1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

somebody mention securityuptodate ?

Discussion in 'Malware and Virus Removal Archive' started by yelsel, 2006/05/09.

  1. 2006/05/09
    yelsel

    yelsel Inactive Thread Starter

    Joined:
    2006/05/08
    Messages:
    10
    Likes Received:
    0
    Yesterday I was tearing my hair out. Spent hours and hours (and pounds and pounds, of which more later) and seemed to have got nowhere. Was asking everyone and emailed Pete C who kindly replied asking me to start a thread and told me how to do it, so here goes.

    First, I got rid of securityuptodate I think or at least in part. The clearest symptom of my problem was the highjacking of my home page, so that Google was instantly overwritten by security up to date.I followed as exactly as I could the instructions, eleven pages of them, from BleepingComputer.com. After rebooting still had the problem. That was when I got in touch with you guys. Then I want to bed.

    However when I turned on the computer this morning, Google was back as if by magic. Hooray. But things are not as they were. I'm very much in the throws of post virus infection stress syndrome.

    1) There are some nasty icons on my desktop and i don't know if I can just delete them. they were put there by securityup to date and are
    a)mediacodec, a green diamond
    b)on-line security guide, blue shield with exclamation mark, a shortcut
    c)security troubleshooter, green shield with tick, a shortcut

    Could you tell me how to get rid of them safely?

    2) I feel anxious about doing any of the things I normally do, eg buy stuff on-line, check my bank balance etc I am also anxious about emailing anyone in case I infect them. I seek reassurance.

    3) I can no longer play my favourite Yahoo game, Literati. Help!

    I've never posted before and suspect I'm going on too much but there is a different and related problem. It might be helpful if I tell you of my experience.

    As I have Mcafee virus protection my first thought was to ask them for help . I paid £20.00 for a gold chat with a technician. Having described the problem, the technician said that it sounded like I had spyware and he would send me an email telling me what to do. The email directed me to Ad-Aware andSpyBot.
    As it happens I went to "SpyBot" first. It claimed to be free. I followed the instructions and Spybot told me it had found a large number of critical nasties. Get rid of them said I. At this point "SpyBot" said I would have to pay for the full service. Gradually, three screens later I had purchased $48 worth. I suspect now that it wasn't the real SpyBot but I was so naive (which is why I got into this predicament in the first place.) Having run the full program, I found I still had the problem. I have a shortcut icon for SpyBot on my desktop. It is a red circle with fuzzy white edges and a fuzzy white B in the middle. Does anyone know if this is the genuine article? I am worried that it's super- duper spyware itself.

    Thanks everyone, but especially Pete C for your help.
     
    yelsel,
    #1
  2. 2006/05/09
    PeteC

    PeteC SuperGeek Staff

    Joined:
    2002/05/10
    Messages:
    28,896
    Likes Received:
    389
    yelsel - Welcome to the Board :)

    I will endeavour to assist you in cleaning up your computer, but before we start Ad-Aware SE and Spybot Search and Destroy are both free, and both remove adware, etc without payment. You may have been duped - there are rogue programs with very similar names.

    Ad-Aware SE - http://www.lavasoft.de/software/adaware/

    Spybot S & D - http://www.safer-networking.org/en/index.html

    Their desktop icons are shown in the screenshot.

    This cleaning process may take some time and will not be completed tonight :) I like my sleep as much as anyone else.

    First priority - uninstall what you believe to be Ad-Aware and Spybot through Control Panel > Add/Remove Programs.

    Download, install and run the trial version of Ewido. When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu ".

    Boot into Safe Mode and run Ewido - full system scan and save the report. Boot into normal mode and post the report here (copy and paste into a new post in this thread).

    Then download HijackThis through Quicklinks in my signature and save it to a folder on your hard drive, say C:\HJT.

    Boot into Safe Mode and scan with HJT - Do a System Scan and save a log file'.

    Reboot into normal mode and post the report here - you will find it in the same folder as hijackthis.exe.

    Then please wait for further instructions.
     
    PeteC,
    #2


  3. to hide this advert.

  4. 2006/05/10
    yelsel

    yelsel Inactive Thread Starter

    Joined:
    2006/05/08
    Messages:
    10
    Likes Received:
    0
    ewido scan results 1 and 2 (part 1)

    Thank you Pete for your directions .

    I've just tried to post my reply but it won't fit into one posting. Three should cover it !
    After surmounting various challenges eg how to boot in safe mode and worse, but blindingly obvious once I found out, how to get out of safe mode ( I know this really is pathetic) I have a log to send you. In fact 2 logs because I couldn't find the first one and thought I hadn't saved it, so I scanned again.
    You might as well have both since they are different. Next challenge is the Hijack step.........



    FIRST REPORT

    ---------------------------------------------------------
    ewido anti-malware - Scan report
    ---------------------------------------------------------

    + Created on: 10:18:46, 10/05/2006
    + Report-Checksum: 6EC0BEC

    + Scan result:

    HKU\S-1-5-21-3962937336-782189750-1497286466-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FE6A3E85-0F6C-49AD-8843-68FF44E7EEA9} -> Adware.SecureServicePack : Cleaned with backup
    :mozilla.10:C:\Documents and Settings\Elinor\Application Data\Mozilla\Firefox\Profiles\dlgkz46u.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned with backup
    :mozilla.13:C:\Documents and Settings\Elinor\Application Data\Mozilla\Firefox\Profiles\dlgkz46u.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned with backup
    :mozilla.29:C:\Documents and Settings\Elinor\Application Data\Mozilla\Firefox\Profiles\dlgkz46u.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
    :mozilla.32:C:\Documents and Settings\Elinor\Application Data\Mozilla\Firefox\Profiles\dlgkz46u.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
    :mozilla.35:C:\Documents and Settings\Elinor\Application Data\Mozilla\Firefox\Profiles\dlgkz46u.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
    :mozilla.52:C:\Documents and Settings\Elinor\Application Data\Mozilla\Firefox\Profiles\dlgkz46u.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
    :mozilla.56:C:\Documents and Settings\Elinor\Application Data\Mozilla\Firefox\Profiles\dlgkz46u.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
    :mozilla.57:C:\Documents and Settings\Elinor\Application Data\Mozilla\Firefox\Profiles\dlgkz46u.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
    :mozilla.58:C:\Documents and Settings\Elinor\Application Data\Mozilla\Firefox\Profiles\dlgkz46u.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
    :mozilla.62:C:\Documents and Settings\Elinor\Application Data\Mozilla\Firefox\Profiles\dlgkz46u.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
    :mozilla.63:C:\Documents and Settings\Elinor\Application Data\Mozilla\Firefox\Profiles\dlgkz46u.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
    :mozilla.64:C:\Documents and Settings\Elinor\Application Data\Mozilla\Firefox\Profiles\dlgkz46u.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
    :mozilla.65:C:\Documents and Settings\Elinor\Application Data\Mozilla\Firefox\Profiles\dlgkz46u.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
    :mozilla.66:C:\Documents and Settings\Elinor\Application Data\Mozilla\Firefox\Profiles\dlgkz46u.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
    :mozilla.67:C:\Documents and Settings\Elinor\Application Data\Mozilla\Firefox\Profiles\dlgkz46u.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
    :mozilla.68:C:\Documents and Settings\Elinor\Application Data\Mozilla\Firefox\Profiles\dlgkz46u.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
    :mozilla.69:C:\Documents and Settings\Elinor\Application Data\Mozilla\Firefox\Profiles\dlgkz46u.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
    :mozilla.70:C:\Documents and Settings\Elinor\Application Data\Mozilla\Firefox\Profiles\dlgkz46u.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
    :mozilla.71:C:\Documents and Settings\Elinor\Application Data\Mozilla\Firefox\Profiles\dlgkz46u.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
    :mozilla.72:C:\Documents and Settings\Elinor\Application Data\Mozilla\Firefox\Profiles\dlgkz46u.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
    :mozilla.73:C:\Documents and Settings\Elinor\Application Data\Mozilla\Firefox\Profiles\dlgkz46u.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
    :mozilla.74:C:\Documents and Settings\Elinor\Application Data\Mozilla\Firefox\Profiles\dlgkz46u.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
    :mozilla.75:C:\Documents and Settings\Elinor\Application Data\Mozilla\Firefox\Profiles\dlgkz46u.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
    :mozilla.76:C:\Documents and Settings\Elinor\Application Data\Mozilla\Firefox\Profiles\dlgkz46u.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
    :mozilla.77:C:\Documents and Settings\Elinor\Application Data\Mozilla\Firefox\Profiles\dlgkz46u.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
    :mozilla.78:C:\Documents and Settings\Elinor\Application Data\Mozilla\Firefox\Profiles\dlgkz46u.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
    :mozilla.79:C:\Documents and Settings\Elinor\Application Data\Mozilla\Firefox\Profiles\dlgkz46u.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
    :mozilla.80:C:\Documents and Settings\Elinor\Application Data\Mozilla\Firefox\Profiles\dlgkz46u.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
    :mozilla.81:C:\Documents and Settings\Elinor\Application Data\Mozilla\Firefox\Profiles\dlgkz46u.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
    :mozilla.85:C:\Documents and Settings\Elinor\Application Data\Mozilla\Firefox\Profiles\dlgkz46u.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup
    :mozilla.92:C:\Documents and Settings\Elinor\Application Data\Mozilla\Firefox\Profiles\dlgkz46u.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup
    :mozilla.93:C:\Documents and Settings\Elinor\Application Data\Mozilla\Firefox\Profiles\dlgkz46u.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
    :mozilla.94:C:\Documents and Settings\Elinor\Application Data\Mozilla\Firefox\Profiles\dlgkz46u.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
    :mozilla.95:C:\Documents and Settings\Elinor\Application Data\Mozilla\Firefox\Profiles\dlgkz46u.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
    :mozilla.96:C:\Documents and Settings\Elinor\Application Data\Mozilla\Firefox\Profiles\dlgkz46u.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
    :mozilla.98:C:\Documents and Settings\Elinor\Application Data\Mozilla\Firefox\Profiles\dlgkz46u.default\cookies.txt -> TrackingCookie.Centrport : Cleaned with backup
    :mozilla.99:C:\Documents and Settings\Elinor\Application Data\Mozilla\Firefox\Profiles\dlgkz46u.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
    :mozilla.107:C:\Documents and Settings\Elinor\Application Data\Mozilla\Firefox\Profiles\dlgkz46u.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
    :mozilla.108:C:\Documents and Settings\Elinor\Application Data\Mozilla\Firefox\Profiles\dlgkz46u.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
    :mozilla.114:C:\Documents and Settings\Elinor\Application Data\Mozilla\Firefox\Profiles\dlgkz46u.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
    :mozilla.115:C:\Documents and Settings\Elinor\Application Data\Mozilla\Firefox\Profiles\dlgkz46u.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned with backup
    :mozilla.128:C:\Documents and Settings\Elinor\Application Data\Mozilla\Firefox\Profiles\dlgkz46u.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned with backup
    :mozilla.129:C:\Documents and Settings\Elinor\Application Data\Mozilla\Firefox\Profiles\dlgkz46u.default\cookies.txt -> TrackingCookie.Adviva : Cleaned with backup
    :mozilla.130:C:\Documents and Settings\Elinor\Application Data\Mozilla\Firefox\Profiles\dlgkz46u.default\cookies.txt -> TrackingCookie.Adviva : Cleaned with backup
    :mozilla.131:C:\Documents and Settings\Elinor\Application Data\Mozilla\Firefox\Profiles\dlgkz46u.default\cookies.txt -> TrackingCookie.Adviva : Cleaned with backup
    :mozilla.139:C:\Documents and Settings\Elinor\Application Data\Mozilla\Firefox\Profiles\dlgkz46u.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
    :mozilla.148:C:\Documents and Settings\Elinor\Application Data\Mozilla\Firefox\Profiles\dlgkz46u.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
    :mozilla.151:C:\Documents and Settings\Elinor\Application Data\Mozilla\Firefox\Profiles\dlgkz46u.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
    :mozilla.152:C:\Documents and Settings\Elinor\Application Data\Mozilla\Firefox\Profiles\dlgkz46u.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
    :mozilla.153:C:\Documents and Settings\Elinor\Application Data\Mozilla\Firefox\Profiles\dlgkz46u.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
    :mozilla.154:C:\Documents and Settings\Elinor\Application Data\Mozilla\Firefox\Profiles\dlgkz46u.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
    :mozilla.155:C:\Documents and Settings\Elinor\Application Data\Mozilla\Firefox\Profiles\dlgkz46u.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
    :mozilla.156:C:\Documents and Settings\Elinor\Application Data\Mozilla\Firefox\Profiles\dlgkz46u.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
    :mozilla.157:C:\Documents and Settings\Elinor\Application Data\Mozilla\Firefox\Profiles\dlgkz46u.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
    C:\Documents and Settings\Elinor\Cookies\elinor@adopt.euroclick[1].txt -> TrackingCookie.Euroclick : Cleaned with backup
    C:\Documents and Settings\Elinor\Cookies\elinor@rotator.adjuggler[1].txt -> TrackingCookie.Adjuggler : Cleaned with backup
    C:\Documents and Settings\Elinor\Cookies\elinor@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned with backup
    C:\Documents and Settings\Elinor\Cookies\elinor@www.web-stat[2].txt -> TrackingCookie.Web-stat : Cleaned with backup
    C:\Documents and Settings\Esther\Cookies\esther@112.2o7[2].txt -> TrackingCookie.2o7 : Cleaned with backup
    C:\Documents and Settings\Esther\Cookies\esther@a.tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned with backup
    C:\Documents and Settings\Esther\Cookies\esther@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
    C:\Documents and Settings\Esther\Cookies\esther@adopt.euroclick[1].txt -> TrackingCookie.Euroclick : Cleaned with backup
    C:\Documents and Settings\Esther\Cookies\esther@burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned with backup
    C:\Documents and Settings\Esther\Cookies\esther@e-2dj6wjliqmajaeq.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Esther\Cookies\esther@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
    C:\Documents and Settings\Esther\Cookies\esther@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned with backup
    C:\Documents and Settings\Esther\Cookies\esther@webstat[1].txt -> TrackingCookie.Web-stat : Cleaned with backup
    C:\Documents and Settings\Esther\Cookies\esther@www.myaffiliateprogram[1].txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup
    :mozilla.6:C:\Documents and Settings\Lesley\Application Data\Mozilla\Firefox\Profiles\25qesppp.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
    :mozilla.8:C:\Documents and Settings\Lesley\Application Data\Mozilla\Firefox\Profiles\25qesppp.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
    :mozilla.23:C:\Documents and Settings\Lesley\Application Data\Mozilla\Firefox\Profiles\25qesppp.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
    :mozilla.25:C:\Documents and Settings\Lesley\Application Data\Mozilla\Firefox\Profiles\25qesppp.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
    :mozilla.26:C:\Documents and Settings\Lesley\Application Data\Mozilla\Firefox\Profiles\25qesppp.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
    :mozilla.41:C:\Documents and Settings\Lesley\Application Data\Mozilla\Firefox\Profiles\25qesppp.default\cookies.txt -> TrackingCookie.Adviva : Cleaned with backup
    :mozilla.42:C:\Documents and Settings\Lesley\Application Data\Mozilla\Firefox\Profiles\25qesppp.default\cookies.txt -> TrackingCookie.Adviva : Cleaned with backup
    :mozilla.43:C:\Documents and Settings\Lesley\Application Data\Mozilla\Firefox\Profiles\25qesppp.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
    :mozilla.48:C:\Documents and Settings\Lesley\Application Data\Mozilla\Firefox\Profiles\25qesppp.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
    :mozilla.49:C:\Documents and Settings\Lesley\Application Data\Mozilla\Firefox\Profiles\25qesppp.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
    :mozilla.50:C:\Documents and Settings\Lesley\Application Data\Mozilla\Firefox\Profiles\25qesppp.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
    :mozilla.69:C:\Documents and Settings\Lesley\Application Data\Mozilla\Firefox\Profiles\25qesppp.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
    :mozilla.73:C:\Documents and Settings\Lesley\Application Data\Mozilla\Firefox\Profiles\25qesppp.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
    :mozilla.82:C:\Documents and Settings\Lesley\Application Data\Mozilla\Firefox\Profiles\25qesppp.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup
    :mozilla.83:C:\Documents and Settings\Lesley\Application Data\Mozilla\Firefox\Profiles\25qesppp.default\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup
    :mozilla.84:C:\Documents and Settings\Lesley\Application Data\Mozilla\Firefox\Profiles\25qesppp.default\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup
    :mozilla.85:C:\Documents and Settings\Lesley\Application Data\Mozilla\Firefox\Profiles\25qesppp.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup
    :mozilla.86:C:\Documents and Settings\Lesley\Application Data\Mozilla\Firefox\Profiles\25qesppp.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
    :mozilla.87:C:\Documents and Settings\Lesley\Application Data\Mozilla\Firefox\Profiles\25qesppp.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup
    :mozilla.88:C:\Documents and Settings\Lesley\Application Data\Mozilla\Firefox\Profiles\25qesppp.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup
    :mozilla.104:C:\Documents and Settings\Lesley\Application Data\Mozilla\Firefox\Profiles\25qesppp.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
    :mozilla.105:C:\Documents and Settings\Lesley\Application Data\Mozilla\Firefox\Profiles\25qesppp.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
    :mozilla.115:C:\Documents and Settings\Lesley\Application Data\Mozilla\Firefox\Profiles\25qesppp.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
    :mozilla.116:C:\Documents and Settings\Lesley\Application Data\Mozilla\Firefox\Profiles\25qesppp.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
    :mozilla.117:C:\Documents and Settings\Lesley\Application Data\Mozilla\Firefox\Profiles\25qesppp.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
    :mozilla.118:C:\Documents and Settings\Lesley\Application Data\Mozilla\Firefox\Profiles\25qesppp.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
    :mozilla.133:C:\Documents and Settings\Lesley\Application Data\Mozilla\Firefox\Profiles\25qesppp.default\cookies.txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup
    :mozilla.134:C:\Documents and Settings\Lesley\Application Data\Mozilla\Firefox\Profiles\25qesppp.default\cookies.txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup
    :mozilla.135:C:\Documents and Settings\Lesley\Application Data\Mozilla\Firefox\Profiles\25qesppp.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
    :mozilla.146:C:\Documents and Settings\Lesley\Application Data\Mozilla\Firefox\Profiles\25qesppp.default\cookies.txt -> TrackingCookie.Centrport : Cleaned with backup
    :mozilla.147:C:\Documents and Settings\Lesley\Application Data\Mozilla\Firefox\Profiles\25qesppp.default\cookies.txt -> TrackingCookie.Centrport : Cleaned with backup
    :mozilla.155:C:\Documents and Settings\Lesley\Application Data\Mozilla\Firefox\Profiles\25qesppp.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
    :mozilla.157:C:\Documents and Settings\Lesley\Application Data\Mozilla\Firefox\Profiles\25qesppp.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
    :mozilla.158:C:\Documents and Settings\Lesley\Application Data\Mozilla\Firefox\Profiles\25qesppp.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
    :mozilla.159:C:\Documents and Settings\Lesley\Application Data\Mozilla\Firefox\Profiles\25qesppp.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
    :mozilla.160:C:\Documents and Settings\Lesley\Application Data\Mozilla\Firefox\Profiles\25qesppp.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
    :mozilla.161:C:\Documents and Settings\Lesley\Application Data\Mozilla\Firefox\Profiles\25qesppp.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
    :mozilla.163:C:\Documents and Settings\Lesley\Application Data\Mozilla\Firefox\Profiles\25qesppp.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
    :mozilla.164:C:\Documents and Settings\Lesley\Application Data\Mozilla\Firefox\Profiles\25qesppp.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
    :mozilla.170:C:\Documents and Settings\Lesley\Application Data\Mozilla\Firefox\Profiles\25qesppp.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
    :mozilla.171:C:\Documents and Settings\Lesley\Application Data\Mozilla\Firefox\Profiles\25qesppp.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
    :mozilla.173:C:\Documents and Settings\Lesley\Application Data\Mozilla\Firefox\Profiles\25qesppp.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
    :mozilla.177:C:\Documents and Settings\Lesley\Application Data\Mozilla\Firefox\Profiles\25qesppp.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
    :mozilla.178:C:\Documents and Settings\Lesley\Application Data\Mozilla\Firefox\Profiles\25qesppp.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
    :mozilla.182:C:\Documents and Settings\Lesley\Application Data\Mozilla\Firefox\Profiles\25qesppp.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
    :mozilla.183:C:\Documents and Settings\Lesley\Application Data\Mozilla\Firefox\Profiles\25qesppp.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
    :mozilla.184:C:\Documents and Settings\Lesley\Application Data\Mozilla\Firefox\Profiles\25qesppp.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
     
    yelsel,
    #3
  5. 2006/05/10
    yelsel

    yelsel Inactive Thread Starter

    Joined:
    2006/05/08
    Messages:
    10
    Likes Received:
    0
    ewido scan part 2 of 3

    :mozilla.187:C:\Documents and Settings\Lesley\Application Data\Mozilla\Firefox\Profiles\25qesppp.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
    :mozilla.190:C:\Documents and Settings\Lesley\Application Data\Mozilla\Firefox\Profiles\25qesppp.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
    :mozilla.282:C:\Documents and Settings\Lesley\Application Data\Mozilla\Firefox\Profiles\25qesppp.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned with backup
    :mozilla.283:C:\Documents and Settings\Lesley\Application Data\Mozilla\Firefox\Profiles\25qesppp.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned with backup
    :mozilla.284:C:\Documents and Settings\Lesley\Application Data\Mozilla\Firefox\Profiles\25qesppp.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned with backup
    :mozilla.285:C:\Documents and Settings\Lesley\Application Data\Mozilla\Firefox\Profiles\25qesppp.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned with backup
    :mozilla.286:C:\Documents and Settings\Lesley\Application Data\Mozilla\Firefox\Profiles\25qesppp.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned with backup
    :mozilla.287:C:\Documents and Settings\Lesley\Application Data\Mozilla\Firefox\Profiles\25qesppp.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned with backup
    :mozilla.668:C:\Documents and Settings\Lesley\Application Data\Mozilla\Firefox\Profiles\25qesppp.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned with backup
    :mozilla.674:C:\Documents and Settings\Lesley\Application Data\Mozilla\Firefox\Profiles\25qesppp.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup
    :mozilla.675:C:\Documents and Settings\Lesley\Application Data\Mozilla\Firefox\Profiles\25qesppp.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup
    :mozilla.677:C:\Documents and Settings\Lesley\Application Data\Mozilla\Firefox\Profiles\25qesppp.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup
    :mozilla.678:C:\Documents and Settings\Lesley\Application Data\Mozilla\Firefox\Profiles\25qesppp.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup
    :mozilla.703:C:\Documents and Settings\Lesley\Application Data\Mozilla\Firefox\Profiles\25qesppp.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup
    :mozilla.720:C:\Documents and Settings\Lesley\Application Data\Mozilla\Firefox\Profiles\25qesppp.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned with backup
    :mozilla.721:C:\Documents and Settings\Lesley\Application Data\Mozilla\Firefox\Profiles\25qesppp.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned with backup
    :mozilla.722:C:\Documents and Settings\Lesley\Application Data\Mozilla\Firefox\Profiles\25qesppp.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned with backup
    :mozilla.723:C:\Documents and Settings\Lesley\Application Data\Mozilla\Firefox\Profiles\25qesppp.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned with backup
    :mozilla.724:C:\Documents and Settings\Lesley\Application Data\Mozilla\Firefox\Profiles\25qesppp.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned with backup
    :mozilla.725:C:\Documents and Settings\Lesley\Application Data\Mozilla\Firefox\Profiles\25qesppp.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned with backup
    :mozilla.726:C:\Documents and Settings\Lesley\Application Data\Mozilla\Firefox\Profiles\25qesppp.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned with backup
    :mozilla.727:C:\Documents and Settings\Lesley\Application Data\Mozilla\Firefox\Profiles\25qesppp.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned with backup
    :mozilla.728:C:\Documents and Settings\Lesley\Application Data\Mozilla\Firefox\Profiles\25qesppp.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned with backup
    :mozilla.729:C:\Documents and Settings\Lesley\Application Data\Mozilla\Firefox\Profiles\25qesppp.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned with backup
    :mozilla.730:C:\Documents and Settings\Lesley\Application Data\Mozilla\Firefox\Profiles\25qesppp.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned with backup
    :mozilla.732:C:\Documents and Settings\Lesley\Application Data\Mozilla\Firefox\Profiles\25qesppp.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
    :mozilla.765:C:\Documents and Settings\Lesley\Application Data\Mozilla\Firefox\Profiles\25qesppp.default\cookies.txt -> TrackingCookie.Weborama : Cleaned with backup
    :mozilla.766:C:\Documents and Settings\Lesley\Application Data\Mozilla\Firefox\Profiles\25qesppp.default\cookies.txt -> TrackingCookie.Weborama : Cleaned with backup
    :mozilla.770:C:\Documents and Settings\Lesley\Application Data\Mozilla\Firefox\Profiles\25qesppp.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup
    :mozilla.792:C:\Documents and Settings\Lesley\Application Data\Mozilla\Firefox\Profiles\25qesppp.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
    :mozilla.793:C:\Documents and Settings\Lesley\Application Data\Mozilla\Firefox\Profiles\25qesppp.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
    :mozilla.816:C:\Documents and Settings\Lesley\Application Data\Mozilla\Firefox\Profiles\25qesppp.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup
    :mozilla.838:C:\Documents and Settings\Lesley\Application Data\Mozilla\Firefox\Profiles\25qesppp.default\cookies.txt -> TrackingCookie.Targetnet : Cleaned with backup
    :mozilla.852:C:\Documents and Settings\Lesley\Application Data\Mozilla\Firefox\Profiles\25qesppp.default\cookies.txt -> TrackingCookie.Coremetrics : Cleaned with backup
    :mozilla.854:C:\Documents and Settings\Lesley\Application Data\Mozilla\Firefox\Profiles\25qesppp.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
    :mozilla.855:C:\Documents and Settings\Lesley\Application Data\Mozilla\Firefox\Profiles\25qesppp.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup
    :mozilla.867:C:\Documents and Settings\Lesley\Application Data\Mozilla\Firefox\Profiles\25qesppp.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup
    :mozilla.876:C:\Documents and Settings\Lesley\Application Data\Mozilla\Firefox\Profiles\25qesppp.default\cookies.txt -> TrackingCookie.Targetnet : Cleaned with backup
    :mozilla.905:C:\Documents and Settings\Lesley\Application Data\Mozilla\Firefox\Profiles\25qesppp.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup
    C:\Documents and Settings\Lesley\Cookies\lesley@112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
    C:\Documents and Settings\Lesley\Cookies\lesley@122.2o7[2].txt -> TrackingCookie.2o7 : Cleaned with backup
    C:\Documents and Settings\Lesley\Cookies\lesley@a-1shz2prbmdj6wvny-1sez2pra2dj6wjlyuic5ahpa-1dj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Lesley\Cookies\lesley@a-1shz2prbmdj6wvny-1sez2pra2dj6wjmycld5wcog-1dj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Lesley\Cookies\lesley@a-1shz2prbmdj6wvny-1sez2pra2dj6wjny-1jcjakqqydj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Lesley\Cookies\lesley@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
    C:\Documents and Settings\Lesley\Cookies\lesley@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Cleaned with backup
    C:\Documents and Settings\Lesley\Cookies\lesley@adopt.specificclick[1].txt -> TrackingCookie.Specificclick : Cleaned with backup
    C:\Documents and Settings\Lesley\Cookies\lesley@ads.realcastmedia[1].txt -> TrackingCookie.Realcastmedia : Cleaned with backup
    C:\Documents and Settings\Lesley\Cookies\lesley@ads47.hyperbanner[1].txt -> TrackingCookie.Hyperbanner : Cleaned with backup
    C:\Documents and Settings\Lesley\Cookies\lesley@ads49.hyperbanner[1].txt -> TrackingCookie.Hyperbanner : Cleaned with backup
    C:\Documents and Settings\Lesley\Cookies\lesley@as-us.falkag[1].txt -> TrackingCookie.Falkag : Cleaned with backup
    C:\Documents and Settings\Lesley\Cookies\lesley@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup
    C:\Documents and Settings\Lesley\Cookies\lesley@bs.serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned with backup
    C:\Documents and Settings\Lesley\Cookies\lesley@burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned with backup
    C:\Documents and Settings\Lesley\Cookies\lesley@c.enhance[1].txt -> TrackingCookie.Enhance : Cleaned with backup
    C:\Documents and Settings\Lesley\Cookies\lesley@chicagosuntimes.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
    C:\Documents and Settings\Lesley\Cookies\lesley@cnn.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
    C:\Documents and Settings\Lesley\Cookies\lesley@com[2].txt -> TrackingCookie.Com : Cleaned with backup
    C:\Documents and Settings\Lesley\Cookies\lesley@data1.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup
    C:\Documents and Settings\Lesley\Cookies\lesley@data4.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup
    C:\Documents and Settings\Lesley\Cookies\lesley@doubleclick[2].txt -> TrackingCookie.Doubleclick : Cleaned with backup
    C:\Documents and Settings\Lesley\Cookies\lesley@e-2dj6wfk4skczceq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Lesley\Cookies\lesley@e-2dj6wfkoalcpido.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Lesley\Cookies\lesley@e-2dj6wfkoepczicp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Lesley\Cookies\lesley@e-2dj6wfkoghdjsap.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Lesley\Cookies\lesley@e-2dj6wfkokkajakq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Lesley\Cookies\lesley@e-2dj6wfkoqpdpgbq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Lesley\Cookies\lesley@e-2dj6wfkoujc5wbo.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Lesley\Cookies\lesley@e-2dj6wfkyaocjcfp.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Lesley\Cookies\lesley@e-2dj6wfkyohajcao.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Lesley\Cookies\lesley@e-2dj6wfkyojcjwao.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Lesley\Cookies\lesley@e-2dj6wfliokc5wkp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Lesley\Cookies\lesley@e-2dj6wfliqhcjmao.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Lesley\Cookies\lesley@e-2dj6wfmiqgcpwbq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Lesley\Cookies\lesley@e-2dj6wfmiwnazidp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Lesley\Cookies\lesley@e-2dj6wfmyklazsap.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Lesley\Cookies\lesley@e-2dj6wgk4goczkkp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Lesley\Cookies\lesley@e-2dj6wgkiemdpgcq.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Lesley\Cookies\lesley@e-2dj6wgkishdjahp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Lesley\Cookies\lesley@e-2dj6wgkogidzsko.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Lesley\Cookies\lesley@e-2dj6wgliajdjalo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Lesley\Cookies\lesley@e-2dj6wjk4cld5kao.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Lesley\Cookies\lesley@e-2dj6wjk4kkdjggo.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Lesley\Cookies\lesley@e-2dj6wjk4koazwap.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Lesley\Cookies\lesley@e-2dj6wjk4qhajgao.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Lesley\Cookies\lesley@e-2dj6wjkoghdzglo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Lesley\Cookies\lesley@e-2dj6wjkoqoajklp.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Lesley\Cookies\lesley@e-2dj6wjkoumdjsgp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Lesley\Cookies\lesley@e-2dj6wjkycndpsgo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Lesley\Cookies\lesley@e-2dj6wjkysjczeko.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Lesley\Cookies\lesley@e-2dj6wjkysjczwhq.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Lesley\Cookies\lesley@e-2dj6wjl4gmc5ebp.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Lesley\Cookies\lesley@e-2dj6wjliqhajabq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Lesley\Cookies\lesley@e-2dj6wjliwoajcko.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Lesley\Cookies\lesley@e-2dj6wjloapczghp.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Lesley\Cookies\lesley@e-2dj6wjlooicjafo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Lesley\Cookies\lesley@e-
     
    yelsel,
    #4
  6. 2006/05/10
    yelsel

    yelsel Inactive Thread Starter

    Joined:
    2006/05/08
    Messages:
    10
    Likes Received:
    0
    ewido scan part 3 of hopefully 3, but maybe need part 4

    C:\Documents and Settings\Lesley\Cookies\lesley@e-2dj6wjlospcpkeo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Lesley\Cookies\lesley@e-2dj6wjlykhazeeo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Lesley\Cookies\lesley@e-2dj6wjlysgcpwdo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Lesley\Cookies\lesley@e-2dj6wjmigjczikq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Lesley\Cookies\lesley@e-2dj6wjmyuhd5cho.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Lesley\Cookies\lesley@e-2dj6wjmywhc5gep.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Lesley\Cookies\lesley@e-2dj6wjnyenc5adp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Lesley\Cookies\lesley@e-2dj6wjnysmajofq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Lesley\Cookies\lesley@e-2dj6wjnysmczogp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Lesley\Cookies\lesley@fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned with backup
    C:\Documents and Settings\Lesley\Cookies\lesley@h.starware[1].txt -> TrackingCookie.Starware : Cleaned with backup
    C:\Documents and Settings\Lesley\Cookies\lesley@hypertracker[2].txt -> TrackingCookie.Hypertracker : Cleaned with backup
    C:\Documents and Settings\Lesley\Cookies\lesley@image.masterstats[2].txt -> TrackingCookie.Masterstats : Cleaned with backup
    C:\Documents and Settings\Lesley\Cookies\lesley@ivwbox[1].txt -> TrackingCookie.Ivwbox : Cleaned with backup
    C:\Documents and Settings\Lesley\Cookies\lesley@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned with backup
    C:\Documents and Settings\Lesley\Cookies\lesley@meetupcom.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
    C:\Documents and Settings\Lesley\Cookies\lesley@microsofteup.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
    C:\Documents and Settings\Lesley\Cookies\lesley@microsoftwga.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
    C:\Documents and Settings\Lesley\Cookies\lesley@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
    C:\Documents and Settings\Lesley\Cookies\lesley@opodo.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
    C:\Documents and Settings\Lesley\Cookies\lesley@perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup
    C:\Documents and Settings\Lesley\Cookies\lesley@rotator.adjuggler[1].txt -> TrackingCookie.Adjuggler : Cleaned with backup
    C:\Documents and Settings\Lesley\Cookies\lesley@sales.liveperson[2].txt -> TrackingCookie.Liveperson : Cleaned with backup
    C:\Documents and Settings\Lesley\Cookies\lesley@sel.as-us.falkag[1].txt -> TrackingCookie.Falkag : Cleaned with backup
    C:\Documents and Settings\Lesley\Cookies\lesley@sento.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
    C:\Documents and Settings\Lesley\Cookies\lesley@server3.web-stat[2].txt -> TrackingCookie.Web-stat : Cleaned with backup
    C:\Documents and Settings\Lesley\Cookies\lesley@service.liveperson[2].txt -> TrackingCookie.Liveperson : Cleaned with backup
    C:\Documents and Settings\Lesley\Cookies\lesley@serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned with backup
    C:\Documents and Settings\Lesley\Cookies\lesley@stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Lesley\Cookies\lesley@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Cleaned with backup
    C:\Documents and Settings\Lesley\Cookies\lesley@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned with backup
    C:\Documents and Settings\Lesley\Cookies\lesley@try.starware[1].txt -> TrackingCookie.Starware : Cleaned with backup
    C:\Documents and Settings\Lesley\Cookies\lesley@vitacost.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
    C:\Documents and Settings\Lesley\Cookies\lesley@webstat[2].txt -> TrackingCookie.Web-stat : Cleaned with backup
    C:\Documents and Settings\Lesley\Cookies\lesley@www.burstbeacon[1].txt -> TrackingCookie.Burstbeacon : Cleaned with backup
    C:\Documents and Settings\Lesley\Cookies\lesley@www.myaffiliateprogram[2].txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup
    C:\Documents and Settings\Lesley\Cookies\lesley@www.web-stat[2].txt -> TrackingCookie.Web-stat : Cleaned with backup
    C:\Documents and Settings\Lesley\Cookies\lesley@y-1shz2prbmdj6wvny-1sez2pra2dj6wfliomcpcgogudj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Lesley\Cookies\lesley@y-1shz2prbmdj6wvny-1sez2pra2dj6wjk4gncpkdpwidj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Lesley\Cookies\lesley@y-1shz2prbmdj6wvny-1sez2pra2dj6wjk4olcpacowudj6x9ny-1seq-2-2.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Lesley\Cookies\lesley@y-1shz2prbmdj6wvny-1sez2pra2dj6wjkoukajiaoaydj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Lesley\Cookies\lesley@y-1shz2prbmdj6wvny-1sez2pra2dj6wjlieldzeboqmdj6x9ny-1seq-2-2.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Lesley\Cookies\lesley@y-1shz2prbmdj6wvny-1sez2pra2dj6wjliqodzicqaydj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Lesley\Cookies\lesley@y-1shz2prbmdj6wvny-1sez2pra2dj6wjloqkc5oloq6dj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Lesley\Cookies\lesley@y-1shz2prbmdj6wvny-1sez2pra2dj6wjlyuoczgaqaidj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Lesley\Cookies\lesley@y-1shz2prbmdj6wvny-1sez2pra2dj6wjmyehczkkow6dj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Lesley\Cookies\lesley@yadro[1].txt -> TrackingCookie.Yadro : Cleaned with backup
    C:\Documents and Settings\Lesley\My Documents\Downloads\gozilla.exe -> Adware.Aureate : Cleaned with backup
    :mozilla.10:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\o7sbna68.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
    :mozilla.11:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\o7sbna68.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
    :mozilla.23:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\o7sbna68.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
    :mozilla.24:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\o7sbna68.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
    :mozilla.25:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\o7sbna68.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
    :mozilla.26:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\o7sbna68.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
    :mozilla.28:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\o7sbna68.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
    :mozilla.29:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\o7sbna68.default\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup
    :mozilla.30:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\o7sbna68.default\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup
    :mozilla.31:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\o7sbna68.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
    :mozilla.32:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\o7sbna68.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
    :mozilla.34:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\o7sbna68.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
    :mozilla.35:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\o7sbna68.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
    :mozilla.36:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\o7sbna68.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
    :mozilla.37:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\o7sbna68.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned with backup
    :mozilla.46:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\o7sbna68.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
    C:\Documents and Settings\Mike\Cookies\mike@112.2o7[2].txt -> TrackingCookie.2o7 : Cleaned with backup
    C:\Documents and Settings\Mike\Cookies\mike@217.73.66[1].txt -> TrackingCookie.217.73.66.16 : Cleaned with backup
    C:\Documents and Settings\Mike\Cookies\mike@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
    C:\Documents and Settings\Mike\Cookies\mike@adopt.euroclick[1].txt -> TrackingCookie.Euroclick : Cleaned with backup
    C:\Documents and Settings\Mike\Cookies\mike@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned with backup
    C:\Documents and Settings\Mike\Cookies\mike@ds.serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned with backup
    C:\Documents and Settings\Mike\Cookies\mike@e-2dj6wfk4cmcjkco.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Mike\Cookies\mike@e-2dj6wfkyqhc5ido.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Mike\Cookies\mike@e-2dj6wjk4coczkko.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Mike\Cookies\mike@e-2dj6wjliekd5mlo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Mike\Cookies\mike@e-2dj6wjlyegc5afp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Mike\Cookies\mike@e-2dj6wjmiohc5mcp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Mike\Cookies\mike@e-2dj6wjmiqodjoaq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Mike\Cookies\mike@oxcash[2].txt -> TrackingCookie.Oxcash : Cleaned with backup
    C:\Documents and Settings\Mike\Cookies\mike@serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned with backup
    C:\Documents and Settings\Mike\Cookies\mike@y-1shz2prbmdj6wvny-1sez2pra2dj6wfkocidpgapaudj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Mike\Cookies\mike@y-1shz2prbmdj6wvny-1sez2pra2dj6wjnycndpmboq2dj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Program Files\SpywareBot\Quarantine\08-05-2006-18-05-57\10004.qit -> TrackingCookie.Addynamix : Cleaned with backup
    C:\Program Files\SpywareBot\Quarantine\08-05-2006-18-05-57\10008.qit -> TrackingCookie.Specificpop : Cleaned with backup
    C:\Program Files\SpywareBot\Quarantine\08-05-2006-18-05-57\10018.qit -> TrackingCookie.Smartadserver : Cleaned with backup
    C:\Program Files\SpywareBot\Quarantine\08-05-2006-18-05-57\10020.qit -> TrackingCookie.Adserver : Cleaned with backup
    C:\Program Files\SpywareBot\Quarantine\08-05-2006-18-05-57\10022.qit -> TrackingCookie.Counted : Cleaned with backup
    C:\Program Files\SpywareBot\Quarantine\08-05-2006-18-05-57\10023.qit -> TrackingCookie.Bluestreak : Cleaned with backup
    C:\Program Files\SpywareBot\Quarantine\08-05-2006-18-05-57\10024.qit -> TrackingCookie.Sexcounter : Cleaned with backup
    C:\Program Files\SpywareBot\Quarantine\08-05-2006-18-05-57\10025.qit -> TrackingCookie.Sexlist : Cleaned with backup
    C:\Program Files\SpywareBot\Quarantine\08-05-2006-18-05-57\10026.qit -> TrackingCookie.Sextracker : Cleaned with backup
    C:\Program Files\SpywareBot\Quarantine\08-05-2006-18-05-57\10027.qit -> TrackingCookie.Sextracker : Cleaned with backup
    C:\Program Files\SpywareBot\Quarantine\08-05-2006-18-05-57\10028.qit -> TrackingCookie.Sextracker : Cleaned with backup
    C:\Program Files\SpywareBot\Quarantine\08-05-2006-18-05-57\10029.qit -> TrackingCookie.Sextracker : Cleaned with backup
    C:\Program Files\SpywareBot\Quarantine\08-05-2006-18-05-57\10030.qit -> TrackingCookie.Sextracker : Cleaned with backup
    C:\Program Files\SpywareBot\Quarantine\08-05-2006-18-05-57\10031.qit -> TrackingCookie.Sextracker : Cleaned with backup
    C:\Program Files\SpywareBot\Quarantine\08-05-2006-18-05-57\10032.qit -> TrackingCookie.Spylog : Cleaned with backup
    C:\Program Files\SpywareBot\Quarantine\08-05-2006-18-05-57\10036.qit -> TrackingCookie.Zedo : Cleaned with backup
    C:\Program Files\SpywareBot\Quarantine\08-05-2006-18-05-57\10037.qit -> TrackingCookie.Zedo : Cleaned with backup
    C:\Program Files\SpywareBot\Quarantine\08-05-2006-18-05-57\10038.qit -> TrackingCookie.Zedo : Cleaned with backup
    C:\Program Files\SpywareBot\Quarantine\08-05-2006-18-05-57\10039.qit -> TrackingCookie.Zedo : Cleaned with backup


    ::Report End


    SECOND REPORT



    ---------------------------------------------------------
    ewido anti-malware - Scan report
    ---------------------------------------------------------

    + Created on: 13:18:00, 10/05/2006
    + Report-Checksum: C19E9A30

    + Scan result:

    :mozilla.5:C:\Documents and Settings\Lesley\Application Data\Mozilla\Firefox\Profiles\25qesppp.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
    :mozilla.6:C:\Documents and Settings\Lesley\Application Data\Mozilla\Firefox\Profiles\25qesppp.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
    :mozilla.20:C:\Documents and Settings\Lesley\Application Data\Mozilla\Firefox\Profiles\25qesppp.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
    :mozilla.35:C:\Documents and Settings\Lesley\Application Data\Mozilla\Firefox\Profiles\25qesppp.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
    :mozilla.60:C:\Documents and Settings\Lesley\Application Data\Mozilla\Firefox\Profiles\25qesppp.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
    :mozilla.83:C:\Documents and Settings\Lesley\Application Data\Mozilla\Firefox\Profiles\25qesppp.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
    :mozilla.106:C:\Documents and Settings\Lesley\Application Data\Mozilla\Firefox\Profiles\25qesppp.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
    :mozilla.116:C:\Documents and Settings\Lesley\Application Data\Mozilla\Firefox\Profiles\25qesppp.default\cookies.txt -> TrackingCookie.Centrport : Cleaned with backup
    :mozilla.123:C:\Documents and Settings\Lesley\Application Data\Mozilla\Firefox\Profiles\25qesppp.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
    :mozilla.125:C:\Documents and Settings\Lesley\Application Data\Mozilla\Firefox\Profiles\25qesppp.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
    :mozilla.131:C:\Documents and Settings\Lesley\Application Data\Mozilla\Firefox\Profiles\25qesppp.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
    :mozilla.134:C:\Documents and Settings\Lesley\Application Data\Mozilla\Firefox\Profiles\25qesppp.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
    :mozilla.139:C:\Documents and Settings\Lesley\Application Data\Mozilla\Firefox\Profiles\25qesppp.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
    :mozilla.141:C:\Documents and Settings\Lesley\Application Data\Mozilla\Firefox\Profiles\25qesppp.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
    :mozilla.612:C:\Documents and Settings\Lesley\Application Data\Mozilla\Firefox\Profiles\25qesppp.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned with backup
    :mozilla.617:C:\Documents and Settings\Lesley\Application Data\Mozilla\Firefox\Profiles\25qesppp.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup
    :mozilla.618:C:\Documents and Settings\Lesley\Application Data\Mozilla\Firefox\Profiles\25qesppp.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup
    :mozilla.642:C:\Documents and Settings\Lesley\Application Data\Mozilla\Firefox\Profiles\25qesppp.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup
    :mozilla.659:C:\Documents and Settings\Lesley\Application Data\Mozilla\Firefox\Profiles\25qesppp.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
    :mozilla.691:C:\Documents and Settings\Lesley\Application Data\Mozilla\Firefox\Profiles\25qesppp.default\cookies.txt -> TrackingCookie.Weborama : Cleaned with backup
    :mozilla.694:C:\Documents and Settings\Lesley\Application Data\Mozilla\Firefox\Profiles\25qesppp.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup
    :mozilla.715:C:\Documents and Settings\Lesley\Application Data\Mozilla\Firefox\Profiles\25qesppp.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
    :mozilla.737:C:\Documents and Settings\Lesley\Application Data\Mozilla\Firefox\Profiles\25qesppp.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup
    :mozilla.758:C:\Documents and Settings\Lesley\Application Data\Mozilla\Firefox\Profiles\25qesppp.default\cookies.txt -> TrackingCookie.Targetnet : Cleaned with backup
    :mozilla.771:C:\Documents and Settings\Lesley\Application Data\Mozilla\Firefox\Profiles\25qesppp.default\cookies.txt -> TrackingCookie.Coremetrics : Cleaned with backup
    :mozilla.772:C:\Documents and Settings\Lesley\Application Data\Mozilla\Firefox\Profiles\25qesppp.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup
    :mozilla.783:C:\Documents and Settings\Lesley\Application Data\Mozilla\Firefox\Profiles\25qesppp.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup
    :mozilla.791:C:\Documents and Settings\Lesley\Application Data\Mozilla\Firefox\Profiles\25qesppp.default\cookies.txt -> TrackingCookie.Targetnet : Cleaned with backup
    C:\Documents and Settings\Lesley\Cookies\lesley@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup


    ::Report End
     
    yelsel,
    #5
  7. 2006/05/10
    yelsel

    yelsel Inactive Thread Starter

    Joined:
    2006/05/08
    Messages:
    10
    Likes Received:
    0
    hijack log

    This was easy! I hope I've done the right thing.

    Logfile of HijackThis v1.99.1
    Scan saved at 14:56:42, on 10/05/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\HJT.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;<local>
    O2 - BHO: Nothing - {b0398eca-0bcd-4645-8261-5e9dc70248d0} - C:\WINDOWS\system32\hp52FB.tmp (file missing)
    O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
    O3 - Toolbar: Big Fish Games Toolbar - {4E7BD74F-2B8D-469E-86BD-FD60BB9AAE3A} - C:\PROGRA~1\BFGTOO~1\BFGTOO~1.DLL (file missing)
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
    O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
    O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
    O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
    O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
    O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [SpywareBot] C:\Program Files\SpywareBot\SpywareBot.exe -boot
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
    O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
    O4 - HKCU\..\Run: [Radio365Agent] C:\PROGRA~1\Live365\Radio365\Radio365TrayAgent.exe
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: MagicKey.lnk = C:\Program Files\MagicKey\MagicKey.exe
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
    O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
    O8 - Extra context menu item: StumbleUpon: &Blog This - res://C:\WINDOWS\system32\s1927.dll/blogimage
    O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
    O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
    O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: JT's Blocks - http://download.games.yahoo.com/games/clients/y/blt1_x.cab
    O16 - DPF: Toki Toki Boom - http://download.games.yahoo.com/games/clients/y/vtn_x.cab
    O16 - DPF: Yahoo! Bingo - http://download.games.yahoo.com/games/clients/y/xt0_x.cab
    O16 - DPF: Yahoo! Dice - http://download.games.yahoo.com/games/clients/y/dct2_x.cab
    O16 - DPF: Yahoo! Graffiti - http://download.games.yahoo.com/games/clients/y/grt5_x.cab
    O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potd_x.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
    O16 - DPF: {402EE96E-2CE8-482D-ADA5-CECEEA07E16D} (TurnTool Scene) - http://www.turntool.com/ViewerInstall.exe
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,84/mcinsctl.cab
    O16 - DPF: {78AEEDE8-7345-4FB5-A8FE-4BFF16EF25FC} (McAfee Virtual Technician Control Class) - http://us-download.mcafee.com/products/protected/mvt/mvt.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://webchat.dell.com/Media/VisitorChat/TLIEFlash.CAB
    O16 - DPF: {AE9DCB17-F804-11D2-A44A-0020182C1446} (IntraLaunch.MainControl) - file://D:\Resources\IntraLaunch.CAB
    O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,21/mcgdmgr.cab
    O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
    O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
    O16 - DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} (Zylom Loader Object) - http://eu.download.games.yahoo.com/zylom/activex/zylomloader.cab
    O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://download.games.yahoo.com/games/web_games/tikgames/goldfever/goldfever.cab
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://download.games.yahoo.com/games/popcap/zuma/popcaploader_v5.cab
    O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download/files/abasetup145.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
    O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
    O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
    O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
     
    yelsel,
    #6
  8. 2006/05/10
    PeteC

    PeteC SuperGeek Staff

    Joined:
    2002/05/10
    Messages:
    28,896
    Likes Received:
    389
    I cannot believe the number of tracking cookies that Ewido cleaned out especially as you have Windows Defender loaded which should have taken care of those - if it is set up correctly - remind me to go through that when we finish the present task.

    You are still infected with securityuptodate.com .....

    Download SmitfraudFix - smitfraudfix.zip by clicking on this link - this is a compressed file and the contents must be extracted to a folder on your Desktop.

    As you are running XP and will be using the Extraction Wizard.

    Right click on the zip file and click on Extract all.

    The Extraction Wizard opens > click on next > Select a Destination > click on Browse > click on Desktop > click on OK > click on next and the files will be extracted. A Window will open showing the contents of your Desktop - close it and go to the Desktop and you should see a new folder on it - SmitfraudFix.

    Open the SmitfraudFix folder again and double click on Smitfraudfix.cmd

    If a Security Warning pops up hit the Run button

    A command window appears > press any key to continue

    On the line with the flashing cursor 'Enter your choice (1.2 ....) type 1 and press Enter

    The program scans your system and when the scan has completed a Notepad window opens containing the scan report.

    Select Edit from the menu bar then Select All from the dropdown menu - the text is highlighted in blue

    Select Edit from the menu bar then Copy

    Return to your thread here and hit Reply and right click on the white area of the message pane and select Paste from the menu which appears. The report will be pasted into your reply.
     
    PeteC,
    #7
  9. 2006/05/10
    yelsel

    yelsel Inactive Thread Starter

    Joined:
    2006/05/08
    Messages:
    10
    Likes Received:
    0
    smitfraudx

    Thank you so much Pete for your help thus far.

    Below is the Smitfraudfix file. If you could tell me in a few words, how do you know that I'm still infected? Don't worry if it's too complicated. I'm very grateful for the amount of time you've spent on me already.








    SmitFraudFix v2.42

    Scan done at 20:22:44.51, 10/05/2006
    Run from C:\Documents and Settings\Lesley\Desktop\SmitfraudFix
    OS: Microsoft Windows XP [Version 5.1.2600]

    »»»»»»»»»»»»»»»»»»»»»»»» C:\


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

    C:\WINDOWS\system32\atmclk.exe FOUND !
    C:\WINDOWS\system32\dcomcfg.exe FOUND !
    C:\WINDOWS\system32\ld????.tmp FOUND !
    C:\WINDOWS\system32\ot.ico FOUND !
    C:\WINDOWS\system32\regperf.exe FOUND !
    C:\WINDOWS\system32\stdole3.tlb FOUND !
    C:\WINDOWS\system32\ts.ico FOUND !

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Lesley\Application Data


    »»»»»»»»»»»»»»»»»»»»»»»» Start Menu


    »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Lesley\FAVORI~1

    C:\DOCUME~1\Lesley\FAVORI~1\Antivirus Test Online.url FOUND !

    »»»»»»»»»»»»»»»»»»»»»»»» Desktop


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


    »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


    »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
    "Source "= "http://www.robbiewilliams-info.com/images/wpspecialapril2003_480.jpg "
    "SubscribedURL "= "http://www.robbiewilliams-info.com/images/wpspecialapril2003_480.jpg "
    "FriendlyName "=" "

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\1]
    "Source "= "http://www.robbiewilliams-info.com/images/greatesthitsbig_480.jpg "
    "SubscribedURL "= "http://www.robbiewilliams-info.com/images/greatesthitsbig_480.jpg "
    "FriendlyName "=" "
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\2]
    "Source "= "About:Home "
    "SubscribedURL "= "About:Home "
    "FriendlyName "= "My Current Home Page "

    »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    »»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


    »»»»»»»»»»»»»»»»»»»»»»»» End
     
    yelsel,
    #8
  10. 2006/05/10
    PeteC

    PeteC SuperGeek Staff

    Joined:
    2002/05/10
    Messages:
    28,896
    Likes Received:
    389
    This line is the clue - the fix was not complete ....

    O2 - BHO: Nothing - {b0398eca-0bcd-4645-8261-5e9dc70248d0} - C:\WINDOWS\system32\hp52FB.tmp (file missing)

    confirmed by the Smitfraud log you just posted ....
    The next stage .....

    You may like to print out these instructions as you will be unable to connect to the Internet to read them while in Safe Mode.

    Boot into Safe Mode and log onto your usual account.
    In Safe Mode, open the SmitfraudFix folder again and double-click smitfraudfix.cmd

    Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

    You will be prompted : "Registry cleaning - Do you want to clean the registry ? "; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

    The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter ".

    The tool may need to restart your computer to finish the cleaning process. A text file will appear onscreen, with results from the cleaning process - a copy of this file is saved as C:\rapport.txt.

    Reboot into Safe Mode, scan with HJT, reboot into Normal Mode and post the HJT log and the contents of the SmitfraudFix log located at C:\rapport.txt into this thread.
     
    PeteC,
    #9
  11. 2006/05/10
    yelsel

    yelsel Inactive Thread Starter

    Joined:
    2006/05/08
    Messages:
    10
    Likes Received:
    0
    I hope this looks better.......

    A couple of little things
    1) I used MSCONFIG and SAFEBOOT to get into safe mode. Hope that is the same thing
    2) HJT kept telling me to put it somewhere less fragile than a temp file even although I had done exactly as you said and put it in C:\ HJT

    Again many many thanks



    SmitFraudFix v2.42

    Scan done at 23:32:31.71, 10/05/2006
    Run from C:\Documents and Settings\Lesley\Desktop\SmitfraudFix
    OS: Microsoft Windows XP [Version 5.1.2600]

    »»»»»»»»»»»»»»»»»»»»»»»» Killing process


    »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

    C:\WINDOWS\system32\dcomcfg.exe Deleted
    C:\WINDOWS\system32\ld????.tmp Deleted
    C:\WINDOWS\system32\ot.ico Deleted
    C:\WINDOWS\system32\regperf.exe Deleted
    C:\WINDOWS\system32\stdole3.tlb Deleted
    C:\WINDOWS\system32\ts.ico Deleted
    C:\DOCUME~1\Lesley\FAVORI~1\Antivirus Test Online.url Deleted

    »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


    »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

    Registry Cleaning done.

    »»»»»»»»»»»»»»»»»»»»»»»» End






    Logfile of HijackThis v1.99.1
    Scan saved at 23:51:07, on 10/05/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\ewido anti-malware\ewidoctrl.exe
    c:\program files\mcafee.com\agent\mcdetect.exe
    c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\MsPMSPSv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\igfxtray.exe
    C:\WINDOWS\System32\hkcmd.exe
    C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
    C:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
    C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
    C:\Program Files\Picasa2\PicasaMediaDetector.exe
    C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\McAfee.com\VSO\mcvsshld.exe
    C:\Program Files\McAfee.com\VSO\oasclnt.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Multimedia Card Reader\shwicon2k.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\PROGRA~1\Live365\Radio365\Radio365TrayAgent.exe
    C:\Program Files\Skype\Phone\Skype.exe
    c:\progra~1\mcafee.com\vso\mcvsescn.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
    C:\Program Files\MagicKey\MagicKey.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
    C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
    c:\progra~1\mcafee.com\vso\mcvsftsn.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\MagicKey\OSD.EXE
    C:\Program Files\MagicKey\MulMouse.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktopOE.exe
    C:\HJT.exe

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;<local>
    O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
    O3 - Toolbar: Big Fish Games Toolbar - {4E7BD74F-2B8D-469E-86BD-FD60BB9AAE3A} - C:\PROGRA~1\BFGTOO~1\BFGTOO~1.DLL (file missing)
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
    O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
    O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
    O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
    O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
    O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [SpywareBot] C:\Program Files\SpywareBot\SpywareBot.exe -boot
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
    O4 - HKCU\..\Run: [Radio365Agent] C:\PROGRA~1\Live365\Radio365\Radio365TrayAgent.exe
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: MagicKey.lnk = C:\Program Files\MagicKey\MagicKey.exe
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
    O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
    O8 - Extra context menu item: StumbleUpon: &Blog This - res://C:\WINDOWS\system32\s1927.dll/blogimage
    O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
    O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
    O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: JT's Blocks - http://download.games.yahoo.com/games/clients/y/blt1_x.cab
    O16 - DPF: Toki Toki Boom - http://download.games.yahoo.com/games/clients/y/vtn_x.cab
    O16 - DPF: Yahoo! Bingo - http://download.games.yahoo.com/games/clients/y/xt0_x.cab
    O16 - DPF: Yahoo! Dice - http://download.games.yahoo.com/games/clients/y/dct2_x.cab
    O16 - DPF: Yahoo! Graffiti - http://download.games.yahoo.com/games/clients/y/grt5_x.cab
    O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potd_x.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
    O16 - DPF: {402EE96E-2CE8-482D-ADA5-CECEEA07E16D} (TurnTool Scene) - http://www.turntool.com/ViewerInstall.exe
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,84/mcinsctl.cab
    O16 - DPF: {78AEEDE8-7345-4FB5-A8FE-4BFF16EF25FC} (McAfee Virtual Technician Control Class) - http://us-download.mcafee.com/products/protected/mvt/mvt.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://webchat.dell.com/Media/VisitorChat/TLIEFlash.CAB
    O16 - DPF: {AE9DCB17-F804-11D2-A44A-0020182C1446} (IntraLaunch.MainControl) - file://D:\Resources\IntraLaunch.CAB
    O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,21/mcgdmgr.cab
    O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
    O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
    O16 - DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} (Zylom Loader Object) - http://eu.download.games.yahoo.com/zylom/activex/zylomloader.cab
    O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://download.games.yahoo.com/games/web_games/tikgames/goldfever/goldfever.cab
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://download.games.yahoo.com/games/popcap/zuma/popcaploader_v5.cab
    O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download/files/abasetup145.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
    O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
    O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
    O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
     
    yelsel,
    #10
  12. 2006/05/11
    PeteC

    PeteC SuperGeek Staff

    Joined:
    2002/05/10
    Messages:
    28,896
    Likes Received:
    389
    Msconfig > Safeboot is the same as the F8 procedure - I have not heard of that warning from HJT before, but C:\HJT is fine.

    Your system looks to be clean - have the problems you were experiencing disappeared?

    As a final check run an online virus scan at Housecall - accessible through Quicklinks in my signature.

    On last thing to do ....

    Turn off System Restore, reboot and turn System Restore back on. A number of your restore points will almost certainly contain the infections which you would not want to restore :) Turning off System Restore deletes the restore points.

    With regard to Windows Defender the default automatic scanning time - as I recall - I am using another similar app. on my desktop so cannot check without firing up the laptop which has Defender installed - is 2 am. Why, I don't know. Too many apps work on the basis that computers are never turned off - not usually appropriate to home systems or laptops.

    I guess your computer has never been scanned with Defender so open it up and set the autoscan time to something more appropriate to your usage - and run a manual scan anyway.
     
    PeteC,
    #11
  13. 2006/05/11
    yelsel

    yelsel Inactive Thread Starter

    Joined:
    2006/05/08
    Messages:
    10
    Likes Received:
    0
    Your system looks to be clean - have the problems you were experiencing disappeared?
    The most important thing is that the system looks clean to your eyes.:)

    A couple of strange things happened last night after SmitFraudfix - my internet home page switched to MSN and my background picture ( a beautiful brolga) disappeared entirely. However there was no problem changing to what I wanted, and since then there has been no change.

    I still have the three dodgy icons mentioned in my first posting, sitting on the desk top, although two of them have been stripped of their original icon and have a generic white and blue icon instead. I'd love to get rid of them especially the mediacodec one. Is right click + delete OK, or is it too easy? Also, I got rid of the AD-Aware, which was probably genuine and the Bogus Spy-Bot through remove programs but I still have the dodgy Bot Setup icon on the desktop.

    As a final check run an online virus scan at Housecall - accessible through Quicklinks in my signature.
    I couldn't get HOusecall to work. It stuck on one kernel, so I tried the other and it got stuck there too. However, the good news is thatI realised why my favourite computer games weren't working. I no longer seemed to have a functioning version of Java. I downloaded it when prompted by Housecall and gave the games a try - they work. Actually, it was kind of nice not to have them!

    On last thing to do ....

    Turn off System Restore, reboot and turn System Restore back on. A number of your restore points will almost certainly contain the infections which you would not want to restore :) Turning off System Restore deletes the restore points.
    OK. Done that.

    With regard to Windows Defender the default automatic scanning time - as I recall - I am using another similar app. on my desktop so cannot check without firing up the laptop which has Defender installed - is 2 am. Why, I don't know. Too many apps work on the basis that computers are never turned off - not usually appropriate to home systems or laptops.

    I guess your computer has never been scanned with Defender so open it up and set the autoscan time to something more appropriate to your usage - and run a manual scan anyway.

    You were right about the 2 am scan - my computer is seldom on then so I've rescheduled. Actually though, I only downloaded defender this week during the panic and I ran it then. It came up with loads of stuff but I suppose I got reinfected. I ran it again just now and it said my system is working normally.

    Better than normally actually, I hadn't realised how sluggish it had become....it's much crisper now.

    So Pete C, we are very nearly at the end and I am so grateful for all your help. I wish there was a new way of saying thank you.
     
    yelsel,
    #12
  14. 2006/05/11
    PeteC

    PeteC SuperGeek Staff

    Joined:
    2002/05/10
    Messages:
    28,896
    Likes Received:
    389
    PeteC,
    #13
  15. 2006/05/11
    yelsel

    yelsel Inactive Thread Starter

    Joined:
    2006/05/08
    Messages:
    10
    Likes Received:
    0
    Read it. Very useful. Acted on it myself and emailed the link to my nearest and dearest. :)
    Thanks again.
     
    yelsel,
    #14

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...