Please help removing a trojan
Hello,
I installed photoshop and downloaded a "crack"... That was no crack. I have tried Norton Antivirus, Ad-Aware and Spyware Terminator.. still I get pop-ups frequently.
This is the HJT log:
Logfile of HijackThis v1.99.1
Scan saved at 13:25:24, on 02.04.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Programfiler\Fellesfiler\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programfiler\Microsoft SQL Server\MSSQL$INVENTORCONTENT\Binn\sqlservr.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\Programfiler\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Programfiler\Java\jre1.5.0_10\bin\jusched.exe
C:\Programfiler\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Programfiler\Fellesfiler\PCSuite\DataLayer\DataLayer.exe
C:\Programfiler\Spyware Terminator\SpywareTerminatorShield.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\FELLES~1\PCSuite\Services\SERVIC~1.EXE
C:\Programfiler\Messenger\msmsgs.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\Programfiler\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Programfiler\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Programfiler\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Programfiler\Windows Media Player\wmplayer.exe
C:\Programfiler\Mozilla Firefox\firefox.exe
C:\Programfiler\Java\jre1.5.0_10\bin\jucheck.exe
C:\WINDOWS\system32\?icrosoft.NET\?ti2evxx.exe
C:\PROGRA~1\ICROSO~1.NET\javaw.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Programfiler\Internet Explorer\IEXPLORE.EXE
C:\Programfiler\WinRAR\WinRAR.exe
C:\DOCUME~1\roy\LOKALE~1\Temp\Rar$EX00.438\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startsiden.no
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 0.0.0.0
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programfiler\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Programfiler\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programfiler\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programfiler\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
O4 - HKLM\..\Run: [DataLayer] C:\Programfiler\Fellesfiler\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Programfiler\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programfiler\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - Startup: Adobe Gamma.lnk = C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Programfiler\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programfiler\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Service Manager.lnk = C:\Programfiler\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1123655657057
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Programfiler\AutoCAD LT 2002\AcDcToday.ocx
O16 - DPF: {A662DA7E-CCB7-4743-B71A-D817F6D575DF} (Autodesk DWF Viewer Control) - http://www.autodesk.com/global/dwfviewer/installer/DwfViewerSetup.cab
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Programfiler\AutoCAD LT 2002\InstBanr.ocx
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file://C:\Programfiler\AutoCAD LT 2002\InstFred.ocx
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Programfiler\AutoCAD LT 2002\AcPreview.ocx
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Norsafe.local
O17 - HKLM\Software\..\Telephony: DomainName = Norsafe.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = Norsafe.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = Norsafe.local
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Programfiler\Fellesfiler\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Programfiler\iPod\bin\iPodService.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Programfiler\Fellesfiler\SolidWorks Shared\Service\SolidWorksLicensing.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Programfiler\Spyware Terminator\sp_rsser.exe
Thanks for all help!
I installed photoshop and downloaded a "crack"... That was no crack. I have tried Norton Antivirus, Ad-Aware and Spyware Terminator.. still I get pop-ups frequently.
This is the HJT log:
Logfile of HijackThis v1.99.1
Scan saved at 13:25:24, on 02.04.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Programfiler\Fellesfiler\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programfiler\Microsoft SQL Server\MSSQL$INVENTORCONTENT\Binn\sqlservr.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\Programfiler\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Programfiler\Java\jre1.5.0_10\bin\jusched.exe
C:\Programfiler\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Programfiler\Fellesfiler\PCSuite\DataLayer\DataLayer.exe
C:\Programfiler\Spyware Terminator\SpywareTerminatorShield.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\FELLES~1\PCSuite\Services\SERVIC~1.EXE
C:\Programfiler\Messenger\msmsgs.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\Programfiler\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Programfiler\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Programfiler\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Programfiler\Windows Media Player\wmplayer.exe
C:\Programfiler\Mozilla Firefox\firefox.exe
C:\Programfiler\Java\jre1.5.0_10\bin\jucheck.exe
C:\WINDOWS\system32\?icrosoft.NET\?ti2evxx.exe
C:\PROGRA~1\ICROSO~1.NET\javaw.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Programfiler\Internet Explorer\IEXPLORE.EXE
C:\Programfiler\WinRAR\WinRAR.exe
C:\DOCUME~1\roy\LOKALE~1\Temp\Rar$EX00.438\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startsiden.no
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 0.0.0.0
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programfiler\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Programfiler\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programfiler\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programfiler\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
O4 - HKLM\..\Run: [DataLayer] C:\Programfiler\Fellesfiler\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Programfiler\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programfiler\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - Startup: Adobe Gamma.lnk = C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Programfiler\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programfiler\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Service Manager.lnk = C:\Programfiler\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1123655657057
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Programfiler\AutoCAD LT 2002\AcDcToday.ocx
O16 - DPF: {A662DA7E-CCB7-4743-B71A-D817F6D575DF} (Autodesk DWF Viewer Control) - http://www.autodesk.com/global/dwfviewer/installer/DwfViewerSetup.cab
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Programfiler\AutoCAD LT 2002\InstBanr.ocx
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file://C:\Programfiler\AutoCAD LT 2002\InstFred.ocx
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Programfiler\AutoCAD LT 2002\AcPreview.ocx
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Norsafe.local
O17 - HKLM\Software\..\Telephony: DomainName = Norsafe.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = Norsafe.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = Norsafe.local
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Programfiler\Fellesfiler\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Programfiler\iPod\bin\iPodService.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Programfiler\Fellesfiler\SolidWorks Shared\Service\SolidWorksLicensing.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Programfiler\Spyware Terminator\sp_rsser.exe
Thanks for all help!
0
Comments
what is this domain = Norsafe.local? Please say, if you don't know
Please move HijackThis to own folder, otherwise HijackThis not to create backups. example C:\HijackThis\HijackThis.exe
Next, Rename HijackThis to Scanner and post new log.
Logfile of HijackThis v1.99.1
Scan saved at 15:36:52, on 02.04.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Programfiler\Fellesfiler\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programfiler\Microsoft SQL Server\MSSQL$INVENTORCONTENT\Binn\sqlservr.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\Programfiler\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Programfiler\Java\jre1.5.0_10\bin\jusched.exe
C:\Programfiler\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Programfiler\Fellesfiler\PCSuite\DataLayer\DataLayer.exe
C:\Programfiler\Spyware Terminator\SpywareTerminatorShield.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\FELLES~1\PCSuite\Services\SERVIC~1.EXE
C:\Programfiler\Messenger\msmsgs.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\Programfiler\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Programfiler\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Programfiler\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Programfiler\Windows Media Player\wmplayer.exe
C:\Programfiler\Mozilla Firefox\firefox.exe
C:\Programfiler\Java\jre1.5.0_10\bin\jucheck.exe
C:\WINDOWS\system32\?icrosoft.NET\?ti2evxx.exe
C:\PROGRA~1\ICROSO~1.NET\javaw.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Programfiler\Adobe\Adobe Photoshop CS2\Photoshop.exe
C:\DOCUME~1\roy\LOKALE~1\Temp\Adobelm_Cleanup.0001
C:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe
C:\DOCUME~1\roy\LOKALE~1\Temp\Adobelm_Cleanup.0001
C:\Programfiler\Internet Explorer\IEXPLORE.EXE
C:\Programfiler\Adobe\Acrobat 6.0\Acrobat\Acrobat.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\hijackthis\Scanner.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startsiden.no
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 0.0.0.0
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1F0110FA-F936-B996-F8B2-0917CDE14009} - C:\WINDOWS\system32\ohvyyfj.dll (file missing)
O2 - BHO: (no name) - {46BAF947-13F3-1054-A341-67E348EBFFBA} - C:\WINDOWS\system32\pahjtqz.dll
O2 - BHO: (no name) - {57E218E6-5A80-4f0c-AB25-83598F25D7E9} - C:\WINDOWS\system32\hjtrtulr.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {A615B25D-AF01-455F-B1BD-2D41FF3EED49} - C:\WINDOWS\system32\awtst.dll
O2 - BHO: (no name) - {AD3902E1-CD3A-496A-B2B1-611131434C10} - C:\WINDOWS\system32\opnlljj.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programfiler\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programfiler\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Programfiler\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programfiler\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programfiler\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
O4 - HKLM\..\Run: [DataLayer] C:\Programfiler\Fellesfiler\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Programfiler\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programfiler\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - Startup: Adobe Gamma.lnk = C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Programfiler\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programfiler\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Service Manager.lnk = C:\Programfiler\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1123655657057
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Programfiler\AutoCAD LT 2002\AcDcToday.ocx
O16 - DPF: {A662DA7E-CCB7-4743-B71A-D817F6D575DF} (Autodesk DWF Viewer Control) - http://www.autodesk.com/global/dwfviewer/installer/DwfViewerSetup.cab
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Programfiler\AutoCAD LT 2002\InstBanr.ocx
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file://C:\Programfiler\AutoCAD LT 2002\InstFred.ocx
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Programfiler\AutoCAD LT 2002\AcPreview.ocx
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Norsafe.local
O17 - HKLM\Software\..\Telephony: DomainName = Norsafe.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = Norsafe.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = Norsafe.local
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: awtst - C:\WINDOWS\system32\awtst.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: opnlljj - C:\WINDOWS\SYSTEM32\opnlljj.dll
O20 - Winlogon Notify: winqcp32 - C:\WINDOWS\SYSTEM32\winqcp32.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Programfiler\Fellesfiler\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Programfiler\iPod\bin\iPodService.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Programfiler\Fellesfiler\SolidWorks Shared\Service\SolidWorksLicensing.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Programfiler\Spyware Terminator\sp_rsser.exe
Please download VundoFix.exe to your desktop.
- Double-click VundoFix.exe to run it.
- Click the Scan for Vundo button.
- Once it's done scanning, click the Remove Vundo button.
- You will receive a prompt asking if you want to remove the files, click YES
- Once you click yes, your desktop will go blank as it starts removing Vundo.
- When completed, it will prompt that it will reboot your computer, click OK.
- Please post the contents of C:\vundofix.txt and a new HiJackThis log.
Note: It is possible that VundoFix encountered a file it could not remove.In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.
here is the VundoFix log:
VundoFix V6.3.19
Checking Java version...
Sun Java not detected
Scan started at 08:13:15 03.04.2007
Listing files found while scanning....
C:\WINDOWS\system32\awtst.dll
C:\WINDOWS\system32\hjtrtulr.dll
C:\WINDOWS\system32\ijkkj.ini
C:\WINDOWS\system32\ilkkj.ini
C:\WINDOWS\system32\jkkji.dll
C:\WINDOWS\system32\jkkli.dll
C:\WINDOWS\system32\opnlljj.dll
C:\WINDOWS\system32\tstwa.bak1
C:\WINDOWS\system32\tstwa.ini
Beginning removal...
Attempting to delete C:\WINDOWS\system32\awtst.dll
C:\WINDOWS\system32\awtst.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\ijkkj.ini
C:\WINDOWS\system32\ijkkj.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\ilkkj.ini
C:\WINDOWS\system32\ilkkj.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\jkkji.dll
C:\WINDOWS\system32\jkkji.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\jkkli.dll
C:\WINDOWS\system32\jkkli.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\opnlljj.dll
C:\WINDOWS\system32\opnlljj.dll Could not be deleted.
Attempting to delete C:\WINDOWS\system32\tstwa.bak1
C:\WINDOWS\system32\tstwa.bak1 Has been deleted!
Attempting to delete C:\WINDOWS\system32\tstwa.ini
C:\WINDOWS\system32\tstwa.ini Has been deleted!
Performing Repairs to the registry.
Done!
Beginning removal...
Attempting to delete C:\WINDOWS\system32\opnlljj.dll
C:\WINDOWS\system32\opnlljj.dll Has been deleted!
Performing Repairs to the registry.
Done!
... and here is the new HJT log:
Logfile of HijackThis v1.99.1
Scan saved at 08:32:12, on 03.04.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Programfiler\Fellesfiler\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programfiler\Microsoft SQL Server\MSSQL$INVENTORCONTENT\Binn\sqlservr.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\Programfiler\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Programfiler\Java\jre1.5.0_10\bin\jusched.exe
C:\Programfiler\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Programfiler\Fellesfiler\PCSuite\DataLayer\DataLayer.exe
C:\Programfiler\Spyware Terminator\SpywareTerminatorShield.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programfiler\Messenger\msmsgs.exe
C:\Programfiler\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\PROGRA~1\FELLES~1\PCSuite\Services\SERVIC~1.EXE
C:\Programfiler\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Programfiler\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Programfiler\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\hijackthis\Scanner.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startsiden.no
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 0.0.0.0
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1F0110FA-F936-B996-F8B2-0917CDE14009} - C:\WINDOWS\system32\ohvyyfj.dll (file missing)
O2 - BHO: (no name) - {46BAF947-13F3-1054-A341-67E348EBFFBA} - C:\WINDOWS\system32\pahjtqz.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {AB041324-BA36-4EE9-BFF0-18082A7FDB02} - C:\WINDOWS\system32\awtst.dll (file missing)
O2 - BHO: (no name) - {AD3902E1-CD3A-496A-B2B1-611131434C10} - C:\WINDOWS\system32\opnlljj.dll (file missing)
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programfiler\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programfiler\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Programfiler\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programfiler\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programfiler\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
O4 - HKLM\..\Run: [DataLayer] C:\Programfiler\Fellesfiler\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Programfiler\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programfiler\Messenger\msmsgs.exe" /background
O4 - Startup: Adobe Gamma.lnk = C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Programfiler\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programfiler\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Service Manager.lnk = C:\Programfiler\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1123655657057
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Programfiler\AutoCAD LT 2002\AcDcToday.ocx
O16 - DPF: {A662DA7E-CCB7-4743-B71A-D817F6D575DF} (Autodesk DWF Viewer Control) - http://www.autodesk.com/global/dwfviewer/installer/DwfViewerSetup.cab
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Programfiler\AutoCAD LT 2002\InstBanr.ocx
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file://C:\Programfiler\AutoCAD LT 2002\InstFred.ocx
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Programfiler\AutoCAD LT 2002\AcPreview.ocx
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Norsafe.local
O17 - HKLM\Software\..\Telephony: DomainName = Norsafe.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = Norsafe.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = Norsafe.local
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: winqcp32 - C:\WINDOWS\SYSTEM32\winqcp32.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Programfiler\Fellesfiler\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Programfiler\iPod\bin\iPodService.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Programfiler\Fellesfiler\SolidWorks Shared\Service\SolidWorksLicensing.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Programfiler\Spyware Terminator\sp_rsser.exe
I've just started my computer after doing the VundoFix, so I cannot be sure if it's gone yet. Will let you know after some hours. How does the log look? Is it ok?
-Roninc
Thanks so much for your help. I think it's brilliant to have web sites like this, where you help people, and for free! You're doing a great effort! Keep up the good work.
Cheers,
Roninc
- Double-click VundoFix.exe to run it.
- Click the Scan for Vundo button.
- Once the scan is complete, Right Click inside the listbox (white box) and click add more files
- Copy&Paste the entry below into the top box:
- C:\WINDOWS\system32\hjtrtulr.dll
- C:\WINDOWS\system32\pahjtqz.dll
- C:\WINDOWS\SYSTEM32\winqcp32.dll
- Click Add Files and Click Close Window
- Click the Remove Vundo button.
- You will receive a prompt asking if you want to remove the files, click YES
- Once you click yes, your desktop will go blank as it starts removing Vundo.
- When completed, it will prompt that it will reboot your computer, click OK.
- Please post the contents of C:\vundofix.txt and a new HijackThis log.
Note: It is possible that VundoFix encountered a file it could not remove.In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.
Open HijackThis, press do a system scan only, checkmark these lines:
O2 - BHO: (no name) - {1F0110FA-F936-B996-F8B2-0917CDE14009} - C:\WINDOWS\system32\ohvyyfj.dll (file missing)
O2 - BHO: (no name) - {AB041324-BA36-4EE9-BFF0-18082A7FDB02} - C:\WINDOWS\system32\awtst.dll (file missing)
O2 - BHO: (no name) - {AD3902E1-CD3A-496A-B2B1-611131434C10} - C:\WINDOWS\system32\opnlljj.dll (file missing)
Next, press Fix checked.
Post the contents of C:\vundofix.txt and a new HijackThis log.
here is the vundo log:
VundoFix V6.3.19
Checking Java version...
Sun Java not detected
Scan started at 16:00:20 03.04.2007
Listing files found while scanning....
No infected files were found.
Beginning removal...
Attempting to delete C:\WINDOWS\system32\pahjtqz.dll
C:\WINDOWS\system32\pahjtqz.dll Has been deleted!
Attempting to delete C:\WINDOWS\SYSTEM32\winqcp32.dll
C:\WINDOWS\SYSTEM32\winqcp32.dll Has been deleted!
Performing Repairs to the registry.
Done!
Here is the new HJT log:
Logfile of HijackThis v1.99.1
Scan saved at 16:17:33, on 03.04.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Programfiler\Fellesfiler\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programfiler\Microsoft SQL Server\MSSQL$INVENTORCONTENT\Binn\sqlservr.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\Programfiler\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Programfiler\Java\jre1.5.0_10\bin\jusched.exe
C:\Programfiler\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Programfiler\Fellesfiler\PCSuite\DataLayer\DataLayer.exe
C:\Programfiler\Spyware Terminator\SpywareTerminatorShield.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programfiler\Messenger\msmsgs.exe
C:\Programfiler\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Programfiler\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\PROGRA~1\FELLES~1\PCSuite\Services\SERVIC~1.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\hijackthis\Scanner.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startsiden.no
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 0.0.0.0
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {46BAF947-13F3-1054-A341-67E348EBFFBA} - C:\WINDOWS\system32\pahjtqz.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programfiler\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programfiler\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Programfiler\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programfiler\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programfiler\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
O4 - HKLM\..\Run: [DataLayer] C:\Programfiler\Fellesfiler\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Programfiler\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programfiler\Messenger\msmsgs.exe" /background
O4 - Startup: Adobe Gamma.lnk = C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Programfiler\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programfiler\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Service Manager.lnk = C:\Programfiler\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1123655657057
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Programfiler\AutoCAD LT 2002\AcDcToday.ocx
O16 - DPF: {A662DA7E-CCB7-4743-B71A-D817F6D575DF} (Autodesk DWF Viewer Control) - http://www.autodesk.com/global/dwfviewer/installer/DwfViewerSetup.cab
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Programfiler\AutoCAD LT 2002\InstBanr.ocx
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file://C:\Programfiler\AutoCAD LT 2002\InstFred.ocx
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Programfiler\AutoCAD LT 2002\AcPreview.ocx
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Norsafe.local
O17 - HKLM\Software\..\Telephony: DomainName = Norsafe.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = Norsafe.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = Norsafe.local
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Programfiler\Fellesfiler\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Programfiler\iPod\bin\iPodService.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Programfiler\Fellesfiler\SolidWorks Shared\Service\SolidWorksLicensing.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Programfiler\Spyware Terminator\sp_rsser.exe
Ok now?
Open HijackThis, press do a system scan only, checkmark these lines:
O2 - BHO: (no name) - {46BAF947-13F3-1054-A341-67E348EBFFBA} - C:\WINDOWS\system32\pahjtqz.dll (file missing)
Next, click Fix checked.
Please download AVG anti-spyware to your Desktop or to your usual Download Folder, from HERE
- Install AVG Anti-Spyware by double clicking the installer.
- Follow the prompts. Make sure that Launch AVG Anti-Spyware is checked.
- On the main screen under Your Computer's security.
- Click on Change state next to Resident shield. It should now change to inactive.
- Click on Change state next to Automatic updates. It should now change to inactive.
- Next to Last Update, click on Update now. (You will need an active internet connection to perform this)
- Wait until you see the Update succesfull message.
- Right-click the AVG Anti-Spyware Tray Icon and uncheck Start with Windows.
- Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
If you are having problems with the updater, you can use this link to manually update AVG.AVG Anti-Spyware manual updates.
Download the Full database to your Desktop or to your usual Download Folder and install it by double clicking the file. Make sure that AVG Anti-Spyware is closed before installing the update.
Don't run a scan yet.
Reboot your computer in Safe Mode.
- If the computer is running, shut down Windows, and then turn off the power.
- Wait 30 seconds, and then turn the computer on.
- Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
- Ensure that the Safe Mode option is selected.
- Press Enter. The computer then begins to start in Safe mode.
- Login on your usual account.
Once in Safe Mode:RUN AVG ANTI-SPYWARE
Close ALL open Windows / Programs / Folders. Please start AVG Anti-Spyware and run a full scan.
- Click on Scanner on the toolbar.
- Click on the Settings tab.
- Under How to act?
- Click on Recommended Action and choose Quarantine from the popup menu.
- Under How to scan?
- All checkboxes should be ticked.
- Under Possibly unwanted software:
- All checkboxes should be ticked.
- Under Reports:
- Select Automatically generate report after every scan and uncheck Only if threats were found.
- Under What to scan?
- Select Scan every file.
- Click on the Scan tab.
- Click on Complete System Scan to start the scan process.
- Let the program scan the machine.
- When the scan has finished, follow the instructions below.
- Make sure that Set all elements to: shows Quarantine (1), if not click on the link and choose Quarantine from the popup menu. (2)
- At the bottom of the window click on the Apply all Actions button. (3)
- When done, click the Save Scan Report button. (4)
- Click the Save Report as button.
- Save the report to your Desktop.
- Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
Reboot in Normal Mode.IMPORTANT : Don't click on the "Save Scan Report" button before you did hit the "Apply all Actions" button.
Please post AVG Anti-Spyware report and a fresh HijackThis log
I couldn't do a complete scan, because it took too long time. This is my work-pc so I have to do a complete scan later.
One problem with the scan though, under Possibly unwanted software I am not sure if I got all ticked because I couldn't see all the options. I ticked the four first, but when I start in safe mode I get a screen resolution of 600x800, and there was no scroll bar...
Anyway, here's the log:
AVG Anti-Spyware - Scan Report
+ Created at: 08:58:22 04.04.2007
+ Scan result:
C:\Documents and Settings\roy\Lokale innstillinger\Temporary Internet Files\Content.IE5\SN2D6TA5\setar-101[1].0000 -> Adware.Yazzle : Cleaned with backup (quarantined).
C:\Documents and Settings\roy\Lokale innstillinger\Temporary Internet Files\Content.IE5\64Q5FVU0\!update-4395[1].0000 -> Downloader.PurityScan.ee : Cleaned with backup (quarantined).
C:\Documents and Settings\roy\Lokale innstillinger\Temporary Internet Files\Content.IE5\SN2D6TA5\WinAntiVirusPro2006FreeInstall_no[1].cab/UWA6PH_0001_N91M2107NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
:mozilla.450:C:\Documents and Settings\bda\Programdata\Mozilla\Firefox\Profiles\ph7gafer.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
C:\Documents and Settings\roy\Cookies\roy@247realmedia[1].txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.168:C:\Documents and Settings\roy\Programdata\Mozilla\Firefox\Profiles\eq67zq16.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.169:C:\Documents and Settings\roy\Programdata\Mozilla\Firefox\Profiles\eq67zq16.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.170:C:\Documents and Settings\roy\Programdata\Mozilla\Firefox\Profiles\eq67zq16.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.171:C:\Documents and Settings\roy\Programdata\Mozilla\Firefox\Profiles\eq67zq16.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.75:C:\Documents and Settings\bda\Programdata\Mozilla\Firefox\Profiles\ph7gafer.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.76:C:\Documents and Settings\bda\Programdata\Mozilla\Firefox\Profiles\ph7gafer.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.77:C:\Documents and Settings\bda\Programdata\Mozilla\Firefox\Profiles\ph7gafer.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.78:C:\Documents and Settings\bda\Programdata\Mozilla\Firefox\Profiles\ph7gafer.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.79:C:\Documents and Settings\bda\Programdata\Mozilla\Firefox\Profiles\ph7gafer.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.80:C:\Documents and Settings\bda\Programdata\Mozilla\Firefox\Profiles\ph7gafer.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.81:C:\Documents and Settings\bda\Programdata\Mozilla\Firefox\Profiles\ph7gafer.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.82:C:\Documents and Settings\bda\Programdata\Mozilla\Firefox\Profiles\ph7gafer.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.83:C:\Documents and Settings\bda\Programdata\Mozilla\Firefox\Profiles\ph7gafer.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.97:C:\Documents and Settings\bda\Programdata\Mozilla\Firefox\Profiles\ph7gafer.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.261:C:\Documents and Settings\roy\Programdata\Mozilla\Firefox\Profiles\eq67zq16.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.262:C:\Documents and Settings\roy\Programdata\Mozilla\Firefox\Profiles\eq67zq16.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.213:C:\Documents and Settings\bda\Programdata\Mozilla\Firefox\Profiles\ph7gafer.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.123:C:\Documents and Settings\bda\Programdata\Mozilla\Firefox\Profiles\ph7gafer.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.124:C:\Documents and Settings\bda\Programdata\Mozilla\Firefox\Profiles\ph7gafer.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.216:C:\Documents and Settings\roy\Programdata\Mozilla\Firefox\Profiles\eq67zq16.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.217:C:\Documents and Settings\roy\Programdata\Mozilla\Firefox\Profiles\eq67zq16.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.21:C:\Documents and Settings\sko\Programdata\Mozilla\Firefox\Profiles\6xs2z4ls.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.22:C:\Documents and Settings\sko\Programdata\Mozilla\Firefox\Profiles\6xs2z4ls.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
C:\Documents and Settings\roy\Cookies\roy@adtech[2].txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.35:C:\Documents and Settings\bda\Programdata\Mozilla\Firefox\Profiles\ph7gafer.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.36:C:\Documents and Settings\bda\Programdata\Mozilla\Firefox\Profiles\ph7gafer.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.37:C:\Documents and Settings\bda\Programdata\Mozilla\Firefox\Profiles\ph7gafer.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.38:C:\Documents and Settings\bda\Programdata\Mozilla\Firefox\Profiles\ph7gafer.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.39:C:\Documents and Settings\bda\Programdata\Mozilla\Firefox\Profiles\ph7gafer.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.53:C:\Documents and Settings\roy\Programdata\Mozilla\Firefox\Profiles\eq67zq16.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.54:C:\Documents and Settings\roy\Programdata\Mozilla\Firefox\Profiles\eq67zq16.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.55:C:\Documents and Settings\roy\Programdata\Mozilla\Firefox\Profiles\eq67zq16.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.59:C:\Documents and Settings\roy\Programdata\Mozilla\Firefox\Profiles\eq67zq16.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.60:C:\Documents and Settings\roy\Programdata\Mozilla\Firefox\Profiles\eq67zq16.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.448:C:\Documents and Settings\bda\Programdata\Mozilla\Firefox\Profiles\ph7gafer.default\cookies.txt -> TrackingCookie.Adviva : Cleaned.
:mozilla.206:C:\Documents and Settings\roy\Programdata\Mozilla\Firefox\Profiles\eq67zq16.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.98:C:\Documents and Settings\bda\Programdata\Mozilla\Firefox\Profiles\ph7gafer.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.86:C:\Documents and Settings\bda\Programdata\Mozilla\Firefox\Profiles\ph7gafer.default\cookies.txt -> TrackingCookie.Belstat : Cleaned.
:mozilla.87:C:\Documents and Settings\bda\Programdata\Mozilla\Firefox\Profiles\ph7gafer.default\cookies.txt -> TrackingCookie.Belstat : Cleaned.
:mozilla.474:C:\Documents and Settings\bda\Programdata\Mozilla\Firefox\Profiles\ph7gafer.default\cookies.txt -> TrackingCookie.Bfast : Cleaned.
:mozilla.447:C:\Documents and Settings\bda\Programdata\Mozilla\Firefox\Profiles\ph7gafer.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned.
:mozilla.151:C:\Documents and Settings\roy\Programdata\Mozilla\Firefox\Profiles\eq67zq16.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.154:C:\Documents and Settings\roy\Programdata\Mozilla\Firefox\Profiles\eq67zq16.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.156:C:\Documents and Settings\bda\Programdata\Mozilla\Firefox\Profiles\ph7gafer.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.156:C:\Documents and Settings\roy\Programdata\Mozilla\Firefox\Profiles\eq67zq16.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\bda\Cookies\bda@burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.285:C:\Documents and Settings\roy\Programdata\Mozilla\Firefox\Profiles\eq67zq16.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.496:C:\Documents and Settings\bda\Programdata\Mozilla\Firefox\Profiles\ph7gafer.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.469:C:\Documents and Settings\bda\Programdata\Mozilla\Firefox\Profiles\ph7gafer.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned.
:mozilla.470:C:\Documents and Settings\bda\Programdata\Mozilla\Firefox\Profiles\ph7gafer.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned.
C:\Documents and Settings\bda\Cookies\bda@cz8.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned.
:mozilla.119:C:\Documents and Settings\roy\Programdata\Mozilla\Firefox\Profiles\eq67zq16.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.120:C:\Documents and Settings\roy\Programdata\Mozilla\Firefox\Profiles\eq67zq16.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.121:C:\Documents and Settings\roy\Programdata\Mozilla\Firefox\Profiles\eq67zq16.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.430:C:\Documents and Settings\bda\Programdata\Mozilla\Firefox\Profiles\ph7gafer.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.431:C:\Documents and Settings\bda\Programdata\Mozilla\Firefox\Profiles\ph7gafer.default\cookies.txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\bda\Cookies\bda@com[2].txt -> TrackingCookie.Com : Cleaned.
:mozilla.140:C:\Documents and Settings\bda\Programdata\Mozilla\Firefox\Profiles\ph7gafer.default\cookies.txt -> TrackingCookie.Connextra : Cleaned.
:mozilla.141:C:\Documents and Settings\bda\Programdata\Mozilla\Firefox\Profiles\ph7gafer.default\cookies.txt -> TrackingCookie.Connextra : Cleaned.
:mozilla.263:C:\Documents and Settings\roy\Programdata\Mozilla\Firefox\Profiles\eq67zq16.default\cookies.txt -> TrackingCookie.Connextra : Cleaned.
:mozilla.264:C:\Documents and Settings\roy\Programdata\Mozilla\Firefox\Profiles\eq67zq16.default\cookies.txt -> TrackingCookie.Connextra : Cleaned.
C:\Documents and Settings\bda\Cookies\bda@connextra[2].txt -> TrackingCookie.Connextra : Cleaned.
C:\Documents and Settings\roy\Cookies\roy@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned.
C:\Documents and Settings\bda\Cookies\bda@www.dealtime[1].txt -> TrackingCookie.Dealtime : Cleaned.
:mozilla.23:C:\Documents and Settings\sko\Programdata\Mozilla\Firefox\Profiles\6xs2z4ls.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.273:C:\Documents and Settings\roy\Programdata\Mozilla\Firefox\Profiles\eq67zq16.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.40:C:\Documents and Settings\roy\Programdata\Mozilla\Firefox\Profiles\eq67zq16.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.69:C:\Documents and Settings\bda\Programdata\Mozilla\Firefox\Profiles\ph7gafer.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.342:C:\Documents and Settings\bda\Programdata\Mozilla\Firefox\Profiles\ph7gafer.default\cookies.txt -> TrackingCookie.Estat : Cleaned.
:mozilla.478:C:\Documents and Settings\bda\Programdata\Mozilla\Firefox\Profiles\ph7gafer.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.144:C:\Documents and Settings\bda\Programdata\Mozilla\Firefox\Profiles\ph7gafer.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.89:C:\Documents and Settings\roy\Programdata\Mozilla\Firefox\Profiles\eq67zq16.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.90:C:\Documents and Settings\roy\Programdata\Mozilla\Firefox\Profiles\eq67zq16.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.91:C:\Documents and Settings\roy\Programdata\Mozilla\Firefox\Profiles\eq67zq16.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.92:C:\Documents and Settings\roy\Programdata\Mozilla\Firefox\Profiles\eq67zq16.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.379:C:\Documents and Settings\bda\Programdata\Mozilla\Firefox\Profiles\ph7gafer.default\cookies.txt -> TrackingCookie.Fortunecity : Cleaned.
:mozilla.380:C:\Documents and Settings\bda\Programdata\Mozilla\Firefox\Profiles\ph7gafer.default\cookies.txt -> TrackingCookie.Fortunecity : Cleaned.
:mozilla.355:C:\Documents and Settings\bda\Programdata\Mozilla\Firefox\Profiles\ph7gafer.default\cookies.txt -> TrackingCookie.Gemius : Cleaned.
:mozilla.356:C:\Documents and Settings\bda\Programdata\Mozilla\Firefox\Profiles\ph7gafer.default\cookies.txt -> TrackingCookie.Gemius : Cleaned.
C:\Documents and Settings\bda\Cookies\bda@hit.gemius[2].txt -> TrackingCookie.Gemius : Cleaned.
:mozilla.170:C:\Documents and Settings\bda\Programdata\Mozilla\Firefox\Profiles\ph7gafer.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.173:C:\Documents and Settings\bda\Programdata\Mozilla\Firefox\Profiles\ph7gafer.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.174:C:\Documents and Settings\bda\Programdata\Mozilla\Firefox\Profiles\ph7gafer.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.205:C:\Documents and Settings\bda\Programdata\Mozilla\Firefox\Profiles\ph7gafer.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.315:C:\Documents and Settings\roy\Programdata\Mozilla\Firefox\Profiles\eq67zq16.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.316:C:\Documents and Settings\roy\Programdata\Mozilla\Firefox\Profiles\eq67zq16.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.357:C:\Documents and Settings\bda\Programdata\Mozilla\Firefox\Profiles\ph7gafer.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.358:C:\Documents and Settings\bda\Programdata\Mozilla\Firefox\Profiles\ph7gafer.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.367:C:\Documents and Settings\bda\Programdata\Mozilla\Firefox\Profiles\ph7gafer.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.368:C:\Documents and Settings\bda\Programdata\Mozilla\Firefox\Profiles\ph7gafer.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.369:C:\Documents and Settings\bda\Programdata\Mozilla\Firefox\Profiles\ph7gafer.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.391:C:\Documents and Settings\bda\Programdata\Mozilla\Firefox\Profiles\ph7gafer.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.392:C:\Documents and Settings\bda\Programdata\Mozilla\Firefox\Profiles\ph7gafer.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.399:C:\Documents and Settings\bda\Programdata\Mozilla\Firefox\Profiles\ph7gafer.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.404:C:\Documents and Settings\bda\Programdata\Mozilla\Firefox\Profiles\ph7gafer.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.420:C:\Documents and Settings\bda\Programdata\Mozilla\Firefox\Profiles\ph7gafer.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\roy\Cookies\roy@ehg-pcsecurityshield.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.419:C:\Documents and Settings\bda\Programdata\Mozilla\Firefox\Profiles\ph7gafer.default\cookies.txt -> TrackingCookie.Hotlog : Cleaned.
:mozilla.413:C:\Documents and Settings\bda\Programdata\Mozilla\Firefox\Profiles\ph7gafer.default\cookies.txt -> TrackingCookie.Iinfo : Cleaned.
C:\Documents and Settings\bda\Cookies\bda@k.iinfo[1].txt -> TrackingCookie.Iinfo : Cleaned.
:mozilla.11:C:\Documents and Settings\bda\Programdata\Mozilla\Firefox\Profiles\ph7gafer.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.12:C:\Documents and Settings\bda\Programdata\Mozilla\Firefox\Profiles\ph7gafer.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.33:C:\Documents and Settings\sko\Programdata\Mozilla\Firefox\Profiles\6xs2z4ls.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.73:C:\Documents and Settings\roy\Programdata\Mozilla\Firefox\Profiles\eq67zq16.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.74:C:\Documents and Settings\roy\Programdata\Mozilla\Firefox\Profiles\eq67zq16.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.189:C:\Documents and Settings\roy\Programdata\Mozilla\Firefox\Profiles\eq67zq16.default\cookies.txt -> TrackingCookie.Ivwbox : Cleaned.
:mozilla.90:C:\Documents and Settings\bda\Programdata\Mozilla\Firefox\Profiles\ph7gafer.default\cookies.txt -> TrackingCookie.Ivwbox : Cleaned.
C:\Documents and Settings\bda\Cookies\bda@komtrack[2].txt -> TrackingCookie.Komtrack : Cleaned.
:mozilla.226:C:\Documents and Settings\roy\Programdata\Mozilla\Firefox\Profiles\eq67zq16.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.227:C:\Documents and Settings\roy\Programdata\Mozilla\Firefox\Profiles\eq67zq16.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.302:C:\Documents and Settings\bda\Programdata\Mozilla\Firefox\Profiles\ph7gafer.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.426:C:\Documents and Settings\bda\Programdata\Mozilla\Firefox\Profiles\ph7gafer.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.436:C:\Documents and Settings\bda\Programdata\Mozilla\Firefox\Profiles\ph7gafer.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.437:C:\Documents and Settings\bda\Programdata\Mozilla\Firefox\Profiles\ph7gafer.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.438:C:\Documents and Settings\bda\Programdata\Mozilla\Firefox\Profiles\ph7gafer.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.48:C:\Documents and Settings\roy\Programdata\Mozilla\Firefox\Profiles\eq67zq16.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.49:C:\Documents and Settings\roy\Programdata\Mozilla\Firefox\Profiles\eq67zq16.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.50:C:\Documents and Settings\roy\Programdata\Mozilla\Firefox\Profiles\eq67zq16.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.51:C:\Documents and Settings\roy\Programdata\Mozilla\Firefox\Profiles\eq67zq16.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.52:C:\Documents and Settings\roy\Programdata\Mozilla\Firefox\Profiles\eq67zq16.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.398:C:\Documents and Settings\bda\Programdata\Mozilla\Firefox\Profiles\ph7gafer.default\cookies.txt -> TrackingCookie.Masterstats : Cleaned.
C:\Documents and Settings\bda\Cookies\bda@image.masterstats[1].txt -> TrackingCookie.Masterstats : Cleaned.
:mozilla.130:C:\Documents and Settings\roy\Programdata\Mozilla\Firefox\Profiles\eq67zq16.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.131:C:\Documents and Settings\roy\Programdata\Mozilla\Firefox\Profiles\eq67zq16.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.27:C:\Documents and Settings\bda\Programdata\Mozilla\Firefox\Profiles\ph7gafer.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.252:C:\Documents and Settings\bda\Programdata\Mozilla\Firefox\Profiles\ph7gafer.default\cookies.txt -> TrackingCookie.Msn : Cleaned.
C:\Documents and Settings\bda\Cookies\bda@search.msn[1].txt -> TrackingCookie.Msn : Cleaned.
:mozilla.296:C:\Documents and Settings\bda\Programdata\Mozilla\Firefox\Profiles\ph7gafer.default\cookies.txt -> TrackingCookie.Netflame : Cleaned.
:mozilla.8:C:\Documents and Settings\roy\Programdata\Mozilla\Firefox\Profiles\eq67zq16.default\cookies.txt -> TrackingCookie.Netflame : Cleaned.
C:\Documents and Settings\bda\Cookies\bda@ssl-hints.netflame[2].txt -> TrackingCookie.Netflame : Cleaned.
:mozilla.209:C:\Documents and Settings\bda\Programdata\Mozilla\Firefox\Profiles\ph7gafer.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.211:C:\Documents and Settings\roy\Programdata\Mozilla\Firefox\Profiles\eq67zq16.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.212:C:\Documents and Settings\roy\Programdata\Mozilla\Firefox\Profiles\eq67zq16.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.215:C:\Documents and Settings\bda\Programdata\Mozilla\Firefox\Profiles\ph7gafer.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.226:C:\Documents and Settings\bda\Programdata\Mozilla\Firefox\Profiles\ph7gafer.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.227:C:\Documents and Settings\bda\Programdata\Mozilla\Firefox\Profiles\ph7gafer.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.360:C:\Documents and Settings\roy\Programdata\Mozilla\Firefox\Profiles\eq67zq16.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.363:C:\Documents and Settings\roy\Programdata\Mozilla\Firefox\Profiles\eq67zq16.default\cookies.txt -> TrackingCookie.Paypal : Cleaned.
:mozilla.440:C:\Documents and Settings\bda\Programdata\Mozilla\Firefox\Profiles\ph7gafer.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.442:C:\Documents and Settings\bda\Programdata\Mozilla\Firefox\Profiles\ph7gafer.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.452:C:\Documents and Settings\bda\Programdata\Mozilla\Firefox\Profiles\ph7gafer.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.455:C:\Documents and Settings\bda\Programdata\Mozilla\Firefox\Profiles\ph7gafer.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.282:C:\Documents and Settings\bda\Programdata\Mozilla\Firefox\Profiles\ph7gafer.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned.
:mozilla.283:C:\Documents and Settings\bda\Programdata\Mozilla\Firefox\Profiles\ph7gafer.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned.
:mozilla.204:C:\Documents and Settings\roy\Programdata\Mozilla\Firefox\Profiles\eq67zq16.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.205:C:\Documents and Settings\roy\Programdata\Mozilla\Firefox\Profiles\eq67zq16.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.264:C:\Documents and Settings\bda\Programdata\Mozilla\Firefox\Profiles\ph7gafer.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.243:C:\Documents and Settings\bda\Programdata\Mozilla\Firefox\Profiles\ph7gafer.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.244:C:\Documents and Settings\bda\Programdata\Mozilla\Firefox\Profiles\ph7gafer.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.245:C:\Documents and Settings\bda\Programdata\Mozilla\Firefox\Profiles\ph7gafer.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
C:\Documents and Settings\roy\Cookies\roy@realmedia[2].txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.108:C:\Documents and Settings\roy\Programdata\Mozilla\Firefox\Profiles\eq67zq16.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.109:C:\Documents and Settings\roy\Programdata\Mozilla\Firefox\Profiles\eq67zq16.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.110:C:\Documents and Settings\roy\Programdata\Mozilla\Firefox\Profiles\eq67zq16.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.111:C:\Documents and Settings\roy\Programdata\Mozilla\Firefox\Profiles\eq67zq16.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.112:C:\Documents and Settings\roy\Programdata\Mozilla\Firefox\Profiles\eq67zq16.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.113:C:\Documents and Settings\roy\Programdata\Mozilla\Firefox\Profiles\eq67zq16.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.114:C:\Documents and Settings\roy\Programdata\Mozilla\Firefox\Profiles\eq67zq16.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.115:C:\Documents and Settings\roy\Programdata\Mozilla\Firefox\Profiles\eq67zq16.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.116:C:\Documents and Settings\roy\Programdata\Mozilla\Firefox\Profiles\eq67zq16.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.117:C:\Documents and Settings\roy\Programdata\Mozilla\Firefox\Profiles\eq67zq16.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.118:C:\Documents and Settings\roy\Programdata\Mozilla\Firefox\Profiles\eq67zq16.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
C:\Documents and Settings\bda\Cookies\bda@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : Cleaned.
C:\Documents and Settings\roy\Cookies\roy@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.262:C:\Documents and Settings\bda\Programdata\Mozilla\Firefox\Profiles\ph7gafer.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.128:C:\Documents and Settings\roy\Programdata\Mozilla\Firefox\Profiles\eq67zq16.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.129:C:\Documents and Settings\roy\Programdata\Mozilla\Firefox\Profiles\eq67zq16.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.132:C:\Documents and Settings\roy\Programdata\Mozilla\Firefox\Profiles\eq67zq16.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.133:C:\Documents and Settings\roy\Programdata\Mozilla\Firefox\Profiles\eq67zq16.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.61:C:\Documents and Settings\bda\Programdata\Mozilla\Firefox\Profiles\ph7gafer.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.63:C:\Documents and Settings\bda\Programdata\Mozilla\Firefox\Profiles\ph7gafer.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.64:C:\Documents and Settings\bda\Programdata\Mozilla\Firefox\Profiles\ph7gafer.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.65:C:\Documents and Settings\bda\Programdata\Mozilla\Firefox\Profiles\ph7gafer.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.66:C:\Documents and Settings\bda\Programdata\Mozilla\Firefox\Profiles\ph7gafer.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.276:C:\Documents and Settings\roy\Programdata\Mozilla\Firefox\Profiles\eq67zq16.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.277:C:\Documents and Settings\roy\Programdata\Mozilla\Firefox\Profiles\eq67zq16.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.393:C:\Documents and Settings\bda\Programdata\Mozilla\Firefox\Profiles\ph7gafer.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.232:C:\Documents and Settings\bda\Programdata\Mozilla\Firefox\Profiles\ph7gafer.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.233:C:\Documents and Settings\bda\Programdata\Mozilla\Firefox\Profiles\ph7gafer.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.234:C:\Documents and Settings\bda\Programdata\Mozilla\Firefox\Profiles\ph7gafer.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.235:C:\Documents and Settings\bda\Programdata\Mozilla\Firefox\Profiles\ph7gafer.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.326:C:\Documents and Settings\roy\Programdata\Mozilla\Firefox\Profiles\eq67zq16.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.327:C:\Documents and Settings\roy\Programdata\Mozilla\Firefox\Profiles\eq67zq16.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.328:C:\Documents and Settings\roy\Programdata\Mozilla\Firefox\Profiles\eq67zq16.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.329:C:\Documents and Settings\roy\Programdata\Mozilla\Firefox\Profiles\eq67zq16.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.330:C:\Documents and Settings\roy\Programdata\Mozilla\Firefox\Profiles\eq67zq16.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.334:C:\Documents and Settings\bda\Programdata\Mozilla\Firefox\Profiles\ph7gafer.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.335:C:\Documents and Settings\bda\Programdata\Mozilla\Firefox\Profiles\ph7gafer.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.348:C:\Documents and Settings\bda\Programdata\Mozilla\Firefox\Profiles\ph7gafer.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.349:C:\Documents and Settings\bda\Programdata\Mozilla\Firefox\Profiles\ph7gafer.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.179:C:\Documents and Settings\roy\Programdata\Mozilla\Firefox\Profiles\eq67zq16.default\cookies.txt -> TrackingCookie.Spylog : Cleaned.
:mozilla.163:C:\Documents and Settings\roy\Programdata\Mozilla\Firefox\Profiles\eq67zq16.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.164:C:\Documents and Settings\roy\Programdata\Mozilla\Firefox\Profiles\eq67zq16.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.165:C:\Documents and Settings\roy\Programdata\Mozilla\Firefox\Profiles\eq67zq16.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.166:C:\Documents and Settings\roy\Programdata\Mozilla\Firefox\Profiles\eq67zq16.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.167:C:\Documents and Settings\roy\Programdata\Mozilla\Firefox\Profiles\eq67zq16.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.223:C:\Documents and Settings\bda\Programdata\Mozilla\Firefox\Profiles\ph7gafer.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.224:C:\Documents and Settings\bda\Programdata\Mozilla\Firefox\Profiles\ph7gafer.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.225:C:\Documents and Settings\bda\Programdata\Mozilla\Firefox\Profiles\ph7gafer.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.231:C:\Documents and Settings\bda\Programdata\Mozilla\Firefox\Profiles\ph7gafer.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.238:C:\Documents and Settings\bda\Programdata\Mozilla\Firefox\Profiles\ph7gafer.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.13:C:\Documents and Settings\bda\Programdata\Mozilla\Firefox\Profiles\ph7gafer.default\cookies.txt -> TrackingCookie.Statistik-gallup : Cleaned.
:mozilla.17:C:\Documents and Settings\sko\Programdata\Mozilla\Firefox\Profiles\6xs2z4ls.default\cookies.txt -> TrackingCookie.Statistik-gallup : Cleaned.
:mozilla.18:C:\Documents and Settings\roy\Programdata\Mozilla\Firefox\Profiles\eq67zq16.default\cookies.txt -> TrackingCookie.Statistik-gallup : Cleaned.
C:\Documents and Settings\bda\Cookies\bda@statistik-gallup[1].txt -> TrackingCookie.Statistik-gallup : Cleaned.
C:\Documents and Settings\bda\Lokale innstillinger\Temp\Cookies\bda@statistik-gallup[2].txt -> TrackingCookie.Statistik-gallup : Cleaned.
C:\Documents and Settings\jto\Cookies\jto@statistik-gallup[1].txt -> TrackingCookie.Statistik-gallup : Cleaned.
C:\Documents and Settings\roy\Cookies\roy@statistik-gallup[1].txt -> TrackingCookie.Statistik-gallup : Cleaned.
C:\Documents and Settings\rwo\Cookies\rwo@statistik-gallup[1].txt -> TrackingCookie.Statistik-gallup : Cleaned.
C:\Documents and Settings\tal\Cookies\tal@statistik-gallup[1].txt -> TrackingCookie.Statistik-gallup : Cleaned.
C:\Documents and Settings\tal\Lokale innstillinger\Temp\Cookies\tal@statistik-gallup[1].txt -> TrackingCookie.Statistik-gallup : Cleaned.
:mozilla.146:C:\Documents and Settings\bda\Programdata\Mozilla\Firefox\Profiles\ph7gafer.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.147:C:\Documents and Settings\bda\Programdata\Mozilla\Firefox\Profiles\ph7gafer.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.150:C:\Documents and Settings\roy\Programdata\Mozilla\Firefox\Profiles\eq67zq16.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.152:C:\Documents and Settings\roy\Programdata\Mozilla\Firefox\Profiles\eq67zq16.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.153:C:\Documents and Settings\roy\Programdata\Mozilla\Firefox\Profiles\eq67zq16.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.155:C:\Documents and Settings\roy\Programdata\Mozilla\Firefox\Profiles\eq67zq16.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.130:C:\Documents and Settings\bda\Programdata\Mozilla\Firefox\Profiles\ph7gafer.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.29:C:\Documents and Settings\sko\Programdata\Mozilla\Firefox\Profiles\6xs2z4ls.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.30:C:\Documents and Settings\sko\Programdata\Mozilla\Firefox\Profiles\6xs2z4ls.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.64:C:\Documents and Settings\roy\Programdata\Mozilla\Firefox\Profiles\eq67zq16.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.65:C:\Documents and Settings\roy\Programdata\Mozilla\Firefox\Profiles\eq67zq16.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
C:\Documents and Settings\roy\Cookies\roy@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.221:C:\Documents and Settings\bda\Programdata\Mozilla\Firefox\Profiles\ph7gafer.default\cookies.txt -> TrackingCookie.Trafic : Cleaned.
:mozilla.249:C:\Documents and Settings\bda\Programdata\Mozilla\Firefox\Profiles\ph7gafer.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.88:C:\Documents and Settings\roy\Programdata\Mozilla\Firefox\Profiles\eq67zq16.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.263:C:\Documents and Settings\bda\Programdata\Mozilla\Firefox\Profiles\ph7gafer.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned.
:mozilla.270:C:\Documents and Settings\bda\Programdata\Mozilla\Firefox\Profiles\ph7gafer.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned.
:mozilla.238:C:\Documents and Settings\roy\Programdata\Mozilla\Firefox\Profiles\eq67zq16.default\cookies.txt -> TrackingCookie.Webtrends : Cleaned.
:mozilla.237:C:\Documents and Settings\roy\Programdata\Mozilla\Firefox\Profiles\eq67zq16.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.297:C:\Documents and Settings\bda\Programdata\Mozilla\Firefox\Profiles\ph7gafer.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.273:C:\Documents and Settings\bda\Programdata\Mozilla\Firefox\Profiles\ph7gafer.default\cookies.txt -> TrackingCookie.Yadro : Cleaned.
:mozilla.357:C:\Documents and Settings\roy\Programdata\Mozilla\Firefox\Profiles\eq67zq16.default\cookies.txt -> TrackingCookie.Yadro : Cleaned.
C:\Documents and Settings\bda\Cookies\bda@yadro[1].txt -> TrackingCookie.Yadro : Cleaned.
:mozilla.454:C:\Documents and Settings\bda\Programdata\Mozilla\Firefox\Profiles\ph7gafer.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.458:C:\Documents and Settings\bda\Programdata\Mozilla\Firefox\Profiles\ph7gafer.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.56:C:\Documents and Settings\roy\Programdata\Mozilla\Firefox\Profiles\eq67zq16.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.57:C:\Documents and Settings\roy\Programdata\Mozilla\Firefox\Profiles\eq67zq16.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.58:C:\Documents and Settings\roy\Programdata\Mozilla\Firefox\Profiles\eq67zq16.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.61:C:\Documents and Settings\roy\Programdata\Mozilla\Firefox\Profiles\eq67zq16.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\roy\Cookies\roy@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\roy\Cookies\roy@yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.134:C:\Documents and Settings\roy\Programdata\Mozilla\Firefox\Profiles\eq67zq16.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.135:C:\Documents and Settings\roy\Programdata\Mozilla\Firefox\Profiles\eq67zq16.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.136:C:\Documents and Settings\roy\Programdata\Mozilla\Firefox\Profiles\eq67zq16.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.187:C:\Documents and Settings\bda\Programdata\Mozilla\Firefox\Profiles\ph7gafer.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.188:C:\Documents and Settings\bda\Programdata\Mozilla\Firefox\Profiles\ph7gafer.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
C:\Documents and Settings\roy\Lokale innstillinger\Temp\win439.tmp.exe -> Trojan.Dialer.qn : Cleaned with backup (quarantined).
C:\Documents and Settings\roy\Lokale innstillinger\Temporary Internet Files\Content.IE5\SN2D6TA5\antzom[1].exe -> Trojan.Dialer.qn : Cleaned with backup (quarantined).
C:\Documents and Settings\roy\Lokale innstillinger\Temporary Internet Files\Content.IE5\YH7W6IYP\xc60[1].exe -> Trojan.Dialer.qn : Cleaned with backup (quarantined).
::Report end
HJT log:
Logfile of HijackThis v1.99.1
Scan saved at 09:06:31, on 04.04.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\cisvc.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Programfiler\Fellesfiler\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programfiler\Microsoft SQL Server\MSSQL$INVENTORCONTENT\Binn\sqlservr.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\Programfiler\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Programfiler\Java\jre1.5.0_10\bin\jusched.exe
C:\Programfiler\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Programfiler\Fellesfiler\PCSuite\DataLayer\DataLayer.exe
C:\Programfiler\Spyware Terminator\SpywareTerminatorShield.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programfiler\Messenger\msmsgs.exe
C:\Programfiler\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\PROGRA~1\FELLES~1\PCSuite\Services\SERVIC~1.EXE
C:\Programfiler\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Programfiler\Mozilla Firefox\firefox.exe
C:\Programfiler\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programfiler\Java\jre1.5.0_10\bin\jucheck.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\hijackthis\Scanner.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startsiden.no
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 0.0.0.0
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programfiler\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programfiler\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Programfiler\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programfiler\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programfiler\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
O4 - HKLM\..\Run: [DataLayer] C:\Programfiler\Fellesfiler\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Programfiler\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programfiler\Messenger\msmsgs.exe" /background
O4 - Startup: Adobe Gamma.lnk = C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Programfiler\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programfiler\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Service Manager.lnk = C:\Programfiler\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1123655657057
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Programfiler\AutoCAD LT 2002\AcDcToday.ocx
O16 - DPF: {A662DA7E-CCB7-4743-B71A-D817F6D575DF} (Autodesk DWF Viewer Control) - http://www.autodesk.com/global/dwfviewer/installer/DwfViewerSetup.cab
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Programfiler\AutoCAD LT 2002\InstBanr.ocx
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file://C:\Programfiler\AutoCAD LT 2002\InstFred.ocx
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Programfiler\AutoCAD LT 2002\AcPreview.ocx
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Norsafe.local
O17 - HKLM\Software\..\Telephony: DomainName = Norsafe.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = Norsafe.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = Norsafe.local
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Programfiler\Fellesfiler\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Programfiler\iPod\bin\iPodService.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Programfiler\Fellesfiler\SolidWorks Shared\Service\SolidWorksLicensing.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Programfiler\Spyware Terminator\sp_rsser.exe
Thanks,
Roninc
Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 only
- Double-click ATF-Cleaner.exe to run the program.
If you use Firefox browserUnder Main choose: Select All
Click the Empty Selected button.
- Click Firefox at the top and choose: Select All
If you use Opera browserClick the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
- Click Opera at the top and choose: Select All
Click Exit on the Main menu to close the program.Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
For Technical Support, double-click the e-mail address located at the bottom of each menu.
Update your java:
Please Update your Java and Remove old Java Versions
- Download the latest version of Java Runtime Environment (JRE) 6u1 .<== scroll down the list to find THIS entry
- Click the "Download" button to the right.
- Check the box that says: "Accept License Agreement".
- The page will refresh.
- Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
Remove older Java Versions:- Close any programs you may have running - especially your web browser.
- Go to Start >> Control Panel double-click on Add/Remove Programs and remove all older versions of Java.
- Check any item with Java Runtime Environment (JRE or J2SE) in the name.
- Click the Remove or Change/Remove button.
- Repeat as many times as necessary to remove each Java versions.
- Reboot your computer once all Java components are removed.
Install latest Java Version:- From your desktop, double-click on jre-6-windows-i586.exe to install the newest version.
Post a fresh HijackThis log