[2].txt (ID = 2445)
11:42 AM: Found Spy Cookie: 360i cookie
11:42 AM: owner@ct.360i[1].txt (ID = 1962)
11:42 AM: Found Spy Cookie: customer cookie
11:42 AM: owner@customer[1].txt (ID = 2481)
11:42 AM: owner@dist.belnk[2].txt (ID = 2293)
11:42 AM: Found Spy Cookie: ru4 cookie
11:42 AM: owner@edge.ru4[1].txt (ID = 3269)
11:42 AM: owner@espn.go[2].txt (ID = 2729)
11:42 AM: Found Spy Cookie: exitexchange cookie
11:42 AM: owner@exitexchange[1].txt (ID = 2633)
11:42 AM: owner@experts.about[2].txt (ID = 2038)
11:42 AM: Found Spy Cookie: fastclick cookie
11:42 AM: owner@fastclick[1].txt (ID = 2651)
11:42 AM: owner@go[2].txt (ID = 2728)
11:42 AM: Found Spy Cookie: clickandtrack cookie
11:42 AM: owner@hits.clickandtrack[2].txt (ID = 2397)
11:42 AM: owner@howstuffworks[2].txt (ID = 2805)
11:42 AM: Found Spy Cookie: screensavers.com cookie
11:42 AM: owner@i.screensavers[2].txt (ID = 3298)
11:42 AM: Found Spy Cookie: kmpads cookie
11:42 AM: owner@kmpads[2].txt (ID = 2909)
11:42 AM: Found Spy Cookie: metareward.com cookie
11:42 AM: owner@metareward[2].txt (ID = 2990)
11:42 AM: owner@movies.go[2].txt (ID = 2729)
11:42 AM: owner@muppets.go[1].txt (ID = 2729)
11:42 AM: Found Spy Cookie: directtrack cookie
11:42 AM: owner@offersquest.directtrack[1].txt (ID = 2528)
11:42 AM: Found Spy Cookie: touchclarity cookie
11:42 AM: owner@partypoker.touchclarity[1].txt (ID = 3567)
11:42 AM: Found Spy Cookie: partypoker cookie
11:42 AM: owner@partypoker[1].txt (ID = 3111)
11:42 AM: Found Spy Cookie: overture cookie
11:42 AM: owner@perf.overture[1].txt (ID = 3106)
11:42 AM: Found Spy Cookie: pub cookie
11:42 AM: owner@pub[1].txt (ID = 3205)
11:42 AM: Found Spy Cookie: questionmarket cookie
11:42 AM: owner@questionmarket[2].txt (ID = 3217)
11:42 AM: Found Spy Cookie: affiliatefuel.com cookie
11:42 AM: owner@r1.affiliatefuel[2].txt (ID = 2202)
11:42 AM: Found Spy Cookie: realmedia cookie
11:42 AM: owner@realmedia[2].txt (ID = 3235)
11:42 AM: Found Spy Cookie: rednova cookie
11:42 AM: owner@rednova[1].txt (ID = 3245)
11:42 AM: Found Spy Cookie: reunion cookie
11:42 AM: owner@reunion[1].txt (ID = 3255)
11:42 AM: owner@rsi.abc.go[1].txt (ID = 2729)
11:42 AM: owner@rsi.espn.go[1].txt (ID = 2729)
11:42 AM: Found Spy Cookie: servedby advertising cookie
11:42 AM: owner@servedby.advertising[2].txt (ID = 3335)
11:42 AM: Found Spy Cookie: web-stat cookie
11:42 AM: owner@server3.web-stat[2].txt (ID = 3649)
11:42 AM: Found Spy Cookie: servlet cookie
11:42 AM: owner@servlet[1].txt (ID = 3345)
11:42 AM: owner@sports.espn.go[2].txt (ID = 2729)
11:42 AM: Found Spy Cookie: starware.com cookie
11:42 AM: owner@starware[2].txt (ID = 3441)
11:42 AM: Found Spy Cookie: reliablestats cookie
11:42 AM: owner@stats1.reliablestats[1].txt (ID = 3254)
11:42 AM: Found Spy Cookie: tickle cookie
11:42 AM: owner@tickle[2].txt (ID = 3529)
11:42 AM: Found Spy Cookie: trafficmp cookie
11:42 AM: owner@trafficmp[2].txt (ID = 3581)
11:42 AM: Found Spy Cookie: tribalfusion cookie
11:42 AM: owner@tribalfusion[1].txt (ID = 3589)
11:42 AM: Found Spy Cookie: coremetrics cookie
11:42 AM: owner@twci.coremetrics[1].txt (ID = 2472)
11:42 AM: Found Spy Cookie: videodome cookie
11:42 AM: owner@videodome[1].txt (ID = 3638)
11:42 AM: Found Spy Cookie: 123count cookie
11:42 AM: owner@www.123count[2].txt (ID = 1928)
11:42 AM: Found Spy Cookie: burstbeacon cookie
11:42 AM: owner@www.burstbeacon[2].txt (ID = 2335)
11:42 AM: owner@www.rednova[1].txt (ID = 3246)
11:42 AM: owner@www.screensavers[2].txt (ID = 3298)
11:42 AM: Found Spy Cookie: adserver cookie
11:42 AM: owner@z1.adserver[1].txt (ID = 2142)
11:42 AM: Found Spy Cookie: zedo cookie
11:42 AM: owner@zedo[2].txt (ID = 3762)
11:42 AM: Cookie Sweep Complete, Elapsed Time: 00:00:02
11:42 AM: Starting File Sweep
11:43 AM: c:\documents and settings\owner\local settings\temp\atf (ID = -2147481416)
11:43 AM: c:\program files\aprps (16 subtraces) (ID = -2147481420)
11:43 AM: Found Adware: internetoptimizer
11:43 AM: c:\program files\internet optimizer (ID = -2147480830)
11:43 AM: Found Adware: exact cashback/bargain buddy
11:43 AM: vx0.nls (ID = 50890)
11:43 AM: Found Adware: exact software
11:43 AM: exclean.exe (ID = 50589)
11:43 AM: bargains.exe (ID = 50547)
11:46 AM: wingenerics.dll (ID = 50187)
11:47 AM: wingenerics.dll (ID = 50187)
11:47 AM: Found Adware: 180search assistant/zango
11:47 AM: salmau.dat (ID = 93788)
11:47 AM: cxtpls.exe (ID = 120161)
11:47 AM: proxystub.dll (ID = 120164)
11:47 AM: cxtpls.dll (ID = 120160)
11:48 AM: File Sweep Complete, Elapsed Time: 00:05:03
11:48 AM: Full Sweep has completed. Elapsed time 00:07:25
11:48 AM: Traces Found: 134
11:48 AM: Removal process initiated
11:48 AM: Quarantining All Traces: apropos
11:48 AM: Quarantining All Traces: blazefind
11:48 AM: Quarantining All Traces: primaryads cookie
11:48 AM: Quarantining All Traces: 2o7.net cookie
11:48 AM: Quarantining All Traces: 64.62.232 cookie
11:48 AM: Quarantining All Traces: 888 cookie
11:48 AM: Quarantining All Traces: websponsors cookie
11:48 AM: Quarantining All Traces: go.com cookie
11:48 AM: Quarantining All Traces: about cookie
11:48 AM: Quarantining All Traces: adknowledge cookie
11:48 AM: Quarantining All Traces: hbmediapro cookie
11:48 AM: Quarantining All Traces: precisead cookie
11:48 AM: Quarantining All Traces: specificclick.com cookie
11:48 AM: Quarantining All Traces: adrevolver cookie
11:48 AM: Quarantining All Traces: addynamix cookie
11:48 AM: Quarantining All Traces: cc214142 cookie
11:48 AM: Quarantining All Traces: pointroll cookie
11:48 AM: Quarantining All Traces: advertising cookie
11:48 AM: Quarantining All Traces: associated new media cookie
11:48 AM: Quarantining All Traces: apmebf cookie
11:48 AM: Quarantining All Traces: falkag cookie
11:48 AM: Quarantining All Traces: ask cookie
11:48 AM: Quarantining All Traces: atlas dmt cookie
11:48 AM: Quarantining All Traces: belnk cookie
11:48 AM: Quarantining All Traces: a cookie
11:48 AM: Quarantining All Traces: banners cookie
11:48 AM: Quarantining All Traces: banner cookie
11:48 AM: Quarantining All Traces: freestats.net cookie
11:48 AM: Quarantining All Traces: burstnet cookie
11:48 AM: Quarantining All Traces: casalemedia cookie
11:48 AM: Quarantining All Traces: cassava cookie
11:48 AM: Quarantining All Traces: centrport net cookie
11:48 AM: Quarantining All Traces: clickbank cookie
11:48 AM: Quarantining All Traces: howstuffworks cookie
11:48 AM: Quarantining All Traces: com.com cookie
11:48 AM: Quarantining All Traces: 360i cookie
11:48 AM: Quarantining All Traces: customer cookie
11:48 AM: Quarantining All Traces: ru4 cookie
11:48 AM: Quarantining All Traces: exitexchange cookie
11:48 AM: Quarantining All Traces: fastclick cookie
11:48 AM: Quarantining All Traces: clickandtrack cookie
11:48 AM: Quarantining All Traces: screensavers.com cookie
11:48 AM: Quarantining All Traces: kmpads cookie
11:48 AM: Quarantining All Traces: metareward.com cookie
11:48 AM: Quarantining All Traces: directtrack cookie
11:48 AM: Quarantining All Traces: touchclarity cookie
11:48 AM: Quarantining All Traces: partypoker cookie
11:48 AM: Quarantining All Traces: overture cookie
11:48 AM: Quarantining All Traces: pub cookie
11:48 AM: Quarantining All Traces: questionmarket cookie
11:48 AM: Quarantining All Traces: affiliatefuel.com cookie
11:48 AM: Quarantining All Traces: realmedia cookie
11:48 AM: Quarantining All Traces: rednova cookie
11:48 AM: Quarantining All Traces: reunion cookie
11:48 AM: Quarantining All Traces: servedby advertising cookie
11:48 AM: Quarantining All Traces: web-stat cookie
11:48 AM: Quarantining All Traces: servlet cookie
11:48 AM: Quarantining All Traces: starware.com cookie
11:48 AM: Quarantining All Traces: reliablestats cookie
11:48 AM: Quarantining All Traces: tickle cookie
11:48 AM: Quarantining All Traces: trafficmp cookie
11:48 AM: Quarantining All Traces: tribalfusion cookie
11:48 AM: Quarantining All Traces: coremetrics cookie
11:48 AM: Quarantining All Traces: videodome cookie
11:48 AM: Quarantining All Traces: 123count cookie
11:48 AM: Quarantining All Traces: burstbeacon cookie
11:48 AM: Quarantining All Traces: adserver cookie
11:48 AM: Quarantining All Traces: zedo cookie
11:48 AM: Quarantining All Traces: internetoptimizer
11:48 AM: Quarantining All Traces: exact cashback/bargain buddy
11:48 AM: Quarantining All Traces: exact software
11:48 AM: Quarantining All Traces: 180search assistant/zango
11:48 AM: Removal process completed. Elapsed time 00:00:25
********
11:20 AM: |··· Start of Session, Thursday, September 01, 2005 ···|
11:20 AM: Spy Sweeper started
11:21 AM: Updating spyware definitions
11:39 AM: Your spyware definitions have been updated.
11:40 AM: Updating spyware definitions
11:40 AM: Your definitions are up to date.
11:40 AM: |··· End of Session, Thursday, September 01, 2005 ···|


And here is the HijackThis log:

Logfile of HijackThis v1.99.1
Scan saved at 11:53:54 AM, on 9/1/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Stardock\SDMCP.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
C:\Program Files\Fujitsu\fjdvrupd\fjdvrupd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Winamp\Winampa.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\igfxext.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Southwest Airlines\Ding\Ding.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\1XConfig.exe
C:\Program Files\Apoint2K\HidFind.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Hijackthis\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sbts.edu/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.computers.us.fujitsu.com/
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://mail.redwoodchapel.org/"); (C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\rhbz2ldh.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_02.src"); (C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\rhbz2ldh.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: (no name) - {1028F737-81E7-452B-A860-E50CAD90A08C} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [IndicatorUtility] C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
O4 - HKLM\..\Run: [LoadFujitsuQuickTouch] C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
O4 - HKLM\..\Run: [LoadBtnHnd] C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
O4 - HKLM\..\Run: [FJUPDNV_Chitose] C:\Program Files\Fujitsu\fjdvrupd\fjdvrupd.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AdwareAlert] C:\Program Files\AdwareAlert\AdwareAlert.Exe -boot
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: DING!.lnk = C:\Program Files\Southwest Airlines\Ding\Ding.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.computers.us.fujitsu.com/
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.mac...ash/swflash.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: MCPClient - C:\Program Files\Common Files\Stardock\mcpstub.dll
O20 - Winlogon Notify: Sebring - C:\WINDOWS\System32\LgNotify.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP