PC running slow

Funbrit · 10-26-2006, 05:38 AM

I've been reading and following a lot of the advice on thsi forum for a while and recently cleaned out my PC (or so I think) and have installed Zone Alarm and Panda Soft. I also use Spybot and AdAware weekly (they all find something different!). The trouble is it now takes 7 or 8 mintues to boot up!

Here's my HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 7:09:35 AM, on 26/10/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Panda Software\Panda Antivirus 2007\pavsrv50.exe
C:\Program Files\Panda Software\Panda Antivirus 2007\AVENGINE.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton Utilities\NPROTECT.EXE
C:\Program Files\Panda Software\Panda Antivirus 2007\PsImSvc.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\tcpsvcs.exe
C:\Program Files\Speed Disk\nopdb.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Panda Software\Panda Antivirus 2007\APVXDWIN.EXE
C:\Program Files\Atomic Clock Sync\Atomic.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINNT\system32\internat.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
c:\program files\panda software\panda antivirus 2007\WebProxy.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.ca/0SEENCA/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.ca/0SEENCA/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ca.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.ca/0SEENCA/SAOS01?FORM=TOOLBR
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: BrowserHelper Class - {EBCDDA60-2A68-11D3-8A43-0060083CFB9C} - C:\WINNT\System32\nzdd0.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Antivirus 2007\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [Atomic.exe] C:\Program Files\Atomic Clock Sync\Atomic.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Norton System Doctor.LNK = C:\Program Files\Norton Utilities\SYSDOC32.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - http://www.net2phone.com/ (file missing)
O9 - Extra 'Tools' menuitem: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - http://www.net2phone.com/ (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {0A83B185-DED0-4C26-9D16-8022908E93B2} (ActiveFormX Control) - http://phil-2000/ActiveFormProj1.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/SSC/Sha...in/AvSniff.cab
O16 - DPF: {40289096-9F72-4A04-BCB3-E434ECDCEE33} (AppDLCtrl Class) - http://download.howudodat.com/chatte...load/appdl.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe
O16 - DPF: {4EC8E993-32C1-47F5-A07A-5B0574655AD4} (WXcom Class) - http://us.dl1.yimg.com/download.yaho...tr_current.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://207.188.7.150/13d53cf7d1b0d56...p/RdxIE601.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://scan.safety.live.com/resource...lscbase969.cab
O16 - DPF: {6D5FCFCB-FA6C-4CFB-9918-5F0A9F7365F2} - http://www.gigex.com/tv/igor/gigexagent.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1124239311587
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://webcam.teched.mscorpevents.co...CamControl.ocx
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} - http://fdl.msn.com/zone/Z4/heartbeat.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/SSC/Sha.../bin/cabsa.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/is...18/mcfscan.cab
O20 - Winlogon Notify: avldr - C:\WINNT\SYSTEM32\avldr.dll
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton Utilities\NPROTECT.EXE
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Software\Panda Antivirus 2007\pavsrv50.exe
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software - C:\Program Files\Panda Software\Panda Antivirus 2007\PsImSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\Program Files\Speed Disk\nopdb.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZoneLabs\vsmon.exe

Your assistance would be appreciated.

**Deckard** · 10-27-2006, 11:36 PM

Hello Funbrit, and welcome to TSF. You may wish to Subscribe to this thread so that you are notified when you receive a reply. To do this click Thread Tools (above the first post), then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Please print out or copy this page to Notepad in order to assist you when carrying out the following instructions. If there is anything you don't understand, please ask BEFORE proceeding with the fixes. Please do these steps in order and do not skip any.

Unhide Files
Go to My Computer > Tools > Folder Options > View tab and select "Show hidden files and folders". Uncheck the "Hide protected operating system files (Recommended)" option. Also make sure there is no checkmark beside "Hide file extensions for known file types". Click OK.

Download CleanUp!
Download and install CleanUp! but do not run it yet.

WARNING: CleanUp! deletes EVERYTHING out of temporary folders and does not make backups. If you have any documents or programs that are saved in any temporary folders, please make a backup of these before running CleanUp!

Download AVG Anti-Spyware
Please download, install, and update AVG Anti-Spyware.

Load AVG Anti-Spyware and then click the Shield tab at the top
- Click on the word active to change it to inactive.
Click the Update tab at the top:
- Under Manual update, click Start update. After the update finishes, the status bar at the bottom will display "Update successful". If you are having trouble updating, you can also download and run the manual updater.
- Under Automatic update, change the Update interval to something more reasonable like 12 or 24 hours.
Click the Scanner tab at the top and then the Settings sub-tab:
- Under How to act?, click Recommended actions and select Quarantine.
- Under Reports, select Automatically generate report after every scan
Close AVG Anti-Spyware. Do not run a scan with it yet.

Disable TeaTimer
While Spybot's TeaTimer is an excellent tool for the prevention of spyware, it can sometimes prevent HijackThis from fixing certain things. Please disable TeaTimer for now until you are clean. To disable TeaTimer:

Open Spybot Search & Destroy.
In the Mode menu click "Advanced mode" if not already selected.
Choose "Yes" at the Warning prompt.
Expand the "Tools" menu.
Click "Resident".
Uncheck the "Resident ''TeaTimer'' (Protection of overall system settings) active." box.
In the File menu click "Exit" to exit Spybot Search & Destroy.

Uninstall
Click Start > Control Panel > Add / Remove Programs and uninstall the following programs (if they exist):

ViewPoint
ViewPoint Manager

Please let me know if any of these were unable to uninstall.

Reboot
Reboot your system to Safe Mode by repeatedly tapping the F8 key until the menu appears and choosing Safe Mode from the list. On some systems, this may be the F5 key so try that if F8 doesn't work. Login on with your usual account. Make sure to close any open windows.

HijackThis Fixes
Open HijackThis and click on 'Do a System Scan Only'. Check the following entries if they still exist (make sure you do not miss any):

O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://207.188.7.150/13d53cf7d1b0d56...p/RdxIE601.cab
O16 - DPF: {6D5FCFCB-FA6C-4CFB-9918-5F0A9F7365F2} - http://www.gigex.com/tv/igor/gigexagent.dll

Please remember to close all other windows, including browsers then click Fix checked. Close HijackThis.

Deletions
Delete the following File indicated in RED and Folder indicated in BLUE if they still exist.

C:\Program Files\Viewpoint
C:\WINNT\internat.exe

Run CleanUp!
Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu). Set the program up as follows:

Click "Options..."
Move the arrow down to "Custom CleanUp!"
Put a check next to the following:
- Empty Recycle Bins
- Delete Cookies
- Delete Prefetch files
- Cleanup! All Users
- Click on the "Temporary Files" and make sure the box for "Scan drives for file matching" is unchecked.
Click OK.
Press the CleanUp! button to start the program.

Once it's finished CleanUp! will ask you to logoff/reboot. Please select NO as we will do this later.

Run AVG Anti-Spyware

Run AVG Anti-Spyware and click on the Scanner tab at the top and then click on Complete System Scan. This scan can take quite a while to run, so be prepared.
AVG Anti-Spyware will list any infections found on the left hand side. When the scan has finished, it will automatically set the recommended action. Click the Apply all actions button. AVG Anti-Spyware will display "All actions have been applied" on the right hand side.
Click on Save Report, then Save Report As. Save the report so that you can find it again (like on the Desktop).
Close AVG Anti-Spyware.

Reboot
Reboot your system to Normal Mode.

Online Scan
Perform an online scan using Internet Explorer with Kaspersky WebScanner. Click on Launch Kaspersky Anti-Virus Web Scanner. You will be prompted to install an ActiveX component from Kaspersky, Click Yes.

The program will launch and then begin downloading the latest definition files.
Once the files have been downloaded, click on NEXT.
Now click on Scan Settings
In the scan settings make that the following are selected:
- Scan using the following Anti-Virus database: extended
- Scan Options: Scan Archives and Scan Mail Bases
Click OK
Turn off the real time scanner of any existing antivirus program before performing the online scan. You can turn it back on after the scan is done.
Now under select a target to scan, select My Computer
The program will start and scan your system.
The scan will take a while so be patient and let it run all the way.
Once the scan is complete it will display if your system has been infected.
Click on the Save as Text button and save the file to your desktop.
Copy and paste that information in your next post.

Take note the names and locations of any file it detects but fails to clean.

With Your Next Post...
Please paste the following with your next reply (in this order please):

AVG Anti-Spyware scan report,
Kaspersky scan report,
a new HiJackThis log taken after Kaspersky finishes.

Funbrit · 10-31-2006, 09:26 PM

Thanks for your help. Here are the reports you requested:

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 2:25:59 PM 31/10/2006

+ Scan result:

:mozilla.101:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-4.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.129:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-5.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.132:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.133:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-4.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.157:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-5.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.162:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-4.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.163:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-5.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.165:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-5.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.186:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-6.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.192:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-6.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.194:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-6.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.223:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-3.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.225:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-3.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.228:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-7.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.228:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.234:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-7.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.234:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.236:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-7.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.236:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.259:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-4.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.263:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-1.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.263:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-5.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.265:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-1.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.267:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-2.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.268:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-1.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.269:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-2.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.272:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-2.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.289:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-6.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.292:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-5.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.308:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-3.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.309:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-6.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.322:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.324:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-3.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.327:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-7.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.32:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-2.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.334:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.33:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-7.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.342:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-4.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.343:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-7.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.349:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-1.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.353:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-2.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.358:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-4.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.365:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-1.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.369:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-2.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.44:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-1.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.50:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-6.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.51:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-6.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.8:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-2.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.162:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-3.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.163:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-3.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.197:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-1.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.198:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-1.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.203:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-2.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.204:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-2.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.159:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-3.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.160:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-3.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.194:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-1.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.195:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-1.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.200:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-2.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.201:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-2.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.205:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-4.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.206:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-4.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.370:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-5.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.371:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-5.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.374:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-6.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.375:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-6.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.389:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.390:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.403:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-7.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.404:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-7.txt -> TrackingCookie.Adjuggler : Cleaned.
C:\Documents and Settings\Merlin\Cookies\administrator@rotator.adjuggler[2].txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.6:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-3.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.374:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-3.txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.416:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-1.txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.420:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-2.txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.101:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-6.txt -> TrackingCookie.Coremetrics : Cleaned.
:mozilla.105:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-3.txt -> TrackingCookie.Coremetrics : Cleaned.
:mozilla.10:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-1.txt -> TrackingCookie.Coremetrics : Cleaned.
:mozilla.113:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-2.txt -> TrackingCookie.Coremetrics : Cleaned.
:mozilla.26:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-1.txt -> TrackingCookie.Coremetrics : Cleaned.
:mozilla.44:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-4.txt -> TrackingCookie.Coremetrics : Cleaned.
:mozilla.44:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-5.txt -> TrackingCookie.Coremetrics : Cleaned.
:mozilla.55:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-4.txt -> TrackingCookie.Coremetrics : Cleaned.
:mozilla.65:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-2.txt -> TrackingCookie.Coremetrics : Cleaned.
:mozilla.18:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-3.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.101:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-1.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.105:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-4.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.124:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-3.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.135:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-4.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.163:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-2.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.174:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-7.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.177:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-7.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.178:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.181:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.23:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-6.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.25:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-1.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.54:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-4.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.55:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-5.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.64:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-2.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.65:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-7.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.122:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-6.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.123:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-6.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.63:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-2.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.293:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-5.txt -> TrackingCookie.Pro-market : Cleaned.
:mozilla.310:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-6.txt -> TrackingCookie.Pro-market : Cleaned.
:mozilla.325:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-3.txt -> TrackingCookie.Pro-market : Cleaned.
:mozilla.335:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies.txt -> TrackingCookie.Pro-market : Cleaned.
:mozilla.344:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-7.txt -> TrackingCookie.Pro-market : Cleaned.
:mozilla.359:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-4.txt -> TrackingCookie.Pro-market : Cleaned.
:mozilla.366:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-1.txt -> TrackingCookie.Pro-market : Cleaned.
:mozilla.370:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-2.txt -> TrackingCookie.Pro-market : Cleaned.
:mozilla.150:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-3.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.151:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-3.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.152:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-3.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.153:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-3.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.154:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-3.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.185:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-1.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.185:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-5.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.186:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-1.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.186:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-5.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.187:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-1.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.187:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-5.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.187:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-7.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.188:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-1.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.188:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-5.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.188:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-7.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.188:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.189:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-1.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.189:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-7.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.189:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.190:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-7.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.190:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.191:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-2.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.191:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-7.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.191:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.192:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-2.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.192:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.193:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-2.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.194:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-2.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.195:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-2.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.196:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-4.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.197:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-4.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.198:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-4.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.199:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-4.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.200:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-4.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.214:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-6.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.215:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-6.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.216:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-6.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.217:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-6.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.42:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-2.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.43:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-2.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.381:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-5.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.382:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-5.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.385:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-6.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.386:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-6.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.396:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-3.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.397:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-3.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.399:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.400:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.413:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-7.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.414:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-7.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.420:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-4.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.421:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-4.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.438:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-1.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.439:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-1.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.442:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-2.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.443:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-2.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.161:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-3.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.196:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-1.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.202:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-2.txt -> TrackingCookie.Specificclick : Cleaned.
C:\Documents and Settings\Merlin\Cookies\administrator@starware[2].txt -> TrackingCookie.Starware : Cleaned.
:mozilla.340:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-3.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.341:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-3.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.381:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-1.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.382:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-1.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.385:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-2.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.386:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-2.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.253:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-5.txt -> TrackingCookie.Valueclick : Cleaned.
:mozilla.279:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-6.txt -> TrackingCookie.Valueclick : Cleaned.
:mozilla.297:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-3.txt -> TrackingCookie.Valueclick : Cleaned.
:mozilla.317:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-7.txt -> TrackingCookie.Valueclick : Cleaned.
:mozilla.331:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-4.txt -> TrackingCookie.Valueclick : Cleaned.
:mozilla.338:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-1.txt -> TrackingCookie.Valueclick : Cleaned.
:mozilla.342:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-2.txt -> TrackingCookie.Valueclick : Cleaned.
:mozilla.355:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-3.txt -> TrackingCookie.Valueclick : Cleaned.
:mozilla.396:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-1.txt -> TrackingCookie.Valueclick : Cleaned.
:mozilla.400:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-2.txt -> TrackingCookie.Valueclick : Cleaned.
C:\Documents and Settings\Merlin\Cookies\administrator@webstat[1].txt -> TrackingCookie.Web-stat : Cleaned.
:mozilla.22:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-6.txt -> TrackingCookie.Yieldmanager : Cleaned.

::Report end

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Tuesday, October 31, 2006 10:28:04 PM
Operating System: Microsoft Windows 2000 Professional, Service Pack 4 (Build 2195)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 31/10/2006
Kaspersky Anti-Virus database records: 236779
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
H:\

Scan Statistics:
Total number of scanned objects: 51161
Number of viruses found: 1
Number of infected objects: 2 / 0
Number of suspicious objects: 0
Duration of the scan process: 04:53:33

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\Merlin\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Merlin\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Merlin\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Merlin\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Merlin\Local Settings\History\History.IE5\MSHist012006103120061101\index.dat Object is locked skipped
C:\Documents and Settings\Merlin\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Merlin\My Documents\My Received Files\MsnMsgr.txt Object is locked skipped
C:\Documents and Settings\Merlin\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Merlin\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Excite\PrvtMsgr\bin\X8IDLE.DLL Infected: not-a-virus:AdWare.Win32.IWon.a skipped
C:\Program Files\Excite\PrvtMsgr\bin\x8Idle0.dll Infected: not-a-virus:AdWare.Win32.IWon.a skipped
C:\Program Files\Panda Software\Panda Antivirus 2007\PSK_NAMES Object is locked skipped
C:\Program Files\Panda Software\Panda Antivirus 2007\PSK_NAMES2 Object is locked skipped
C:\WINNT\CSC\00000001 Object is locked skipped
C:\WINNT\Debug\ipsecpa.log Object is locked skipped
C:\WINNT\Debug\oakley.log Object is locked skipped
C:\WINNT\Debug\PASSWD.LOG Object is locked skipped
C:\WINNT\SchedLgU.Txt Object is locked skipped
C:\WINNT\SoftwareDistribution\EventCache\{58161798-9492-4730-B385-9F8E7337FB44}.bin Object is locked skipped
C:\WINNT\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINNT\Sti_Trace.log Object is locked skipped
C:\WINNT\system32\config\AppEvent.Evt Object is locked skipped
C:\WINNT\system32\config\default Object is locked skipped
C:\WINNT\system32\config\default.LOG Object is locked skipped
C:\WINNT\system32\config\SAM Object is locked skipped
C:\WINNT\system32\config\SAM.LOG Object is locked skipped
C:\WINNT\system32\config\SecEvent.Evt Object is locked skipped
C:\WINNT\system32\config\SECURITY Object is locked skipped
C:\WINNT\system32\config\SECURITY.LOG Object is locked skipped
C:\WINNT\system32\config\software Object is locked skipped
C:\WINNT\system32\config\software.LOG Object is locked skipped
C:\WINNT\system32\config\SysEvent.Evt Object is locked skipped
C:\WINNT\system32\config\system Object is locked skipped
C:\WINNT\system32\config\SYSTEM.ALT Object is locked skipped
C:\WINNT\WindowsUpdate.log Object is locked skipped
G:\boot.ini Object is locked skipped
G:\Documents and Settings\Roger Kemp\Application Data\GTek\GTUpdate\AUpdate\DellSupport\DSAgnt.log Object is locked skipped
G:\Documents and Settings\Roger Kemp\Application Data\Microsoft\Outlook\IMS.NK2 Object is locked skipped
G:\Documents and Settings\Roger Kemp\Application Data\Microsoft\Outlook\IMS.srs Object is locked skipped
G:\Documents and Settings\Roger Kemp\Application Data\Skype\rjkintoronto\call256.dbb Object is locked skipped
G:\Documents and Settings\Roger Kemp\Application Data\Skype\rjkintoronto\callmember256.dbb Object is locked skipped
G:\Documents and Settings\Roger Kemp\Application Data\Skype\rjkintoronto\chat512.dbb Object is locked skipped
G:\Documents and Settings\Roger Kemp\Application Data\Skype\rjkintoronto\contactgroup256.dbb Object is locked skipped
G:\Documents and Settings\Roger Kemp\Application Data\Skype\rjkintoronto\index2.dat Object is locked skipped
G:\Documents and Settings\Roger Kemp\Application Data\Skype\rjkintoronto\profile16384.dbb Object is locked skipped
G:\Documents and Settings\Roger Kemp\Application Data\Skype\rjkintoronto\user1024.dbb Object is locked skipped
G:\Documents and Settings\Roger Kemp\Application Data\Skype\rjkintoronto\user16384.dbb Object is locked skipped
G:\Documents and Settings\Roger Kemp\Application Data\Skype\rjkintoronto\user4096.dbb Object is locked skipped
G:\Documents and Settings\Roger Kemp\Application Data\Skype\rjkintoronto\voicemail256.dbb Object is locked skipped
G:\Documents and Settings\Roger Kemp\Cookies\index.dat Object is locked skipped
G:\Documents and Settings\Roger Kemp\Local Settings\Application Data\Microsoft\Outlook\outlook0.ost Object is locked skipped
G:\Documents and Settings\Roger Kemp\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
G:\Documents and Settings\Roger Kemp\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
G:\Documents and Settings\Roger Kemp\Local Settings\History\History.IE5\index.dat Object is locked skipped
G:\Documents and Settings\Roger Kemp\Local Settings\Temp\ExchangePerflog_8484fa3171cfaaa7d0bfd5d3.dat Object is locked skipped
G:\Documents and Settings\Roger Kemp\Local Settings\Temp\~DFCD96.tmp Object is locked skipped
G:\Documents and Settings\Roger Kemp\Local Settings\Temporary Internet Files\B5SRRHCR\C8L3VF0Z\Offline\0x00000001_R Object is locked skipped
G:\Documents and Settings\Roger Kemp\Local Settings\Temporary Internet Files\B5SRRHCR\C8L3VF0Z\Offline\0x00000003_R Object is locked skipped
G:\Documents and Settings\Roger Kemp\Local Settings\Temporary Internet Files\B5SRRHCR\C8L3VF0Z\Offline\HashFile.dat Object is locked skipped
G:\Documents and Settings\Roger Kemp\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
G:\Documents and Settings\Roger Kemp\NTUSER.DAT Object is locked skipped
G:\Documents and Settings\Roger Kemp\ntuser.dat.LOG Object is locked skipped
G:\NTDETECT.COM Object is locked skipped
G:\ntldr Object is locked skipped

Scan process completed.

Logfile of HijackThis v1.99.1
Scan saved at 10:31:14 PM, on 31/10/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Panda Software\Panda Antivirus 2007\pavsrv50.exe
C:\Program Files\Panda Software\Panda Antivirus 2007\AVENGINE.EXE
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton Utilities\NPROTECT.EXE
C:\Program Files\Panda Software\Panda Antivirus 2007\PsImSvc.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\tcpsvcs.exe
C:\Program Files\Speed Disk\nopdb.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Atomic Clock Sync\Atomic.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
c:\program files\panda software\panda antivirus 2007\WebProxy.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Sympatico / MSN Search:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Sympatico / MSN Search:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Yahoo! Canada
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Sympatico / MSN Search:
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: BrowserHelper Class - {EBCDDA60-2A68-11D3-8A43-0060083CFB9C} - C:\WINNT\System32\nzdd0.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Antivirus 2007\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Atomic.exe] C:\Program Files\Atomic Clock Sync\Atomic.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Norton System Doctor.LNK = C:\Program Files\Norton Utilities\SYSDOC32.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - Net2Phone -- Communication without borders (file missing)
O9 - Extra 'Tools' menuitem: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - Net2Phone -- Communication without borders (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {0A83B185-DED0-4C26-9D16-8022908E93B2} (ActiveFormX Control) - http://phil-2000/ActiveFormProj1.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/SSC/Sha...in/AvSniff.cab
O16 - DPF: {40289096-9F72-4A04-BCB3-E434ECDCEE33} (AppDLCtrl Class) - http://download.howudodat.com/chatte...load/appdl.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe
O16 - DPF: {4EC8E993-32C1-47F5-A07A-5B0574655AD4} (WXcom Class) - http://us.dl1.yimg.com/download.yaho...tr_current.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1124239311587
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://webcam.teched.mscorpevents.co...CamControl.ocx
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} - http://fdl.msn.com/zone/Z4/heartbeat.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/SSC/Sha.../bin/cabsa.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/is...18/mcfscan.cab
O20 - Winlogon Notify: avldr - C:\WINNT\SYSTEM32\avldr.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton Utilities\NPROTECT.EXE
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Software\Panda Antivirus 2007\pavsrv50.exe
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software - C:\Program Files\Panda Software\Panda Antivirus 2007\PsImSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\Program Files\Speed Disk\nopdb.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZoneLabs\vsmon.exe

Thanks again

Roger

**Deckard** · 10-31-2006, 10:20 PM

Looks like you're mostly clean now. Let's run another scan to see if we can pick anything else up.

Clear Cookies
Clear your IE cookies. Start>Settings>Control Panel>Internet Options>General. Under Temporary Internet Files, click on Delete Cookies. Then click Delete Files.

Clear your Firefox cookies. From the open browser, go to Tools>Options>Privacy>Cookies>Clear.

Delete File
Delete these files:

C:\Program Files\Excite\PrvtMsgr\bin\X8IDLE.DLL
C:\Program Files\Excite\PrvtMsgr\bin\x8Idle0.dll

Online Scan
Perform an online scan with Internet Explorer with Panda ActiveScan.

Click on the "Scan your PC" button located at the bottom of the page. A popup window should appear -- make sure you allow it if you have a popup blocker.
Enter your e-mail address, country, and state and click Scan Now.
Your computer will download Panda's 8 megabyte ActiveX control at this point. Follow the on-screen directions if it asks you to install the ActiveX control.
Begin the scan by selecting My Computer. Note:
- Please turn off the real time scanner of any existing antivirus program while performing the online scan.
- Please ignore any entry it finds and the offer to buy the program to remove the entry, as we will address this later.
- Click on See report then click Save report.
- It is not necessary to remain online while it's doing the scan, but you will have to re-connect after it has finished to see the report.

Post the results from Panda and a new HijackThis log after it finishes. How is your machine behaving now?

Funbrit · 11-01-2006, 05:36 AM

I've cleared all the cookies and deleted the two Excite files. I've already bought Panda Antivirus a few weeks ago and it's always active so shall I use that to do the scan or is it necessary to use the online version?

Another problem I ran into when I was booting into safe mode was that I twice got the error message "svchost.exe referenced memory address 0x00000000 and was unable to read it" so svchost.exe was unable to start in safe mode. I don't get that message any other time.

**Deckard** · 11-01-2006, 07:12 PM

Yeah, use that for the scan instead as it should give the same results. I'm curious if the log format is the same.

Your problem with svchost.exe may be related to autoupdate, but I can't say for sure. When we're sure you're clean of malware, I'll have you post to the XP forum here and let the experts take a stab at it.

Funbrit · 11-01-2006, 09:44 PM

The Panda scan found nothing and I could only print the log not save it.

Here's the latest hjt log done in safe mode:

Logfile of HijackThis v1.99.1
Scan saved at 11:14:04 PM, on 01/11/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\userinit.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Sympatico / MSN Search:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Sympatico / MSN Search:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Yahoo! Canada
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Sympatico / MSN Search:
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: BrowserHelper Class - {EBCDDA60-2A68-11D3-8A43-0060083CFB9C} - C:\WINNT\System32\nzdd0.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Antivirus 2007\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Atomic.exe] C:\Program Files\Atomic Clock Sync\Atomic.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Norton System Doctor.LNK = C:\Program Files\Norton Utilities\SYSDOC32.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - Net2Phone -- Communication without borders (file missing)
O9 - Extra 'Tools' menuitem: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - Net2Phone -- Communication without borders (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {0A83B185-DED0-4C26-9D16-8022908E93B2} (ActiveFormX Control) - http://phil-2000/ActiveFormProj1.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/SSC/Sha...in/AvSniff.cab
O16 - DPF: {40289096-9F72-4A04-BCB3-E434ECDCEE33} (AppDLCtrl Class) - http://download.howudodat.com/chatte...load/appdl.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe
O16 - DPF: {4EC8E993-32C1-47F5-A07A-5B0574655AD4} (WXcom Class) - http://us.dl1.yimg.com/download.yaho...tr_current.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1124239311587
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://webcam.teched.mscorpevents.co...CamControl.ocx
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} - http://fdl.msn.com/zone/Z4/heartbeat.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/SSC/Sha.../bin/cabsa.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/is...18/mcfscan.cab
O20 - Winlogon Notify: avldr - C:\WINNT\SYSTEM32\avldr.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton Utilities\NPROTECT.EXE
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Software\Panda Antivirus 2007\pavsrv50.exe
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software - C:\Program Files\Panda Software\Panda Antivirus 2007\PsImSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\Program Files\Speed Disk\nopdb.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZoneLabs\vsmon.exe

Thanks for all your help.

**Deckard** · 11-01-2006, 09:52 PM

Can I get you to give me a log from Normal mode? I think you're clean; I just want to make absolutely sure.

Funbrit · 11-02-2006, 06:57 AM

Here's the hjt log in normal mode:

Logfile of HijackThis v1.99.1
Scan saved at 8:55:43 AM, on 02/11/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Panda Software\Panda Antivirus 2007\pavsrv50.exe
C:\Program Files\Panda Software\Panda Antivirus 2007\AVENGINE.EXE
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton Utilities\NPROTECT.EXE
C:\Program Files\Panda Software\Panda Antivirus 2007\PsImSvc.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\tcpsvcs.exe
C:\Program Files\Speed Disk\nopdb.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Panda Software\Panda Antivirus 2007\APVXDWIN.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Atomic Clock Sync\Atomic.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
c:\program files\panda software\panda antivirus 2007\WebProxy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Sympatico / MSN Search:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Sympatico / MSN Search:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ca.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Sympatico / MSN Search:
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: BrowserHelper Class - {EBCDDA60-2A68-11D3-8A43-0060083CFB9C} - C:\WINNT\System32\nzdd0.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Antivirus 2007\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Atomic.exe] C:\Program Files\Atomic Clock Sync\Atomic.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Norton System Doctor.LNK = C:\Program Files\Norton Utilities\SYSDOC32.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - Net2Phone -- Communication without borders (file missing)
O9 - Extra 'Tools' menuitem: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - Net2Phone -- Communication without borders (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {0A83B185-DED0-4C26-9D16-8022908E93B2} (ActiveFormX Control) - http://phil-2000/ActiveFormProj1.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/SSC/Sha...in/AvSniff.cab
O16 - DPF: {40289096-9F72-4A04-BCB3-E434ECDCEE33} (AppDLCtrl Class) - http://download.howudodat.com/chatte...load/appdl.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe
O16 - DPF: {4EC8E993-32C1-47F5-A07A-5B0574655AD4} (WXcom Class) - http://us.dl1.yimg.com/download.yaho...tr_current.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1124239311587
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://webcam.teched.mscorpevents.co...CamControl.ocx
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} - http://fdl.msn.com/zone/Z4/heartbeat.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/SSC/Sha.../bin/cabsa.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/is...18/mcfscan.cab
O20 - Winlogon Notify: avldr - C:\WINNT\SYSTEM32\avldr.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton Utilities\NPROTECT.EXE
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Software\Panda Antivirus 2007\pavsrv50.exe
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software - C:\Program Files\Panda Software\Panda Antivirus 2007\PsImSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\Program Files\Speed Disk\nopdb.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZoneLabs\vsmon.exe

**Deckard** · 11-02-2006, 07:32 PM

Well done, your logs are clean! Any more issues? If not, you should be good to go but we still have a few items we'd like to address.

Reset hidden/system files and folders

Click Start.
Open My Computer.
Select the Tools menu and click Folder Options.
Select the View tab.
Deselect the Show hidden files and folders option.
Select the Hide file extensions for known types option.
Select the Hide protected operating system files option.
Click Yes to confirm and then click OK.

Reset System Restore

Go to Start>Run, type SYSDM.CPL and press Enter.
Select the System Restore tab.
Check "Turn off System Restore on all drives" and click Apply.
Now uncheck the same option and click OK.

Reset hidden/system files and folders

Open My Computer.
Select the Tools menu and click Folder Options.
Select the View tab.
Select the Advanced settings box option.
Select the Hidden files Folders.
Deselect the Show all files option.
Click Yes to confirm and then click OK.

Re-enable Protection
Turn back on any malware prevention tools we might have had you switch off.

Microsoft Updates
It is very important that you get all of the critical updates for your Operating System and Internet Explorer. Keeping your OS and browser up to date will help make you less susceptible to attacks by malware. Using Internet Explorer, please go to Microsoft's Windows Update and download all of the critical updates to help prevent possible re-infection.

Please ensure that you have already patched your system against these recent critical exploits:

WMF exploit: KB912919
VML exploit: KB925486

Enable Windows Auto Update:

Go to Start>Run, type WUAUCPL.CPL and press Enter.
Make sure "Keep my computer up to date" is checked.
Under settings, choose "Automatically download the updates, and install them on the schedule that I specify".
Click on "OK".

Update Java
You need to update your Java as it is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

Download the latest version of Java Runtime Environment (JRE) 5.0 Update 9.
Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
Click the "Download" button to the right.
Check the box that says: "Accept License Agreement".
The page will refresh.
Click on the link to download Windows Offline Installation with or without multi-language and save to your desktop.
Close any programs you may have running -- especially your web browser(s).
Go to Start→Control Panel double-click on Add/Remove Programs.
Check any item with Java Runtime Environment (JRE or J2SE) in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each version of Java.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on jre-1_5_0_09-windowsi586-p.exe to install the newest version.
After the reboot, go back into the Control Panel and double-click the Java icon.
Under Temporary Internet Files, click the Delete Files button.
There are three options in the window to clear the cache - Leave ALL three checked:
- Downloaded Applets
- Downloaded Applications
- Other Files
Click OK on Delete Temporary Files Window. NOTE: This deletes ALL of the Downloaded Applications and Applets from the cache.
Click OK to leave the Java Control Panel.

Malware Prevention
This is a good time to set up protection against further attacks. You might want to read Tony Klein's "How Did I Get Infected In The First Place?". At the minimum, you need an antivirus that is continually updated, a good firewall, a spyware blocker such as Spyware Blaster, and a real time spyware program such as Spyware Guard to prevent spyware intrusions. I also recommend IE-Spyad, which places over 4,000 websites and domains in the IE Restricted list, thus helping prevent attempts to re-infect your system. All of these have no-strings-attached free versions available. However, be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use but often have malware in them.

Two more articles you may want to read at your leisure are "KRC Anti-Spyware Tutorial" and "Making Internet Explorer Safer".

The following is a list of free software we recommend:

Antivirus
AV software should be updated at least once a week for optimum protection. Here are some free AV programs available for personal use. NOTE: Do not install more than one AV program because they will conflict with each other. Only pick one.

AOL Active Virus Shield (powered by Kaspersky Antivirus)
BitDefender
Avira PersonalEdition Classic
Avast!
AVG

Firewalls
A good firewall is the first-line of defense for your computer and will monitor incoming and outgoing traffic. NOTE: Microsoft's Firewall does not monitor outgoing traffic. If you are unfamiliar with how a firewall works, you can read "Understanding and Using Firewalls". Here are some free firewalls available for personal use:

Realtime Malware Prevention Tools
These programs actively watch your computer for possible malware-related changes and help prevent them. You can run more than one of these at a time.

Passive Malware Prevention Tools
These programs configure your computer to prevent known malware-related changes. You can have more than one of these at a time and they take up minimal resources.

SpywareBlaster - Install & update SpywareBlaster with the latest definitions. After you have updated, click the button - enable protection for all unprotected items. Check regularly for updates.
IE-Spyad - Extract to your desktop and double-click install.bat. Install options #2 and #4. IE-Spyad places more than 4,000 dubious domains in the IE Restricted list, which impairs attempts to infect your system. It prevents any downloads from the sites although you will still be able to connect to them. You can read more about it on it's homepage.
MVPS Hosts File - extract and double-click the mvps.bat file. This will replace your current HOSTS file with one that will restrict known ad sites form serving you unsolicited advertisements, preventing your computer from connecting to those sites.
McAfee SiteAdvisor - helps to warn you before you interact with a dangerous Web site. Works with both IE and Firefox.

Alternative Web Browsers
Using an alternative browser can help prevent malware from being installed without your knowledge, but may not work on all websites.

Alternative Miscellaneous
Here are some alternatives that are worth looking into if you use their features:

Trillian - an Instant Messenger client that speaks multiple IM services (AIM, Yahoo!, ICQ, MSN, etc.)
Miranda-IM - another Instant Messenger client with multiple IM capabilities.
Desktop Weather - A taskbar weather program that is free and resource light.

Please respond to this thread one more time so we can mark this thread as resolved.

Funbrit · 11-02-2006, 10:29 PM

I've completed all the tasks on your list except I couldn't set the System Restore point as I'm running W2K Pro not XP. In the prevention arena I use Panda Antivirus, Zone Alarm firewall, Spybot and AdAware SE, Firefox and Thunderbird.

Thanks for all your help.

10-26-2006, 05:38 AM	#1 (permalink)
Funbrit Registered User Join Date: Feb 2006 Posts: 32 OS: XP Pro	PC running slow I've been reading and following a lot of the advice on thsi forum for a while and recently cleaned out my PC (or so I think) and have installed Zone Alarm and Panda Soft. I also use Spybot and AdAware weekly (they all find something different!). The trouble is it now takes 7 or 8 mintues to boot up! Here's my HJT log: Logfile of HijackThis v1.99.1 Scan saved at 7:09:35 AM, on 26/10/2006 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\Program Files\Panda Software\Panda Antivirus 2007\pavsrv50.exe C:\Program Files\Panda Software\Panda Antivirus 2007\AVENGINE.EXE C:\WINNT\system32\spoolsv.exe C:\WINNT\System32\svchost.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Norton Utilities\NPROTECT.EXE C:\Program Files\Panda Software\Panda Antivirus 2007\PsImSvc.exe C:\WINNT\system32\regsvc.exe C:\WINNT\system32\MSTask.exe C:\WINNT\Explorer.EXE C:\WINNT\system32\tcpsvcs.exe C:\Program Files\Speed Disk\nopdb.exe C:\WINNT\system32\stisvc.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\System32\mspmspsv.exe C:\WINNT\system32\svchost.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Panda Software\Panda Antivirus 2007\APVXDWIN.EXE C:\Program Files\Atomic Clock Sync\Atomic.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\WINNT\system32\internat.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe c:\program files\panda software\panda antivirus 2007\WebProxy.exe C:\WINNT\system32\ZoneLabs\vsmon.exe C:\Program Files\Hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.ca/0SEENCA/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.ca/0SEENCA/SAOS01?FORM=TOOLBR R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ca.yahoo.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.ca/0SEENCA/SAOS01?FORM=TOOLBR O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: BrowserHelper Class - {EBCDDA60-2A68-11D3-8A43-0060083CFB9C} - C:\WINNT\System32\nzdd0.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [LoadQM] loadqm.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Antivirus 2007\APVXDWIN.EXE" /s O4 - HKLM\..\Run: [Atomic.exe] C:\Program Files\Atomic Clock Sync\Atomic.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [internat.exe] internat.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: Norton System Doctor.LNK = C:\Program Files\Norton Utilities\SYSDOC32.EXE O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - http://www.net2phone.com/ (file missing) O9 - Extra 'Tools' menuitem: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - http://www.net2phone.com/ (file missing) O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab O16 - DPF: {0A83B185-DED0-4C26-9D16-8022908E93B2} (ActiveFormX Control) - http://phil-2000/ActiveFormProj1.cab O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/SSC/Sha...in/AvSniff.cab O16 - DPF: {40289096-9F72-4A04-BCB3-E434ECDCEE33} (AppDLCtrl Class) - http://download.howudodat.com/chatte...load/appdl.cab O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe O16 - DPF: {4EC8E993-32C1-47F5-A07A-5B0574655AD4} (WXcom Class) - http://us.dl1.yimg.com/download.yaho...tr_current.cab O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://207.188.7.150/13d53cf7d1b0d56...p/RdxIE601.cab O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://scan.safety.live.com/resource...lscbase969.cab O16 - DPF: {6D5FCFCB-FA6C-4CFB-9918-5F0A9F7365F2} - http://www.gigex.com/tv/igor/gigexagent.dll O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1124239311587 O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://webcam.teched.mscorpevents.co...CamControl.ocx O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} - http://fdl.msn.com/zone/Z4/heartbeat.cab O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/SSC/Sha.../bin/cabsa.cab O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/is...18/mcfscan.cab O20 - Winlogon Notify: avldr - C:\WINNT\SYSTEM32\avldr.dll O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton Utilities\NPROTECT.EXE O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Software\Panda Antivirus 2007\pavsrv50.exe O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software - C:\Program Files\Panda Software\Panda Antivirus 2007\PsImSvc.exe O23 - Service: Speed Disk service - Symantec Corporation - C:\Program Files\Speed Disk\nopdb.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZoneLabs\vsmon.exe Your assistance would be appreciated.

10-27-2006, 11:36 PM	#2 (permalink)
Deckard Mentor, Analyst - Security Team Join Date: May 2006 Location: Oregon Posts: 2,503 OS: MacOS X, Debian, OpenBSD, Windows	Hello Funbrit, and welcome to TSF. You may wish to Subscribe to this thread so that you are notified when you receive a reply. To do this click Thread Tools (above the first post), then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe. Please print out or copy this page to Notepad in order to assist you when carrying out the following instructions. If there is anything you don't understand, please ask BEFORE proceeding with the fixes. Please do these steps in order and do not skip any. Unhide Files Go to My Computer > Tools > Folder Options > View tab and select "Show hidden files and folders". Uncheck the "Hide protected operating system files (Recommended)" option. Also make sure there is no checkmark beside "Hide file extensions for known file types". Click OK. Download CleanUp! Download and install CleanUp! but do not run it yet. WARNING: CleanUp! deletes EVERYTHING out of temporary folders and does not make backups. If you have any documents or programs that are saved in any temporary folders, please make a backup of these before running CleanUp! Download AVG Anti-Spyware Please download, install, and update AVG Anti-Spyware. Load AVG Anti-Spyware and then click the Shield tab at the top Click on the word active to change it to inactive. Click the Update tab at the top: Under Manual update, click Start update. After the update finishes, the status bar at the bottom will display "Update successful". If you are having trouble updating, you can also download and run the manual updater. Under Automatic update, change the Update interval to something more reasonable like 12 or 24 hours. Click the Scanner tab at the top and then the Settings sub-tab: Under How to act?, click Recommended actions and select Quarantine. Under Reports, select Automatically generate report after every scan Close AVG Anti-Spyware. Do not run a scan with it yet. Disable TeaTimer While Spybot's TeaTimer is an excellent tool for the prevention of spyware, it can sometimes prevent HijackThis from fixing certain things. Please disable TeaTimer for now until you are clean. To disable TeaTimer: Open Spybot Search & Destroy. In the Mode menu click "Advanced mode" if not already selected. Choose "Yes" at the Warning prompt. Expand the "Tools" menu. Click "Resident". Uncheck the "Resident ''TeaTimer'' (Protection of overall system settings) active." box. In the File menu click "Exit" to exit Spybot Search & Destroy. Uninstall Click Start > Control Panel > Add / Remove Programs and uninstall the following programs (if they exist): ViewPoint ViewPoint Manager Please let me know if any of these were unable to uninstall. Reboot Reboot your system to Safe Mode by repeatedly tapping the F8 key until the menu appears and choosing Safe Mode from the list. On some systems, this may be the F5 key so try that if F8 doesn't work. Login on with your usual account. Make sure to close any open windows. HijackThis Fixes Open HijackThis and click on 'Do a System Scan Only'. Check the following entries if they still exist (make sure you do not miss any): O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe O4 - HKCU\..\Run: [internat.exe] internat.exe O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://207.188.7.150/13d53cf7d1b0d56...p/RdxIE601.cab O16 - DPF: {6D5FCFCB-FA6C-4CFB-9918-5F0A9F7365F2} - http://www.gigex.com/tv/igor/gigexagent.dll Please remember to close all other windows, including browsers then click Fix checked. Close HijackThis. Deletions Delete the following File indicated in RED and Folder indicated in BLUE if they still exist. C:\Program Files\Viewpoint C:\WINNT\internat.exe Run CleanUp! Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu). Set the program up as follows: Click "Options..." Move the arrow down to "Custom CleanUp!" Put a check next to the following: Empty Recycle Bins Delete Cookies Delete Prefetch files Cleanup! All Users Click on the "Temporary Files" and make sure the box for "Scan drives for file matching" is unchecked. Click OK. Press the CleanUp! button to start the program. Once it's finished CleanUp! will ask you to logoff/reboot. Please select NO as we will do this later. Run AVG Anti-Spyware Run AVG Anti-Spyware and click on the Scanner tab at the top and then click on Complete System Scan. This scan can take quite a while to run, so be prepared. AVG Anti-Spyware will list any infections found on the left hand side. When the scan has finished, it will automatically set the recommended action. Click the Apply all actions button. AVG Anti-Spyware will display "All actions have been applied" on the right hand side. Click on Save Report, then Save Report As. Save the report so that you can find it again (like on the Desktop). Close AVG Anti-Spyware. Reboot Reboot your system to Normal Mode. Online Scan Perform an online scan using Internet Explorer with Kaspersky WebScanner. Click on Launch Kaspersky Anti-Virus Web Scanner. You will be prompted to install an ActiveX component from Kaspersky, Click Yes. The program will launch and then begin downloading the latest definition files. Once the files have been downloaded, click on NEXT. Now click on Scan Settings In the scan settings make that the following are selected: Scan using the following Anti-Virus database: extended Scan Options: Scan Archives and Scan Mail Bases Click OK Turn off the real time scanner of any existing antivirus program before performing the online scan. You can turn it back on after the scan is done. Now under select a target to scan, select My Computer The program will start and scan your system. The scan will take a while so be patient and let it run all the way. Once the scan is complete it will display if your system has been infected. Click on the Save as Text button and save the file to your desktop. Copy and paste that information in your next post. Take note the names and locations of any file it detects but fails to clean. With Your Next Post... Please paste the following with your next reply (in this order please): AVG Anti-Spyware scan report, Kaspersky scan report, a new HiJackThis log taken after Kaspersky finishes. __________________ The chance to begin again in a golden land of opportunity and adventure. Need HijackThis help? Please read MicroBell's Five Step Process before posting. Please donate and help keep this site free to all. UNITE/ASAP: Proud member since 2006

10-31-2006, 09:26 PM	#3 (permalink)
Funbrit Registered User Join Date: Feb 2006 Posts: 32 OS: XP Pro	PC running slow Thanks for your help. Here are the reports you requested: --------------------------------------------------------- AVG Anti-Spyware - Scan Report --------------------------------------------------------- + Created at: 2:25:59 PM 31/10/2006 + Scan result: :mozilla.101:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-4.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.129:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-5.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.132:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.133:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-4.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.157:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-5.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.162:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-4.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.163:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-5.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.165:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-5.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.186:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-6.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.192:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-6.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.194:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-6.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.223:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-3.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.225:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-3.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.228:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-7.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.228:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.234:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-7.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.234:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.236:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-7.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.236:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.259:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-4.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.263:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-1.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.263:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-5.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.265:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-1.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.267:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-2.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.268:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-1.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.269:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-2.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.272:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-2.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.289:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-6.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.292:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-5.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.308:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-3.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.309:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-6.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.322:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.324:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-3.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.327:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-7.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.32:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-2.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.334:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.33:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-7.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.342:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-4.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.343:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-7.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.349:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-1.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.353:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-2.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.358:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-4.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.365:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-1.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.369:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-2.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.44:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-1.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.50:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-6.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.51:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-6.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.8:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-2.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.162:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-3.txt -> TrackingCookie.Adbrite : Cleaned. :mozilla.163:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-3.txt -> TrackingCookie.Adbrite : Cleaned. :mozilla.197:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-1.txt -> TrackingCookie.Adbrite : Cleaned. :mozilla.198:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-1.txt -> TrackingCookie.Adbrite : Cleaned. :mozilla.203:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-2.txt -> TrackingCookie.Adbrite : Cleaned. :mozilla.204:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-2.txt -> TrackingCookie.Adbrite : Cleaned. :mozilla.159:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-3.txt -> TrackingCookie.Adjuggler : Cleaned. :mozilla.160:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-3.txt -> TrackingCookie.Adjuggler : Cleaned. :mozilla.194:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-1.txt -> TrackingCookie.Adjuggler : Cleaned. :mozilla.195:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-1.txt -> TrackingCookie.Adjuggler : Cleaned. :mozilla.200:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-2.txt -> TrackingCookie.Adjuggler : Cleaned. :mozilla.201:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-2.txt -> TrackingCookie.Adjuggler : Cleaned. :mozilla.205:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-4.txt -> TrackingCookie.Adjuggler : Cleaned. :mozilla.206:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-4.txt -> TrackingCookie.Adjuggler : Cleaned. :mozilla.370:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-5.txt -> TrackingCookie.Adjuggler : Cleaned. :mozilla.371:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-5.txt -> TrackingCookie.Adjuggler : Cleaned. :mozilla.374:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-6.txt -> TrackingCookie.Adjuggler : Cleaned. :mozilla.375:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-6.txt -> TrackingCookie.Adjuggler : Cleaned. :mozilla.389:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned. :mozilla.390:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned. :mozilla.403:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-7.txt -> TrackingCookie.Adjuggler : Cleaned. :mozilla.404:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-7.txt -> TrackingCookie.Adjuggler : Cleaned. C:\Documents and Settings\Merlin\Cookies\administrator@rotator.adjuggler[2].txt -> TrackingCookie.Adjuggler : Cleaned. :mozilla.6:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-3.txt -> TrackingCookie.Atdmt : Cleaned. :mozilla.374:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-3.txt -> TrackingCookie.Bridgetrack : Cleaned. :mozilla.416:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-1.txt -> TrackingCookie.Bridgetrack : Cleaned. :mozilla.420:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-2.txt -> TrackingCookie.Bridgetrack : Cleaned. :mozilla.101:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-6.txt -> TrackingCookie.Coremetrics : Cleaned. :mozilla.105:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-3.txt -> TrackingCookie.Coremetrics : Cleaned. :mozilla.10:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-1.txt -> TrackingCookie.Coremetrics : Cleaned. :mozilla.113:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-2.txt -> TrackingCookie.Coremetrics : Cleaned. :mozilla.26:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-1.txt -> TrackingCookie.Coremetrics : Cleaned. :mozilla.44:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-4.txt -> TrackingCookie.Coremetrics : Cleaned. :mozilla.44:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-5.txt -> TrackingCookie.Coremetrics : Cleaned. :mozilla.55:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-4.txt -> TrackingCookie.Coremetrics : Cleaned. :mozilla.65:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-2.txt -> TrackingCookie.Coremetrics : Cleaned. :mozilla.18:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-3.txt -> TrackingCookie.Doubleclick : Cleaned. :mozilla.101:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-1.txt -> TrackingCookie.Hitbox : Cleaned. :mozilla.105:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-4.txt -> TrackingCookie.Hitbox : Cleaned. :mozilla.124:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-3.txt -> TrackingCookie.Hitbox : Cleaned. :mozilla.135:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-4.txt -> TrackingCookie.Hitbox : Cleaned. :mozilla.163:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-2.txt -> TrackingCookie.Hitbox : Cleaned. :mozilla.174:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-7.txt -> TrackingCookie.Hitbox : Cleaned. :mozilla.177:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-7.txt -> TrackingCookie.Hitbox : Cleaned. :mozilla.178:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned. :mozilla.181:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned. :mozilla.23:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-6.txt -> TrackingCookie.Overture : Cleaned. :mozilla.25:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-1.txt -> TrackingCookie.Overture : Cleaned. :mozilla.54:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-4.txt -> TrackingCookie.Overture : Cleaned. :mozilla.55:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-5.txt -> TrackingCookie.Overture : Cleaned. :mozilla.64:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-2.txt -> TrackingCookie.Overture : Cleaned. :mozilla.65:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-7.txt -> TrackingCookie.Overture : Cleaned. :mozilla.122:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-6.txt -> TrackingCookie.Pointroll : Cleaned. :mozilla.123:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-6.txt -> TrackingCookie.Pointroll : Cleaned. :mozilla.63:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-2.txt -> TrackingCookie.Pointroll : Cleaned. :mozilla.293:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-5.txt -> TrackingCookie.Pro-market : Cleaned. :mozilla.310:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-6.txt -> TrackingCookie.Pro-market : Cleaned. :mozilla.325:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-3.txt -> TrackingCookie.Pro-market : Cleaned. :mozilla.335:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies.txt -> TrackingCookie.Pro-market : Cleaned. :mozilla.344:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-7.txt -> TrackingCookie.Pro-market : Cleaned. :mozilla.359:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-4.txt -> TrackingCookie.Pro-market : Cleaned. :mozilla.366:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-1.txt -> TrackingCookie.Pro-market : Cleaned. :mozilla.370:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-2.txt -> TrackingCookie.Pro-market : Cleaned. :mozilla.150:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-3.txt -> TrackingCookie.Ru4 : Cleaned. :mozilla.151:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-3.txt -> TrackingCookie.Ru4 : Cleaned. :mozilla.152:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-3.txt -> TrackingCookie.Ru4 : Cleaned. :mozilla.153:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-3.txt -> TrackingCookie.Ru4 : Cleaned. :mozilla.154:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-3.txt -> TrackingCookie.Ru4 : Cleaned. :mozilla.185:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-1.txt -> TrackingCookie.Ru4 : Cleaned. :mozilla.185:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-5.txt -> TrackingCookie.Ru4 : Cleaned. :mozilla.186:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-1.txt -> TrackingCookie.Ru4 : Cleaned. :mozilla.186:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-5.txt -> TrackingCookie.Ru4 : Cleaned. :mozilla.187:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-1.txt -> TrackingCookie.Ru4 : Cleaned. :mozilla.187:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-5.txt -> TrackingCookie.Ru4 : Cleaned. :mozilla.187:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-7.txt -> TrackingCookie.Ru4 : Cleaned. :mozilla.188:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-1.txt -> TrackingCookie.Ru4 : Cleaned. :mozilla.188:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-5.txt -> TrackingCookie.Ru4 : Cleaned. :mozilla.188:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-7.txt -> TrackingCookie.Ru4 : Cleaned. :mozilla.188:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned. :mozilla.189:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-1.txt -> TrackingCookie.Ru4 : Cleaned. :mozilla.189:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-7.txt -> TrackingCookie.Ru4 : Cleaned. :mozilla.189:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned. :mozilla.190:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-7.txt -> TrackingCookie.Ru4 : Cleaned. :mozilla.190:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned. :mozilla.191:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-2.txt -> TrackingCookie.Ru4 : Cleaned. :mozilla.191:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-7.txt -> TrackingCookie.Ru4 : Cleaned. :mozilla.191:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned. :mozilla.192:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-2.txt -> TrackingCookie.Ru4 : Cleaned. :mozilla.192:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned. :mozilla.193:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-2.txt -> TrackingCookie.Ru4 : Cleaned. :mozilla.194:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-2.txt -> TrackingCookie.Ru4 : Cleaned. :mozilla.195:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-2.txt -> TrackingCookie.Ru4 : Cleaned. :mozilla.196:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-4.txt -> TrackingCookie.Ru4 : Cleaned. :mozilla.197:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-4.txt -> TrackingCookie.Ru4 : Cleaned. :mozilla.198:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-4.txt -> TrackingCookie.Ru4 : Cleaned. :mozilla.199:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-4.txt -> TrackingCookie.Ru4 : Cleaned. :mozilla.200:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-4.txt -> TrackingCookie.Ru4 : Cleaned. :mozilla.214:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-6.txt -> TrackingCookie.Ru4 : Cleaned. :mozilla.215:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-6.txt -> TrackingCookie.Ru4 : Cleaned. :mozilla.216:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-6.txt -> TrackingCookie.Ru4 : Cleaned. :mozilla.217:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-6.txt -> TrackingCookie.Ru4 : Cleaned. :mozilla.42:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-2.txt -> TrackingCookie.Serving-sys : Cleaned. :mozilla.43:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-2.txt -> TrackingCookie.Serving-sys : Cleaned. :mozilla.381:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-5.txt -> TrackingCookie.Sitestat : Cleaned. :mozilla.382:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-5.txt -> TrackingCookie.Sitestat : Cleaned. :mozilla.385:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-6.txt -> TrackingCookie.Sitestat : Cleaned. :mozilla.386:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-6.txt -> TrackingCookie.Sitestat : Cleaned. :mozilla.396:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-3.txt -> TrackingCookie.Sitestat : Cleaned. :mozilla.397:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-3.txt -> TrackingCookie.Sitestat : Cleaned. :mozilla.399:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned. :mozilla.400:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned. :mozilla.413:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-7.txt -> TrackingCookie.Sitestat : Cleaned. :mozilla.414:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-7.txt -> TrackingCookie.Sitestat : Cleaned. :mozilla.420:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-4.txt -> TrackingCookie.Sitestat : Cleaned. :mozilla.421:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-4.txt -> TrackingCookie.Sitestat : Cleaned. :mozilla.438:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-1.txt -> TrackingCookie.Sitestat : Cleaned. :mozilla.439:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-1.txt -> TrackingCookie.Sitestat : Cleaned. :mozilla.442:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-2.txt -> TrackingCookie.Sitestat : Cleaned. :mozilla.443:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-2.txt -> TrackingCookie.Sitestat : Cleaned. :mozilla.161:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-3.txt -> TrackingCookie.Specificclick : Cleaned. :mozilla.196:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-1.txt -> TrackingCookie.Specificclick : Cleaned. :mozilla.202:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-2.txt -> TrackingCookie.Specificclick : Cleaned. C:\Documents and Settings\Merlin\Cookies\administrator@starware[2].txt -> TrackingCookie.Starware : Cleaned. :mozilla.340:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-3.txt -> TrackingCookie.Tacoda : Cleaned. :mozilla.341:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-3.txt -> TrackingCookie.Tacoda : Cleaned. :mozilla.381:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-1.txt -> TrackingCookie.Tacoda : Cleaned. :mozilla.382:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-1.txt -> TrackingCookie.Tacoda : Cleaned. :mozilla.385:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-2.txt -> TrackingCookie.Tacoda : Cleaned. :mozilla.386:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-2.txt -> TrackingCookie.Tacoda : Cleaned. :mozilla.253:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-5.txt -> TrackingCookie.Valueclick : Cleaned. :mozilla.279:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-6.txt -> TrackingCookie.Valueclick : Cleaned. :mozilla.297:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-3.txt -> TrackingCookie.Valueclick : Cleaned. :mozilla.317:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-7.txt -> TrackingCookie.Valueclick : Cleaned. :mozilla.331:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-4.txt -> TrackingCookie.Valueclick : Cleaned. :mozilla.338:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-1.txt -> TrackingCookie.Valueclick : Cleaned. :mozilla.342:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-2.txt -> TrackingCookie.Valueclick : Cleaned. :mozilla.355:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-3.txt -> TrackingCookie.Valueclick : Cleaned. :mozilla.396:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-1.txt -> TrackingCookie.Valueclick : Cleaned. :mozilla.400:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-2.txt -> TrackingCookie.Valueclick : Cleaned. C:\Documents and Settings\Merlin\Cookies\administrator@webstat[1].txt -> TrackingCookie.Web-stat : Cleaned. :mozilla.22:C:\Documents and Settings\Merlin\Application Data\Mozilla\Firefox\Profiles\u0hxwb4j.default\cookies-6.txt -> TrackingCookie.Yieldmanager : Cleaned. ::Report end ------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER REPORT Tuesday, October 31, 2006 10:28:04 PM Operating System: Microsoft Windows 2000 Professional, Service Pack 4 (Build 2195) Kaspersky Online Scanner version: 5.0.83.0 Kaspersky Anti-Virus database last update: 31/10/2006 Kaspersky Anti-Virus database records: 236779 ------------------------------------------------------------------------------- Scan Settings: Scan using the following antivirus database: extended Scan Archives: true Scan Mail Bases: true Scan Target - My Computer: A:\ C:\ D:\ E:\ F:\ G:\ H:\ Scan Statistics: Total number of scanned objects: 51161 Number of viruses found: 1 Number of infected objects: 2 / 0 Number of suspicious objects: 0 Duration of the scan process: 04:53:33 Infected Object Name / Virus Name / Last Action C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped C:\Documents and Settings\Merlin\Cookies\index.dat Object is locked skipped C:\Documents and Settings\Merlin\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\Merlin\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\Merlin\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\Merlin\Local Settings\History\History.IE5\MSHist012006103120061101\index.dat Object is locked skipped C:\Documents and Settings\Merlin\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\Merlin\My Documents\My Received Files\MsnMsgr.txt Object is locked skipped C:\Documents and Settings\Merlin\NTUSER.DAT Object is locked skipped C:\Documents and Settings\Merlin\ntuser.dat.LOG Object is locked skipped C:\Program Files\Excite\PrvtMsgr\bin\X8IDLE.DLL Infected: not-a-virus:AdWare.Win32.IWon.a skipped C:\Program Files\Excite\PrvtMsgr\bin\x8Idle0.dll Infected: not-a-virus:AdWare.Win32.IWon.a skipped C:\Program Files\Panda Software\Panda Antivirus 2007\PSK_NAMES Object is locked skipped C:\Program Files\Panda Software\Panda Antivirus 2007\PSK_NAMES2 Object is locked skipped C:\WINNT\CSC\00000001 Object is locked skipped C:\WINNT\Debug\ipsecpa.log Object is locked skipped C:\WINNT\Debug\oakley.log Object is locked skipped C:\WINNT\Debug\PASSWD.LOG Object is locked skipped C:\WINNT\SchedLgU.Txt Object is locked skipped C:\WINNT\SoftwareDistribution\EventCache\{58161798-9492-4730-B385-9F8E7337FB44}.bin Object is locked skipped C:\WINNT\SoftwareDistribution\ReportingEvents.log Object is locked skipped C:\WINNT\Sti_Trace.log Object is locked skipped C:\WINNT\system32\config\AppEvent.Evt Object is locked skipped C:\WINNT\system32\config\default Object is locked skipped C:\WINNT\system32\config\default.LOG Object is locked skipped C:\WINNT\system32\config\SAM Object is locked skipped C:\WINNT\system32\config\SAM.LOG Object is locked skipped C:\WINNT\system32\config\SecEvent.Evt Object is locked skipped C:\WINNT\system32\config\SECURITY Object is locked skipped C:\WINNT\system32\config\SECURITY.LOG Object is locked skipped C:\WINNT\system32\config\software Object is locked skipped C:\WINNT\system32\config\software.LOG Object is locked skipped C:\WINNT\system32\config\SysEvent.Evt Object is locked skipped C:\WINNT\system32\config\system Object is locked skipped C:\WINNT\system32\config\SYSTEM.ALT Object is locked skipped C:\WINNT\WindowsUpdate.log Object is locked skipped G:\boot.ini Object is locked skipped G:\Documents and Settings\Roger Kemp\Application Data\GTek\GTUpdate\AUpdate\DellSupport\DSAgnt.log Object is locked skipped G:\Documents and Settings\Roger Kemp\Application Data\Microsoft\Outlook\IMS.NK2 Object is locked skipped G:\Documents and Settings\Roger Kemp\Application Data\Microsoft\Outlook\IMS.srs Object is locked skipped G:\Documents and Settings\Roger Kemp\Application Data\Skype\rjkintoronto\call256.dbb Object is locked skipped G:\Documents and Settings\Roger Kemp\Application Data\Skype\rjkintoronto\callmember256.dbb Object is locked skipped G:\Documents and Settings\Roger Kemp\Application Data\Skype\rjkintoronto\chat512.dbb Object is locked skipped G:\Documents and Settings\Roger Kemp\Application Data\Skype\rjkintoronto\contactgroup256.dbb Object is locked skipped G:\Documents and Settings\Roger Kemp\Application Data\Skype\rjkintoronto\index2.dat Object is locked skipped G:\Documents and Settings\Roger Kemp\Application Data\Skype\rjkintoronto\profile16384.dbb Object is locked skipped G:\Documents and Settings\Roger Kemp\Application Data\Skype\rjkintoronto\user1024.dbb Object is locked skipped G:\Documents and Settings\Roger Kemp\Application Data\Skype\rjkintoronto\user16384.dbb Object is locked skipped G:\Documents and Settings\Roger Kemp\Application Data\Skype\rjkintoronto\user4096.dbb Object is locked skipped G:\Documents and Settings\Roger Kemp\Application Data\Skype\rjkintoronto\voicemail256.dbb Object is locked skipped G:\Documents and Settings\Roger Kemp\Cookies\index.dat Object is locked skipped G:\Documents and Settings\Roger Kemp\Local Settings\Application Data\Microsoft\Outlook\outlook0.ost Object is locked skipped G:\Documents and Settings\Roger Kemp\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped G:\Documents and Settings\Roger Kemp\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped G:\Documents and Settings\Roger Kemp\Local Settings\History\History.IE5\index.dat Object is locked skipped G:\Documents and Settings\Roger Kemp\Local Settings\Temp\ExchangePerflog_8484fa3171cfaaa7d0bfd5d3.dat Object is locked skipped G:\Documents and Settings\Roger Kemp\Local Settings\Temp\~DFCD96.tmp Object is locked skipped G:\Documents and Settings\Roger Kemp\Local Settings\Temporary Internet Files\B5SRRHCR\C8L3VF0Z\Offline\0x00000001_R Object is locked skipped G:\Documents and Settings\Roger Kemp\Local Settings\Temporary Internet Files\B5SRRHCR\C8L3VF0Z\Offline\0x00000003_R Object is locked skipped G:\Documents and Settings\Roger Kemp\Local Settings\Temporary Internet Files\B5SRRHCR\C8L3VF0Z\Offline\HashFile.dat Object is locked skipped G:\Documents and Settings\Roger Kemp\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped G:\Documents and Settings\Roger Kemp\NTUSER.DAT Object is locked skipped G:\Documents and Settings\Roger Kemp\ntuser.dat.LOG Object is locked skipped G:\NTDETECT.COM Object is locked skipped G:\ntldr Object is locked skipped Scan process completed. Logfile of HijackThis v1.99.1 Scan saved at 10:31:14 PM, on 31/10/2006 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\Program Files\Panda Software\Panda Antivirus 2007\pavsrv50.exe C:\Program Files\Panda Software\Panda Antivirus 2007\AVENGINE.EXE C:\WINNT\system32\spoolsv.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINNT\System32\svchost.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Norton Utilities\NPROTECT.EXE C:\Program Files\Panda Software\Panda Antivirus 2007\PsImSvc.exe C:\WINNT\system32\regsvc.exe C:\WINNT\system32\MSTask.exe C:\WINNT\system32\tcpsvcs.exe C:\Program Files\Speed Disk\nopdb.exe C:\WINNT\system32\stisvc.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\System32\mspmspsv.exe C:\WINNT\system32\svchost.exe C:\WINNT\Explorer.EXE C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\Atomic Clock Sync\Atomic.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe c:\program files\panda software\panda antivirus 2007\WebProxy.exe C:\WINNT\System32\svchost.exe C:\Program Files\Hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Sympatico / MSN Search: R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Sympatico / MSN Search: R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Yahoo! Canada R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Sympatico / MSN Search: O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: BrowserHelper Class - {EBCDDA60-2A68-11D3-8A43-0060083CFB9C} - C:\WINNT\System32\nzdd0.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [LoadQM] loadqm.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Antivirus 2007\APVXDWIN.EXE" /s O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [Atomic.exe] C:\Program Files\Atomic Clock Sync\Atomic.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: Norton System Doctor.LNK = C:\Program Files\Norton Utilities\SYSDOC32.EXE O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - Net2Phone -- Communication without borders (file missing) O9 - Extra 'Tools' menuitem: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - Net2Phone -- Communication without borders (file missing) O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab O16 - DPF: {0A83B185-DED0-4C26-9D16-8022908E93B2} (ActiveFormX Control) - http://phil-2000/ActiveFormProj1.cab O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/SSC/Sha...in/AvSniff.cab O16 - DPF: {40289096-9F72-4A04-BCB3-E434ECDCEE33} (AppDLCtrl Class) - http://download.howudodat.com/chatte...load/appdl.cab O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe O16 - DPF: {4EC8E993-32C1-47F5-A07A-5B0574655AD4} (WXcom Class) - http://us.dl1.yimg.com/download.yaho...tr_current.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1124239311587 O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://webcam.teched.mscorpevents.co...CamControl.ocx O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} - http://fdl.msn.com/zone/Z4/heartbeat.cab O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/SSC/Sha.../bin/cabsa.cab O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/is...18/mcfscan.cab O20 - Winlogon Notify: avldr - C:\WINNT\SYSTEM32\avldr.dll O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton Utilities\NPROTECT.EXE O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Software\Panda Antivirus 2007\pavsrv50.exe O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software - C:\Program Files\Panda Software\Panda Antivirus 2007\PsImSvc.exe O23 - Service: Speed Disk service - Symantec Corporation - C:\Program Files\Speed Disk\nopdb.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZoneLabs\vsmon.exe Thanks again Roger

10-31-2006, 10:20 PM	#4 (permalink)
Deckard Mentor, Analyst - Security Team Join Date: May 2006 Location: Oregon Posts: 2,503 OS: MacOS X, Debian, OpenBSD, Windows	Looks like you're mostly clean now. Let's run another scan to see if we can pick anything else up. Clear Cookies Clear your IE cookies. Start>Settings>Control Panel>Internet Options>General. Under Temporary Internet Files, click on Delete Cookies. Then click Delete Files. Clear your Firefox cookies. From the open browser, go to Tools>Options>Privacy>Cookies>Clear. Delete File Delete these files: C:\Program Files\Excite\PrvtMsgr\bin\X8IDLE.DLL C:\Program Files\Excite\PrvtMsgr\bin\x8Idle0.dll Online Scan Perform an online scan with Internet Explorer with Panda ActiveScan. Click on the "Scan your PC" button located at the bottom of the page. A popup window should appear -- make sure you allow it if you have a popup blocker. Enter your e-mail address, country, and state and click Scan Now. Your computer will download Panda's 8 megabyte ActiveX control at this point. Follow the on-screen directions if it asks you to install the ActiveX control. Begin the scan by selecting My Computer. Note: Please turn off the real time scanner of any existing antivirus program while performing the online scan. Please ignore any entry it finds and the offer to buy the program to remove the entry, as we will address this later. Click on See report then click Save report. It is not necessary to remain online while it's doing the scan, but you will have to re-connect after it has finished to see the report. Post the results from Panda and a new HijackThis log after it finishes. How is your machine behaving now? __________________ The chance to begin again in a golden land of opportunity and adventure. Need HijackThis help? Please read MicroBell's Five Step Process before posting. Please donate and help keep this site free to all. UNITE/ASAP: Proud member since 2006

11-01-2006, 07:12 PM	#6 (permalink)
Deckard Mentor, Analyst - Security Team Join Date: May 2006 Location: Oregon Posts: 2,503 OS: MacOS X, Debian, OpenBSD, Windows	Yeah, use that for the scan instead as it should give the same results. I'm curious if the log format is the same. Your problem with svchost.exe may be related to autoupdate, but I can't say for sure. When we're sure you're clean of malware, I'll have you post to the XP forum here and let the experts take a stab at it. __________________ The chance to begin again in a golden land of opportunity and adventure. Need HijackThis help? Please read MicroBell's Five Step Process before posting. Please donate and help keep this site free to all. UNITE/ASAP: Proud member since 2006

11-01-2006, 05:36 AM	#5 (permalink)
Funbrit Registered User Join Date: Feb 2006 Posts: 32 OS: XP Pro	I've cleared all the cookies and deleted the two Excite files. I've already bought Panda Antivirus a few weeks ago and it's always active so shall I use that to do the scan or is it necessary to use the online version? Another problem I ran into when I was booting into safe mode was that I twice got the error message "svchost.exe referenced memory address 0x00000000 and was unable to read it" so svchost.exe was unable to start in safe mode. I don't get that message any other time.

11-01-2006, 09:44 PM	#7 (permalink)
Funbrit Registered User Join Date: Feb 2006 Posts: 32 OS: XP Pro	The Panda scan found nothing and I could only print the log not save it. Here's the latest hjt log done in safe mode: Logfile of HijackThis v1.99.1 Scan saved at 11:14:04 PM, on 01/11/2006 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\system32\userinit.exe C:\WINNT\Explorer.EXE C:\Program Files\Hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Sympatico / MSN Search: R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Sympatico / MSN Search: R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Yahoo! Canada R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Sympatico / MSN Search: O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: BrowserHelper Class - {EBCDDA60-2A68-11D3-8A43-0060083CFB9C} - C:\WINNT\System32\nzdd0.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [LoadQM] loadqm.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Antivirus 2007\APVXDWIN.EXE" /s O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [Atomic.exe] C:\Program Files\Atomic Clock Sync\Atomic.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: Norton System Doctor.LNK = C:\Program Files\Norton Utilities\SYSDOC32.EXE O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - Net2Phone -- Communication without borders (file missing) O9 - Extra 'Tools' menuitem: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - Net2Phone -- Communication without borders (file missing) O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab O16 - DPF: {0A83B185-DED0-4C26-9D16-8022908E93B2} (ActiveFormX Control) - http://phil-2000/ActiveFormProj1.cab O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/SSC/Sha...in/AvSniff.cab O16 - DPF: {40289096-9F72-4A04-BCB3-E434ECDCEE33} (AppDLCtrl Class) - http://download.howudodat.com/chatte...load/appdl.cab O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe O16 - DPF: {4EC8E993-32C1-47F5-A07A-5B0574655AD4} (WXcom Class) - http://us.dl1.yimg.com/download.yaho...tr_current.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1124239311587 O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://webcam.teched.mscorpevents.co...CamControl.ocx O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} - http://fdl.msn.com/zone/Z4/heartbeat.cab O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/SSC/Sha.../bin/cabsa.cab O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/is...18/mcfscan.cab O20 - Winlogon Notify: avldr - C:\WINNT\SYSTEM32\avldr.dll O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton Utilities\NPROTECT.EXE O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Software\Panda Antivirus 2007\pavsrv50.exe O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software - C:\Program Files\Panda Software\Panda Antivirus 2007\PsImSvc.exe O23 - Service: Speed Disk service - Symantec Corporation - C:\Program Files\Speed Disk\nopdb.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZoneLabs\vsmon.exe Thanks for all your help.

11-01-2006, 09:52 PM	#8 (permalink)
Deckard Mentor, Analyst - Security Team Join Date: May 2006 Location: Oregon Posts: 2,503 OS: MacOS X, Debian, OpenBSD, Windows	Can I get you to give me a log from Normal mode? I think you're clean; I just want to make absolutely sure. __________________ The chance to begin again in a golden land of opportunity and adventure. Need HijackThis help? Please read MicroBell's Five Step Process before posting. Please donate and help keep this site free to all. UNITE/ASAP: Proud member since 2006

11-02-2006, 06:57 AM	#9 (permalink)
Funbrit Registered User Join Date: Feb 2006 Posts: 32 OS: XP Pro	Here's the hjt log in normal mode: Logfile of HijackThis v1.99.1 Scan saved at 8:55:43 AM, on 02/11/2006 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\Program Files\Panda Software\Panda Antivirus 2007\pavsrv50.exe C:\Program Files\Panda Software\Panda Antivirus 2007\AVENGINE.EXE C:\WINNT\system32\spoolsv.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINNT\System32\svchost.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Norton Utilities\NPROTECT.EXE C:\Program Files\Panda Software\Panda Antivirus 2007\PsImSvc.exe C:\WINNT\system32\regsvc.exe C:\WINNT\system32\MSTask.exe C:\WINNT\system32\tcpsvcs.exe C:\Program Files\Speed Disk\nopdb.exe C:\WINNT\system32\stisvc.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\System32\mspmspsv.exe C:\WINNT\system32\svchost.exe C:\WINNT\Explorer.EXE C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Panda Software\Panda Antivirus 2007\APVXDWIN.EXE C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\Atomic Clock Sync\Atomic.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\WINNT\system32\ZoneLabs\vsmon.exe c:\program files\panda software\panda antivirus 2007\WebProxy.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Thunderbird\thunderbird.exe C:\Program Files\Hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Sympatico / MSN Search: R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Sympatico / MSN Search: R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ca.yahoo.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Sympatico / MSN Search: O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: BrowserHelper Class - {EBCDDA60-2A68-11D3-8A43-0060083CFB9C} - C:\WINNT\System32\nzdd0.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [LoadQM] loadqm.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Antivirus 2007\APVXDWIN.EXE" /s O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [Atomic.exe] C:\Program Files\Atomic Clock Sync\Atomic.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: Norton System Doctor.LNK = C:\Program Files\Norton Utilities\SYSDOC32.EXE O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - Net2Phone -- Communication without borders (file missing) O9 - Extra 'Tools' menuitem: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - Net2Phone -- Communication without borders (file missing) O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab O16 - DPF: {0A83B185-DED0-4C26-9D16-8022908E93B2} (ActiveFormX Control) - http://phil-2000/ActiveFormProj1.cab O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/SSC/Sha...in/AvSniff.cab O16 - DPF: {40289096-9F72-4A04-BCB3-E434ECDCEE33} (AppDLCtrl Class) - http://download.howudodat.com/chatte...load/appdl.cab O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe O16 - DPF: {4EC8E993-32C1-47F5-A07A-5B0574655AD4} (WXcom Class) - http://us.dl1.yimg.com/download.yaho...tr_current.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1124239311587 O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://webcam.teched.mscorpevents.co...CamControl.ocx O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} - http://fdl.msn.com/zone/Z4/heartbeat.cab O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/SSC/Sha.../bin/cabsa.cab O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/is...18/mcfscan.cab O20 - Winlogon Notify: avldr - C:\WINNT\SYSTEM32\avldr.dll O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton Utilities\NPROTECT.EXE O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Software\Panda Antivirus 2007\pavsrv50.exe O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software - C:\Program Files\Panda Software\Panda Antivirus 2007\PsImSvc.exe O23 - Service: Speed Disk service - Symantec Corporation - C:\Program Files\Speed Disk\nopdb.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZoneLabs\vsmon.exe

11-02-2006, 07:32 PM	#10 (permalink)
Deckard Mentor, Analyst - Security Team Join Date: May 2006 Location: Oregon Posts: 2,503 OS: MacOS X, Debian, OpenBSD, Windows	Well done, your logs are clean! Any more issues? If not, you should be good to go but we still have a few items we'd like to address. Reset hidden/system files and folders Click Start. Open My Computer. Select the Tools menu and click Folder Options. Select the View tab. Deselect the Show hidden files and folders option. Select the Hide file extensions for known types option. Select the Hide protected operating system files option. Click Yes to confirm and then click OK. Reset System Restore Go to Start>Run, type SYSDM.CPL and press Enter. Select the System Restore tab. Check "Turn off System Restore on all drives" and click Apply. Now uncheck the same option and click OK. Reset hidden/system files and folders Open My Computer. Select the Tools menu and click Folder Options. Select the View tab. Select the Advanced settings box option. Select the Hidden files Folders. Deselect the Show all files option. Click Yes to confirm and then click OK. Re-enable Protection Turn back on any malware prevention tools we might have had you switch off. Microsoft Updates It is very important that you get all of the critical updates for your Operating System and Internet Explorer. Keeping your OS and browser up to date will help make you less susceptible to attacks by malware. Using Internet Explorer, please go to Microsoft's Windows Update and download all of the critical updates to help prevent possible re-infection. Please ensure that you have already patched your system against these recent critical exploits: WMF exploit: KB912919 VML exploit: KB925486 Enable Windows Auto Update: Go to Start>Run, type WUAUCPL.CPL and press Enter. Make sure "Keep my computer up to date" is checked. Under settings, choose "Automatically download the updates, and install them on the schedule that I specify". Click on "OK". Update Java You need to update your Java as it is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update. Download the latest version of Java Runtime Environment (JRE) 5.0 Update 9. Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications". Click the "Download" button to the right. Check the box that says: "Accept License Agreement". The page will refresh. Click on the link to download Windows Offline Installation with or without multi-language and save to your desktop. Close any programs you may have running -- especially your web browser(s). Go to Start→Control Panel double-click on Add/Remove Programs. Check any item with Java Runtime Environment (JRE or J2SE) in the name. Click the Remove or Change/Remove button. Repeat as many times as necessary to remove each version of Java. Reboot your computer once all Java components are removed. Then from your desktop double-click on jre-1_5_0_09-windowsi586-p.exe to install the newest version. After the reboot, go back into the Control Panel and double-click the Java icon. Under Temporary Internet Files, click the Delete Files button. There are three options in the window to clear the cache - Leave ALL three checked: Downloaded Applets Downloaded Applications Other Files Click OK on Delete Temporary Files Window. NOTE: This deletes ALL of the Downloaded Applications and Applets from the cache. Click OK to leave the Java Control Panel. Malware Prevention This is a good time to set up protection against further attacks. You might want to read Tony Klein's "How Did I Get Infected In The First Place?". At the minimum, you need an antivirus that is continually updated, a good firewall, a spyware blocker such as Spyware Blaster, and a real time spyware program such as Spyware Guard to prevent spyware intrusions. I also recommend IE-Spyad, which places over 4,000 websites and domains in the IE Restricted list, thus helping prevent attempts to re-infect your system. All of these have no-strings-attached free versions available. However, be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use but often have malware in them. Two more articles you may want to read at your leisure are "KRC Anti-Spyware Tutorial" and "Making Internet Explorer Safer". The following is a list of free software we recommend: Antivirus AV software should be updated at least once a week for optimum protection. Here are some free AV programs available for personal use. NOTE: Do not install more than one AV program because they will conflict with each other. Only pick one. AOL Active Virus Shield (powered by Kaspersky Antivirus) BitDefender Avira PersonalEdition Classic Avast! AVG Firewalls A good firewall is the first-line of defense for your computer and will monitor incoming and outgoing traffic. NOTE: Microsoft's Firewall does not monitor outgoing traffic. If you are unfamiliar with how a firewall works, you can read "Understanding and Using Firewalls". Here are some free firewalls available for personal use: Sygate Personal Firewall ZoneAlarm Tiny Personal Firewall Sunbelt Kerio Personal Firewall Outpost Firewall PRO Realtime Malware Prevention Tools These programs actively watch your computer for possible malware-related changes and help prevent them. You can run more than one of these at a time. Spyware Guard Spybot Search & Destroy AdAware WinPatrol - with tutorial Passive Malware Prevention Tools These programs configure your computer to prevent known malware-related changes. You can have more than one of these at a time and they take up minimal resources. SpywareBlaster - Install & update SpywareBlaster with the latest definitions. After you have updated, click the button - enable protection for all unprotected items. Check regularly for updates. IE-Spyad - Extract to your desktop and double-click install.bat. Install options #2 and #4. IE-Spyad places more than 4,000 dubious domains in the IE Restricted list, which impairs attempts to infect your system. It prevents any downloads from the sites although you will still be able to connect to them. You can read more about it on it's homepage. MVPS Hosts File - extract and double-click the mvps.bat file. This will replace your current HOSTS file with one that will restrict known ad sites form serving you unsolicited advertisements, preventing your computer from connecting to those sites. McAfee SiteAdvisor - helps to warn you before you interact with a dangerous Web site. Works with both IE and Firefox. Alternative Web Browsers Using an alternative browser can help prevent malware from being installed without your knowledge, but may not work on all websites. Firefox Opera Alternative Miscellaneous Here are some alternatives that are worth looking into if you use their features: Trillian - an Instant Messenger client that speaks multiple IM services (AIM, Yahoo!, ICQ, MSN, etc.) Miranda-IM - another Instant Messenger client with multiple IM capabilities. Desktop Weather - A taskbar weather program that is free and resource light. Please respond to this thread one more time so we can mark this thread as resolved. __________________ The chance to begin again in a golden land of opportunity and adventure. Need HijackThis help? Please read MicroBell's Five Step Process before posting. Please donate and help keep this site free to all. UNITE/ASAP: Proud member since 2006

11-02-2006, 10:29 PM	#11 (permalink)
Funbrit Registered User Join Date: Feb 2006 Posts: 32 OS: XP Pro	I've completed all the tasks on your list except I couldn't set the System Restore point as I'm running W2K Pro not XP. In the prevention arena I use Panda Antivirus, Zone Alarm firewall, Spybot and AdAware SE, Firefox and Thunderbird. Thanks for all your help.