PC running bad, bad, bad
Surtlab
Georgia
Just recently my PC started running slow and sluggish. Emails hang up while trying to read them, log off error...SUNKIST.NOTIFYICONDATA.HWMD... have to end now several times before log off. Screen saver freezes up, ctrl/alt/del takes me back to desktop (sometimes).
No new programs downloaded, (that i know of), just some music. I've ran all of my Ad-ware, spyware, virus (none found) but still having a problem. Fan on PC runs constantly (not normal) as if too many things are running.
Here is Hijack this log:.............. Just can't figure this one out.
SURTLAB
Logfile of HijackThis v1.99.1
Scan saved at 6:58:31 PM, on 4/3/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
C:\Program Files\CA\eTrust Internet Security Suite\CA Personal Firewall\capfasem.exe
C:\Program Files\CA\eTrust Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CA\eTrust Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CA\eTrust Internet Security Suite\CA Personal Firewall\capfsem.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\zHotkey.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\CA\eTrust Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA\eTrust Internet Security Suite\CA Anti-Spam\QSP-5.0.419.0\QOELoader.exe
C:\Program Files\CA\eTrust Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\CAPPActiveProtection.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.foxnews.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ShowWnd] ShowWnd.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\eTrust Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [cafwc] C:\Program Files\CA\eTrust Internet Security Suite\CA Personal Firewall\cafw.exe -cl
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\eTrust Internet Security Suite\CA Anti-Spam\QSP-5.0.419.0\QOELoader.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} (InstallShield Setup Player 2K2) - http://www.passalong.com/Music/install/network/install.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by109fd.bay109.hotmail.msn.com/activex/HMAtchmt.ocx
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: PFW - C:\WINDOWS\SYSTEM32\UmxWnp.Dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: exemplars - {2acf3add-34a1-4f2f-99cf-cc69785d1e90} - (no file)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: CA Personal Firewall ASEM - Unknown owner - C:\Program Files\CA\eTrust Internet Security Suite\CA Personal Firewall\capfasem.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: HIPS Event Manager (UmxAgent) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
O23 - Service: HIPS Configuration Interpreter (UmxCfg) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
O23 - Service: HIPS Firewall Helper (UmxFwHlp) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
O23 - Service: HIPS Policy Manager (UmxPol) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\eTrust Internet Security Suite\CA Anti-Virus\VetMsg.exe
O23 - Service: Blue Coat K9 Web Protection (WebFilter) - Unknown owner - C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe
No new programs downloaded, (that i know of), just some music. I've ran all of my Ad-ware, spyware, virus (none found) but still having a problem. Fan on PC runs constantly (not normal) as if too many things are running.
Here is Hijack this log:.............. Just can't figure this one out.
SURTLAB
Logfile of HijackThis v1.99.1
Scan saved at 6:58:31 PM, on 4/3/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
C:\Program Files\CA\eTrust Internet Security Suite\CA Personal Firewall\capfasem.exe
C:\Program Files\CA\eTrust Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CA\eTrust Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CA\eTrust Internet Security Suite\CA Personal Firewall\capfsem.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\zHotkey.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\CA\eTrust Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA\eTrust Internet Security Suite\CA Anti-Spam\QSP-5.0.419.0\QOELoader.exe
C:\Program Files\CA\eTrust Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\CAPPActiveProtection.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.foxnews.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ShowWnd] ShowWnd.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\eTrust Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [cafwc] C:\Program Files\CA\eTrust Internet Security Suite\CA Personal Firewall\cafw.exe -cl
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\eTrust Internet Security Suite\CA Anti-Spam\QSP-5.0.419.0\QOELoader.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} (InstallShield Setup Player 2K2) - http://www.passalong.com/Music/install/network/install.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by109fd.bay109.hotmail.msn.com/activex/HMAtchmt.ocx
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: PFW - C:\WINDOWS\SYSTEM32\UmxWnp.Dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: exemplars - {2acf3add-34a1-4f2f-99cf-cc69785d1e90} - (no file)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: CA Personal Firewall ASEM - Unknown owner - C:\Program Files\CA\eTrust Internet Security Suite\CA Personal Firewall\capfasem.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: HIPS Event Manager (UmxAgent) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
O23 - Service: HIPS Configuration Interpreter (UmxCfg) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
O23 - Service: HIPS Firewall Helper (UmxFwHlp) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
O23 - Service: HIPS Policy Manager (UmxPol) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\eTrust Internet Security Suite\CA Anti-Virus\VetMsg.exe
O23 - Service: Blue Coat K9 Web Protection (WebFilter) - Unknown owner - C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe
0
Comments
Put Hijackthis to its won folder; C:/Hijackthis/Hijackthis.exe This is importatnt for the backups!
Please download SmitfraudFix (by S!Ri)
Double-click SmitfraudFix.exe.
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.
**If the tool fails to launch from the Desktop, please move SmitfraudFix.exe directly to the root of the system drive (usually C:), and launch from there.
Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/proc...processutil.htm
Please, post fresh HijackThis log with Smitfradufix report to your next reply.
Here is the smitfraud report and under it a new hijack this log. I had to use the smitfraud fix once before (6months ago) but was having an adverstisement pop up to purchase anitvirus. I haven't had anything like that this time, just the "sunkist.notifyicondata.hwmd" and the pc running bad.
SmitFraudFix v2.163
Scan done at 10:23:15.84, Wed 04/04/2007
Run from C:\Documents and Settings\Owner\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» Process
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
C:\Program Files\CA\eTrust Internet Security Suite\CA Personal Firewall\capfasem.exe
C:\Program Files\CA\eTrust Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CA\eTrust Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CA\eTrust Internet Security Suite\CA Personal Firewall\capfsem.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\zHotkey.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\CA\eTrust Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA\eTrust Internet Security Suite\CA Anti-Spam\QSP-5.0.419.0\QOELoader.exe
C:\Program Files\CA\eTrust Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\CAPPActiveProtection.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\system32\cmd.exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Owner
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Owner\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Start Menu
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Owner\FAVORI~1
»»»»»»»»»»»»»»»»»»»»»»»» Desktop
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys
»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{2acf3add-34a1-4f2f-99cf-cc69785d1e90}"="exemplars"
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32-huy32
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: Realtek RTL8139/810x Family Fast Ethernet NIC - Packet Scheduler Miniport
DNS Server Search Order: 192.168.1.254
DNS Server Search Order: 192.168.1.254
HKLM\SYSTEM\CCS\Services\Tcpip\..\{E338385D-5CBF-4517-968C-5CF9E0A5FB64}: DhcpNameServer=192.168.1.254 192.168.1.254
HKLM\SYSTEM\CS1\Services\Tcpip\..\{E338385D-5CBF-4517-968C-5CF9E0A5FB64}: DhcpNameServer=192.168.1.254 192.168.1.254
HKLM\SYSTEM\CS2\Services\Tcpip\..\{E338385D-5CBF-4517-968C-5CF9E0A5FB64}: DhcpNameServer=192.168.1.254 192.168.1.254
HKLM\SYSTEM\CS3\Services\Tcpip\..\{E338385D-5CBF-4517-968C-5CF9E0A5FB64}: DhcpNameServer=192.168.1.254 192.168.1.254
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254 192.168.1.254
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254 192.168.1.254
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254 192.168.1.254
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254 192.168.1.254
»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection
»»»»»»»»»»»»»»»»»»»»»»»» End
Hijack this new report:
Logfile of HijackThis v1.99.1
Scan saved at 10:26:11 AM, on 4/4/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
C:\Program Files\CA\eTrust Internet Security Suite\CA Personal Firewall\capfasem.exe
C:\Program Files\CA\eTrust Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CA\eTrust Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CA\eTrust Internet Security Suite\CA Personal Firewall\capfsem.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\zHotkey.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\CA\eTrust Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA\eTrust Internet Security Suite\CA Anti-Spam\QSP-5.0.419.0\QOELoader.exe
C:\Program Files\CA\eTrust Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\CAPPActiveProtection.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\Owner\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.foxnews.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ShowWnd] ShowWnd.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\eTrust Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [cafwc] C:\Program Files\CA\eTrust Internet Security Suite\CA Personal Firewall\cafw.exe -cl
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\eTrust Internet Security Suite\CA Anti-Spam\QSP-5.0.419.0\QOELoader.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} (InstallShield Setup Player 2K2) - http://www.passalong.com/Music/install/network/install.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by109fd.bay109.hotmail.msn.com/activex/HMAtchmt.ocx
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: PFW - C:\WINDOWS\SYSTEM32\UmxWnp.Dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: exemplars - {2acf3add-34a1-4f2f-99cf-cc69785d1e90} - (no file)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: CA Personal Firewall ASEM - Unknown owner - C:\Program Files\CA\eTrust Internet Security Suite\CA Personal Firewall\capfasem.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: HIPS Event Manager (UmxAgent) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
O23 - Service: HIPS Configuration Interpreter (UmxCfg) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
O23 - Service: HIPS Firewall Helper (UmxFwHlp) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
O23 - Service: HIPS Policy Manager (UmxPol) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\eTrust Internet Security Suite\CA Anti-Virus\VetMsg.exe
O23 - Service: Blue Coat K9 Web Protection (WebFilter) - Unknown owner - C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe
==========================
Please visit Virustotal
- Click the Browse... button
- Navigate to the file ShowWnd.exe
- Click the Open button
- Click the Send button
- Copy and paste the results back here please.
==========================Please download AVG Anti-Spyware to your Desktop or to your usual Download Folder.
http://www.ewido.net/en/download/
- Install AVG Anti-Spyware by double clicking the installer.
- Follow the prompts. Make sure that Launch AVG Anti-Spyware is checked.
- On the main screen under Your Computer's security.
- Click on Change state next to Resident shield. It should now change to inactive.
- Click on Change state next to Automatic updates. It should now change to inactive.
- Next to Last Update, click on Update now. (You will need an active internet connection to perform this)
- Wait until you see the Update succesfull message.
- Right-click the AVG Anti-Spyware Tray Icon and uncheck Start with Windows.
- Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
If you are having problems with the updater, you can use this link to manually update ewido.AVG Anti-Spyware manual updates.
Download the Full database to your Desktop or to your usual Download Folder and install it by double clicking the file. Make sure that AVG Anti-Spyware is closed before installing the update.
==========================
Run HijackThis
Click on do a system scan only
Place a checkmark next to these lines(if still present)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O21 - SSODL: exemplars - {2acf3add-34a1-4f2f-99cf-cc69785d1e90} - (no file)
Then close all windows except Hijackthis and click Fix Checked
==========================
- Go to Start > My Computer
- Go to Tools > Folder Options
- Click on the View tab
- Untick the following:
- Hide extensions for known file types
- Hide protected operating system files (Recommended)
- You will get a message warning you about showing protected operating system files, click Yes
- Make sure this option is selected:
- Show hidden files and folders
- Click Apply and then click OK
==========================Restart your computer to Safe Mode.
- 1. If the computer is running, shut down Windows, and then turn off the power.
==========================2. Wait 30 seconds, and then turn the computer on.
3. Start tapping the F8 key. The Windows Advanced Options Menu will appear. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
4. Ensure that the Safe Mode option is selected.
5. Press Enter. The computer then begins to start in Safe Mode.
6. Login on your usual account.
Close ALL open Windows / Programs / Folders. Please start AVG Anti-Spyware and run a full scan.
- Click on Scanner on the toolbar.
- Click on the Settings tab.
- Under How to act?
- Click on Recommended Action and choose Quarantine from the popup menu.
- Under How to scan?
- All checkboxes should be ticked.
- Under Possibly unwanted software:
- All checkboxes should be ticked.
- Under Reports:
- Select Automatically generate report after every scan and uncheck Only if threats were found.
- Under What to scan?
- Select Scan every file.
- Click on the Scan tab.
- Click on Complete System Scan to start the scan process.
- Let the program scan the machine.
- When the scan has finished, follow the instructions below.
- Make sure that Set all elements to: shows Quarantine (1), if not click on the link and choose Quarantine from the popup menu. (2)
- At the bottom of the window click on the Apply all Actions button. (3)
- When done, click the Save Scan Report button. (4)
- Click the Save Report as button.
- Save the report to your Desktop.
- Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
Reboot in Normal Mode.IMPORTANT : Don't click on the "Save Scan Report" button before you did hit the "Apply all Actions" button.
Please post fresh Hijackthis log, Virustotal results and AVG report to your next reply.
Sorry and thanx,
I'm not even sure if what I did is what you are asking for. I will wait for your reply on the putting this into own folder before I proceed with other instructions and updates.
Then go to C:/ sector and under File and Foldet Tasks, click Make a new folder. A new folder is displayed with the default name, New Folder, selected.Type a name for the new folder (="Hijackthis"), and then press ENTER. Like this: C:/Hijackthis/
Double click that folder. When you are at that folder press Ctrl+V (Paste) and Hijackthis will be pasted over there.
Your HijackThis will be at here: C:/Hijackthis/HijackThis.exe
Then go on with my other instructions.
I'll post what I find out............
Logfile of HijackThis v1.99.1
Scan saved at 12:26:31 AM, on 4/5/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
C:\Program Files\CA\eTrust Internet Security Suite\CA Personal Firewall\capfasem.exe
C:\Program Files\CA\eTrust Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CA\eTrust Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\Program Files\CA\eTrust Internet Security Suite\CA Personal Firewall\capfsem.exe
C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\zHotkey.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\CA\eTrust Internet Security Suite\cctray\cctray.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\CA\eTrust Internet Security Suite\CA Anti-Spam\QSP-5.0.419.0\QOELoader.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\CA\eTrust Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\CAPPActiveProtection.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ShowWnd] ShowWnd.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\eTrust Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [cafwc] C:\Program Files\CA\eTrust Internet Security Suite\CA Personal Firewall\cafw.exe -cl
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\eTrust Internet Security Suite\CA Anti-Spam\QSP-5.0.419.0\QOELoader.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} (InstallShield Setup Player 2K2) - http://www.passalong.com/Music/install/network/install.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by109fd.bay109.hotmail.msn.com/activex/HMAtchmt.ocx
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: PFW - C:\WINDOWS\SYSTEM32\UmxWnp.Dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CA Personal Firewall ASEM - Unknown owner - C:\Program Files\CA\eTrust Internet Security Suite\CA Personal Firewall\capfasem.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: HIPS Event Manager (UmxAgent) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
O23 - Service: HIPS Configuration Interpreter (UmxCfg) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
O23 - Service: HIPS Firewall Helper (UmxFwHlp) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
O23 - Service: HIPS Policy Manager (UmxPol) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\eTrust Internet Security Suite\CA Anti-Virus\VetMsg.exe
O23 - Service: Blue Coat K9 Web Protection (WebFilter) - Unknown owner - C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe
AVG Anti-Spyware - Scan Report
+ Created at: 12:11:51 AM 4/5/2007
+ Scan result:
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP612\A0084454.exe -> Adware.180Solutions : Ignored.
:mozilla.10:C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\okr5ux8j.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.11:C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\okr5ux8j.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.12:C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\okr5ux8j.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.13:C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\okr5ux8j.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.144:C:\Documents and Settings\Taylor Shelle\Application Data\Mozilla\Firefox\Profiles\go0fbbyq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.145:C:\Documents and Settings\Taylor Shelle\Application Data\Mozilla\Firefox\Profiles\go0fbbyq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.146:C:\Documents and Settings\Taylor Shelle\Application Data\Mozilla\Firefox\Profiles\go0fbbyq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.147:C:\Documents and Settings\Taylor Shelle\Application Data\Mozilla\Firefox\Profiles\go0fbbyq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.148:C:\Documents and Settings\Taylor Shelle\Application Data\Mozilla\Firefox\Profiles\go0fbbyq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.149:C:\Documents and Settings\Taylor Shelle\Application Data\Mozilla\Firefox\Profiles\go0fbbyq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.14:C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\okr5ux8j.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.150:C:\Documents and Settings\Taylor Shelle\Application Data\Mozilla\Firefox\Profiles\go0fbbyq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.151:C:\Documents and Settings\Taylor Shelle\Application Data\Mozilla\Firefox\Profiles\go0fbbyq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.152:C:\Documents and Settings\Taylor Shelle\Application Data\Mozilla\Firefox\Profiles\go0fbbyq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.153:C:\Documents and Settings\Taylor Shelle\Application Data\Mozilla\Firefox\Profiles\go0fbbyq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.154:C:\Documents and Settings\Taylor Shelle\Application Data\Mozilla\Firefox\Profiles\go0fbbyq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.155:C:\Documents and Settings\Taylor Shelle\Application Data\Mozilla\Firefox\Profiles\go0fbbyq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.181:C:\Documents and Settings\Taylor Shelle\Application Data\Mozilla\Firefox\Profiles\go0fbbyq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.6:C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\okr5ux8j.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.9:C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\okr5ux8j.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.10:C:\Documents and Settings\Taylor Shelle\Application Data\Mozilla\Firefox\Profiles\go0fbbyq.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned.
:mozilla.11:C:\Documents and Settings\Taylor Shelle\Application Data\Mozilla\Firefox\Profiles\go0fbbyq.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned.
:mozilla.12:C:\Documents and Settings\Taylor Shelle\Application Data\Mozilla\Firefox\Profiles\go0fbbyq.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned.
:mozilla.13:C:\Documents and Settings\Taylor Shelle\Application Data\Mozilla\Firefox\Profiles\go0fbbyq.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned.
:mozilla.14:C:\Documents and Settings\Taylor Shelle\Application Data\Mozilla\Firefox\Profiles\go0fbbyq.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned.
:mozilla.15:C:\Documents and Settings\Taylor Shelle\Application Data\Mozilla\Firefox\Profiles\go0fbbyq.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned.
:mozilla.16:C:\Documents and Settings\Taylor Shelle\Application Data\Mozilla\Firefox\Profiles\go0fbbyq.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned.
:mozilla.17:C:\Documents and Settings\Taylor Shelle\Application Data\Mozilla\Firefox\Profiles\go0fbbyq.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned.
:mozilla.18:C:\Documents and Settings\Taylor Shelle\Application Data\Mozilla\Firefox\Profiles\go0fbbyq.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned.
:mozilla.19:C:\Documents and Settings\Taylor Shelle\Application Data\Mozilla\Firefox\Profiles\go0fbbyq.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned.
:mozilla.20:C:\Documents and Settings\Taylor Shelle\Application Data\Mozilla\Firefox\Profiles\go0fbbyq.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned.
:mozilla.21:C:\Documents and Settings\Taylor Shelle\Application Data\Mozilla\Firefox\Profiles\go0fbbyq.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned.
:mozilla.22:C:\Documents and Settings\Taylor Shelle\Application Data\Mozilla\Firefox\Profiles\go0fbbyq.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned.
:mozilla.23:C:\Documents and Settings\Taylor Shelle\Application Data\Mozilla\Firefox\Profiles\go0fbbyq.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned.
:mozilla.24:C:\Documents and Settings\Taylor Shelle\Application Data\Mozilla\Firefox\Profiles\go0fbbyq.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned.
:mozilla.25:C:\Documents and Settings\Taylor Shelle\Application Data\Mozilla\Firefox\Profiles\go0fbbyq.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned.
:mozilla.8:C:\Documents and Settings\Taylor Shelle\Application Data\Mozilla\Firefox\Profiles\go0fbbyq.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned.
:mozilla.9:C:\Documents and Settings\Taylor Shelle\Application Data\Mozilla\Firefox\Profiles\go0fbbyq.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned.
:mozilla.251:C:\Documents and Settings\Taylor Shelle\Application Data\Mozilla\Firefox\Profiles\go0fbbyq.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.252:C:\Documents and Settings\Taylor Shelle\Application Data\Mozilla\Firefox\Profiles\go0fbbyq.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.219:C:\Documents and Settings\Taylor Shelle\Application Data\Mozilla\Firefox\Profiles\go0fbbyq.default\cookies.txt -> TrackingCookie.Adobe : Cleaned.
:mozilla.185:C:\Documents and Settings\Taylor Shelle\Application Data\Mozilla\Firefox\Profiles\go0fbbyq.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.186:C:\Documents and Settings\Taylor Shelle\Application Data\Mozilla\Firefox\Profiles\go0fbbyq.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.108:C:\Documents and Settings\Taylor Shelle\Application Data\Mozilla\Firefox\Profiles\go0fbbyq.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.109:C:\Documents and Settings\Taylor Shelle\Application Data\Mozilla\Firefox\Profiles\go0fbbyq.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.113:C:\Documents and Settings\Taylor Shelle\Application Data\Mozilla\Firefox\Profiles\go0fbbyq.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.114:C:\Documents and Settings\Taylor Shelle\Application Data\Mozilla\Firefox\Profiles\go0fbbyq.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.115:C:\Documents and Settings\Taylor Shelle\Application Data\Mozilla\Firefox\Profiles\go0fbbyq.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.20:C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\okr5ux8j.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.21:C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\okr5ux8j.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.22:C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\okr5ux8j.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.23:C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\okr5ux8j.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.24:C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\okr5ux8j.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.119:C:\Documents and Settings\Taylor Shelle\Application Data\Mozilla\Firefox\Profiles\go0fbbyq.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.33:C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\okr5ux8j.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.118:C:\Documents and Settings\Taylor Shelle\Application Data\Mozilla\Firefox\Profiles\go0fbbyq.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned.
:mozilla.62:C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\okr5ux8j.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned.
:mozilla.117:C:\Documents and Settings\Taylor Shelle\Application Data\Mozilla\Firefox\Profiles\go0fbbyq.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.106:C:\Documents and Settings\Taylor Shelle\Application Data\Mozilla\Firefox\Profiles\go0fbbyq.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.107:C:\Documents and Settings\Taylor Shelle\Application Data\Mozilla\Firefox\Profiles\go0fbbyq.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.112:C:\Documents and Settings\Taylor Shelle\Application Data\Mozilla\Firefox\Profiles\go0fbbyq.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.131:C:\Documents and Settings\Taylor Shelle\Application Data\Mozilla\Firefox\Profiles\go0fbbyq.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.132:C:\Documents and Settings\Taylor Shelle\Application Data\Mozilla\Firefox\Profiles\go0fbbyq.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.133:C:\Documents and Settings\Taylor Shelle\Application Data\Mozilla\Firefox\Profiles\go0fbbyq.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.134:C:\Documents and Settings\Taylor Shelle\Application Data\Mozilla\Firefox\Profiles\go0fbbyq.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.66:C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\okr5ux8j.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.67:C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\okr5ux8j.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.68:C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\okr5ux8j.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.269:C:\Documents and Settings\Taylor Shelle\Application Data\Mozilla\Firefox\Profiles\go0fbbyq.default\cookies.txt -> TrackingCookie.Dealtime : Cleaned.
:mozilla.16:C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\okr5ux8j.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.83:C:\Documents and Settings\Taylor Shelle\Application Data\Mozilla\Firefox\Profiles\go0fbbyq.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.190:C:\Documents and Settings\Taylor Shelle\Application Data\Mozilla\Firefox\Profiles\go0fbbyq.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.191:C:\Documents and Settings\Taylor Shelle\Application Data\Mozilla\Firefox\Profiles\go0fbbyq.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.192:C:\Documents and Settings\Taylor Shelle\Application Data\Mozilla\Firefox\Profiles\go0fbbyq.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.128:C:\Documents and Settings\Taylor Shelle\Application Data\Mozilla\Firefox\Profiles\go0fbbyq.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.129:C:\Documents and Settings\Taylor Shelle\Application Data\Mozilla\Firefox\Profiles\go0fbbyq.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.180:C:\Documents and Settings\Taylor Shelle\Application Data\Mozilla\Firefox\Profiles\go0fbbyq.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.276:C:\Documents and Settings\Taylor Shelle\Application Data\Mozilla\Firefox\Profiles\go0fbbyq.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.277:C:\Documents and Settings\Taylor Shelle\Application Data\Mozilla\Firefox\Profiles\go0fbbyq.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.78:C:\Documents and Settings\Taylor Shelle\Application Data\Mozilla\Firefox\Profiles\go0fbbyq.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.79:C:\Documents and Settings\Taylor Shelle\Application Data\Mozilla\Firefox\Profiles\go0fbbyq.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.80:C:\Documents and Settings\Taylor Shelle\Application Data\Mozilla\Firefox\Profiles\go0fbbyq.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.81:C:\Documents and Settings\Taylor Shelle\Application Data\Mozilla\Firefox\Profiles\go0fbbyq.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.82:C:\Documents and Settings\Taylor Shelle\Application Data\Mozilla\Firefox\Profiles\go0fbbyq.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.84:C:\Documents and Settings\Taylor Shelle\Application Data\Mozilla\Firefox\Profiles\go0fbbyq.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.85:C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\okr5ux8j.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.85:C:\Documents and Settings\Taylor Shelle\Application Data\Mozilla\Firefox\Profiles\go0fbbyq.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.86:C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\okr5ux8j.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.86:C:\Documents and Settings\Taylor Shelle\Application Data\Mozilla\Firefox\Profiles\go0fbbyq.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.87:C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\okr5ux8j.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.87:C:\Documents and Settings\Taylor Shelle\Application Data\Mozilla\Firefox\Profiles\go0fbbyq.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.88:C:\Documents and Settings\Taylor Shelle\Application Data\Mozilla\Firefox\Profiles\go0fbbyq.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.89:C:\Documents and Settings\Taylor Shelle\Application Data\Mozilla\Firefox\Profiles\go0fbbyq.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.90:C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\okr5ux8j.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.90:C:\Documents and Settings\Taylor Shelle\Application Data\Mozilla\Firefox\Profiles\go0fbbyq.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.122:C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\okr5ux8j.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned.
:mozilla.206:C:\Documents and Settings\Taylor Shelle\Application Data\Mozilla\Firefox\Profiles\go0fbbyq.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.207:C:\Documents and Settings\Taylor Shelle\Application Data\Mozilla\Firefox\Profiles\go0fbbyq.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.41:C:\Documents and Settings\Taylor Shelle\Application Data\Mozilla\Firefox\Profiles\go0fbbyq.default\cookies.txt -> TrackingCookie.Information : Cleaned.
:mozilla.43:C:\Documents and Settings\Taylor Shelle\Application Data\Mozilla\Firefox\Profiles\go0fbbyq.default\cookies.txt -> TrackingCookie.Information : Cleaned.
:mozilla.44:C:\Documents and Settings\Taylor Shelle\Application Data\Mozilla\Firefox\Profiles\go0fbbyq.default\cookies.txt -> TrackingCookie.Information : Cleaned.
:mozilla.96:C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\okr5ux8j.default\cookies.txt -> TrackingCookie.Information : Cleaned.
:mozilla.101:C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\okr5ux8j.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.102:C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\okr5ux8j.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.106:C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\okr5ux8j.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.144:C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\okr5ux8j.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.145:C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\okr5ux8j.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.6:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\zzna64ke.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.7:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\zzna64ke.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.8:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\zzna64ke.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.9:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\zzna64ke.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.105:C:\Documents and Settings\Taylor Shelle\Application Data\Mozilla\Firefox\Profiles\go0fbbyq.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.54:C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\okr5ux8j.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.55:C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\okr5ux8j.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.94:C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\okr5ux8j.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.95:C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\okr5ux8j.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.125:C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\okr5ux8j.default\cookies.txt -> TrackingCookie.Paypal : Cleaned.
:mozilla.100:C:\Documents and Settings\Taylor Shelle\Application Data\Mozilla\Firefox\Profiles\go0fbbyq.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.101:C:\Documents and Settings\Taylor Shelle\Application Data\Mozilla\Firefox\Profiles\go0fbbyq.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.102:C:\Documents and Settings\Taylor Shelle\Application Data\Mozilla\Firefox\Profiles\go0fbbyq.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.103:C:\Documents and Settings\Taylor Shelle\Application Data\Mozilla\Firefox\Profiles\go0fbbyq.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.34:C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\okr5ux8j.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.35:C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\okr5ux8j.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.36:C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\okr5ux8j.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.37:C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\okr5ux8j.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.123:C:\Documents and Settings\Taylor Shelle\Application Data\Mozilla\Firefox\Profiles\go0fbbyq.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.124:C:\Documents and Settings\Taylor Shelle\Application Data\Mozilla\Firefox\Profiles\go0fbbyq.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.125:C:\Documents and Settings\Taylor Shelle\Application Data\Mozilla\Firefox\Profiles\go0fbbyq.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.60:C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\okr5ux8j.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.61:C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\okr5ux8j.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.176:C:\Documents and Settings\Taylor Shelle\Application Data\Mozilla\Firefox\Profiles\go0fbbyq.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.177:C:\Documents and Settings\Taylor Shelle\Application Data\Mozilla\Firefox\Profiles\go0fbbyq.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.97:C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\okr5ux8j.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.23:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\zzna64ke.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.27:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\zzna64ke.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.41:C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\okr5ux8j.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.43:C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\okr5ux8j.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.70:C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\okr5ux8j.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.71:C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\okr5ux8j.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.25:C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\okr5ux8j.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.26:C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\okr5ux8j.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.28:C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\okr5ux8j.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.29:C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\okr5ux8j.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.30:C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\okr5ux8j.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.31:C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\okr5ux8j.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.32:C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\okr5ux8j.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.116:C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\okr5ux8j.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.117:C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\okr5ux8j.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.118:C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\okr5ux8j.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.187:C:\Documents and Settings\Taylor Shelle\Application Data\Mozilla\Firefox\Profiles\go0fbbyq.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.81:C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\okr5ux8j.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.82:C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\okr5ux8j.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.83:C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\okr5ux8j.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.47:C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\okr5ux8j.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.48:C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\okr5ux8j.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.49:C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\okr5ux8j.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.50:C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\okr5ux8j.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.51:C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\okr5ux8j.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.52:C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\okr5ux8j.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.53:C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\okr5ux8j.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.116:C:\Documents and Settings\Taylor Shelle\Application Data\Mozilla\Firefox\Profiles\go0fbbyq.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.153:C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\okr5ux8j.default\cookies.txt -> TrackingCookie.Webtrends : Cleaned.
:mozilla.139:C:\Documents and Settings\Taylor Shelle\Application Data\Mozilla\Firefox\Profiles\go0fbbyq.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.37:C:\Documents and Settings\Taylor Shelle\Application Data\Mozilla\Firefox\Profiles\go0fbbyq.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.38:C:\Documents and Settings\Taylor Shelle\Application Data\Mozilla\Firefox\Profiles\go0fbbyq.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.39:C:\Documents and Settings\Taylor Shelle\Application Data\Mozilla\Firefox\Profiles\go0fbbyq.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.40:C:\Documents and Settings\Taylor Shelle\Application Data\Mozilla\Firefox\Profiles\go0fbbyq.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.100:C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\okr5ux8j.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.99:C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\okr5ux8j.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
::Report end
Clean system restore: INSTRUCTIONS
Otherwise your log are clean.
I decided to go to my system restore and it said I couldn't restore because nothing has been changed. For some reason, my system restore has never let me restore to any date. Not sure if this problem is related to spyware/virus, but sending a hijack this log anyway. I just want to find my stuff on the pc.
Logfile of HijackThis v1.99.1
Scan saved at 10:43:33 PM, on 4/15/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
C:\Program Files\CA\eTrust Internet Security Suite\CA Personal Firewall\capfasem.exe
C:\Program Files\CA\eTrust Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CA\eTrust Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\zHotkey.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\CA\eTrust Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA\eTrust Internet Security Suite\CA Anti-Spam\QSP-5.0.419.0\QOELoader.exe
C:\Program Files\CA\eTrust Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\CAPPActiveProtection.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.emachines.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [ShowWnd] ShowWnd.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\eTrust Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [cafwc] C:\Program Files\CA\eTrust Internet Security Suite\CA Personal Firewall\cafw.exe -cl
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\eTrust Internet Security Suite\CA Anti-Spam\QSP-5.0.419.0\QOELoader.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} (InstallShield Setup Player 2K2) - http://www.passalong.com/Music/install/network/install.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by109fd.bay109.hotmail.msn.com/activex/HMAtchmt.ocx
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: PFW - C:\WINDOWS\SYSTEM32\UmxWnp.Dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CA Personal Firewall ASEM - Unknown owner - C:\Program Files\CA\eTrust Internet Security Suite\CA Personal Firewall\capfasem.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: HIPS Event Manager (UmxAgent) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
O23 - Service: HIPS Configuration Interpreter (UmxCfg) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
O23 - Service: HIPS Firewall Helper (UmxFwHlp) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
O23 - Service: HIPS Policy Manager (UmxPol) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\eTrust Internet Security Suite\CA Anti-Virus\VetMsg.exe
O23 - Service: Blue Coat K9 Web Protection (WebFilter) - Unknown owner - C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe