[Solved] Lots of Trojans Please Help!
so I'm pretty sure that something I downloaded from LimeWire is responsible for this. I've tried to take care of it myself, and can't get it to go away. Any help you guys could give me would be awesome. I've run Spybot and Adaware many times. These trojans and all this spywear just keep coming back. Here's my HijackThis Logfile:
Logfile of HijackThis v1.99.1
Scan saved at 7:47:55 PM, on 3/4/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Common Files\Stardock\SDMCP.exe
C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Stardock\OBJECT~1\DesktopX\desktopx.exe
C:\Program Files\Common Files\stardock\TrayServer.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\msvcmm32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\outlook\outlook.exe
C:\WINDOWS\system32\winlog.exe
C:\mousepad.exe
C:\Program Files\Strokeit\strokeit.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\MOVIEL~1\MOVIEL~1\MOVIEL~1.EXE
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Jason\Desktop\HijackThis.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {6001CDF7-6F45-471b-A203-0225615E35A7} - C:\WINDOWS\DH.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [1A:Stardock TrayMonitor] "C:\Program Files\Common Files\stardock\TrayServer.exe"
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [LoadMSvcmm] C:\WINDOWS\system32\msvcmm32.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P30 "EPSON Stylus Photo R300 Series" /O6 "USB002" /M "Stylus Photo R300"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [outlook] C:\Program Files\outlook\outlook.exe /auto
O4 - HKLM\..\Run: [winlog] winlog.exe
O4 - HKLM\..\Run: [keyboard] C:\\keyboard.exe
O4 - HKLM\..\Run: [mousepad] C:\\mousepad.exe
O4 - HKLM\..\Run: [gimmysmileys] C:\\gimmysmileys.exe
O4 - HKLM\..\RunServices: [winlog] winlog.exe
O4 - HKCU\..\Run: [StrokeIt] C:\Program Files\Strokeit\strokeit.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [CU1] C:\Program Files\Common Files\VCClient\VCClient.exe
O4 - HKCU\..\Run: [CU2] C:\Program Files\Common Files\VCClient\VCMain.exe
O4 - HKCU\..\Run: [iuir] c:\stub_113_4_0_4_0.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Startup: Zeno.lnk = C:\WINDOWS\system32\rwinmrag.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1121103359740
O20 - Winlogon Notify: MCPClient - C:\Program Files\Common Files\Stardock\mcpstub.dll
O20 - Winlogon Notify: WB - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: WMP54Gv4SVC - Unknown owner - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe" "WMP54Gv4.exe (file missing)
Thanks so much!
Logfile of HijackThis v1.99.1
Scan saved at 7:47:55 PM, on 3/4/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Common Files\Stardock\SDMCP.exe
C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Stardock\OBJECT~1\DesktopX\desktopx.exe
C:\Program Files\Common Files\stardock\TrayServer.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\msvcmm32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\outlook\outlook.exe
C:\WINDOWS\system32\winlog.exe
C:\mousepad.exe
C:\Program Files\Strokeit\strokeit.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\MOVIEL~1\MOVIEL~1\MOVIEL~1.EXE
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Jason\Desktop\HijackThis.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {6001CDF7-6F45-471b-A203-0225615E35A7} - C:\WINDOWS\DH.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [1A:Stardock TrayMonitor] "C:\Program Files\Common Files\stardock\TrayServer.exe"
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [LoadMSvcmm] C:\WINDOWS\system32\msvcmm32.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P30 "EPSON Stylus Photo R300 Series" /O6 "USB002" /M "Stylus Photo R300"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [outlook] C:\Program Files\outlook\outlook.exe /auto
O4 - HKLM\..\Run: [winlog] winlog.exe
O4 - HKLM\..\Run: [keyboard] C:\\keyboard.exe
O4 - HKLM\..\Run: [mousepad] C:\\mousepad.exe
O4 - HKLM\..\Run: [gimmysmileys] C:\\gimmysmileys.exe
O4 - HKLM\..\RunServices: [winlog] winlog.exe
O4 - HKCU\..\Run: [StrokeIt] C:\Program Files\Strokeit\strokeit.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [CU1] C:\Program Files\Common Files\VCClient\VCClient.exe
O4 - HKCU\..\Run: [CU2] C:\Program Files\Common Files\VCClient\VCMain.exe
O4 - HKCU\..\Run: [iuir] c:\stub_113_4_0_4_0.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Startup: Zeno.lnk = C:\WINDOWS\system32\rwinmrag.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1121103359740
O20 - Winlogon Notify: MCPClient - C:\Program Files\Common Files\Stardock\mcpstub.dll
O20 - Winlogon Notify: WB - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: WMP54Gv4SVC - Unknown owner - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe" "WMP54Gv4.exe (file missing)
Thanks so much!
0
This discussion has been closed.
Comments
I see HijackThis is on your desktop. Could you put it into its own folder so that backups have a place to sit.
After doing that, continue below with the instructions. You may want to print them out.
==
Go into Add/Remove programs and uninstall the following, if found:
CU1
CU2
VCClient
==========
Run HiJackThis then:
1. Click "Open the Misc Tools Section"
2. Click "Open Process manager"
-
Next, while holding down the CTRL key, locate (if present) and click on (highlight) each of the following:
C:\mousepad.exe
C:\keyboard.exe
C:\gimmysmileys.exe
C:\Program Files\Common Files\VCClient\VCClient.exe
C:\Program Files\Common Files\VCClient\VCMain.exe
Now double-check and make sure that only those item(s) above are highlighted, then click "Kill process". Now, click "Refresh", check again, and repeat this step if any remain
=========
Open HijackThis
- Click the Do a system scan only button
- Check the following entries (below)
O2 - BHO: (no name) - {6001CDF7-6F45-471b-A203-0225615E35A7} - C:\WINDOWS\DH.dll (file missing)
O4 - HKLM\..\Run: [keyboard] C:\\keyboard.exe
O4 - HKLM\..\Run: [mousepad] C:\\mousepad.exe
O4 - HKLM\..\Run: [gimmysmileys] C:\\gimmysmileys.exe
O4 - HKCU\..\Run: [CU1] C:\Program Files\Common Files\VCClient\VCClient.exe
O4 - HKCU\..\Run: [CU2] C:\Program Files\Common Files\VCClient\VCMain.exe
O4 - HKCU\..\Run: [iuir] c:\stub_113_4_0_4_0.exe
- Close ALL open windows
Click Fix Checked
View hidden files and folders – explained here
Find and Delete the following, if found:
C:\keyboard.exe << this file
C:\mousepad.exe << this file
C:\gimmysmileys.exe << this file
c:\stub_113_4_0_4_0.exe << this file
C:\Program Files\Common Files\VCClient << this folder
==========
Reboot and post a new HJT log
Can you go here and in the box provided, paste the following one at a time. Then press SUBMIT
C:\WINDOWS\system32\winlog.exe
C:\WINDOWS\system32\rwinmrag.exe
The files will be scanned by various Anti-Virus scanners. The results are listed under Scanner Results. Please post them here.
Logfile of HijackThis v1.99.1
Scan saved at 2:30:37 PM, on 3/6/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Common Files\Stardock\SDMCP.exe
C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Stardock\OBJECT~1\DesktopX\desktopx.exe
C:\Program Files\Common Files\stardock\TrayServer.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\msvcmm32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Strokeit\strokeit.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\PROGRA~1\MOVIEL~1\MOVIEL~1\MOVIEL~1.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\HijackThis\HijackThis.exe
Logfile of HijackThis v1.99.1
Scan saved at 10:44:34 PM, on 3/6/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Common Files\Stardock\SDMCP.exe
C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Stardock\OBJECT~1\DesktopX\desktopx.exe
C:\Program Files\Common Files\stardock\TrayServer.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\msvcmm32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Strokeit\strokeit.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\PROGRA~1\MOVIEL~1\MOVIEL~1\MOVIEL~1.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\HijackThis\HijackThis.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [1A:Stardock TrayMonitor] "C:\Program Files\Common Files\stardock\TrayServer.exe"
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [LoadMSvcmm] C:\WINDOWS\system32\msvcmm32.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P30 "EPSON Stylus Photo R300 Series" /O6 "USB002" /M "Stylus Photo R300"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [outlook] C:\Program Files\outlook\outlook.exe /auto
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [BrowserUpdateSched] C:\WINDOWS\system32\rwinmrag.exe CORN001
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [StrokeIt] C:\Program Files\Strokeit\strokeit.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Startup: Zeno.lnk = C:\WINDOWS\system32\rwinmrag.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1121103359740
O20 - Winlogon Notify: MCPClient - C:\Program Files\Common Files\Stardock\mcpstub.dll
O20 - Winlogon Notify: WB - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: WMP54Gv4SVC - Unknown owner - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe" "WMP54Gv4.exe (file missing)
Please post the results for each file here.
The file you uploaded is 0 bytes. It is very likely a firewall or a piece of malware is prohibiting you from uploading this file
(I turned the firewall off just in case, and got the same response.)
C:\WINDOWS\system32\rwinmrag.exe
AntiVir
Found Trojan/Dldr.Agent.DZ.2
ArcaVir
Found Adware.Zenosearch
Avast
Found nothing
AVG Antivirus
Found nothing
BitDefender
Found nothing
ClamAV
Found nothing
Dr.Web
Found nothing
F-Prot Antivirus
Found nothing
Fortinet
Found nothing
Kaspersky Anti-Virus
Found nothing
NOD32
Found nothing
Norman Virus Control
Found nothing
UNA
Found nothing
VirusBuster
Found nothing
VBA32
Found nothing
http://www.ewido.net/en/download/
When installing the program, under "Additonal Options" uncheck..
- Install background guard
- Install scan via context menu
Once installed, update the definitions to the newest files. Do NOT run a scan yet.Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.
For additional help in booting into Safe Mode, see the following site:
http://www.pchell.com/support/safemode.shtml
Once in Safe Mode, please run Ewido
(Do not use the computer while Ewido is scanning)
- Click on scanner
- Click Complete System Scan and the scan will begin.
- NOTE: During some scans with ewido it is finding cases of false positives.
- You will need to step through the process of cleaning files one-by-one.
- If ewido detects a file you KNOW to be legitimate, select none as the action.
- DO NOT select "Perform action on all infections"
- If you are unsure of any entry found select none for now.
- When the scan is finished, click the Save report button at the bottom of the screen.
- Save the report to your desktop
Close EwidoRestart your computer in normal mode and please post a new HijackThis log, as well as the log from the Ewido scan.
Logfile of HijackThis v1.99.1
Scan saved at 4:48:54 AM, on 3/9/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Common Files\Stardock\SDMCP.exe
C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Stardock\OBJECT~1\DesktopX\desktopx.exe
C:\Program Files\Common Files\stardock\TrayServer.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\msvcmm32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Strokeit\strokeit.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\PROGRA~1\MOVIEL~1\MOVIEL~1\MOVIEL~1.EXE
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HijackThis\HijackThis.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [1A:Stardock TrayMonitor] "C:\Program Files\Common Files\stardock\TrayServer.exe"
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [LoadMSvcmm] C:\WINDOWS\system32\msvcmm32.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P30 "EPSON Stylus Photo R300 Series" /O6 "USB002" /M "Stylus Photo R300"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [outlook] C:\Program Files\outlook\outlook.exe /auto
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [BrowserUpdateSched] C:\WINDOWS\system32\rwinmrag.exe CORN001
O4 - HKCU\..\Run: [StrokeIt] C:\Program Files\Strokeit\strokeit.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Startup: Zeno.lnk = C:\WINDOWS\system32\rwinmrag.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1121103359740
O20 - Winlogon Notify: MCPClient - C:\Program Files\Common Files\Stardock\mcpstub.dll
O20 - Winlogon Notify: WB - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: WMP54Gv4SVC - Unknown owner - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe" "WMP54Gv4.exe (file missing)
I don't exactly know how to decifer these, but pretty much everything looks like it should be there. Thanks again so much for your help Trogan!
Scan result:
C:\Program Files\outlook\outlook.exe -> Worm.VB.dw : Ignored
C:\Program Files\outlook\p.zip/Setup.exe -> Worm.VB.dw : Ignored
HKU\S-1-5-21-1482476501-1563985344-1060284298-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6001CDF7-6F45-471B-A203-0225615E35A7} -> Adware.Generic : Cleaned with backup
:mozilla.6:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\9uqsbxzq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.8:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\9uqsbxzq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.9:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\9uqsbxzq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.10:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\9uqsbxzq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.11:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\9uqsbxzq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.12:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\9uqsbxzq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.13:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\9uqsbxzq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.14:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\9uqsbxzq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.15:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\9uqsbxzq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.16:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\9uqsbxzq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.17:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\9uqsbxzq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.18:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\9uqsbxzq.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.19:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\9uqsbxzq.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.20:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\9uqsbxzq.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.21:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\9uqsbxzq.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.22:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\9uqsbxzq.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.23:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\9uqsbxzq.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.24:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\9uqsbxzq.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.25:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\9uqsbxzq.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.26:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\9uqsbxzq.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.27:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\9uqsbxzq.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.28:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\9uqsbxzq.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.29:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\9uqsbxzq.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.30:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\9uqsbxzq.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.31:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\9uqsbxzq.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.32:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\9uqsbxzq.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.33:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\9uqsbxzq.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.34:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\9uqsbxzq.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.47:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\9uqsbxzq.default\cookies.txt -> TrackingCookie.Targetnet : Cleaned with backup
:mozilla.48:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\9uqsbxzq.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.49:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\9uqsbxzq.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.50:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\9uqsbxzq.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.51:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\9uqsbxzq.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.52:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\9uqsbxzq.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.53:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\9uqsbxzq.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.54:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\9uqsbxzq.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.55:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\9uqsbxzq.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.57:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\9uqsbxzq.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.93:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\9uqsbxzq.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.105:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\9uqsbxzq.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned with backup
:mozilla.106:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\9uqsbxzq.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned with backup
:mozilla.107:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\9uqsbxzq.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned with backup
:mozilla.108:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\9uqsbxzq.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned with backup
:mozilla.110:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\9uqsbxzq.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.111:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\9uqsbxzq.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.112:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\9uqsbxzq.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.114:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\9uqsbxzq.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.115:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\9uqsbxzq.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.119:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\9uqsbxzq.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.120:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\9uqsbxzq.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.121:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\9uqsbxzq.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.122:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\9uqsbxzq.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.123:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\9uqsbxzq.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.124:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\9uqsbxzq.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.125:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\9uqsbxzq.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.126:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\9uqsbxzq.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.127:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\9uqsbxzq.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.146:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\9uqsbxzq.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.151:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\9uqsbxzq.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup
:mozilla.152:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\9uqsbxzq.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup
:mozilla.153:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\9uqsbxzq.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup
:mozilla.155:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\9uqsbxzq.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.156:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\9uqsbxzq.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.157:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\9uqsbxzq.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.158:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\9uqsbxzq.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.160:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\9uqsbxzq.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.177:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\9uqsbxzq.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.178:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\9uqsbxzq.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.179:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\9uqsbxzq.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.217:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\9uqsbxzq.default\cookies.txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup
:mozilla.222:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\9uqsbxzq.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.223:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\9uqsbxzq.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.224:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\9uqsbxzq.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.225:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\9uqsbxzq.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.226:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\9uqsbxzq.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.235:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\9uqsbxzq.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
:mozilla.245:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\9uqsbxzq.default\cookies.txt -> TrackingCookie.Bfast : Cleaned with backup
:mozilla.252:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\9uqsbxzq.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.253:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\9uqsbxzq.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.254:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\9uqsbxzq.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.259:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\9uqsbxzq.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.260:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\9uqsbxzq.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.261:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\9uqsbxzq.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.262:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\9uqsbxzq.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.263:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\9uqsbxzq.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.264:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\9uqsbxzq.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.308:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\9uqsbxzq.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup
:mozilla.309:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\9uqsbxzq.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup
:mozilla.319:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\9uqsbxzq.default\cookies.txt -> TrackingCookie.Clickhype : Cleaned with backup
:mozilla.328:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\9uqsbxzq.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.329:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\9uqsbxzq.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.330:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\9uqsbxzq.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.331:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\9uqsbxzq.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.340:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\9uqsbxzq.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.341:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\9uqsbxzq.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.346:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\9uqsbxzq.default\cookies.txt -> TrackingCookie.Coremetrics : Cleaned with backup
:mozilla.359:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\9uqsbxzq.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup
:mozilla.370:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\9uqsbxzq.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned with backup
:mozilla.371:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\9uqsbxzq.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.372:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\9uqsbxzq.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.378:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\9uqsbxzq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.379:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\9uqsbxzq.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned with backup
:mozilla.380:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\9uqsbxzq.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.384:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\9uqsbxzq.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.385:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\9uqsbxzq.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.387:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\9uqsbxzq.default\cookies.txt -> TrackingCookie.Linksynergy : Cleaned with backup
:mozilla.388:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\9uqsbxzq.default\cookies.txt -> TrackingCookie.Linksynergy : Cleaned with backup
:mozilla.390:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\9uqsbxzq.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
:mozilla.408:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\9uqsbxzq.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.409:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\9uqsbxzq.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.416:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\9uqsbxzq.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.419:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\9uqsbxzq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.439:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\9uqsbxzq.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.440:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\9uqsbxzq.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.441:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\9uqsbxzq.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.442:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\9uqsbxzq.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.443:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\9uqsbxzq.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.448:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\9uqsbxzq.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.449:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\9uqsbxzq.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.452:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\9uqsbxzq.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.453:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\9uqsbxzq.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.455:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\9uqsbxzq.default\cookies.txt -> TrackingCookie.Hotlog : Cleaned with backup
:mozilla.456:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\9uqsbxzq.default\cookies.txt -> TrackingCookie.Spylog : Cleaned with backup
:mozilla.470:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\9uqsbxzq.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.491:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\9uqsbxzq.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned with backup
:mozilla.492:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\9uqsbxzq.default\cookies.txt -> TrackingCookie.Starware : Cleaned with backup
:mozilla.493:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\9uqsbxzq.default\cookies.txt -> TrackingCookie.Starware : Cleaned with backup
:mozilla.494:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\9uqsbxzq.default\cookies.txt -> TrackingCookie.Starware : Cleaned with backup
:mozilla.495:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\9uqsbxzq.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.518:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\9uqsbxzq.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.519:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\9uqsbxzq.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.520:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\9uqsbxzq.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.521:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\9uqsbxzq.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.522:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\9uqsbxzq.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.523:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\9uqsbxzq.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.524:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\9uqsbxzq.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.525:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\9uqsbxzq.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.528:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\9uqsbxzq.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup
:mozilla.529:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\9uqsbxzq.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup
:mozilla.530:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\9uqsbxzq.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.531:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\9uqsbxzq.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.532:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\9uqsbxzq.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.554:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\9uqsbxzq.default\cookies.txt -> TrackingCookie.Coremetrics : Cleaned with backup
:mozilla.570:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\9uqsbxzq.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.571:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\9uqsbxzq.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.572:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\9uqsbxzq.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.580:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\9uqsbxzq.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.582:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\9uqsbxzq.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.590:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\9uqsbxzq.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
C:\Documents and Settings\Jason\Cookies\jason@2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Jason\Cookies\jason@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Jason\Cookies\jason@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : Cleaned with backup
C:\Documents and Settings\Jason\Cookies\jason@free.wegcash[1].txt -> TrackingCookie.Wegcash : Cleaned with backup
C:\Documents and Settings\Jason\Cookies\jason@microsoftwga.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Jason\Cookies\jason@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Jason\Cookies\jason@yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Jason\Local Settings\Temporary Internet Files\Content.IE5\5N3BTLKM\winsysupd12[1].exe -> Hijacker.StartPage.aib : Cleaned with backup
C:\Documents and Settings\Jason\Local Settings\Temporary Internet Files\Content.IE5\5N3BTLKM\ZICORN001[1].exe -> Adware.ZenoSearch : Cleaned with backup
C:\Documents and Settings\Jason\Local Settings\Temporary Internet Files\Content.IE5\ON532EZH\gimmygames12[1].exe -> Downloader.Adload.v : Cleaned with backup
C:\Documents and Settings\Jason\Local Settings\Temporary Internet Files\Content.IE5\ON532EZH\keyboard[1].exe -> Downloader.VB.xv : Cleaned with backup
C:\Documents and Settings\Jason\Local Settings\Temporary Internet Files\Content.IE5\Q9HINE5G\gimmysmileys[1].exe -> Downloader.VB.xu : Cleaned with backup
C:\Documents and Settings\Jason\Local Settings\Temporary Internet Files\Content.IE5\Q9HINE5G\visfx500[2].exe -> Dropper.Agent.aie : Cleaned with backup
C:\Documents and Settings\Jason\Local Settings\Temporary Internet Files\Content.IE5\Q9HINE5G\winsysban12[1].exe -> Hijacker.VB.li : Cleaned with backup
C:\Documents and Settings\Jason\Local Settings\Temporary Internet Files\Content.IE5\VUG73DCL\aebcq9z5w[1].exe -> Downloader.Agent.afi : Cleaned with backup
C:\Documents and Settings\Jason\Local Settings\Temporary Internet Files\Content.IE5\VUG73DCL\drsmartload[2].exe -> Downloader.Adload.u : Cleaned with backup
C:\Documents and Settings\Jason\Local Settings\Temporary Internet Files\Content.IE5\VUG73DCL\mousepad[1].exe -> Hijacker.VB.li : Cleaned with backup
C:\Documents and Settings\Jason\Local Settings\Temporary Internet Files\Content.IE5\VUG73DCL\NNSCAA638[1].EXE -> Adware.NewDotNet : Cleaned with backup
:mozilla.10:C:\Documents and Settings\Sara\Application Data\Mozilla\Firefox\Profiles\f9ezcvba.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.11:C:\Documents and Settings\Sara\Application Data\Mozilla\Firefox\Profiles\f9ezcvba.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.12:C:\Documents and Settings\Sara\Application Data\Mozilla\Firefox\Profiles\f9ezcvba.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.13:C:\Documents and Settings\Sara\Application Data\Mozilla\Firefox\Profiles\f9ezcvba.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.14:C:\Documents and Settings\Sara\Application Data\Mozilla\Firefox\Profiles\f9ezcvba.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.15:C:\Documents and Settings\Sara\Application Data\Mozilla\Firefox\Profiles\f9ezcvba.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.16:C:\Documents and Settings\Sara\Application Data\Mozilla\Firefox\Profiles\f9ezcvba.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.17:C:\Documents and Settings\Sara\Application Data\Mozilla\Firefox\Profiles\f9ezcvba.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.18:C:\Documents and Settings\Sara\Application Data\Mozilla\Firefox\Profiles\f9ezcvba.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.19:C:\Documents and Settings\Sara\Application Data\Mozilla\Firefox\Profiles\f9ezcvba.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.20:C:\Documents and Settings\Sara\Application Data\Mozilla\Firefox\Profiles\f9ezcvba.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.25:C:\Documents and Settings\Sara\Application Data\Mozilla\Firefox\Profiles\f9ezcvba.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.26:C:\Documents and Settings\Sara\Application Data\Mozilla\Firefox\Profiles\f9ezcvba.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.27:C:\Documents and Settings\Sara\Application Data\Mozilla\Firefox\Profiles\f9ezcvba.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.28:C:\Documents and Settings\Sara\Application Data\Mozilla\Firefox\Profiles\f9ezcvba.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.29:C:\Documents and Settings\Sara\Application Data\Mozilla\Firefox\Profiles\f9ezcvba.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.30:C:\Documents and Settings\Sara\Application Data\Mozilla\Firefox\Profiles\f9ezcvba.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.31:C:\Documents and Settings\Sara\Application Data\Mozilla\Firefox\Profiles\f9ezcvba.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.32:C:\Documents and Settings\Sara\Application Data\Mozilla\Firefox\Profiles\f9ezcvba.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.33:C:\Documents and Settings\Sara\Application Data\Mozilla\Firefox\Profiles\f9ezcvba.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.34:C:\Documents and Settings\Sara\Application Data\Mozilla\Firefox\Profiles\f9ezcvba.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.35:C:\Documents and Settings\Sara\Application Data\Mozilla\Firefox\Profiles\f9ezcvba.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.48:C:\Documents and Settings\Sara\Application Data\Mozilla\Firefox\Profiles\f9ezcvba.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.49:C:\Documents and Settings\Sara\Application Data\Mozilla\Firefox\Profiles\f9ezcvba.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.50:C:\Documents and Settings\Sara\Application Data\Mozilla\Firefox\Profiles\f9ezcvba.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.51:C:\Documents and Settings\Sara\Application Data\Mozilla\Firefox\Profiles\f9ezcvba.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.52:C:\Documents and Settings\Sara\Application Data\Mozilla\Firefox\Profiles\f9ezcvba.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.53:C:\Documents and Settings\Sara\Application Data\Mozilla\Firefox\Profiles\f9ezcvba.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.54:C:\Documents and Settings\Sara\Application Data\Mozilla\Firefox\Profiles\f9ezcvba.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.56:C:\Documents and Settings\Sara\Application Data\Mozilla\Firefox\Profiles\f9ezcvba.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.57:C:\Documents and Settings\Sara\Application Data\Mozilla\Firefox\Profiles\f9ezcvba.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.58:C:\Documents and Settings\Sara\Application Data\Mozilla\Firefox\Profiles\f9ezcvba.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.59:C:\Documents and Settings\Sara\Application Data\Mozilla\Firefox\Profiles\f9ezcvba.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.60:C:\Documents and Settings\Sara\Application Data\Mozilla\Firefox\Profiles\f9ezcvba.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.61:C:\Documents and Settings\Sara\Application Data\Mozilla\Firefox\Profiles\f9ezcvba.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.62:C:\Documents and Settings\Sara\Application Data\Mozilla\Firefox\Profiles\f9ezcvba.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.63:C:\Documents and Settings\Sara\Application Data\Mozilla\Firefox\Profiles\f9ezcvba.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.64:C:\Documents and Settings\Sara\Application Data\Mozilla\Firefox\Profiles\f9ezcvba.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.65:C:\Documents and Settings\Sara\Application Data\Mozilla\Firefox\Profiles\f9ezcvba.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.66:C:\Documents and Settings\Sara\Application Data\Mozilla\Firefox\Profiles\f9ezcvba.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.67:C:\Documents and Settings\Sara\Application Data\Mozilla\Firefox\Profiles\f9ezcvba.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.68:C:\Documents and Settings\Sara\Application Data\Mozilla\Firefox\Profiles\f9ezcvba.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.69:C:\Documents and Settings\Sara\Application Data\Mozilla\Firefox\Profiles\f9ezcvba.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.70:C:\Documents and Settings\Sara\Application Data\Mozilla\Firefox\Profiles\f9ezcvba.default\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup
:mozilla.71:C:\Documents and Settings\Sara\Application Data\Mozilla\Firefox\Profiles\f9ezcvba.default\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup
:mozilla.84:C:\Documents and Settings\Sara\Application Data\Mozilla\Firefox\Profiles\f9ezcvba.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.85:C:\Documents and Settings\Sara\Application Data\Mozilla\Firefox\Profiles\f9ezcvba.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.86:C:\Documents and Settings\Sara\Application Data\Mozilla\Firefox\Profiles\f9ezcvba.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.87:C:\Documents and Settings\Sara\Application Data\Mozilla\Firefox\Profiles\f9ezcvba.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.88:C:\Documents and Settings\Sara\Application Data\Mozilla\Firefox\Profiles\f9ezcvba.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.89:C:\Documents and Settings\Sara\Application Data\Mozilla\Firefox\Profiles\f9ezcvba.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.91:C:\Documents and Settings\Sara\Application Data\Mozilla\Firefox\Profiles\f9ezcvba.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup
:mozilla.92:C:\Documents and Settings\Sara\Application Data\Mozilla\Firefox\Profiles\f9ezcvba.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup
:mozilla.93:C:\Documents and Settings\Sara\Application Data\Mozilla\Firefox\Profiles\f9ezcvba.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup
:mozilla.94:C:\Documents and Settings\Sara\Application Data\Mozilla\Firefox\Profiles\f9ezcvba.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup
:mozilla.95:C:\Documents and Settings\Sara\Application Data\Mozilla\Firefox\Profiles\f9ezcvba.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.100:C:\Documents and Settings\Sara\Application Data\Mozilla\Firefox\Profiles\f9ezcvba.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup
:mozilla.101:C:\Documents and Settings\Sara\Application Data\Mozilla\Firefox\Profiles\f9ezcvba.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup
:mozilla.102:C:\Documents and Settings\Sara\Application Data\Mozilla\Firefox\Profiles\f9ezcvba.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup
:mozilla.105:C:\Documents and Settings\Sara\Application Data\Mozilla\Firefox\Profiles\f9ezcvba.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.106:C:\Documents and Settings\Sara\Application Data\Mozilla\Firefox\Profiles\f9ezcvba.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.107:C:\Documents and Settings\Sara\Application Data\Mozilla\Firefox\Profiles\f9ezcvba.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.108:C:\Documents and Settings\Sara\Application Data\Mozilla\Firefox\Profiles\f9ezcvba.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.109:C:\Documents and Settings\Sara\Application Data\Mozilla\Firefox\Profiles\f9ezcvba.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.110:C:\Documents and Settings\Sara\Application Data\Mozilla\Firefox\Profiles\f9ezcvba.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.113:C:\Documents and Settings\Sara\Application Data\Mozilla\Firefox\Profiles\f9ezcvba.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.114:C:\Documents and Settings\Sara\Application Data\Mozilla\Firefox\Profiles\f9ezcvba.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.125:C:\Documents and Settings\Sara\Application Data\Mozilla\Firefox\Profiles\f9ezcvba.default\cookies.txt -> TrackingCookie.Coremetrics : Cleaned with backup
:mozilla.133:C:\Documents and Settings\Sara\Application Data\Mozilla\Firefox\Profiles\f9ezcvba.default\cookies.txt -> TrackingCookie.Addynamix : Cleaned with backup
:mozilla.137:C:\Documents and Settings\Sara\Application Data\Mozilla\Firefox\Profiles\f9ezcvba.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.138:C:\Documents and Settings\Sara\Application Data\Mozilla\Firefox\Profiles\f9ezcvba.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.139:C:\Documents and Settings\Sara\Application Data\Mozilla\Firefox\Profiles\f9ezcvba.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned with backup
:mozilla.146:C:\Documents and Settings\Sara\Application Data\Mozilla\Firefox\Profiles\f9ezcvba.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.148:C:\Documents and Settings\Sara\Application Data\Mozilla\Firefox\Profiles\f9ezcvba.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.149:C:\Documents and Settings\Sara\Application Data\Mozilla\Firefox\Profiles\f9ezcvba.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
:mozilla.150:C:\Documents and Settings\Sara\Application Data\Mozilla\Firefox\Profiles\f9ezcvba.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
:mozilla.151:C:\Documents and Settings\Sara\Application Data\Mozilla\Firefox\Profiles\f9ezcvba.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
:mozilla.155:C:\Documents and Settings\Sara\Application Data\Mozilla\Firefox\Profiles\f9ezcvba.default\cookies.txt -> TrackingCookie.Centrport : Cleaned with backup
:mozilla.156:C:\Documents and Settings\Sara\Application Data\Mozilla\Firefox\Profiles\f9ezcvba.default\cookies.txt -> TrackingCookie.Centrport : Cleaned with backup
C:\Program Files\outlook\v.tmp -> Worm.VB.dw : Cleaned with backup
C:\WINDOWS\NDNuninstall7_22.exe -> Adware.NewDotNet : Cleaned with backup
C:\WINDOWS\offun.exe -> Downloader.VB.nw : Cleaned with backup
C:\WINDOWS\system32\dwdsregt.exe -> Adware.ZenoSearch : Cleaned with backup
C:\WINDOWS\system32\qldsregq.exe -> Adware.ZenoSearch : Cleaned with backup
:mozilla.8:D:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\dahe2r81.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.10:D:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\dahe2r81.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.11:D:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\dahe2r81.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.12:D:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\dahe2r81.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.13:D:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\dahe2r81.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.14:D:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\dahe2r81.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.15:D:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\dahe2r81.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.16:D:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\dahe2r81.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.20:D:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\dahe2r81.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.21:D:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\dahe2r81.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.24:D:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\dahe2r81.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.25:D:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\dahe2r81.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.26:D:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\dahe2r81.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.29:D:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\dahe2r81.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.30:D:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\dahe2r81.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.47:D:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\dahe2r81.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.16:D:\Documents and Settings\SaraDoo\Application Data\Mozilla\Firefox\Profiles\kk7ugk9c.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.17:D:\Documents and Settings\SaraDoo\Application Data\Mozilla\Firefox\Profiles\kk7ugk9c.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup
:mozilla.18:D:\Documents and Settings\SaraDoo\Application Data\Mozilla\Firefox\Profiles\kk7ugk9c.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup
:mozilla.19:D:\Documents and Settings\SaraDoo\Application Data\Mozilla\Firefox\Profiles\kk7ugk9c.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.20:D:\Documents and Settings\SaraDoo\Application Data\Mozilla\Firefox\Profiles\kk7ugk9c.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.21:D:\Documents and Settings\SaraDoo\Application Data\Mozilla\Firefox\Profiles\kk7ugk9c.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.22:D:\Documents and Settings\SaraDoo\Application Data\Mozilla\Firefox\Profiles\kk7ugk9c.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.23:D:\Documents and Settings\SaraDoo\Application Data\Mozilla\Firefox\Profiles\kk7ugk9c.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.24:D:\Documents and Settings\SaraDoo\Application Data\Mozilla\Firefox\Profiles\kk7ugk9c.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.25:D:\Documents and Settings\SaraDoo\Application Data\Mozilla\Firefox\Profiles\kk7ugk9c.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.26:D:\Documents and Settings\SaraDoo\Application Data\Mozilla\Firefox\Profiles\kk7ugk9c.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.27:D:\Documents and Settings\SaraDoo\Application Data\Mozilla\Firefox\Profiles\kk7ugk9c.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.28:D:\Documents and Settings\SaraDoo\Application Data\Mozilla\Firefox\Profiles\kk7ugk9c.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.29:D:\Documents and Settings\SaraDoo\Application Data\Mozilla\Firefox\Profiles\kk7ugk9c.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.30:D:\Documents and Settings\SaraDoo\Application Data\Mozilla\Firefox\Profiles\kk7ugk9c.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.31:D:\Documents and Settings\SaraDoo\Application Data\Mozilla\Firefox\Profiles\kk7ugk9c.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.32:D:\Documents and Settings\SaraDoo\Application Data\Mozilla\Firefox\Profiles\kk7ugk9c.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.33:D:\Documents and Settings\SaraDoo\Application Data\Mozilla\Firefox\Profiles\kk7ugk9c.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.35:D:\Documents and Settings\SaraDoo\Application Data\Mozilla\Firefox\Profiles\kk7ugk9c.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.36:D:\Documents and Settings\SaraDoo\Application Data\Mozilla\Firefox\Profiles\kk7ugk9c.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.37:D:\Documents and Settings\SaraDoo\Application Data\Mozilla\Firefox\Profiles\kk7ugk9c.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.38:D:\Documents and Settings\SaraDoo\Application Data\Mozilla\Firefox\Profiles\kk7ugk9c.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.39:D:\Documents and Settings\SaraDoo\Application Data\Mozilla\Firefox\Profiles\kk7ugk9c.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.40:D:\Documents and Settings\SaraDoo\Application Data\Mozilla\Firefox\Profiles\kk7ugk9c.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.41:D:\Documents and Settings\SaraDoo\Application
:mozilla.42:D:\Documents and Settings\SaraDoo\Application Data\Mozilla\Firefox\Profiles\kk7ugk9c.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.43:D:\Documents and Settings\SaraDoo\Application Data\Mozilla\Firefox\Profiles\kk7ugk9c.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.44:D:\Documents and Settings\SaraDoo\Application Data\Mozilla\Firefox\Profiles\kk7ugk9c.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.45:D:\Documents and Settings\SaraDoo\Application Data\Mozilla\Firefox\Profiles\kk7ugk9c.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.46:D:\Documents and Settings\SaraDoo\Application Data\Mozilla\Firefox\Profiles\kk7ugk9c.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.47:D:\Documents and Settings\SaraDoo\Application Data\Mozilla\Firefox\Profiles\kk7ugk9c.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.48:D:\Documents and Settings\SaraDoo\Application Data\Mozilla\Firefox\Profiles\kk7ugk9c.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.49:D:\Documents and Settings\SaraDoo\Application Data\Mozilla\Firefox\Profiles\kk7ugk9c.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.50:D:\Documents and Settings\SaraDoo\Application Data\Mozilla\Firefox\Profiles\kk7ugk9c.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.51:D:\Documents and Settings\SaraDoo\Application Data\Mozilla\Firefox\Profiles\kk7ugk9c.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.52:D:\Documents and Settings\SaraDoo\Application Data\Mozilla\Firefox\Profiles\kk7ugk9c.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.53:D:\Documents and Settings\SaraDoo\Application Data\Mozilla\Firefox\Profiles\kk7ugk9c.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.54:D:\Documents and Settings\SaraDoo\Application Data\Mozilla\Firefox\Profiles\kk7ugk9c.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.55:D:\Documents and Settings\SaraDoo\Application Data\Mozilla\Firefox\Profiles\kk7ugk9c.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.56:D:\Documents and Settings\SaraDoo\Application Data\Mozilla\Firefox\Profiles\kk7ugk9c.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.57:D:\Documents and Settings\SaraDoo\Application Data\Mozilla\Firefox\Profiles\kk7ugk9c.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.58:D:\Documents and Settings\SaraDoo\Application Data\Mozilla\Firefox\Profiles\kk7ugk9c.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.62:D:\Documents and Settings\SaraDoo\Application Data\Mozilla\Firefox\Profiles\kk7ugk9c.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.70:D:\Documents and Settings\SaraDoo\Application Data\Mozilla\Firefox\Profiles\kk7ugk9c.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.71:D:\Documents and Settings\SaraDoo\Application Data\Mozilla\Firefox\Profiles\kk7ugk9c.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.72:D:\Documents and Settings\SaraDoo\Application Data\Mozilla\Firefox\Profiles\kk7ugk9c.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.73:D:\Documents and Settings\SaraDoo\Application Data\Mozilla\Firefox\Profiles\kk7ugk9c.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.88:D:\Documents and Settings\SaraDoo\Application Data\Mozilla\Firefox\Profiles\kk7ugk9c.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.89:D:\Documents and Settings\SaraDoo\Application Data\Mozilla\Firefox\Profiles\kk7ugk9c.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.90:D:\Documents and Settings\SaraDoo\Application Data\Mozilla\Firefox\Profiles\kk7ugk9c.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.91:D:\Documents and Settings\SaraDoo\Application Data\Mozilla\Firefox\Profiles\kk7ugk9c.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.92:D:\Documents and Settings\SaraDoo\Application Data\Mozilla\Firefox\Profiles\kk7ugk9c.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.93:D:\Documents and Settings\SaraDoo\Application Data\Mozilla\Firefox\Profiles\kk7ugk9c.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.95:D:\Documents and Settings\SaraDoo\Application Data\Mozilla\Firefox\Profiles\kk7ugk9c.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup
:mozilla.96:D:\Documents and Settings\SaraDoo\Application Data\Mozilla\Firefox\Profiles\kk7ugk9c.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.105:D:\Documents and Settings\SaraDoo\Application Data\Mozilla\Firefox\Profiles\kk7ugk9c.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.112:D:\Documents and Settings\SaraDoo\Application Data\Mozilla\Firefox\Profiles\kk7ugk9c.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
D:\Program Files\NewDotNet\newdotnet6_38.dll -> Adware.NewDotNet : Cleaned with backup
D:\Program Files\NewDotNet\uninstall6_38.exe -> Adware.NewDotNet : Cleaned with backup
D:\RECYCLER\NPROTECT\00009595.TXT -> TrackingCookie.Atdmt : Cleaned with backup
D:\WINDOWS\NDNuninstall6_38.exe -> Adware.NewDotNet : Cleaned with backup
D:\WINDOWS\system32\Ruyrpd.exe -> Adware.DealHelper : Cleaned with backup
HJT:
Logfile of HijackThis v1.99.1
Scan saved at 11:38:59 AM, on 3/9/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Common Files\Stardock\SDMCP.exe
C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Stardock\OBJECT~1\DesktopX\desktopx.exe
C:\Program Files\Common Files\stardock\TrayServer.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\msvcmm32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Strokeit\strokeit.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\PROGRA~1\MOVIEL~1\MOVIEL~1\MOVIEL~1.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\HijackThis\HijackThis.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [1A:Stardock TrayMonitor] "C:\Program Files\Common Files\stardock\TrayServer.exe"
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [LoadMSvcmm] C:\WINDOWS\system32\msvcmm32.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P30 "EPSON Stylus Photo R300 Series" /O6 "USB002" /M "Stylus Photo R300"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [outlook] C:\Program Files\outlook\outlook.exe /auto
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [BrowserUpdateSched] C:\WINDOWS\system32\rwinmrag.exe CORN001
O4 - HKCU\..\Run: [StrokeIt] C:\Program Files\Strokeit\strokeit.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Startup: Zeno.lnk = C:\WINDOWS\system32\rwinmrag.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1121103359740
O20 - Winlogon Notify: MCPClient - C:\Program Files\Common Files\Stardock\mcpstub.dll
O20 - Winlogon Notify: WB - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: WMP54Gv4SVC - Unknown owner - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe" "WMP54Gv4.exe (file missing)
Remove the following with HJT
O4 - Startup: Zeno.lnk = C:\WINDOWS\system32\rwinmrag.exe
NEXT
View hidden files and folders – explained here
THEN
Find and Delete the following, if found:
C:\WINDOWS\system32\rwinmrag.exe << this file
==========
Reboot and post a new HJT log.
Let me know how things are.
Logfile of HijackThis v1.99.1
Scan saved at 4:43:29 PM, on 3/9/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Common Files\Stardock\SDMCP.exe
C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Stardock\OBJECT~1\DesktopX\desktopx.exe
C:\Program Files\Common Files\stardock\TrayServer.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Strokeit\strokeit.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HijackThis\HijackThis.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [1A:Stardock TrayMonitor] "C:\Program Files\Common Files\stardock\TrayServer.exe"
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [LoadMSvcmm] C:\WINDOWS\system32\msvcmm32.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P30 "EPSON Stylus Photo R300 Series" /O6 "USB002" /M "Stylus Photo R300"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [outlook] C:\Program Files\outlook\outlook.exe /auto
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [BrowserUpdateSched] C:\WINDOWS\system32\rwinmrag.exe CORN001
O4 - HKCU\..\Run: [StrokeIt] C:\Program Files\Strokeit\strokeit.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1121103359740
O20 - Winlogon Notify: MCPClient - C:\Program Files\Common Files\Stardock\mcpstub.dll
O20 - Winlogon Notify: WB - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: WMP54Gv4SVC - Unknown owner - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe" "WMP54Gv4.exe (file missing)
Thanks again for all your help man! I really appreciate it!
What errors did you get?
Can we mark this resolved?
Now that your PC is clean you need to follow these easy steps to keeping it this way:
Secure your Internet Explorer by going here and following the instructions there.
Better yet, use an alternative browser! Download FireFox and give it a run. It is far more secure than Internet Explorer. Or, you can get Opera which in my opinion, is better still.
Use a firewall to help prevent your PC's control being usurped by undesireables. If you don't have a Firewall, then choose ONE below
Zone Alarm
Sygate
Sunbelt Kerio PF
Install an anti-virus. There are some good, free AV's available today. Make sure that it is updated regularly and have it scan your system often. If you don't have one, choose ONE from below.
Nod32
AVG Free Edition
AntiVir
avast! 4 Home Edition
Install and keep updated, Ad-Aware SE, and Spybot Search & Destroy.
Run them both on a regular basis, following the manufacturer's recommendations.
Install and keep updated, SpywareBlaster and SpywareGuard
Check for Windows Updates. Microsoft regularly post updates for your systems safe running. Make sure to take advantage of this. Reboot when installed and return to make sure there are no others.
Read the article So How Did I get Infected In The First Place
Clear your Temp folders.
Clear out your Temporary internet files and other temp files.
Go to Start > Settings > Control Panel >Internet Options.
Under the General tab click the Delete temporary internet files,
delete all Offline content as well. Clear out Cookies.
Also, go to Start > Find/search > Files or folders > in the named box, type: *.tmp and choose Edit > select all -> File > delete.
Empty/delete the entire contents of the C:\Windows\temp folder and C:\temp folder, if you have one. (Contents but not the folder itself.)
C:\Documents and Settings\username\Local Settings\Temp\
In order to view these files you may have to select 'show hidden files/folders.' Instructions on how to here.
Empty the Recycle Bin.
For XP users.
After something like this it is a good idea to Flush the Restore Points and start fresh.
To flush the XP system Restore Points.
Go to Start | Run | type msconfig | Press Enter.
When msconfig opens, click the Launch System Restore Button.
On the next page, click the System Restore Settings link on the left.
Check the box labelled 'Turn off System restore'.
Reboot! Go back in and Turn System Restore Back on. A new Restore Point will be created.
Note that all previous restore points will be lost.
===============
If you have any more problems, post back.
Please consider joining the Folding@Home Project
Join our Folding@Home team! Alzheimer's, Parkinson's, cancer... we're trying to cure them with our computers! You've at least read a little about it in the greeting I sent you when you signed up for the site. We're always really pleased to greet new members to the team, and it's a quick way to become an appreciated member of the community.
MORE INFO: READ THIS
I'l mark this resolved. If you need help again, just start a new thread.