Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads

User Tag List

exploit obscured html trojan, I think

This is a discussion on exploit obscured html trojan, I think within the Resolved HJT Threads forums, part of the Tech Support Forum category. Exploit-obscured html A few weeks ago, right before I took a two week vacation without my computer, I did something


 
 
Thread Tools Search this Thread
Old 04-23-2006, 11:30 AM   #1
Guest
 
Join Date: Apr 2006
Posts: 13
OS:



Exploit-obscured html

A few weeks ago, right before I took a two week vacation without my computer, I did something stupid and allowed an ActiveX control that looked like it was from a trusted source to be installed, even after my software warned me not to do it. Since I returned from the trip, my computer has gotten slower and slower, especially in regard to surfing the internet. When I tried to update spybot today, the download manager said that it would take 19 hours. I cannot update windows I can't even get onto the update page, it will not load. I think I was fairly up-to-date before all this happened (Windows XP Home Edition, service pack 2, updates fairly recently).

At this point, any web browsing is almost out of the question, though my boyfriend's computer has been extremely helpful in finding this forum.

I usually browse with Netscape 8.1 if that matters and is not too blasphemous to say. I used the adminstrator profile to create this hijackthis log, though I usually do all my work in a different profile if that matters.

Here's is what I did so far:

I had been running updated Mcafee virus checker and firewall besides the hardware firewall. They never found anything, nor did Ad-aware, except for some green light cookies. Yesterday I decided to do an online check using Trend Micro's online virus checker. The Trend Micro checker found nothing, but twice, during the time it was running (which was hours with my slow system), McAfee said that it detected the Trojan "exploit-obscured html". When I reran Mcafee afterward, I could not find a trace of it, or even that Mcafee had quarentined it, but my system was still really slow. I have seen this exact problem described in other forums on the web with the Mcafee/Trend Micro combo. Thank goodness something finally turned up.

I reran Ad-aware in safe mode this morning, got rid of all the cookies (all it detected) which didn't look very bad, also got rid of the tracking cookies that spybot (which I was able to miraculously update somehow finally) found. (They didn't look too ominous either.) The only two things I didn't get rid of that spybot found were "windows security center antivirus and firewall disable" thinking that I could want them off so they don't conflict with Mcafee, so I would wait for an expert to help. I didn't have any of the listed malware programs in the FAQ for this website or the online website.
CW Shredder found nothing.

I did download a bunch of the suggested programs from a similar post in this forum and installed, but did not update or use them (like ewido) sorry about jumping the gun. It was just easier to download to CDROM using my boyfriend's computer and I got click happy installing.

Any help is very appreciated.

So, here is my hijackthis log:

Logfile of HijackThis v1.99.1
Scan saved at 12:38:22 PM, on 4/23/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Aventail\Connect\as32svc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\WINDOWS\system32\NWTRAY.EXE
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Netscape\Netscape\Netscp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
https://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
https://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
https://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
https://www.dell4me.com/myway
N3 - Netscape 7: user_pref("browser.startup.homepage", "https://pool.dylantree.com/");
(C:\Documents and Settings\Kathleen\Application
Data\Mozilla\Profiles\default\acwqp5hs.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine",
"engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb
_01.src"); (C:\Documents and Settings\Kathleen\Application
Data\Mozilla\Profiles\default\acwqp5hs.slt\prefs.js)
O2 - BHO: (no name) - AutorunsDisabled - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot
- Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} -
c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe"
/checktask
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update
Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"
-osboot
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\Netscape\Netscape\Netscp.exe"
-turbo
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat
7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file
missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\aventail\connect\asdns.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage
Validation Tool) - https://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System
Class) - https://download.mcafee.com/molbin/sh...9/mcinsctl.cab
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) -
https://photo.walmart.com/photo/uploa...loadClient.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) -
https://download.mcafee.com/molbin/sh...26/mcgdmgr.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Aventail Connect (As32Svc) - Aventail Corporation - C:\Program
Files\Aventail\Connect\as32svc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido
anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido
anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program
Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program
files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. -
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc -
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc -
C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation -
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
ksmile is offline  
Sponsored Links
Advertisement
 
Old 04-23-2006, 07:18 PM   #2
TSF Team, Emeritus
 
Vikesrock8411's Avatar
 
Join Date: Jun 2005
Posts: 3,100
OS: Windows XP


Hello and welcome to TSF

I reccommend you Subscribe to this thread so you are notified of any replies via email. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

There isn't much showing in your log, so we'll try a general cleaning and see what turns up. You will need to be on the account the Hijackthis log was taken from in order to perform the following fixes. After completing the procedures below please post a Hijackthis log from the account you normally work on, not the Administrator account.

Please print out or copy this page to Notepad in order to assist you when carrying out the following instructions.

Downloads(make sure to save these in a permanent location)
Cleanup!- Install it. You will use this later.
*NOTE* Cleanup deletes EVERYTHING out of temporary folders and does not make backups.
  • Double-click the icon on Desktop to launch Ewido
You will need to update Ewido to the latest definition files.
  • On the left hand side of the main screen click update.
  • Then click on Start Update.
The update will start and a progress bar will show the updates being installed.
If you are having problems with the updater, you can use this link to manually update Ewido
When you have finished updating, EXIT Ewido.

Next, please reboot your computer in SafeMode by doing the following:
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
  • Instead of Windows loading as normal, a menu should appear
  • Select the first option, to run Windows in Safe Mode.

HijackThis!
Open Hijack This and click on Scan. Check the following entries (make sure you do not miss any)
O2 - BHO: (no name) - AutorunsDisabled - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)


Please remember to close all other windows, including browsers then click Fix checked.

Tools
Open Cleanup! by double-clicking the icon on your desktop (or from Start > All Programs). Set the program up as follows:

Click Options
Move the slider button down to Custom CleanUp!

Check the following:
  • Empty Recycle Bins
  • Delete Cookies
  • Delete Prefetch files
  • Cleanup! All Users
Uncheck the following :
  • Scan local drives for temporary files

Click OK, Press the CleanUp! button to start the program. If prompted to reboot, click No

Run Ewido with it's updated definitions:(...it's important that all windows must be closed)
  • Click Scanner
  • Click Complete System Scan to begin scanning.
  • Click OK when prompted to clean files
With the first file it prompts to clean, select the option:
  • "Perform action on all infections"
  • Choose clean and click OK.
Once finished, click the Save report button & save the report to your desktop

** This scan may take over an hour, after choosing the action for the first item you do not need to stay at the PC.

Reboot your system in Normal Mode.

Online Scans
Perform an online scan with Internet Explorer with Panda ActiveScan
** click on "Free use ActiveScan" located on the top right hand corner
  1. Click Scan your PC & a 'pop up' window shall appear. *ensure that your pop up blocker doesn't block it
  2. Click Scan Now
  3. Enter your e-mail address & click Scan Now ...begins downloading 8 MB Panda's ActiveX controls
Begin the scan by selecting My Computer
  • If it finds any malware, it will offer you a report.
  • Click on see report. Then click Save report
Post the contents of the report in your next reply

*You needn't remain online while it's doing the scan but you have to re-connect after it has finished to see the report.
*Turn off the real time scanner of any existing antivirus program while performing the online scan


In your next post please include:
  • Panda Activescan Log
  • Ewido Log
  • A new Hijackthis! Log
Vikesrock8411 is offline  
Old 04-24-2006, 05:59 PM   #3
Guest
 
Join Date: Apr 2006
Posts: 13
OS:


Here are the logs:

Panda Activescan

Incident Status Location

Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Kathleen at Work\Application Data\Mozilla\Profiles\default\59o5c61c.slt\cookies.txt[.atwola.com/]
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Kathleen at Work\Application Data\Mozilla\Profiles\default\59o5c61c.slt\cookies.txt[searchportal.information.com/]



---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 6:04:29 PM, 4/24/2006
+ Report-Checksum: 71996918

+ Scan result:

:mozilla.8:C:\Documents and Settings\andrew\Application Data\Mozilla\Profiles\default\fawyp51y.slt\cookies.txt -> TrackingCookie.Qksrv : Cleaned with backup
:mozilla.9:C:\Documents and Settings\andrew\Application Data\Mozilla\Profiles\default\fawyp51y.slt\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.10:C:\Documents and Settings\andrew\Application Data\Mozilla\Profiles\default\fawyp51y.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.11:C:\Documents and Settings\andrew\Application Data\Mozilla\Profiles\default\fawyp51y.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.12:C:\Documents and Settings\andrew\Application Data\Mozilla\Profiles\default\fawyp51y.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.13:C:\Documents and Settings\andrew\Application Data\Mozilla\Profiles\default\fawyp51y.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.14:C:\Documents and Settings\andrew\Application Data\Mozilla\Profiles\default\fawyp51y.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.16:C:\Documents and Settings\andrew\Application Data\Mozilla\Profiles\default\fawyp51y.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.24:C:\Documents and Settings\andrew\Application Data\Mozilla\Profiles\default\fawyp51y.slt\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.7:C:\Documents and Settings\Kathleen\Application Data\Netscape\NSB\Profiles\9osmdedm.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.13:C:\Documents and Settings\Kathleen\Application Data\Netscape\NSB\Profiles\9osmdedm.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.14:C:\Documents and Settings\Kathleen\Application Data\Netscape\NSB\Profiles\9osmdedm.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.15:C:\Documents and Settings\Kathleen\Application Data\Netscape\NSB\Profiles\9osmdedm.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.22:C:\Documents and Settings\Kathleen\Application Data\Netscape\NSB\Profiles\9osmdedm.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.23:C:\Documents and Settings\Kathleen\Application Data\Netscape\NSB\Profiles\9osmdedm.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.24:C:\Documents and Settings\Kathleen\Application Data\Netscape\NSB\Profiles\9osmdedm.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.25:C:\Documents and Settings\Kathleen\Application Data\Netscape\NSB\Profiles\9osmdedm.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.26:C:\Documents and Settings\Kathleen\Application Data\Netscape\NSB\Profiles\9osmdedm.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.27:C:\Documents and Settings\Kathleen\Application Data\Netscape\NSB\Profiles\9osmdedm.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.28:C:\Documents and Settings\Kathleen\Application Data\Netscape\NSB\Profiles\9osmdedm.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.29:C:\Documents and Settings\Kathleen\Application Data\Netscape\NSB\Profiles\9osmdedm.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.30:C:\Documents and Settings\Kathleen\Application Data\Netscape\NSB\Profiles\9osmdedm.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.31:C:\Documents and Settings\Kathleen\Application Data\Netscape\NSB\Profiles\9osmdedm.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.37:C:\Documents and Settings\Kathleen\Application Data\Netscape\NSB\Profiles\9osmdedm.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.16:C:\Documents and Settings\Kathleen at Work\Application Data\Mozilla\Profiles\default\59o5c61c.slt\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.17:C:\Documents and Settings\Kathleen at Work\Application Data\Mozilla\Profiles\default\59o5c61c.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.18:C:\Documents and Settings\Kathleen at Work\Application Data\Mozilla\Profiles\default\59o5c61c.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.19:C:\Documents and Settings\Kathleen at Work\Application Data\Mozilla\Profiles\default\59o5c61c.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.20:C:\Documents and Settings\Kathleen at Work\Application Data\Mozilla\Profiles\default\59o5c61c.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.21:C:\Documents and Settings\Kathleen at Work\Application Data\Mozilla\Profiles\default\59o5c61c.slt\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.22:C:\Documents and Settings\Kathleen at Work\Application Data\Mozilla\Profiles\default\59o5c61c.slt\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.23:C:\Documents and Settings\Kathleen at Work\Application Data\Mozilla\Profiles\default\59o5c61c.slt\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.24:C:\Documents and Settings\Kathleen at Work\Application Data\Mozilla\Profiles\default\59o5c61c.slt\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.25:C:\Documents and Settings\Kathleen at Work\Application Data\Mozilla\Profiles\default\59o5c61c.slt\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.30:C:\Documents and Settings\Kathleen at Work\Application Data\Mozilla\Profiles\default\59o5c61c.slt\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.41:C:\Documents and Settings\Kathleen at Work\Application Data\Mozilla\Profiles\default\59o5c61c.slt\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.42:C:\Documents and Settings\Kathleen at Work\Application Data\Mozilla\Profiles\default\59o5c61c.slt\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.47:C:\Documents and Settings\Kathleen at Work\Application Data\Mozilla\Profiles\default\59o5c61c.slt\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.49:C:\Documents and Settings\Kathleen at Work\Application Data\Mozilla\Profiles\default\59o5c61c.slt\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.50:C:\Documents and Settings\Kathleen at Work\Application Data\Mozilla\Profiles\default\59o5c61c.slt\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.55:C:\Documents and Settings\Kathleen at Work\Application Data\Mozilla\Profiles\default\59o5c61c.slt\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.56:C:\Documents and Settings\Kathleen at Work\Application Data\Mozilla\Profiles\default\59o5c61c.slt\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.57:C:\Documents and Settings\Kathleen at Work\Application Data\Mozilla\Profiles\default\59o5c61c.slt\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.58:C:\Documents and Settings\Kathleen at Work\Application Data\Mozilla\Profiles\default\59o5c61c.slt\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.59:C:\Documents and Settings\Kathleen at Work\Application Data\Mozilla\Profiles\default\59o5c61c.slt\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.87:C:\Documents and Settings\Kathleen at Work\Application Data\Mozilla\Profiles\default\59o5c61c.slt\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup
:mozilla.88:C:\Documents and Settings\Kathleen at Work\Application Data\Mozilla\Profiles\default\59o5c61c.slt\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup
:mozilla.89:C:\Documents and Settings\Kathleen at Work\Application Data\Mozilla\Profiles\default\59o5c61c.slt\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup
:mozilla.115:C:\Documents and Settings\Kathleen at Work\Application Data\Mozilla\Profiles\default\59o5c61c.slt\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.120:C:\Documents and Settings\Kathleen at Work\Application Data\Mozilla\Profiles\default\59o5c61c.slt\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.121:C:\Documents and Settings\Kathleen at Work\Application Data\Mozilla\Profiles\default\59o5c61c.slt\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.137:C:\Documents and Settings\Kathleen at Work\Application Data\Mozilla\Profiles\default\59o5c61c.slt\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.139:C:\Documents and Settings\Kathleen at Work\Application Data\Mozilla\Profiles\default\59o5c61c.slt\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.145:C:\Documents and Settings\Kathleen at Work\Application Data\Mozilla\Profiles\default\59o5c61c.slt\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup
:mozilla.148:C:\Documents and Settings\Kathleen at Work\Application Data\Mozilla\Profiles\default\59o5c61c.slt\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.166:C:\Documents and Settings\Kathleen at Work\Application Data\Mozilla\Profiles\default\59o5c61c.slt\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.187:C:\Documents and Settings\Kathleen at Work\Application Data\Mozilla\Profiles\default\59o5c61c.slt\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.188:C:\Documents and Settings\Kathleen at Work\Application Data\Mozilla\Profiles\default\59o5c61c.slt\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.189:C:\Documents and Settings\Kathleen at Work\Application Data\Mozilla\Profiles\default\59o5c61c.slt\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.209:C:\Documents and Settings\Kathleen at Work\Application Data\Mozilla\Profiles\default\59o5c61c.slt\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.212:C:\Documents and Settings\Kathleen at Work\Application Data\Mozilla\Profiles\default\59o5c61c.slt\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.15:C:\Documents and Settings\Kathleen at Work\Application Data\Netscape\NSB\Profiles\cn0sc2yq.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
:mozilla.32:C:\Documents and Settings\Kathleen at Work\Application Data\Netscape\NSB\Profiles\cn0sc2yq.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.34:C:\Documents and Settings\Kathleen at Work\Application Data\Netscape\NSB\Profiles\cn0sc2yq.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned with backup
:mozilla.35:C:\Documents and Settings\Kathleen at Work\Application Data\Netscape\NSB\Profiles\cn0sc2yq.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned with backup
:mozilla.42:C:\Documents and Settings\Kathleen at Work\Application Data\Netscape\NSB\Profiles\cn0sc2yq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.43:C:\Documents and Settings\Kathleen at Work\Application Data\Netscape\NSB\Profiles\cn0sc2yq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.44:C:\Documents and Settings\Kathleen at Work\Application Data\Netscape\NSB\Profiles\cn0sc2yq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.45:C:\Documents and Settings\Kathleen at Work\Application Data\Netscape\NSB\Profiles\cn0sc2yq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.46:C:\Documents and Settings\Kathleen at Work\Application Data\Netscape\NSB\Profiles\cn0sc2yq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.47:C:\Documents and Settings\Kathleen at Work\Application Data\Netscape\NSB\Profiles\cn0sc2yq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.48:C:\Documents and Settings\Kathleen at Work\Application Data\Netscape\NSB\Profiles\cn0sc2yq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.49:C:\Documents and Settings\Kathleen at Work\Application Data\Netscape\NSB\Profiles\cn0sc2yq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.50:C:\Documents and Settings\Kathleen at Work\Application Data\Netscape\NSB\Profiles\cn0sc2yq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.51:C:\Documents and Settings\Kathleen at Work\Application Data\Netscape\NSB\Profiles\cn0sc2yq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.52:C:\Documents and Settings\Kathleen at Work\Application Data\Netscape\NSB\Profiles\cn0sc2yq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.53:C:\Documents and Settings\Kathleen at Work\Application Data\Netscape\NSB\Profiles\cn0sc2yq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.54:C:\Documents and Settings\Kathleen at Work\Application Data\Netscape\NSB\Profiles\cn0sc2yq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.55:C:\Documents and Settings\Kathleen at Work\Application Data\Netscape\NSB\Profiles\cn0sc2yq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.56:C:\Documents and Settings\Kathleen at Work\Application Data\Netscape\NSB\Profiles\cn0sc2yq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.57:C:\Documents and Settings\Kathleen at Work\Application Data\Netscape\NSB\Profiles\cn0sc2yq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.58:C:\Documents and Settings\Kathleen at Work\Application Data\Netscape\NSB\Profiles\cn0sc2yq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.59:C:\Documents and Settings\Kathleen at Work\Application Data\Netscape\NSB\Profiles\cn0sc2yq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.60:C:\Documents and Settings\Kathleen at Work\Application Data\Netscape\NSB\Profiles\cn0sc2yq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.61:C:\Documents and Settings\Kathleen at Work\Application Data\Netscape\NSB\Profiles\cn0sc2yq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.62:C:\Documents and Settings\Kathleen at Work\Application Data\Netscape\NSB\Profiles\cn0sc2yq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.63:C:\Documents and Settings\Kathleen at Work\Application Data\Netscape\NSB\Profiles\cn0sc2yq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.64:C:\Documents and Settings\Kathleen at Work\Application Data\Netscape\NSB\Profiles\cn0sc2yq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.65:C:\Documents and Settings\Kathleen at Work\Application Data\Netscape\NSB\Profiles\cn0sc2yq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.66:C:\Documents and Settings\Kathleen at Work\Application Data\Netscape\NSB\Profiles\cn0sc2yq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.67:C:\Documents and Settings\Kathleen at Work\Application Data\Netscape\NSB\Profiles\cn0sc2yq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.68:C:\Documents and Settings\Kathleen at Work\Application Data\Netscape\NSB\Profiles\cn0sc2yq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.69:C:\Documents and Settings\Kathleen at Work\Application Data\Netscape\NSB\Profiles\cn0sc2yq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.70:C:\Documents and Settings\Kathleen at Work\Application Data\Netscape\NSB\Profiles\cn0sc2yq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.71:C:\Documents and Settings\Kathleen at Work\Application Data\Netscape\NSB\Profiles\cn0sc2yq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.72:C:\Documents and Settings\Kathleen at Work\Application Data\Netscape\NSB\Profiles\cn0sc2yq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.73:C:\Documents and Settings\Kathleen at Work\Application Data\Netscape\NSB\Profiles\cn0sc2yq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.74:C:\Documents and Settings\Kathleen at Work\Application Data\Netscape\NSB\Profiles\cn0sc2yq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.75:C:\Documents and Settings\Kathleen at Work\Application Data\Netscape\NSB\Profiles\cn0sc2yq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.76:C:\Documents and Settings\Kathleen at Work\Application Data\Netscape\NSB\Profiles\cn0sc2yq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.77:C:\Documents and Settings\Kathleen at Work\Application Data\Netscape\NSB\Profiles\cn0sc2yq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.78:C:\Documents and Settings\Kathleen at Work\Application Data\Netscape\NSB\Profiles\cn0sc2yq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.79:C:\Documents and Settings\Kathleen at Work\Application Data\Netscape\NSB\Profiles\cn0sc2yq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.80:C:\Documents and Settings\Kathleen at Work\Application Data\Netscape\NSB\Profiles\cn0sc2yq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.81:C:\Documents and Settings\Kathleen at Work\Application Data\Netscape\NSB\Profiles\cn0sc2yq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.82:C:\Documents and Settings\Kathleen at Work\Application Data\Netscape\NSB\Profiles\cn0sc2yq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.83:C:\Documents and Settings\Kathleen at Work\Application Data\Netscape\NSB\Profiles\cn0sc2yq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.84:C:\Documents and Settings\Kathleen at Work\Application Data\Netscape\NSB\Profiles\cn0sc2yq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.85:C:\Documents and Settings\Kathleen at Work\Application Data\Netscape\NSB\Profiles\cn0sc2yq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.86:C:\Documents and Settings\Kathleen at Work\Application Data\Netscape\NSB\Profiles\cn0sc2yq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.87:C:\Documents and Settings\Kathleen at Work\Application Data\Netscape\NSB\Profiles\cn0sc2yq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.88:C:\Documents and Settings\Kathleen at Work\Application Data\Netscape\NSB\Profiles\cn0sc2yq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.89:C:\Documents and Settings\Kathleen at Work\Application Data\Netscape\NSB\Profiles\cn0sc2yq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.90:C:\Documents and Settings\Kathleen at Work\Application Data\Netscape\NSB\Profiles\cn0sc2yq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.91:C:\Documents and Settings\Kathleen at Work\Application Data\Netscape\NSB\Profiles\cn0sc2yq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.92:C:\Documents and Settings\Kathleen at Work\Application Data\Netscape\NSB\Profiles\cn0sc2yq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.95:C:\Documents and Settings\Kathleen at Work\Application Data\Netscape\NSB\Profiles\cn0sc2yq.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.96:C:\Documents and Settings\Kathleen at Work\Application Data\Netscape\NSB\Profiles\cn0sc2yq.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.97:C:\Documents and Settings\Kathleen at Work\Application Data\Netscape\NSB\Profiles\cn0sc2yq.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.98:C:\Documents and Settings\Kathleen at Work\Application Data\Netscape\NSB\Profiles\cn0sc2yq.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.99:C:\Documents and Settings\Kathleen at Work\Application Data\Netscape\NSB\Profiles\cn0sc2yq.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.118:C:\Documents and Settings\Kathleen at Work\Application Data\Netscape\NSB\Profiles\cn0sc2yq.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.119:C:\Documents and Settings\Kathleen at Work\Application Data\Netscape\NSB\Profiles\cn0sc2yq.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.120:C:\Documents and Settings\Kathleen at Work\Application Data\Netscape\NSB\Profiles\cn0sc2yq.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.121:C:\Documents and Settings\Kathleen at Work\Application Data\Netscape\NSB\Profiles\cn0sc2yq.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.124:C:\Documents and Settings\Kathleen at Work\Application Data\Netscape\NSB\Profiles\cn0sc2yq.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.132:C:\Documents and Settings\Kathleen at Work\Application Data\Netscape\NSB\Profiles\cn0sc2yq.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.133:C:\Documents and Settings\Kathleen at Work\Application Data\Netscape\NSB\Profiles\cn0sc2yq.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.134:C:\Documents and Settings\Kathleen at Work\Application Data\Netscape\NSB\Profiles\cn0sc2yq.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.135:C:\Documents and Settings\Kathleen at Work\Application Data\Netscape\NSB\Profiles\cn0sc2yq.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.136:C:\Documents and Settings\Kathleen at Work\Application Data\Netscape\NSB\Profiles\cn0sc2yq.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.137:C:\Documents and Settings\Kathleen at Work\Application Data\Netscape\NSB\Profiles\cn0sc2yq.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.138:C:\Documents and Settings\Kathleen at Work\Application Data\Netscape\NSB\Profiles\cn0sc2yq.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.161:C:\Documents and Settings\Kathleen at Work\Application Data\Netscape\NSB\Profiles\cn0sc2yq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.162:C:\Documents and Settings\Kathleen at Work\Application Data\Netscape\NSB\Profiles\cn0sc2yq.default\cookies.txt -> TrackingCookie.Linksynergy : Cleaned with backup
:mozilla.163:C:\Documents and Settings\Kathleen at Work\Application Data\Netscape\NSB\Profiles\cn0sc2yq.default\cookies.txt -> TrackingCookie.Linksynergy : Cleaned with backup
:mozilla.165:C:\Documents and Settings\Kathleen at Work\Application Data\Netscape\NSB\Profiles\cn0sc2yq.default\cookies.txt -> TrackingCookie.Bfast : Cleaned with backup
:mozilla.167:C:\Documents and Settings\Kathleen at Work\Application Data\Netscape\NSB\Profiles\cn0sc2yq.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.168:C:\Documents and Settings\Kathleen at Work\Application Data\Netscape\NSB\Profiles\cn0sc2yq.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.183:C:\Documents and Settings\Kathleen at Work\Application Data\Netscape\NSB\Profiles\cn0sc2yq.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.184:C:\Documents and Settings\Kathleen at Work\Application Data\Netscape\NSB\Profiles\cn0sc2yq.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.185:C:\Documents and Settings\Kathleen at Work\Application Data\Netscape\NSB\Profiles\cn0sc2yq.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.186:C:\Documents and Settings\Kathleen at Work\Application Data\Netscape\NSB\Profiles\cn0sc2yq.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.187:C:\Documents and Settings\Kathleen at Work\Application Data\Netscape\NSB\Profiles\cn0sc2yq.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.191:C:\Documents and Settings\Kathleen at Work\Application Data\Netscape\NSB\Profiles\cn0sc2yq.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.192:C:\Documents and Settings\Kathleen at Work\Application Data\Netscape\NSB\Profiles\cn0sc2yq.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.193:C:\Documents and Settings\Kathleen at Work\Application Data\Netscape\NSB\Profiles\cn0sc2yq.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.194:C:\Documents and Settings\Kathleen at Work\Application Data\Netscape\NSB\Profiles\cn0sc2yq.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.195:C:\Documents and Settings\Kathleen at Work\Application Data\Netscape\NSB\Profiles\cn0sc2yq.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.196:C:\Documents and Settings\Kathleen at Work\Application Data\Netscape\NSB\Profiles\cn0sc2yq.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.197:C:\Documents and Settings\Kathleen at Work\Application Data\Netscape\NSB\Profiles\cn0sc2yq.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.222:C:\Documents and Settings\Kathleen at Work\Application Data\Netscape\NSB\Profiles\cn0sc2yq.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.223:C:\Documents and Settings\Kathleen at Work\Application Data\Netscape\NSB\Profiles\cn0sc2yq.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.224:C:\Documents and Settings\Kathleen at Work\Application Data\Netscape\NSB\Profiles\cn0sc2yq.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.225:C:\Documents and Settings\Kathleen at Work\Application Data\Netscape\NSB\Profiles\cn0sc2yq.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.226:C:\Documents and Settings\Kathleen at Work\Application Data\Netscape\NSB\Profiles\cn0sc2yq.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.227:C:\Documents and Settings\Kathleen at Work\Application Data\Netscape\NSB\Profiles\cn0sc2yq.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.228:C:\Documents and Settings\Kathleen at Work\Application Data\Netscape\NSB\Profiles\cn0sc2yq.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.229:C:\Documents and Settings\Kathleen at Work\Application Data\Netscape\NSB\Profiles\cn0sc2yq.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.230:C:\Documents and Settings\Kathleen at Work\Application Data\Netscape\NSB\Profiles\cn0sc2yq.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.231:C:\Documents and Settings\Kathleen at Work\Application Data\Netscape\NSB\Profiles\cn0sc2yq.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.232:C:\Documents and Settings\Kathleen at Work\Application Data\Netscape\NSB\Profiles\cn0sc2yq.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.233:C:\Documents and Settings\Kathleen at Work\Application Data\Netscape\NSB\Profiles\cn0sc2yq.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.234:C:\Documents and Settings\Kathleen at Work\Application Data\Netscape\NSB\Profiles\cn0sc2yq.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.235:C:\Documents and Settings\Kathleen at Work\Application Data\Netscape\NSB\Profiles\cn0sc2yq.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.238:C:\Documents and Settings\Kathleen at Work\Application Data\Netscape\NSB\Profiles\cn0sc2yq.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.247:C:\Documents and Settings\Kathleen at Work\Application Data\Netscape\NSB\Profiles\cn0sc2yq.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.250:C:\Documents and Settings\Kathleen at Work\Application Data\Netscape\NSB\Profiles\cn0sc2yq.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned with backup
:mozilla.251:C:\Documents and Settings\Kathleen at Work\Application Data\Netscape\NSB\Profiles\cn0sc2yq.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.252:C:\Documents and Settings\Kathleen at Work\Application Data\Netscape\NSB\Profiles\cn0sc2yq.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.253:C:\Documents and Settings\Kathleen at Work\Application Data\Netscape\NSB\Profiles\cn0sc2yq.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.254:C:\Documents and Settings\Kathleen at Work\Application Data\Netscape\NSB\Profiles\cn0sc2yq.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.255:C:\Documents and Settings\Kathleen at Work\Application Data\Netscape\NSB\Profiles\cn0sc2yq.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.263:C:\Documents and Settings\Kathleen at Work\Application Data\Netscape\NSB\Profiles\cn0sc2yq.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.360:C:\Documents and Settings\Kathleen at Work\Application Data\Netscape\NSB\Profiles\cn0sc2yq.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.372:C:\Documents and Settings\Kathleen at Work\Application Data\Netscape\NSB\Profiles\cn0sc2yq.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.373:C:\Documents and Settings\Kathleen at Work\Application Data\Netscape\NSB\Profiles\cn0sc2yq.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.374:C:\Documents and Settings\Kathleen at Work\Application Data\Netscape\NSB\Profiles\cn0sc2yq.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup
:mozilla.375:C:\Documents and Settings\Kathleen at Work\Application Data\Netscape\NSB\Profiles\cn0sc2yq.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup
:mozilla.376:C:\Documents and Settings\Kathleen at Work\Application Data\Netscape\NSB\Profiles\cn0sc2yq.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup
:mozilla.396:C:\Documents and Settings\Kathleen at Work\Application Data\Netscape\NSB\Profiles\cn0sc2yq.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.397:C:\Documents and Settings\Kathleen at Work\Application Data\Netscape\NSB\Profiles\cn0sc2yq.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.403:C:\Documents and Settings\Kathleen at Work\Application Data\Netscape\NSB\Profiles\cn0sc2yq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.404:C:\Documents and Settings\Kathleen at Work\Application Data\Netscape\NSB\Profiles\cn0sc2yq.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.405:C:\Documents and Settings\Kathleen at Work\Application Data\Netscape\NSB\Profiles\cn0sc2yq.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.406:C:\Documents and Settings\Kathleen at Work\Application Data\Netscape\NSB\Profiles\cn0sc2yq.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.407:C:\Documents and Settings\Kathleen at Work\Application Data\Netscape\NSB\Profiles\cn0sc2yq.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.408:C:\Documents and Settings\Kathleen at Work\Application Data\Netscape\NSB\Profiles\cn0sc2yq.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.419:C:\Documents and Settings\Kathleen at Work\Application Data\Netscape\NSB\Profiles\cn0sc2yq.default\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup
:mozilla.420:C:\Documents and Settings\Kathleen at Work\Application Data\Netscape\NSB\Profiles\cn0sc2yq.default\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup
:mozilla.423:C:\Documents and Settings\Kathleen at Work\Application Data\Netscape\NSB\Profiles\cn0sc2yq.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup
:mozilla.424:C:\Documents and Settings\Kathleen at Work\Application Data\Netscape\NSB\Profiles\cn0sc2yq.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup
:mozilla.426:C:\Documents and Settings\Kathleen at Work\Application Data\Netscape\NSB\Profiles\cn0sc2yq.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned with backup
:mozilla.427:C:\Documents and Settings\Kathleen at Work\Application Data\Netscape\NSB\Profiles\cn0sc2yq.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned with backup
:mozilla.428:C:\Documents and Settings\Kathleen at Work\Application Data\Netscape\NSB\Profiles\cn0sc2yq.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned with backup
:mozilla.429:C:\Documents and Settings\Kathleen at Work\Application Data\Netscape\NSB\Profiles\cn0sc2yq.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned with backup
:mozilla.431:C:\Documents and Settings\Kathleen at Work\Application Data\Netscape\NSB\Profiles\cn0sc2yq.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.432:C:\Documents and Settings\Kathleen at Work\Application Data\Netscape\NSB\Profiles\cn0sc2yq.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.433:C:\Documents and Settings\Kathleen at Work\Application Data\Netscape\NSB\Profiles\cn0sc2yq.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.447:C:\Documents and Settings\Kathleen at Work\Application Data\Netscape\NSB\Profiles\cn0sc2yq.default\cookies.txt -> TrackingCookie.Estat : Cleaned with backup
:mozilla.460:C:\Documents and Settings\Kathleen at Work\Application Data\Netscape\NSB\Profiles\cn0sc2yq.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.461:C:\Documents and Settings\Kathleen at Work\Application Data\Netscape\NSB\Profiles\cn0sc2yq.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.462:C:\Documents and Settings\Kathleen at Work\Application Data\Netscape\NSB\Profiles\cn0sc2yq.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.463:C:\Documents and Settings\Kathleen at Work\Application Data\Netscape\NSB\Profiles\cn0sc2yq.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.474:C:\Documents and Settings\Kathleen at Work\Application Data\Netscape\NSB\Profiles\cn0sc2yq.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.485:C:\Documents and Settings\Kathleen at Work\Application Data\Netscape\NSB\Profiles\cn0sc2yq.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.486:C:\Documents and Settings\Kathleen at Work\Application Data\Netscape\NSB\Profiles\cn0sc2yq.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.487:C:\Documents and Settings\Kathleen at Work\Application Data\Netscape\NSB\Profiles\cn0sc2yq.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.488:C:\Documents and Settings\Kathleen at Work\Application Data\Netscape\NSB\Profiles\cn0sc2yq.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.489:C:\Documents and Settings\Kathleen at Work\Application Data\Netscape\NSB\Profiles\cn0sc2yq.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.494:C:\Documents and Settings\Kathleen at Work\Application Data\Netscape\NSB\Profiles\cn0sc2yq.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.495:C:\Documents and Settings\Kathleen at Work\Application Data\Netscape\NSB\Profiles\cn0sc2yq.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.496:C:\Documents and Settings\Kathleen at Work\Application Data\Netscape\NSB\Profiles\cn0sc2yq.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.497:C:\Documents and Settings\Kathleen at Work\Application Data\Netscape\NSB\Profiles\cn0sc2yq.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.498:C:\Documents and Settings\Kathleen at Work\Application Data\Netscape\NSB\Profiles\cn0sc2yq.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.499:C:\Documents and Settings\Kathleen at Work\Application Data\Netscape\NSB\Profiles\cn0sc2yq.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup
:mozilla.500:C:\Documents and Settings\Kathleen at Work\Application Data\Netscape\NSB\Profiles\cn0sc2yq.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup
:mozilla.501:C:\Documents and Settings\Kathleen at Work\Application Data\Netscape\NSB\Profiles\cn0sc2yq.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup
:mozilla.505:C:\Documents and Settings\Kathleen at Work\Application Data\Netscape\NSB\Profiles\cn0sc2yq.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.518:C:\Documents and Settings\Kathleen at Work\Application Data\Netscape\NSB\Profiles\cn0sc2yq.default\cookies.txt -> TrackingCookie.Coremetrics : Cleaned with backup
:mozilla.525:C:\Documents and Settings\Kathleen at Work\Application Data\Netscape\NSB\Profiles\cn0sc2yq.default\cookies.txt -> TrackingCookie.Coremetrics : Cleaned with backup
:mozilla.530:C:\Documents and Settings\Kathleen at Work\Application Data\Netscape\NSB\Profiles\cn0sc2yq.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup
:mozilla.531:C:\Documents and Settings\Kathleen at Work\Application Data\Netscape\NSB\Profiles\cn0sc2yq.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup
:mozilla.534:C:\Documents and Settings\Kathleen at Work\Application Data\Netscape\NSB\Profiles\cn0sc2yq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.553:C:\Documents and Settings\Kathleen at Work\Application Data\Netscape\NSB\Profiles\cn0sc2yq.default\cookies.txt -> TrackingCookie.Commission-junction : Cleaned with backup
:mozilla.554:C:\Documents and Settings\Kathleen at Work\Application Data\Netscape\NSB\Profiles\cn0sc2yq.default\cookies.txt -> TrackingCookie.Commission-junction : Cleaned with backup
:mozilla.583:C:\Documents and Settings\Kathleen at Work\Application Data\Netscape\NSB\Profiles\cn0sc2yq.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.594:C:\Documents and Settings\Kathleen at Work\Application Data\Netscape\NSB\Profiles\cn0sc2yq.default\cookies.txt -> TrackingCookie.Centrport : Cleaned with backup
:mozilla.595:C:\Documents and Settings\Kathleen at Work\Application Data\Netscape\NSB\Profiles\cn0sc2yq.default\cookies.txt -> TrackingCookie.Centrport : Cleaned with backup
:mozilla.599:C:\Documents and Settings\Kathleen at Work\Application Data\Netscape\NSB\Profiles\cn0sc2yq.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.600:C:\Documents and Settings\Kathleen at Work\Application Data\Netscape\NSB\Profiles\cn0sc2yq.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.608:C:\Documents and Settings\Kathleen at Work\Application Data\Netscape\NSB\Profiles\cn0sc2yq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.614:C:\Documents and Settings\Kathleen at Work\Application Data\Netscape\NSB\Profiles\cn0sc2yq.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned with backup
:mozilla.621:C:\Documents and Settings\Kathleen at Work\Application Data\Netscape\NSB\Profiles\cn0sc2yq.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned with backup
:mozilla.622:C:\Documents and Settings\Kathleen at Work\Application Data\Netscape\NSB\Profiles\cn0sc2yq.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned with backup
:mozilla.623:C:\Documents and Settings\Kathleen at Work\Application Data\Netscape\NSB\Profiles\cn0sc2yq.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned with backup
:mozilla.624:C:\Documents and Settings\Kathleen at Work\Application Data\Netscape\NSB\Profiles\cn0sc2yq.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned with backup
:mozilla.648:C:\Documents and Settings\Kathleen at Work\Application Data\Netscape\NSB\Profiles\cn0sc2yq.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.649:C:\Documents and Settings\Kathleen at Work\Application Data\Netscape\NSB\Profiles\cn0sc2yq.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.650:C:\Documents and Settings\Kathleen at Work\Application Data\Netscape\NSB\Profiles\cn0sc2yq.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.665:C:\Documents and Settings\Kathleen at Work\Application Data\Netscape\NSB\Profiles\cn0sc2yq.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.668:C:\Documents and Settings\Kathleen at Work\Application Data\Netscape\NSB\Profiles\cn0sc2yq.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned with backup
:mozilla.669:C:\Documents and Settings\Kathleen at Work\Application Data\Netscape\NSB\Profiles\cn0sc2yq.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.671:C:\Documents and Settings\Kathleen at Work\Application Data\Netscape\NSB\Profiles\cn0sc2yq.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.672:C:\Documents and Settings\Kathleen at Work\Application Data\Netscape\NSB\Profiles\cn0sc2yq.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup
:mozilla.673:C:\Documents and Settings\Kathleen at Work\Application Data\Netscape\NSB\Profiles\cn0sc2yq.default\cookies.txt -> TrackingCookie.Pro-market : Cleaned with backup
:mozilla.674:C:\Documents and Settings\Kathleen at Work\Application Data\Netscape\NSB\Profiles\cn0sc2yq.default\cookies.txt -> TrackingCookie.Pro-market : Cleaned with backup
:mozilla.675:C:\Documents and Settings\Kathleen at Work\Application Data\Netscape\NSB\Profiles\cn0sc2yq.default\cookies.txt -> TrackingCookie.Pro-market : Cleaned with backup
:mozilla.682:C:\Documents and Settings\Kathleen at Work\Application Data\Netscape\NSB\Profiles\cn0sc2yq.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.683:C:\Documents and Settings\Kathleen at Work\Application Data\Netscape\NSB\Profiles\cn0sc2yq.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.696:C:\Documents and Settings\Kathleen at Work\Application Data\Netscape\NSB\Profiles\cn0sc2yq.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.698:C:\Documents and Settings\Kathleen at Work\Application Data\Netscape\NSB\Profiles\cn0sc2yq.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.712:C:\Documents and Settings\Kathleen at Work\Application Data\Netscape\NSB\Profiles\cn0sc2yq.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.736:C:\Documents and Settings\Kathleen at Work\Application Data\Netscape\NSB\Profiles\cn0sc2yq.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.737:C:\Documents and Settings\Kathleen at Work\Application Data\Netscape\NSB\Profiles\cn0sc2yq.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.750:C:\Documents and Settings\Kathleen at Work\Application Data\Netscape\NSB\Profiles\cn0sc2yq.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned with backup
:mozilla.763:C:\Documents and Settings\Kathleen at Work\Application Data\Netscape\NSB\Profiles\cn0sc2yq.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.764:C:\Documents and Settings\Kathleen at Work\Application Data\Netscape\NSB\Profiles\cn0sc2yq.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.765:C:\Documents and Settings\Kathleen at Work\Application Data\Netscape\NSB\Profiles\cn0sc2yq.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.766:C:\Documents and Settings\Kathleen at Work\Application Data\Netscape\NSB\Profiles\cn0sc2yq.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.778:C:\Documents and Settings\Kathleen at Work\Application Data\Netscape\NSB\Profiles\cn0sc2yq.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.788:C:\Documents and Settings\Kathleen at Work\Application Data\Netscape\NSB\Profiles\cn0sc2yq.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.792:C:\Documents and Settings\Kathleen at Work\Application Data\Netscape\NSB\Profiles\cn0sc2yq.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.794:C:\Documents and Settings\Kathleen at Work\Application Data\Netscape\NSB\Profiles\cn0sc2yq.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.795:C:\Documents and Settings\Kathleen at Work\Application Data\Netscape\NSB\Profiles\cn0sc2yq.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.799:C:\Documents and Settings\Kathleen at Work\Application Data\Netscape\NSB\Profiles\cn0sc2yq.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.806:C:\Documents and Settings\Kathleen at Work\Application Data\Netscape\NSB\Profiles\cn0sc2yq.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.808:C:\Documents and Settings\Kathleen at Work\Application Data\Netscape\NSB\Profiles\cn0sc2yq.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.809:C:\Documents and Settings\Kathleen at Work\Application Data\Netscape\NSB\Profiles\cn0sc2yq.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.810:C:\Documents and Settings\Kathleen at Work\Application Data\Netscape\NSB\Profiles\cn0sc2yq.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.811:C:\Documents and Settings\Kathleen at Work\Application Data\Netscape\NSB\Profiles\cn0sc2yq.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.812:C:\Documents and Settings\Kathleen at Work\Application Data\Netscape\NSB\Profiles\cn0sc2yq.default\cookies.txt -> TrackingCookie.Realtracker : Cleaned with backup
:mozilla.814:C:\Documents and Settings\Kathleen at Work\Application Data\Netscape\NSB\Profiles\cn0sc2yq.default\cookies.txt -> TrackingCookie.Realtracker : Cleaned with backup
:mozilla.816:C:\Documents and Settings\Kathleen at Work\Application Data\Netscape\NSB\Profiles\cn0sc2yq.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.817:C:\Documents and Settings\Kathleen at Work\Application Data\Netscape\NSB\Profiles\cn0sc2yq.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.818:C:\Documents and Settings\Kathleen at Work\Application Data\Netscape\NSB\Profiles\cn0sc2yq.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.819:C:\Documents and Settings\Kathleen at Work\Application Data\Netscape\NSB\Profiles\cn0sc2yq.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.848:C:\Documents and Settings\Kathleen at Work\Application Data\Netscape\NSB\Profiles\cn0sc2yq.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.849:C:\Documents and Settings\Kathleen at Work\Application Data\Netscape\NSB\Profiles\cn0sc2yq.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.851:C:\Documents and Settings\Kathleen at Work\Application Data\Netscape\NSB\Profiles\cn0sc2yq.default\cookies.txt -> TrackingCookie.Clickbank : Cleaned with backup
:mozilla.861:C:\Documents and Settings\Kathleen at Work\Application Data\Netscape\NSB\Profiles\cn0sc2yq.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.882:C:\Documents and Settings\Kathleen at Work\Application Data\Netscape\NSB\Profiles\cn0sc2yq.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.892:C:\Documents and Settings\Kathleen at Work\Application Data\Netscape\NSB\Profiles\cn0sc2yq.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.893:C:\Documents and Settings\Kathleen at Work\Application Data\Netscape\NSB\Profiles\cn0sc2yq.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.921:C:\Documents and Settings\Kathleen at Work\Application Data\Netscape\NSB\Profiles\cn0sc2yq.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.929:C:\Documents and Settings\Kathleen at Work\Application Data\Netscape\NSB\Profiles\cn0sc2yq.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.946:C:\Documents and Settings\Kathleen at Work\Application Data\Netscape\NSB\Profiles\cn0sc2yq.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.947:C:\Documents and Settings\Kathleen at Work\Application Data\Netscape\NSB\Profiles\cn0sc2yq.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.948:C:\Documents and Settings\Kathleen at Work\Application Data\Netscape\NSB\Profiles\cn0sc2yq.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.949:C:\Documents and Settings\Kathleen at Work\Application Data\Netscape\NSB\Profiles\cn0sc2yq.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.970:C:\Documents and Settings\Kathleen at Work\Application Data\Netscape\NSB\Profiles\cn0sc2yq.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.10:C:\Documents and Settings\Kathleen at Work\Application Data\Netscape\NSB\Profiles\f2lim1vd\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.11:C:\Documents and Settings\Kathleen at Work\Application Data\Netscape\NSB\Profiles\f2lim1vd\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.12:C:\Documents and Settings\Kathleen at Work\Application Data\Netscape\NSB\Profiles\f2lim1vd\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.13:C:\Documents and Settings\Kathleen at Work\Application Data\Netscape\NSB\Profiles\f2lim1vd\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.15:C:\Documents and Settings\Kathleen at Work\Application Data\Netscape\NSB\Profiles\f2lim1vd\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.16:C:\Documents and Settings\Kathleen at Work\Application Data\Netscape\NSB\Profiles\f2lim1vd\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.17:C:\Documents and Settings\Kathleen at Work\Application Data\Netscape\NSB\Profiles\f2lim1vd\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.18:C:\Documents and Settings\Kathleen at Work\Application Data\Netscape\NSB\Profiles\f2lim1vd\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.19:C:\Documents and Settings\Kathleen at Work\Application Data\Netscape\NSB\Profiles\f2lim1vd\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.20:C:\Documents and Settings\Kathleen at Work\Application Data\Netscape\NSB\Profiles\f2lim1vd\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.21:C:\Documents and Settings\Kathleen at Work\Application Data\Netscape\NSB\Profiles\f2lim1vd\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.22:C:\Documents and Settings\Kathleen at Work\Application Data\Netscape\NSB\Profiles\f2lim1vd\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.23:C:\Documents and Settings\Kathleen at Work\Application Data\Netscape\NSB\Profiles\f2lim1vd\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.24:C:\Documents and Settings\Kathleen at Work\Application Data\Netscape\NSB\Profiles\f2lim1vd\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup


::Report End


Hijackthis in next post since it was too long to go in here.

Thanks for helping me.
ksmile is offline  
Sponsored Links
Advertisement
 
Old 04-24-2006, 06:03 PM   #4
Guest
 
Join Date: Apr 2006
Posts: 13
OS:


Hijackthis from the usual (non-administrator) profile I work in.

Logfile of HijackThis v1.99.1
Scan saved at 7:32:48 PM, on 4/24/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Aventail\Connect\as32svc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\WINDOWS\system32\NWTRAY.EXE
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.cmt.com/artists/az/yoakam...ge_board.jhtml
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.dell4me.com/myway
N4 - Mozilla: user_pref("browser.startup.homepage", "https://myhome.prodigy.net/"); (C:\Documents and Settings\Kathleen at Work\Application Data\Mozilla\Profiles\default\59o5c61c.slt\prefs.js)
N4 - Mozilla: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_02.src"); (C:\Documents and Settings\Kathleen at Work\Application Data\Mozilla\Profiles\default\59o5c61c.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\aventail\connect\asdns.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - https://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - https://download.mcafee.com/molbin/sh...9/mcinsctl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - https://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - https://photo.walmart.com/photo/uploa...loadClient.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - https://download.mcafee.com/molbin/sh...26/mcgdmgr.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Aventail Connect (As32Svc) - Aventail Corporation - C:\Program Files\Aventail\Connect\as32svc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
ksmile is offline  
Old 04-24-2006, 07:15 PM   #5
TSF Team, Emeritus
 
Vikesrock8411's Avatar
 
Join Date: Jun 2005
Posts: 3,100
OS: Windows XP


HijackThis!
Open Hijack This and click on Scan. Check the following entries (make sure you do not miss any)
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)


Please remember to close all other windows, including browsers then click Fix checked.

Please open IE and go to
Kaspersky WebScanner

Next Click on Kaspersky Online Scanner

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    • Extended
    • Scan Options:
    • Scan Archives
      Scan Mail Bases
  • Click OK
  • Now under select a target to scan:
    • Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

* Turn off the real time scanner of any existing antivirus program while performing the online scan

Post the Kaspersky log along with a new Hijackthis log. Also please let me know how the PC is performing now.
Vikesrock8411 is offline  
Old 04-25-2006, 05:52 AM   #6
Guest
 
Join Date: Apr 2006
Posts: 13
OS:


Thank you!

Computer is running horribly. I read posts and post on another computer after writing the scan reports to CD. Took me 1.5 hours just to update and start Kaspersky running. Pretty much still unable to get on internet without long wait to get on. Slow and crashy opening all non-internet windows, too.

Here are the logs:

-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Tuesday, April 25, 2006 7:32:22 AM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.78.0
Kaspersky Anti-Virus database last update: 25/04/2006
Kaspersky Anti-Virus database records: 189793
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
F:\

Scan Statistics:
Total number of scanned objects: 62496
Number of viruses found: 1
Number of infected objects: 2
Number of suspicious objects: 0
Duration of the scan process: 00:36:05

Infected Object Name / Virus Name / Last Action
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP409\A0036584.exe/data0004 Infected: not-a-virus:RiskTool.Win32.PsKill.n skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP409\A0036584.exe NSIS: infected - 1 skipped

Scan process completed.


