aghoffmann

Members
 View Profile  See their activity

  • Content Count

    32

  • Joined

  • Last visited

 Content Type 

Posts posted by aghoffmann

  1. Outlook issues and more

    in Windows 10, 8, 7, Vista, and XP

    Posted

    I have a number of issues that have recently cropped up with my PC. Most seem to be associated with when Outlook started acting up. When I click to open Outlook it will more times than not display the splash screen, then start to open. The main screen opens and tool bars will open, and usually the Folder List will open, but the email window remains blank and Outlook locks up. I will leave the machine and come back in an hour or so and the hour glass is still there and the program is still locked up. I then open task manager and shut it down. The next time it opens it gives the option to open in Safe Mode, which I do.

    Also, when Outlook does work and closes properly, it leaves a "ghost" of part of its task bar. I have duel monitors. I always have Outlook open in the right monitor, but the ghost appears in the upper left corner of the left monitor. Attached is a screen capture of the ghost.

    I have cleared the deleted files, archived, and compacted the file, but still get the same behavior. Any thoughts?

    Along with the Outlook issue, my pc (windows XP 3) has slowed down significantly. I have "cleaned" the pc and I defragment regularly. I use the purchased version of AVG and have Spy-bot resident operating. I recently ran A2-free and it did find one Trogan, which I quarantined, but it had no effect on the PCs performance.

    Perhaps this should be a different topic, but I'll ask it here. Are there any Driver updating programs you recommend? I installed "Driver Robot". I used it to scan and it found outdated drivers, but I haven't made any changes with it yet. Could this be messing with my machine? Also, I see many "Registry cleaners" out there. I've never used or even downloaded any, but I wonder what your thoughts are about those types of programs or if you can recommend any.

    post-1270-125772811203_thumb.jpg

  3. Can You Edit Form Field Auto Fill

    in PC Tips and Tricks

    Posted

    Many of the sites I visit on the internet require a log-in Username and password, and lots of sites require additional form fields to be filled in. When I log on to these site and click in a form field I usually get a drop down list of things I have entered in that field in the past. As time goes by the list gets longer primarily because of my bad typing.

    Is there a way to edit these entries? I suspect that there is a file that the browser uses to store these... and likely cookies may be involved.

    How can I go about editing the bad entries in these files?

  4. Email Issue

    in Windows 10, 8, 7, Vista, and XP

    Posted

    I periodically get a flurry of "Mail Delivery System" errors. I just sat down and checked my email after checking it only about 3 hours ago and had over 60 emails with some variation of the Returned mail / failure notice / Undeliverable mail / etc. This has occurred to me several times in the past. It seems I'll get a series of these, then nothing for a few months.

    When I look at the emails it appears that emails were sent using my email address. In other words it appears that my email was "hijacked". The returned "Mail Delivery System" emails appear to be from all over the world.

    I sent a hijackthis log to the malware forum the last time this happened a few months ago and had a "clean" machine. They recommended I contact the PC forum.

    Any idea why I would get these? I have saved the emails this round. Would any information from them be helpful in figuring this out?

    Thanks,

    Andy

  5. Mail Delivery System Overload

    in Malware Removal

    Posted

    Hi Chuck,

    Thanks for the fast response. I'm glad the log looks clean.

    How do I confirm the restrictions you suggest below?

    Thanks,

    Andy

    Howdy Andy, your log looks clean of infections. I don't know why you are having email problems. Try posting the problem in the PC Support section here at BesTechie.

    Please confirm that you have put the following restrictions / controlled options yourself as an administrator :

    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

    Thanks

    Chuck

  6. Mail Delivery System Overload

    in Malware Removal

    Posted

    I checked my email this morning and had over 600 "Mail Delivery System" type error messages. I've checked through the day and I'm still receiving them. The "From" and "Subject" lines vary in wording, but all indicate the a mail server somewhere is rejecting mail sent from me. Could I have some sort of Malware that is sending SPAM or worse from my machine. I have an up-to-date version of AVG 7.5 running on my machine and I also ran it this morning after I detected the problem. It only found a few tracking cookies.

    Here's the HijackThis log:

    Logfile of Trend Micro HijackThis v2.0.2

    Scan saved at 7:11:53 PM, on 6/3/2008

    Platform: Windows XP SP2 (WinNT 5.01.2600)

    MSIE: Internet Explorer v7.00 (7.00.6000.16640)

    Boot mode: Normal

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\System32\Ati2evxx.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\Program Files\Ahead\InCD\InCDsrv.exe

    C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe

    C:\WINDOWS\system32\spoolsv.exe

    c:\program files\a-squared free\a2service.exe

    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

    C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe

    C:\CFusionMX\runtime\bin\jrunsvc.exe

    C:\CFusionMX\db\slserver52\bin\swagent.exe

    C:\CFusionMX\runtime\bin\jrun.exe

    C:\CFusionMX\db\slserver52\bin\swstrtr.exe

    C:\CFusionMX\db\slserver52\bin\swsoc.exe

    C:\WINDOWS\System32\inetsrv\inetinfo.exe

    C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

    C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE

    C:\WINDOWS\system32\Ati2evxx.exe

    C:\WINDOWS\Explorer.EXE

    C:\PROGRA~1\MI6841~1\MSSQL\binn\sqlservr.exe

    C:\Program Files\MySQL\MySQL Server 4.1\bin\mysqld-nt.exe

    C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE

    C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe

    c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

    C:\WINDOWS\System32\svchost.exe

    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

    C:\WINDOWS\system32\DRIVERS\WtSrv.exe

    C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe

    C:\Program Files\Ahead\InCD\InCD.exe

    C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe

    C:\Program Files\iTunes\iTunesHelper.exe

    C:\WINDOWS\System32\fxredir.exe

    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE

    C:\Program Files\Microsoft IntelliPoint\point32.exe

    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

    C:\WINDOWS\system32\WService.EXE

    C:\WINDOWS\StartupMonitor.exe

    C:\Program Files\QuickTime\qttask.exe

    C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe

    C:\Program Files\Pure Networks\Network Magic\nmapp.exe

    C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe

    C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe

    C:\Program Files\SpywareGuard\sgmain.exe

    C:\Program Files\SpywareGuard\sgbhp.exe

    C:\Program Files\iPod\bin\iPodService.exe

    C:\WINDOWS\System32\dllhost.exe

    C:\Program Files\MSN Messenger\usnsvc.exe

    C:\Program Files\Microsoft Office\Office10\EXCEL.EXE

    C:\WINDOWS\system32\inetsrv\DavCData.exe

    C:\Program Files\Mozilla Firefox\firefox.exe

    C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE

    C:\Program Files\Microsoft Office\Office10\WINWORD.EXE

    C:\WINDOWS\explorer.exe

    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://andy/HoffmannPages/local.htm

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx

    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL

    O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll

    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll

    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll

    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

    O4 - HKLM\..\Run: [inCD] C:\Program Files\Ahead\InCD\InCD.exe

    O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe

    O4 - HKLM\..\Run: [fxredir] C:\WINDOWS\System32\fxredir.exe

    O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P30 "EPSON Stylus Photo R300 Series" /O6 "USB001" /M "Stylus Photo R300"

    O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"

    O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

    O4 - HKLM\..\Run: [WService] WService.EXE

    O4 - HKLM\..\Run: [Run StartupMonitor] StartupMonitor.exe

    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

    O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"

    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

    O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash

    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')

    O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')

    O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')

    O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')

    O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe

    O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe

    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

    O4 - Global Startup: autosetupwizard.lnk = ?

    O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe

    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm

    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

    O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?b0e95273d9624c4fb9c5f87ea50a6d3

    O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?b0e95273d9624c4fb9c5f87ea50a6d3

    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL

    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200612...ex/qtplugin.cab

    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab

    O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedInContactFinderControl.cab

    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab

    O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - http://www.nanoscan.com/as/v1/cabs/ascstubie.cab

    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

    O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab

    O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - http://www-307.ibm.com/pc/support/IbmEgath.cab

    O16 - DPF: {8436FE12-31DB-48BF-83BF-FE682F9160B4} (NanoInstaller Class) - http://www.nanoscan.com/cabs/nanoinst.cab

    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

    O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://secure.photofinale.com/ImageUploade...geUploader3.cab

    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL

    O20 - Winlogon Notify: avgwlntf - C:\WINDOWS\SYSTEM32\avgwlntf.dll

    O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - c:\program files\a-squared free\a2service.exe

    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe

    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

    O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe

    O23 - Service: AVG Firewall (AVGFwSrv) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe

    O23 - Service: ColdFusion MX Application Server - Macromedia Inc. - C:\CFusionMX\runtime\bin\jrunsvc.exe

    O23 - Service: ColdFusion MX ODBC Agent - Unknown owner - C:\CFusionMX\db\slserver52\bin\swagent.exe

    O23 - Service: ColdFusion MX ODBC Server - Unknown owner - C:\CFusionMX\db\slserver52\bin\swstrtr.exe

    O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe

    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

    O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe

    O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

    O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)

    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

    O23 - Service: MpService - Canon Inc - C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE

    O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)

    O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe

    O23 - Service: Pure Networks Network Magic Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe

    O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE

    O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe

    O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

    O23 - Service: WinTab Service (WinTabService) - Unknown owner - C:\WINDOWS\system32\DRIVERS\WtSrv.exe

    --

    End of file - 14330 bytes

  7. 1680 X 1050 Resolution On Sapphire Graphics Card

    in Windows 10, 8, 7, Vista, and XP

    Posted

    I have a Sapphire Radeon 9600SE Edition 128MB graphics card running dual monitors. The two monitors are an old 17" Sony Trinitron and a Nokis 447L. The Sony monitor is dying (yellow color and cuts out frequently). I'd like to replace the Sony with a 20" flatscreen LCD monitor. All the flat screens I've looked at use a resolution of 1680x1050 (which I think it the HxW ratio of HDTV). The Sapphire card doesn't support the 1680x1050 resolution. Is there a driver update that would help, or am I destined to get a new graphics card too?

  9. Photoshop Taking Over[RESOLVED]

    in Malware Removal

    Posted · Edited by Andy

    Attached is a new Hijackthis log

    Hmmm... attachment didn't seem to work, so I've cut and pasted it below

    Thanks a lot

    ~~~~~~~~~~~~~~~~~~~~~~~~~

    Logfile of HijackThis v1.99.1

    Scan saved at 9:26:27 AM, on 1/3/2007

    Platform: Windows XP SP2 (WinNT 5.01.2600)

    MSIE: Internet Explorer v7.00 (7.00.5730.0011)

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\System32\Ati2evxx.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\Program Files\Ahead\InCD\InCDsrv.exe

    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

    C:\CFusionMX\runtime\bin\jrunsvc.exe

    C:\CFusionMX\db\slserver52\bin\swagent.exe

    C:\CFusionMX\runtime\bin\jrun.exe

    C:\CFusionMX\db\slserver52\bin\swstrtr.exe

    C:\CFusionMX\db\slserver52\bin\swsoc.exe

    C:\WINDOWS\System32\inetsrv\inetinfo.exe

    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

    C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE

    C:\PROGRA~1\MI6841~1\MSSQL\binn\sqlservr.exe

    C:\Program Files\MySQL\MySQL Server 4.1\bin\mysqld-nt.exe

    C:\Program Files\Norton AntiVirus\navapsvc.exe

    C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe

    C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE

    C:\WINDOWS\system32\Ati2evxx.exe

    C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe

    C:\WINDOWS\Explorer.EXE

    C:\WINDOWS\system32\DRIVERS\WtSrv.exe

    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

    C:\Program Files\Ahead\InCD\InCD.exe

    C:\Program Files\iTunes\iTunesHelper.exe

    C:\WINDOWS\System32\fxredir.exe

    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE

    C:\Program Files\Picasa2\PicasaMediaDetector.exe

    C:\Program Files\Microsoft IntelliPoint\point32.exe

    C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe

    C:\Program Files\Common Files\Symantec Shared\ccApp.exe

    C:\WINDOWS\system32\WService.EXE

    C:\WINDOWS\StartupMonitor.exe

    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

    C:\Program Files\iPod\bin\iPodService.exe

    C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe

    C:\WINDOWS\System32\svchost.exe

    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

    C:\Program Files\MSN Messenger\msnmsgr.exe

    C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe

    C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe

    C:\WINDOWS\System32\svchost.exe

    C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe

    C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe

    C:\Program Files\SpywareGuard\sgmain.exe

    C:\Program Files\SpywareGuard\sgbhp.exe

    C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE

    C:\WINDOWS\System32\dllhost.exe

    C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE

    C:\Program Files\Mozilla Firefox\firefox.exe

    C:\Program Files\Microsoft Office\Office10\WINWORD.EXE

    C:\WINDOWS\explorer.exe

    C:\HijackThis\HijackThis.exe

    C:\Program Files\Messenger\msmsgs.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://andy/HoffmannPages/local.htm

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx

    O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll

    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll

    O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll

    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll

    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

    O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll

    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll

    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

    O4 - HKLM\..\Run: [inCD] C:\Program Files\Ahead\InCD\InCD.exe

    O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe

    O4 - HKLM\..\Run: [fxredir] C:\WINDOWS\System32\fxredir.exe

    O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P30 "EPSON Stylus Photo R300 Series" /O6 "USB001" /M "Stylus Photo R300"

    O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe

    O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"

    O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"

    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

    O4 - HKLM\..\Run: [NAV CfgWiz] "C:\Program Files\Norton AntiVirus\CfgWiz.exe" /GUID {0D7956A2-5A08-4ec2-A72C-DF8495A66016} /MODE CfgWiz /CMDLINE "REBOOT"

    O4 - HKLM\..\Run: [WService] WService.EXE

    O4 - HKLM\..\Run: [Run StartupMonitor] StartupMonitor.exe

    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe

    O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe

    O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe

    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

    O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe

    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm

    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

    O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?b0e95273d9624c4fb9c5f87ea50a6d3

    O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?b0e95273d9624c4fb9c5f87ea50a6d3

    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll

    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll

    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O11 - Options group: [iNTERNATIONAL] International*

    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab

    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

    O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab

    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

    O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://secure.photofinale.com/ImageUploade...geUploader3.cab

    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL

    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe

    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

    O23 - Service: ColdFusion MX Application Server - Macromedia Inc. - C:\CFusionMX\runtime\bin\jrunsvc.exe

    O23 - Service: ColdFusion MX ODBC Agent - Unknown owner - C:\CFusionMX\db\slserver52\bin\swagent.exe

    O23 - Service: ColdFusion MX ODBC Server - Unknown owner - C:\CFusionMX\db\slserver52\bin\swstrtr.exe

    O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe

    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

    O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe

    O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

    O23 - Service: MpService - Canon Inc - C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE

    O23 - Service: SQL Server (MSSMLBIZ) (MSSQL$MSSMLBIZ) - Unknown owner - c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ (file missing)

    O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)

    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe

    O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe

    O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE

    O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE

    O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe

    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

    O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

    O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe

    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

    O23 - Service: WinTab Service (WinTabService) - Unknown owner - C:\WINDOWS\system32\DRIVERS\WtSrv.exe

  12. Photoshop Taking Over[RESOLVED]

    in Malware Removal

    Posted

    Here is the new AVG log

    Thanks

    ~~~~~~~~~~~~~~~~~~~~~~~~

    ---------------------------------------------------------

    AVG Anti-Spyware - Scan Report

    ---------------------------------------------------------

    + Created at: 1:11:32 PM 1/2/2007

    + Scan result:

    C:\Documents and Settings\aghoffmann\My Documents\WorkNetworkFiles\ANewSwitch\CopyOfMyDocs\desktop\holdfile\site managers\CrystalSiteUpdater\csu100.exe -> Backdoor.NetSpy : Cleaned.

    C:\Documents and Settings\aghoffmann\My Documents\WorkOldP100\desktop\holdfile\site managers\CrystalSiteUpdater\csu100.exe -> Backdoor.NetSpy : Cleaned.

    :mozilla.101:C:\RECYCLER\NPROTECT\00069837.MOZ -> TrackingCookie.Adrevolver : Cleaned.

    :mozilla.101:C:\RECYCLER\NPROTECT\00069838.MOZ -> TrackingCookie.Adrevolver : Cleaned.

    :mozilla.101:C:\RECYCLER\NPROTECT\00069840.MOZ -> TrackingCookie.Adrevolver : Cleaned.

    :mozilla.101:C:\RECYCLER\NPROTECT\00069862.MOZ -> TrackingCookie.Adrevolver : Cleaned.

    :mozilla.102:C:\RECYCLER\NPROTECT\00069834.MOZ -> TrackingCookie.Adrevolver : Cleaned.

    :mozilla.103:C:\RECYCLER\NPROTECT\00069863.MOZ -> TrackingCookie.Adrevolver : Cleaned.

    :mozilla.104:C:\RECYCLER\NPROTECT\00069837.MOZ -> TrackingCookie.Adrevolver : Cleaned.

    :mozilla.104:C:\RECYCLER\NPROTECT\00069838.MOZ -> TrackingCookie.Adrevolver : Cleaned.

    :mozilla.104:C:\RECYCLER\NPROTECT\00069840.MOZ -> TrackingCookie.Adrevolver : Cleaned.

    :mozilla.104:C:\RECYCLER\NPROTECT\00069862.MOZ -> TrackingCookie.Adrevolver : Cleaned.

    :mozilla.104:C:\RECYCLER\NPROTECT\00069867.MOZ -> TrackingCookie.Adrevolver : Cleaned.

    :mozilla.106:C:\RECYCLER\NPROTECT\00069863.MOZ -> TrackingCookie.Adrevolver : Cleaned.

    :mozilla.106:C:\RECYCLER\NPROTECT\00069868.MOZ -> TrackingCookie.Adrevolver : Cleaned.

    :mozilla.106:C:\RECYCLER\NPROTECT\00069869.MOZ -> TrackingCookie.Adrevolver : Cleaned.

    :mozilla.106:C:\RECYCLER\NPROTECT\00070147.MOZ -> TrackingCookie.Adrevolver : Cleaned.

    :mozilla.106:C:\RECYCLER\NPROTECT\00070207.MOZ -> TrackingCookie.Adrevolver : Cleaned.

    :mozilla.106:C:\RECYCLER\NPROTECT\00070346.MOZ -> TrackingCookie.Adrevolver : Cleaned.

    :mozilla.107:C:\RECYCLER\NPROTECT\00069867.MOZ -> TrackingCookie.Adrevolver : Cleaned.

    :mozilla.109:C:\RECYCLER\NPROTECT\00069868.MOZ -> TrackingCookie.Adrevolver : Cleaned.

    :mozilla.109:C:\RECYCLER\NPROTECT\00069869.MOZ -> TrackingCookie.Adrevolver : Cleaned.

    :mozilla.109:C:\RECYCLER\NPROTECT\00070147.MOZ -> TrackingCookie.Adrevolver : Cleaned.

    :mozilla.109:C:\RECYCLER\NPROTECT\00070207.MOZ -> TrackingCookie.Adrevolver : Cleaned.

    :mozilla.109:C:\RECYCLER\NPROTECT\00070346.MOZ -> TrackingCookie.Adrevolver : Cleaned.

    :mozilla.11:C:\RECYCLER\NPROTECT\00069750.MOZ -> TrackingCookie.Adrevolver : Cleaned.

    :mozilla.135:C:\RECYCLER\NPROTECT\00070347.MOZ -> TrackingCookie.Adrevolver : Cleaned.

    :mozilla.136:C:\RECYCLER\NPROTECT\00070362.MOZ -> TrackingCookie.Adrevolver : Cleaned.

    :mozilla.136:C:\RECYCLER\NPROTECT\00070365.MOZ -> TrackingCookie.Adrevolver : Cleaned.

    :mozilla.138:C:\RECYCLER\NPROTECT\00070347.MOZ -> TrackingCookie.Adrevolver : Cleaned.

    :mozilla.138:C:\RECYCLER\NPROTECT\00071219.MOZ -> TrackingCookie.Adrevolver : Cleaned.

    :mozilla.139:C:\RECYCLER\NPROTECT\00070362.MOZ -> TrackingCookie.Adrevolver : Cleaned.

    :mozilla.139:C:\RECYCLER\NPROTECT\00070365.MOZ -> TrackingCookie.Adrevolver : Cleaned.

    :mozilla.139:C:\RECYCLER\NPROTECT\00071220.MOZ -> TrackingCookie.Adrevolver : Cleaned.

    :mozilla.139:C:\RECYCLER\NPROTECT\00071221.MOZ -> TrackingCookie.Adrevolver : Cleaned.

    :mozilla.139:C:\RECYCLER\NPROTECT\00071265.MOZ -> TrackingCookie.Adrevolver : Cleaned.

    :mozilla.139:C:\RECYCLER\NPROTECT\00071458.MOZ -> TrackingCookie.Adrevolver : Cleaned.

    :mozilla.140:C:\RECYCLER\NPROTECT\00070381.MOZ -> TrackingCookie.Adrevolver : Cleaned.

    :mozilla.140:C:\RECYCLER\NPROTECT\00070383.MOZ -> TrackingCookie.Adrevolver : Cleaned.

    :mozilla.140:C:\RECYCLER\NPROTECT\00070385.MOZ -> TrackingCookie.Adrevolver : Cleaned.

    :mozilla.140:C:\RECYCLER\NPROTECT\00070386.MOZ -> TrackingCookie.Adrevolver : Cleaned.

    :mozilla.140:C:\RECYCLER\NPROTECT\00070387.MOZ -> TrackingCookie.Adrevolver : Cleaned.

    :mozilla.140:C:\RECYCLER\NPROTECT\00070388.MOZ -> TrackingCookie.Adrevolver : Cleaned.

    :mozilla.140:C:\RECYCLER\NPROTECT\00070389.MOZ -> TrackingCookie.Adrevolver : Cleaned.

    :mozilla.141:C:\RECYCLER\NPROTECT\00070366.MOZ -> TrackingCookie.Adrevolver : Cleaned.

    :mozilla.141:C:\RECYCLER\NPROTECT\00070392.MOZ -> TrackingCookie.Adrevolver : Cleaned.

    :mozilla.141:C:\RECYCLER\NPROTECT\00070408.MOZ -> TrackingCookie.Adrevolver : Cleaned.

    :mozilla.141:C:\RECYCLER\NPROTECT\00070410.MOZ -> TrackingCookie.Adrevolver : Cleaned.

    :mozilla.141:C:\RECYCLER\NPROTECT\00071218.MOZ -> TrackingCookie.Adrevolver : Cleaned.

    :mozilla.141:C:\RECYCLER\NPROTECT\00071219.MOZ -> TrackingCookie.Adrevolver : Cleaned.

    :mozilla.141:C:\RECYCLER\NPROTECT\00071459.MOZ -> TrackingCookie.Adrevolver : Cleaned.

    :mozilla.141:C:\RECYCLER\NPROTECT\00072064.MOZ -> TrackingCookie.Adrevolver : Cleaned.

    :mozilla.141:C:\RECYCLER\NPROTECT\00072093.MOZ -> TrackingCookie.Adrevolver : Cleaned.

    :mozilla.141:C:\RECYCLER\NPROTECT\00072340.MOZ -> TrackingCookie.Adrevolver : Cleaned.

    :mozilla.141:C:\RECYCLER\NPROTECT\00072344.MOZ -> TrackingCookie.Adrevolver : Cleaned.

    :mozilla.142:C:\RECYCLER\NPROTECT\00071220.MOZ -> TrackingCookie.Adrevolver : Cleaned.

    :mozilla.142:C:\RECYCLER\NPROTECT\00071221.MOZ -> TrackingCookie.Adrevolver : Cleaned.

    :mozilla.142:C:\RECYCLER\NPROTECT\00071265.MOZ -> TrackingCookie.Adrevolver : Cleaned.

    :mozilla.142:C:\RECYCLER\NPROTECT\00071458.MOZ -> TrackingCookie.Adrevolver : Cleaned.

    :mozilla.142:C:\RECYCLER\NPROTECT\00071460.MOZ -> TrackingCookie.Adrevolver : Cleaned.

    :mozilla.143:C:\RECYCLER\NPROTECT\00070381.MOZ -> TrackingCookie.Adrevolver : Cleaned.

    :mozilla.143:C:\RECYCLER\NPROTECT\00070383.MOZ -> TrackingCookie.Adrevolver : Cleaned.

    :mozilla.143:C:\RECYCLER\NPROTECT\00070385.MOZ -> TrackingCookie.Adrevolver : Cleaned.

    :mozilla.143:C:\RECYCLER\NPROTECT\00070386.MOZ -> TrackingCookie.Adrevolver : Cleaned.

    :mozilla.143:C:\RECYCLER\NPROTECT\00070387.MOZ -> TrackingCookie.Adrevolver : Cleaned.

    :mozilla.143:C:\RECYCLER\NPROTECT\00070388.MOZ -> TrackingCookie.Adrevolver : Cleaned.

    :mozilla.143:C:\RECYCLER\NPROTECT\00070389.MOZ -> TrackingCookie.Adrevolver : Cleaned.

    :mozilla.143:C:\RECYCLER\NPROTECT\00071461.MOZ -> TrackingCookie.Adrevolver : Cleaned.

    :mozilla.143:C:\RECYCLER\NPROTECT\00071462.MOZ -> TrackingCookie.Adrevolver : Cleaned.

    :mozilla.143:C:\RECYCLER\NPROTECT\00071468.MOZ -> TrackingCookie.Adrevolver : Cleaned.

    :mozilla.143:C:\RECYCLER\NPROTECT\00071471.MOZ -> TrackingCookie.Adrevolver : Cleaned.

    :mozilla.143:C:\RECYCLER\NPROTECT\00071472.MOZ -> TrackingCookie.Adrevolver : Cleaned.

    :mozilla.143:C:\RECYCLER\NPROTECT\00071474.MOZ -> TrackingCookie.Adrevolver : Cleaned.

    :mozilla.143:C:\RECYCLER\NPROTECT\00071477.MOZ -> TrackingCookie.Adrevolver : Cleaned.

    :mozilla.143:C:\RECYCLER\NPROTECT\00071480.MOZ -> TrackingCookie.Adrevolver : Cleaned.

    :mozilla.143:C:\RECYCLER\NPROTECT\00071481.MOZ -> TrackingCookie.Adrevolver : Cleaned.

    :mozilla.143:C:\RECYCLER\NPROTECT\00071482.MOZ -> TrackingCookie.Adrevolver : Cleaned.

    :mozilla.143:C:\RECYCLER\NPROTECT\00071483.MOZ -> TrackingCookie.Adrevolver : Cleaned.

    :mozilla.143:C:\RECYCLER\NPROTECT\00071487.MOZ -> TrackingCookie.Adrevolver : Cleaned.

    :mozilla.143:C:\RECYCLER\NPROTECT\00071488.MOZ -> TrackingCookie.Adrevolver : Cleaned.

    :mozilla.143:C:\RECYCLER\NPROTECT\00071490.MOZ -> TrackingCookie.Adrevolver : Cleaned.

    :mozilla.143:C:\RECYCLER\NPROTECT\00071493.MOZ -> TrackingCookie.Adrevolver : Cleaned.

    :mozilla.143:C:\RECYCLER\NPROTECT\00071494.MOZ -> TrackingCookie.Adrevolver : Cleaned.

    :mozilla.143:C:\RECYCLER\NPROTECT\00071495.MOZ -> TrackingCookie.Adrevolver : Cleaned.

    :mozilla.143:C:\RECYCLER\NPROTECT\00071497.MOZ -> TrackingCookie.Adrevolver : Cleaned.

    :mozilla.143:C:\RECYCLER\NPROTECT\00071500.MOZ -> TrackingCookie.Adrevolver : Cleaned.

    :mozilla.143:C:\RECYCLER\NPROTECT\00071501.MOZ -> TrackingCookie.Adrevolver : Cleaned.

    :mozilla.143:C:\RECYCLER\NPROTECT\00071503.MOZ -> TrackingCookie.Adrevolver : Cleaned.

    :mozilla.143:C:\RECYCLER\NPROTECT\00071504.MOZ -> TrackingCookie.Adrevolver : Cleaned.

    :mozilla.144:C:\RECYCLER\NPROTECT\00070366.MOZ -> TrackingCookie.Adrevolver : Cleaned.

    :mozilla.144:C:\RECYCLER\NPROTECT\00070392.MOZ -> TrackingCookie.Adrevolver : Cleaned.

    :mozilla.144:C:\RECYCLER\NPROTECT\00070408.MOZ -> TrackingCookie.Adrevolver : Cleaned.

    :mozilla.144:C:\RECYCLER\NPROTECT\00070410.MOZ -> TrackingCookie.Adrevolver : Cleaned.

    :mozilla.144:C:\RECYCLER\NPROTECT\00071218.MOZ -> TrackingCookie.Adrevolver : Cleaned.

    :mozilla.144:C:\RECYCLER\NPROTECT\00071459.MOZ -> TrackingCookie.Adrevolver : Cleaned.

    :mozilla.144:C:\RECYCLER\NPROTECT\00071508.MOZ -> TrackingCookie.Adrevolver : Cleaned.

    :mozilla.144:C:\RECYCLER\NPROTECT\00071509.MOZ -> TrackingCookie.Adrevolver : Cleaned.

    :mozilla.144:C:\RECYCLER\NPROTECT\00071511.MOZ -> TrackingCookie.Adrevolver : Cleaned.

    :mozilla.144:C:\RECYCLER\NPROTECT\00071512.MOZ -> TrackingCookie.Adrevolver : Cleaned.

    :mozilla.144:C:\RECYCLER\NPROTECT\00071513.MOZ -> TrackingCookie.Adrevolver : Cleaned.

    :mozilla.144:C:\RECYCLER\NPROTECT\00071514.MOZ -> TrackingCookie.Adrevolver : Cleaned.

    :mozilla.144:C:\RECYCLER\NPROTECT\00071517.MOZ -> TrackingCookie.Adrevolver : Cleaned.

    :mozilla.144:C:\RECYCLER\NPROTECT\00071519.MOZ -> TrackingCookie.Adrevolver : Cleaned.

    :mozilla.144:C:\RECYCLER\NPROTECT\00071520.MOZ -> TrackingCookie.Adrevolver : Cleaned.

    :mozilla.144:C:\RECYCLER\NPROTECT\00071523.MOZ -> TrackingCookie.Adrevolver : Cleaned.

    :mozilla.144:C:\RECYCLER\NPROTECT\00071527.MOZ -> TrackingCookie.Adrevolver : Cleaned.

    :mozilla.144:C:\RECYCLER\NPROTECT\00071572.MOZ -> TrackingCookie.Adrevolver : Cleaned.

    :mozilla.144:C:\RECYCLER\NPROTECT\00071576.MOZ -> TrackingCookie.Adrevolver : Cleaned.

    :mozilla.144:C:\RECYCLER\NPROTECT\00071578.MOZ -> TrackingCookie.Adrevolver : Cleaned.

    :mozilla.144:C:\RECYCLER\NPROTECT\00071579.MOZ -> TrackingCookie.Adrevolver : Cleaned.

    :mozilla.144:C:\RECYCLER\NPROTECT\00071586.MOZ -> TrackingCookie.Adrevolver : Cleaned.

    :mozilla.144:C:\RECYCLER\NPROTECT\00072063.MOZ -> TrackingCookie.Adrevolver : Cleaned.

    :mozilla.144:C:\RECYCLER\NPROTECT\00072064.MOZ -> TrackingCookie.Adrevolver : Cleaned.

    :mozilla.144:C:\RECYCLER\NPROTECT\00072093.MOZ -> TrackingCookie.Adrevolver : Cleaned.

    :mozilla.144:C:\RECYCLER\NPROTECT\00072340.MOZ -> TrackingCookie.Adrevolver : Cleaned.

    :mozilla.144:C:\RECYCLER\NPROTECT\00072344.MOZ -> TrackingCookie.Adrevolver : Cleaned.

    :mozilla.145:C:\RECYCLER\NPROTECT\00071460.MOZ -> TrackingCookie.Adrevolver : Cleaned.

    :mozilla.146:C:\Documents and Settings\aghoffmann\Application Data\Mozilla\Firefox\Profiles\default.eiy\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.

    :mozilla.146:C:\RECYCLER\NPROTECT\00071461.MOZ -> TrackingCookie.Adrevolver : Cleaned.

    :mozilla.146:C:\RECYCLER\NPROTECT\00071462.MOZ -> TrackingCookie.Adrevolver : Cleaned.

    :mozilla.146:C:\RECYCLER\NPROTECT\00071468.MOZ -> TrackingCookie.Adrevolver : Cleaned.

    :mozilla.146:C:\RECYCLER\NPROTECT\00071471.MOZ -> TrackingCookie.Adrevolver : Cleaned.

    :mozilla.146:C:\RECYCLER\NPROTECT\00071472.MOZ -> TrackingCookie.Adrevolver : Cleaned.

    :mozilla.146:C:\RECYCLER\NPROTECT\00071474.MOZ -> TrackingCookie.Adrevolver : Cleaned.

    :mozilla.146:C:\RECYCLER\NPROTECT\00071477.MOZ -> TrackingCookie.Adrevolver : Cleaned.

    :mozilla.146:C:\RECYCLER\NPROTECT\00071480.MOZ -> TrackingCookie.Adrevolver : Cleaned.

    :mozilla.146:C:\RECYCLER\NPROTECT\00071481.MOZ -> TrackingCookie.Adrevolver : Cleaned.

    :mozilla.146:C:\RECYCLER\NPROTECT\00071482.MOZ -> TrackingCookie.Adrevolver : Cleaned.

    :mozilla.146:C:\RECYCLER\NPROTECT\00071483.MOZ -> TrackingCookie.Adrevolver : Cleaned.

    :mozilla.146:C:\RECYCLER\NPROTECT\00071487.MOZ -> TrackingCookie.Adrevolver : Cleaned.

    :mozilla.146:C:\RECYCLER\NPROTECT\00071488.MOZ -> TrackingCookie.Adrevolver : Cleaned.

    :mozilla.146:C:\RECYCLER\NPROTECT\00071490.MOZ -> TrackingCookie.Adrevolver : Cleaned.

    :mozilla.146:C:\RECYCLER\NPROTECT\00071493.MOZ -> TrackingCookie.Adrevolver : Cleaned.

    :mozilla.146:C:\RECYCLER\NPROTECT\00071494.MOZ -> TrackingCookie.Adrevolver : Cleaned.

    :mozilla.146:C:\RECYCLER\NPROTECT\00071495.MOZ -> TrackingCookie.Adrevolver : Cleaned.

    :mozilla.146:C:\RECYCLER\NPROTECT\00071497.MOZ -> TrackingCookie.Adrevolver : Cleaned.

    :mozilla.146:C:\RECYCLER\NPROTECT\00071500.MOZ -> TrackingCookie.Adrevolver : Cleaned.

    :mozilla.146:C:\RECYCLER\NPROTECT\00071501.MOZ -> TrackingCookie.Adrevolver : Cleaned.

    :mozilla.146:C:\RECYCLER\NPROTECT\00071503.MOZ -> TrackingCookie.Adrevolver : Cleaned.

    :mozilla.146:C:\RECYCLER\NPROTECT\00071504.MOZ -> TrackingCookie.Adrevolver : Cleaned.

    :mozilla.147:C:\RECYCLER\NPROTECT\00071508.MOZ -> TrackingCookie.Adrevolver : Cleaned.

    :mozilla.147:C:\RECYCLER\NPROTECT\00071509.MOZ -> TrackingCookie.Adrevolver : Cleaned.

    :mozilla.147:C:\RECYCLER\NPROTECT\00071511.MOZ -> TrackingCookie.Adrevolver : Cleaned.

    :mozilla.147:C:\RECYCLER\NPROTECT\00071512.MOZ -> TrackingCookie.Adrevolver : Cleaned.

    :mozilla.147:C:\RECYCLER\NPROTECT\00071513.MOZ -> TrackingCookie.Adrevolver : Cleaned.

    :mozilla.147:C:\RECYCLER\NPROTECT\00071514.MOZ -> TrackingCookie.Adrevolver : Cleaned.

    :mozilla.147:C:\RECYCLER\NPROTECT\00071517.MOZ -> TrackingCookie.Adrevolver : Cleaned.

    :mozilla.147:C:\RECYCLER\NPROTECT\00071519.MOZ -> TrackingCookie.Adrevolver : Cleaned.

    :mozilla.147:C:\RECYCLER\NPROTECT\00071520.MOZ -> TrackingCookie.Adrevolver : Cleaned.

    :mozilla.147:C:\RECYCLER\NPROTECT\00071523.MOZ -> TrackingCookie.Adrevolver : Cleaned.

    :mozilla.147:C:\RECYCLER\NPROTECT\00071527.MOZ -> TrackingCookie.Adrevolver : Cleaned.

    :mozilla.147:C:\RECYCLER\NPROTECT\00071572.MOZ -> TrackingCookie.Adrevolver : Cleaned.

    :mozilla.147:C:\RECYCLER\NPROTECT\00071576.MOZ -> TrackingCookie.Adrevolver : Cleaned.

    :mozilla.147:C:\RECYCLER\NPROTECT\00071578.MOZ -> TrackingCookie.Adrevolver : Cleaned.

    :mozilla.147:C:\RECYCLER\NPROTECT\00071579.MOZ -> TrackingCookie.Adrevolver : Cleaned.

    :mozilla.147:C:\RECYCLER\NPROTECT\00071586.MOZ -> TrackingCookie.Adrevolver : Cleaned.

    :mozilla.147:C:\RECYCLER\NPROTECT\00072063.MOZ -> TrackingCookie.Adrevolver : Cleaned.

    :mozilla.149:C:\Documents and Settings\aghoffmann\Application Data\Mozilla\Firefox\Profiles\default.eiy\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.

    :mozilla.14:C:\RECYCLER\NPROTECT\00069738.MOZ -> TrackingCookie.Adrevolver : Cleaned.

    :mozilla.15:C:\RECYCLER\NPROTECT\00069738.MOZ -> TrackingCookie.Adrevolver : Cleaned.

    :mozilla.17:C:\RECYCLER\NPROTECT\00069739.MOZ -> TrackingCookie.Adrevolver : Cleaned.

    :mozilla.21:C:\RECYCLER\NPROTECT\00069739.MOZ -> TrackingCookie.Adrevolver : Cleaned.

    :mozilla.23:C:\RECYCLER\NPROTECT\00069740.MOZ -> TrackingCookie.Adrevolver : Cleaned.

    :mozilla.24:C:\RECYCLER\NPROTECT\00069740.MOZ -> TrackingCookie.Adrevolver : Cleaned.

    :mozilla.30:C:\RECYCLER\NPROTECT\00069742.MOZ -> TrackingCookie.Adrevolver : Cleaned.

    :mozilla.32:C:\RECYCLER\NPROTECT\00069742.MOZ -> TrackingCookie.Adrevolver : Cleaned.

    :mozilla.34:C:\RECYCLER\NPROTECT\00069753.MOZ -> TrackingCookie.Adrevolver : Cleaned.

    :mozilla.36:C:\RECYCLER\NPROTECT\00069753.MOZ -> TrackingCookie.Adrevolver : Cleaned.

    :mozilla.37:C:\RECYCLER\NPROTECT\00069754.MOZ -> TrackingCookie.Adrevolver : Cleaned.

    :mozilla.39:C:\RECYCLER\NPROTECT\00069754.MOZ -> TrackingCookie.Adrevolver : Cleaned.

    :mozilla.46:C:\RECYCLER\NPROTECT\00069743.MOZ -> TrackingCookie.Adrevolver : Cleaned.

    :mozilla.47:C:\RECYCLER\NPROTECT\00069743.MOZ -> TrackingCookie.Adrevolver : Cleaned.

    :mozilla.53:C:\RECYCLER\NPROTECT\00069744.MOZ -> TrackingCookie.Adrevolver : Cleaned.

    :mozilla.53:C:\RECYCLER\NPROTECT\00069756.MOZ -> TrackingCookie.Adrevolver : Cleaned.

    :mozilla.54:C:\RECYCLER\NPROTECT\00069744.MOZ -> TrackingCookie.Adrevolver : Cleaned.

    :mozilla.54:C:\RECYCLER\NPROTECT\00069756.MOZ -> TrackingCookie.Adrevolver : Cleaned.

    :mozilla.54:C:\RECYCLER\NPROTECT\00069757.MOZ -> TrackingCookie.Adrevolver : Cleaned.

    :mozilla.56:C:\RECYCLER\NPROTECT\00069757.MOZ -> TrackingCookie.Adrevolver : Cleaned.

    :mozilla.7:C:\RECYCLER\NPROTECT\00069750.MOZ -> TrackingCookie.Adrevolver : Cleaned.

    :mozilla.90:C:\RECYCLER\NPROTECT\00069712.MOZ -> TrackingCookie.Adrevolver : Cleaned.

    :mozilla.91:C:\RECYCLER\NPROTECT\00069712.MOZ -> TrackingCookie.Adrevolver : Cleaned.

    :mozilla.91:C:\RECYCLER\NPROTECT\00069749.MOZ -> TrackingCookie.Adrevolver : Cleaned.

    :mozilla.92:C:\RECYCLER\NPROTECT\00069749.MOZ -> TrackingCookie.Adrevolver : Cleaned.

    :mozilla.98:C:\RECYCLER\NPROTECT\00069834.MOZ -> TrackingCookie.Adrevolver : Cleaned.

    :mozilla.102:C:\RECYCLER\NPROTECT\00069744.MOZ -> TrackingCookie.Burstbeacon : Cleaned.

    :mozilla.140:C:\RECYCLER\NPROTECT\00069749.MOZ -> TrackingCookie.Burstbeacon : Cleaned.

    :mozilla.147:C:\RECYCLER\NPROTECT\00069750.MOZ -> TrackingCookie.Burstbeacon : Cleaned.

    :mozilla.148:C:\RECYCLER\NPROTECT\00069753.MOZ -> TrackingCookie.Burstbeacon : Cleaned.

    :mozilla.151:C:\RECYCLER\NPROTECT\00069754.MOZ -> TrackingCookie.Burstbeacon : Cleaned.

    :mozilla.152:C:\RECYCLER\NPROTECT\00069756.MOZ -> TrackingCookie.Burstbeacon : Cleaned.

    :mozilla.154:C:\RECYCLER\NPROTECT\00069757.MOZ -> TrackingCookie.Burstbeacon : Cleaned.

    :mozilla.154:C:\RECYCLER\NPROTECT\00069837.MOZ -> TrackingCookie.Burstbeacon : Cleaned.

    :mozilla.154:C:\RECYCLER\NPROTECT\00069838.MOZ -> TrackingCookie.Burstbeacon : Cleaned.

    :mozilla.154:C:\RECYCLER\NPROTECT\00069840.MOZ -> TrackingCookie.Burstbeacon : Cleaned.

    :mozilla.154:C:\RECYCLER\NPROTECT\00069862.MOZ -> TrackingCookie.Burstbeacon : Cleaned.

    :mozilla.155:C:\RECYCLER\NPROTECT\00071219.MOZ -> TrackingCookie.Burstbeacon : Cleaned.

    :mozilla.156:C:\RECYCLER\NPROTECT\00069863.MOZ -> TrackingCookie.Burstbeacon : Cleaned.

    :mozilla.156:C:\RECYCLER\NPROTECT\00071220.MOZ -> TrackingCookie.Burstbeacon : Cleaned.

    :mozilla.156:C:\RECYCLER\NPROTECT\00071221.MOZ -> TrackingCookie.Burstbeacon : Cleaned.

    :mozilla.156:C:\RECYCLER\NPROTECT\00071265.MOZ -> TrackingCookie.Burstbeacon : Cleaned.

    :mozilla.156:C:\RECYCLER\NPROTECT\00071458.MOZ -> TrackingCookie.Burstbeacon : Cleaned.

    :mozilla.157:C:\RECYCLER\NPROTECT\00069834.MOZ -> TrackingCookie.Burstbeacon : Cleaned.

    :mozilla.157:C:\RECYCLER\NPROTECT\00069867.MOZ -> TrackingCookie.Burstbeacon : Cleaned.

    :mozilla.158:C:\RECYCLER\NPROTECT\00070381.MOZ -> TrackingCookie.Burstbeacon : Cleaned.

    :mozilla.158:C:\RECYCLER\NPROTECT\00070383.MOZ -> TrackingCookie.Burstbeacon : Cleaned.

    :mozilla.158:C:\RECYCLER\NPROTECT\00070385.MOZ -> TrackingCookie.Burstbeacon : Cleaned.

    :mozilla.158:C:\RECYCLER\NPROTECT\00070386.MOZ -> TrackingCookie.Burstbeacon : Cleaned.

    :mozilla.158:C:\RECYCLER\NPROTECT\00070387.MOZ -> TrackingCookie.Burstbeacon : Cleaned.

    :mozilla.158:C:\RECYCLER\NPROTECT\00070388.MOZ -> TrackingCookie.Burstbeacon : Cleaned.

    :mozilla.158:C:\RECYCLER\NPROTECT\00070389.MOZ -> TrackingCookie.Burstbeacon : Cleaned.

    :mozilla.158:C:\RECYCLER\NPROTECT\00070392.MOZ -> TrackingCookie.Burstbeacon : Cleaned.

    :mozilla.158:C:\RECYCLER\NPROTECT\00070408.MOZ -> TrackingCookie.Burstbeacon : Cleaned.

    :mozilla.158:C:\RECYCLER\NPROTECT\00070410.MOZ -> TrackingCookie.Burstbeacon : Cleaned.

    :mozilla.158:C:\RECYCLER\NPROTECT\00071218.MOZ -> TrackingCookie.Burstbeacon : Cleaned.

    :mozilla.158:C:\RECYCLER\NPROTECT\00071459.MOZ -> TrackingCookie.Burstbeacon : Cleaned.

    :mozilla.159:C:\RECYCLER\NPROTECT\00069868.MOZ -> TrackingCookie.Burstbeacon : Cleaned.

    :mozilla.159:C:\RECYCLER\NPROTECT\00069869.MOZ -> TrackingCookie.Burstbeacon : Cleaned.

    :mozilla.159:C:\RECYCLER\NPROTECT\00070147.MOZ -> TrackingCookie.Burstbeacon : Cleaned.

    :mozilla.159:C:\RECYCLER\NPROTECT\00070207.MOZ -> TrackingCookie.Burstbeacon : Cleaned.

    :mozilla.159:C:\RECYCLER\NPROTECT\00070346.MOZ -> TrackingCookie.Burstbeacon : Cleaned.

    :mozilla.159:C:\RECYCLER\NPROTECT\00070347.MOZ -> TrackingCookie.Burstbeacon : Cleaned.

    :mozilla.159:C:\RECYCLER\NPROTECT\00070362.MOZ -> TrackingCookie.Burstbeacon : Cleaned.

    :mozilla.159:C:\RECYCLER\NPROTECT\00070365.MOZ -> TrackingCookie.Burstbeacon : Cleaned.

    :mozilla.159:C:\RECYCLER\NPROTECT\00070366.MOZ -> TrackingCookie.Burstbeacon : Cleaned.

    :mozilla.159:C:\RECYCLER\NPROTECT\00071460.MOZ -> TrackingCookie.Burstbeacon : Cleaned.

    :mozilla.32:C:\RECYCLER\NPROTECT\00071461.MOZ -> TrackingCookie.Burstbeacon : Cleaned.

    :mozilla.32:C:\RECYCLER\NPROTECT\00071462.MOZ -> TrackingCookie.Burstbeacon : Cleaned.

    :mozilla.49:C:\RECYCLER\NPROTECT\00071468.MOZ -> TrackingCookie.Burstbeacon : Cleaned.

    :mozilla.49:C:\RECYCLER\NPROTECT\00071471.MOZ -> TrackingCookie.Burstbeacon : Cleaned.

    :mozilla.49:C:\RECYCLER\NPROTECT\00071472.MOZ -> TrackingCookie.Burstbeacon : Cleaned.

    :mozilla.49:C:\RECYCLER\NPROTECT\00071474.MOZ -> TrackingCookie.Burstbeacon : Cleaned.

    :mozilla.49:C:\RECYCLER\NPROTECT\00071477.MOZ -> TrackingCookie.Burstbeacon : Cleaned.

    :mozilla.49:C:\RECYCLER\NPROTECT\00071480.MOZ -> TrackingCookie.Burstbeacon : Cleaned.

    :mozilla.49:C:\RECYCLER\NPROTECT\00071481.MOZ -> TrackingCookie.Burstbeacon : Cleaned.

    :mozilla.50:C:\RECYCLER\NPROTECT\00071482.MOZ -> TrackingCookie.Burstbeacon : Cleaned.

    :mozilla.50:C:\RECYCLER\NPROTECT\00071483.MOZ -> TrackingCookie.Burstbeacon : Cleaned.

    :mozilla.55:C:\RECYCLER\NPROTECT\00071487.MOZ -> TrackingCookie.Burstbeacon : Cleaned.

    :mozilla.55:C:\RECYCLER\NPROTECT\00071488.MOZ -> TrackingCookie.Burstbeacon : Cleaned.

    :mozilla.55:C:\RECYCLER\NPROTECT\00071490.MOZ -> TrackingCookie.Burstbeacon : Cleaned.

    :mozilla.55:C:\RECYCLER\NPROTECT\00071493.MOZ -> TrackingCookie.Burstbeacon : Cleaned.

    :mozilla.55:C:\RECYCLER\NPROTECT\00071494.MOZ -> TrackingCookie.Burstbeacon : Cleaned.

    :mozilla.55:C:\RECYCLER\NPROTECT\00071495.MOZ -> TrackingCookie.Burstbeacon : Cleaned.

    :mozilla.55:C:\RECYCLER\NPROTECT\00071497.MOZ -> TrackingCookie.Burstbeacon : Cleaned.

    :mozilla.55:C:\RECYCLER\NPROTECT\00071500.MOZ -> TrackingCookie.Burstbeacon : Cleaned.

    :mozilla.55:C:\RECYCLER\NPROTECT\00071501.MOZ -> TrackingCookie.Burstbeacon : Cleaned.

    :mozilla.55:C:\RECYCLER\NPROTECT\00071503.MOZ -> TrackingCookie.Burstbeacon : Cleaned.

    :mozilla.55:C:\RECYCLER\NPROTECT\00071504.MOZ -> TrackingCookie.Burstbeacon : Cleaned.

    :mozilla.56:C:\RECYCLER\NPROTECT\00069712.MOZ -> TrackingCookie.Burstbeacon : Cleaned.

    :mozilla.56:C:\RECYCLER\NPROTECT\00071508.MOZ -> TrackingCookie.Burstbeacon : Cleaned.

    :mozilla.56:C:\RECYCLER\NPROTECT\00071509.MOZ -> TrackingCookie.Burstbeacon : Cleaned.

    :mozilla.56:C:\RECYCLER\NPROTECT\00071511.MOZ -> TrackingCookie.Burstbeacon : Cleaned.

    :mozilla.56:C:\RECYCLER\NPROTECT\00071512.MOZ -> TrackingCookie.Burstbeacon : Cleaned.

    :mozilla.56:C:\RECYCLER\NPROTECT\00071513.MOZ -> TrackingCookie.Burstbeacon : Cleaned.

    :mozilla.56:C:\RECYCLER\NPROTECT\00071514.MOZ -> TrackingCookie.Burstbeacon : Cleaned.

    :mozilla.56:C:\RECYCLER\NPROTECT\00071517.MOZ -> TrackingCookie.Burstbeacon : Cleaned.

    :mozilla.56:C:\RECYCLER\NPROTECT\00071519.MOZ -> TrackingCookie.Burstbeacon : Cleaned.

    :mozilla.56:C:\RECYCLER\NPROTECT\00071520.MOZ -> TrackingCookie.Burstbeacon : Cleaned.

    :mozilla.56:C:\RECYCLER\NPROTECT\00071523.MOZ -> TrackingCookie.Burstbeacon : Cleaned.

    :mozilla.56:C:\RECYCLER\NPROTECT\00071527.MOZ -> TrackingCookie.Burstbeacon : Cleaned.

    :mozilla.56:C:\RECYCLER\NPROTECT\00071572.MOZ -> TrackingCookie.Burstbeacon : Cleaned.

    :mozilla.58:C:\RECYCLER\NPROTECT\00072064.MOZ -> TrackingCookie.Burstbeacon : Cleaned.

    :mozilla.58:C:\RECYCLER\NPROTECT\00072093.MOZ -> TrackingCookie.Burstbeacon : Cleaned.

    :mozilla.58:C:\RECYCLER\NPROTECT\00072340.MOZ -> TrackingCookie.Burstbeacon : Cleaned.

    :mozilla.58:C:\RECYCLER\NPROTECT\00072344.MOZ -> TrackingCookie.Burstbeacon : Cleaned.

    :mozilla.59:C:\RECYCLER\NPROTECT\00071576.MOZ -> TrackingCookie.Burstbeacon : Cleaned.

    :mozilla.59:C:\RECYCLER\NPROTECT\00071578.MOZ -> TrackingCookie.Burstbeacon : Cleaned.

    :mozilla.59:C:\RECYCLER\NPROTECT\00071579.MOZ -> TrackingCookie.Burstbeacon : Cleaned.

    :mozilla.59:C:\RECYCLER\NPROTECT\00071586.MOZ -> TrackingCookie.Burstbeacon : Cleaned.

    :mozilla.59:C:\RECYCLER\NPROTECT\00072063.MOZ -> TrackingCookie.Burstbeacon : Cleaned.

    :mozilla.63:C:\Documents and Settings\aghoffmann\Application Data\Mozilla\Firefox\Profiles\default.eiy\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned.

    :mozilla.69:C:\RECYCLER\NPROTECT\00069738.MOZ -> TrackingCookie.Burstbeacon : Cleaned.

    :mozilla.69:C:\RECYCLER\NPROTECT\00069739.MOZ -> TrackingCookie.Burstbeacon : Cleaned.

    :mozilla.75:C:\RECYCLER\NPROTECT\00069740.MOZ -> TrackingCookie.Burstbeacon : Cleaned.

    :mozilla.81:C:\RECYCLER\NPROTECT\00069742.MOZ -> TrackingCookie.Burstbeacon : Cleaned.

    :mozilla.95:C:\RECYCLER\NPROTECT\00069743.MOZ -> TrackingCookie.Burstbeacon : Cleaned.

    :mozilla.100:C:\RECYCLER\NPROTECT\00069750.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.101:C:\RECYCLER\NPROTECT\00069750.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.101:C:\RECYCLER\NPROTECT\00069753.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.102:C:\RECYCLER\NPROTECT\00069750.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.102:C:\RECYCLER\NPROTECT\00069753.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.103:C:\RECYCLER\NPROTECT\00069750.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.103:C:\RECYCLER\NPROTECT\00069753.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.104:C:\RECYCLER\NPROTECT\00069750.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.104:C:\RECYCLER\NPROTECT\00069753.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.104:C:\RECYCLER\NPROTECT\00069754.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.105:C:\RECYCLER\NPROTECT\00069753.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.105:C:\RECYCLER\NPROTECT\00069754.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.106:C:\RECYCLER\NPROTECT\00069754.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.107:C:\RECYCLER\NPROTECT\00069754.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.108:C:\RECYCLER\NPROTECT\00069754.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.116:C:\RECYCLER\NPROTECT\00069756.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.117:C:\RECYCLER\NPROTECT\00069756.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.118:C:\RECYCLER\NPROTECT\00069756.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.118:C:\RECYCLER\NPROTECT\00069757.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.118:C:\RECYCLER\NPROTECT\00069837.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.118:C:\RECYCLER\NPROTECT\00069838.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.118:C:\RECYCLER\NPROTECT\00069840.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.118:C:\RECYCLER\NPROTECT\00069862.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.119:C:\RECYCLER\NPROTECT\00069756.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.119:C:\RECYCLER\NPROTECT\00069757.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.119:C:\RECYCLER\NPROTECT\00069837.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.119:C:\RECYCLER\NPROTECT\00069838.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.119:C:\RECYCLER\NPROTECT\00069840.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.119:C:\RECYCLER\NPROTECT\00069862.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.120:C:\RECYCLER\NPROTECT\00069756.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.120:C:\RECYCLER\NPROTECT\00069757.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.120:C:\RECYCLER\NPROTECT\00069837.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.120:C:\RECYCLER\NPROTECT\00069838.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.120:C:\RECYCLER\NPROTECT\00069840.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.120:C:\RECYCLER\NPROTECT\00069862.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.120:C:\RECYCLER\NPROTECT\00069863.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.121:C:\RECYCLER\NPROTECT\00069757.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.121:C:\RECYCLER\NPROTECT\00069834.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.121:C:\RECYCLER\NPROTECT\00069837.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.121:C:\RECYCLER\NPROTECT\00069838.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.121:C:\RECYCLER\NPROTECT\00069840.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.121:C:\RECYCLER\NPROTECT\00069862.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.121:C:\RECYCLER\NPROTECT\00069863.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.121:C:\RECYCLER\NPROTECT\00069867.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.122:C:\RECYCLER\NPROTECT\00069757.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.122:C:\RECYCLER\NPROTECT\00069834.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.122:C:\RECYCLER\NPROTECT\00069837.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.122:C:\RECYCLER\NPROTECT\00069838.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.122:C:\RECYCLER\NPROTECT\00069840.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.122:C:\RECYCLER\NPROTECT\00069862.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.122:C:\RECYCLER\NPROTECT\00069863.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.122:C:\RECYCLER\NPROTECT\00069867.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.123:C:\RECYCLER\NPROTECT\00069834.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.123:C:\RECYCLER\NPROTECT\00069863.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.123:C:\RECYCLER\NPROTECT\00069867.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.123:C:\RECYCLER\NPROTECT\00069868.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.123:C:\RECYCLER\NPROTECT\00069869.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.123:C:\RECYCLER\NPROTECT\00070147.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.123:C:\RECYCLER\NPROTECT\00070207.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.123:C:\RECYCLER\NPROTECT\00070346.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.124:C:\RECYCLER\NPROTECT\00069834.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.124:C:\RECYCLER\NPROTECT\00069863.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.124:C:\RECYCLER\NPROTECT\00069867.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.124:C:\RECYCLER\NPROTECT\00069868.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.124:C:\RECYCLER\NPROTECT\00069869.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.124:C:\RECYCLER\NPROTECT\00070147.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.124:C:\RECYCLER\NPROTECT\00070207.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.124:C:\RECYCLER\NPROTECT\00070346.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.125:C:\RECYCLER\NPROTECT\00069834.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.125:C:\RECYCLER\NPROTECT\00069867.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.125:C:\RECYCLER\NPROTECT\00069868.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.125:C:\RECYCLER\NPROTECT\00069869.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.125:C:\RECYCLER\NPROTECT\00070147.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.125:C:\RECYCLER\NPROTECT\00070207.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.125:C:\RECYCLER\NPROTECT\00070346.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.126:C:\RECYCLER\NPROTECT\00069868.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.126:C:\RECYCLER\NPROTECT\00069869.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.126:C:\RECYCLER\NPROTECT\00070147.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.126:C:\RECYCLER\NPROTECT\00070207.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.126:C:\RECYCLER\NPROTECT\00070346.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.127:C:\RECYCLER\NPROTECT\00069868.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.127:C:\RECYCLER\NPROTECT\00069869.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.127:C:\RECYCLER\NPROTECT\00070147.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.127:C:\RECYCLER\NPROTECT\00070207.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.127:C:\RECYCLER\NPROTECT\00070346.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.152:C:\RECYCLER\NPROTECT\00070347.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.153:C:\RECYCLER\NPROTECT\00070347.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.153:C:\RECYCLER\NPROTECT\00070362.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.153:C:\RECYCLER\NPROTECT\00070365.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.154:C:\RECYCLER\NPROTECT\00070347.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.154:C:\RECYCLER\NPROTECT\00070362.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.154:C:\RECYCLER\NPROTECT\00070365.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.155:C:\RECYCLER\NPROTECT\00070347.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.155:C:\RECYCLER\NPROTECT\00070362.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.155:C:\RECYCLER\NPROTECT\00070365.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.156:C:\RECYCLER\NPROTECT\00070347.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.156:C:\RECYCLER\NPROTECT\00070362.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.156:C:\RECYCLER\NPROTECT\00070365.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.157:C:\RECYCLER\NPROTECT\00070362.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.157:C:\RECYCLER\NPROTECT\00070365.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.15:C:\RECYCLER\NPROTECT\00071487.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.15:C:\RECYCLER\NPROTECT\00071512.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.16:C:\RECYCLER\NPROTECT\00071487.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.16:C:\RECYCLER\NPROTECT\00071512.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.17:C:\RECYCLER\NPROTECT\00071487.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.17:C:\RECYCLER\NPROTECT\00071512.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.19:C:\RECYCLER\NPROTECT\00069738.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.21:C:\RECYCLER\NPROTECT\00069738.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.22:C:\RECYCLER\NPROTECT\00069738.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.22:C:\RECYCLER\NPROTECT\00069739.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.23:C:\RECYCLER\NPROTECT\00069739.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.24:C:\RECYCLER\NPROTECT\00069739.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.25:C:\RECYCLER\NPROTECT\00069738.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.25:C:\RECYCLER\NPROTECT\00069739.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.26:C:\RECYCLER\NPROTECT\00069738.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.26:C:\RECYCLER\NPROTECT\00069739.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.28:C:\RECYCLER\NPROTECT\00069740.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.29:C:\RECYCLER\NPROTECT\00069740.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.30:C:\RECYCLER\NPROTECT\00069740.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.31:C:\RECYCLER\NPROTECT\00069740.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.32:C:\RECYCLER\NPROTECT\00069740.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.32:C:\RECYCLER\NPROTECT\00071519.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.33:C:\RECYCLER\NPROTECT\00071461.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.33:C:\RECYCLER\NPROTECT\00071462.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.33:C:\RECYCLER\NPROTECT\00071519.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.34:C:\RECYCLER\NPROTECT\00069742.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.34:C:\RECYCLER\NPROTECT\00071511.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.34:C:\RECYCLER\NPROTECT\00071519.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.35:C:\RECYCLER\NPROTECT\00069742.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.35:C:\RECYCLER\NPROTECT\00071519.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.36:C:\RECYCLER\NPROTECT\00069742.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.36:C:\RECYCLER\NPROTECT\00071461.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.36:C:\RECYCLER\NPROTECT\00071462.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.37:C:\RECYCLER\NPROTECT\00069742.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.37:C:\RECYCLER\NPROTECT\00070366.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.37:C:\RECYCLER\NPROTECT\00070381.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.37:C:\RECYCLER\NPROTECT\00070383.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.37:C:\RECYCLER\NPROTECT\00070385.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.37:C:\RECYCLER\NPROTECT\00070386.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.37:C:\RECYCLER\NPROTECT\00070387.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.37:C:\RECYCLER\NPROTECT\00070388.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.37:C:\RECYCLER\NPROTECT\00070389.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.38:C:\RECYCLER\NPROTECT\00069742.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.38:C:\RECYCLER\NPROTECT\00070366.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.38:C:\RECYCLER\NPROTECT\00070381.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.38:C:\RECYCLER\NPROTECT\00070383.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.38:C:\RECYCLER\NPROTECT\00070385.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.38:C:\RECYCLER\NPROTECT\00070386.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.38:C:\RECYCLER\NPROTECT\00070387.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.38:C:\RECYCLER\NPROTECT\00070388.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.38:C:\RECYCLER\NPROTECT\00070389.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.39:C:\RECYCLER\NPROTECT\00070366.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.39:C:\RECYCLER\NPROTECT\00070381.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.39:C:\RECYCLER\NPROTECT\00070383.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.39:C:\RECYCLER\NPROTECT\00070385.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.39:C:\RECYCLER\NPROTECT\00070386.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.39:C:\RECYCLER\NPROTECT\00070387.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.39:C:\RECYCLER\NPROTECT\00070388.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.39:C:\RECYCLER\NPROTECT\00070389.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.39:C:\RECYCLER\NPROTECT\00071461.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.39:C:\RECYCLER\NPROTECT\00071462.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.40:C:\RECYCLER\NPROTECT\00070366.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.40:C:\RECYCLER\NPROTECT\00070381.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.40:C:\RECYCLER\NPROTECT\00070383.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.40:C:\RECYCLER\NPROTECT\00070385.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.40:C:\RECYCLER\NPROTECT\00070386.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.40:C:\RECYCLER\NPROTECT\00070387.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.40:C:\RECYCLER\NPROTECT\00070388.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.40:C:\RECYCLER\NPROTECT\00070389.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.40:C:\RECYCLER\NPROTECT\00071461.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.40:C:\RECYCLER\NPROTECT\00071462.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.41:C:\RECYCLER\NPROTECT\00070366.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.41:C:\RECYCLER\NPROTECT\00070381.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.41:C:\RECYCLER\NPROTECT\00070383.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.41:C:\RECYCLER\NPROTECT\00070385.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.41:C:\RECYCLER\NPROTECT\00070386.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.41:C:\RECYCLER\NPROTECT\00070387.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.41:C:\RECYCLER\NPROTECT\00070388.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.41:C:\RECYCLER\NPROTECT\00070389.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.42:C:\RECYCLER\NPROTECT\00071461.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.42:C:\RECYCLER\NPROTECT\00071462.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.48:C:\RECYCLER\NPROTECT\00069743.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.49:C:\RECYCLER\NPROTECT\00069743.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.49:C:\RECYCLER\NPROTECT\00071488.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.49:C:\RECYCLER\NPROTECT\00071490.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.49:C:\RECYCLER\NPROTECT\00071493.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.49:C:\RECYCLER\NPROTECT\00071494.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.49:C:\RECYCLER\NPROTECT\00071495.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.49:C:\RECYCLER\NPROTECT\00071497.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.49:C:\RECYCLER\NPROTECT\00071500.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.49:C:\RECYCLER\NPROTECT\00071501.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.49:C:\RECYCLER\NPROTECT\00071503.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.49:C:\RECYCLER\NPROTECT\00071504.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.50:C:\RECYCLER\NPROTECT\00069712.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.50:C:\RECYCLER\NPROTECT\00069743.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.50:C:\RECYCLER\NPROTECT\00070392.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.50:C:\RECYCLER\NPROTECT\00070408.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.50:C:\RECYCLER\NPROTECT\00070410.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.50:C:\RECYCLER\NPROTECT\00071218.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.50:C:\RECYCLER\NPROTECT\00071468.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.50:C:\RECYCLER\NPROTECT\00071471.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.50:C:\RECYCLER\NPROTECT\00071472.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.50:C:\RECYCLER\NPROTECT\00071474.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.50:C:\RECYCLER\NPROTECT\00071477.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.50:C:\RECYCLER\NPROTECT\00071480.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.50:C:\RECYCLER\NPROTECT\00071481.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.50:C:\RECYCLER\NPROTECT\00071488.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.50:C:\RECYCLER\NPROTECT\00071490.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.50:C:\RECYCLER\NPROTECT\00071493.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.50:C:\RECYCLER\NPROTECT\00071494.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.50:C:\RECYCLER\NPROTECT\00071495.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.50:C:\RECYCLER\NPROTECT\00071497.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.50:C:\RECYCLER\NPROTECT\00071500.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.50:C:\RECYCLER\NPROTECT\00071501.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.50:C:\RECYCLER\NPROTECT\00071503.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.50:C:\RECYCLER\NPROTECT\00071504.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.50:C:\RECYCLER\NPROTECT\00071508.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.50:C:\RECYCLER\NPROTECT\00071509.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.50:C:\RECYCLER\NPROTECT\00071513.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.50:C:\RECYCLER\NPROTECT\00071514.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.50:C:\RECYCLER\NPROTECT\00071517.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.50:C:\RECYCLER\NPROTECT\00071520.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.50:C:\RECYCLER\NPROTECT\00071523.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.50:C:\RECYCLER\NPROTECT\00071527.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.50:C:\RECYCLER\NPROTECT\00071572.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.51:C:\RECYCLER\NPROTECT\00069712.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.51:C:\RECYCLER\NPROTECT\00069743.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.51:C:\RECYCLER\NPROTECT\00070392.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.51:C:\RECYCLER\NPROTECT\00070408.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.51:C:\RECYCLER\NPROTECT\00070410.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.51:C:\RECYCLER\NPROTECT\00071218.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.51:C:\RECYCLER\NPROTECT\00071468.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.51:C:\RECYCLER\NPROTECT\00071471.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.51:C:\RECYCLER\NPROTECT\00071472.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.51:C:\RECYCLER\NPROTECT\00071474.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.51:C:\RECYCLER\NPROTECT\00071477.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.51:C:\RECYCLER\NPROTECT\00071480.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.51:C:\RECYCLER\NPROTECT\00071481.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.51:C:\RECYCLER\NPROTECT\00071482.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.51:C:\RECYCLER\NPROTECT\00071483.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.51:C:\RECYCLER\NPROTECT\00071488.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.51:C:\RECYCLER\NPROTECT\00071490.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.51:C:\RECYCLER\NPROTECT\00071493.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.51:C:\RECYCLER\NPROTECT\00071494.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.51:C:\RECYCLER\NPROTECT\00071495.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.51:C:\RECYCLER\NPROTECT\00071497.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.51:C:\RECYCLER\NPROTECT\00071500.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.51:C:\RECYCLER\NPROTECT\00071501.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.51:C:\RECYCLER\NPROTECT\00071503.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.51:C:\RECYCLER\NPROTECT\00071504.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.51:C:\RECYCLER\NPROTECT\00071508.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.51:C:\RECYCLER\NPROTECT\00071509.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.51:C:\RECYCLER\NPROTECT\00071513.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.51:C:\RECYCLER\NPROTECT\00071514.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.51:C:\RECYCLER\NPROTECT\00071517.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.51:C:\RECYCLER\NPROTECT\00071520.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.51:C:\RECYCLER\NPROTECT\00071523.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.51:C:\RECYCLER\NPROTECT\00071527.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.51:C:\RECYCLER\NPROTECT\00071572.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.52:C:\RECYCLER\NPROTECT\00069712.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.52:C:\RECYCLER\NPROTECT\00069743.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.52:C:\RECYCLER\NPROTECT\00070392.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.52:C:\RECYCLER\NPROTECT\00070408.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.52:C:\RECYCLER\NPROTECT\00070410.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.52:C:\RECYCLER\NPROTECT\00071218.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.52:C:\RECYCLER\NPROTECT\00071219.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.52:C:\RECYCLER\NPROTECT\00071468.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.52:C:\RECYCLER\NPROTECT\00071471.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.52:C:\RECYCLER\NPROTECT\00071472.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.52:C:\RECYCLER\NPROTECT\00071474.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.52:C:\RECYCLER\NPROTECT\00071477.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.52:C:\RECYCLER\NPROTECT\00071480.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.52:C:\RECYCLER\NPROTECT\00071481.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.52:C:\RECYCLER\NPROTECT\00071482.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.52:C:\RECYCLER\NPROTECT\00071483.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.52:C:\RECYCLER\NPROTECT\00071488.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.52:C:\RECYCLER\NPROTECT\00071490.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.52:C:\RECYCLER\NPROTECT\00071493.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.52:C:\RECYCLER\NPROTECT\00071494.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.52:C:\RECYCLER\NPROTECT\00071495.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.52:C:\RECYCLER\NPROTECT\00071497.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.52:C:\RECYCLER\NPROTECT\00071500.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.52:C:\RECYCLER\NPROTECT\00071501.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.52:C:\RECYCLER\NPROTECT\00071503.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.52:C:\RECYCLER\NPROTECT\00071504.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.52:C:\RECYCLER\NPROTECT\00071508.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.52:C:\RECYCLER\NPROTECT\00071509.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.52:C:\RECYCLER\NPROTECT\00071513.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.52:C:\RECYCLER\NPROTECT\00071514.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.52:C:\RECYCLER\NPROTECT\00071517.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.52:C:\RECYCLER\NPROTECT\00071520.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.52:C:\RECYCLER\NPROTECT\00071523.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.52:C:\RECYCLER\NPROTECT\00071527.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.52:C:\RECYCLER\NPROTECT\00071572.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.52:C:\RECYCLER\NPROTECT\00072064.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.52:C:\RECYCLER\NPROTECT\00072093.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.52:C:\RECYCLER\NPROTECT\00072340.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.52:C:\RECYCLER\NPROTECT\00072344.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.53:C:\RECYCLER\NPROTECT\00069712.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.53:C:\RECYCLER\NPROTECT\00070392.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.53:C:\RECYCLER\NPROTECT\00070408.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.53:C:\RECYCLER\NPROTECT\00070410.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.53:C:\RECYCLER\NPROTECT\00071218.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.53:C:\RECYCLER\NPROTECT\00071219.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.53:C:\RECYCLER\NPROTECT\00071220.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.53:C:\RECYCLER\NPROTECT\00071221.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.53:C:\RECYCLER\NPROTECT\00071265.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.53:C:\RECYCLER\NPROTECT\00071458.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.53:C:\RECYCLER\NPROTECT\00071468.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.53:C:\RECYCLER\NPROTECT\00071471.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.53:C:\RECYCLER\NPROTECT\00071472.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.53:C:\RECYCLER\NPROTECT\00071474.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.53:C:\RECYCLER\NPROTECT\00071477.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.53:C:\RECYCLER\NPROTECT\00071480.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.53:C:\RECYCLER\NPROTECT\00071481.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.53:C:\RECYCLER\NPROTECT\00071482.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.53:C:\RECYCLER\NPROTECT\00071483.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.53:C:\RECYCLER\NPROTECT\00071488.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.53:C:\RECYCLER\NPROTECT\00071490.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.53:C:\RECYCLER\NPROTECT\00071493.MOZ -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.53:C:\RECYCLER\NPROTECT\00071494.MOZ -> TrackingCookie.Burstn

  13. Photoshop Taking Over[RESOLVED]

    in Malware Removal

    Posted

    A few weeks ago I noticed that Photoshop (7.0) was open when I sat down at my computer. I figured that my daughter was using it and just left it open. Then last week it opened on its own while I was working. Since then it has been happening more frequently... In fact, it has opened and reopened about ten times while I have been writing this short description... Any ideas? It's getting really frustrating as you might imagine!!

    Thanks,

    Andy

    Attached is a recent (just now) Hijackthis log

    ~~~~~~~~~~~~~~~~~~~~~~~~~~

    Logfile of HijackThis v1.99.1

    Scan saved at 5:17:46 PM, on 1/1/2007

    Platform: Windows XP SP2 (WinNT 5.01.2600)

    MSIE: Internet Explorer v7.00 (7.00.5730.0011)

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\System32\Ati2evxx.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\Program Files\Ahead\InCD\InCDsrv.exe

    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

    C:\CFusionMX\runtime\bin\jrunsvc.exe

    C:\CFusionMX\db\slserver52\bin\swagent.exe

    C:\CFusionMX\runtime\bin\jrun.exe

    C:\CFusionMX\db\slserver52\bin\swstrtr.exe

    C:\CFusionMX\db\slserver52\bin\swsoc.exe

    C:\Program Files\ewido anti-spyware 4.0\guard.exe

    C:\WINDOWS\System32\inetsrv\inetinfo.exe

    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

    C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE

    C:\PROGRA~1\MI6841~1\MSSQL\binn\sqlservr.exe

    C:\Program Files\MySQL\MySQL Server 4.1\bin\mysqld-nt.exe

    C:\Program Files\Norton AntiVirus\navapsvc.exe

    C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe

    C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE

    C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe

    C:\WINDOWS\system32\DRIVERS\WtSrv.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\Ati2evxx.exe

    C:\WINDOWS\Explorer.EXE

    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

    C:\Program Files\Ahead\InCD\InCD.exe

    C:\Program Files\iTunes\iTunesHelper.exe

    C:\WINDOWS\System32\fxredir.exe

    C:\Program Files\iPod\bin\iPodService.exe

    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE

    C:\Program Files\Picasa2\PicasaMediaDetector.exe

    C:\Program Files\Microsoft IntelliPoint\point32.exe

    C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe

    C:\WINDOWS\System32\svchost.exe

    C:\Program Files\Common Files\Symantec Shared\ccApp.exe

    C:\WINDOWS\system32\WService.EXE

    C:\WINDOWS\StartupMonitor.exe

    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

    C:\Program Files\MSN Messenger\msnmsgr.exe

    C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe

    C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe

    C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe

    C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe

    C:\Program Files\SpywareGuard\sgmain.exe

    C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe

    C:\Program Files\SpywareGuard\sgbhp.exe

    C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE

    C:\WINDOWS\System32\dllhost.exe

    C:\Program Files\Internet Explorer\iexplore.exe

    C:\Program Files\Mozilla Firefox\firefox.exe

    C:\Program Files\Adobe\Photoshop 7.0\Photoshop.exe

    C:\WINDOWS\system32\wuauclt.exe

    C:\Program Files\Messenger\msmsgs.exe

    C:\WINDOWS\explorer.exe

    C:\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://andy/HoffmannPages/local.htm

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx

    O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll

    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll

    O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll

    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll

    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

    O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll

    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll

    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

    O4 - HKLM\..\Run: [inCD] C:\Program Files\Ahead\InCD\InCD.exe

    O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe

    O4 - HKLM\..\Run: [fxredir] C:\WINDOWS\System32\fxredir.exe

    O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P30 "EPSON Stylus Photo R300

    Series" /O6 "USB001" /M "Stylus Photo R300"

    O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe

    O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"

    O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"

    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

    O4 - HKLM\..\Run: [NAV CfgWiz] "C:\Program Files\Norton AntiVirus\CfgWiz.exe" /GUID {0D7956A2-5A08-4ec2-A72C-DF8495A66016} /MODE CfgWiz

    /CMDLINE "REBOOT"

    O4 - HKLM\..\Run: [WService] WService.EXE

    O4 - HKLM\..\Run: [Run StartupMonitor] StartupMonitor.exe

    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe

    O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe

    O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe

    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

    O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe

    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm

    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

    O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live

    Toolbar\Components\en-us\msntabres.dll.mui/229?b0e95273d9624c4fb9c5f87ea50a6d3

    O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live

    Toolbar\Components\en-us\msntabres.dll.mui/230?b0e95273d9624c4fb9c5f87ea50a6d3

    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll

    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll

    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O11 - Options group: [iNTERNATIONAL] International*

    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) -

    http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab

    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) -

    http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

    O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab

    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

    O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) -

    http://secure.photofinale.com/ImageUploade...geUploader3.cab

    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL

    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe

    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

    O23 - Service: ColdFusion MX Application Server - Macromedia Inc. - C:\CFusionMX\runtime\bin\jrunsvc.exe

    O23 - Service: ColdFusion MX ODBC Agent - Unknown owner - C:\CFusionMX\db\slserver52\bin\swagent.exe

    O23 - Service: ColdFusion MX ODBC Server - Unknown owner - C:\CFusionMX\db\slserver52\bin\swstrtr.exe

    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe

    O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe

    O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe

    O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

    O23 - Service: MpService - Canon Inc - C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE

    O23 - Service: SQL Server (MSSMLBIZ) (MSSQL$MSSMLBIZ) - Unknown owner - c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe"

    -sMSSMLBIZ (file missing)

    O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)

    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe

    O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe

    O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE

    O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security

    Console\NSCSRVCE.EXE

    O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe

    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

    O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

    O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe

    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

    O23 - Service: WinTab Service (WinTabService) - Unknown owner - C:\WINDOWS\system32\DRIVERS\WtSrv.exe

  14. Xp Sp@ Glitch

    in Windows 10, 8, 7, Vista, and XP

    Posted

    Hi Terrorist 75,

    Before I change things in the start up files I have a few questions:

    • Is Mike Lin’s program what I should be using to disable programs?

    • If I change something that I later want to have back, how do I do that?

    • Since the last list I sent you I’ve added a few programs. Below is a list of the new entries listed in Mike Lin’s Startup

    Also, any ideas on the yellow form fields described in my last post?

    Thanks,

    Andy

    _______________________________________

    Here are the NEW files listed in Mike Lin’s Start up since installing the new Norton AV, the various programs installed to clean up Malware (*ewido etc) and installing a “Cool-i-Cam digitizing tablet. They are listed by tab:

    Startup (users)

    • Quick StartUp C:\PENSOFT\fquick32.exe

    • Start C:\PENSOFT\Quick95.exe

    Startup (common)

    • Annotate All C:\DIGITAL IMAGING CREATIVITY KIT\PreAnntt.exe

    HKLM / Run

    • !ewido "C:\Program Files\ewido anti-spyware 4.0\ewido.exe /minimized

    • NAV CfgWiz "C:\Program Files\Norton AntiVirus\CfgWiz.exe" /GUID {0D7956A2-5A08-4ec2-A72C-DF8495A66016} /MODE CfgWiz /CMDLINE "REBOOT"

    • PenLock

    • WService WService.EXE

    HKCU / Run

    • No New Files

    Run Once

    • No New Files

    Deleted

    • No New Files

  15. Xp Sp@ Glitch

    in Windows 10, 8, 7, Vista, and XP

    Posted

    Hi Terrorist 75,

    I have finally followed up on your suggestion to get checked at the Malware Forum. I have gone through their recommendations and now have a clean bill of health. Here's the link to that topic:

    http://www.besttechie.net/forums/index.php?showtopic=9364

    You mentioned that you thought some of the programs in my startup may be questionable. I'd like to follow up on that. Do you need a new list of startup programs?

    Also, another issue that I have noticed lately that makes me suspect something is amiss is that in web pages that have forms some of the form fields now have a yellow background and they didn't used to. I notice this both on pages I visit on the web, as well as pages I wrote myself (ColdFusion code) that are availabe only to my home "network" (two machines). I know the code does not define any color backgrounds for the fields.

    Thanks,

    Andy

  16. Start-up Clean Up[RESOLVED]

    in Malware Removal

    Posted

    Hi Steamhead,

    Thanks for the fast reply.

    I ran thte ATF cleaner and the Panda scan was clean. I've added the new HJT log below.

    Any ideas on the yellow backgrounds on the form fields that I described in my initial post, or is that a question for another forum?

    Thanks,

    Andy

    _________________________

    HijackThis log

    Logfile of HijackThis v1.99.1

    Scan saved at 2:24:04 PM, on 7/31/2006

    Platform: Windows XP SP2 (WinNT 5.01.2600)

    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\System32\Ati2evxx.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\Program Files\Ahead\InCD\InCDsrv.exe

    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

    C:\CFusionMX\runtime\bin\jrunsvc.exe

    C:\CFusionMX\db\slserver52\bin\swagent.exe

    C:\CFusionMX\runtime\bin\jrun.exe

    C:\CFusionMX\db\slserver52\bin\swstrtr.exe

    C:\CFusionMX\db\slserver52\bin\swsoc.exe

    C:\Program Files\ewido anti-spyware 4.0\guard.exe

    C:\WINDOWS\System32\inetsrv\inetinfo.exe

    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

    C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE

    C:\PROGRA~1\MI6841~1\MSSQL\binn\sqlservr.exe

    C:\Program Files\Norton AntiVirus\navapsvc.exe

    C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe

    C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE

    C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe

    C:\WINDOWS\System32\Drivers\WTSRV.EXE

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\Ati2evxx.exe

    C:\WINDOWS\Explorer.EXE

    C:\WINDOWS\system32\ntvdm.exe

    C:\WINDOWS\SOUNDMAN.EXE

    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

    C:\Program Files\Ahead\InCD\InCD.exe

    C:\Program Files\QuickTime\qttask.exe

    C:\Program Files\iTunes\iTunesHelper.exe

    C:\Program Files\Microsoft IntelliType Pro\type32.exe

    C:\Program Files\iPod\bin\iPodService.exe

    C:\Program Files\Caere\OmniPagePro90\opware32.exe

    C:\WINDOWS\System32\fxredir.exe

    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE

    C:\Program Files\Picasa2\PicasaMediaDetector.exe

    C:\Program Files\Microsoft IntelliPoint\point32.exe

    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

    C:\Program Files\Common Files\Symantec Shared\ccApp.exe

    C:\WINDOWS\System32\svchost.exe

    C:\Program Files\ewido anti-spyware 4.0\ewido.exe

    C:\WINDOWS\system32\WService.EXE

    C:\Program Files\MSN Messenger\MsnMsgr.Exe

    C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe

    C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe

    C:\DIGITAL IMAGING CREATIVITY KIT\PreAnntt.exe

    C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe

    C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe

    C:\Program Files\WinZip\WZQKPICK.EXE

    C:\PENSOFT\fquick32.exe

    C:\WINDOWS\system32\wuauclt.exe

    C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE

    C:\WINDOWS\system32\WISPTIS.EXE

    C:\WINDOWS\System32\dllhost.exe

    C:\Program Files\Internet Explorer\iexplore.exe

    C:\Program Files\Messenger\msmsgs.exe

    C:\WINDOWS\explorer.exe

    C:\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://andy/HoffmannPages/local.htm

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx

    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll

    O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll

    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN

    Toolbar\01.02.5000.1021\en-us\msntb.dll

    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll

    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

    O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll

    O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

    O4 - HKLM\..\Run: [inCD] C:\Program Files\Ahead\InCD\InCD.exe

    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

    O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe

    O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"

    O4 - HKLM\..\Run: [OmniPage] C:\Program Files\Caere\OmniPagePro90\opware32.exe

    O4 - HKLM\..\Run: [fxredir] C:\WINDOWS\System32\fxredir.exe

    O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P30 "EPSON Stylus Photo R300

    Series" /O6 "USB001" /M "Stylus Photo R300"

    O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe

    O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"

    O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

    O4 - HKLM\..\Run: [NAV CfgWiz] "C:\Program Files\Norton AntiVirus\CfgWiz.exe" /GUID {0D7956A2-5A08-4ec2-A72C-DF8495A66016} /MODE CfgWiz

    /CMDLINE "REBOOT"

    O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized

    O4 - HKLM\..\Run: [WService] WService.EXE

    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

    O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe

    O4 - Startup: Quick StartUp.lnk = C:\PENSOFT\fquick32.exe

    O4 - Startup: Start.lnk = C:\PENSOFT\Quick95.exe

    O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe

    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

    O4 - Global Startup: Annotate All.LNK = C:\DIGITAL IMAGING CREATIVITY KIT\PreAnntt.exe

    O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe

    O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe

    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE

    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html

    O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html

    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html

    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html

    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html

    O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html

    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) -

    http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab

    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) -

    http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

    O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab

    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

    O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) -

    http://secure.photofinale.com/ImageUploade...geUploader3.cab

    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe

    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

    O23 - Service: ColdFusion MX Application Server - Macromedia Inc. - C:\CFusionMX\runtime\bin\jrunsvc.exe

    O23 - Service: ColdFusion MX ODBC Agent - Unknown owner - C:\CFusionMX\db\slserver52\bin\swagent.exe

    O23 - Service: ColdFusion MX ODBC Server - Unknown owner - C:\CFusionMX\db\slserver52\bin\swstrtr.exe

    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe

    O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe

    O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

    O23 - Service: MpService - Canon Inc - C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE

    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe

    O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe

    O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE

    O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security

    Console\NSCSRVCE.EXE

    O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe

    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

    O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

    O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe

    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

    O23 - Service: WinTab Service (WinTabService) - Unknown owner - C:\WINDOWS\system32\DRIVERS\WtSrv.exe

  17. Start-up Clean Up[RESOLVED]

    in Malware Removal

    Posted

    Greetings,

    I contacted the PC Support forum to help in figuring out a startup problem I was having. “TheTerrorist 75†was able to help fix the start-up issue, but he noticed some suspicious programs and suggested I work with the Malware forum to clean up things. Here is the linkt to the PC Topic discussion:

    http://www.besttechie.net/forums/index.php?showtopic=9150

    Another issue that I have noticed lately that makes me suspect some sort of Malware is that in web pages that have forms some of the form fields have a yellow background. I notice this both on pages I visit on the web, as well as pages I wrote myself (ColdFusion code) that are availabe only to my home "network" (two machines). I know the code does not define any color backgrounds for the fields.

    I followed the recommendations from TheTerrorist 75 and below are the Ewido and Hijack This logs:

    Thanks,

    Andy

    _______________________

    Ewido Log

    ---------------------------------------------------------

    ewido anti-spyware - Scan Report

    ---------------------------------------------------------

    + Created at: 11:20:21 AM 7/31/2006

    + Scan result:

    C:\Documents and Settings\aghoffmann\Cookies\aghoffmann@atdmt[1].txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).

    C:\RECYCLER\NPROTECT\00699337.TXT -> TrackingCookie.Burstbeacon : Cleaned with backup (quarantined).

    C:\RECYCLER\NPROTECT\00699338.TXT -> TrackingCookie.Com : Cleaned with backup (quarantined).

    ::Report end

    _______________________

    Hijack This log

    Logfile of HijackThis v1.99.1

    Scan saved at 11:34:44 AM, on 7/31/2006

    Platform: Windows XP SP2 (WinNT 5.01.2600)

    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\System32\Ati2evxx.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\Program Files\Ahead\InCD\InCDsrv.exe

    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

    C:\CFusionMX\runtime\bin\jrunsvc.exe

    C:\CFusionMX\db\slserver52\bin\swagent.exe

    C:\CFusionMX\runtime\bin\jrun.exe

    C:\CFusionMX\db\slserver52\bin\swstrtr.exe

    C:\CFusionMX\db\slserver52\bin\swsoc.exe

    C:\Program Files\ewido anti-spyware 4.0\guard.exe

    C:\WINDOWS\System32\inetsrv\inetinfo.exe

    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

    C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE

    C:\PROGRA~1\MI6841~1\MSSQL\binn\sqlservr.exe

    C:\Program Files\Norton AntiVirus\navapsvc.exe

    C:\WINDOWS\system32\Ati2evxx.exe

    C:\WINDOWS\Explorer.EXE

    C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe

    C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE

    C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe

    C:\WINDOWS\SOUNDMAN.EXE

    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

    C:\Program Files\Ahead\InCD\InCD.exe

    C:\Program Files\QuickTime\qttask.exe

    C:\Program Files\iTunes\iTunesHelper.exe

    C:\Program Files\Microsoft IntelliType Pro\type32.exe

    C:\Program Files\iPod\bin\iPodService.exe

    C:\Program Files\Caere\OmniPagePro90\opware32.exe

    C:\WINDOWS\system32\ntvdm.exe

    C:\WINDOWS\System32\fxredir.exe

    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE

    C:\Program Files\Picasa2\PicasaMediaDetector.exe

    C:\WINDOWS\System32\svchost.exe

    C:\Program Files\Microsoft IntelliPoint\point32.exe

    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

    C:\Program Files\Common Files\Symantec Shared\ccApp.exe

    C:\WINDOWS\System32\svchost.exe

    C:\Program Files\ewido anti-spyware 4.0\ewido.exe

    C:\Program Files\MSN Messenger\MsnMsgr.Exe

    C:\WINDOWS\system32\msiexec.exe

    C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe

    C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe

    C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe

    C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe

    C:\Program Files\WinZip\WZQKPICK.EXE

    C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE

    C:\WINDOWS\system32\wuauclt.exe

    C:\Program Files\Internet Explorer\iexplore.exe

    C:\WINDOWS\System32\dllhost.exe

    C:\Program Files\Microsoft Office\Office10\WINWORD.EXE

    C:\Program Files\Messenger\msmsgs.exe

    C:\WINDOWS\explorer.exe

    C:\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://andy/HoffmannPages/local.htm

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx

    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll

    O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll

    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll

    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll

    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

    O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll

    O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

    O4 - HKLM\..\Run: [inCD] C:\Program Files\Ahead\InCD\InCD.exe

    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

    O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe

    O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"

    O4 - HKLM\..\Run: [OmniPage] C:\Program Files\Caere\OmniPagePro90\opware32.exe

    O4 - HKLM\..\Run: [fxredir] C:\WINDOWS\System32\fxredir.exe

    O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P30 "EPSON Stylus Photo R300 Series" /O6 "USB001" /M "Stylus Photo R300"

    O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe

    O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"

    O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

    O4 - HKLM\..\Run: [NAV CfgWiz] "C:\Program Files\Norton AntiVirus\CfgWiz.exe" /GUID {0D7956A2-5A08-4ec2-A72C-DF8495A66016} /MODE CfgWiz /CMDLINE "REBOOT"

    O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized

    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

    O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe

    O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe

    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

    O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe

    O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe

    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE

    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html

    O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html

    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html

    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html

    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html

    O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html

    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab

    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

    O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab

    O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://secure.photofinale.com/ImageUploade...geUploader3.cab

    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe

    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

    O23 - Service: ColdFusion MX Application Server - Macromedia Inc. - C:\CFusionMX\runtime\bin\jrunsvc.exe

    O23 - Service: ColdFusion MX ODBC Agent - Unknown owner - C:\CFusionMX\db\slserver52\bin\swagent.exe

    O23 - Service: ColdFusion MX ODBC Server - Unknown owner - C:\CFusionMX\db\slserver52\bin\swstrtr.exe

    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe

    O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe

    O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

    O23 - Service: MpService - Canon Inc - C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE

    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe

    O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe

    O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE

    O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE

    O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe

    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

    O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

    O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe

    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

  18. Tuspp.dl, Opppp.dll And Trojan.awax Problems[RESOLVED]

    in Malware Removal

    Posted · Edited by Andy

    Matt,

    Things are looking good. The computer is working better than it has in a long time. It was litterally unusable when I finally discovered Besttechie.net. I was ready to format C and start over.

    It has truly been a pleasure working with you on this. I'm impressed with your fast responses, patience with all my questions and thoroughness in getting the job done.

    I have also learned a great deal from working with you.

    You guys are truly the Super Heroes of Cyber Space, and the evils you fight are every bit as nasty as any conjured up by Hollywood... except the jerks you deal with are real. I really don't understand the mind of people that would intentionally cause such grief and expense for folks.

    You certainly provide a valuable service. I think I could probably keep finding questions “’till the cows come home”, but I think we can call this Topic Closed

    MANY THANKS,

    Andy

  19. Tuspp.dl, Opppp.dll And Trojan.awax Problems[RESOLVED]

    in Malware Removal

    Posted · Edited by Andy

    Hi Matt,

    Thanks for all your help; thing are going much smoother. As I continue to update and clean up I’m coming up with a few more questions.

    • I have updated Windows and activated Automatic Updates. Seems every time I reboot there are a few more updates. I figure that is because some updates are dependent on earlier updates being completed.

    • I was gong through Add/Remove Programs deleting old unused programs and discovered that SysProtect 1.3.148.0 is still listed. There is also a listing for SysProtect in the START>Programs menu. In the Start>Programs>SysProtect submenu there is an “uninstall†program. I didn’t dare click that one. How should those items be dealt with?

    • I noticed the Ewido seemed to be one of the primary tools you used for detecting malware. How does that fit into the list of tools you recommend? I realize its not free as the programs you listed. I like free, but I also don’t mind paying for good tools. Would Ewido compliment the list? Is it considered an “Anti-virus†and thus shouldn’t be used with other AV programs?

    • How often should the programs like SpyBot and AdAware (and Ewido) be run? Some of the programs can be scheduled for automatically scanning, what is a good interval?

    • The IE-SpyAd program that lists over 5000 sites. Is that
    JUST
    for Internet Explore? Is there an equivalent for FireFox? If I use FireFox, do I need it?

    Thanks,

    Andy

  20. Tuspp.dl, Opppp.dll And Trojan.awax Problems[RESOLVED]

    in Malware Removal

    Posted · Edited by Andy

    Hi Matt,

    We’re still chipping away!!

    A few observations

    • At your suggestion I went to remove Avenger. I deleted the downloaded .zip file, however when I went to Add/Remove programs I could not find an entry for “Avengerâ€. Is there a special uninstall program somewhere?

    • A couple other cleanup programs to add to the list of programs I listed in my posting yesterday. I downloaded the limited version of “Avastâ€; there is a Home version too, which I didn’t use. I also downloaded several Iomatic programs: System Medic, Registry Medic and Ram Medic. How do these fit into the mix? Several of the downloaded trial versions of these and the other programs I listed earlier expire soon. I plan to purchase the full version, but probably can’t afford ALL the ones I’ve tried. I’ll await your recommendation.

    • You mentioned that Norton’s AV isn’t the greatest security software. My ISP recommended F-Secure because Norton is know to cause problems with my internet connection. How does F-Secure rate?

    • When I opened Ewido to run it, the “Resident Shield†as inactive. I activated it. Was that OK?

    • After running Ewido I clicked on the “fix†button. It gave me a message that a File can’t be quarantined because it is embedded in an archive. I chose the option to quarantine the whole archive. (The file was one of the SysProtect files).

    • I was surprised that Ewido found as many more nasties as it did!

    • FYI… for an example of how much better things are going already, Ewido only took a few hours to run, compared to literally a couple of days to run the first time. (CounterSpy took just 20 minutes shy of
    3 days
    to run the first time!!!)

    • Another thing I try to do on a regular basis is Defragment my drive. I’ve been told that the Windows defragmenter isn’t that great. I’ve also use Norton’s “Speed Diskâ€. Do you know of other programs that work better? I realize this isn’t a Malware issue, but thought I’d ask cause it affects system performance and I plan to defrag as soon as I get "clean".

    • I opened a FireFox browser just now and started typing in the URL for BestTechie. As I typed a list of previously entered sites came up so I clicked on the listing for Besttechie.net. It took me to another site... do we still have something going on? I tried it again and it worked fine.

    Thanks,

    Andy

    Here are the new logs:

    ___________________________

    Ewido Report

    ---------------------------------------------------------

    ewido anti-spyware - Scan Report

    ---------------------------------------------------------

    + Created at: 6:34:56 PM 7/18/2006

    + Scan result:

    C:\!KillBox\USYP_0001_N85M2606NetInstaller.exe -> Downloader.Agent.alr : Cleaned with backup (quarantined).

    C:\Documents and Settings\Andy\Local Settings\Temp\ICD1.tmp\USYP_0001_N85M2606NetInstaller.exe -> Downloader.Agent.alr : Cleaned with backup (quarantined).

    C:\Documents and Settings\Andy\Local Settings\Temporary Internet Files\Content.IE5\8HEJ4HI3\SysProtectScannerInstall[1].cab/USYP_0001_N85M2606NetInstaller.exe -> Downloader.Agent.alr : Cleaned with backup (quarantined).

    C:\WINDOWS\Downloaded Program Files\CONFLICT.1\UWA6P_0001_N85M0307NetInstaller.exe -> Downloader.Agent.alr : Cleaned with backup (quarantined).

    C:\WINDOWS\Downloaded Program Files\CONFLICT.2\UWA6P_0001_N85M0307NetInstaller.exe -> Downloader.Agent.alr : Cleaned with backup (quarantined).

    C:\WINDOWS\Downloaded Program Files\CONFLICT.3\UWA6P_0001_N85M0307NetInstaller.exe -> Downloader.Agent.alr : Cleaned with backup (quarantined).

    C:\WINDOWS\Downloaded Program Files\CONFLICT.4\UWA6P_0001_N85M0307NetInstaller.exe -> Downloader.Agent.alr : Cleaned with backup (quarantined).

    C:\WINDOWS\Downloaded Program Files\UWA6P_0001_N85M0307NetInstaller.exe -> Downloader.Agent.alr : Cleaned with backup (quarantined).

    C:\Documents and Settings\Andy\Local Settings\Temporary Internet Files\Content.IE5\QH8B6PML\popup[2].php -> Hijacker.Agent.a : Cleaned with backup (quarantined).

    C:\WINDOWS\system32\crrffybp.dll -> Logger.VBStat.c : Cleaned with backup (quarantined).

    C:\WINDOWS\Downloaded Program Files\UWA6P_0001_N73M0604NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.f : Ignored.

    :mozilla.17:C:\RECYCLER\NPROTECT\05653057.MOZ -> TrackingCookie.2o7 : Cleaned.

    :mozilla.19:C:\RECYCLER\NPROTECT\05653038.MOZ -> TrackingCookie.2o7 : Cleaned.

    :mozilla.19:C:\RECYCLER\NPROTECT\05653067.MOZ -> TrackingCookie.2o7 : Cleaned.

    :mozilla.19:C:\RECYCLER\NPROTECT\05660169.MOZ -> TrackingCookie.2o7 : Cleaned.

    :mozilla.21:C:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\dxvm3tsr.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.

    :mozilla.21:C:\RECYCLER\NPROTECT\05660191.MOZ -> TrackingCookie.2o7 : Cleaned.

    :mozilla.21:C:\RECYCLER\NPROTECT\05660207.MOZ -> TrackingCookie.2o7 : Cleaned.

    :mozilla.21:C:\RECYCLER\NPROTECT\05660935.MOZ -> TrackingCookie.2o7 : Cleaned.

    :mozilla.22:C:\RECYCLER\NPROTECT\05660212.MOZ -> TrackingCookie.2o7 : Cleaned.

    :mozilla.22:C:\RECYCLER\NPROTECT\05660217.MOZ -> TrackingCookie.2o7 : Cleaned.

    :mozilla.22:C:\RECYCLER\NPROTECT\05660932.MOZ -> TrackingCookie.2o7 : Cleaned.

    :mozilla.18:C:\RECYCLER\NPROTECT\05653057.MOZ -> TrackingCookie.Atdmt : Cleaned.

    :mozilla.20:C:\RECYCLER\NPROTECT\05653038.MOZ -> TrackingCookie.Atdmt : Cleaned.

    :mozilla.20:C:\RECYCLER\NPROTECT\05653067.MOZ -> TrackingCookie.Atdmt : Cleaned.

    :mozilla.20:C:\RECYCLER\NPROTECT\05660169.MOZ -> TrackingCookie.Atdmt : Cleaned.

    :mozilla.22:C:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\dxvm3tsr.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.

    :mozilla.22:C:\RECYCLER\NPROTECT\05660191.MOZ -> TrackingCookie.Atdmt : Cleaned.

    :mozilla.22:C:\RECYCLER\NPROTECT\05660207.MOZ -> TrackingCookie.Atdmt : Cleaned.

    :mozilla.22:C:\RECYCLER\NPROTECT\05660935.MOZ -> TrackingCookie.Atdmt : Cleaned.

    :mozilla.23:C:\RECYCLER\NPROTECT\05660212.MOZ -> TrackingCookie.Atdmt : Cleaned.

    :mozilla.23:C:\RECYCLER\NPROTECT\05660217.MOZ -> TrackingCookie.Atdmt : Cleaned.

    :mozilla.23:C:\RECYCLER\NPROTECT\05660932.MOZ -> TrackingCookie.Atdmt : Cleaned.

    C:\Documents and Settings\Andy\Cookies\andy@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned.

    C:\Documents and Settings\Andy\Cookies\[email protected][1].txt -> TrackingCookie.Hitbox : Cleaned.

    C:\RECYCLER\NPROTECT\05660701 -> TrackingCookie.Hitbox : Cleaned.

    C:\Documents and Settings\Andy\Cookies\[email protected][2].txt -> TrackingCookie.Reliablestats : Cleaned.

    C:\RECYCLER\NPROTECT\05660715 -> TrackingCookie.Zedo : Cleaned.

    ::Report end

    _______________________________________

    HJT log

    Logfile of HijackThis v1.99.1

    Scan saved at 6:40:51 PM, on 7/18/2006

    Platform: Windows XP SP1 (WinNT 5.01.2600)

    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\WINDOWS\Explorer.EXE

    C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunThreatEngine.exe

    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

    C:\WINDOWS\system32\crypserv.exe

    C:\Program Files\ewido anti-spyware 4.0\guard.exe

    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

    C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE

    C:\Program Files\Norton AntiVirus\navapsvc.exe

    C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe

    C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE

    C:\WINDOWS\System32\nvsvc32.exe

    C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe

    C:\WINDOWS\System32\tcpsvcs.exe

    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

    C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe

    C:\WINDOWS\System32\svchost.exe

    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

    C:\Program Files\Sunbelt Software\CounterSpy\Consumer\SunProtectionServer.exe

    C:\Program Files\Canon\MultiPASS4\monitr32.exe

    C:\WINDOWS\System32\fxredir.exe

    C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe

    C:\WINDOWS\MXOALDR.EXE

    C:\WINDOWS\System32\wuauclt.exe

    C:\Program Files\Common Files\Symantec Shared\ccApp.exe

    C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe

    C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe

    C:\WINDOWS\System32\ctfmon.exe

    C:\Program Files\MemTurbo\MemTurbo.exe

    C:\Program Files\ewido anti-spyware 4.0\ewido.exe

    C:\WINDOWS\explorer.exe

    C:\Documents and Settings\Andy\My Documents\Downloads\HiJackThis\HijackThis.exe

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1.1\SDHelper.dll

    O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll

    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll

    O4 - HKLM\..\Run: [monitr32] C:\Program Files\Canon\MultiPASS4\monitr32.exe

    O4 - HKLM\..\Run: [fxredir] C:\WINDOWS\System32\fxredir.exe

    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

    O4 - HKLM\..\Run: [MaxtorOneTouch] C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe

    O4 - HKLM\..\Run: [MXO Auto Loader] C:\WINDOWS\MXOALDR.EXE

    O4 - HKLM\..\Run: [sSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe

    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

    O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer

    O4 - HKLM\..\Run: [sunServer] C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe

    O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot

    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe

    O4 - Startup: MemTurbo.lnk = C:\Program Files\MemTurbo\MemTurbo.exe

    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll

    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll

    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

    O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

    O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab

    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab

    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst20040510.cab

    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200212...meInstaller.exe

    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

    O16 - DPF: {928626A3-6B98-11CF-90B4-00AA00A4011F} (SurroundVideoCtrl Object) - http://autos.msn.com/Components/Ocx/SurVid/MSSurVid.cab

    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab

    O16 - DPF: {BB47CA33-8B4D-11D0-9511-00C04FD9152D} (ExteriorSurround Object) - http://autos.msn.com/Components/Ocx/Exterior/Outside.cab

    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe

    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

    O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe

    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe

    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

    O23 - Service: MpService - Canon Inc - C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE

    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe

    O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe

    O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE

    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

    O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe

    O23 - Service: Retrospect Helper - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\rthlpsvc.exe

    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe

    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe

    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

    O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe

    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

  21. Tuspp.dl, Opppp.dll And Trojan.awax Problems[RESOLVED]

    in Malware Removal

    Posted

    Matt,

    YAHOO!! We’re making progress now!

    Observations:

    • CWShredder opened fine and the update said we were running the most current version

    • Had trouble opening in Safe Mode. At one point something about a file ccapp.? flashed by, any ideas

    • Never got a “real†Safe mode screen, just a black screen with “Safe Mode†written in each corner. I finally ran CWShreadder as a “New Application†from Task Manager which did come up in the black SafeMode screen…

    • CWshredder found no problems, so I didn’t have anything to agree with.

    • I ran HJT to check the appropriate items, however the two references to the opppp.dll were not listed. Hmmm something must have worked!!!

    • Avenger ran smoothly and after it ran things REALLY sped up!

    Post cleaning observations

    • The CPU is no longer maxed a 100%, however it does spike a lot going from 1-3% jumping to 50 to 70%, every couple of seconds with no applications running… Is there still some nasty there?

    • I noticed that winlogon.exe is still an active process, but it is not dominating the CPU usage… we must have the real thing back. The process that seems to be spiking the CPU performance is the SunProtectionServer.exe… is that part of CounterSpy? Should it take so much resources?

    • I tried running in Safe Mode after this round and it booted up into SafeMode fine.

    • Rebooted in Normal Made and for the first time in a long time I didn’t get any pop-ups blasting me!

    • I was going to open an Internet Explorer browser and see if I got attacked, but I thought I should probably wait till you had a chance to check over the logs before I opened that door again.

    What’s next?

    • I’ve had Norton AV running for years, I’ve used SpyBot and a-squared, for a long time too. Recently when thing started getting REALLY bad I discovered and added AdAware, CounterSpy and Ewido. Are these overkill? Do they work well together? Anything else I should have on board?

    • Should I delete the backup.zip in the C:\avenger\ subdirectory?

    • Should I enable CounterSpy?

    • Are we ready to install SP2? Windows “Automatic Updates†keeps telling me I have 2 updated to install… one of which I know is SP2

    Here are the files from this round:

    THANKS!

    Andy

    ____________________________________

    Avenger.txt:

    Logfile of The Avenger version 1, by Swandog46

    Running from registry key:

    \Registry\Machine\System\CurrentControlSet\Services\fegtbywq

    *******************

    Script file located at: \??\C:\WINDOWS\mwfiktxg.txt

    Script file opened successfully.

    Script file read successfully

    Backups directory opened successfully at C:\Avenger

    *******************

    Beginning to process script file:

    File C:\WINDOWS\System32\opppp.dll not found!

    Deletion of file C:\WINDOWS\System32\opppp.dll failed!

    Could not process line:

    C:\WINDOWS\System32\opppp.dll

    Status: 0xc0000034

    File C:\WINDOWS\system32\tuspp.dll deleted successfully.

    Completed script processing.

    *******************

    Finished! Terminate.

    __________________________________________

    Hi JackThis Log

    Logfile of HijackThis v1.99.1

    Scan saved at 10:04:09 PM, on 7/17/2006

    Platform: Windows XP SP1 (WinNT 5.01.2600)

    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\WINDOWS\Explorer.EXE

    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

    C:\WINDOWS\system32\crypserv.exe

    C:\Program Files\ewido anti-spyware 4.0\guard.exe

    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

    C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE

    C:\Program Files\Norton AntiVirus\navapsvc.exe

    C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe

    C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE

    C:\WINDOWS\System32\nvsvc32.exe

    C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe

    C:\WINDOWS\System32\tcpsvcs.exe

    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

    C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe

    C:\WINDOWS\System32\svchost.exe

    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

    C:\Program Files\Canon\MultiPASS4\monitr32.exe

    C:\WINDOWS\System32\wuauclt.exe

    C:\WINDOWS\System32\fxredir.exe

    C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe

    C:\WINDOWS\MXOALDR.EXE

    C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe

    C:\Program Files\Common Files\Symantec Shared\ccApp.exe

    C:\WINDOWS\System32\wuauclt.exe

    C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe

    C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe

    C:\WINDOWS\System32\ctfmon.exe

    C:\Program Files\MemTurbo\MemTurbo.exe

    C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunThreatEngine.exe

    C:\Program Files\Sunbelt Software\CounterSpy\Consumer\SunProtectionServer.exe

    C:\Documents and Settings\Andy\My Documents\Downloads\HiJackThis\HijackThis.exe

    C:\Program Files\Symantec\LiveUpdate\AUpdate.exe

    C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

    C:\Program Files\Messenger\msmsgs.exe

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1.1\SDHelper.dll

    O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll

    O2 - BHO: (no name) - {BDF90A20-C0DA-4FAE-95A2-AAA4D4D32B08} - C:\WINDOWS\system32\tuspp.dll (file missing)

    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll

    O4 - HKLM\..\Run: [monitr32] C:\Program Files\Canon\MultiPASS4\monitr32.exe

    O4 - HKLM\..\Run: [fxredir] C:\WINDOWS\System32\fxredir.exe

    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

    O4 - HKLM\..\Run: [MaxtorOneTouch] C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe

    O4 - HKLM\..\Run: [MXO Auto Loader] C:\WINDOWS\MXOALDR.EXE

    O4 - HKLM\..\Run: [sSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe

    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

    O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer

    O4 - HKLM\..\Run: [sunServer] C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe

    O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot

    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe

    O4 - Startup: MemTurbo.lnk = C:\Program Files\MemTurbo\MemTurbo.exe

    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll

    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll

    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

    O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

    O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab

    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab

    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst20040510.cab

    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200212...meInstaller.exe

    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

    O16 - DPF: {928626A3-6B98-11CF-90B4-00AA00A4011F} (SurroundVideoCtrl Object) - http://autos.msn.com/Components/Ocx/SurVid/MSSurVid.cab

    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab

    O16 - DPF: {BB47CA33-8B4D-11D0-9511-00C04FD9152D} (ExteriorSurround Object) - http://autos.msn.com/Components/Ocx/Exterior/Outside.cab

    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

    O20 - Winlogon Notify: tuspp - tuspp.dll (file missing)

    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe

    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

    O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe

    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe

    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

    O23 - Service: MpService - Canon Inc - C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE

    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe

    O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe

    O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE

    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

    O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe

    O23 - Service: Retrospect Helper - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\rthlpsvc.exe

    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe

    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe

    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

    O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe

    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

  22. Xp Sp@ Glitch

    in Windows 10, 8, 7, Vista, and XP

    Posted

    Terrorist 75,

    The quote form XPSP2 STOP DEVICE described my problem to a T. I went into Add/Remove programs and deleted the driver and rebooted. That stoped the notice from coming up and the card readers still work fine. I also noticed that GNRICXPK is no longer in my StartUp list

    The USB2.0CardReader CF RW USB Device, and Combo USB Device are listed in the Device Manager, but I did NOT remove them yet. Do I still need to do that, or am I good since the notice is gone and the readers still work?

    I use the readers a lot... I'm into digital photography so I use them almost daily and do I don't want to take any chances of messing them up.

    I'll work on your other instruction next (I might not be able to untill tomorrow evening as I'll be out of town tomorrow)

    Thanks for your help on this.

    Andy

  23. Tuspp.dl, Opppp.dll And Trojan.awax Problems[RESOLVED]

    in Malware Removal

    Posted

    Matt,

    Here are the latest Panda Scan and HJT logs

    It seems like we are making progress until I open Internet Explorer, then all the nasties start hammering away. I even saw a few new ones this time: “Vertical Response†and “The Shield Pro 2006†along with the standard WinAntiVirusPro, SysProtect and Trojan.Awax. Here are my observations on this round:

    • The nasty dlls, opppp and tuspp, seen impervious to all our efforts

    • I notice that the CPU usage (as viewed through Task Manager, Performance tab) is ALWAYS at 100% even when I have no applications open… winlogon.exe seems to always be running as a process… any ideas?

    • I disabled Counter Spy with no problems

    • The HJT Fix went smoothly, though those darn persistent dlls, opppp and tuspp, are still there.

    • I already had hidden files and folders visible. When I tried deleting the dlls in Safe Mode I got an error notice: “Cannot delete: It is being used by another program or person. Close any programs that might be using the file and try againâ€. According to Task Manager, no “applications†were running, but lots of “processes†were going… including our nasty dlls

    • Deletion of the two folders worked.

    • When I rebooted after “Safe Mode†I got several pop-up: MPService application Error, and Ewido notice that Malware was detected, tuspp.dll (I cleaned and quarantined), Norton Antivirous finding Trojan.awax (tuspp.dll), Implementing the NT Services errors. Also CounterSpy updated its files. I subsequently deactivated CounterSpy again.

    • When the Norton Antivirus window opens notifying about the Trojan.awax, I click OK to get rid of it, but it just toggles between two nearly identical windows. One saying that the file was detected, and one saying that it could not be removed. However it never closes, I have to use Task Manager to get rid of it.

    • After running Killbox I did not get any messages this time and it did reboot automatically this time.

    • Panda requires that IE be used which appears to make us vulnerable to all the nasties. I mentioned earlier that I get the about:blank as the IE Home. I this because we’ve deleted the homepage definition?

    • I had to start Panda several times. I found when I try to close the browser windows opened by the hijackers, ALL the browser windows close, so I eventually had to run Panda with the other browsers windows open.

    Are these observations helpful, or can you tell as much from the logs.

    I sure appreciate your patience and persistence!!

    Thanks

    Andy

    _________________________________

    New Panda Report

    Incident Status Location

    Potentially unwanted tool:application/winfixer2005 Not disinfected c:\windows\downloaded program files\UWA6P_0001_N73M0604NetInstaller.exe

    Adware:adware/limeshop Not disinfected Windows Registry

    Potentially unwanted tool:application/winantivirus2006 Not disinfected hkey_current_user\software\WinAntiVirus Pro 2006

    Spyware:spyware/virtumonde Not disinfected Windows Registry

    Potentially unwanted tool:application/sysprotect Not disinfected hkey_local_machine\software\classes\appid\CheckProduct2_1.DLL

    Potentially unwanted tool:Application/ErrorSafe Not disinfected C:\!KillBox\FRec.dll

    Potentially unwanted tool:Application/ErrorSafe Not disinfected C:\!KillBox\USYP_0001_N85M2606NetInstaller.exe

    Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\dxvm3tsr.default\cookies.txt[.microsofteup.112.2o7.net/]

    Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\dxvm3tsr.default\cookies.txt[.atdmt.com/]

    Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\dxvm3tsr.default\cookies.txt[searchportal.information.com/]

    Spyware:Cookie/Tucows Not disinfected C:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\dxvm3tsr.default\cookies.txt[.tucows.com/]

    Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Andy\Cookies\andy@hitbox[1].txt

    Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\Andy\Cookies\[email protected][2].txt

    Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Andy\Cookies\andy@zedo[1].txt

    Potentially unwanted tool:Application/ErrorSafe Not disinfected C:\Documents and Settings\Andy\Local Settings\Application Data\Sunbelt Software\CounterSpy\Quarantine\35E93FDA-9E66-4B24-B751-223610\62331321-A76D-4731-9E16-1A3063

    Potentially unwanted tool:Application/ErrorSafe Not disinfected C:\Documents and Settings\Andy\Local Settings\Application Data\Sunbelt Software\CounterSpy\Quarantine\35E93FDA-9E66-4B24-B751-223610\65EEAF63-7639-4A65-8F0C-A1C5B6

    Potentially unwanted tool:Application/BrilliantDigital Not disinfected C:\Documents and Settings\Andy\Local Settings\Application Data\Sunbelt Software\CounterSpy\Quarantine\FF3F3369-85A0-419D-B2D0-96C77A\58D00DD5-F1D5-4FD4-8C71-24DCE6

    Potentially unwanted tool:Application/BrilliantDigital Not disinfected C:\Documents and Settings\Andy\Local Settings\Application Data\Sunbelt Software\CounterSpy\Quarantine\FF3F3369-85A0-419D-B2D0-96C77A\718AE7B9-3150-4FB9-A4BA-FB9294

    Potentially unwanted tool:Application/ErrorSafe Not disinfected C:\Documents and Settings\Andy\Local Settings\Temp\ICD1.tmp\USYP_0001_N85M2606NetInstaller.exe

    Virus:Trj/Downloader.MM Disinfected C:\Documents and Settings\Andy\Local Settings\Temporary Internet Files\Content.IE5\05EN4LQN\QDow_AS2[1].cab

    Virus:Trj/Downloader.MM Disinfected C:\Documents and Settings\Andy\Local Settings\Temporary Internet Files\Content.IE5\05EN4LQN\QDow_AS2[2].cab

    Virus:Trj/Downloader.MM Disinfected C:\Documents and Settings\Andy\Local Settings\Temporary Internet Files\Content.IE5\27WV34XW\QDow_AS2[1].cab

    Virus:Trj/Downloader.MM Disinfected C:\Documents and Settings\Andy\Local Settings\Temporary Internet Files\Content.IE5\27WV34XW\QDow_AS2[2].cab

    Virus:Trj/Downloader.MM Disinfected C:\Documents and Settings\Andy\Local Settings\Temporary Internet Files\Content.IE5\27WV34XW\QDow_AS2[3].cab

    Virus:Trj/Downloader.MM Disinfected C:\Documents and Settings\Andy\Local Settings\Temporary Internet Files\Content.IE5\27WV34XW\QDow_AS2[4].cab

    Virus:Trj/Downloader.MM Disinfected C:\Documents and Settings\Andy\Local Settings\Temporary Internet Files\Content.IE5\27WV34XW\QDow_AS2[5].cab

    Virus:Trj/Downloader.MM Disinfected C:\Documents and Settings\Andy\Local Settings\Temporary Internet Files\Content.IE5\833B64TH\QDow_AS2[1].cab

    Virus:Trj/Downloader.MM Disinfected C:\Documents and Settings\Andy\Local Settings\Temporary Internet Files\Content.IE5\833B64TH\QDow_AS2[2].cab

    Virus:Trj/Downloader.MM Disinfected C:\Documents and Settings\Andy\Local Settings\Temporary Internet Files\Content.IE5\8DUZ4DEJ\QDow_AS2[1].cab

    _______________________________

    New HJT log:

    Logfile of HijackThis v1.99.1

    Scan saved at 4:19:11 PM, on 7/16/2006

    Platform: Windows XP SP1 (WinNT 5.01.2600)

    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\csrss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\WINDOWS\Explorer.EXE

    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

    C:\WINDOWS\system32\crypserv.exe

    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

    C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE

    C:\Program Files\Norton AntiVirus\navapsvc.exe

    C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe

    C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE

    C:\WINDOWS\System32\nvsvc32.exe

    C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe

    C:\WINDOWS\System32\tcpsvcs.exe

    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

    C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe

    C:\WINDOWS\System32\svchost.exe

    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

    C:\WINDOWS\System32\fxredir.exe

    C:\WINDOWS\System32\wuauclt.exe

    C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe

    C:\WINDOWS\MXOALDR.EXE

    C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe

    C:\Program Files\ewido anti-spyware 4.0\ewido.exe

    C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe

    C:\WINDOWS\System32\ctfmon.exe

    C:\Program Files\MemTurbo\MemTurbo.exe

    C:\WINDOWS\explorer.exe

    C:\Documents and Settings\Andy\My Documents\Downloads\HiJackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///C:/Documents%20and%20Settings/Andy/My%20Documents/LocalHome.htm

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

    O2 - BHO: DosSpecFolder Object - {3496D13A-609A-407B-B181-8F47B4F28AE9} - C:\WINDOWS\System32\opppp.dll

    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1.1\SDHelper.dll

    O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll

    O2 - BHO: (no name) - {BDF90A20-C0DA-4FAE-95A2-AAA4D4D32B08} - C:\WINDOWS\system32\tuspp.dll

    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll

    O4 - HKLM\..\Run: [monitr32] C:\Program Files\Canon\MultiPASS4\monitr32.exe

    O4 - HKLM\..\Run: [fxredir] C:\WINDOWS\System32\fxredir.exe

    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

    O4 - HKLM\..\Run: [MaxtorOneTouch] C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe

    O4 - HKLM\..\Run: [MXO Auto Loader] C:\WINDOWS\MXOALDR.EXE

    O4 - HKLM\..\Run: [sSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe

    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

    O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer

    O4 - HKLM\..\Run: [sunServer] C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe

    O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized

    O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot

    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe

    O4 - Startup: MemTurbo.lnk = C:\Program Files\MemTurbo\MemTurbo.exe

    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll

    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll

    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

    O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

    O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab

    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab

    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst20040510.cab

    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200212...meInstaller.exe

    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

    O16 - DPF: {928626A3-6B98-11CF-90B4-00AA00A4011F} (SurroundVideoCtrl Object) - http://autos.msn.com/Components/Ocx/SurVid/MSSurVid.cab

    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab

    O16 - DPF: {BB47CA33-8B4D-11D0-9511-00C04FD9152D} (ExteriorSurround Object) - http://autos.msn.com/Components/Ocx/Exterior/Outside.cab

    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

    O20 - Winlogon Notify: opppp - C:\WINDOWS\System32\opppp.dll

    O20 - Winlogon Notify: tuspp - C:\WINDOWS\SYSTEM32\tuspp.dll

    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe

    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

    O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe

    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe

    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

    O23 - Service: MpService - Canon Inc - C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE

    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe

    O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe

    O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE

    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

    O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe

    O23 - Service: Retrospect Helper - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\rthlpsvc.exe

    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe

    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe

    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

    O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe

    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

  24. Xp Sp@ Glitch

    in Windows 10, 8, 7, Vista, and XP

    Posted

    The Terrorist 75 and Liz,

    Thanks for the info on figuring our start up Start up files. I downloaded MikeLins Startup Control Panel and have been learning a lot.

    • Many of the entries are pretty obvious by the file name.

    • There are several that I could probably do without because I don’t use the programs much if at all.

    (ie Nero, iTunes, maybe the Adobe Gamma Loader)

    o What are the benefits of “unchecking†these entries?

    o Do they move to the Deleted list?

    o Can they be restored?

    • There is one that I can’t figure out in the “HKLM / Run†tab: GNRICXPK… any ideas?

    • I didn’t see any others that might be causing the “Stop Device†message, any ideas? I’ve listed the contents by tabs below if you'd like to browse it.

    Thanks,

    Andy

    _______________________________________

    Here are all the files listed in Mike Lins Start up, listed by tab:

    Startup (users)

    • No files

    Startup (common)

    • Acrobat Assistant - C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe

    • Adobe Gamma Loader - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

    • InterVideo WinCinema Manager - C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe

    • Service Manager - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe

    • WinZip Quick Pick - C:\Program Files\WinZip\WZQKPICK.EXE

    HKLM / Run

    • ATIPTA - C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

    • ccApp - "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

    • EPSON Stylus Photo ... C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P30 "EPSON Stylus Photo R300 Series" /O6 "USB001" /M "Stylus Photo R300"

    • Fxredir - C:\WINDOWS\System32\fxredir.exe

    • GNRICXPK - C:\PROGRA~1\FLASHC~1\GNRICXPK.exe

    • InCD - C:\Program Files\Ahead\InCD\InCD.exe

    • IntelliPoint - "C:\Program Files\Microsoft IntelliPoint\point32.exe"

    • iTunesHelper - C:\Program Files\iTunes\iTunesHelper.exe

    • NeroFilterCheck - C:\WINDOWS\system32\NeroCheck.exe

    • OmniPage - C:\Program Files\Caere\OmniPagePro90\opware32.exe

    • Picasa Media Detector - C:\Program Files\Picasa2\PicasaMediaDetector.exe

    • QD FastAndSafe

    • QuickTime Task - "C:\Program Files\QuickTime\qttask.exe" -atboottime

    • SoundMan - SOUNDMAN.EXE

    • SunJavaUpdateSched - C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

    • Symantec NetDriver Monitor - C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer

    • type32 - "C:\Program Files\Microsoft IntelliType Pro\type32.exe"

    HKCU / Run

    • MsnMsgr - "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

    • PhotoShow Deluxe Media Manager - C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe

    Run Once

    • No Files

    Deleted

    • No Files

  25. Tuspp.dl, Opppp.dll And Trojan.awax Problems[RESOLVED]

    in Malware Removal

    Posted

    Hi Matt,

    That was sure a fast turn around at your end. Thanks. Things are much slower at my end still. Seems like after the ATF scan things really slowed down. Her are my observation and notes:

    • The HJT “Fix†went smoothly. After the fix I got 8 “CounterSpy†notices saying that something was fooling around with IE. I allowed it.
    • Killbox went well too, and yes I did get the message “Pending File Rename Operations…Registery Data has been Removed by External Processâ€.
    • I had to restart it manually afterwards
    • I initially tried downloading ATF with an IE browser, but it opened with a blank screen with the title “about:blankâ€, and seemed to freeze, so I downloaded using FireFox.
    • AFT seemed to run fine.
    • Based on the above experience I initially tried running Panda ActiveScan from a FireFox browser, but I got a notice that it only worked using IE 5 or later.
    • I opened an IE browser and got the “about:blank†page again. I then pasted in the link and eventually got to the Panda page. I was unmercifully harassed by the WinAntiVirus and SysProtect pop-ups. Things started really slowing down at this point.
    • After the Panda scan I opened My Documents to get to where I could run HJT and things seemed to lock up. I tried a couple of times. Eventually needing to hit the reset button cause nothing responded. What seemed to work after restarting a second time was disconnecting the network cable so I wasn’t connected to the Internet.
    • After that I was able to run HJT.

    Below are the Panda and HJT logs

    Thanks,

    Andy

    ________________________________

    Latest HJT log

    Logfile of HijackThis v1.99.1

    Scan saved at 4:10:07 PM, on 7/15/2006

    Platform: Windows XP SP1 (WinNT 5.01.2600)

    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\csrss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\WINDOWS\Explorer.EXE

    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

    C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunThreatEngine.exe

    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

    C:\WINDOWS\system32\crypserv.exe

    C:\Program Files\ewido anti-spyware 4.0\guard.exe

    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

    C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE

    C:\Program Files\Norton AntiVirus\navapsvc.exe

    C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe

    C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE

    C:\WINDOWS\System32\nvsvc32.exe

    C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe

    C:\WINDOWS\System32\tcpsvcs.exe

    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

    C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe

    C:\WINDOWS\System32\svchost.exe

    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

    C:\Program Files\Sunbelt Software\CounterSpy\Consumer\SunProtectionServer.exe

    C:\WINDOWS\System32\wuauclt.exe

    C:\WINDOWS\System32\wuauclt.exe

    C:\WINDOWS\System32\fxredir.exe

    C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe

    C:\WINDOWS\MXOALDR.EXE

    C:\Program Files\Common Files\Symantec Shared\ccApp.exe

    C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe

    C:\Program Files\ewido anti-spyware 4.0\ewido.exe

    C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe

    C:\WINDOWS\explorer.exe

    C:\WINDOWS\System32\ctfmon.exe

    C:\Program Files\MemTurbo\MemTurbo.exe

    C:\Documents and Settings\Andy\My Documents\Downloads\HiJackThis\HijackThis.exe

    C:\Program Files\Messenger\msmsgs.exe

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

    O2 - BHO: DosSpecFolder Object - {3496D13A-609A-407B-B181-8F47B4F28AE9} - C:\WINDOWS\System32\opppp.dll

    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1.1\SDHelper.dll

    O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll

    O2 - BHO: (no name) - {BDF90A20-C0DA-4FAE-95A2-AAA4D4D32B08} - C:\WINDOWS\system32\tuspp.dll

    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll

    O4 - HKLM\..\Run: [monitr32] C:\Program Files\Canon\MultiPASS4\monitr32.exe

    O4 - HKLM\..\Run: [fxredir] C:\WINDOWS\System32\fxredir.exe

    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

    O4 - HKLM\..\Run: [MaxtorOneTouch] C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe

    O4 - HKLM\..\Run: [MXO Auto Loader] C:\WINDOWS\MXOALDR.EXE

    O4 - HKLM\..\Run: [sSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe

    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

    O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer

    O4 - HKLM\..\Run: [sunServer] C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe

    O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized

    O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot

    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe

    O4 - Startup: MemTurbo.lnk = C:\Program Files\MemTurbo\MemTurbo.exe

    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll

    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll

    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

    O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

    O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab

    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab

    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst20040510.cab

    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200212...meInstaller.exe

    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

    O16 - DPF: {928626A3-6B98-11CF-90B4-00AA00A4011F} (SurroundVideoCtrl Object) - http://autos.msn.com/Components/Ocx/SurVid/MSSurVid.cab

    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab

    O16 - DPF: {BB47CA33-8B4D-11D0-9511-00C04FD9152D} (ExteriorSurround Object) - http://autos.msn.com/Components/Ocx/Exterior/Outside.cab

    O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} - http://locator1.cdn.imagesrvr.com/sites/sy...nnerInstall.cab

    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

    O20 - Winlogon Notify: opppp - C:\WINDOWS\System32\opppp.dll

    O20 - Winlogon Notify: tuspp - C:\WINDOWS\SYSTEM32\tuspp.dll

    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe

    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

    O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe

    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe

    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

    O23 - Service: MpService - Canon Inc - C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE

    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe

    O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe

    O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE

    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

    O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe

    O23 - Service: Retrospect Helper - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\rthlpsvc.exe

    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe

    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe

    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

    O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe

    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

    _________________________________________

    Panda Report

    Incident Status Location

    Potentially unwanted tool:Application/ErrorSafe Not disinfected C:\Program Files\SysProtect Free\FRec.dll

    Potentially unwanted tool:application/winfixer2005 Not disinfected c:\windows\downloaded program files\USYP_0001_N85M2606NetInstaller.exe

    Adware:adware/dyfuca Not disinfected c:\windows\STWSI

    Potentially unwanted tool:application/winantivirus2006 Not disinfected c:\documents and settings\all users\application data\WinAntiVirus Pro 2006

    Adware:adware/limeshop Not disinfected Windows Registry

    Spyware:spyware/virtumonde Not disinfected Windows Registry

    Potentially unwanted tool:application/sysprotect Not disinfected hkey_local_machine\software\classes\appid\CheckProduct2_1.DLL

    Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\dxvm3tsr.default\cookies.txt[.microsofteup.112.2o7.net/]

    Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\dxvm3tsr.default\cookies.txt[.atdmt.com/]

    Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\dxvm3tsr.default\cookies.txt[searchportal.information.com/]

    Spyware:Cookie/Tucows Not disinfected C:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\dxvm3tsr.default\cookies.txt[.tucows.com/]

    Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\Andy\Cookies\[email protected][1].txt

    Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Andy\Cookies\andy@zedo[1].txt

    Virus:W32/Disemboweler Disinfected Personal Folders\Inbox\***11317130 ***1302015032649\ACTMOVIE.EXE

    Potentially unwanted tool:Application/ErrorSafe Not disinfected C:\Documents and Settings\Andy\Local Settings\Application Data\Sunbelt Software\CounterSpy\Quarantine\35E93FDA-9E66-4B24-B751-223610\62331321-A76D-4731-9E16-1A3063

    Potentially unwanted tool:Application/ErrorSafe Not disinfected C:\Documents and Settings\Andy\Local Settings\Application Data\Sunbelt Software\CounterSpy\Quarantine\35E93FDA-9E66-4B24-B751-223610\65EEAF63-7639-4A65-8F0C-A1C5B6

    Potentially unwanted tool:Application/BrilliantDigital Not disinfected C:\Documents and Settings\Andy\Local Settings\Application Data\Sunbelt Software\CounterSpy\Quarantine\FF3F3369-85A0-419D-B2D0-96C77A\58D00DD5-F1D5-4FD4-8C71-24DCE6

    Potentially unwanted tool:Application/BrilliantDigital Not disinfected C:\Documents and Settings\Andy\Local Settings\Application Data\Sunbelt Software\CounterSpy\Quarantine\FF3F3369-85A0-419D-B2D0-96C77A\718AE7B9-3150-4FB9-A4BA-FB9294

    Virus:Trj/Downloader.MM Disinfected C:\Documents and Settings\Andy\Local Settings\Temporary Internet Files\Content.IE5\01GPI3O5\QDow_AS2[1].cab