Found Java/ByteVerify!exploit & Java/Shinwow.AB on computer

adreyn · 09-05-2006, 12:35 PM

I just finished cleaning up my sister's computer and decided that I should run scans on mine. Norton Antivirus shows no infections, however etrust anitvirus and panda activescan show infections. Don't want to mess things up by just deleting files. Here is my HI Jack this log and the logs from the two virus scanners.

Logfile of HijackThis v1.99.1
Scan saved at 11:26:50 AM, on 9/5/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINNT\System32\CTsvcCDA.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\wanmpsvc.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\SK9910DM.EXE
C:\WINNT\system32\devldr32.exe
C:\WINNT\GWMDMMSG.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\PhoneTools\CapFax.EXE
C:\Program Files\Winamp\Winampa.exe
C:\Program Files\Creative\ShareDLL\CtNotify.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Creative\ShareDLL\MediaDet.Exe
C:\WINNT\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Netscape\Netscape\Netscp.exe
C:\Program Files\Common Files\AOL\1147241512\ee\AOLHostManager.exe
C:\Program Files\Common Files\AOL\1147241512\ee\AOLServiceHost.exe
C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
C:\Program Files\MSAC-FD1\MSSTAT.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.donny.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.net
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.yahoogroups.com/"); (C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\s6rh4b5l.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\s6rh4b5l.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O4 - HKLM\..\Run: [Hot Key Kbd 9910 Daemon] SK9910DM.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe
O4 - HKLM\..\Run: [Keyboard Preload Check] C:\OEMDRVRS\KEYB\Preload.exe /DEVID: /CLASS:Keyboard /RunValue:"Keyboard Preload Check"
O4 - HKLM\..\Run: [GWMDMpi] C:\WINNT\GWMDMpi.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINNT\Updreg.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [CapFax] C:\Program Files\PhoneTools\CapFax.EXE
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [EPSON PictureMate] C:\WINNT\System32\spool\DRIVERS\W32X86\3\E_S4I2P1.EXE /P17 "EPSON PictureMate" /O6 "USB002" /M "PictureMate"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series] C:\WINNT\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P30 "EPSON Stylus Photo R300 Series" /O6 "USB003" /M "Stylus Photo R300"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1147241512\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\2.bin\MWSBAR.DLL,S
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\Netscape\Netscape\Netscp.exe" -turbo
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
O4 - Global Startup: Image Transfer.lnk = ?
O4 - Global Startup: Memory Stick Monitor.lnk = ?
O4 - Global Startup: SB StartCenter.lnk = ?
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbar...rch.jhtml?p=ZJ
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?link...38&clcid=0x409
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.com/SnapfishActivia.cab
O16 - DPF: {739E8D90-2F4C-43AD-A1B8-66C356FCEA35} (RunExeActiveX.RunExe) - hcp://system/RunExeActiveX.CAB
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/v...fo/webscan.cab
O16 - DPF: {99CDFD87-F97A-42E1-9C13-D18220D90AD1} (StartFirstControl.CheckFirst) - hcp://system/StartFirstControl.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart.com/photo/uploa...loadClient.cab
O20 - Winlogon Notify: WgaLogon - C:\WINNT\SYSTEM32\WgaLogon.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\System32\CTsvcCDA.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINNT\System32\ImapiRox.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
O23 - Service: PictureTaker - Unknown owner - c:\fixit\pt\PCTKRNT.SYS (file missing)
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINNT\wanmpsvc.exe

eTrust Antivirus Web Scanner

Scan Results: 170873 files scanned. 4 viruses were detected.

File Infection Status Path
ar3.jar-5ef20017-3d2ca717.zip>Gummy.class Java/ByteVerify!exploit
cannot cure C:\Documents and Settings\Guest\.jpi_cache\jar\1.0\
ar3.jar-5ef20017-3d2ca717.zip>Beyond.class Java/Shinwow.AB
cannot cure C:\Documents and Settings\Guest\.jpi_cache\jar\1.0\
ar3.jar-77402a30-5cbbaf80.zip>Gummy.class Java/ByteVerify!exploit
cannot cure C:\Documents and Settings\Guest\.jpi_cache\jar\1.0\
ar3.jar-77402a30-5cbbaf80.zip>Beyond.class Java/Shinwow.AB
cannot cure C:\Documents and Settings\Guest\.jpi_cache\jar\1.0\

Active Scan
Incident Status Location

Potentially unwanted tool:application/mywebsearch Not disinfected c:\winnt\system32\f3PSSavr.scr
Adware:adware/gator Not disinfected c:\winnt\GatorPatch.log
Potentially unwanted tool:application/funweb Not disinfected hkey_classes_root\clsid\{00A6FAF6-072E-44cf-8957-5838F569A31D}
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Guest\.jpi_cache\jar\1.0\ar3.jar-5ef20017-3d2ca717.zip[Gummy.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Guest\.jpi_cache\jar\1.0\ar3.jar-77402a30-5cbbaf80.zip[Gummy.class]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Guest\Application Data\Mozilla\Profiles\default\4wca4f12.slt\cookies.txt[.2o7.net/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Guest\Application Data\Mozilla\Profiles\default\4wca4f12.slt\cookies.txt[.atwola.com/]
Spyware:Cookie/CentrPort Not disinfected C:\Documents and Settings\Guest\Application Data\Mozilla\Profiles\default\4wca4f12.slt\cookies.txt[.centrport.net/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Guest\Application Data\Mozilla\Profiles\default\4wca4f12.slt\cookies.txt[.zedo.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Guest\Application Data\Mozilla\Profiles\default\4wca4f12.slt\cookies.txt[c5.zedo.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Guest\Cookies\guest@2o7[1].txt
Spyware:Cookie/Abetterinternet Not disinfected C:\Documents and Settings\Guest\Cookies\guest@abetterinternet[1].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Guest\Cookies\guest@ad.yieldmanager[1].txt
Spyware:Cookie/Gorillanation Not disinfected C:\Documents and Settings\Guest\Cookies\guest@ads.gorillanation[1].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Guest\Cookies\guest@atwola[2].txt
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Guest\Cookies\guest@burstnet[2].txt
Spyware:Cookie/Enhance Not disinfected C:\Documents and Settings\Guest\Cookies\guest@c.enhance[1].txt
Spyware:Cookie/Centralmedia Not disinfected C:\Documents and Settings\Guest\Cookies\guest@centralmedia[1].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Guest\Cookies\guest@cgi-bin[1].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Guest\Cookies\guest@com[2].txt
Spyware:Cookie/Sexsuche Not disinfected C:\Documents and Settings\Guest\Cookies\guest@counter.sexsuche[1].txt
Spyware:Cookie/did-it Not disinfected C:\Documents and Settings\Guest\Cookies\guest@did-it[1].txt
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Guest\Cookies\guest@ehg-dig.hitbox[2].txt
Spyware:Cookie/GoStats Not disinfected C:\Documents and Settings\Guest\Cookies\guest@gostats[2].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Guest\Cookies\guest@go[2].txt
Spyware:Cookie/LinkExchange Not disinfected C:\Documents and Settings\Guest\Cookies\guest@linkexchange[1].txt
Spyware:Cookie/Mircx Not disinfected C:\Documents and Settings\Guest\Cookies\guest@pop.mircx[1].txt
Spyware:Cookie/Rn11 Not disinfected C:\Documents and Settings\Guest\Cookies\guest@rn11[1].txt
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Guest\Cookies\guest@searchportal.information[2].txt
Spyware:Cookie/Santa Monica networks inc Not disinfected C:\Documents and Settings\Guest\Cookies\guest@smni[1].txt
Spyware:Cookie/Target Not disinfected C:\Documents and Settings\Guest\Cookies\guest@target[1].txt
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Guest\Cookies\guest@toplist[2].txt
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Guest\Cookies\guest@www.burstbeacon[1].txt
Spyware:Cookie/myaffiliateprogram Not disinfected C:\Documents and Settings\Guest\Cookies\guest@www.myaffiliateprogram[1].txt
Spyware:Cookie/Seeq Not disinfected C:\Documents and Settings\Guest\Cookies\guest@www48.seeq[1].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Guest\Cookies\guest@xiti[1].txt
Thanks for the help.
Adrienne

adreyn · 09-05-2006, 12:36 PM

Oops, forgot to add that I've been having IE crashes every now and then.
Thanks again!

**Pancake** · 09-05-2006, 06:30 PM

Hi and welcome....

Clear the Java Runtime Environment (JRE) cache:

Click Start > Control Panel.

Double-click the Java icon in the control panel.
-The Java Control Panel appears.

Click Settings under Temporary Internet Files.
-The Temporary Files Settings dialog box appears.

Click Delete Files.
-The Delete Temporary Files dialog box appears.
-There are three options on this window to clear the cache.

Delete Files

View Applications

View Applets

Click OK on Delete Temporary Files window.
-Note: This deletes all the Downloaded Applications and Applets from the cache.

Click OK on Temporary Files Settings window.

Close the Java Control Panel

Download and scan with Ewido Anti-Spyware v4.0
1. After download, double click on the file to launch the install process.
2. Choose a language, click "OK" and then click "Next".
3. Read the "License Agreement" and click "I Agree".
4. Accept default installation path: C:\Program Files\ewido anti-spyware 4.0, click "Next", then click "Install".
5. After setup completes, click "Finish" to start the program automatically or launch ewido by double-clicking its icon on your desktop or in the system tray.
6. The main "Status" menu will appear. Select "Change state" to inactivate 'Resident Shield' and 'Automatic Updates'.
7. Then right click on ewdio in the system tray and uncheck "Start with Windows".
8. Go to Start > Run and type: services.msc

Press "OK".
Click the "Extended tab" and scroll down the list to find ewido anti-spyware 4.0 guard.
When you find the guard service, double-click on it.
In the Properties Window > General Tab that opens, click the "Stop" button.
From the drop-down menu next to "Startup Type", click on "Manual".
Now click "Apply", then "OK" and close the Services window.

9. Select the "Update" button and click "Start update". If you are having problems with the updater, manually update with the Ewido Full database installer from here.

Once the updates are installed do the following:
1. Click on the "Scanner" button and choose the "Settings" tab.

Under "How to act?", click on "Recommended actions" and choose "Quarantine" to set default action for detected malware.
Under "How to Scan?" check all (default).
Under "Possibly unwanted software" check all (default).
Under "What to Scan?" make sure "Scan every file" is selected (default).
Under "Reports" select "Automatically generate report after every scan and UNcheck "Only if threats were found".

2. Click the "Scan" tab to return to scanning options.
3. Click "Complete System Scan" to start.
4. When the scan has finished you will be presented with a list of infected objects found. Click "Apply all actions" to place the files in Quarantine.

IMPORTANT! Do not save the report before you have clicked the Apply all actions button. If you do, the log that is created will indicate "No action taken", making it more difficult to interpret the report. So be sure you save it only AFTER clicking the "Apply all actions" button?

5. Click on "Save Report" to view all completed scans. Click on the most recent scan you just performed and select "Save report as" - the default file name will be in date/time format as follows: Report-Scan-20060620-142816.txt. Save to your desktop. A copy of each report will also be saved in C:\Program Files\ewido anti-spyware 4.0\Reports\
6. Exit Ewido when done and submit the log report in your next response.

Note: Close all open windows, programs, and DO NOT USE the computer while Ewido is scanning. If Explorer or other programs are open during the scan that means certain files will also be in use. Some malware will insert itself and hide in areas that are "protected" by Windows when the files are being used. This can hamper Ewido's ability to clean properly and may result in reinfection.

Note: If Ewido "crashes" or "hangs" during the scan, try scanning again by doing this:
1. Scan one sector of the system at a time by using the "Custom Scan" feature. To do this select Scanner > Custom Scan and click on Add drive/directory/file. Browse to C:\Windows > System, add this folder to the list and click on "Start Scan". When the scan is complete, repeat the Custom Scan but this time, browse to and add the System32 folder. Then keep repeating this procedure until all your folders have been scanned. Make sure you include the Documents & Settings folder.

2. If this still does not help, then turn the ADS scanner off while making a Custom Scan. To do this select Scanner > Scan Settings and untick "Scan in NTFS Alternate Data Streams". Then repeat the steps above for performing a Custom Scan.

adreyn · 09-06-2006, 11:18 PM

Hi!
Ok, I get as far as Java control panel, then I'm lost from there. There are several tabs to chose from Basic, Advanced, Browser, Proxies, Cache, Certificates, about. I have searched through all the tabs and figure cache is the closest that I'm going to get to the temporary internet files. However, I don't get the delete files, view applications or view applets. Instead, I have apply and reset or up at the top are the buttons view files in cache and clear cache. Am I completely in the wrong place here?
Thanks

**Pancake** · 09-07-2006, 01:32 AM

Go for clear the cache.

adreyn · 09-07-2006, 11:19 AM

Here is the scan from Ewido. I also found a damaged file while I was looking through other files, I wonder if this would have anything to do with the IE crashes as well. This is what I found:

Downloaded Program Files
Type=Active X Control
Created=10/9/2001
Total Size=4KB
ID={9F1C11AA-197B-4942-BA54-47A8489BB47F}
Status=Damaged
Code Base=http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37685.9172916667

ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 10:08:12 AM 9/7/2006

+ Scan result:

C:\RECYCLER\S-1-5-21-3095290957-2800509490-2976036365-1003\Dc1432.zip/Gummy.class -> Not-A-Virus.Exploit.ByteVerify : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-3095290957-2800509490-2976036365-1003\Dc1434.zip/Gummy.class -> Not-A-Virus.Exploit.ByteVerify : Cleaned with backup (quarantined).
:mozilla.6:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\62mk3fi5.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned with backup (quarantined).
:mozilla.10:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\62mk3fi5.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.11:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\62mk3fi5.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.12:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\62mk3fi5.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.13:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\62mk3fi5.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.14:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\62mk3fi5.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.15:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\62mk3fi5.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.16:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\62mk3fi5.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.17:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\62mk3fi5.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.6:C:\Documents and Settings\Guest\Application Data\Mozilla\Profiles\default\4wca4f12.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.7:C:\Documents and Settings\Guest\Application Data\Mozilla\Profiles\default\4wca4f12.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.7:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\62mk3fi5.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.8:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\62mk3fi5.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.9:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\62mk3fi5.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Cookies\guest@2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Cookies\guest@coxhsi.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Cookies\owner@cnn.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Cookies\owner@ge.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Cookies\owner@paypal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Cookies\owner@snapfish.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@snapfish.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-3095290957-2800509490-2976036365-1003\Dc704.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-3095290957-2800509490-2976036365-1003\Dc860.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Cookies\guest@abetterinternet[1].txt -> TrackingCookie.Abetterinternet : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Cookies\owner@ads.addynamix[2].txt -> TrackingCookie.Addynamix : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Cookies\owner@admarketplace[1].txt -> TrackingCookie.Admarketplace : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-3095290957-2800509490-2976036365-1003\Dc719.txt -> TrackingCookie.Admarketplace : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Cookies\guest@adorigin[1].txt -> TrackingCookie.Adorigin : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Cookies\owner@advertising[1].txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Cookies\owner@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Cookies\owner@bfast[2].txt -> TrackingCookie.Bfast : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Cookies\guest@ads10.bpath[1].txt -> TrackingCookie.Bpath : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Cookies\guest@ads18.bpath[1].txt -> TrackingCookie.Bpath : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Cookies\guest@www.burstbeacon[1].txt -> TrackingCookie.Burstbeacon : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Cookies\owner@www.burstbeacon[1].txt -> TrackingCookie.Burstbeacon : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@www.burstbeacon[2].txt -> TrackingCookie.Burstbeacon : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Cookies\guest@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Cookies\owner@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Cookies\owner@www.burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
:mozilla.10:C:\Documents and Settings\Guest\Application Data\Mozilla\Profiles\default\4wca4f12.slt\cookies.txt -> TrackingCookie.Centrport : Cleaned with backup (quarantined).
:mozilla.25:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\62mk3fi5.default\cookies.txt -> TrackingCookie.Centrport : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Cookies\guest@cz7.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Cookies\owner@cz8.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Cookies\guest@com[2].txt -> TrackingCookie.Com : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Cookies\owner@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Cookies\guest@c.enhance[1].txt -> TrackingCookie.Enhance : Cleaned with backup (quarantined).
:mozilla.626:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\62mk3fi5.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.627:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\62mk3fi5.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.628:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\62mk3fi5.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.629:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\62mk3fi5.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.630:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\62mk3fi5.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.631:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\62mk3fi5.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.632:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\62mk3fi5.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.633:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\62mk3fi5.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.634:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\62mk3fi5.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.635:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\62mk3fi5.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.636:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\62mk3fi5.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.637:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\62mk3fi5.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.638:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\62mk3fi5.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.639:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\62mk3fi5.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.640:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\62mk3fi5.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.641:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\62mk3fi5.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.642:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\62mk3fi5.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.643:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\62mk3fi5.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.644:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\62mk3fi5.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.645:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\62mk3fi5.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.646:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\62mk3fi5.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.647:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\62mk3fi5.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.648:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\62mk3fi5.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.649:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\62mk3fi5.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.650:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\62mk3fi5.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.651:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\62mk3fi5.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.652:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\62mk3fi5.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.653:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\62mk3fi5.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.654:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\62mk3fi5.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.655:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\62mk3fi5.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.656:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\62mk3fi5.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.657:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\62mk3fi5.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.658:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\62mk3fi5.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.659:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\62mk3fi5.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.660:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\62mk3fi5.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.661:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\62mk3fi5.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.662:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\62mk3fi5.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.663:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\62mk3fi5.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.664:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\62mk3fi5.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.665:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\62mk3fi5.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.666:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\62mk3fi5.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.667:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\62mk3fi5.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.668:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\62mk3fi5.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.669:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\62mk3fi5.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.670:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\62mk3fi5.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.671:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\62mk3fi5.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.672:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\62mk3fi5.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.673:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\62mk3fi5.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.674:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\62mk3fi5.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.675:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\62mk3fi5.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.676:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\62mk3fi5.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.677:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\62mk3fi5.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.678:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\62mk3fi5.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.679:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\62mk3fi5.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.680:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\62mk3fi5.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.681:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\62mk3fi5.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.682:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\62mk3fi5.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.683:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\62mk3fi5.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.684:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\62mk3fi5.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.685:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\62mk3fi5.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.686:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\62mk3fi5.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.687:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\62mk3fi5.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.688:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\62mk3fi5.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.689:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\62mk3fi5.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.690:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\62mk3fi5.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.691:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\62mk3fi5.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.692:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\62mk3fi5.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.693:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\62mk3fi5.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.694:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\62mk3fi5.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.695:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\62mk3fi5.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.696:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\62mk3fi5.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Cookies\guest@a-1shz2prbmdj6wvny-1sez2pra2dj6wflisnczadpg-1dj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Cookies\guest@e-2dj6wjk4kgd5mlq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Cookies\guest@y-1shz2prbmdj6wvny-1sez2pra2dj6wfkiohd5oaogqdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Cookies\guest@y-1shz2prbmdj6wvny-1sez2pra2dj6wjk4cpazidowidj6x9ny-1seq-2-2.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Cookies\guest@y-1shz2prbmdj6wvny-1sez2pra2dj6wjkoqpc5gepqudj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Cookies\guest@y-1shz2prbmdj6wvny-1sez2pra2dj6wjkoulcjidqqydj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Cookies\guest@y-1shz2prbmdj6wvny-1sez2pra2dj6wjlyqicjgepa6dj6x9ny-1seq-2-2.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Cookies\guest@y-1shz2prbmdj6wvny-1sez2pra2dj6wjlyqod5icpgudj6x9ny-1seq-2-2.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Cookies\guest@y-1shz2prbmdj6wvny-1sez2pra2dj6wjlywmajshogsdj6x9ny-1seq-2-2.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Cookies\guest@y-1shz2prbmdj6wvny-1sez2pra2dj6wjmiqicjwkpwmdj6x9ny-1seq-2-2.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Cookies\guest@y-1shz2prbmdj6wvny-1sez2pra2dj6wjnycgc5wdpwudj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Cookies\guest@y-1shz2prbmdj6wvny-1sez2pra2dj6wjnyoid5abpg6dj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wfk4kkdjmfp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wfk4sjazsgp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wfkialajwkp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wfkiwnc5kkp.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wfkocodpkfq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wfl4skd5mlo.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wflikjc5eho.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wfmiahajwcp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wfmicidzsfp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wgk4qld5oap.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wgk4qmc5map.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wgkyoiczcdq.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wglicpdjkko.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wgmiagajebp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6whliaodjkfo.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6whliapajwaq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjk4gpcpago.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjk4ogcjgco.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjk4ojdpaap.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjk4wnczseq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjkoqlazidp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjkouhczelq.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjkycocpkcp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjkyglc5klp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjl4qpdjwgp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjlioidzkaq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjliqhc5gep.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjliskajecq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjlispczwkp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjliwlcjilp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjlocndjceq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjloopczwco.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjlyokcjifo.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjmiagcjolo.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjmiwhcjkdp.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjmyalcpmco.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjny-1gdzca.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjnyspazkco.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@e-2dj6wfl4chdjkgo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@e-2dj6wgkoeldjolp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@e-2dj6wjliencjmgo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@e-2dj6wjliwlcjilp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@e-2dj6wjmyandpedo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@e-2dj6wjny-1ocpid.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@e-2dj6wjny-1oczaa.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-3095290957-2800509490-2976036365-1003\Dc710.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-3095290957-2800509490-2976036365-1003\Dc711.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-3095290957-2800509490-2976036365-1003\Dc712.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-3095290957-2800509490-2976036365-1003\Dc713.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-3095290957-2800509490-2976036365-1003\Dc714.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-3095290957-2800509490-2976036365-1003\Dc715.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-3095290957-2800509490-2976036365-1003\Dc748.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-3095290957-2800509490-2976036365-1003\Dc749.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-3095290957-2800509490-2976036365-1003\Dc750.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-3095290957-2800509490-2976036365-1003\Dc751.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-3095290957-2800509490-2976036365-1003\Dc752.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-3095290957-2800509490-2976036365-1003\Dc753.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-3095290957-2800509490-2976036365-1003\Dc754.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-3095290957-2800509490-2976036365-1003\Dc755.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-3095290957-2800509490-2976036365-1003\Dc756.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-3095290957-2800509490-2976036365-1003\Dc757.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-3095290957-2800509490-2976036365-1003\Dc758.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-3095290957-2800509490-2976036365-1003\Dc759.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-3095290957-2800509490-2976036365-1003\Dc760.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-3095290957-2800509490-2976036365-1003\Dc761.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-3095290957-2800509490-2976036365-1003\Dc762.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-3095290957-2800509490-2976036365-1003\Dc763.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-3095290957-2800509490-2976036365-1003\Dc764.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-3095290957-2800509490-2976036365-1003\Dc765.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-3095290957-2800509490-2976036365-1003\Dc766.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-3095290957-2800509490-2976036365-1003\Dc767.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-3095290957-2800509490-2976036365-1003\Dc768.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-3095290957-2800509490-2976036365-1003\Dc769.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-3095290957-2800509490-2976036365-1003\Dc770.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-3095290957-2800509490-2976036365-1003\Dc771.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-3095290957-2800509490-2976036365-1003\Dc772.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-3095290957-2800509490-2976036365-1003\Dc773.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-3095290957-2800509490-2976036365-1003\Dc774.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-3095290957-2800509490-2976036365-1003\Dc775.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-3095290957-2800509490-2976036365-1003\Dc776.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-3095290957-2800509490-2976036365-1003\Dc777.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-3095290957-2800509490-2976036365-1003\Dc778.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-3095290957-2800509490-2976036365-1003\Dc779.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-3095290957-2800509490-2976036365-1003\Dc780.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-3095290957-2800509490-2976036365-1003\Dc781.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-3095290957-2800509490-2976036365-1003\Dc782.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-3095290957-2800509490-2976036365-1003\Dc783.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-3095290957-2800509490-2976036365-1003\Dc784.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-3095290957-2800509490-2976036365-1003\Dc785.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-3095290957-2800509490-2976036365-1003\Dc786.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-3095290957-2800509490-2976036365-1003\Dc787.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-3095290957-2800509490-2976036365-1003\Dc788.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-3095290957-2800509490-2976036365-1003\Dc789.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-3095290957-2800509490-2976036365-1003\Dc790.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-3095290957-2800509490-2976036365-1003\Dc791.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-3095290957-2800509490-2976036365-1003\Dc792.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-3095290957-2800509490-2976036365-1003\Dc793.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-3095290957-2800509490-2976036365-1003\Dc794.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-3095290957-2800509490-2976036365-1003\Dc795.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-3095290957-2800509490-2976036365-1003\Dc796.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-3095290957-2800509490-2976036365-1003\Dc797.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-3095290957-2800509490-2976036365-1003\Dc798.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-3095290957-2800509490-2976036365-1003\Dc799.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-3095290957-2800509490-2976036365-1003\Dc800.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-3095290957-2800509490-2976036365-1003\Dc801.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-3095290957-2800509490-2976036365-1003\Dc802.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-3095290957-2800509490-2976036365-1003\Dc803.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-3095290957-2800509490-2976036365-1003\Dc804.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-3095290957-2800509490-2976036365-1003\Dc805.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-3095290957-2800509490-2976036365-1003\Dc806.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-3095290957-2800509490-2976036365-1003\Dc807.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-3095290957-2800509490-2976036365-1003\Dc808.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-3095290957-2800509490-2976036365-1003\Dc809.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-3095290957-2800509490-2976036365-1003\Dc810.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-3095290957-2800509490-2976036365-1003\Dc811.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-3095290957-2800509490-2976036365-1003\Dc812.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-3095290957-2800509490-2976036365-1003\Dc813.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-3095290957-2800509490-2976036365-1003\Dc814.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-3095290957-2800509490-2976036365-1003\Dc815.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-3095290957-2800509490-2976036365-1003\Dc816.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-3095290957-2800509490-2976036365-1003\Dc817.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-3095290957-2800509490-2976036365-1003\Dc818.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-3095290957-2800509490-2976036365-1003\Dc819.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-3095290957-2800509490-2976036365-1003\Dc820.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-3095290957-2800509490-2976036365-1003\Dc821.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-3095290957-2800509490-2976036365-1003\Dc822.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-3095290957-2800509490-2976036365-1003\Dc823.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-3095290957-2800509490-2976036365-1003\Dc824.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-3095290957-2800509490-2976036365-1003\Dc825.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-3095290957-2800509490-2976036365-1003\Dc826.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-3095290957-2800509490-2976036365-1003\Dc827.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-3095290957-2800509490-2976036365-1003\Dc828.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-3095290957-2800509490-2976036365-1003\Dc900.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-3095290957-2800509490-2976036365-1003\Dc971.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-3095290957-2800509490-2976036365-1003\Dc972.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-3095290957-2800509490-2976036365-1003\Dc973.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-3095290957-2800509490-2976036365-1003\Dc974.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-3095290957-2800509490-2976036365-1003\Dc975.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-3095290957-2800509490-2976036365-1003\Dc976.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-3095290957-2800509490-2976036365-1003\Dc977.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-3095290957-2800509490-2976036365-1003\Dc978.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-3095290957-2800509490-2976036365-1003\Dc979.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-3095290957-2800509490-2976036365-1003\Dc980.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-3095290957-2800509490-2976036365-1003\Dc981.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-3095290957-2800509490-2976036365-1003\Dc982.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-3095290957-2800509490-2976036365-1003\Dc983.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-3095290957-2800509490-2976036365-1003\Dc984.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Cookies\owner@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Cookies\guest@goldenpalace[1].txt -> TrackingCookie.Goldenpalace : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Cookies\guest@ehg-dig.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-3095290957-2800509490-2976036365-1003\Dc1050.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Cookies\guest@sales.liveperson[1].txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Cookies\owner@sales.liveperson[2].txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@sales.liveperson[1].txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-3095290957-2800509490-2976036365-1003\Dc887.txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Cookies\guest@image.masterstats[1].txt -> TrackingCookie.Masterstats : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Cookies\owner@image.masterstats[1].txt -> TrackingCookie.Masterstats : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Cookies\owner@mediaplex[2].txt -> TrackingCookie.Mediaplex : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Cookies\guest@www.myaffiliateprogram[1].txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup (quarantined).
:mozilla.223:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\62mk3fi5.default\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup (quarantined).
:mozilla.224:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\62mk3fi5.default\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup (quarantined).
:mozilla.118:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\62mk3fi5.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
:mozilla.119:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\62mk3fi5.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
:mozilla.127:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\62mk3fi5.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Cookies\guest@data1.perf.overture[2].txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Cookies\guest@data2.perf.overture[2].txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
:mozilla.132:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\62mk3fi5.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
:mozilla.133:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\62mk3fi5.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
:mozilla.134:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\62mk3fi5.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
:mozilla.135:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\62mk3fi5.default\cookies.txt -> TrackingCookie.Popupsponsor : Cleaned with backup (quarantined).
:mozilla.138:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\62mk3fi5.default\cookies.txt -> TrackingCookie.Pro-market : Cleaned with backup (quarantined).
:mozilla.139:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\62mk3fi5.default\cookies.txt -> TrackingCookie.Pro-market : Cleaned with backup (quarantined).
:mozilla.140:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\62mk3fi5.default\cookies.txt -> TrackingCookie.Pro-market : Cleaned with backup (quarantined).
:mozilla.142:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\62mk3fi5.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned with backup (quarantined).
:mozilla.143:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\62mk3fi5.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned with backup (quarantined).
:mozilla.144:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\62mk3fi5.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned with backup (quarantined).
:mozilla.162:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\62mk3fi5.default\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup (quarantined).
:mozilla.163:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\62mk3fi5.default\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup (quarantined).
:mozilla.11:C:\Documents and Settings\Guest\Application Data\Mozilla\Profiles\default\4wca4f12.slt\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup (quarantined).
:mozilla.12:C:\Documents and Settings\Guest\Application Data\Mozilla\Profiles\default\4wca4f12.slt\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup (quarantined).
:mozilla.30:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\62mk3fi5.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Cookies\owner@edge.ru4[1].txt -> TrackingCookie.Ru4 : Cleaned with backup (quarantined).
:mozilla.184:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\62mk3fi5.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.185:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\62mk3fi5.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.186:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\62mk3fi5.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.187:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\62mk3fi5.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.212:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\62mk3fi5.default\cookies.txt -> TrackingCookie.Specificpop : Cleaned with backup (quarantined).
:mozilla.225:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\62mk3fi5.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.226:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\62mk3fi5.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.227:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\62mk3fi5.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.228:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\62mk3fi5.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.229:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\62mk3fi5.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Cookies\guest@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Cookies\owner@anad.tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Cookies\owner@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-3095290957-2800509490-2976036365-1003\Dc907.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-3095290957-2800509490-2976036365-1003\Dc1079.txt -> TrackingCookie.Tracking101 : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-3095290957-2800509490-2976036365-1003\Dc854.txt -> TrackingCookie.Tracking101 : Cleaned with backup (quarantined).
:mozilla.10:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\s6rh4b5l.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.11:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\s6rh4b5l.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.254:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\62mk3fi5.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.8:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\s6rh4b5l.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.9:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\s6rh4b5l.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.255:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\62mk3fi5.default\cookies.txt -> TrackingCookie.Trafficvenue : Cleaned with backup (quarantined).
:mozilla.259:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\62mk3fi5.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Cookies\owner@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
:mozilla.606:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\62mk3fi5.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned with backup (quarantined).
:mozilla.607:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\62mk3fi5.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned with backup (quarantined).
:mozilla.608:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\62mk3fi5.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Cookies\guest@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Cookies\owner@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-3095290957-2800509490-2976036365-1003\Dc1017.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-3095290957-2800509490-2976036365-1003\Dc718.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.24:C:\Documents and Settings\Guest\Application Data\Mozilla\Profiles\default\4wca4f12.slt\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
:mozilla.25:C:\Documents and Settings\Guest\Application Data\Mozilla\Profiles\default\4wca4f12.slt\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
:mozilla.26:C:\Documents and Settings\Guest\Application Data\Mozilla\Profiles\default\4wca4f12.slt\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
:mozilla.27:C:\Documents and Settings\Guest\Application Data\Mozilla\Profiles\default\4wca4f12.slt\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
:mozilla.28:C:\Documents and Settings\Guest\Application Data\Mozilla\Profiles\default\4wca4f12.slt\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
:mozilla.29:C:\Documents and Settings\Guest\Application Data\Mozilla\Profiles\default\4wca4f12.slt\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
:mozilla.705:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\62mk3fi5.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).

::Report end

Thanks!
Adrienne :)

**Pancake** · 09-07-2006, 06:07 PM

Its an ActiveX update file that appears to be damaged.It maybe that you will need to reinstall ActiveX.As I am not familiar with this file I suggest you seek help from another part of the forum on that..

adreyn · 09-09-2006, 09:23 PM

Ok, I'll post about the active x elsewhere. HOw about the virus stuff is that solved?
Thanks!

**Pancake** · 09-09-2006, 09:41 PM

Will you post one more log so i can check please...

adreyn · 09-09-2006, 10:20 PM

Logfile of HijackThis v1.99.1
Scan saved at 9:18:51 PM, on 9/9/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINNT\System32\CTsvcCDA.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\wanmpsvc.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\SK9910DM.EXE
C:\WINNT\system32\devldr32.exe
C:\WINNT\GWMDMMSG.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\PhoneTools\CapFax.EXE
C:\Program Files\Winamp\Winampa.exe
C:\Program Files\Creative\ShareDLL\CtNotify.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Creative\ShareDLL\MediaDet.Exe
C:\WINNT\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE
C:\Program Files\Netscape\Netscape\Netscp.exe
C:\Program Files\Common Files\AOL\1147241512\ee\AOLHostManager.exe
C:\Program Files\Common Files\AOL\1147241512\ee\AOLServiceHost.exe
C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
C:\Program Files\MSAC-FD1\MSSTAT.EXE
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\OPScan.exe
C:\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.donny.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.net
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.yahoogroups.com/"); (C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\s6rh4b5l.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\s6rh4b5l.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O4 - HKLM\..\Run: [Hot Key Kbd 9910 Daemon] SK9910DM.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe
O4 - HKLM\..\Run: [Keyboard Preload Check] C:\OEMDRVRS\KEYB\Preload.exe /DEVID: /CLASS:Keyboard /RunValue:"Keyboard Preload Check"
O4 - HKLM\..\Run: [GWMDMpi] C:\WINNT\GWMDMpi.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINNT\Updreg.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [CapFax] C:\Program Files\PhoneTools\CapFax.EXE
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [EPSON PictureMate] C:\WINNT\System32\spool\DRIVERS\W32X86\3\E_S4I2P1.EXE /P17 "EPSON PictureMate" /O6 "USB002" /M "PictureMate"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series] C:\WINNT\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P30 "EPSON Stylus Photo R300 Series" /O6 "USB003" /M "Stylus Photo R300"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1147241512\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\2.bin\MWSBAR.DLL,S
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\Netscape\Netscape\Netscp.exe" -turbo
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
O4 - Global Startup: Image Transfer.lnk = ?
O4 - Global Startup: Memory Stick Monitor.lnk = ?
O4 - Global Startup: SB StartCenter.lnk = ?
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbar...rch.jhtml?p=ZJ
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?link...38&clcid=0x409
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.com/SnapfishActivia.cab
O16 - DPF: {739E8D90-2F4C-43AD-A1B8-66C356FCEA35} (RunExeActiveX.RunExe) - hcp://system/RunExeActiveX.CAB
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/v...fo/webscan.cab
O16 - DPF: {99CDFD87-F97A-42E1-9C13-D18220D90AD1} (StartFirstControl.CheckFirst) - hcp://system/StartFirstControl.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart.com/photo/uploa...loadClient.cab
O20 - Winlogon Notify: WgaLogon - C:\WINNT\SYSTEM32\WgaLogon.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\System32\CTsvcCDA.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINNT\System32\ImapiRox.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
O23 - Service: PictureTaker - Unknown owner - c:\fixit\pt\PCTKRNT.SYS (file missing)
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINNT\wanmpsvc.exe

**Pancake** · 09-09-2006, 10:26 PM

Yes that all fine.No malware.All clean

adreyn · 09-09-2006, 10:29 PM

Great! Thanks for your help.
Adrienne :)

adreyn · 09-09-2006, 10:39 PM

Ok, one more thing. I'm posting this from the IE forum:

This ActiveX was installed in your pc back in 2004, when the Windows Update site performed an update. What happened back then is described in The Windows Update Web site indicates that your Windows Update software has to be updated. I believe you can safely disable it from IE > Tools > Manage Add-ons (although I don't think it'll show in the loaded ActiveX's). You can give Pancake the info I told you here, so that in your HJT log thread he guides you on how to discard of this ActiveX via HiJack This

Is there more I should do with it?
Thanks

09-05-2006, 12:35 PM	#1 (permalink)
adreyn Registered User Join Date: Jan 2005 Posts: 61 OS: windows Vista Sp1	Found Java/ByteVerify!exploit & Java/Shinwow.AB on computer I just finished cleaning up my sister's computer and decided that I should run scans on mine. Norton Antivirus shows no infections, however etrust anitvirus and panda activescan show infections. Don't want to mess things up by just deleting files. Here is my HI Jack this log and the logs from the two virus scanners. Logfile of HijackThis v1.99.1 Scan saved at 11:26:50 AM, on 9/5/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccProxy.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Norton Internet Security\ISSVC.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINNT\system32\spoolsv.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\WINNT\System32\CTsvcCDA.exe C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe C:\WINNT\System32\nvsvc32.exe C:\WINNT\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINNT\wanmpsvc.exe C:\WINNT\Explorer.EXE C:\WINNT\system32\SK9910DM.EXE C:\WINNT\system32\devldr32.exe C:\WINNT\GWMDMMSG.exe C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe C:\Program Files\PhoneTools\CapFax.EXE C:\Program Files\Winamp\Winampa.exe C:\Program Files\Creative\ShareDLL\CtNotify.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Creative\ShareDLL\MediaDet.Exe C:\WINNT\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Netscape\Netscape\Netscp.exe C:\Program Files\Common Files\AOL\1147241512\ee\AOLHostManager.exe C:\Program Files\Common Files\AOL\1147241512\ee\AOLServiceHost.exe C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe C:\Program Files\MSAC-FD1\MSSTAT.EXE C:\Program Files\Messenger\msmsgs.exe C:\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.donny.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.net R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.yahoogroups.com/"); (C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\s6rh4b5l.slt\prefs.js) N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\s6rh4b5l.slt\prefs.js) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll O4 - HKLM\..\Run: [Hot Key Kbd 9910 Daemon] SK9910DM.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe O4 - HKLM\..\Run: [Keyboard Preload Check] C:\OEMDRVRS\KEYB\Preload.exe /DEVID: /CLASS:Keyboard /RunValue:"Keyboard Preload Check" O4 - HKLM\..\Run: [GWMDMpi] C:\WINNT\GWMDMpi.exe O4 - HKLM\..\Run: [UpdReg] C:\WINNT\Updreg.exe O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe" O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe" O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe O4 - HKLM\..\Run: [CapFax] C:\Program Files\PhoneTools\CapFax.EXE O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe" O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [EPSON PictureMate] C:\WINNT\System32\spool\DRIVERS\W32X86\3\E_S4I2P1.EXE /P17 "EPSON PictureMate" /O6 "USB002" /M "PictureMate" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series] C:\WINNT\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P30 "EPSON Stylus Photo R300 Series" /O6 "USB003" /M "Stylus Photo R300" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1147241512\ee\AOLHostManager.exe O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\2.bin\MWSBAR.DLL,S O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\Netscape\Netscape\Netscp.exe" -turbo O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe" O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe O4 - Global Startup: Image Transfer.lnk = ? O4 - Global Startup: Memory Stick Monitor.lnk = ? O4 - Global Startup: SB StartCenter.lnk = ? O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbar...rch.jhtml?p=ZJ O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?link...38&clcid=0x409 O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.com/SnapfishActivia.cab O16 - DPF: {739E8D90-2F4C-43AD-A1B8-66C356FCEA35} (RunExeActiveX.RunExe) - hcp://system/RunExeActiveX.CAB O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/v...fo/webscan.cab O16 - DPF: {99CDFD87-F97A-42E1-9C13-D18220D90AD1} (StartFirstControl.CheckFirst) - hcp://system/StartFirstControl.CAB O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart.com/photo/uploa...loadClient.cab O20 - Winlogon Notify: WgaLogon - C:\WINNT\SYSTEM32\WgaLogon.dll O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\System32\CTsvcCDA.exe O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINNT\System32\ImapiRox.exe O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe O23 - Service: PictureTaker - Unknown owner - c:\fixit\pt\PCTKRNT.SYS (file missing) O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINNT\wanmpsvc.exe eTrust Antivirus Web Scanner Scan Results: 170873 files scanned. 4 viruses were detected. File Infection Status Path ar3.jar-5ef20017-3d2ca717.zip>Gummy.class Java/ByteVerify!exploit cannot cure C:\Documents and Settings\Guest\.jpi_cache\jar\1.0\ ar3.jar-5ef20017-3d2ca717.zip>Beyond.class Java/Shinwow.AB cannot cure C:\Documents and Settings\Guest\.jpi_cache\jar\1.0\ ar3.jar-77402a30-5cbbaf80.zip>Gummy.class Java/ByteVerify!exploit cannot cure C:\Documents and Settings\Guest\.jpi_cache\jar\1.0\ ar3.jar-77402a30-5cbbaf80.zip>Beyond.class Java/Shinwow.AB cannot cure C:\Documents and Settings\Guest\.jpi_cache\jar\1.0\ Active Scan Incident Status Location Potentially unwanted tool:application/mywebsearch Not disinfected c:\winnt\system32\f3PSSavr.scr Adware:adware/gator Not disinfected c:\winnt\GatorPatch.log Potentially unwanted tool:application/funweb Not disinfected hkey_classes_root\clsid\{00A6FAF6-072E-44cf-8957-5838F569A31D} Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Guest\.jpi_cache\jar\1.0\ar3.jar-5ef20017-3d2ca717.zip[Gummy.class] Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Guest\.jpi_cache\jar\1.0\ar3.jar-77402a30-5cbbaf80.zip[Gummy.class] Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Guest\Application Data\Mozilla\Profiles\default\4wca4f12.slt\cookies.txt[.2o7.net/] Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Guest\Application Data\Mozilla\Profiles\default\4wca4f12.slt\cookies.txt[.atwola.com/] Spyware:Cookie/CentrPort Not disinfected C:\Documents and Settings\Guest\Application Data\Mozilla\Profiles\default\4wca4f12.slt\cookies.txt[.centrport.net/] Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Guest\Application Data\Mozilla\Profiles\default\4wca4f12.slt\cookies.txt[.zedo.com/] Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Guest\Application Data\Mozilla\Profiles\default\4wca4f12.slt\cookies.txt[c5.zedo.com/] Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Guest\Cookies\guest@2o7[1].txt Spyware:Cookie/Abetterinternet Not disinfected C:\Documents and Settings\Guest\Cookies\guest@abetterinternet[1].txt Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Guest\Cookies\guest@ad.yieldmanager[1].txt Spyware:Cookie/Gorillanation Not disinfected C:\Documents and Settings\Guest\Cookies\guest@ads.gorillanation[1].txt Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Guest\Cookies\guest@atwola[2].txt Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Guest\Cookies\guest@burstnet[2].txt Spyware:Cookie/Enhance Not disinfected C:\Documents and Settings\Guest\Cookies\guest@c.enhance[1].txt Spyware:Cookie/Centralmedia Not disinfected C:\Documents and Settings\Guest\Cookies\guest@centralmedia[1].txt Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Guest\Cookies\guest@cgi-bin[1].txt Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Guest\Cookies\guest@com[2].txt Spyware:Cookie/Sexsuche Not disinfected C:\Documents and Settings\Guest\Cookies\guest@counter.sexsuche[1].txt Spyware:Cookie/did-it Not disinfected C:\Documents and Settings\Guest\Cookies\guest@did-it[1].txt Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Guest\Cookies\guest@ehg-dig.hitbox[2].txt Spyware:Cookie/GoStats Not disinfected C:\Documents and Settings\Guest\Cookies\guest@gostats[2].txt Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Guest\Cookies\guest@go[2].txt Spyware:Cookie/LinkExchange Not disinfected C:\Documents and Settings\Guest\Cookies\guest@linkexchange[1].txt Spyware:Cookie/Mircx Not disinfected C:\Documents and Settings\Guest\Cookies\guest@pop.mircx[1].txt Spyware:Cookie/Rn11 Not disinfected C:\Documents and Settings\Guest\Cookies\guest@rn11[1].txt Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Guest\Cookies\guest@searchportal.information[2].txt Spyware:Cookie/Santa Monica networks inc Not disinfected C:\Documents and Settings\Guest\Cookies\guest@smni[1].txt Spyware:Cookie/Target Not disinfected C:\Documents and Settings\Guest\Cookies\guest@target[1].txt Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Guest\Cookies\guest@toplist[2].txt Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Guest\Cookies\guest@www.burstbeacon[1].txt Spyware:Cookie/myaffiliateprogram Not disinfected C:\Documents and Settings\Guest\Cookies\guest@www.myaffiliateprogram[1].txt Spyware:Cookie/Seeq Not disinfected C:\Documents and Settings\Guest\Cookies\guest@www48.seeq[1].txt Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Guest\Cookies\guest@xiti[1].txt Thanks for the help. Adrienne

09-05-2006, 06:30 PM	#3 (permalink)
Pancake Security Team (ret.) Join Date: Nov 2003 Location: Victoria.Australia Posts: 7,404 OS: XP Pro SP3	Hi and welcome.... Clear the Java Runtime Environment (JRE) cache: Click Start > Control Panel. Double-click the Java icon in the control panel. -The Java Control Panel appears. Click Settings under Temporary Internet Files. -The Temporary Files Settings dialog box appears. Click Delete Files. -The Delete Temporary Files dialog box appears. -There are three options on this window to clear the cache. Delete Files View Applications View Applets Click OK on Delete Temporary Files window. -Note: This deletes all the Downloaded Applications and Applets from the cache. Click OK on Temporary Files Settings window. Close the Java Control Panel Download and scan with Ewido Anti-Spyware v4.0 1. After download, double click on the file to launch the install process. 2. Choose a language, click "OK" and then click "Next". 3. Read the "License Agreement" and click "I Agree". 4. Accept default installation path: C:\Program Files\ewido anti-spyware 4.0, click "Next", then click "Install". 5. After setup completes, click "Finish" to start the program automatically or launch ewido by double-clicking its icon on your desktop or in the system tray. 6. The main "Status" menu will appear. Select "Change state" to inactivate 'Resident Shield' and 'Automatic Updates'. 7. Then right click on ewdio in the system tray and *uncheck* "Start with Windows". 8. Go to Start > Run and type: services.msc Press "OK". Click the "Extended tab" and scroll down the list to find ewido anti-spyware 4.0 guard. When you find the guard service, double-click on it. In the Properties Window > General Tab that opens, click the "Stop" button. From the drop-down menu next to "Startup Type", click on "Manual". Now click "Apply", then "OK" and close the Services window. 9. Select the "Update" button and click "Start update". If you are having problems with the updater, manually update with the Ewido Full database installer from here. Once the updates are installed do the following: 1. Click on the "Scanner" button and choose the "Settings" tab. Under "*How to act?", click on "Recommended actions" and choose "Quarantine" to set default action for detected malware. Under "How to Scan?" check all (default). Under "Possibly unwanted software" check all (default). Under "What to Scan?" make sure "Scan every file" is selected (default). Under "Reports" select "Automatically generate report after every scan* and UNcheck "Only if threats were found". 2. Click the "Scan" tab to return to scanning options. 3. Click "Complete System Scan" to start. 4. When the scan has finished you will be presented with a list of infected objects found. Click "Apply all actions" to place the files in Quarantine. IMPORTANT! Do not save the report before you have clicked the Apply all actions button. If you do, the log that is created will indicate "No action taken", making it more difficult to interpret the report. So be sure you save it only AFTER clicking the "Apply all actions" button? 5. Click on "Save Report" to view all completed scans. Click on the most recent scan you just performed and select "*Save report as" - the default file name will be in date/time format as follows: Report-Scan-20060620-142816.txt*. Save to your desktop. A copy of each report will also be saved in C:\Program Files\ewido anti-spyware 4.0\Reports\ 6. Exit Ewido when done and submit the log report in your next response. Note: Close all open windows, programs, and DO NOT USE the computer while Ewido is scanning. If Explorer or other programs are open during the scan that means certain files will also be in use. Some malware will insert itself and hide in areas that are "protected" by Windows when the files are being used. This can hamper Ewido's ability to clean properly and may result in reinfection. Note: If Ewido "crashes" or "hangs" during the scan, try scanning again by doing this: 1. Scan one sector of the system at a time by using the "Custom Scan" feature. To do this select Scanner > Custom Scan and click on Add drive/directory/file. Browse to C:\Windows > System, add this folder to the list and click on "Start Scan". When the scan is complete, repeat the Custom Scan but this time, browse to and add the System32 folder. Then keep repeating this procedure until all your folders have been scanned. Make sure you include the Documents & Settings folder. 2. If this still does not help, then turn the ADS scanner off while making a Custom Scan. To do this select Scanner > Scan Settings and untick "Scan in NTFS Alternate Data Streams". Then repeat the steps above for performing a Custom Scan. __________________ Eddy

09-07-2006, 01:32 AM	#5 (permalink)
Pancake Security Team (ret.) Join Date: Nov 2003 Location: Victoria.Australia Posts: 7,404 OS: XP Pro SP3	Go for clear the cache. __________________ Eddy

09-07-2006, 06:07 PM	#7 (permalink)
Pancake Security Team (ret.) Join Date: Nov 2003 Location: Victoria.Australia Posts: 7,404 OS: XP Pro SP3	Its an ActiveX update file that appears to be damaged.It maybe that you will need to reinstall ActiveX.As I am not familiar with this file I suggest you seek help from another part of the forum on that.. __________________ Eddy

09-09-2006, 09:41 PM	#9 (permalink)
Pancake Security Team (ret.) Join Date: Nov 2003 Location: Victoria.Australia Posts: 7,404 OS: XP Pro SP3	Will you post one more log so i can check please... __________________ Eddy

09-05-2006, 12:36 PM	#2 (permalink)
adreyn Registered User Join Date: Jan 2005 Posts: 61 OS: windows Vista Sp1	Oops, forgot to add that I've been having IE crashes every now and then. Thanks again!

09-06-2006, 11:18 PM	#4 (permalink)
adreyn Registered User Join Date: Jan 2005 Posts: 61 OS: windows Vista Sp1	Hi! Ok, I get as far as Java control panel, then I'm lost from there. There are several tabs to chose from Basic, Advanced, Browser, Proxies, Cache, Certificates, about. I have searched through all the tabs and figure cache is the closest that I'm going to get to the temporary internet files. However, I don't get the delete files, view applications or view applets. Instead, I have apply and reset or up at the top are the buttons view files in cache and clear cache. Am I completely in the wrong place here? Thanks

09-09-2006, 09:23 PM	#8 (permalink)
adreyn Registered User Join Date: Jan 2005 Posts: 61 OS: windows Vista Sp1	Ok, I'll post about the active x elsewhere. HOw about the virus stuff is that solved? Thanks!

09-09-2006, 10:20 PM	#10 (permalink)
adreyn Registered User Join Date: Jan 2005 Posts: 61 OS: windows Vista Sp1	Logfile of HijackThis v1.99.1 Scan saved at 9:18:51 PM, on 9/9/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccProxy.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Norton Internet Security\ISSVC.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINNT\system32\spoolsv.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\WINNT\System32\CTsvcCDA.exe C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe C:\WINNT\System32\nvsvc32.exe C:\WINNT\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINNT\wanmpsvc.exe C:\WINNT\Explorer.EXE C:\WINNT\system32\SK9910DM.EXE C:\WINNT\system32\devldr32.exe C:\WINNT\GWMDMMSG.exe C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe C:\Program Files\PhoneTools\CapFax.EXE C:\Program Files\Winamp\Winampa.exe C:\Program Files\Creative\ShareDLL\CtNotify.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Creative\ShareDLL\MediaDet.Exe C:\WINNT\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE C:\Program Files\Netscape\Netscape\Netscp.exe C:\Program Files\Common Files\AOL\1147241512\ee\AOLHostManager.exe C:\Program Files\Common Files\AOL\1147241512\ee\AOLServiceHost.exe C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe C:\Program Files\MSAC-FD1\MSSTAT.EXE C:\Program Files\ewido anti-spyware 4.0\ewido.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Norton Internet Security\Norton AntiVirus\OPScan.exe C:\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.donny.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.net R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.yahoogroups.com/"); (C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\s6rh4b5l.slt\prefs.js) N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\s6rh4b5l.slt\prefs.js) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll O4 - HKLM\..\Run: [Hot Key Kbd 9910 Daemon] SK9910DM.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe O4 - HKLM\..\Run: [Keyboard Preload Check] C:\OEMDRVRS\KEYB\Preload.exe /DEVID: /CLASS:Keyboard /RunValue:"Keyboard Preload Check" O4 - HKLM\..\Run: [GWMDMpi] C:\WINNT\GWMDMpi.exe O4 - HKLM\..\Run: [UpdReg] C:\WINNT\Updreg.exe O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe" O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe" O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe O4 - HKLM\..\Run: [CapFax] C:\Program Files\PhoneTools\CapFax.EXE O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe" O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [EPSON PictureMate] C:\WINNT\System32\spool\DRIVERS\W32X86\3\E_S4I2P1.EXE /P17 "EPSON PictureMate" /O6 "USB002" /M "PictureMate" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series] C:\WINNT\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P30 "EPSON Stylus Photo R300 Series" /O6 "USB003" /M "Stylus Photo R300" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1147241512\ee\AOLHostManager.exe O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\2.bin\MWSBAR.DLL,S O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\Netscape\Netscape\Netscp.exe" -turbo O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe" O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe O4 - Global Startup: Image Transfer.lnk = ? O4 - Global Startup: Memory Stick Monitor.lnk = ? O4 - Global Startup: SB StartCenter.lnk = ? O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbar...rch.jhtml?p=ZJ O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?link...38&clcid=0x409 O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.com/SnapfishActivia.cab O16 - DPF: {739E8D90-2F4C-43AD-A1B8-66C356FCEA35} (RunExeActiveX.RunExe) - hcp://system/RunExeActiveX.CAB O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/v...fo/webscan.cab O16 - DPF: {99CDFD87-F97A-42E1-9C13-D18220D90AD1} (StartFirstControl.CheckFirst) - hcp://system/StartFirstControl.CAB O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart.com/photo/uploa...loadClient.cab O20 - Winlogon Notify: WgaLogon - C:\WINNT\SYSTEM32\WgaLogon.dll O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\System32\CTsvcCDA.exe O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINNT\System32\ImapiRox.exe O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe O23 - Service: PictureTaker - Unknown owner - c:\fixit\pt\PCTKRNT.SYS (file missing) O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINNT\wanmpsvc.exe

09-09-2006, 10:26 PM	#11 (permalink)
Pancake Security Team (ret.) Join Date: Nov 2003 Location: Victoria.Australia Posts: 7,404 OS: XP Pro SP3	Yes that all fine.No malware.All clean __________________ Eddy

09-09-2006, 10:29 PM	#12 (permalink)
adreyn Registered User Join Date: Jan 2005 Posts: 61 OS: windows Vista Sp1	Great! Thanks for your help. Adrienne :)

09-09-2006, 10:39 PM	#13 (permalink)
adreyn Registered User Join Date: Jan 2005 Posts: 61 OS: windows Vista Sp1	Ok, one more thing. I'm posting this from the IE forum: This ActiveX was installed in your pc back in 2004, when the Windows Update site performed an update. What happened back then is described in The Windows Update Web site indicates that your Windows Update software has to be updated. I believe you can safely disable it from IE > Tools > Manage Add-ons (although I don't think it'll show in the loaded ActiveX's). You can give Pancake the info I told you here, so that in your HJT log thread he guides you on how to discard of this ActiveX via HiJack This Is there more I should do with it? Thanks