Need help again with Spyware[resolved]
Hi again last time Jmoney helped me with my spyware issues and I was hoping if he could agian. Sent him a PM and hopfully he'll reply here.
I've located some information on the spyware that is newly infecting my computer and I've used XoftSpy (Anti Spyware program) to locate it. It requires registration and a $50 fee to delete such spyware. I wasn't willing to pay such money.
But anyway here is the list of spyware names it found:
Out of 180472 items 75 objects were found these include
Spy Bouncer
WhenU.SaveNow
FileSpy
IEPlugin
Lop.com
Media Motor
New Dial
SafeguardProtect
Sfonditalia
Vacpro dialer
247realmedia cookie
2o7.net Cookie
yieldmanager cookie
specificclick cookie
adrevolver cookie
addynamix cookie
pointroll cookie
real cookie
adserv cookie
apmebf cookie
falkag cookie
bluestreak cookie
bravenet cookie
cgi-bin cookie
bridgetrack cookie
edge.ru4 cookie
entrepreneur cookie
humanclick cookie
Top-Banners Cookie
overture cookie
qksrv cookie
questionmarket cookie
revenue cookie
adjuggler cookie
server.iad.liveperson cookie
statcounter cookie
DriveCleaner Cookie
trafficmp cookie
ppctracking cookie
seeq cookie
zedo cookie
EUniverse
MyWay SpeedBar
I've ran the spyware that I've been using since my last post. And I also use ZoneAlarm since our last talk.
Not so many of these spyware programs were noticable but I have received pop-ups to "clean the software out" in which case I closed them as I thought it was just more spyware wanting to install. These programs would include SystemDoctor and others.
Hope Jmoney or someone replies soon. Thanks!
HTJ Below
Logfile of HijackThis v1.99.1
Scan saved at 8:45:32 PM, on 10/31/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTSvcCDA.EXE
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\system32\cba\pds.exe
C:\MATLAB6p5\webserver\bin\win32\matlabserver.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\ams_ii\hndlrsvc.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\WINDOWS\system32\ams_ii\iao.exe
C:\WINDOWS\system32\cba\xfr.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearch.exe
C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearchIndexer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\WinEQ2\WinEQ2.exe
C:\Program Files\Hijackthis\HijackThis.exe
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PCShield] regsvr32 /s "C:\WINDOWS\system32\sfg_7563.dll"
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [btprlwqA] C:\WINDOWS\btprlwqA.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Device Detector] DevDetect.exe -autorun
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ATI Remote Control] C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
O4 - HKCU\..\Run: [PCShield] regsvr32 /s "C:\WINDOWS\system32\sfg_7563.dll"
O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun
O4 - HKCU\..\Run: [greatnew] C:\DOCUME~1\Shawn\APPLIC~1\ACIDCO~1\Batskip.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearch.exe
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-us\msntabres.dll/229?3e34eebd75324ca0bccca6f1bd359bc3
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-us\msntabres.dll/230?3e34eebd75324ca0bccca6f1bd359bc3
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\tv\EXPLBAR.DLL (file missing)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00000000-0000-0000-0000-000020050660} - http://207.234.185.217/ABoxInst_int15.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=34738&clcid=0x409
O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ubisoft.com/dev/packages/GSManager.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20031216/qtinstall.info.apple.com/mickey/us/win/QuickTimeInstaller.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004033001/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://utu.popcap.com/games/popcaploader_v6.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTSvcCDA.EXE
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Intel Alert Handler - Intel Corporation - C:\WINDOWS\system32\ams_ii\hndlrsvc.exe
O23 - Service: Intel Alert Originator - Intel Corporation - C:\WINDOWS\system32\ams_ii\iao.exe
O23 - Service: Intel File Transfer - Intel Corporation - C:\WINDOWS\system32\cba\xfr.exe
O23 - Service: Intel PDS - Intel Corporation - C:\WINDOWS\system32\cba\pds.exe
O23 - Service: MATLAB Server (matlabserver) - Unknown owner - C:\MATLAB6p5\webserver\bin\win32\matlabserver.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe (file missing)
I've located some information on the spyware that is newly infecting my computer and I've used XoftSpy (Anti Spyware program) to locate it. It requires registration and a $50 fee to delete such spyware. I wasn't willing to pay such money.
But anyway here is the list of spyware names it found:
Out of 180472 items 75 objects were found these include
Spy Bouncer
WhenU.SaveNow
FileSpy
IEPlugin
Lop.com
Media Motor
New Dial
SafeguardProtect
Sfonditalia
Vacpro dialer
247realmedia cookie
2o7.net Cookie
yieldmanager cookie
specificclick cookie
adrevolver cookie
addynamix cookie
pointroll cookie
real cookie
adserv cookie
apmebf cookie
falkag cookie
bluestreak cookie
bravenet cookie
cgi-bin cookie
bridgetrack cookie
edge.ru4 cookie
entrepreneur cookie
humanclick cookie
Top-Banners Cookie
overture cookie
qksrv cookie
questionmarket cookie
revenue cookie
adjuggler cookie
server.iad.liveperson cookie
statcounter cookie
DriveCleaner Cookie
trafficmp cookie
ppctracking cookie
seeq cookie
zedo cookie
EUniverse
MyWay SpeedBar
I've ran the spyware that I've been using since my last post. And I also use ZoneAlarm since our last talk.
Not so many of these spyware programs were noticable but I have received pop-ups to "clean the software out" in which case I closed them as I thought it was just more spyware wanting to install. These programs would include SystemDoctor and others.
Hope Jmoney or someone replies soon. Thanks!
HTJ Below
Logfile of HijackThis v1.99.1
Scan saved at 8:45:32 PM, on 10/31/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTSvcCDA.EXE
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\system32\cba\pds.exe
C:\MATLAB6p5\webserver\bin\win32\matlabserver.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\ams_ii\hndlrsvc.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\WINDOWS\system32\ams_ii\iao.exe
C:\WINDOWS\system32\cba\xfr.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearch.exe
C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearchIndexer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\WinEQ2\WinEQ2.exe
C:\Program Files\Hijackthis\HijackThis.exe
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PCShield] regsvr32 /s "C:\WINDOWS\system32\sfg_7563.dll"
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [btprlwqA] C:\WINDOWS\btprlwqA.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Device Detector] DevDetect.exe -autorun
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ATI Remote Control] C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
O4 - HKCU\..\Run: [PCShield] regsvr32 /s "C:\WINDOWS\system32\sfg_7563.dll"
O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun
O4 - HKCU\..\Run: [greatnew] C:\DOCUME~1\Shawn\APPLIC~1\ACIDCO~1\Batskip.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearch.exe
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-us\msntabres.dll/229?3e34eebd75324ca0bccca6f1bd359bc3
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-us\msntabres.dll/230?3e34eebd75324ca0bccca6f1bd359bc3
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\tv\EXPLBAR.DLL (file missing)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00000000-0000-0000-0000-000020050660} - http://207.234.185.217/ABoxInst_int15.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=34738&clcid=0x409
O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ubisoft.com/dev/packages/GSManager.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20031216/qtinstall.info.apple.com/mickey/us/win/QuickTimeInstaller.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004033001/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://utu.popcap.com/games/popcaploader_v6.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTSvcCDA.EXE
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Intel Alert Handler - Intel Corporation - C:\WINDOWS\system32\ams_ii\hndlrsvc.exe
O23 - Service: Intel Alert Originator - Intel Corporation - C:\WINDOWS\system32\ams_ii\iao.exe
O23 - Service: Intel File Transfer - Intel Corporation - C:\WINDOWS\system32\cba\xfr.exe
O23 - Service: Intel PDS - Intel Corporation - C:\WINDOWS\system32\cba\pds.exe
O23 - Service: MATLAB Server (matlabserver) - Unknown owner - C:\MATLAB6p5\webserver\bin\win32\matlabserver.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe (file missing)
0
This discussion has been closed.
Comments
http://66.220.17.157/help.html
==
Scan with HijackThis and then place a check next to all the following, if present:
O4 - HKLM\..\Run: [PCShield] regsvr32 /s "C:\WINDOWS\system32\sfg_7563.dll"
O4 - HKLM\..\Run: [btprlwqA] C:\WINDOWS\btprlwqA.exe
O4 - HKCU\..\Run: [PCShield] regsvr32 /s "C:\WINDOWS\system32\sfg_7563.dll"
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\tv\EXPLBAR.DLL (file missing)
O16 - DPF: {00000000-0000-0000-0000-000020050660} - http://207.234.185.217/ABoxInst_int15.exe
Now, close all instances of Internet Explorer and any other windows you have open except HiJackThis, click "Fix checked".
===============
Locate and delete the following item(s), if present. Make sure you are able to view system and hidden files/ folders:
files...
C:\WINDOWS\system32\sfg_7563.dll
C:\WINDOWS\btprlwqA.exe
-
Note that some of these file(s)/folder(s) may or may not be present. If present, and cannot be deleted because they're 'in use', try deleting them in Safe Mode by doing the following:
- Restart your computer
- After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
- Instead of Windows loading as normal, a menu should appear.
Select the first option to run Windows in Safe Mode hit enter.-
Reboot.
===============
To help protect your system from hostile ActiveX content, or special 'downloadable' files:
Download, install and keep updated, SpywareBlaster. If you've installed it for the first time:
1) Check for any available updates; if present, they'll be automatically downloaded and installed.
2) Next, "Enable all protection".
3) Exit the program.
-
Note: Remember to regularly check for updates.
===============
After rebooting, rescan with hijackthis and post back a new log. Please let me know how your pc is now.
Scan saved at 11:15:16 AM, on 11/1/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearch.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearchIndexer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\System32\CTSvcCDA.EXE
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\system32\cba\pds.exe
C:\MATLAB6p5\webserver\bin\win32\matlabserver.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\ams_ii\hndlrsvc.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\WINDOWS\system32\ams_ii\iao.exe
C:\WINDOWS\system32\cba\xfr.exe
C:\Program Files\Hijackthis\HijackThis.exe
C:\WINDOWS\system32\WgaTray.exe
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ATI Remote Control] C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun
O4 - HKCU\..\Run: [greatnew] C:\DOCUME~1\Shawn\APPLIC~1\ACIDCO~1\Batskip.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearch.exe
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-us\msntabres.dll/229?3e34eebd75324ca0bccca6f1bd359bc3
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-us\msntabres.dll/230?3e34eebd75324ca0bccca6f1bd359bc3
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=34738&clcid=0x409
O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ubisoft.com/dev/packages/GSManager.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20031216/qtinstall.info.apple.com/mickey/us/win/QuickTimeInstaller.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004033001/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://utu.popcap.com/games/popcaploader_v6.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTSvcCDA.EXE
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Intel Alert Handler - Intel Corporation - C:\WINDOWS\system32\ams_ii\hndlrsvc.exe
O23 - Service: Intel Alert Originator - Intel Corporation - C:\WINDOWS\system32\ams_ii\iao.exe
O23 - Service: Intel File Transfer - Intel Corporation - C:\WINDOWS\system32\cba\xfr.exe
O23 - Service: Intel PDS - Intel Corporation - C:\WINDOWS\system32\cba\pds.exe
O23 - Service: MATLAB Server (matlabserver) - Unknown owner - C:\MATLAB6p5\webserver\bin\win32\matlabserver.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe (file missing)
I couldn't find any of those programs in add/remove programs list. I ran the program at Lop.com (the uninstaller) but I didn't see it do anything. I also could not find the two files you asked me to delete.
Similar files by the names of:
stg_7d54.dll
bdoscandel.exe
where found though - however I didn't touch them as you didnt' list them.
My computer is still having a slow start up. BUT! and this is HUGE. The excessive desktop clicking has seized!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! This clicking would also disable programs that I was running, it is now over ever since Spywareblaster was installed. Thanks so much. I'll run some other spyware programs to make sure nothing bad is active.
:celebrate
ewido anti-spyware - Scan Report
+ Created at: 12:24:40 PM 11/1/2006
+ Scan result:
C:\Documents and Settings\Guest\Local Settings\Application Data\Mozilla\Firefox\Profiles\d78eio0b.default\Cache\DAF1E752d01 -> Adware.DriveCleaner : No action taken.
C:\Documents and Settings\Shawn\Local Settings\Temp\rl1pq1ow.exe -> Adware.DriveCleaner : No action taken.
C:\Documents and Settings\Shawn\Local Settings\Application Data\Mozilla\Firefox\Profiles\u9u6n4yl.default\Cache\74D60E4Fd01 -> Adware.Lop : No action taken.
C:\RECYCLER\S-1-5-21-1482476501-725345543-682003330-1003\Dc13.exe -> Adware.Lop : No action taken.
C:\RECYCLER\S-1-5-21-1482476501-725345543-682003330-1003\Dc14.exe -> Adware.Lop : No action taken.
C:\Documents and Settings\Shawn\Local Settings\Temporary Internet Files\Content.IE5\7017NO5B\popup[1].htm -> Hijacker.Agent.a : No action taken.
C:\Documents and Settings\Shawn\Local Settings\Temporary Internet Files\Content.IE5\7017NO5B\popup[2].htm -> Hijacker.Agent.a : No action taken.
C:\Documents and Settings\Shawn\Local Settings\Temporary Internet Files\Content.IE5\7017NO5B\popup[3].htm -> Hijacker.Agent.a : No action taken.
C:\Documents and Settings\Shawn\Local Settings\Temporary Internet Files\Content.IE5\7017NO5B\popup[4].htm -> Hijacker.Agent.a : No action taken.
C:\Documents and Settings\Shawn\Local Settings\Temporary Internet Files\Content.IE5\7017NO5B\popup[5].htm -> Hijacker.Agent.a : No action taken.
C:\Documents and Settings\Shawn\Local Settings\Temporary Internet Files\Content.IE5\7017NO5B\popup[6].htm -> Hijacker.Agent.a : No action taken.
C:\Documents and Settings\Shawn\Local Settings\Temporary Internet Files\Content.IE5\7017NO5B\popup[7].htm -> Hijacker.Agent.a : No action taken.
C:\Documents and Settings\Shawn\Local Settings\Temporary Internet Files\Content.IE5\7017NO5B\popup[8].htm -> Hijacker.Agent.a : No action taken.
C:\Documents and Settings\Shawn\Local Settings\Temporary Internet Files\Content.IE5\7017NO5B\popup[9].htm -> Hijacker.Agent.a : No action taken.
C:\Documents and Settings\Shawn\Local Settings\Temporary Internet Files\Content.IE5\EDY2M7OG\popup[10].htm -> Hijacker.Agent.a : No action taken.
C:\Documents and Settings\Shawn\Local Settings\Temporary Internet Files\Content.IE5\EDY2M7OG\popup[11].htm -> Hijacker.Agent.a : No action taken.
C:\Documents and Settings\Shawn\Local Settings\Temporary Internet Files\Content.IE5\EDY2M7OG\popup[1].htm -> Hijacker.Agent.a : No action taken.
C:\Documents and Settings\Shawn\Local Settings\Temporary Internet Files\Content.IE5\EDY2M7OG\popup[2].htm -> Hijacker.Agent.a : No action taken.
C:\Documents and Settings\Shawn\Local Settings\Temporary Internet Files\Content.IE5\EDY2M7OG\popup[3].htm -> Hijacker.Agent.a : No action taken.
C:\Documents and Settings\Shawn\Local Settings\Temporary Internet Files\Content.IE5\EDY2M7OG\popup[4].htm -> Hijacker.Agent.a : No action taken.
C:\Documents and Settings\Shawn\Local Settings\Temporary Internet Files\Content.IE5\EDY2M7OG\popup[5].htm -> Hijacker.Agent.a : No action taken.
C:\Documents and Settings\Shawn\Local Settings\Temporary Internet Files\Content.IE5\EDY2M7OG\popup[6].htm -> Hijacker.Agent.a : No action taken.
C:\Documents and Settings\Shawn\Local Settings\Temporary Internet Files\Content.IE5\EDY2M7OG\popup[7].htm -> Hijacker.Agent.a : No action taken.
C:\Documents and Settings\Shawn\Local Settings\Temporary Internet Files\Content.IE5\EDY2M7OG\popup[8].htm -> Hijacker.Agent.a : No action taken.
C:\Documents and Settings\Shawn\Local Settings\Temporary Internet Files\Content.IE5\EDY2M7OG\popup[9].htm -> Hijacker.Agent.a : No action taken.
C:\Documents and Settings\Shawn\Local Settings\Temporary Internet Files\Content.IE5\FNRMTND5\popup[1].htm -> Hijacker.Agent.a : No action taken.
C:\Documents and Settings\Shawn\Local Settings\Temporary Internet Files\Content.IE5\FNRMTND5\popup[2].htm -> Hijacker.Agent.a : No action taken.
C:\Documents and Settings\Shawn\Local Settings\Temporary Internet Files\Content.IE5\FNRMTND5\popup[3].htm -> Hijacker.Agent.a : No action taken.
C:\Documents and Settings\Shawn\Local Settings\Temporary Internet Files\Content.IE5\FNRMTND5\popup[4].htm -> Hijacker.Agent.a : No action taken.
C:\Documents and Settings\Shawn\Local Settings\Temporary Internet Files\Content.IE5\FNRMTND5\popup[5].htm -> Hijacker.Agent.a : No action taken.
C:\Documents and Settings\Shawn\Local Settings\Temporary Internet Files\Content.IE5\FNRMTND5\popup[6].htm -> Hijacker.Agent.a : No action taken.
C:\Documents and Settings\Shawn\Local Settings\Temporary Internet Files\Content.IE5\FNRMTND5\popup[7].htm -> Hijacker.Agent.a : No action taken.
C:\Documents and Settings\Shawn\Local Settings\Temporary Internet Files\Content.IE5\FNRMTND5\popup[8].htm -> Hijacker.Agent.a : No action taken.
C:\Documents and Settings\Shawn\Local Settings\Temporary Internet Files\Content.IE5\MME4IX5Y\popup[10].htm -> Hijacker.Agent.a : No action taken.
C:\Documents and Settings\Shawn\Local Settings\Temporary Internet Files\Content.IE5\MME4IX5Y\popup[11].htm -> Hijacker.Agent.a : No action taken.
C:\Documents and Settings\Shawn\Local Settings\Temporary Internet Files\Content.IE5\MME4IX5Y\popup[12].htm -> Hijacker.Agent.a : No action taken.
C:\Documents and Settings\Shawn\Local Settings\Temporary Internet Files\Content.IE5\MME4IX5Y\popup[13].htm -> Hijacker.Agent.a : No action taken.
C:\Documents and Settings\Shawn\Local Settings\Temporary Internet Files\Content.IE5\MME4IX5Y\popup[14].htm -> Hijacker.Agent.a : No action taken.
C:\Documents and Settings\Shawn\Local Settings\Temporary Internet Files\Content.IE5\MME4IX5Y\popup[15].htm -> Hijacker.Agent.a : No action taken.
C:\Documents and Settings\Shawn\Local Settings\Temporary Internet Files\Content.IE5\MME4IX5Y\popup[1].htm -> Hijacker.Agent.a : No action taken.
C:\Documents and Settings\Shawn\Local Settings\Temporary Internet Files\Content.IE5\MME4IX5Y\popup[2].htm -> Hijacker.Agent.a : No action taken.
C:\Documents and Settings\Shawn\Local Settings\Temporary Internet Files\Content.IE5\MME4IX5Y\popup[3].htm -> Hijacker.Agent.a : No action taken.
C:\Documents and Settings\Shawn\Local Settings\Temporary Internet Files\Content.IE5\MME4IX5Y\popup[4].htm -> Hijacker.Agent.a : No action taken.
C:\Documents and Settings\Shawn\Local Settings\Temporary Internet Files\Content.IE5\MME4IX5Y\popup[5].htm -> Hijacker.Agent.a : No action taken.
C:\Documents and Settings\Shawn\Local Settings\Temporary Internet Files\Content.IE5\MME4IX5Y\popup[6].htm -> Hijacker.Agent.a : No action taken.
C:\Documents and Settings\Shawn\Local Settings\Temporary Internet Files\Content.IE5\MME4IX5Y\popup[7].htm -> Hijacker.Agent.a : No action taken.
C:\Documents and Settings\Shawn\Local Settings\Temporary Internet Files\Content.IE5\MME4IX5Y\popup[8].htm -> Hijacker.Agent.a : No action taken.
C:\Documents and Settings\Shawn\Local Settings\Temporary Internet Files\Content.IE5\MME4IX5Y\popup[9].htm -> Hijacker.Agent.a : No action taken.
C:\Program Files\Messenger\pojyhi.html -> Hijacker.Small.jf : No action taken.
C:\Program Files\Windows Media Player\ryle.html -> Hijacker.Small.jf : No action taken.
:mozilla.344:C:\Documents and Settings\Shawn\Application Data\Mozilla\Firefox\Profiles\u9u6n4yl.default\cookies.txt -> TrackingCookie.247realmedia : No action taken.
:mozilla.345:C:\Documents and Settings\Shawn\Application Data\Mozilla\Firefox\Profiles\u9u6n4yl.default\cookies.txt -> TrackingCookie.247realmedia : No action taken.
:mozilla.351:C:\Documents and Settings\Shawn\Application Data\Mozilla\Firefox\Profiles\u9u6n4yl.default\cookies.txt -> TrackingCookie.247realmedia : No action taken.
:mozilla.353:C:\Documents and Settings\Shawn\Application Data\Mozilla\Firefox\Profiles\u9u6n4yl.default\cookies.txt -> TrackingCookie.247realmedia : No action taken.
C:\Documents and Settings\Shawn\Cookies\shawn@247realmedia[2].txt -> TrackingCookie.247realmedia : No action taken.
:mozilla.108:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\d78eio0b.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.218:C:\Documents and Settings\Shawn\Application Data\Mozilla\Firefox\Profiles\u9u6n4yl.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.219:C:\Documents and Settings\Shawn\Application Data\Mozilla\Firefox\Profiles\u9u6n4yl.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.220:C:\Documents and Settings\Shawn\Application Data\Mozilla\Firefox\Profiles\u9u6n4yl.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.221:C:\Documents and Settings\Shawn\Application Data\Mozilla\Firefox\Profiles\u9u6n4yl.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.222:C:\Documents and Settings\Shawn\Application Data\Mozilla\Firefox\Profiles\u9u6n4yl.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.223:C:\Documents and Settings\Shawn\Application Data\Mozilla\Firefox\Profiles\u9u6n4yl.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.224:C:\Documents and Settings\Shawn\Application Data\Mozilla\Firefox\Profiles\u9u6n4yl.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.225:C:\Documents and Settings\Shawn\Application Data\Mozilla\Firefox\Profiles\u9u6n4yl.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.226:C:\Documents and Settings\Shawn\Application Data\Mozilla\Firefox\Profiles\u9u6n4yl.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.227:C:\Documents and Settings\Shawn\Application Data\Mozilla\Firefox\Profiles\u9u6n4yl.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.228:C:\Documents and Settings\Shawn\Application Data\Mozilla\Firefox\Profiles\u9u6n4yl.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.229:C:\Documents and Settings\Shawn\Application Data\Mozilla\Firefox\Profiles\u9u6n4yl.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.230:C:\Documents and Settings\Shawn\Application Data\Mozilla\Firefox\Profiles\u9u6n4yl.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.231:C:\Documents and Settings\Shawn\Application Data\Mozilla\Firefox\Profiles\u9u6n4yl.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.232:C:\Documents and Settings\Shawn\Application Data\Mozilla\Firefox\Profiles\u9u6n4yl.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.422:C:\Documents and Settings\Shawn\Application Data\Mozilla\Firefox\Profiles\u9u6n4yl.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.500:C:\Documents and Settings\Shawn\Application Data\Mozilla\Firefox\Profiles\u9u6n4yl.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.501:C:\Documents and Settings\Shawn\Application Data\Mozilla\Firefox\Profiles\u9u6n4yl.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.574:C:\Documents and Settings\Shawn\Application Data\Mozilla\Firefox\Profiles\u9u6n4yl.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.618:C:\Documents and Settings\Shawn\Application Data\Mozilla\Firefox\Profiles\u9u6n4yl.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.619:C:\Documents and Settings\Shawn\Application Data\Mozilla\Firefox\Profiles\u9u6n4yl.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.648:C:\Documents and Settings\Shawn\Application Data\Mozilla\Firefox\Profiles\u9u6n4yl.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.655:C:\Documents and Settings\Shawn\Application Data\Mozilla\Firefox\Profiles\u9u6n4yl.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Guest\Cookies\guest@2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Guest\Cookies\guest@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Shawn\Cookies\shawn@2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Shawn\Cookies\shawn@bidzcom.112.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Shawn\Cookies\shawn@entrepreneur.122.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Shawn\Cookies\shawn@infrastrategy.122.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Shawn\Cookies\shawn@microsoftwga.112.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Shawn\Cookies\shawn@partygaming.122.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
:mozilla.273:C:\Documents and Settings\Shawn\Application Data\Mozilla\Firefox\Profiles\u9u6n4yl.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.274:C:\Documents and Settings\Shawn\Application Data\Mozilla\Firefox\Profiles\u9u6n4yl.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.275:C:\Documents and Settings\Shawn\Application Data\Mozilla\Firefox\Profiles\u9u6n4yl.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.327:C:\Documents and Settings\Shawn\Application Data\Mozilla\Firefox\Profiles\u9u6n4yl.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.45:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\d78eio0b.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.46:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\d78eio0b.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.
C:\Documents and Settings\Shawn\Cookies\shawn@adbrite[2].txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.442:C:\Documents and Settings\Shawn\Application Data\Mozilla\Firefox\Profiles\u9u6n4yl.default\cookies.txt -> TrackingCookie.Addynamix : No action taken.
C:\Documents and Settings\Shawn\Cookies\shawn@ads.addynamix[1].txt -> TrackingCookie.Addynamix : No action taken.
C:\Documents and Settings\Shawn\Cookies\shawn@adjuggler[1].txt -> TrackingCookie.Adjuggler : No action taken.
C:\Documents and Settings\Shawn\Cookies\shawn@rotator.adjuggler[1].txt -> TrackingCookie.Adjuggler : No action taken.
C:\Documents and Settings\Shawn\Cookies\shawn@thunderbolt.adjuggler[1].txt -> TrackingCookie.Adjuggler : No action taken.
:mozilla.418:C:\Documents and Settings\Shawn\Application Data\Mozilla\Firefox\Profiles\u9u6n4yl.default\cookies.txt -> TrackingCookie.Admarketplace : No action taken.
:mozilla.558:C:\Documents and Settings\Shawn\Application Data\Mozilla\Firefox\Profiles\u9u6n4yl.default\cookies.txt -> TrackingCookie.Adocean : No action taken.
:mozilla.559:C:\Documents and Settings\Shawn\Application Data\Mozilla\Firefox\Profiles\u9u6n4yl.default\cookies.txt -> TrackingCookie.Adocean : No action taken.
:mozilla.625:C:\Documents and Settings\Shawn\Application Data\Mozilla\Firefox\Profiles\u9u6n4yl.default\cookies.txt -> TrackingCookie.Adocean : No action taken.
:mozilla.626:C:\Documents and Settings\Shawn\Application Data\Mozilla\Firefox\Profiles\u9u6n4yl.default\cookies.txt -> TrackingCookie.Adocean : No action taken.
:mozilla.297:C:\Documents and Settings\Shawn\Application Data\Mozilla\Firefox\Profiles\u9u6n4yl.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.298:C:\Documents and Settings\Shawn\Application Data\Mozilla\Firefox\Profiles\u9u6n4yl.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.299:C:\Documents and Settings\Shawn\Application Data\Mozilla\Firefox\Profiles\u9u6n4yl.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.300:C:\Documents and Settings\Shawn\Application Data\Mozilla\Firefox\Profiles\u9u6n4yl.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.301:C:\Documents and Settings\Shawn\Application Data\Mozilla\Firefox\Profiles\u9u6n4yl.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.302:C:\Documents and Settings\Shawn\Application Data\Mozilla\Firefox\Profiles\u9u6n4yl.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.303:C:\Documents and Settings\Shawn\Application Data\Mozilla\Firefox\Profiles\u9u6n4yl.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
C:\Documents and Settings\Shawn\Cookies\shawn@adrevolver[1].txt -> TrackingCookie.Adrevolver : No action taken.
C:\Documents and Settings\Shawn\Cookies\shawn@www.adtrak[2].txt -> TrackingCookie.Adtrak : No action taken.
:mozilla.31:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\d78eio0b.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.32:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\d78eio0b.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.33:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\d78eio0b.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.34:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\d78eio0b.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.82:C:\Documents and Settings\Shawn\Application Data\Mozilla\Firefox\Profiles\u9u6n4yl.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.83:C:\Documents and Settings\Shawn\Application Data\Mozilla\Firefox\Profiles\u9u6n4yl.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.84:C:\Documents and Settings\Shawn\Application Data\Mozilla\Firefox\Profiles\u9u6n4yl.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.90:C:\Documents and Settings\Shawn\Application Data\Mozilla\Firefox\Profiles\u9u6n4yl.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.91:C:\Documents and Settings\Shawn\Application Data\Mozilla\Firefox\Profiles\u9u6n4yl.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
C:\Documents and Settings\Guest\Cookies\guest@advertising[2].txt -> TrackingCookie.Advertising : No action taken.
:mozilla.18:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\d78eio0b.default\cookies.txt -> TrackingCookie.Atdmt : No action taken.
:mozilla.29:C:\Documents and Settings\Shawn\Application Data\Mozilla\Firefox\Profiles\u9u6n4yl.default\cookies.txt -> TrackingCookie.Atdmt : No action taken.
C:\Documents and Settings\Guest\Cookies\guest@atdmt[2].txt -> TrackingCookie.Atdmt : No action taken.
:mozilla.410:C:\Documents and Settings\Shawn\Application Data\Mozilla\Firefox\Profiles\u9u6n4yl.default\cookies.txt -> TrackingCookie.Bluestreak : No action taken.
C:\Documents and Settings\Shawn\Cookies\shawn@bluestreak[2].txt -> TrackingCookie.Bluestreak : No action taken.
:mozilla.330:C:\Documents and Settings\Shawn\Application Data\Mozilla\Firefox\Profiles\u9u6n4yl.default\cookies.txt -> TrackingCookie.Bridgetrack : No action taken.
:mozilla.331:C:\Documents and Settings\Shawn\Application Data\Mozilla\Firefox\Profiles\u9u6n4yl.default\cookies.txt -> TrackingCookie.Bridgetrack : No action taken.
:mozilla.332:C:\Documents and Settings\Shawn\Application Data\Mozilla\Firefox\Profiles\u9u6n4yl.default\cookies.txt -> TrackingCookie.Bridgetrack : No action taken.
:mozilla.55:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\d78eio0b.default\cookies.txt -> TrackingCookie.Bridgetrack : No action taken.
:mozilla.56:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\d78eio0b.default\cookies.txt -> TrackingCookie.Bridgetrack : No action taken.
C:\Documents and Settings\Guest\Cookies\guest@citi.bridgetrack[1].txt -> TrackingCookie.Bridgetrack : No action taken.
C:\Documents and Settings\Shawn\Cookies\shawn@citi.bridgetrack[2].txt -> TrackingCookie.Bridgetrack : No action taken.
:mozilla.837:C:\Documents and Settings\Shawn\Application Data\Mozilla\Firefox\Profiles\u9u6n4yl.default\cookies.txt -> TrackingCookie.Burstbeacon : No action taken.
C:\Documents and Settings\Shawn\Cookies\shawn@www.burstbeacon[2].txt -> TrackingCookie.Burstbeacon : No action taken.
:mozilla.477:C:\Documents and Settings\Shawn\Application Data\Mozilla\Firefox\Profiles\u9u6n4yl.default\cookies.txt -> TrackingCookie.Burstnet : No action taken.
C:\Documents and Settings\Shawn\Cookies\shawn@burstnet[1].txt -> TrackingCookie.Burstnet : No action taken.
:mozilla.42:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\d78eio0b.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.43:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\d78eio0b.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.44:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\d78eio0b.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.47:C:\Documents and Settings\Shawn\Application Data\Mozilla\Firefox\Profiles\u9u6n4yl.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.48:C:\Documents and Settings\Shawn\Application Data\Mozilla\Firefox\Profiles\u9u6n4yl.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.49:C:\Documents and Settings\Shawn\Application Data\Mozilla\Firefox\Profiles\u9u6n4yl.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.50:C:\Documents and Settings\Shawn\Application Data\Mozilla\Firefox\Profiles\u9u6n4yl.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.51:C:\Documents and Settings\Shawn\Application Data\Mozilla\Firefox\Profiles\u9u6n4yl.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.52:C:\Documents and Settings\Shawn\Application Data\Mozilla\Firefox\Profiles\u9u6n4yl.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.53:C:\Documents and Settings\Shawn\Application Data\Mozilla\Firefox\Profiles\u9u6n4yl.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.54:C:\Documents and Settings\Shawn\Application Data\Mozilla\Firefox\Profiles\u9u6n4yl.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
C:\Documents and Settings\Guest\Cookies\guest@casalemedia[1].txt -> TrackingCookie.Casalemedia : No action taken.
C:\Documents and Settings\Shawn\Cookies\shawn@casinotropez[1].txt -> TrackingCookie.Casinotropez : No action taken.
:mozilla.491:C:\Documents and Settings\Shawn\Application Data\Mozilla\Firefox\Profiles\u9u6n4yl.default\cookies.txt -> TrackingCookie.Centrport : No action taken.
:mozilla.107:C:\Documents and Settings\Shawn\Application Data\Mozilla\Firefox\Profiles\u9u6n4yl.default\cookies.txt -> TrackingCookie.Clickbank : No action taken.
:mozilla.66:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\d78eio0b.default\cookies.txt -> TrackingCookie.Clickbank : No action taken.
C:\Documents and Settings\Shawn\Cookies\shawn@clickbank[1].txt -> TrackingCookie.Clickbank : No action taken.
C:\Documents and Settings\Shawn\Cookies\shawn@ad1.clickhype[1].txt -> TrackingCookie.Clickhype : No action taken.
:mozilla.17:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\d78eio0b.default\cookies.txt -> TrackingCookie.Com : No action taken.
:mozilla.25:C:\Documents and Settings\Shawn\Application Data\Mozilla\Firefox\Profiles\u9u6n4yl.default\cookies.txt -> TrackingCookie.Com : No action taken.
C:\Documents and Settings\Shawn\Cookies\shawn@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : No action taken.
:mozilla.28:C:\Documents and Settings\Shawn\Application Data\Mozilla\Firefox\Profiles\u9u6n4yl.default\cookies.txt -> TrackingCookie.Doubleclick : No action taken.
:mozilla.30:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\d78eio0b.default\cookies.txt -> TrackingCookie.Doubleclick : No action taken.
C:\Documents and Settings\Guest\Cookies\guest@doubleclick[2].txt -> TrackingCookie.Doubleclick : No action taken.
:mozilla.79:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\d78eio0b.default\cookies.txt -> TrackingCookie.Enhance : No action taken.
C:\Documents and Settings\Shawn\Cookies\shawn@adservices6.enhance[2].txt -> TrackingCookie.Enhance : No action taken.
C:\Documents and Settings\Shawn\Cookies\shawn@c.enhance[1].txt -> TrackingCookie.Enhance : No action taken.
:mozilla.530:C:\Documents and Settings\Shawn\Application Data\Mozilla\Firefox\Profiles\u9u6n4yl.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.531:C:\Documents and Settings\Shawn\Application Data\Mozilla\Firefox\Profiles\u9u6n4yl.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.263:C:\Documents and Settings\Shawn\Application Data\Mozilla\Firefox\Profiles\u9u6n4yl.default\cookies.txt -> TrackingCookie.Euroclick : No action taken.
:mozilla.264:C:\Documents and Settings\Shawn\Application Data\Mozilla\Firefox\Profiles\u9u6n4yl.default\cookies.txt -> TrackingCookie.Euroclick : No action taken.
:mozilla.265:C:\Documents and Settings\Shawn\Application Data\Mozilla\Firefox\Profiles\u9u6n4yl.default\cookies.txt -> TrackingCookie.Euroclick : No action taken.
:mozilla.266:C:\Documents and Settings\Shawn\Application Data\Mozilla\Firefox\Profiles\u9u6n4yl.default\cookies.txt -> TrackingCookie.Euroclick : No action taken.
:mozilla.53:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\d78eio0b.default\cookies.txt -> TrackingCookie.Euroclick : No action taken.
:mozilla.54:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\d78eio0b.default\cookies.txt -> TrackingCookie.Euroclick : No action taken.
:mozilla.100:C:\Documents and Settings\Shawn\Application Data\Mozilla\Firefox\Profiles\u9u6n4yl.default\cookies.txt -> TrackingCookie.Falkag : No action taken.
:mozilla.97:C:\Documents and Settings\Shawn\Application Data\Mozilla\Firefox\Profiles\u9u6n4yl.default\cookies.txt -> TrackingCookie.Falkag : No action taken.
:mozilla.99:C:\Documents and Settings\Shawn\Application Data\Mozilla\Firefox\Profiles\u9u6n4yl.default\cookies.txt -> TrackingCookie.Falkag : No action taken.
C:\Documents and Settings\Shawn\Cookies\shawn@a.as-us.falkag[1].txt -> TrackingCookie.Falkag : No action taken.
C:\Documents and Settings\Shawn\Cookies\shawn@as-eu.falkag[1].txt -> TrackingCookie.Falkag : No action taken.
C:\Documents and Settings\Shawn\Cookies\shawn@as-us.falkag[2].txt -> TrackingCookie.Falkag : No action taken.
:mozilla.52:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\d78eio0b.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.64:C:\Documents and Settings\Shawn\Application Data\Mozilla\Firefox\Profiles\u9u6n4yl.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.69:C:\Documents and Settings\Shawn\Application Data\Mozilla\Firefox\Profiles\u9u6n4yl.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.70:C:\Documents and Settings\Shawn\Application Data\Mozilla\Firefox\Profiles\u9u6n4yl.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.71:C:\Documents and Settings\Shawn\Application Data\Mozilla\Firefox\Profiles\u9u6n4yl.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.72:C:\Documents and Settings\Shawn\Application Data\Mozilla\Firefox\Profiles\u9u6n4yl.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.108:C:\Documents and Settings\Shawn\Application Data\Mozilla\Firefox\Profiles\u9u6n4yl.default\cookies.txt -> TrackingCookie.Googleadservices : No action taken.
:mozilla.820:C:\Documents and Settings\Shawn\Application Data\Mozilla\Firefox\Profiles\u9u6n4yl.default\cookies.txt -> TrackingCookie.Liveperson : No action taken.
:mozilla.821:C:\Documents and Settings\Shawn\Application Data\Mozilla\Firefox\Profiles\u9u6n4yl.default\cookies.txt -> TrackingCookie.Liveperson : No action taken.
:mozilla.822:C:\Documents and Settings\Shawn\Application Data\Mozilla\Firefox\Profiles\u9u6n4yl.default\cookies.txt -> TrackingCookie.Liveperson : No action taken.
C:\Documents and Settings\Shawn\Cookies\shawn@server.iad.liveperson[2].txt -> TrackingCookie.Liveperson : No action taken.
:mozilla.33:C:\Documents and Settings\Shawn\Application Data\Mozilla\Firefox\Profiles\u9u6n4yl.default\cookies.txt -> TrackingCookie.Lop : No action taken.
:mozilla.808:C:\Documents and Settings\Shawn\Application Data\Mozilla\Firefox\Profiles\u9u6n4yl.default\cookies.txt -> TrackingCookie.Masterstats : No action taken.
:mozilla.304:C:\Documents and Settings\Shawn\Application Data\Mozilla\Firefox\Profiles\u9u6n4yl.default\cookies.txt -> TrackingCookie.Mediaplex : No action taken.
C:\Documents and Settings\Shawn\Cookies\shawn@www.myaffiliateprogram[2].txt -> TrackingCookie.Myaffiliateprogram : No action taken.
:mozilla.658:C:\Documents and Settings\Shawn\Application Data\Mozilla\Firefox\Profiles\u9u6n4yl.default\cookies.txt -> TrackingCookie.Overture : No action taken.
C:\Documents and Settings\Shawn\Cookies\shawn@data1.perf.overture[2].txt -> TrackingCookie.Overture : No action taken.
C:\Documents and Settings\Shawn\Cookies\shawn@data2.perf.overture[1].txt -> TrackingCookie.Overture : No action taken.
C:\Documents and Settings\Shawn\Cookies\shawn@overture[1].txt -> TrackingCookie.Overture : No action taken.
C:\Documents and Settings\Shawn\Cookies\shawn@perf.overture[1].txt -> TrackingCookie.Overture : No action taken.
:mozilla.443:C:\Documents and Settings\Shawn\Application Data\Mozilla\Firefox\Profiles\u9u6n4yl.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.444:C:\Documents and Settings\Shawn\Application Data\Mozilla\Firefox\Profiles\u9u6n4yl.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.445:C:\Documents and Settings\Shawn\Application Data\Mozilla\Firefox\Profiles\u9u6n4yl.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.446:C:\Documents and Settings\Shawn\Application Data\Mozilla\Firefox\Profiles\u9u6n4yl.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
C:\Documents and Settings\Shawn\Cookies\shawn@ads.pointroll[1].txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.673:C:\Documents and Settings\Shawn\Application Data\Mozilla\Firefox\Profiles\u9u6n4yl.default\cookies.txt -> TrackingCookie.Qksrv : No action taken.
:mozilla.674:C:\Documents and Settings\Shawn\Application Data\Mozilla\Firefox\Profiles\u9u6n4yl.default\cookies.txt -> TrackingCookie.Qksrv : No action taken.
C:\Documents and Settings\Shawn\Cookies\shawn@qksrv[2].txt -> TrackingCookie.Qksrv : No action taken.
:mozilla.107:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\d78eio0b.default\cookies.txt -> TrackingCookie.Questionmarket : No action taken.
:mozilla.86:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\d78eio0b.default\cookies.txt -> TrackingCookie.Questionmarket : No action taken.
C:\Documents and Settings\Guest\Cookies\guest@questionmarket[2].txt -> TrackingCookie.Questionmarket : No action taken.
C:\Documents and Settings\Shawn\Cookies\shawn@questionmarket[2].txt -> TrackingCookie.Questionmarket : No action taken.
:mozilla.110:C:\Documents and Settings\Shawn\Application Data\Mozilla\Firefox\Profiles\u9u6n4yl.default\cookies.txt -> TrackingCookie.Reliablestats : No action taken.
:mozilla.111:C:\Documents and Settings\Shawn\Application Data\Mozilla\Firefox\Profiles\u9u6n4yl.default\cookies.txt -> TrackingCookie.Reliablestats : No action taken.
:mozilla.112:C:\Documents and Settings\Shawn\Application Data\Mozilla\Firefox\Profiles\u9u6n4yl.default\cookies.txt -> TrackingCookie.Reliablestats : No action taken.
:mozilla.113:C:\Documents and Settings\Shawn\Application Data\Mozilla\Firefox\Profiles\u9u6n4yl.default\cookies.txt -> TrackingCookie.Reliablestats : No action taken.
:mozilla.114:C:\Documents and Settings\Shawn\Application Data\Mozilla\Firefox\Profiles\u9u6n4yl.default\cookies.txt -> TrackingCookie.Reliablestats : No action taken.
C:\Documents and Settings\Shawn\Cookies\shawn@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : No action taken.
:mozilla.702:C:\Documents and Settings\Shawn\Application Data\Mozilla\Firefox\Profiles\u9u6n4yl.default\cookies.txt -> TrackingCookie.Revenue : No action taken.
C:\Documents and Settings\Shawn\Cookies\shawn@revenue[1].txt -> TrackingCookie.Revenue : No action taken.
:mozilla.533:C:\Documents and Settings\Shawn\Application Data\Mozilla\Firefox\Profiles\u9u6n4yl.default\cookies.txt -> TrackingCookie.Ru4 : No action taken.
:mozilla.534:C:\Documents and Settings\Shawn\Application Data\Mozilla\Firefox\Profiles\u9u6n4yl.default\cookies.txt -> TrackingCookie.Ru4 : No action taken.
C:\Documents and Settings\Shawn\Cookies\shawn@edge.ru4[1].txt -> TrackingCookie.Ru4 : No action taken.
C:\Documents and Settings\Shawn\Cookies\shawn@banners.searchingbooth[2].txt -> TrackingCookie.Searchingbooth : No action taken.
:mozilla.167:C:\Documents and Settings\Shawn\Application Data\Mozilla\Firefox\Profiles\u9u6n4yl.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.168:C:\Documents and Settings\Shawn\Application Data\Mozilla\Firefox\Profiles\u9u6n4yl.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.169:C:\Documents and Settings\Shawn\Application Data\Mozilla\Firefox\Profiles\u9u6n4yl.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.170:C:\Documents and Settings\Shawn\Application Data\Mozilla\Firefox\Profiles\u9u6n4yl.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.171:C:\Documents and Settings\Shawn\Application Data\Mozilla\Firefox\Profiles\u9u6n4yl.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.172:C:\Documents and Settings\Shawn\Application Data\Mozilla\Firefox\Profiles\u9u6n4yl.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.137:C:\Documents and Settings\Shawn\Application Data\Mozilla\Firefox\Profiles\u9u6n4yl.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.
:mozilla.138:C:\Documents and Settings\Shawn\Application Data\Mozilla\Firefox\Profiles\u9u6n4yl.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.
:mozilla.139:C:\Documents and Settings\Shawn\Application Data\Mozilla\Firefox\Profiles\u9u6n4yl.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.
:mozilla.140:C:\Documents and Settings\Shawn\Application Data\Mozilla\Firefox\Profiles\u9u6n4yl.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.
:mozilla.141:C:\Documents and Settings\Shawn\Application Data\Mozilla\Firefox\Profiles\u9u6n4yl.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.
:mozilla.142:C:\Documents and Settings\Shawn\Application Data\Mozilla\Firefox\Profiles\u9u6n4yl.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.
:mozilla.143:C:\Documents and Settings\Shawn\Application Data\Mozilla\Firefox\Profiles\u9u6n4yl.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.
:mozilla.144:C:\Documents and Settings\Shawn\Application Data\Mozilla\Firefox\Profiles\u9u6n4yl.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.
:mozilla.145:C:\Documents and Settings\Shawn\Application Data\Mozilla\Firefox\Profiles\u9u6n4yl.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.
:mozilla.146:C:\Documents and Settings\Shawn\Application Data\Mozilla\Firefox\Profiles\u9u6n4yl.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.
:mozilla.147:C:\Documents and Settings\Shawn\Application Data\Mozilla\Firefox\Profiles\u9u6n4yl.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.
:mozilla.148:C:\Documents and Settings\Shawn\Application Data\Mozilla\Firefox\Profiles\u9u6n4yl.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.
:mozilla.149:C:\Documents and Settings\Shawn\Application Data\Mozilla\Firefox\Profiles\u9u6n4yl.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.
:mozilla.150:C:\Documents and Settings\Shawn\Application Data\Mozilla\Firefox\Profiles\u9u6n4yl.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.
:mozilla.151:C:\Documents and Settings\Shawn\Application Data\Mozilla\Firefox\Profiles\u9u6n4yl.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.
:mozilla.152:C:\Documents and Settings\Shawn\Application Data\Mozilla\Firefox\Profiles\u9u6n4yl.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.
:mozilla.153:C:\Documents and Settings\Shawn\Application Data\Mozilla\Firefox\Profiles\u9u6n4yl.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.
:mozilla.154:C:\Documents and Settings\Shawn\Application Data\Mozilla\Firefox\Profiles\u9u6n4yl.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.
:mozilla.155:C:\Documents and Settings\Shawn\Application Data\Mozilla\Firefox\Profiles\u9u6n4yl.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.
:mozilla.156:C:\Documents and Settings\Shawn\Application Data\Mozilla\Firefox\Profiles\u9u6n4yl.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.
:mozilla.157:C:\Documents and Settings\Shawn\Application Data\Mozilla\Firefox\Profiles\u9u6n4yl.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.
:mozilla.158:C:\Documents and Settings\Shawn\Application Data\Mozilla\Firefox\Profiles\u9u6n4yl.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.
:mozilla.159:C:\Documents and Settings\Shawn\Application Data\Mozilla\Firefox\Profiles\u9u6n4yl.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.
:mozilla.160:C:\Documents and Settings\Shawn\Application Data\Mozilla\Firefox\Profiles\u9u6n4yl.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.
:mozilla.161:C:\Documents and Settings\Shawn\Application Data\Mozilla\Firefox\Profiles\u9u6n4yl.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.
:mozilla.162:C:\Documents and Settings\Shawn\Application Data\Mozilla\Firefox\Profiles\u9u6n4yl.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.
:mozilla.163:C:\Documents and Settings\Shawn\Application Data\Mozilla\Firefox\Profiles\u9u6n4yl.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.
:mozilla.164:C:\Documents and Settings\Shawn\Application Data\Mozilla\Firefox\Profiles\u9u6n4yl.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.
:mozilla.165:C:\Documents and Settings\Shawn\Application Data\Mozilla\Firefox\Profiles\u9u6n4yl.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.
:mozilla.166:C:\Documents and Settings\Shawn\Application Data\Mozilla\Firefox\Profiles\u9u6n4yl.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.
:mozilla.79:C:\Documents and Settings\Shawn\Application Data\Mozilla\Firefox\Profiles\u9u6n4yl.default\cookies.txt -> TrackingCookie.Sextracker : No action taken.
:mozilla.80:C:\Documents and Settings\Shawn\Application Data\Mozilla\Firefox\Profiles\u9u6n4yl.default\cookies.txt -> TrackingCookie.Sextracker : No action taken.
C:\Documents and Settings\Shawn\Cookies\shawn@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : No action taken.
C:\Documents and Settings\Shawn\Cookies\shawn@h.starware[2].txt -> TrackingCookie.Starware : No action taken.
:mozilla.333:C:\Documents and Settings\Shawn\Application Data\Mozilla\Firefox\Profiles\u9u6n4yl.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.334:C:\Documents and Settings\Shawn\Application Data\Mozilla\Firefox\Profiles\u9u6n4yl.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.335:C:\Documents and Settings\Shawn\Application Data\Mozilla\Firefox\Profiles\u9u6n4yl.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.336:C:\Documents and Settings\Shawn\Application Data\Mozilla\Firefox\Profiles\u9u6n4yl.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.337:C:\Documents and Settings\Shawn\Application Data\Mozilla\Firefox\Profiles\u9u6n4yl.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.338:C:\Documents and Settings\Shawn\Application Data\Mozilla\Firefox\Profiles\u9u6n4yl.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.339:C:\Documents and Settings\Shawn\Application Data\Mozilla\Firefox\Profiles\u9u6n4yl.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.340:C:\Documents and Settings\Shawn\Application Data\Mozilla\Firefox\Profiles\u9u6n4yl.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.341:C:\Documents and Settings\Shawn\Application Data\Mozilla\Firefox\Profiles\u9u6n4yl.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.342:C:\Documents and Settings\Shawn\Application Data\Mozilla\Firefox\Profiles\u9u6n4yl.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.343:C:\Documents and Settings\Shawn\Application Data\Mozilla\Firefox\Profiles\u9u6n4yl.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.348:C:\Documents and Settings\Shawn\Application Data\Mozilla\Firefox\Profiles\u9u6n4yl.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.352:C:\Documents and Settings\Shawn\Application Data\Mozilla\Firefox\Profiles\u9u6n4yl.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.71:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\d78eio0b.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
C:\Documents and Settings\Shawn\Cookies\shawn@statcounter[2].txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.389:C:\Documents and Settings\Shawn\Application Data\Mozilla\Firefox\Profiles\u9u6n4yl.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.390:C:\Documents and Settings\Shawn\Application Data\Mozilla\Firefox\Profiles\u9u6n4yl.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
C:\Documents and Settings\Shawn\Cookies\shawn@anad.tacoda[2].txt -> TrackingCookie.Tacoda : No action taken.
C:\Documents and Settings\Shawn\Cookies\shawn@tacoda[2].txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.252:C:\Documents and Settings\Shawn\Application Data\Mozilla\Firefox\Profiles\u9u6n4yl.default\cookies.txt -> TrackingCookie.Targetnet : No action taken.
:mozilla.253:C:\Documents and Settings\Shawn\Application Data\Mozilla\Firefox\Profiles\u9u6n4yl.default\cookies.txt -> TrackingCookie.Targetnet : No action taken.
:mozilla.254:C:\Documents and Settings\Shawn\Application Data\Mozilla\Firefox\Profiles\u9u6n4yl.default\cookies.txt -> TrackingCookie.Targetnet : No action taken.
C:\Documents and Settings\Shawn\Cookies\shawn@media.top-banners[1].txt -> TrackingCookie.Top-banners : No action taken.
C:\Documents and Settings\Shawn\Cookies\shawn@trafficmp[1].txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.720:C:\Documents and Settings\Shawn\Application Data\Mozilla\Firefox\Profiles\u9u6n4yl.default\cookies.txt -> TrackingCookie.Trafic : No action taken.
:mozilla.40:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\d78eio0b.default\cookies.txt -> TrackingCookie.Tribalfusion : No action taken.
:mozilla.65:C:\Documents and Settings\Shawn\Application Data\Mozilla\Firefox\Profiles\u9u6n4yl.default\cookies.txt -> TrackingCookie.Tribalfusion : No action taken.
:mozilla.66:C:\Documents and Settings\Shawn\Application Data\Mozilla\Firefox\Profiles\u9u6n4yl.default\cookies.txt -> TrackingCookie.Tribalfusion : No action taken.
:mozilla.67:C:\Documents and Settings\Shawn\Application Data\Mozilla\Firefox\Profiles\u9u6n4yl.default\cookies.txt -> TrackingCookie.Tribalfusion : No action taken.
:mozilla.68:C:\Documents and Settings\Shawn\Application Data\Mozilla\Firefox\Profiles\u9u6n4yl.default\cookies.txt -> TrackingCookie.Tribalfusion : No action taken.
:mozilla.787:C:\Documents and Settings\Shawn\Application Data\Mozilla\Firefox\Profiles\u9u6n4yl.default\cookies.txt -> TrackingCookie.Tribalfusion : No action taken.
C:\Documents and Settings\Guest\Cookies\guest@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : No action taken.
:mozilla.664:C:\Documents and Settings\Shawn\Application Data\Mozilla\Firefox\Profiles\u9u6n4yl.default\cookies.txt -> TrackingCookie.Valuead : No action taken.
:mozilla.665:C:\Documents and Settings\Shawn\Application Data\Mozilla\Firefox\Profiles\u9u6n4yl.default\cookies.txt -> TrackingCookie.Valuead : No action taken.
:mozilla.666:C:\Documents and Settings\Shawn\Application Data\Mozilla\Firefox\Profiles\u9u6n4yl.default\cookies.txt -> TrackingCookie.Valuead : No action taken.
:mozilla.667:C:\Documents and Settings\Shawn\Application Data\Mozilla\Firefox\Profiles\u9u6n4yl.default\cookies.txt -> TrackingCookie.Valuead : No action taken.
:mozilla.692:C:\Documents and Settings\Shawn\Application Data\Mozilla\Firefox\Profiles\u9u6n4yl.default\cookies.txt -> TrackingCookie.Valuead : No action taken.
:mozilla.693:C:\Documents and Settings\Shawn\Application Data\Mozilla\Firefox\Profiles\u9u6n4yl.default\cookies.txt -> TrackingCookie.Valuead : No action taken.
:mozilla.694:C:\Documents and Settings\Shawn\Application Data\Mozilla\Firefox\Profiles\u9u6n4yl.default\cookies.txt -> TrackingCookie.Valuead : No action taken.
:mozilla.695:C:\Documents and Settings\Shawn\Application Data\Mozilla\Firefox\Profiles\u9u6n4yl.default\cookies.txt -> TrackingCookie.Valuead : No action taken.
:mozilla.696:C:\Documents and Settings\Shawn\Application Data\Mozilla\Firefox\Profiles\u9u6n4yl.default\cookies.txt -> TrackingCookie.Valuead : No action taken.
C:\Documents and Settings\Shawn\Cookies\shawn@pmads.valuead[1].txt -> TrackingCookie.Valuead : No action taken.
C:\Documents and Settings\Shawn\Cookies\shawn@reduxads.valuead[2].txt -> TrackingCookie.Valuead : No action taken.
:mozilla.430:C:\Documents and Settings\Shawn\Application Data\Mozilla\Firefox\Profiles\u9u6n4yl.default\cookies.txt -> TrackingCookie.Valueclick : No action taken.
:mozilla.754:C:\Documents and Settings\Shawn\Application Data\Mozilla\Firefox\Profiles\u9u6n4yl.default\cookies.txt -> TrackingCookie.Yadro : No action taken.
:mozilla.755:C:\Documents and Settings\Shawn\Application Data\Mozilla\Firefox\Profiles\u9u6n4yl.default\cookies.txt -> TrackingCookie.Yadro : No action taken.
:mozilla.249:C:\Documents and Settings\Shawn\Application Data\Mozilla\Firefox\Profiles\u9u6n4yl.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.250:C:\Documents and Settings\Shawn\Application Data\Mozilla\Firefox\Profiles\u9u6n4yl.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.251:C:\Documents and Settings\Shawn\Application Data\Mozilla\Firefox\Profiles\u9u6n4yl.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.60:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\d78eio0b.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.61:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\d78eio0b.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.62:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\d78eio0b.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
C:\Documents and Settings\Guest\Cookies\guest@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : No action taken.
C:\Documents and Settings\Shawn\Cookies\shawn@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : No action taken.
C:\Documents and Settings\Shawn\Cookies\shawn@ad.yieldmanager[3].txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.347:C:\Documents and Settings\Shawn\Application Data\Mozilla\Firefox\Profiles\u9u6n4yl.default\cookies.txt -> TrackingCookie.Zedo : No action taken.
:mozilla.350:C:\Documents and Settings\Shawn\Application Data\Mozilla\Firefox\Profiles\u9u6n4yl.default\cookies.txt -> TrackingCookie.Zedo : No action taken.
:mozilla.354:C:\Documents and Settings\Shawn\Application Data\Mozilla\Firefox\Profiles\u9u6n4yl.default\cookies.txt -> TrackingCookie.Zedo : No action taken.
:mozilla.57:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\d78eio0b.default\cookies.txt -> TrackingCookie.Zedo : No action taken.
:mozilla.58:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\d78eio0b.default\cookies.txt -> TrackingCookie.Zedo : No action taken.
:mozilla.59:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\d78eio0b.default\cookies.txt -> TrackingCookie.Zedo : No action taken.
C:\Documents and Settings\Shawn\Cookies\shawn@zedo[2].txt -> TrackingCookie.Zedo : No action taken.
::Report end
On another note the clicking desktop is gone!!!!! /rejoice!
Download and install AVG antispyware tool
- Close all other Applications Select language click Ok
- Click I Agree
- Click next
- Click Install
- Click Finish
- Wait and AVG antispyware will open to the main screen automatically.
- Wait again a few minutes and AVG antispyware Should Auto update itself. If it doesn't click update at top of screen.
- This is very important to get updates
- When updating has finished. Close AVG antispyware.
If you have an "always on" connection to the internet, physically disconnect that connection until you are finished with Safe Mode and have rebooted back into normal mode.- Next, please reboot your computer in Safe Mode by doing the following:
- Restart your computer
- After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
- Instead of Windows loading as normal, a menu should appear use arrow up to highlight
- Select the first option, to run Windows in Safe Mode hit enter.
- For additional help in booting into Safe Mode, see the following site: HERE
Make sure to close all open windows/programs/folders. Have nothing else open while AVG antispyware performs its scan!You MUST manage to get into Safe Mode for the fix to work.
- Open AVG antispyware.
- Click on scanner at top of AVG antispyware sceen.
- Click on Settings.
- Under How to Act click on Recommended Action and choose Quarantine.
- Under How to scan all boxes should be selected.
- Under Possibly unwanted software all boxes should be selected.
- On right side under Reports: click on Automatically generate report after every scan.
- Under What to scan select scan every file.
- Click On scan Tab.
- Click on Complete system scan.
- Let the program scan the machine It can take awhile give it time.
- When scan has finished at bottom of screen click Apply all Actions.
- Click Save report
- Click Save Report as (Save as window's screen should pop up.)
- Click desktop.
- Click Save.
- Exit AVG antispyware.
Reboot back to normal mode.Post the log here.
AVG Anti-Spyware - Scan Report
+ Created at: 2:13:55 PM 11/2/2006
+ Scan result:
:mozilla.31:C:\Documents and Settings\Shawn\Application Data\Mozilla\Firefox\Profiles\u9u6n4yl.default\cookies.txt -> TrackingCookie.Doubleclick : No action taken.
:mozilla.30:C:\Documents and Settings\Shawn\Application Data\Mozilla\Firefox\Profiles\u9u6n4yl.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.32:C:\Documents and Settings\Shawn\Application Data\Mozilla\Firefox\Profiles\u9u6n4yl.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
::Report end
Logfile of HijackThis v1.99.1
Scan saved at 2:28:46 PM, on 11/2/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\CTSvcCDA.EXE
C:\Program Files\NavNT\defwatch.exe
C:\WINDOWS\system32\cba\pds.exe
C:\MATLAB6p5\webserver\bin\win32\matlabserver.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\ams_ii\hndlrsvc.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\WINDOWS\system32\ams_ii\iao.exe
C:\WINDOWS\system32\cba\xfr.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearch.exe
C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearchIndexer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hijackthis\HijackThis.exe
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ATI Remote Control] C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun
O4 - HKCU\..\Run: [greatnew] C:\DOCUME~1\Shawn\APPLIC~1\ACIDCO~1\Batskip.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearch.exe
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-us\msntabres.dll/229?3e34eebd75324ca0bccca6f1bd359bc3
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-us\msntabres.dll/230?3e34eebd75324ca0bccca6f1bd359bc3
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=34738&clcid=0x409
O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ubisoft.com/dev/packages/GSManager.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20031216/qtinstall.info.apple.com/mickey/us/win/QuickTimeInstaller.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004033001/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://utu.popcap.com/games/popcaploader_v6.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTSvcCDA.EXE
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Intel Alert Handler - Intel Corporation - C:\WINDOWS\system32\ams_ii\hndlrsvc.exe
O23 - Service: Intel Alert Originator - Intel Corporation - C:\WINDOWS\system32\ams_ii\iao.exe
O23 - Service: Intel File Transfer - Intel Corporation - C:\WINDOWS\system32\cba\xfr.exe
O23 - Service: Intel PDS - Intel Corporation - C:\WINDOWS\system32\cba\pds.exe
O23 - Service: MATLAB Server (matlabserver) - Unknown owner - C:\MATLAB6p5\webserver\bin\win32\matlabserver.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe (file missing)
Did what you said - uninstalled old AVG - installed new and updated it - did the quarantine and ran a scan in safe mode. oddly it only found 3 infections but I guess thats good! HTJ log posted aswell.
==
Can you please do the following.
===============
Scan with HijackThis and then place a check next to all the following, if present:
O4 - HKCU\..\Run: [greatnew] C:\DOCUME~1\Shawn\APPLIC~1\ACIDCO~1\Batskip.exe
Now, close all instances of Internet Explorer and any other windows you have open except HiJackThis, click "Fix checked".
===============
Locate and delete the following item(s), if present. Make sure you are able to view system and hidden files/ folders:
folder...
C:\DOCUME~1\Shawn\APPLIC~1\ACIDCO~1
-
Note that some of these file(s)/folder(s) may or may not be present. If present, and cannot be deleted because they're 'in use', try deleting them in Safe Mode by doing the following:
- Restart your computer
- After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
- Instead of Windows loading as normal, a menu should appear.
Select the first option to run Windows in Safe Mode hit enter.-
Reboot.
===============
After rebooting, rescan with hijackthis and post back a new log. Please let me know how your pc is now.
Scan saved at 10:09:06 AM, on 11/3/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\CTSvcCDA.EXE
C:\Program Files\NavNT\defwatch.exe
C:\WINDOWS\system32\cba\pds.exe
C:\MATLAB6p5\webserver\bin\win32\matlabserver.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\ams_ii\hndlrsvc.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\WINDOWS\system32\ams_ii\iao.exe
C:\WINDOWS\system32\cba\xfr.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearch.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearchIndexer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hijackthis\HijackThis.exe
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ATI Remote Control] C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearch.exe
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-us\msntabres.dll/229?3e34eebd75324ca0bccca6f1bd359bc3
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-us\msntabres.dll/230?3e34eebd75324ca0bccca6f1bd359bc3
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=34738&clcid=0x409
O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ubisoft.com/dev/packages/GSManager.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20031216/qtinstall.info.apple.com/mickey/us/win/QuickTimeInstaller.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004033001/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://utu.popcap.com/games/popcaploader_v6.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTSvcCDA.EXE
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Intel Alert Handler - Intel Corporation - C:\WINDOWS\system32\ams_ii\hndlrsvc.exe
O23 - Service: Intel Alert Originator - Intel Corporation - C:\WINDOWS\system32\ams_ii\iao.exe
O23 - Service: Intel File Transfer - Intel Corporation - C:\WINDOWS\system32\cba\xfr.exe
O23 - Service: Intel PDS - Intel Corporation - C:\WINDOWS\system32\cba\pds.exe
O23 - Service: MATLAB Server (matlabserver) - Unknown owner - C:\MATLAB6p5\webserver\bin\win32\matlabserver.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe (file missing)
Could not find the file - I do have hidden files enabled - and did a search for it with no luck either. I'm going to run the Ewido scan again even though I did everything you listed, it would seem your right that 3 infections is good... too good.
Download CCleaner and install, then run it. It will clear out your temp folders.
Secure your Internet Explorer by going here and following the instructions there.
Better yet, use an alternative browser! Download FireFox and give it a run. It is far more secure than Internet Explorer. Or, you can get Opera which in my opinion, is better still.
Use a firewall to help prevent your PC's control being usurped by undesireables. There is a link to a good, free firewall in my signature.
Install and keep updated, AVG anti-spyware, Ad-Aware SE and Spybot S&D.
Run them all on a regular basis, following the maker's recommendations.
Install an anti-virus. There are some good, free AV's available today. Make sure that it is updated regularly and have it scan your system often.
Check for Windows Updates. Microsoft regularly post updates for your systems safe running. Make sure to take advantage of this. Reboot when installed and return to make sure there are no others.
Flush the XP system Restore Points.
Go to Start>Run and type msconfig. Press enter.
When msconfig opens, click the Launch System Restore Button.
On the next page, click the System Restore Settings link on the left.
Check the box labelled 'Turn off System restore'.
Reboot. Go back in and Turn System Restore Back on. A new Restore Point will be created.
Note that all previous restore points will be lost.