Logfile of HijackThis v1.99.1
Scan saved at 7:35:51 AM, on 4/25/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Aventail\Connect\as32svc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\WINDOWS\system32\NWTRAY.EXE
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Netscape\Netscape\Netscp.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32Info.exe
C:\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.dell4me.com/myway
N3 - Netscape 7: user_pref("browser.startup.homepage", "https://pool.dylantree.com/"); (C:\Documents and Settings\Kathleen\Application Data\Mozilla\Profiles\default\acwqp5hs.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Kathleen\Application Data\Mozilla\Profiles\default\acwqp5hs.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE
O4 - HKLM\..\Run: [McRegWiz] c:\PROGRA~1\mcafee.com\agent\mcregwiz.exe /autorun
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\Netscape\Netscape\Netscp.exe" -turbo
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\aventail\connect\asdns.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.com/kos/english...an_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - https://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - https://download.mcafee.com/molbin/sh...9/mcinsctl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - https://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - https://photo.walmart.com/photo/uploa...loadClient.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - https://download.mcafee.com/molbin/sh...26/mcgdmgr.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Aventail Connect (As32Svc) - Aventail Corporation - C:\Program Files\Aventail\Connect\as32svc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
ksmile is offline  
Old 04-25-2006, 08:36 PM   #7
TSF Team, Emeritus
 
Vikesrock8411's Avatar
 
Join Date: Jun 2005
Posts: 3,100
OS: Windows XP


We'll do one last thorough check for maware before we begin to hunt down other causes.

Downloads(make sure to save these in a permanent location)
WinPFind-Unzip it to the desktop, but do not run it yet

StartDreck- Unzip to its own folder.

Blacklight- save it to your desktop.

Double click Startdrek to Start the program:
Press Config
Press Mark All

UN-Check the following boxes:
System/Running Process -> List Modules
System/Drivers -> NT Services
System/Drivers -> NT Kernel- and FS-drivers


Press Ok

Press Save and select the location to save the log file (default is the same folder as the application)

Post the log in this thread.

Double-click blbeta.exe then accept the agreement, leave [X]scan through Windows Explorer checked, click > scan then > next

You'll see a list of all items found. There will also be a log on your desktop with the name fsbl.xxxxxxx.log (the xxxxxxx stand for numbers).

Copy and paste this log in your next reply. Don't choose the rename option yet! I want to see the log first, because legitimate items can also be present there, such as "wbemtest.exe"

Next, please reboot your computer in SafeMode by doing the following:
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
  • Instead of Windows loading as normal, a menu should appear
  • Select the first option, to run Windows in Safe Mode.

Double click WinPFind.exe

* Click 'Start Scan'
* It will scan the entire system, so please be patient!
* Once the scan is complete:
1. Go to the WinPFind folder
2. Locate WinPFind.txt
3. Copy those results in the next post!

Reboot back to Normal Mode!

Post the logs form Startdrek, Blacklight and WinPFind in your next post.
Vikesrock8411 is offline  
Old 04-26-2006, 05:47 AM   #8
Guest
 
Join Date: Apr 2006
Posts: 13
OS:


log files in two posts due to size:


WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

™™™™™™™™™™™™™™™™™ Windows OS and Versions ™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™
Product Name: Microsoft Windows XP Current Build: Service Pack 2 Current Build Number: 2600
Internet Explorer Version: 6.0.2900.2180

™™™™™™™™™™™™™™™™™ Checking Selected Standard Folders ™™™™™™™™™™™™™™™™™™™™

Checking %SystemDrive% folder...

Checking %ProgramFilesDir% folder...

Checking %WinDir% folder...

Checking %System% folder...
PEC2 8/29/2002 6:00:00 AM 41397 C:\WINDOWS\SYSTEM32\DFRG.MSC
PTech 8/3/2005 10:33:42 AM 520456 C:\WINDOWS\SYSTEM32\LegitCheckControl.DLL
PECompact2 4/6/2006 2:48:38 PM 5143456 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 4/6/2006 2:48:38 PM 5143456 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 8/4/2004 2:56:36 AM 708096 C:\WINDOWS\SYSTEM32\ntdll.dll
Umonitor 8/4/2004 2:56:44 AM 657920 C:\WINDOWS\SYSTEM32\rasdlg.dll
winsync 8/29/2002 6:00:00 AM 1309184 C:\WINDOWS\SYSTEM32\WBDBASE.DEU

Checking %System%\Drivers folder and sub-folders...
PTech 8/4/2004 12:41:38 AM 1309184 C:\WINDOWS\SYSTEM32\drivers\mtlstrm.sys

Items found in C:\WINDOWS\SYSTEM32\drivers\ETC\HOSTS


Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
4/26/2006 6:16:38 AM S 2048 C:\WINDOWS\BOOTSTAT.DAT
4/22/2006 10:18:16 AM H 54156 C:\WINDOWS\QTFont.qfn
4/26/2006 6:11:00 AM H 149979 C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\fa4f65ff7c7106a46457f558c01dcc94\BIT5.tmp
3/22/2006 6:17:30 PM S 14054 C:\WINDOWS\SYSTEM32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB908531.cat
3/23/2006 1:15:38 AM S 10925 C:\WINDOWS\SYSTEM32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB911562.cat
3/17/2006 4:24:26 AM S 12455 C:\WINDOWS\SYSTEM32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB911567.cat
3/30/2006 5:03:56 AM S 22339 C:\WINDOWS\SYSTEM32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB912812.cat
4/26/2006 6:16:28 AM H 8192 C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG
4/26/2006 6:17:52 AM H 1024 C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG
4/26/2006 6:16:40 AM H 16384 C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG
4/26/2006 6:17:56 AM H 69632 C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG
4/26/2006 6:16:38 AM H 1024000 C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG
4/15/2006 5:10:04 PM H 1024 C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\NTUSER.DAT.LOG
3/11/2006 8:14:06 AM HS 388 C:\WINDOWS\SYSTEM32\Microsoft\Protect\S-1-5-18\User\ee03efdf-727f-4f5a-897c-31119411e931
3/11/2006 8:14:06 AM HS 24 C:\WINDOWS\SYSTEM32\Microsoft\Protect\S-1-5-18\User\Preferred
4/26/2006 6:11:02 AM H 6 C:\WINDOWS\Tasks\SA.DAT
4/25/2006 5:11:44 AM HS 67 C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\67M765GH\desktop.ini
4/25/2006 5:11:44 AM HS 67 C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\CPYJEV8R\desktop.ini
4/25/2006 5:11:44 AM HS 67 C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\M1K5W3WP\desktop.ini
4/25/2006 5:11:44 AM HS 67 C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\Y8GJ3BIL\desktop.ini

Checking for CPL files...
Microsoft Corporation 8/4/2004 2:56:58 AM 68608 C:\WINDOWS\SYSTEM32\access.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 549888 C:\WINDOWS\SYSTEM32\appwiz.cpl
Broadcom Corporation 5/8/2003 8:25:18 PM 815104 C:\WINDOWS\SYSTEM32\B57exp.cpl
Broadcom Corporation 6/3/2003 11:38:44 AM 94208 C:\WINDOWS\SYSTEM32\BCMSM.CPL
5/11/2001 1:00:00 AM 183808 C:\WINDOWS\SYSTEM32\BDEADMIN.CPL
Microsoft Corporation 8/4/2004 2:56:58 AM 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl
Creative Technology Ltd. 3/30/2001 3:00:00 AM 230912 C:\WINDOWS\SYSTEM32\CTDetect.cpl
Creative Technology Ltd. 2/21/2002 2:00:00 AM 212992 C:\WINDOWS\SYSTEM32\CTDevCtrl.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 135168 C:\WINDOWS\SYSTEM32\desk.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 80384 C:\WINDOWS\SYSTEM32\firewall.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 155136 C:\WINDOWS\SYSTEM32\hdwwiz.cpl
Intel Corporation 10/19/2005 8:59:12 AM 94208 C:\WINDOWS\SYSTEM32\igfxcpl.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 358400 C:\WINDOWS\SYSTEM32\inetcpl.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 129536 C:\WINDOWS\SYSTEM32\intl.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 380416 C:\WINDOWS\SYSTEM32\irprops.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 68608 C:\WINDOWS\SYSTEM32\joy.cpl
Sun Microsystems 2/20/2003 5:42:34 PM 229487 C:\WINDOWS\SYSTEM32\jpicpl32.cpl
Microsoft Corporation 8/29/2002 6:00:00 AM 187904 C:\WINDOWS\SYSTEM32\MAIN.CPL
Microsoft Corporation 8/4/2004 2:56:58 AM 618496 C:\WINDOWS\SYSTEM32\mmsys.cpl
Microsoft Corporation 8/29/2002 6:00:00 AM 35840 C:\WINDOWS\SYSTEM32\NCPA.CPL
Microsoft Corporation 8/4/2004 2:56:58 AM 25600 C:\WINDOWS\SYSTEM32\netsetup.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 257024 C:\WINDOWS\SYSTEM32\nusrmgr.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 32768 C:\WINDOWS\SYSTEM32\odbccp32.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 114688 C:\WINDOWS\SYSTEM32\powercfg.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 298496 C:\WINDOWS\SYSTEM32\sysdm.cpl
Microsoft Corporation 8/29/2002 6:00:00 AM 28160 C:\WINDOWS\SYSTEM32\TELEPHON.CPL
Microsoft Corporation 8/4/2004 2:56:58 AM 94208 C:\WINDOWS\SYSTEM32\timedate.cpl
Corel Corporation Limited 9/10/2000 10:40:32 PM 32768 C:\WINDOWS\SYSTEM32\verscpl.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 148480 C:\WINDOWS\SYSTEM32\wscui.cpl
Microsoft Corporation 5/26/2005 4:16:30 AM 174360 C:\WINDOWS\SYSTEM32\wuaucpl.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 68608 C:\WINDOWS\SYSTEM32\DLLCACHE\access.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 358400 C:\WINDOWS\SYSTEM32\DLLCACHE\inetcpl.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 155648 C:\WINDOWS\SYSTEM32\DLLCACHE\sapi.cpl
Microsoft Corporation 5/26/2005 4:16:30 AM 174360 C:\WINDOWS\SYSTEM32\DLLCACHE\wuaucpl.cpl
Intel Corporation 4/7/2003 1:14:30 AM 94208 C:\WINDOWS\SYSTEM32\ReinstallBackups\0005\DriverFiles\igfxcpl.cpl

™™™™™™™™™™™™™™™™™ Checking Selected Startup Folders ™™™™™™™™™™™™™™™™™™™™™

Checking files in %ALLUSERSPROFILE%\Startup folder...
10/16/2005 7:20:48 PM 1757 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
9/3/2002 10:00:00 AM HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DESKTOP.INI

Checking files in %ALLUSERSPROFILE%\Application Data folder...
9/3/2002 9:50:46 AM HS 62 C:\Documents and Settings\All Users\Application Data\DESKTOP.INI
2/26/2006 9:40:10 PM 1755 C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache

Checking files in %USERPROFILE%\Startup folder...
9/3/2002 10:00:00 AM HS 84 C:\Documents and Settings\Kathleen\Start Menu\Programs\Startup\DESKTOP.INI

Checking files in %USERPROFILE%\Application Data folder...
9/3/2002 9:50:46 AM HS 62 C:\Documents and Settings\Kathleen\Application Data\DESKTOP.INI
5/15/2004 10:22:44 PM 0 C:\Documents and Settings\Kathleen\Application Data\dm.ini
3/4/2004 4:58:52 PM 12358 C:\Documents and Settings\Kathleen\Application Data\PFP110JCM.{PB
3/4/2004 4:58:52 PM 61678 C:\Documents and Settings\Kathleen\Application Data\PFP110JPR.{PB

™™™™™™™™™™™™™™™™™ Checking Selected Registry Keys ™™™™™™™™™™™™™™™™™™™™™™™

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
SV1 =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\ewido
{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E} = C:\Program Files\ewido anti-malware\context.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\NetWareMenuItems
{e3bbbfc0-f61f-11cf-bb16-00c04fd371f4} = novnpnt.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\VersionsMenu
{03170921-4754-11cf-AB9A-00C0F00683EB} = C:\Program Files\Corel\shared\Versions\CVersion.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Start Menu Pin = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{B95057E0-44DB-11CE-A5D1-00608C83BD3F}
= shellwp.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{CFC7205E-2792-4378-9591-3879CC6C9022}
= c:\progra~1\mcafee.com\vso\mcvsshl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\NetWareMenuItems
{e3bbbfc0-f61f-11cf-bb16-00c04fd371f4} = novnpnt.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\NetWareServerMenu
{9b173360-732b-11ce-aa22-00805f9834b0} = novnpnt.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\VersionsMenu
{03170921-4754-11cf-AB9A-00C0F00683EB} = C:\Program Files\Corel\shared\Versions\CVersion.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\{CFC7205E-2792-4378-9591-3879CC6C9022}
= c:\progra~1\mcafee.com\vso\mcvsshl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ewido
{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E} = C:\Program Files\ewido anti-malware\context.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\QuickFinderMenu
{C0E10002-0028-0002-C0E1-C0E1C0E1C0E1} = C:\PROGRA~1\Corel\WORDPE~1\programs\pfse90.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{F9DB5320-233E-11D1-9F84-707F02C10627}
= C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
AcroIEHlprObj Class = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}
= C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Tip of the Day = %SystemRoot%\System32\shdocvw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
{BA52B914-B692-46c4-B683-905236F6F655} = McAfee VirusScan : c:\progra~1\mcafee.com\vso\mcvsshl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
MenuText = Sun Java Console : C:\WINDOWS\System32\msjava.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{92780B25-18CC-41C8-B9BE-3C9C571A8263}
ButtonText = Research :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}
ButtonText = Messenger : C:\Program Files\Messenger\msmsgs.exe

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}
=
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E64-B078-11D0-89E4-00C04FC9E26E}
Explorer Band = %SystemRoot%\System32\shdocvw.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\System32\browseui.dll
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
IgfxTray C:\WINDOWS\system32\igfxtray.exe
HotKeysCmds C:\WINDOWS\system32\hkcmd.exe
BCMSMMSG BCMSMMSG.exe
UpdReg C:\WINDOWS\UpdReg.EXE
mmtask c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
VSOCheckTask "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
MCAgentExe c:\PROGRA~1\mcafee.com\agent\mcagent.exe
MCUpdateExe C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
DwlClient C:\Program Files\Common Files\Dell\EUSW\Support.exe
VirusScan Online C:\Program Files\McAfee.com\VSO\mcvsshld.exe
UpdateManager "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
TkBellExe "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
OASClnt C:\Program Files\McAfee.com\VSO\oasclnt.exe
MPFExe C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
gcasServ "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
PCMService "C:\Program Files\Dell\Media Experience\PCMService.exe"
NWTRAY NWTRAY.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
IMAIL Installed = 1
MAPI Installed = 1
MSFS Installed = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
Sonic RecordNow!
MSMSGS "C:\Program Files\Messenger\msmsgs.exe" /background
Mozilla Quick Launch "C:\Program Files\Netscape\Netscape\Netscp.exe" -turbo
ctfmon.exe C:\WINDOWS\system32\ctfmon.exe

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer

NoDriveTypeAutoRun _
NoCDBurning 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} =
{0DF44EAA-FF21-4412-828E-260A8728E7F1} =


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
dontdisplaylastusername 0
legalnoticecaption
legalnoticetext
shutdownwithoutlogon 1
undockwithoutlogon 1


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun 145


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
PostBootReminder {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
CDBurn {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll
WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll
SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,
Shell = Explorer.exe
System =

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
= crypt32.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
= cryptnet.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
= cscdll.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui
= igfxsrvc.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
= sclgntfy.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
= WlNotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
= wlnotify.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
Debugger = ntsd -d

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLs


™™™™™™™™™™™™™™™™™™™™™™™™ Scan Complete ™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™
WinPFind v1.4.1 - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 4/26/2006 6:24:23 AM
ksmile is offline  
Old 04-26-2006, 06:03 AM   #9
Guest
 
Join Date: Apr 2006
Posts: 13
OS:


other log files:

StartDreck (build 2.1.7 public stable) - 2006-04-26 @ 06:01:07 (GMT -05:00)
Platform: Windows XP (Win NT 5.1.2600 Service Pack 2)
Internet Explorer: 6.0.2900.2180
Logged in as Kathleen at AISLING

™Registry
™Run Keys
™Current User
™Run
*Sonic RecordNow!=
*MSMSGS="C:\Program Files\Messenger\msmsgs.exe" /background
*Mozilla Quick Launch="C:\Program Files\Netscape\Netscape\Netscp.exe" -turbo
*ctfmon.exe=C:\WINDOWS\system32\ctfmon.exe
™RunOnce
™Default User
™Run
™RunOnce
™Local Machine
™Run
*IgfxTray=C:\WINDOWS\system32\igfxtray.exe
*HotKeysCmds=C:\WINDOWS\system32\hkcmd.exe
*BCMSMMSG=BCMSMMSG.exe
*UpdReg=C:\WINDOWS\UpdReg.EXE
*mmtask=c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
*VSOCheckTask="C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
*MCAgentExe=c:\PROGRA~1\mcafee.com\agent\mcagent.exe
*MCUpdateExe=C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
*DwlClient=C:\Program Files\Common Files\Dell\EUSW\Support.exe
*VirusScan Online=C:\Program Files\McAfee.com\VSO\mcvsshld.exe
*UpdateManager="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
*TkBellExe="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
*OASClnt=C:\Program Files\McAfee.com\VSO\oasclnt.exe
*MPFExe=C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
*gcasServ="C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
*PCMService="C:\Program Files\Dell\Media Experience\PCMService.exe"
*NWTRAY=NWTRAY.EXE
+OptionalComponents
+MSFS
*Installed=1
+MAPI
*Installed=1
*NoChange=1
+MAPI
*Installed=1
*NoChange=1
+MAPI
*Installed=1
*NoChange=1
™RunOnce
™RunServices
™RunServicesOnce
™RunOnceEx
™RunServicesOnceEx
™File Associations (CR)
+.bat
*batfile="%1" %*
+.com
*comfile="%1" %*
+.disabled
*SpybotSD.DisabledFile="C:\Program Files\Spybot - Search & Destroy\blindman.exe" "%1"
+.exe
*exefile="%1" %*
+.hta
*htafile=C:\WINDOWS\System32\mshta.exe "%1" %*
+.htm
*NetscapeHTML=C:\PROGRA~1\NETSCAPE\NETSCA~1\NETSCAPE.EXE -url "%1"
+.html
*NetscapeHTML=C:\PROGRA~1\NETSCAPE\NETSCA~1\NETSCAPE.EXE -url "%1"
+.js
*JSFile=%SystemRoot%\System32\WScript.exe "%1" %*
+.jse
*JSEFile=%SystemRoot%\System32\WScript.exe "%1" %*
+.pif
*piffile="%1" %*
+.reg
*regfile=regedit.exe "%1"
+.scr
*scrfile="%1" /S
+.txt
*txtfile=%SystemRoot%\system32\NOTEPAD.EXE %1
+.vbs
*VBSFile=%SystemRoot%\System32\WScript.exe "%1" %*
+.vbe
*VBEFile=%SystemRoot%\System32\WScript.exe "%1" %*
+.wsh
*WSHFile=%SystemRoot%\System32\WScript.exe "%1" %*
+.wsf
*WSFFile=%SystemRoot%\System32\WScript.exe "%1" %*
+.lnk
`lnkfile= [key or value does not exist]
™Active Setup (LM)
+Internet Explorer/>{26923b43-4d38-484f-9b9e-de460746276c}
*StubPath=%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
+Browser Customizations/>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS
*StubPath=RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
+Outlook Express/>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}
*StubPath=%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
+Themes Setup/{2C7339CF-2B09-4501-B3F3-F3508C9228ED}
*StubPath=%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
+Microsoft Outlook Express 6/{44BBA840-CC51-11CF-AAFA-00AA00B6015C}
*StubPath="%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
+NetMeeting 3.01/{44BBA842-CC51-11CF-AAFA-00AA00B6015B}
*StubPath=rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
+Internet Explorer/{4b218e3e-bc98-4770-93d3-2731b9329278}
*StubPath=%SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896 %systemroot%\inf\ie.inf
+Windows Messenger 4.7/{5945c046-1e7d-11d1-bc44-00c04fd912be}
*StubPath=rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
+Microsoft Windows Media Player/{6BF52A52-394A-11d3-B153-00C04F79FAA6}
*StubPath=rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub
+Windows Desktop Update/{89820200-ECBD-11cf-8B85-00AA005B4340}
*StubPath=regsvr32.exe /s /n /i:U shell32.dll
+Internet Explorer 6/{89820200-ECBD-11cf-8B85-00AA005B4383}
*StubPath=%SystemRoot%\system32\ie4uinit.exe
+Fax/{8b15971b-5355-4c82-8c07-7e181ea07608}
*StubPath=rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
™Browser Helper Objects (LM)
*AcroIEHelper.AcroIEHlprObj.1/{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
`InprocServer32=C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
*{53707962-6F74-2D53-2644-206D7942484F}
`InprocServer32=C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
™Internet Explorer
™Current User
*Default_Page_URL=https://www.dell4me.com/myway
*Local Page=C:\WINDOWS\system32\blank.htm
*Search Page=https://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
*Start Page=https://www.dell4me.com/myway
+SearchUrl
*provider=
™Default User
*Default_Page_URL=https://www.dell4me.com/myway
*First Home Page=https://www.dell4me.com/myway
*Start Page=https://www.dell4me.com/myway
™Local Machine
*Default_Page_URL=https://www.dell4me.com/myway
*Default_Search_URL=https://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
*Local Page=%SystemRoot%\system32\blank.htm
*Search Page=https://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
*Start Page=https://www.dell4me.com/myway
*CustomizeSearch=https://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
*SearchAssistant=https://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
™ShellServiceObjectDelayLoad (LM)
*PostBootReminder={7849596a-48ea-486e-8937-a2a3009f31a9}
`InprocServer32=%SystemRoot%\system32\SHELL32.dll
*CDBurn={fbeb8a05-beee-4442-804e-409d6c4515e9}
`InprocServer32=%SystemRoot%\system32\SHELL32.dll
*WebCheck={E6FB5E20-DE35-11CF-9C87-00AA005127ED}
`InprocServer32=%SystemRoot%\System32\webcheck.dll
*SysTray={35CEC8A3-2BE6-11D2-8773-92E220524153}
`InprocServer32=C:\WINDOWS\System32\stobject.dll
™Special NT Values
™Current User
*Load=
*Run=
*Programs=com exe bat pif cmd
*SHELL=
™Default User
*Load=
*Run=
*Programs=com exe bat pif cmd
*SHELL=
™Local Machine
*AppInit_DLLs=
*SHELL=Explorer.exe
*Userinit=C:\WINDOWS\system32\userinit.exe,
™Files
™Autostart Folders
™Current User
*C:\Documents and Settings\Kathleen\Start Menu\Programs\Startup\DESKTOP.INI
™Default User
™Local Machine
*C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
*C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DESKTOP.INI
™INI-Files
™WIN.INI\[windows]
*LOAD=
*RUN=
™SYSTEM.INI\[boot]
*SHELL=Explorer.exe
™Text Files
*C:\boot.ini
`[boot loader]
`timeout=30
`default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
`[operating systems]
`multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
*C:\msdos.sys
*C:\config.sys
*C:\WINDOWS\system32\config.nt
`dos=high, umb
`device=%SystemRoot%\system32\himem.sys
`files=40
*C:\autoexec.bat
*C:\WINDOWS\system32\autoexec.nt
`@echo off
`lh %SystemRoot%\system32\mscdexnt.exe
`lh %SystemRoot%\system32\redir
`lh %SystemRoot%\system32\dosx
`SET BLASTER=A220 I5 D1 P330 T3
`%SystemRoot%\system32\vipx.exe
`%SystemRoot%\system32\vlmsup.exe
*C:\WINDOWS\wininit.ini
`[Rename]
`NUL=
`NUL=
`NUL=
`NUL=
`NUL=
`NUL=
`NUL=
`NUL=
`NUL=
`NUL=
`NUL=
`NUL=
`NUL=
`NUL=
`NUL=
`NUL=
`NUL=
`NUL=
`NUL=
`NUL=
`NUL=
*C:\WINDOWS\system32\drivers\etc\hosts
`127.0.0.1 localhost
™Program Files
*C:\ntldr
*C:\ntdetect.com
*C:\io.sys
*C:\WINDOWS\system32\win.com
*C:\WINDOWS\explorer.exe
™%PATH% Companion Files
+C:\WINDOWS\system32\notepad.exe
*C:\WINDOWS\notepad.exe
+C:\WINDOWS\system32\slrundll.exe
*C:\WINDOWS\slrundll.exe
+C:\WINDOWS\system32\TASKMAN.EXE
*C:\WINDOWS\TASKMAN.EXE
+C:\WINDOWS\system32\WINHLP32.EXE
*C:\WINDOWS\winhlp32.exe
™System/Drivers
™VMM32Files (LM)
™%System%\VMM32
™%System%\IOSUBSYS
™Application specific
™MS Office 97/8.0 STARTUP-PATH
™Current User
™Default User
™Local Machine
™ICQ NetDetect
™Current User
™Default User


04/26/06 06:02:35 [Info]: BlackLight Engine 1.0.36 initialized
04/26/06 06:02:35 [Info]: OS: 5.1 build 2600 (Service Pack 2)
04/26/06 06:02:35 [Note]: 7019 4
04/26/06 06:02:35 [Note]: 7005 0
04/26/06 06:03:11 [Note]: 7006 0
04/26/06 06:03:11 [Note]: 7011 244
04/26/06 06:03:12 [Note]: 7026 0
04/26/06 06:03:12 [Note]: 7026 0
04/26/06 06:03:22 [Note]: FSRAW library version 1.7.1015
04/26/06 06:09:42 [Note]: 7007 0

Some other information:

My computer overall seems to be running better except for the internet which takes 2-5 minutes to load pages if it can load them at all. Explorer crashs regularly. Something keeps trying to update when I log on (dell alerts? windows update?), but I am too scared to install what has actually made it through. I turned off all the automatic updates I can find. Is there a way to tell what is downloading--my icon in my system tray doesn't seem to let me look.

Before I posted the first time, I did plug and replug all computer cords. I changed out router wires, etc. My boyfriend's Mac on the same internet connection is running great and fast, so I don't think it's the ISP.

It will be interesting if it's a hardware problem, which is what I actually first suspected. Do you have a feel for how malicious any of the malicious things that had me were?

Thank you again for your help.
ksmile is offline  
Old 04-26-2006, 11:53 AM   #10
TSF Team, Emeritus
 
Vikesrock8411's Avatar
 
Join Date: Jun 2005
Posts: 3,100
OS: Windows XP


It's not necesarily a hardware problem, but it is almost definitely not a malware problem. The entries I have had you remove so far in this thread were all entries that pointed nowhere, none of them were actually malicious.

If you have an XP CD please do the following, otherwise move on to the next step:
Click Start>Run and type in sfc /scannow
This will check to make sure all protected Windows files are intact. If it finds any problems it may prompt you to insert your XP CD.

Make sure you do not need your computer for at least 12 hours before proceeding with this step. This scan may take that long and cannot be aborted. I reccomend you run it overnight. If this is not possible let me know and we will continue another way.

Click Start>Run and type in chkdsk /r
If it asks you to run chkdsk on restart please click yes, and restart your computer. This will check your hard drive for errors, and correct any minor errors it finds.

If the problem is still not solved you can try this:
Click Start>Run and type in eventvwr.msc

What we're looking for are the Errors from the System and Application viewers. You'll see something like this: Application Error...

Locate the ones with a big red X that say error. Double click to open it. Hit the Tablet (Says Copy to Clipboard if you hover mouse over it) and then CTRL+V to paste the info into the post.

Keep an eye on the dates of the errors, we don't need any that are older than about 1 week.
Vikesrock8411 is offline  
Old 04-26-2006, 06:54 PM   #11
Guest
 
Join Date: Apr 2006
Posts: 13
OS:


scans went slick, very fast, did not ask for my XP CD.

Hope these offer some light--it does seem like all my browsers hang right before the page is done loading. Sometimes I can then hit reload and the page pops up.

Event Type: Error
Event Source: Application Hang
Event Category: (101)
Event ID: 1002
Date: 4/22/2006
Time: 10:20:50 AM
User: N/A
Computer: AISLING
Description:
Hanging application mmjb.exe, version 8.10.1.6, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

For more information, see Help and Support Center at https://go.microsoft.com/fwlink/events.asp.
Data:
0000: 41 70 70 6c 69 63 61 74 Applicat
0008: 69 6f 6e 20 48 61 6e 67 ion Hang
0010: 20 20 6d 6d 6a 62 2e 65 mmjb.e
0018: 78 65 20 38 2e 31 30 2e xe 8.10.
0020: 31 2e 36 20 69 6e 20 68 1.6 in h
0028: 75 6e 67 61 70 70 20 30 ungapp 0
0030: 2e 30 2e 30 2e 30 20 61 .0.0.0 a
0038: 74 20 6f 66 66 73 65 74 t offset
0040: 20 30 30 30 30 30 30 30 0000000
0048: 30 0


Event Type: Error
Event Source: Application Hang
Event Category: None
Event ID: 1001
Date: 4/22/2006
Time: 10:20:58 AM
User: N/A
Computer: AISLING
Description:
Fault bucket 68807044.

For more information, see Help and Support Center at https://go.microsoft.com/fwlink/events.asp.
Data:
0000: 42 75 63 6b 65 74 3a 20 Bucket:
0008: 36 38 38 30 37 30 34 34 68807044
0010: 0d 0a ..


Event Type: Error
Event Source: Application Hang
Event Category: (101)
Event ID: 1002
Date: 4/22/2006
Time: 10:21:26 AM
User: N/A
Computer: AISLING
Description:
Hanging application mmjb.exe, version 8.10.1.6, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

For more information, see Help and Support Center at https://go.microsoft.com/fwlink/events.asp.
Data:
0000: 41 70 70 6c 69 63 61 74 Applicat
0008: 69 6f 6e 20 48 61 6e 67 ion Hang
0010: 20 20 6d 6d 6a 62 2e 65 mmjb.e
0018: 78 65 20 38 2e 31 30 2e xe 8.10.
0020: 31 2e 36 20 69 6e 20 68 1.6 in h
0028: 75 6e 67 61 70 70 20 30 ungapp 0
0030: 2e 30 2e 30 2e 30 20 61 .0.0.0 a
0038: 74 20 6f 66 66 73 65 74 t offset
0040: 20 30 30 30 30 30 30 30 0000000
0048: 30 0

Event Type: Error
Event Source: Application Hang
Event Category: (101)
Event ID: 1002
Date: 4/26/2006
Time: 5:53:35 AM
User: N/A
Computer: AISLING
Description:
Hanging application StartDreck.exe, version 2.1.0.7, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

For more information, see Help and Support Center at https://go.microsoft.com/fwlink/events.asp.
Data:
0000: 41 70 70 6c 69 63 61 74 Applicat
0008: 69 6f 6e 20 48 61 6e 67 ion Hang
0010: 20 20 53 74 61 72 74 44 StartD
0018: 72 65 63 6b 2e 65 78 65 reck.exe
0020: 20 32 2e 31 2e 30 2e 37 2.1.0.7
0028: 20 69 6e 20 68 75 6e 67 in hung
0030: 61 70 70 20 30 2e 30 2e app 0.0.
0038: 30 2e 30 20 61 74 20 6f 0.0 at o
0040: 66 66 73 65 74 20 30 30 ffset 00
0048: 30 30 30 30 30 30 000000

Event Type: Error
Event Source: Application Error
Event Category: None
Event ID: 1000
Date: 4/26/2006
Time: 6:50:14 AM
User: N/A
Computer: AISLING
Description:
Faulting application iexplore.exe, version 6.0.2900.2180, faulting module urlmon.dll, version 6.0.2900.2870, fault address 0x00039ebe.

For more information, see Help and Support Center at https://go.microsoft.com/fwlink/events.asp.
Data:
0000: 41 70 70 6c 69 63 61 74 Applicat
0008: 69 6f 6e 20 46 61 69 6c ion Fail
0010: 75 72 65 20 20 69 65 78 ure iex
0018: 70 6c 6f 72 65 2e 65 78 plore.ex
0020: 65 20 36 2e 30 2e 32 39 e 6.0.29
0028: 30 30 2e 32 31 38 30 20 00.2180
0030: 69 6e 20 75 72 6c 6d 6f in urlmo
0038: 6e 2e 64 6c 6c 20 36 2e n.dll 6.
0040: 30 2e 32 39 30 30 2e 32 0.2900.2
0048: 38 37 30 20 61 74 20 6f 870 at o
0050: 66 66 73 65 74 20 30 30 ffset 00
0058: 30 33 39 65 62 65 0d 0a 039ebe..


Event Type: Error
Event Source: Application Hang
Event Category: (101)
Event ID: 1002
Date: 4/26/2006
Time: 7:02:02 AM
User: N/A
Computer: AISLING
Description:
Hanging application iexplore.exe, version 6.0.2900.2180, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

For more information, see Help and Support Center at https://go.microsoft.com/fwlink/events.asp.
Data:
0000: 41 70 70 6c 69 63 61 74 Applicat
0008: 69 6f 6e 20 48 61 6e 67 ion Hang
0010: 20 20 69 65 78 70 6c 6f iexplo
0018: 72 65 2e 65 78 65 20 36 re.exe 6
0020: 2e 30 2e 32 39 30 30 2e .0.2900.
0028: 32 31 38 30 20 69 6e 20 2180 in
0030: 68 75 6e 67 61 70 70 20 hungapp
0038: 30 2e 30 2e 30 2e 30 20 0.0.0.0
0040: 61 74 20 6f 66 66 73 65 at offse
0048: 74 20 30 30 30 30 30 30 t 000000
0050: 30 30 00

Event Type: Error
Event Source: Application Hang
Event Category: (101)
Event ID: 1002
Date: 4/26/2006
Time: 7:12:28 PM
User: N/A
Computer: AISLING
Description:
Hanging application gcasSWUpdater.exe, version 1.0.0.701, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

For more information, see Help and Support Center at https://go.microsoft.com/fwlink/events.asp.
Data:
0000: 41 70 70 6c 69 63 61 74 Applicat
0008: 69 6f 6e 20 48 61 6e 67 ion Hang
0010: 20 20 67 63 61 73 53 57 gcasSW
0018: 55 70 64 61 74 65 72 2e Updater.
0020: 65 78 65 20 31 2e 30 2e exe 1.0.
0028: 30 2e 37 30 31 20 69 6e 0.701 in
0030: 20 68 75 6e 67 61 70 70 hungapp
0038: 20 30 2e 30 2e 30 2e 30 0.0.0.0
0040: 20 61 74 20 6f 66 66 73 at offs
0048: 65 74 20 30 30 30 30 30 et 00000
0050: 30 30 30 000

Event Type: Error
Event Source: Application Hang
Event Category: (101)
Event ID: 1002
Date: 4/26/2006
Time: 7:12:28 PM
User: N/A
Computer: AISLING
Description:
Hanging application gcasSWUpdater.exe, version 1.0.0.701, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

For more information, see Help and Support Center at https://go.microsoft.com/fwlink/events.asp.
Data:
0000: 41 70 70 6c 69 63 61 74 Applicat
0008: 69 6f 6e 20 48 61 6e 67 ion Hang
0010: 20 20 67 63 61 73 53 57 gcasSW
0018: 55 70 64 61 74 65 72 2e Updater.
0020: 65 78 65 20 31 2e 30 2e exe 1.0.
0028: 30 2e 37 30 31 20 69 6e 0.701 in
0030: 20 68 75 6e 67 61 70 70 hungapp
0038: 20 30 2e 30 2e 30 2e 30 0.0.0.0
0040: 20 61 74 20 6f 66 66 73 at offs
0048: 65 74 20 30 30 30 30 30 et 00000
0050: 30 30 30 000

Event Type: Error
Event Source: Application Hang
Event Category: (101)
Event ID: 1002
Date: 4/26/2006
Time: 7:12:31 PM
User: N/A
Computer: AISLING
Description:
Hanging application gcasSWUpdater.exe, version 1.0.0.701, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

For more information, see Help and Support Center at https://go.microsoft.com/fwlink/events.asp.
Data:
0000: 41 70 70 6c 69 63 61 74 Applicat
0008: 69 6f 6e 20 48 61 6e 67 ion Hang
0010: 20 20 67 63 61 73 53 57 gcasSW
0018: 55 70 64 61 74 65 72 2e Updater.
0020: 65 78 65 20 31 2e 30 2e exe 1.0.
0028: 30 2e 37 30 31 20 69 6e 0.701 in
0030: 20 68 75 6e 67 61 70 70 hungapp
0038: 20 30 2e 30 2e 30 2e 30 0.0.0.0
0040: 20 61 74 20 6f 66 66 73 at offs
0048: 65 74 20 30 30 30 30 30 et 00000
0050: 30 30 30 000
ksmile is offline  
Old 04-27-2006, 04:16 PM   #12
TSF Team, Emeritus
 
Vikesrock8411's Avatar
 
Join Date: Jun 2005
Posts: 3,100
OS: Windows XP


I'd like to examine the possibility of some type of software conflict being the source of your issue.

Reboot into Safe Mode and try opening various programs. Do you experience any slowdowns or crashes?

Then try this:
  • Click Start>Run> type msconfig
  • Click the services tab
  • Click "Hide all Microsoft Services"
  • Uncheck all services not related to McAfee
  • Click the Startup Tab
  • Uncheck everything except the following:
    • mcmnhdlr
      mcagent
      mcupdate
      mcvsshld
      oasclnt
      MpfTray
      mcregwiz
  • Click OK and Reboot your computer

Now try various programs including Internet Explorer, Is it still crashing?
Vikesrock8411 is offline  
Old 04-27-2006, 08:03 PM   #13
Guest
 
Join Date: Apr 2006
Posts: 13
OS:


Thank you for continuing to help me, even though we seem to be out of the malware realm.

My computer is running much better than before (opening software fast) except for its inability to access the internet with any browser. I can get to some pages, but it takes a really long time.

Opening things did not make it crash. Changing what loads/opens at startup did not help me get on the internet any faster.

The one thing that always makes it crash is if some program wants to go update and Mcafee makes me choose whether to deny it access forever or to allow it access, so I allow it access and then try to close the program because I don't want to be hung up waiting for something like 1500 kb to take 3 hours to download. Anyway when I close the software that wants to update, it always crashes.

The only problem I am having is this internet one.

At this point, I can't go on without my own internet access and I'm ready to nuke/uninstall most of the programs on there or just do a restore or something. All I use are a few pieces of software anyway.

There are a few things that my work put on that I would not like to lose and I would if I restore (because they won't reinstall it), but I have to pick priorities and being able to be on the internet at a high speed as soon as possible is mine above all else.

Any suggestions?
ksmile is offline  
Old 04-27-2006, 08:06 PM   #14
Guest
 
Join Date: Apr 2006
Posts: 13
OS:


PS I did not find

mcregwiz

in my list of applications to leave checked with the other ones. When I rebooted, Windows put "nwtray" as one of the checked ones. Not sure if this means anything or not.
ksmile is offline  
Old 04-27-2006, 08:26 PM   #15
TSF Team, Emeritus
 
Vikesrock8411's Avatar
 
Join Date: Jun 2005
Posts: 3,100
OS: Windows XP


If you have not done so already, you can open Msconfig and click "Normal Startup" on the General Tab. I have a couple things you can try, then I have listed an alternative to a reformat at the very bottom.

Copy/Paste the following below into Notepad

rem Script used to manually reregister Internet Explorer and Shell related *.dlls
rem Also included the Digital Signing and Cryptographic Provider *. dlls if needed
rem rundll32.exe advpack.dll /DelNodeRunDLL32 C:\WINNT\System32\dacui.dll
rem rundll32.exe advpack.dll /DelNodeRunDLL32 C:\WINNT\Catroot\icatalog.mdb
rem regsvr32 setupwbv.dll /s
rem regsvr32 wininet.dll /s
regsvr32 comcat.dll /s
regsvr32 CSSEQCHK.DLL /s
regsvr32 shdoc401.dll /s
regsvr32 shdoc401.dll /i /s
regsvr32 asctrls.ocx /s
regsvr32 oleaut32.dll /s
regsvr32 shdocvw.dll /I /s
regsvr32 shdocvw.dll /s
regsvr32 browseui.dll /s
regsvr32 browsewm.dll /s
regsvr32 browseui.dll /I /s
regsvr32 msrating.dll /s
regsvr32 mlang.dll /s
regsvr32 hlink.dll /s
rem regsvr32 mshtml.dll /s
regsvr32 mshtmled.dll /s
regsvr32 urlmon.dll /s
regsvr32 plugin.ocx /s
regsvr32 sendmail.dll /s
rem regsvr32 comctl32.dll /i /s
rem regsvr32 inetcpl.cpl /i /s
rem regsvr32 mshtml.dll /i /s
regsvr32 scrobj.dll /s
regsvr32 mmefxe.ocx /s
rem regsvr32 proctexe.ocx mshta.exe /register /s
regsvr32 corpol.dll /s
regsvr32 jscript.dll /s
regsvr32 msxml.dll /s
regsvr32 imgutil.dll /s
regsvr32 thumbvw.dll /s
regsvr32 cryptext.dll /s
regsvr32 rsabase.dll /s
rem regsvr32 triedit.dll /s
rem regsvr32 dhtmled.ocx /s
regsvr32 inseng.dll /s
regsvr32 iesetup.dll /i /s
rem regsvr32 hmmapi.dll /s
regsvr32 cryptdlg.dll /s
regsvr32 actxprxy.dll /s
regsvr32 dispex.dll /s
regsvr32 occache.dll /s
regsvr32 occache.dll /i /s
regsvr32 iepeers.dll /s
rem regsvr32 wininet.dll /i /s
regsvr32 urlmon.dll /i /s
rem regsvr32 digest.dll /i /s
regsvr32 cdfview.dll /s
regsvr32 webcheck.dll /s
regsvr32 mobsync.dll /s
regsvr32 pngfilt.dll /s
regsvr32 licmgr10.dll /s
regsvr32 icmfilter.dll /s
regsvr32 hhctrl.ocx /s
regsvr32 inetcfg.dll /s
rem regsvr32 trialoc.dll /s
regsvr32 tdc.ocx /s
regsvr32 MSR2C.DLL /s
regsvr32 msident.dll /s
regsvr32 msieftp.dll /s
regsvr32 xmsconf.ocx /s
regsvr32 ils.dll /s
regsvr32 msoeacct.dll /s
rem regsvr32 wab32.dll /s
rem regsvr32 wabimp.dll /s
rem regsvr32 wabfind.dll /s
rem regsvr32 oemiglib.dll /s
rem regsvr32 directdb.dll /s
regsvr32 inetcomm.dll /s
rem regsvr32 msoe.dll /s
rem regsvr32 oeimport.dll /s
regsvr32 msdxm.ocx /s
regsvr32 dxmasf.dll /s
rem regsvr32 laprxy.dll /s
regsvr32 l3codecx.ax /s
regsvr32 acelpdec.ax /s
regsvr32 mpg4ds32.ax /s
regsvr32 voxmsdec.ax /s
regsvr32 danim.dll /s
regsvr32 Daxctle.ocx /s
regsvr32 lmrt.dll /s
regsvr32 datime.dll /s
regsvr32 dxtrans.dll /s
regsvr32 dxtmsft.dll /s
rem regsvr32 vgx.dll /s
regsvr32 WEBPOST.DLL /s
regsvr32 WPWIZDLL.DLL /s
regsvr32 POSTWPP.DLL /s
regsvr32 CRSWPP.DLL /s
regsvr32 FTPWPP.DLL /s
regsvr32 FPWPP.DLL /s
rem regsvr32 FLUPL.OCX /s
regsvr32 wshom.ocx /s
regsvr32 wshext.dll /s
regsvr32 vbscript.dll /s
regsvr32 scrrun.dll mstinit.exe /setup /s
regsvr32 msnsspc.dll /SspcCreateSspiReg /s
regsvr32 msapsspc.dll /SspcCreateSspiReg /s
regsvr32 licdll.dll /s
regsvr32 regwizc.dll /s
regsvr32 softpub.dll /s
regsvr32 IEDKCS32.DLL /s
regsvr32 MSTIME.DLL /s
regsvr32 WINTRUST.DLL /s
regsvr32 INITPKI.DLL /s
regsvr32 DSSENH.DLL /s
regsvr32 RSAENH.DLL /s
regsvr32 CRYPTDLG.DLL /s
regsvr32 Gpkcsp.dll /s
regsvr32 Sccbase.dll /s
regsvr32 Slbcsp.dll /s
exit


Save the file as "All Filetypes" and name it fixie.bat

Make sure IE is closed and double click on fixie.bat to run the file.

Reboot the system.

If that doesn't work download WinsockFix and extract all files. Double click on WinsockFix.exe to run it.

If you are considering a reformat anyway, I would try a repair install. This will reinstall all Windows files while leaving programs and data intact. Be warned however, that some programs may not function correctly.

You can find instructions for a repair install here
Vikesrock8411 is offline  
Old 04-28-2006, 04:39 PM   #16
Guest
 
Join Date: Apr 2006
Posts: 13
OS:


Hello, I have done everything but the winsock fix. When I try to use the backup utility which it says to do, it gives an error in each file it tries to save. Is it okay to just do "fix" or is there some other way to back up the registry?

I also tried replugging and changing out all the wires again, etc. Called ISP. Rebooted modem. Still no luck whatsoever and Mcafee is really mad at me that it can't update, so it's not working anymore because I can't log on to verify who I am or download because I can't load webpages. It's been a nightmare.

Once I run winsock fix, is the repair the logical next step. What if that doesn't work either? New computer?
ksmile is offline  
Old 04-28-2006, 06:39 PM   #17
Guest
 
Join Date: Apr 2006
Posts: 13
OS:


Finally some success!

I went online using the dial up modem and all the pages loaded fairly quickly (50.6 kbps which is over ten times what I get with the high speed connection) and completely (which I don't get at all with the high speed.) Is it logical to think that something is wrong with the ethernet in my computer?

Is there a way to change out the original manufactured ethernet device that is glued to the mother board and have the computer recognize it? I mean, could I just put a third party ethernet card in some open slot? I realize I could ask Dell this also. But, if you can tell me, that would help.

My computer is doing great overall, and I'm delighted that getting all the garbage off it made it run faster, so I don't think this all you helped me with is for naught. Still, it would be great to get the original problem fixed.

Thanks and happy Friday to you.
ksmile is offline  
Old 04-28-2006, 09:07 PM   #18
TSF Team, Emeritus
 
Vikesrock8411's Avatar
 
Join Date: Jun 2005
Posts: 3,100
OS: Windows XP


It would indeed be logical to think that something is wrong with the Ethernet on your motherboard.

Depending on how desperate you are to get back on the Internet you may want to check out our Networking Forum. If the problem can be solved by reinstalling drivers or something similar you may not have to purchase a new NIC card.

It is possible to install a third party Ethernet card in an open PCI slot. Again if you have time, the networking forum may be far more helpful.

Glad to hear that you are getting somewhere at least!
Vikesrock8411 is offline  
Old 04-28-2006, 09:47 PM   #19
Guest
 
Join Date: Apr 2006
Posts: 13
OS:


Did update driver, to no avail, so I have the new card ready to drop in the slot in the a.m. Right now I am running all my virus and spyware checkers again. Do you think you could give me the closing speech anyway, even though I didn't really have malware? I was running Mcafee, ad-aware and Microsoft antispyware (which I just updated to defender), and I have now added in spybot. Is there something else I should be doing? Maintenance things on windows files?

I think that probably what happened is that I had lots of clutter on my computer combined with things trying to connect to the internet to update which made for lots of crashing and more crud to gum up the system. Then I didn't close the Mcafee checker when I ran trendmicro's so thought that I had a trojan. Reading this forum and thinking I had malware all week scared me enough to make sure I am super careful in the future.

I am grateful to you for all the help you gave me, and for trying and trying all different approaches to help me. I learned so much this week. I will write you after the card goes in. I'm pretty sure I am back up--not a moment too soon. I don't think my relationship could take more than a week of computer sharing.


THANK YOU THANK YOU THANK YOU. Happy computer trails.
ksmile is offline  
Old 04-29-2006, 06:26 AM   #20
TSF Team, Emeritus
 
Vikesrock8411's Avatar
 
Join Date: Jun 2005
Posts: 3,100
OS: Windows XP


Your log appears to be clean. If you still have any problems let me know and we will work on diagnosing those through other means. If not, there are just a few more things to go through to finish this off and help prevent future infections. Please post one more time even if you have no problems so we can mark this thread as resolved.

Setting a new Restore Point
Go to Start >> Run - type control sysdm.cpl,,4 & press Enter.
  • Tick the checkbox - Turn off System Restore on all drives
  • Click Apply
  • Turn it back 'On' by unticking the same checkbox & click OK

Windows Update
Make sure to get the latest updates for Windows and Internet Explorer at Microsoft Update Site.

Prevention
A good virus scanner is a necessity in today's computer environment. Many virus scanners include active components that protect you from infection without even running a scan. Some good free antivirus programs include:
AVG Free
Avast! Home Edition (Antivirus & Firewall)
AntiVir

A firewall is the first line of defense standing between the internet and your computer. Some good free firewalls are:
Zone Alarm
Outpost
Tiny Personal Firewall
Sunbelt Kerio Personal Firewall

Adaware SE and Spybot SD are a pair of anti-spyware scanners that should be run every week or two. Although there is some overlap there are many pieces of malware that is caught by one of these and not the other, therefore it is recommended you use both to compliment each other. Spybot also contains two other useful pieces. The first is "Immunize", this helps protect your computer against known exploits. The second is "TeaTimer", with this feature enabled you will receive notifications of all changes to the registry such as programs adding themselves to start-up and you default search page being changed.

Spyware Blaster is a powerful tool that prevents "drive-by" downloads and other unwanted installations. It also uses no system resources, run it once and you're all set. Spyware Guard Is a realtime protection engine to guard your computer from spyware. This program does for spyware what an antivirus program does for viruses.

IE-Spyad is a program that only needs to be run once to protect you from many malicious sites. It adds domains of known adware companies into the Restricted List of Internet Explorer, preventing them from performing malicious actions on your PC.

The MVPS HOSTS file is a file you can download and use to replace your regular hosts file. It prevents many sites from performing malicious actions by blocking the sites from ever being accessed.

Together these programs form a powerful barrier between the Internet and your computer. However, all the programs stand alone and feel free to eliminate any you are not comfortable with. Any protection you add to your PC is better than no protection at all.

Alternative Programs
Here are some alternatives that are either less suceptible than others to malware or don't contain malware where similar programs do.

Trillian or Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)

Desktop Weather - Free taskbar weather program that is free, malware free, and resource light.

Firefox - This is an increasingly popular alternate browser. Whilst Internet Explorer is not a bad browser, almost every exploit crafted is targeted to take advantage of an IE weakness.

Sun's Java - It's much more secure than Microsoft's Java Virtual Machine.
Vikesrock8411 is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 08:22 AM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts