View Full Version : heed help- about blank smitfraud removal
jakeby
14 Jul 2006, 10:21am
I have tried removing the about blank smitfraud manually and with AdwareAway but am still getting popups and about_blank homepage.
Any help greatly appreciated. Thanks
Hijackthis log:
Logfile of HijackThis v1.99.1
Scan saved at 18:14:40, on 13/07/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\WINDOWS\zHotkey.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\inKline Global\PC Booster\pcbooster.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Russ\Desktop\hijackthis\HijackThis.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ShowWnd] ShowWnd.exe
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [EPSON Stylus CX3600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P26 "EPSON Stylus CX3600 Series" /O6 "USB001" /M "Stylus CX3600"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [SpywareBot] C:\Program Files\SpywareBot\SpywareBot.exe -boot
O4 - HKLM\..\Run: [PC Booster] C:\Program Files\inKline Global\PC Booster\pcbooster.exe
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [SpywareBot] C:\Program Files\SpywareBot\SpywareBot.exe -boot
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.msn.co.uk
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {1803B9EF-9905-4F34-AFC4-05D1BAB28801} (RegUserCfgUI Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/controls/yregucfg/2004_10_11_1/yregucfg.cab
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip.com/supergerball/miniclipGameLoader.dll
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1118391862062
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotions/spywaredetector/ICSScanner37380.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {AE9DCB17-F804-11D2-A44A-0020182C1446} (IntraLaunch.MainControl) - file://D:\SuperCD\IntraLaunch.CAB
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - c:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Crunchie
14 Jul 2006, 12:57pm
Please download SmitfraudFix (http://siri.urz.free.fr/Fix/SmitfraudFix.zip) (by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.
Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.
Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/proc...processutil.htm (http://www.beyondlogic.org/consulting/processutil/processutil.htm)
jakeby
15 Jul 2006, 6:35am
Thanks for the reply. Here's the Smitfraudfix log
SmitFraudFix v2.70
Scan done at 18:07:50.18, 14/07/2006
Run from C:\Documents and Settings\Russ\Desktop\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix ran in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Russ\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Start Menu
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Russ\FAVORI~1
»»»»»»»»»»»»»»»»»»»»»»»» Desktop
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys
»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection
»»»»»»»»»»»»»»»»»»»»»»»» End
Crunchie
15 Jul 2006, 6:46am
That revealed nothing :(. Try this please;
Please download and install ewido anti-spyware tool (http://www.ewido.net/en/product/) Close all other Applications Select language click Ok Click I Agree Click next Click Install Click Finish Wait and Ewido will open to the main screen automatically. Wait again a few minutes and Ewido Should Auto update itself. If it doesn't click update at top of screen. This in very important to get updates When updating has finished. Close Ewido.If you have an "always on" connection to the internet, physically disconnect that connection until you are finished with Safe Mode and have rebooted back into normal mode. Next, please reboot your computer in Safe Mode by doing the following: Restart your computer After hearing your computer beep once during startup, but before the Windows icon appears, press F8. Instead of Windows loading as normal, a menu should appear use arrow up to highlight Select the first option, to run Windows in Safe Mode hit enter. For additional help in booting into Safe Mode, see the following site: HERE (http://www.pchell.com/support/safemode.shtml)
You MUST manage to get into Safe Mode for the fix to work.Make sure to close all open windows/programs/folders. Have nothing else open while ewido performs its scan! Open Ewido Click on scanner top of Ewido sceen Click on Settings Under How to Act click on Recommended Action choose Quarantine Under How to scan all boxes should be selected Under Possibly unwanted software all boxes should be selected On right side under Reports: click on Automatically generate report after every scan. Under What to scan select scan every file Click On scan Tab Click on Complete system scan Let the program scan the machine It can take awhile give it time. When scan has finished At bottom of screen click Apply all Actions Click Save report Click Save Report as (Save as window's screen should pop up.) Click desktop Click Save Exit ewidoReboot back to normal mode
Post the Ewido log please.
jakeby
17 Jul 2006, 10:56am
Thanks for the heads up on Ewido; log below.
It identified Trojan.IFrame and Downloader.Small, which none of my other anti-spyware programs had found. The popups have stopped although aboutblank keeps resetting itself as home page.
---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------
+ Created at: 21:32:40 16/07/2006
+ Scan result:
C:\Program Files\minicliptoolbar\minicliptoolbar.dll -> Adware.BHO : Cleaned with backup (quarantined).
C:\Documents and Settings\Lilie\Application Data\Microsoft\Internet Explorer\Quick Launch\Block Checker.lnk -> Adware.BlockChecker : Cleaned with backup (quarantined).
C:\Downloads\AgeOfCastles_Setup-dm[1].exe -> Adware.Trymedia : Cleaned with backup (quarantined).
C:\Downloads\AgeOfCastles_Setup-dm[2].exe -> Adware.Trymedia : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\miniclipGameLoader.dll -> Downloader.Small : Cleaned with backup (quarantined).
:mozilla.12:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\ugtmkvmv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.13:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\ugtmkvmv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Lilie\Cookies\lilie@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\New User\Cookies\new user@112.2o7[2].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\New User\Cookies\new user@cartoonnetwork.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\New User\Cookies\new user@stats.adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).
:mozilla.66:C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\78xg7yiv.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.67:C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\78xg7yiv.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.68:C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\78xg7yiv.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.69:C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\78xg7yiv.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.70:C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\78xg7yiv.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
C:\Documents and Settings\Laura\Cookies\Laura@adrevolver[2].txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.26:C:\Documents and Settings\New User\Application Data\Mozilla\Firefox\Profiles\mc07kqt6.default\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup (quarantined).
:mozilla.27:C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\78xg7yiv.default\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup (quarantined).
:mozilla.27:C:\Documents and Settings\New User\Application Data\Mozilla\Firefox\Profiles\mc07kqt6.default\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup (quarantined).
:mozilla.28:C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\78xg7yiv.default\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup (quarantined).
:mozilla.30:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\i81wpt66.default\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup (quarantined).
:mozilla.31:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\i81wpt66.default\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup (quarantined).
:mozilla.39:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\25miv6gk.default\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup (quarantined).
:mozilla.40:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\25miv6gk.default\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup (quarantined).
C:\Documents and Settings\Lilie\Cookies\lilie@adtech[2].txt -> TrackingCookie.Adtech : Cleaned with backup (quarantined).
:mozilla.14:C:\Documents and Settings\New User\Application Data\Mozilla\Firefox\Profiles\mc07kqt6.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.15:C:\Documents and Settings\New User\Application Data\Mozilla\Firefox\Profiles\mc07kqt6.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.16:C:\Documents and Settings\New User\Application Data\Mozilla\Firefox\Profiles\mc07kqt6.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.18:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\ugtmkvmv.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.19:C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\78xg7yiv.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.20:C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\78xg7yiv.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.20:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\ugtmkvmv.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.20:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\25miv6gk.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.21:C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\78xg7yiv.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.21:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\ugtmkvmv.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.21:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\25miv6gk.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.22:C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\78xg7yiv.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.22:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\25miv6gk.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.9:C:\Documents and Settings\New User\Application Data\Mozilla\Firefox\Profiles\mc07kqt6.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
C:\Documents and Settings\Lilie\Cookies\lilie@advertising[2].txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.67:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\25miv6gk.default\cookies.txt -> TrackingCookie.Adviva : Cleaned with backup (quarantined).
:mozilla.79:C:\Documents and Settings\New User\Application Data\Mozilla\Firefox\Profiles\mc07kqt6.default\cookies.txt -> TrackingCookie.Adviva : Cleaned with backup (quarantined).
:mozilla.16:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\ugtmkvmv.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
:mozilla.62:C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\78xg7yiv.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
:mozilla.64:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\25miv6gk.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
:mozilla.7:C:\Documents and Settings\New User\Application Data\Mozilla\Firefox\Profiles\mc07kqt6.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
C:\Documents and Settings\Laura\Cookies\Laura@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
C:\Documents and Settings\Lilie\Cookies\lilie@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
:mozilla.66:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\25miv6gk.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned with backup (quarantined).
:mozilla.71:C:\Documents and Settings\New User\Application Data\Mozilla\Firefox\Profiles\mc07kqt6.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
:mozilla.72:C:\Documents and Settings\New User\Application Data\Mozilla\Firefox\Profiles\mc07kqt6.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
:mozilla.73:C:\Documents and Settings\New User\Application Data\Mozilla\Firefox\Profiles\mc07kqt6.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
C:\Documents and Settings\New User\Cookies\new user@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
:mozilla.18:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\25miv6gk.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.19:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\25miv6gk.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.23:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\25miv6gk.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.31:C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\78xg7yiv.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.32:C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\78xg7yiv.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.33:C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\78xg7yiv.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.34:C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\78xg7yiv.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.35:C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\78xg7yiv.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.35:C:\Documents and Settings\New User\Application Data\Mozilla\Firefox\Profiles\mc07kqt6.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.36:C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\78xg7yiv.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.36:C:\Documents and Settings\New User\Application Data\Mozilla\Firefox\Profiles\mc07kqt6.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.37:C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\78xg7yiv.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.37:C:\Documents and Settings\New User\Application Data\Mozilla\Firefox\Profiles\mc07kqt6.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.38:C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\78xg7yiv.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.39:C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\78xg7yiv.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
C:\Documents and Settings\Lilie\Cookies\lilie@casalemedia[2].txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.19:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\i81wpt66.default\cookies.txt -> TrackingCookie.Clickbank : Cleaned with backup (quarantined).
C:\Documents and Settings\New User\Cookies\new user@cz4.clickzs[1].txt -> TrackingCookie.Clickzs : Cleaned with backup (quarantined).
C:\Documents and Settings\New User\Cookies\new user@cz7.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned with backup (quarantined).
C:\Documents and Settings\New User\Cookies\new user@com[2].txt -> TrackingCookie.Com : Cleaned with backup (quarantined).
:mozilla.15:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\ugtmkvmv.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
:mozilla.18:C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\78xg7yiv.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
:mozilla.22:C:\Documents and Settings\New User\Application Data\Mozilla\Firefox\Profiles\mc07kqt6.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
:mozilla.50:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\25miv6gk.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
C:\Documents and Settings\Laura\Cookies\Laura@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
C:\Documents and Settings\Lilie\Cookies\lilie@doubleclick[2].txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
:mozilla.101:C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\78xg7yiv.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\Lilie\Cookies\lilie@e-2dj6wfkocjcjcaq.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\Lilie\Cookies\lilie@e-2dj6wfkyqiajkgq.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\Lilie\Local Settings\Temp\Cookies\lilie@e-2dj6wjkoqndjieo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\Lilie\Local Settings\Temp\Cookies\lilie@e-2dj6wjlykpd5obp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\Lilie\Local Settings\Temp\Cookies\lilie@e-2dj6wjmygpczmgo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\Lilie\Local Settings\Temp\Cookies\lilie@e-2dj6wjmyogdjwgo.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\New User\Cookies\new user@e-2dj6wfkigpdzebo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\New User\Cookies\new user@e-2dj6wfkoujdpeho.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\New User\Cookies\new user@e-2dj6wflicodzeho.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\New User\Cookies\new user@e-2dj6wgmygicjmfo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\New User\Cookies\new user@e-2dj6wjkownazecp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\New User\Cookies\new user@e-2dj6wjkyokdzelp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\New User\Cookies\new user@e-2dj6wjl4kgczsap.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\New User\Cookies\new user@e-2dj6wjl4kidjgko.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\New User\Cookies\new user@e-2dj6wjl4wlc5kkq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\New User\Cookies\new user@e-2dj6wjnyohc5kbp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.17:C:\Documents and Settings\New User\Application Data\Mozilla\Firefox\Profiles\mc07kqt6.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup (quarantined).
:mozilla.18:C:\Documents and Settings\New User\Application Data\Mozilla\Firefox\Profiles\mc07kqt6.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup (quarantined).
:mozilla.19:C:\Documents and Settings\New User\Application Data\Mozilla\Firefox\Profiles\mc07kqt6.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup (quarantined).
:mozilla.20:C:\Documents and Settings\New User\Application Data\Mozilla\Firefox\Profiles\mc07kqt6.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup (quarantined).
:mozilla.21:C:\Documents and Settings\New User\Application Data\Mozilla\Firefox\Profiles\mc07kqt6.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup (quarantined).
C:\Documents and Settings\Lilie\Cookies\lilie@adopt.euroclick[1].txt -> TrackingCookie.Euroclick : Cleaned with backup (quarantined).
C:\Documents and Settings\Lilie\Local Settings\Temp\Cookies\lilie@adopt.euroclick[1].txt -> TrackingCookie.Euroclick : Cleaned with backup (quarantined).
C:\Documents and Settings\New User\Cookies\new user@adopt.euroclick[1].txt -> TrackingCookie.Euroclick : Cleaned with backup (quarantined).
:mozilla.130:C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\78xg7yiv.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.131:C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\78xg7yiv.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.132:C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\78xg7yiv.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.94:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\25miv6gk.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.95:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\25miv6gk.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.96:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\25miv6gk.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.97:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\25miv6gk.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.38:C:\Documents and Settings\New User\Application Data\Mozilla\Firefox\Profiles\mc07kqt6.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
:mozilla.39:C:\Documents and Settings\New User\Application Data\Mozilla\Firefox\Profiles\mc07kqt6.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
:mozilla.40:C:\Documents and Settings\New User\Application Data\Mozilla\Firefox\Profiles\mc07kqt6.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
:mozilla.41:C:\Documents and Settings\New User\Application Data\Mozilla\Firefox\Profiles\mc07kqt6.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
:mozilla.42:C:\Documents and Settings\New User\Application Data\Mozilla\Firefox\Profiles\mc07kqt6.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
:mozilla.43:C:\Documents and Settings\New User\Application Data\Mozilla\Firefox\Profiles\mc07kqt6.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
:mozilla.71:C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\78xg7yiv.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
:mozilla.72:C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\78xg7yiv.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
:mozilla.73:C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\78xg7yiv.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
:mozilla.74:C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\78xg7yiv.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
C:\Documents and Settings\Lilie\Cookies\lilie@fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
:mozilla.18:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\i81wpt66.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup (quarantined).
:mozilla.20:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\i81wpt66.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup (quarantined).
:mozilla.28:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\i81wpt66.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup (quarantined).
:mozilla.32:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\i81wpt66.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup (quarantined).
:mozilla.38:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\ugtmkvmv.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup (quarantined).
:mozilla.42:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\ugtmkvmv.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup (quarantined).
:mozilla.32:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\25miv6gk.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.33:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\25miv6gk.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.38:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\25miv6gk.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\Documents and Settings\New User\Cookies\new user@ehg-dig.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\Documents and Settings\New User\Cookies\new user@ehg-nestleusainc.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.100:C:\Documents and Settings\New User\Application Data\Mozilla\Firefox\Profiles\mc07kqt6.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned with backup (quarantined).
:mozilla.52:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\25miv6gk.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned with backup (quarantined).
:mozilla.53:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\25miv6gk.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned with backup (quarantined).
:mozilla.54:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\25miv6gk.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned with backup (quarantined).
:mozilla.55:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\25miv6gk.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned with backup (quarantined).
:mozilla.97:C:\Documents and Settings\New User\Application Data\Mozilla\Firefox\Profiles\mc07kqt6.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned with backup (quarantined).
:mozilla.98:C:\Documents and Settings\New User\Application Data\Mozilla\Firefox\Profiles\mc07kqt6.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned with backup (quarantined).
:mozilla.99:C:\Documents and Settings\New User\Application Data\Mozilla\Firefox\Profiles\mc07kqt6.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned with backup (quarantined).
C:\Documents and Settings\New User\Cookies\new user@ivwbox[2].txt -> TrackingCookie.Ivwbox : Cleaned with backup (quarantined).
C:\Documents and Settings\New User\Cookies\new user@image.masterstats[1].txt -> TrackingCookie.Masterstats : Cleaned with backup (quarantined).
:mozilla.28:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\ugtmkvmv.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup (quarantined).
:mozilla.46:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\25miv6gk.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup (quarantined).
:mozilla.51:C:\Documents and Settings\New User\Application Data\Mozilla\Firefox\Profiles\mc07kqt6.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup (quarantined).
:mozilla.90:C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\78xg7yiv.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup (quarantined).
C:\Documents and Settings\New User\Cookies\new user@data2.perf.overture[2].txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
C:\Documents and Settings\New User\Cookies\new user@data4.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
C:\Documents and Settings\New User\Cookies\new user@paypopup[2].txt -> TrackingCookie.Paypopup : Cleaned with backup (quarantined).
:mozilla.120:C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\78xg7yiv.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
:mozilla.121:C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\78xg7yiv.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
:mozilla.122:C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\78xg7yiv.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
:mozilla.68:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\25miv6gk.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
:mozilla.69:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\25miv6gk.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
:mozilla.87:C:\Documents and Settings\New User\Application Data\Mozilla\Firefox\Profiles\mc07kqt6.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
:mozilla.88:C:\Documents and Settings\New User\Application Data\Mozilla\Firefox\Profiles\mc07kqt6.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
:mozilla.89:C:\Documents and Settings\New User\Application Data\Mozilla\Firefox\Profiles\mc07kqt6.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
C:\Documents and Settings\Laura\Cookies\Laura@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
C:\Documents and Settings\New User\Cookies\new user@ads.realcastmedia[1].txt -> TrackingCookie.Realcastmedia : Cleaned with backup (quarantined).
C:\Documents and Settings\New User\Cookies\new user@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
:mozilla.108:C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\78xg7yiv.default\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup (quarantined).
:mozilla.109:C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\78xg7yiv.default\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup (quarantined).
:mozilla.110:C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\78xg7yiv.default\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup (quarantined).
:mozilla.111:C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\78xg7yiv.default\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup (quarantined).
:mozilla.112:C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\78xg7yiv.default\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup (quarantined).
:mozilla.113:C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\78xg7yiv.default\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup (quarantined).
:mozilla.114:C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\78xg7yiv.default\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup (quarantined).
:mozilla.115:C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\78xg7yiv.default\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup (quarantined).
:mozilla.116:C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\78xg7yiv.default\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup (quarantined).
:mozilla.117:C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\78xg7yiv.default\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup (quarantined).
:mozilla.43:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\ugtmkvmv.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup (quarantined).
:mozilla.44:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\ugtmkvmv.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup (quarantined).
:mozilla.71:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\25miv6gk.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.72:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\25miv6gk.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.73:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\25miv6gk.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.74:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\25miv6gk.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.75:C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\78xg7yiv.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.76:C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\78xg7yiv.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.77:C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\78xg7yiv.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.78:C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\78xg7yiv.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.134:C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\78xg7yiv.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup (quarantined).
:mozilla.135:C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\78xg7yiv.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup (quarantined).
:mozilla.56:C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\78xg7yiv.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.96:C:\Documents and Settings\New User\Application Data\Mozilla\Firefox\Profiles\mc07kqt6.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.101:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\25miv6gk.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
:mozilla.102:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\25miv6gk.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
:mozilla.103:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\25miv6gk.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
:mozilla.68:C:\Documents and Settings\New User\Application Data\Mozilla\Firefox\Profiles\mc07kqt6.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
:mozilla.69:C:\Documents and Settings\New User\Application Data\Mozilla\Firefox\Profiles\mc07kqt6.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
:mozilla.70:C:\Documents and Settings\New User\Application Data\Mozilla\Firefox\Profiles\mc07kqt6.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
C:\Documents and Settings\New User\Cookies\new user@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
C:\Documents and Settings\New User\Cookies\new user@login.tracking101[2].txt -> TrackingCookie.Tracking101 : Cleaned with backup (quarantined).
:mozilla.103:C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\78xg7yiv.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup (quarantined).
C:\Documents and Settings\Lilie\Cookies\lilie@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : Cleaned with backup (quarantined).
:mozilla.123:C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\78xg7yiv.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.124:C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\78xg7yiv.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.125:C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\78xg7yiv.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.126:C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\78xg7yiv.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.127:C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\78xg7yiv.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.128:C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\78xg7yiv.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.129:C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\78xg7yiv.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.13:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\25miv6gk.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
:mozilla.44:C:\Documents and Settings\New User\Application Data\Mozilla\Firefox\Profiles\mc07kqt6.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
:mozilla.61:C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\78xg7yiv.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
:mozilla.87:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\25miv6gk.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
C:\Documents and Settings\Lilie\Cookies\lilie@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
:mozilla.23:C:\Documents and Settings\New User\Application Data\Mozilla\Firefox\Profiles\mc07kqt6.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup (quarantined).
:mozilla.63:C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\78xg7yiv.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup (quarantined).
:mozilla.64:C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\78xg7yiv.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup (quarantined).
C:\Documents and Settings\Lilie\Cookies\lilie@valueclick[1].txt -> TrackingCookie.Valueclick : Cleaned with backup (quarantined).
C:\Documents and Settings\New User\Cookies\new user@yadro[1].txt -> TrackingCookie.Yadro : Cleaned with backup (quarantined).
:mozilla.24:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\25miv6gk.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.25:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\25miv6gk.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.26:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\25miv6gk.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.27:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\25miv6gk.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.29:C:\Documents and Settings\New User\Application Data\Mozilla\Firefox\Profiles\mc07kqt6.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.30:C:\Documents and Settings\New User\Application Data\Mozilla\Firefox\Profiles\mc07kqt6.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.41:C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\78xg7yiv.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.42:C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\78xg7yiv.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.43:C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\78xg7yiv.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.44:C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\78xg7yiv.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.45:C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\78xg7yiv.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.46:C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\78xg7yiv.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.47:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\ugtmkvmv.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.48:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\ugtmkvmv.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.49:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\ugtmkvmv.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.50:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\ugtmkvmv.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.51:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\ugtmkvmv.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.56:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\ugtmkvmv.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\Documents and Settings\Lilie\Cookies\lilie@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\Documents and Settings\New User\Cookies\new user@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.91:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\25miv6gk.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
:mozilla.92:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\25miv6gk.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
:mozilla.93:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\25miv6gk.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
C:\Documents and Settings\Laura\My Documents\Lauras Work\Ryanair_com - The Low Fares Airline_files\Ryanair_com - The Low Fares Airline.htm -> Trojan.IFrame : Cleaned with backup (quarantined).
::Report end
Crunchie
17 Jul 2006, 11:05am
Download the Hoster. (http://www.funkytoad.com/download/hoster.zip)
Run it and press "Restore Original Hosts" and press "OK". Exit Program.
Note that if you have a custom host file, this will remove it. You can edit the host file with this program too.
==
Please post another hijackthis log when done.
jakeby
18 Jul 2006, 7:20am
Thanks for the help. Here's the new hijackthis log
Logfile of HijackThis v1.99.1
Scan saved at 18:42:18, on 17/07/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\WINDOWS\zHotkey.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\inKline Global\PC Booster\pcbooster.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Russ\Desktop\hijackthis\HijackThis.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ShowWnd] ShowWnd.exe
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [EPSON Stylus CX3600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P26 "EPSON Stylus CX3600 Series" /O6 "USB001" /M "Stylus CX3600"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [SpywareBot] C:\Program Files\SpywareBot\SpywareBot.exe -boot
O4 - HKLM\..\Run: [PC Booster] C:\Program Files\inKline Global\PC Booster\pcbooster.exe
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [SpywareBot] C:\Program Files\SpywareBot\SpywareBot.exe -boot
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.msn.co.uk
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {1803B9EF-9905-4F34-AFC4-05D1BAB28801} (RegUserCfgUI Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/controls/yregucfg/2004_10_11_1/yregucfg.cab
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip.com/supergerball/miniclipGameLoader.dll
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1118391862062
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotions/spywaredetector/ICSScanner37380.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {AE9DCB17-F804-11D2-A44A-0020182C1446} (IntraLaunch.MainControl) - file://D:\SuperCD\IntraLaunch.CAB
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - c:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Crunchie
18 Jul 2006, 10:18am
Log looks ok. How is your home page now? Can you set the homepage you want then click apply and have it stick?
jakeby
18 Jul 2006, 1:02pm
My home page is fine now. but there is still aboutblank on two other user accounts. I just realised I only ran SmitFraudFix on my user account, the other users must be infected and when they log on, reinfect the other users. I will run the smithfraud fix on all accounts.
Thanks for all your help
Crunchie
18 Jul 2006, 1:51pm
No worries. Smitfraud fix did not reveal that you were infected, so I would not run option #2 or you could lose your desktop! Run Ewido instead on each account.
vBulletin® v3.8.1, Copyright ©2000-2009, Jelsoft Enterprises Ltd.