aghoffmann
-
Content Count
32 -
Joined
-
Last visited
Content Type
Profiles
Forums
Calendar
Posts posted by aghoffmann
-
-
Hitting the delete button worked like a charm. Certainly easier than tracking down and editing some mystery file.
It's one of those slap on the forehead "Why didn't I try that in the first place" kind of solution!! Duh!
Thanks!
-
Many of the sites I visit on the internet require a log-in Username and password, and lots of sites require additional form fields to be filled in. When I log on to these site and click in a form field I usually get a drop down list of things I have entered in that field in the past. As time goes by the list gets longer primarily because of my bad typing.
Is there a way to edit these entries? I suspect that there is a file that the browser uses to store these... and likely cookies may be involved.
How can I go about editing the bad entries in these files?
-
I periodically get a flurry of "Mail Delivery System" errors. I just sat down and checked my email after checking it only about 3 hours ago and had over 60 emails with some variation of the Returned mail / failure notice / Undeliverable mail / etc. This has occurred to me several times in the past. It seems I'll get a series of these, then nothing for a few months.
When I look at the emails it appears that emails were sent using my email address. In other words it appears that my email was "hijacked". The returned "Mail Delivery System" emails appear to be from all over the world.
I sent a hijackthis log to the malware forum the last time this happened a few months ago and had a "clean" machine. They recommended I contact the PC forum.
Any idea why I would get these? I have saved the emails this round. Would any information from them be helpful in figuring this out?
Thanks,
Andy
-
Hi Chuck,
Thanks for the fast response. I'm glad the log looks clean.
How do I confirm the restrictions you suggest below?
Thanks,
Andy
Howdy Andy, your log looks clean of infections. I don't know why you are having email problems. Try posting the problem in the PC Support section here at BesTechie.Please confirm that you have put the following restrictions / controlled options yourself as an administrator :
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
Thanks
Chuck
-
I checked my email this morning and had over 600 "Mail Delivery System" type error messages. I've checked through the day and I'm still receiving them. The "From" and "Subject" lines vary in wording, but all indicate the a mail server somewhere is rejecting mail sent from me. Could I have some sort of Malware that is sending SPAM or worse from my machine. I have an up-to-date version of AVG 7.5 running on my machine and I also ran it this morning after I detected the problem. It only found a few tracking cookies.
Here's the HijackThis log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:11:53 PM, on 6/3/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\a-squared free\a2service.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\CFusionMX\runtime\bin\jrunsvc.exe
C:\CFusionMX\db\slserver52\bin\swagent.exe
C:\CFusionMX\runtime\bin\jrun.exe
C:\CFusionMX\db\slserver52\bin\swstrtr.exe
C:\CFusionMX\db\slserver52\bin\swsoc.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\MI6841~1\MSSQL\binn\sqlservr.exe
C:\Program Files\MySQL\MySQL Server 4.1\bin\mysqld-nt.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\DRIVERS\WtSrv.exe
C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\fxredir.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\WService.EXE
C:\WINDOWS\StartupMonitor.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\dllhost.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Microsoft Office\Office10\EXCEL.EXE
C:\WINDOWS\system32\inetsrv\DavCData.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://andy/HoffmannPages/local.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [inCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [fxredir] C:\WINDOWS\System32\fxredir.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P30 "EPSON Stylus Photo R300 Series" /O6 "USB001" /M "Stylus Photo R300"
O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [WService] WService.EXE
O4 - HKLM\..\Run: [Run StartupMonitor] StartupMonitor.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: autosetupwizard.lnk = ?
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?b0e95273d9624c4fb9c5f87ea50a6d3
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?b0e95273d9624c4fb9c5f87ea50a6d3
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200612...ex/qtplugin.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedInContactFinderControl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - http://www.nanoscan.com/as/v1/cabs/ascstubie.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - http://www-307.ibm.com/pc/support/IbmEgath.cab
O16 - DPF: {8436FE12-31DB-48BF-83BF-FE682F9160B4} (NanoInstaller Class) - http://www.nanoscan.com/cabs/nanoinst.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://secure.photofinale.com/ImageUploade...geUploader3.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O20 - Winlogon Notify: avgwlntf - C:\WINDOWS\SYSTEM32\avgwlntf.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - c:\program files\a-squared free\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: AVG Firewall (AVGFwSrv) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
O23 - Service: ColdFusion MX Application Server - Macromedia Inc. - C:\CFusionMX\runtime\bin\jrunsvc.exe
O23 - Service: ColdFusion MX ODBC Agent - Unknown owner - C:\CFusionMX\db\slserver52\bin\swagent.exe
O23 - Service: ColdFusion MX ODBC Server - Unknown owner - C:\CFusionMX\db\slserver52\bin\swstrtr.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: MpService - Canon Inc - C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
O23 - Service: Pure Networks Network Magic Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WinTab Service (WinTabService) - Unknown owner - C:\WINDOWS\system32\DRIVERS\WtSrv.exe
--
End of file - 14330 bytes
-
I have a Sapphire Radeon 9600SE Edition 128MB graphics card running dual monitors. The two monitors are an old 17" Sony Trinitron and a Nokis 447L. The Sony monitor is dying (yellow color and cuts out frequently). I'd like to replace the Sony with a 20" flatscreen LCD monitor. All the flat screens I've looked at use a resolution of 1680x1050 (which I think it the HxW ratio of HDTV). The Sapphire card doesn't support the 1680x1050 resolution. Is there a driver update that would help, or am I destined to get a new graphics card too?
-
Therock,
Thanks for your help and recommendations.
I will implement the recommendations ASAP
Everythimg is working well now, no more Photoshop take overs...
Have a great 2007... you guys ar true cyber heroes
Andy
-
Attached is a new Hijackthis log
Hmmm... attachment didn't seem to work, so I've cut and pasted it below
Thanks a lot
~~~~~~~~~~~~~~~~~~~~~~~~~
Logfile of HijackThis v1.99.1
Scan saved at 9:26:27 AM, on 1/3/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\CFusionMX\runtime\bin\jrunsvc.exe
C:\CFusionMX\db\slserver52\bin\swagent.exe
C:\CFusionMX\runtime\bin\jrun.exe
C:\CFusionMX\db\slserver52\bin\swstrtr.exe
C:\CFusionMX\db\slserver52\bin\swsoc.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
C:\PROGRA~1\MI6841~1\MSSQL\binn\sqlservr.exe
C:\Program Files\MySQL\MySQL Server 4.1\bin\mysqld-nt.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\DRIVERS\WtSrv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\fxredir.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\WService.EXE
C:\WINDOWS\StartupMonitor.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\WINDOWS\System32\dllhost.exe
C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\WINDOWS\explorer.exe
C:\HijackThis\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://andy/HoffmannPages/local.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [inCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [fxredir] C:\WINDOWS\System32\fxredir.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P30 "EPSON Stylus Photo R300 Series" /O6 "USB001" /M "Stylus Photo R300"
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NAV CfgWiz] "C:\Program Files\Norton AntiVirus\CfgWiz.exe" /GUID {0D7956A2-5A08-4ec2-A72C-DF8495A66016} /MODE CfgWiz /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [WService] WService.EXE
O4 - HKLM\..\Run: [Run StartupMonitor] StartupMonitor.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?b0e95273d9624c4fb9c5f87ea50a6d3
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?b0e95273d9624c4fb9c5f87ea50a6d3
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [iNTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://secure.photofinale.com/ImageUploade...geUploader3.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ColdFusion MX Application Server - Macromedia Inc. - C:\CFusionMX\runtime\bin\jrunsvc.exe
O23 - Service: ColdFusion MX ODBC Agent - Unknown owner - C:\CFusionMX\db\slserver52\bin\swagent.exe
O23 - Service: ColdFusion MX ODBC Server - Unknown owner - C:\CFusionMX\db\slserver52\bin\swstrtr.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MpService - Canon Inc - C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
O23 - Service: SQL Server (MSSMLBIZ) (MSSQL$MSSMLBIZ) - Unknown owner - c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ (file missing)
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WinTab Service (WinTabService) - Unknown owner - C:\WINDOWS\system32\DRIVERS\WtSrv.exe
-
Hi,
The ATF and Panda scans have been completed.
Attached is the Panda active scan... seems attaching the file is more space efficient than cut and pasting
Thanks,
Andy
-
It looks like part of the AVG log was cut off so I'm attaching the text log
Thanks,
Andy
-
Here is the new AVG log
Thanks
~~~~~~~~~~~~~~~~~~~~~~~~
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------
+ Created at: 1:11:32 PM 1/2/2007
+ Scan result:
C:\Documents and Settings\aghoffmann\My Documents\WorkNetworkFiles\ANewSwitch\CopyOfMyDocs\desktop\holdfile\site managers\CrystalSiteUpdater\csu100.exe -> Backdoor.NetSpy : Cleaned.
C:\Documents and Settings\aghoffmann\My Documents\WorkOldP100\desktop\holdfile\site managers\CrystalSiteUpdater\csu100.exe -> Backdoor.NetSpy : Cleaned.
:mozilla.101:C:\RECYCLER\NPROTECT\00069837.MOZ -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.101:C:\RECYCLER\NPROTECT\00069838.MOZ -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.101:C:\RECYCLER\NPROTECT\00069840.MOZ -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.101:C:\RECYCLER\NPROTECT\00069862.MOZ -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.102:C:\RECYCLER\NPROTECT\00069834.MOZ -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.103:C:\RECYCLER\NPROTECT\00069863.MOZ -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.104:C:\RECYCLER\NPROTECT\00069837.MOZ -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.104:C:\RECYCLER\NPROTECT\00069838.MOZ -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.104:C:\RECYCLER\NPROTECT\00069840.MOZ -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.104:C:\RECYCLER\NPROTECT\00069862.MOZ -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.104:C:\RECYCLER\NPROTECT\00069867.MOZ -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.106:C:\RECYCLER\NPROTECT\00069863.MOZ -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.106:C:\RECYCLER\NPROTECT\00069868.MOZ -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.106:C:\RECYCLER\NPROTECT\00069869.MOZ -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.106:C:\RECYCLER\NPROTECT\00070147.MOZ -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.106:C:\RECYCLER\NPROTECT\00070207.MOZ -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.106:C:\RECYCLER\NPROTECT\00070346.MOZ -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.107:C:\RECYCLER\NPROTECT\00069867.MOZ -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.109:C:\RECYCLER\NPROTECT\00069868.MOZ -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.109:C:\RECYCLER\NPROTECT\00069869.MOZ -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.109:C:\RECYCLER\NPROTECT\00070147.MOZ -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.109:C:\RECYCLER\NPROTECT\00070207.MOZ -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.109:C:\RECYCLER\NPROTECT\00070346.MOZ -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.11:C:\RECYCLER\NPROTECT\00069750.MOZ -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.135:C:\RECYCLER\NPROTECT\00070347.MOZ -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.136:C:\RECYCLER\NPROTECT\00070362.MOZ -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.136:C:\RECYCLER\NPROTECT\00070365.MOZ -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.138:C:\RECYCLER\NPROTECT\00070347.MOZ -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.138:C:\RECYCLER\NPROTECT\00071219.MOZ -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.139:C:\RECYCLER\NPROTECT\00070362.MOZ -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.139:C:\RECYCLER\NPROTECT\00070365.MOZ -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.139:C:\RECYCLER\NPROTECT\00071220.MOZ -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.139:C:\RECYCLER\NPROTECT\00071221.MOZ -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.139:C:\RECYCLER\NPROTECT\00071265.MOZ -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.139:C:\RECYCLER\NPROTECT\00071458.MOZ -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.140:C:\RECYCLER\NPROTECT\00070381.MOZ -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.140:C:\RECYCLER\NPROTECT\00070383.MOZ -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.140:C:\RECYCLER\NPROTECT\00070385.MOZ -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.140:C:\RECYCLER\NPROTECT\00070386.MOZ -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.140:C:\RECYCLER\NPROTECT\00070387.MOZ -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.140:C:\RECYCLER\NPROTECT\00070388.MOZ -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.140:C:\RECYCLER\NPROTECT\00070389.MOZ -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.141:C:\RECYCLER\NPROTECT\00070366.MOZ -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.141:C:\RECYCLER\NPROTECT\00070392.MOZ -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.141:C:\RECYCLER\NPROTECT\00070408.MOZ -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.141:C:\RECYCLER\NPROTECT\00070410.MOZ -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.141:C:\RECYCLER\NPROTECT\00071218.MOZ -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.141:C:\RECYCLER\NPROTECT\00071219.MOZ -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.141:C:\RECYCLER\NPROTECT\00071459.MOZ -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.141:C:\RECYCLER\NPROTECT\00072064.MOZ -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.141:C:\RECYCLER\NPROTECT\00072093.MOZ -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.141:C:\RECYCLER\NPROTECT\00072340.MOZ -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.141:C:\RECYCLER\NPROTECT\00072344.MOZ -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.142:C:\RECYCLER\NPROTECT\00071220.MOZ -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.142:C:\RECYCLER\NPROTECT\00071221.MOZ -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.142:C:\RECYCLER\NPROTECT\00071265.MOZ -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.142:C:\RECYCLER\NPROTECT\00071458.MOZ -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.142:C:\RECYCLER\NPROTECT\00071460.MOZ -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.143:C:\RECYCLER\NPROTECT\00070381.MOZ -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.143:C:\RECYCLER\NPROTECT\00070383.MOZ -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.143:C:\RECYCLER\NPROTECT\00070385.MOZ -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.143:C:\RECYCLER\NPROTECT\00070386.MOZ -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.143:C:\RECYCLER\NPROTECT\00070387.MOZ -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.143:C:\RECYCLER\NPROTECT\00070388.MOZ -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.143:C:\RECYCLER\NPROTECT\00070389.MOZ -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.143:C:\RECYCLER\NPROTECT\00071461.MOZ -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.143:C:\RECYCLER\NPROTECT\00071462.MOZ -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.143:C:\RECYCLER\NPROTECT\00071468.MOZ -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.143:C:\RECYCLER\NPROTECT\00071471.MOZ -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.143:C:\RECYCLER\NPROTECT\00071472.MOZ -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.143:C:\RECYCLER\NPROTECT\00071474.MOZ -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.143:C:\RECYCLER\NPROTECT\00071477.MOZ -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.143:C:\RECYCLER\NPROTECT\00071480.MOZ -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.143:C:\RECYCLER\NPROTECT\00071481.MOZ -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.143:C:\RECYCLER\NPROTECT\00071482.MOZ -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.143:C:\RECYCLER\NPROTECT\00071483.MOZ -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.143:C:\RECYCLER\NPROTECT\00071487.MOZ -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.143:C:\RECYCLER\NPROTECT\00071488.MOZ -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.143:C:\RECYCLER\NPROTECT\00071490.MOZ -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.143:C:\RECYCLER\NPROTECT\00071493.MOZ -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.143:C:\RECYCLER\NPROTECT\00071494.MOZ -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.143:C:\RECYCLER\NPROTECT\00071495.MOZ -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.143:C:\RECYCLER\NPROTECT\00071497.MOZ -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.143:C:\RECYCLER\NPROTECT\00071500.MOZ -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.143:C:\RECYCLER\NPROTECT\00071501.MOZ -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.143:C:\RECYCLER\NPROTECT\00071503.MOZ -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.143:C:\RECYCLER\NPROTECT\00071504.MOZ -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.144:C:\RECYCLER\NPROTECT\00070366.MOZ -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.144:C:\RECYCLER\NPROTECT\00070392.MOZ -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.144:C:\RECYCLER\NPROTECT\00070408.MOZ -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.144:C:\RECYCLER\NPROTECT\00070410.MOZ -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.144:C:\RECYCLER\NPROTECT\00071218.MOZ -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.144:C:\RECYCLER\NPROTECT\00071459.MOZ -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.144:C:\RECYCLER\NPROTECT\00071508.MOZ -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.144:C:\RECYCLER\NPROTECT\00071509.MOZ -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.144:C:\RECYCLER\NPROTECT\00071511.MOZ -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.144:C:\RECYCLER\NPROTECT\00071512.MOZ -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.144:C:\RECYCLER\NPROTECT\00071513.MOZ -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.144:C:\RECYCLER\NPROTECT\00071514.MOZ -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.144:C:\RECYCLER\NPROTECT\00071517.MOZ -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.144:C:\RECYCLER\NPROTECT\00071519.MOZ -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.144:C:\RECYCLER\NPROTECT\00071520.MOZ -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.144:C:\RECYCLER\NPROTECT\00071523.MOZ -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.144:C:\RECYCLER\NPROTECT\00071527.MOZ -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.144:C:\RECYCLER\NPROTECT\00071572.MOZ -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.144:C:\RECYCLER\NPROTECT\00071576.MOZ -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.144:C:\RECYCLER\NPROTECT\00071578.MOZ -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.144:C:\RECYCLER\NPROTECT\00071579.MOZ -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.144:C:\RECYCLER\NPROTECT\00071586.MOZ -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.144:C:\RECYCLER\NPROTECT\00072063.MOZ -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.144:C:\RECYCLER\NPROTECT\00072064.MOZ -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.144:C:\RECYCLER\NPROTECT\00072093.MOZ -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.144:C:\RECYCLER\NPROTECT\00072340.MOZ -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.144:C:\RECYCLER\NPROTECT\00072344.MOZ -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.145:C:\RECYCLER\NPROTECT\00071460.MOZ -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.146:C:\Documents and Settings\aghoffmann\Application Data\Mozilla\Firefox\Profiles\default.eiy\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.146:C:\RECYCLER\NPROTECT\00071461.MOZ -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.146:C:\RECYCLER\NPROTECT\00071462.MOZ -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.146:C:\RECYCLER\NPROTECT\00071468.MOZ -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.146:C:\RECYCLER\NPROTECT\00071471.MOZ -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.146:C:\RECYCLER\NPROTECT\00071472.MOZ -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.146:C:\RECYCLER\NPROTECT\00071474.MOZ -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.146:C:\RECYCLER\NPROTECT\00071477.MOZ -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.146:C:\RECYCLER\NPROTECT\00071480.MOZ -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.146:C:\RECYCLER\NPROTECT\00071481.MOZ -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.146:C:\RECYCLER\NPROTECT\00071482.MOZ -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.146:C:\RECYCLER\NPROTECT\00071483.MOZ -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.146:C:\RECYCLER\NPROTECT\00071487.MOZ -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.146:C:\RECYCLER\NPROTECT\00071488.MOZ -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.146:C:\RECYCLER\NPROTECT\00071490.MOZ -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.146:C:\RECYCLER\NPROTECT\00071493.MOZ -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.146:C:\RECYCLER\NPROTECT\00071494.MOZ -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.146:C:\RECYCLER\NPROTECT\00071495.MOZ -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.146:C:\RECYCLER\NPROTECT\00071497.MOZ -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.146:C:\RECYCLER\NPROTECT\00071500.MOZ -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.146:C:\RECYCLER\NPROTECT\00071501.MOZ -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.146:C:\RECYCLER\NPROTECT\00071503.MOZ -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.146:C:\RECYCLER\NPROTECT\00071504.MOZ -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.147:C:\RECYCLER\NPROTECT\00071508.MOZ -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.147:C:\RECYCLER\NPROTECT\00071509.MOZ -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.147:C:\RECYCLER\NPROTECT\00071511.MOZ -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.147:C:\RECYCLER\NPROTECT\00071512.MOZ -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.147:C:\RECYCLER\NPROTECT\00071513.MOZ -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.147:C:\RECYCLER\NPROTECT\00071514.MOZ -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.147:C:\RECYCLER\NPROTECT\00071517.MOZ -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.147:C:\RECYCLER\NPROTECT\00071519.MOZ -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.147:C:\RECYCLER\NPROTECT\00071520.MOZ -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.147:C:\RECYCLER\NPROTECT\00071523.MOZ -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.147:C:\RECYCLER\NPROTECT\00071527.MOZ -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.147:C:\RECYCLER\NPROTECT\00071572.MOZ -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.147:C:\RECYCLER\NPROTECT\00071576.MOZ -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.147:C:\RECYCLER\NPROTECT\00071578.MOZ -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.147:C:\RECYCLER\NPROTECT\00071579.MOZ -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.147:C:\RECYCLER\NPROTECT\00071586.MOZ -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.147:C:\RECYCLER\NPROTECT\00072063.MOZ -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.149:C:\Documents and Settings\aghoffmann\Application Data\Mozilla\Firefox\Profiles\default.eiy\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.14:C:\RECYCLER\NPROTECT\00069738.MOZ -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.15:C:\RECYCLER\NPROTECT\00069738.MOZ -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.17:C:\RECYCLER\NPROTECT\00069739.MOZ -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.21:C:\RECYCLER\NPROTECT\00069739.MOZ -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.23:C:\RECYCLER\NPROTECT\00069740.MOZ -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.24:C:\RECYCLER\NPROTECT\00069740.MOZ -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.30:C:\RECYCLER\NPROTECT\00069742.MOZ -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.32:C:\RECYCLER\NPROTECT\00069742.MOZ -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.34:C:\RECYCLER\NPROTECT\00069753.MOZ -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.36:C:\RECYCLER\NPROTECT\00069753.MOZ -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.37:C:\RECYCLER\NPROTECT\00069754.MOZ -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.39:C:\RECYCLER\NPROTECT\00069754.MOZ -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.46:C:\RECYCLER\NPROTECT\00069743.MOZ -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.47:C:\RECYCLER\NPROTECT\00069743.MOZ -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.53:C:\RECYCLER\NPROTECT\00069744.MOZ -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.53:C:\RECYCLER\NPROTECT\00069756.MOZ -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.54:C:\RECYCLER\NPROTECT\00069744.MOZ -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.54:C:\RECYCLER\NPROTECT\00069756.MOZ -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.54:C:\RECYCLER\NPROTECT\00069757.MOZ -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.56:C:\RECYCLER\NPROTECT\00069757.MOZ -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.7:C:\RECYCLER\NPROTECT\00069750.MOZ -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.90:C:\RECYCLER\NPROTECT\00069712.MOZ -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.91:C:\RECYCLER\NPROTECT\00069712.MOZ -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.91:C:\RECYCLER\NPROTECT\00069749.MOZ -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.92:C:\RECYCLER\NPROTECT\00069749.MOZ -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.98:C:\RECYCLER\NPROTECT\00069834.MOZ -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.102:C:\RECYCLER\NPROTECT\00069744.MOZ -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.140:C:\RECYCLER\NPROTECT\00069749.MOZ -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.147:C:\RECYCLER\NPROTECT\00069750.MOZ -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.148:C:\RECYCLER\NPROTECT\00069753.MOZ -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.151:C:\RECYCLER\NPROTECT\00069754.MOZ -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.152:C:\RECYCLER\NPROTECT\00069756.MOZ -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.154:C:\RECYCLER\NPROTECT\00069757.MOZ -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.154:C:\RECYCLER\NPROTECT\00069837.MOZ -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.154:C:\RECYCLER\NPROTECT\00069838.MOZ -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.154:C:\RECYCLER\NPROTECT\00069840.MOZ -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.154:C:\RECYCLER\NPROTECT\00069862.MOZ -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.155:C:\RECYCLER\NPROTECT\00071219.MOZ -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.156:C:\RECYCLER\NPROTECT\00069863.MOZ -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.156:C:\RECYCLER\NPROTECT\00071220.MOZ -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.156:C:\RECYCLER\NPROTECT\00071221.MOZ -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.156:C:\RECYCLER\NPROTECT\00071265.MOZ -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.156:C:\RECYCLER\NPROTECT\00071458.MOZ -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.157:C:\RECYCLER\NPROTECT\00069834.MOZ -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.157:C:\RECYCLER\NPROTECT\00069867.MOZ -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.158:C:\RECYCLER\NPROTECT\00070381.MOZ -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.158:C:\RECYCLER\NPROTECT\00070383.MOZ -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.158:C:\RECYCLER\NPROTECT\00070385.MOZ -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.158:C:\RECYCLER\NPROTECT\00070386.MOZ -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.158:C:\RECYCLER\NPROTECT\00070387.MOZ -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.158:C:\RECYCLER\NPROTECT\00070388.MOZ -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.158:C:\RECYCLER\NPROTECT\00070389.MOZ -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.158:C:\RECYCLER\NPROTECT\00070392.MOZ -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.158:C:\RECYCLER\NPROTECT\00070408.MOZ -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.158:C:\RECYCLER\NPROTECT\00070410.MOZ -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.158:C:\RECYCLER\NPROTECT\00071218.MOZ -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.158:C:\RECYCLER\NPROTECT\00071459.MOZ -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.159:C:\RECYCLER\NPROTECT\00069868.MOZ -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.159:C:\RECYCLER\NPROTECT\00069869.MOZ -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.159:C:\RECYCLER\NPROTECT\00070147.MOZ -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.159:C:\RECYCLER\NPROTECT\00070207.MOZ -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.159:C:\RECYCLER\NPROTECT\00070346.MOZ -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.159:C:\RECYCLER\NPROTECT\00070347.MOZ -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.159:C:\RECYCLER\NPROTECT\00070362.MOZ -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.159:C:\RECYCLER\NPROTECT\00070365.MOZ -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.159:C:\RECYCLER\NPROTECT\00070366.MOZ -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.159:C:\RECYCLER\NPROTECT\00071460.MOZ -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.32:C:\RECYCLER\NPROTECT\00071461.MOZ -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.32:C:\RECYCLER\NPROTECT\00071462.MOZ -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.49:C:\RECYCLER\NPROTECT\00071468.MOZ -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.49:C:\RECYCLER\NPROTECT\00071471.MOZ -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.49:C:\RECYCLER\NPROTECT\00071472.MOZ -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.49:C:\RECYCLER\NPROTECT\00071474.MOZ -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.49:C:\RECYCLER\NPROTECT\00071477.MOZ -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.49:C:\RECYCLER\NPROTECT\00071480.MOZ -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.49:C:\RECYCLER\NPROTECT\00071481.MOZ -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.50:C:\RECYCLER\NPROTECT\00071482.MOZ -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.50:C:\RECYCLER\NPROTECT\00071483.MOZ -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.55:C:\RECYCLER\NPROTECT\00071487.MOZ -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.55:C:\RECYCLER\NPROTECT\00071488.MOZ -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.55:C:\RECYCLER\NPROTECT\00071490.MOZ -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.55:C:\RECYCLER\NPROTECT\00071493.MOZ -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.55:C:\RECYCLER\NPROTECT\00071494.MOZ -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.55:C:\RECYCLER\NPROTECT\00071495.MOZ -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.55:C:\RECYCLER\NPROTECT\00071497.MOZ -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.55:C:\RECYCLER\NPROTECT\00071500.MOZ -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.55:C:\RECYCLER\NPROTECT\00071501.MOZ -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.55:C:\RECYCLER\NPROTECT\00071503.MOZ -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.55:C:\RECYCLER\NPROTECT\00071504.MOZ -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.56:C:\RECYCLER\NPROTECT\00069712.MOZ -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.56:C:\RECYCLER\NPROTECT\00071508.MOZ -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.56:C:\RECYCLER\NPROTECT\00071509.MOZ -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.56:C:\RECYCLER\NPROTECT\00071511.MOZ -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.56:C:\RECYCLER\NPROTECT\00071512.MOZ -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.56:C:\RECYCLER\NPROTECT\00071513.MOZ -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.56:C:\RECYCLER\NPROTECT\00071514.MOZ -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.56:C:\RECYCLER\NPROTECT\00071517.MOZ -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.56:C:\RECYCLER\NPROTECT\00071519.MOZ -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.56:C:\RECYCLER\NPROTECT\00071520.MOZ -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.56:C:\RECYCLER\NPROTECT\00071523.MOZ -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.56:C:\RECYCLER\NPROTECT\00071527.MOZ -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.56:C:\RECYCLER\NPROTECT\00071572.MOZ -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.58:C:\RECYCLER\NPROTECT\00072064.MOZ -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.58:C:\RECYCLER\NPROTECT\00072093.MOZ -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.58:C:\RECYCLER\NPROTECT\00072340.MOZ -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.58:C:\RECYCLER\NPROTECT\00072344.MOZ -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.59:C:\RECYCLER\NPROTECT\00071576.MOZ -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.59:C:\RECYCLER\NPROTECT\00071578.MOZ -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.59:C:\RECYCLER\NPROTECT\00071579.MOZ -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.59:C:\RECYCLER\NPROTECT\00071586.MOZ -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.59:C:\RECYCLER\NPROTECT\00072063.MOZ -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.63:C:\Documents and Settings\aghoffmann\Application Data\Mozilla\Firefox\Profiles\default.eiy\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.69:C:\RECYCLER\NPROTECT\00069738.MOZ -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.69:C:\RECYCLER\NPROTECT\00069739.MOZ -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.75:C:\RECYCLER\NPROTECT\00069740.MOZ -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.81:C:\RECYCLER\NPROTECT\00069742.MOZ -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.95:C:\RECYCLER\NPROTECT\00069743.MOZ -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.100:C:\RECYCLER\NPROTECT\00069750.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.101:C:\RECYCLER\NPROTECT\00069750.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.101:C:\RECYCLER\NPROTECT\00069753.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.102:C:\RECYCLER\NPROTECT\00069750.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.102:C:\RECYCLER\NPROTECT\00069753.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.103:C:\RECYCLER\NPROTECT\00069750.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.103:C:\RECYCLER\NPROTECT\00069753.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.104:C:\RECYCLER\NPROTECT\00069750.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.104:C:\RECYCLER\NPROTECT\00069753.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.104:C:\RECYCLER\NPROTECT\00069754.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.105:C:\RECYCLER\NPROTECT\00069753.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.105:C:\RECYCLER\NPROTECT\00069754.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.106:C:\RECYCLER\NPROTECT\00069754.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.107:C:\RECYCLER\NPROTECT\00069754.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.108:C:\RECYCLER\NPROTECT\00069754.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.116:C:\RECYCLER\NPROTECT\00069756.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.117:C:\RECYCLER\NPROTECT\00069756.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.118:C:\RECYCLER\NPROTECT\00069756.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.118:C:\RECYCLER\NPROTECT\00069757.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.118:C:\RECYCLER\NPROTECT\00069837.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.118:C:\RECYCLER\NPROTECT\00069838.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.118:C:\RECYCLER\NPROTECT\00069840.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.118:C:\RECYCLER\NPROTECT\00069862.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.119:C:\RECYCLER\NPROTECT\00069756.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.119:C:\RECYCLER\NPROTECT\00069757.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.119:C:\RECYCLER\NPROTECT\00069837.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.119:C:\RECYCLER\NPROTECT\00069838.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.119:C:\RECYCLER\NPROTECT\00069840.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.119:C:\RECYCLER\NPROTECT\00069862.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.120:C:\RECYCLER\NPROTECT\00069756.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.120:C:\RECYCLER\NPROTECT\00069757.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.120:C:\RECYCLER\NPROTECT\00069837.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.120:C:\RECYCLER\NPROTECT\00069838.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.120:C:\RECYCLER\NPROTECT\00069840.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.120:C:\RECYCLER\NPROTECT\00069862.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.120:C:\RECYCLER\NPROTECT\00069863.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.121:C:\RECYCLER\NPROTECT\00069757.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.121:C:\RECYCLER\NPROTECT\00069834.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.121:C:\RECYCLER\NPROTECT\00069837.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.121:C:\RECYCLER\NPROTECT\00069838.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.121:C:\RECYCLER\NPROTECT\00069840.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.121:C:\RECYCLER\NPROTECT\00069862.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.121:C:\RECYCLER\NPROTECT\00069863.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.121:C:\RECYCLER\NPROTECT\00069867.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.122:C:\RECYCLER\NPROTECT\00069757.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.122:C:\RECYCLER\NPROTECT\00069834.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.122:C:\RECYCLER\NPROTECT\00069837.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.122:C:\RECYCLER\NPROTECT\00069838.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.122:C:\RECYCLER\NPROTECT\00069840.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.122:C:\RECYCLER\NPROTECT\00069862.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.122:C:\RECYCLER\NPROTECT\00069863.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.122:C:\RECYCLER\NPROTECT\00069867.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.123:C:\RECYCLER\NPROTECT\00069834.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.123:C:\RECYCLER\NPROTECT\00069863.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.123:C:\RECYCLER\NPROTECT\00069867.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.123:C:\RECYCLER\NPROTECT\00069868.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.123:C:\RECYCLER\NPROTECT\00069869.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.123:C:\RECYCLER\NPROTECT\00070147.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.123:C:\RECYCLER\NPROTECT\00070207.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.123:C:\RECYCLER\NPROTECT\00070346.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.124:C:\RECYCLER\NPROTECT\00069834.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.124:C:\RECYCLER\NPROTECT\00069863.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.124:C:\RECYCLER\NPROTECT\00069867.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.124:C:\RECYCLER\NPROTECT\00069868.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.124:C:\RECYCLER\NPROTECT\00069869.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.124:C:\RECYCLER\NPROTECT\00070147.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.124:C:\RECYCLER\NPROTECT\00070207.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.124:C:\RECYCLER\NPROTECT\00070346.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.125:C:\RECYCLER\NPROTECT\00069834.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.125:C:\RECYCLER\NPROTECT\00069867.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.125:C:\RECYCLER\NPROTECT\00069868.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.125:C:\RECYCLER\NPROTECT\00069869.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.125:C:\RECYCLER\NPROTECT\00070147.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.125:C:\RECYCLER\NPROTECT\00070207.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.125:C:\RECYCLER\NPROTECT\00070346.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.126:C:\RECYCLER\NPROTECT\00069868.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.126:C:\RECYCLER\NPROTECT\00069869.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.126:C:\RECYCLER\NPROTECT\00070147.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.126:C:\RECYCLER\NPROTECT\00070207.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.126:C:\RECYCLER\NPROTECT\00070346.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.127:C:\RECYCLER\NPROTECT\00069868.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.127:C:\RECYCLER\NPROTECT\00069869.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.127:C:\RECYCLER\NPROTECT\00070147.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.127:C:\RECYCLER\NPROTECT\00070207.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.127:C:\RECYCLER\NPROTECT\00070346.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.152:C:\RECYCLER\NPROTECT\00070347.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.153:C:\RECYCLER\NPROTECT\00070347.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.153:C:\RECYCLER\NPROTECT\00070362.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.153:C:\RECYCLER\NPROTECT\00070365.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.154:C:\RECYCLER\NPROTECT\00070347.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.154:C:\RECYCLER\NPROTECT\00070362.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.154:C:\RECYCLER\NPROTECT\00070365.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.155:C:\RECYCLER\NPROTECT\00070347.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.155:C:\RECYCLER\NPROTECT\00070362.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.155:C:\RECYCLER\NPROTECT\00070365.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.156:C:\RECYCLER\NPROTECT\00070347.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.156:C:\RECYCLER\NPROTECT\00070362.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.156:C:\RECYCLER\NPROTECT\00070365.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.157:C:\RECYCLER\NPROTECT\00070362.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.157:C:\RECYCLER\NPROTECT\00070365.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.15:C:\RECYCLER\NPROTECT\00071487.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.15:C:\RECYCLER\NPROTECT\00071512.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.16:C:\RECYCLER\NPROTECT\00071487.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.16:C:\RECYCLER\NPROTECT\00071512.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.17:C:\RECYCLER\NPROTECT\00071487.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.17:C:\RECYCLER\NPROTECT\00071512.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.19:C:\RECYCLER\NPROTECT\00069738.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.21:C:\RECYCLER\NPROTECT\00069738.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.22:C:\RECYCLER\NPROTECT\00069738.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.22:C:\RECYCLER\NPROTECT\00069739.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.23:C:\RECYCLER\NPROTECT\00069739.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.24:C:\RECYCLER\NPROTECT\00069739.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.25:C:\RECYCLER\NPROTECT\00069738.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.25:C:\RECYCLER\NPROTECT\00069739.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.26:C:\RECYCLER\NPROTECT\00069738.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.26:C:\RECYCLER\NPROTECT\00069739.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.28:C:\RECYCLER\NPROTECT\00069740.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.29:C:\RECYCLER\NPROTECT\00069740.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.30:C:\RECYCLER\NPROTECT\00069740.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.31:C:\RECYCLER\NPROTECT\00069740.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.32:C:\RECYCLER\NPROTECT\00069740.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.32:C:\RECYCLER\NPROTECT\00071519.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.33:C:\RECYCLER\NPROTECT\00071461.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.33:C:\RECYCLER\NPROTECT\00071462.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.33:C:\RECYCLER\NPROTECT\00071519.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.34:C:\RECYCLER\NPROTECT\00069742.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.34:C:\RECYCLER\NPROTECT\00071511.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.34:C:\RECYCLER\NPROTECT\00071519.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.35:C:\RECYCLER\NPROTECT\00069742.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.35:C:\RECYCLER\NPROTECT\00071519.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.36:C:\RECYCLER\NPROTECT\00069742.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.36:C:\RECYCLER\NPROTECT\00071461.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.36:C:\RECYCLER\NPROTECT\00071462.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.37:C:\RECYCLER\NPROTECT\00069742.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.37:C:\RECYCLER\NPROTECT\00070366.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.37:C:\RECYCLER\NPROTECT\00070381.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.37:C:\RECYCLER\NPROTECT\00070383.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.37:C:\RECYCLER\NPROTECT\00070385.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.37:C:\RECYCLER\NPROTECT\00070386.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.37:C:\RECYCLER\NPROTECT\00070387.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.37:C:\RECYCLER\NPROTECT\00070388.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.37:C:\RECYCLER\NPROTECT\00070389.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.38:C:\RECYCLER\NPROTECT\00069742.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.38:C:\RECYCLER\NPROTECT\00070366.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.38:C:\RECYCLER\NPROTECT\00070381.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.38:C:\RECYCLER\NPROTECT\00070383.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.38:C:\RECYCLER\NPROTECT\00070385.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.38:C:\RECYCLER\NPROTECT\00070386.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.38:C:\RECYCLER\NPROTECT\00070387.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.38:C:\RECYCLER\NPROTECT\00070388.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.38:C:\RECYCLER\NPROTECT\00070389.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.39:C:\RECYCLER\NPROTECT\00070366.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.39:C:\RECYCLER\NPROTECT\00070381.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.39:C:\RECYCLER\NPROTECT\00070383.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.39:C:\RECYCLER\NPROTECT\00070385.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.39:C:\RECYCLER\NPROTECT\00070386.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.39:C:\RECYCLER\NPROTECT\00070387.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.39:C:\RECYCLER\NPROTECT\00070388.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.39:C:\RECYCLER\NPROTECT\00070389.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.39:C:\RECYCLER\NPROTECT\00071461.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.39:C:\RECYCLER\NPROTECT\00071462.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.40:C:\RECYCLER\NPROTECT\00070366.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.40:C:\RECYCLER\NPROTECT\00070381.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.40:C:\RECYCLER\NPROTECT\00070383.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.40:C:\RECYCLER\NPROTECT\00070385.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.40:C:\RECYCLER\NPROTECT\00070386.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.40:C:\RECYCLER\NPROTECT\00070387.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.40:C:\RECYCLER\NPROTECT\00070388.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.40:C:\RECYCLER\NPROTECT\00070389.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.40:C:\RECYCLER\NPROTECT\00071461.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.40:C:\RECYCLER\NPROTECT\00071462.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.41:C:\RECYCLER\NPROTECT\00070366.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.41:C:\RECYCLER\NPROTECT\00070381.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.41:C:\RECYCLER\NPROTECT\00070383.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.41:C:\RECYCLER\NPROTECT\00070385.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.41:C:\RECYCLER\NPROTECT\00070386.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.41:C:\RECYCLER\NPROTECT\00070387.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.41:C:\RECYCLER\NPROTECT\00070388.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.41:C:\RECYCLER\NPROTECT\00070389.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.42:C:\RECYCLER\NPROTECT\00071461.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.42:C:\RECYCLER\NPROTECT\00071462.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.48:C:\RECYCLER\NPROTECT\00069743.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.49:C:\RECYCLER\NPROTECT\00069743.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.49:C:\RECYCLER\NPROTECT\00071488.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.49:C:\RECYCLER\NPROTECT\00071490.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.49:C:\RECYCLER\NPROTECT\00071493.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.49:C:\RECYCLER\NPROTECT\00071494.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.49:C:\RECYCLER\NPROTECT\00071495.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.49:C:\RECYCLER\NPROTECT\00071497.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.49:C:\RECYCLER\NPROTECT\00071500.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.49:C:\RECYCLER\NPROTECT\00071501.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.49:C:\RECYCLER\NPROTECT\00071503.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.49:C:\RECYCLER\NPROTECT\00071504.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.50:C:\RECYCLER\NPROTECT\00069712.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.50:C:\RECYCLER\NPROTECT\00069743.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.50:C:\RECYCLER\NPROTECT\00070392.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.50:C:\RECYCLER\NPROTECT\00070408.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.50:C:\RECYCLER\NPROTECT\00070410.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.50:C:\RECYCLER\NPROTECT\00071218.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.50:C:\RECYCLER\NPROTECT\00071468.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.50:C:\RECYCLER\NPROTECT\00071471.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.50:C:\RECYCLER\NPROTECT\00071472.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.50:C:\RECYCLER\NPROTECT\00071474.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.50:C:\RECYCLER\NPROTECT\00071477.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.50:C:\RECYCLER\NPROTECT\00071480.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.50:C:\RECYCLER\NPROTECT\00071481.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.50:C:\RECYCLER\NPROTECT\00071488.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.50:C:\RECYCLER\NPROTECT\00071490.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.50:C:\RECYCLER\NPROTECT\00071493.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.50:C:\RECYCLER\NPROTECT\00071494.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.50:C:\RECYCLER\NPROTECT\00071495.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.50:C:\RECYCLER\NPROTECT\00071497.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.50:C:\RECYCLER\NPROTECT\00071500.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.50:C:\RECYCLER\NPROTECT\00071501.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.50:C:\RECYCLER\NPROTECT\00071503.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.50:C:\RECYCLER\NPROTECT\00071504.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.50:C:\RECYCLER\NPROTECT\00071508.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.50:C:\RECYCLER\NPROTECT\00071509.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.50:C:\RECYCLER\NPROTECT\00071513.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.50:C:\RECYCLER\NPROTECT\00071514.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.50:C:\RECYCLER\NPROTECT\00071517.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.50:C:\RECYCLER\NPROTECT\00071520.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.50:C:\RECYCLER\NPROTECT\00071523.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.50:C:\RECYCLER\NPROTECT\00071527.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.50:C:\RECYCLER\NPROTECT\00071572.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.51:C:\RECYCLER\NPROTECT\00069712.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.51:C:\RECYCLER\NPROTECT\00069743.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.51:C:\RECYCLER\NPROTECT\00070392.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.51:C:\RECYCLER\NPROTECT\00070408.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.51:C:\RECYCLER\NPROTECT\00070410.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.51:C:\RECYCLER\NPROTECT\00071218.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.51:C:\RECYCLER\NPROTECT\00071468.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.51:C:\RECYCLER\NPROTECT\00071471.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.51:C:\RECYCLER\NPROTECT\00071472.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.51:C:\RECYCLER\NPROTECT\00071474.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.51:C:\RECYCLER\NPROTECT\00071477.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.51:C:\RECYCLER\NPROTECT\00071480.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.51:C:\RECYCLER\NPROTECT\00071481.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.51:C:\RECYCLER\NPROTECT\00071482.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.51:C:\RECYCLER\NPROTECT\00071483.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.51:C:\RECYCLER\NPROTECT\00071488.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.51:C:\RECYCLER\NPROTECT\00071490.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.51:C:\RECYCLER\NPROTECT\00071493.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.51:C:\RECYCLER\NPROTECT\00071494.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.51:C:\RECYCLER\NPROTECT\00071495.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.51:C:\RECYCLER\NPROTECT\00071497.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.51:C:\RECYCLER\NPROTECT\00071500.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.51:C:\RECYCLER\NPROTECT\00071501.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.51:C:\RECYCLER\NPROTECT\00071503.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.51:C:\RECYCLER\NPROTECT\00071504.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.51:C:\RECYCLER\NPROTECT\00071508.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.51:C:\RECYCLER\NPROTECT\00071509.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.51:C:\RECYCLER\NPROTECT\00071513.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.51:C:\RECYCLER\NPROTECT\00071514.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.51:C:\RECYCLER\NPROTECT\00071517.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.51:C:\RECYCLER\NPROTECT\00071520.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.51:C:\RECYCLER\NPROTECT\00071523.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.51:C:\RECYCLER\NPROTECT\00071527.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.51:C:\RECYCLER\NPROTECT\00071572.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.52:C:\RECYCLER\NPROTECT\00069712.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.52:C:\RECYCLER\NPROTECT\00069743.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.52:C:\RECYCLER\NPROTECT\00070392.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.52:C:\RECYCLER\NPROTECT\00070408.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.52:C:\RECYCLER\NPROTECT\00070410.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.52:C:\RECYCLER\NPROTECT\00071218.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.52:C:\RECYCLER\NPROTECT\00071219.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.52:C:\RECYCLER\NPROTECT\00071468.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.52:C:\RECYCLER\NPROTECT\00071471.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.52:C:\RECYCLER\NPROTECT\00071472.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.52:C:\RECYCLER\NPROTECT\00071474.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.52:C:\RECYCLER\NPROTECT\00071477.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.52:C:\RECYCLER\NPROTECT\00071480.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.52:C:\RECYCLER\NPROTECT\00071481.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.52:C:\RECYCLER\NPROTECT\00071482.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.52:C:\RECYCLER\NPROTECT\00071483.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.52:C:\RECYCLER\NPROTECT\00071488.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.52:C:\RECYCLER\NPROTECT\00071490.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.52:C:\RECYCLER\NPROTECT\00071493.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.52:C:\RECYCLER\NPROTECT\00071494.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.52:C:\RECYCLER\NPROTECT\00071495.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.52:C:\RECYCLER\NPROTECT\00071497.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.52:C:\RECYCLER\NPROTECT\00071500.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.52:C:\RECYCLER\NPROTECT\00071501.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.52:C:\RECYCLER\NPROTECT\00071503.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.52:C:\RECYCLER\NPROTECT\00071504.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.52:C:\RECYCLER\NPROTECT\00071508.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.52:C:\RECYCLER\NPROTECT\00071509.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.52:C:\RECYCLER\NPROTECT\00071513.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.52:C:\RECYCLER\NPROTECT\00071514.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.52:C:\RECYCLER\NPROTECT\00071517.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.52:C:\RECYCLER\NPROTECT\00071520.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.52:C:\RECYCLER\NPROTECT\00071523.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.52:C:\RECYCLER\NPROTECT\00071527.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.52:C:\RECYCLER\NPROTECT\00071572.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.52:C:\RECYCLER\NPROTECT\00072064.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.52:C:\RECYCLER\NPROTECT\00072093.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.52:C:\RECYCLER\NPROTECT\00072340.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.52:C:\RECYCLER\NPROTECT\00072344.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.53:C:\RECYCLER\NPROTECT\00069712.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.53:C:\RECYCLER\NPROTECT\00070392.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.53:C:\RECYCLER\NPROTECT\00070408.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.53:C:\RECYCLER\NPROTECT\00070410.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.53:C:\RECYCLER\NPROTECT\00071218.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.53:C:\RECYCLER\NPROTECT\00071219.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.53:C:\RECYCLER\NPROTECT\00071220.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.53:C:\RECYCLER\NPROTECT\00071221.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.53:C:\RECYCLER\NPROTECT\00071265.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.53:C:\RECYCLER\NPROTECT\00071458.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.53:C:\RECYCLER\NPROTECT\00071468.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.53:C:\RECYCLER\NPROTECT\00071471.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.53:C:\RECYCLER\NPROTECT\00071472.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.53:C:\RECYCLER\NPROTECT\00071474.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.53:C:\RECYCLER\NPROTECT\00071477.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.53:C:\RECYCLER\NPROTECT\00071480.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.53:C:\RECYCLER\NPROTECT\00071481.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.53:C:\RECYCLER\NPROTECT\00071482.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.53:C:\RECYCLER\NPROTECT\00071483.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.53:C:\RECYCLER\NPROTECT\00071488.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.53:C:\RECYCLER\NPROTECT\00071490.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.53:C:\RECYCLER\NPROTECT\00071493.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.53:C:\RECYCLER\NPROTECT\00071494.MOZ -> TrackingCookie.Burstn
-
A few weeks ago I noticed that Photoshop (7.0) was open when I sat down at my computer. I figured that my daughter was using it and just left it open. Then last week it opened on its own while I was working. Since then it has been happening more frequently... In fact, it has opened and reopened about ten times while I have been writing this short description... Any ideas? It's getting really frustrating as you might imagine!!
Thanks,
Andy
Attached is a recent (just now) Hijackthis log
~~~~~~~~~~~~~~~~~~~~~~~~~~
Logfile of HijackThis v1.99.1
Scan saved at 5:17:46 PM, on 1/1/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\CFusionMX\runtime\bin\jrunsvc.exe
C:\CFusionMX\db\slserver52\bin\swagent.exe
C:\CFusionMX\runtime\bin\jrun.exe
C:\CFusionMX\db\slserver52\bin\swstrtr.exe
C:\CFusionMX\db\slserver52\bin\swsoc.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
C:\PROGRA~1\MI6841~1\MSSQL\binn\sqlservr.exe
C:\Program Files\MySQL\MySQL Server 4.1\bin\mysqld-nt.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\system32\DRIVERS\WtSrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\fxredir.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\WService.EXE
C:\WINDOWS\StartupMonitor.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\WINDOWS\System32\dllhost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Adobe\Photoshop 7.0\Photoshop.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\explorer.exe
C:\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://andy/HoffmannPages/local.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [inCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [fxredir] C:\WINDOWS\System32\fxredir.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P30 "EPSON Stylus Photo R300
Series" /O6 "USB001" /M "Stylus Photo R300"
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NAV CfgWiz] "C:\Program Files\Norton AntiVirus\CfgWiz.exe" /GUID {0D7956A2-5A08-4ec2-A72C-DF8495A66016} /MODE CfgWiz
/CMDLINE "REBOOT"
O4 - HKLM\..\Run: [WService] WService.EXE
O4 - HKLM\..\Run: [Run StartupMonitor] StartupMonitor.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live
Toolbar\Components\en-us\msntabres.dll.mui/229?b0e95273d9624c4fb9c5f87ea50a6d3
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live
Toolbar\Components\en-us\msntabres.dll.mui/230?b0e95273d9624c4fb9c5f87ea50a6d3
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [iNTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) -
http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) -
http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) -
http://secure.photofinale.com/ImageUploade...geUploader3.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ColdFusion MX Application Server - Macromedia Inc. - C:\CFusionMX\runtime\bin\jrunsvc.exe
O23 - Service: ColdFusion MX ODBC Agent - Unknown owner - C:\CFusionMX\db\slserver52\bin\swagent.exe
O23 - Service: ColdFusion MX ODBC Server - Unknown owner - C:\CFusionMX\db\slserver52\bin\swstrtr.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MpService - Canon Inc - C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
O23 - Service: SQL Server (MSSMLBIZ) (MSSQL$MSSMLBIZ) - Unknown owner - c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe"
-sMSSMLBIZ (file missing)
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security
Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WinTab Service (WinTabService) - Unknown owner - C:\WINDOWS\system32\DRIVERS\WtSrv.exe
-
Hi Terrorist 75,
Before I change things in the start up files I have a few questions:
• Is Mike Lin’s program what I should be using to disable programs?
• If I change something that I later want to have back, how do I do that?
• Since the last list I sent you I’ve added a few programs. Below is a list of the new entries listed in Mike Lin’s Startup
Also, any ideas on the yellow form fields described in my last post?
Thanks,
Andy
_______________________________________
Here are the NEW files listed in Mike Lin’s Start up since installing the new Norton AV, the various programs installed to clean up Malware (*ewido etc) and installing a “Cool-i-Cam digitizing tablet. They are listed by tab:
Startup (users)
• Quick StartUp C:\PENSOFT\fquick32.exe
• Start C:\PENSOFT\Quick95.exe
Startup (common)
• Annotate All C:\DIGITAL IMAGING CREATIVITY KIT\PreAnntt.exe
HKLM / Run
• !ewido "C:\Program Files\ewido anti-spyware 4.0\ewido.exe /minimized
• NAV CfgWiz "C:\Program Files\Norton AntiVirus\CfgWiz.exe" /GUID {0D7956A2-5A08-4ec2-A72C-DF8495A66016} /MODE CfgWiz /CMDLINE "REBOOT"
• PenLock
• WService WService.EXE
HKCU / Run
• No New Files
Run Once
• No New Files
Deleted
• No New Files
-
Hi Terrorist 75,
I have finally followed up on your suggestion to get checked at the Malware Forum. I have gone through their recommendations and now have a clean bill of health. Here's the link to that topic:
http://www.besttechie.net/forums/index.php?showtopic=9364
You mentioned that you thought some of the programs in my startup may be questionable. I'd like to follow up on that. Do you need a new list of startup programs?
Also, another issue that I have noticed lately that makes me suspect something is amiss is that in web pages that have forms some of the form fields now have a yellow background and they didn't used to. I notice this both on pages I visit on the web, as well as pages I wrote myself (ColdFusion code) that are availabe only to my home "network" (two machines). I know the code does not define any color backgrounds for the fields.
Thanks,
Andy
-
Hi Steamhead,
Thanks for the fast reply.
I ran thte ATF cleaner and the Panda scan was clean. I've added the new HJT log below.
Any ideas on the yellow backgrounds on the form fields that I described in my initial post, or is that a question for another forum?
Thanks,
Andy
_________________________
HijackThis log
Logfile of HijackThis v1.99.1
Scan saved at 2:24:04 PM, on 7/31/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\CFusionMX\runtime\bin\jrunsvc.exe
C:\CFusionMX\db\slserver52\bin\swagent.exe
C:\CFusionMX\runtime\bin\jrun.exe
C:\CFusionMX\db\slserver52\bin\swstrtr.exe
C:\CFusionMX\db\slserver52\bin\swsoc.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
C:\PROGRA~1\MI6841~1\MSSQL\binn\sqlservr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\Drivers\WTSRV.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ntvdm.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Caere\OmniPagePro90\opware32.exe
C:\WINDOWS\System32\fxredir.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\WINDOWS\system32\WService.EXE
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\DIGITAL IMAGING CREATIVITY KIT\PreAnntt.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\PENSOFT\fquick32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\WINDOWS\system32\WISPTIS.EXE
C:\WINDOWS\System32\dllhost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\explorer.exe
C:\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://andy/HoffmannPages/local.htm
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN
Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [inCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [OmniPage] C:\Program Files\Caere\OmniPagePro90\opware32.exe
O4 - HKLM\..\Run: [fxredir] C:\WINDOWS\System32\fxredir.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P30 "EPSON Stylus Photo R300
Series" /O6 "USB001" /M "Stylus Photo R300"
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NAV CfgWiz] "C:\Program Files\Norton AntiVirus\CfgWiz.exe" /GUID {0D7956A2-5A08-4ec2-A72C-DF8495A66016} /MODE CfgWiz
/CMDLINE "REBOOT"
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [WService] WService.EXE
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe
O4 - Startup: Quick StartUp.lnk = C:\PENSOFT\fquick32.exe
O4 - Startup: Start.lnk = C:\PENSOFT\Quick95.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Annotate All.LNK = C:\DIGITAL IMAGING CREATIVITY KIT\PreAnntt.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) -
http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) -
http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) -
http://secure.photofinale.com/ImageUploade...geUploader3.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ColdFusion MX Application Server - Macromedia Inc. - C:\CFusionMX\runtime\bin\jrunsvc.exe
O23 - Service: ColdFusion MX ODBC Agent - Unknown owner - C:\CFusionMX\db\slserver52\bin\swagent.exe
O23 - Service: ColdFusion MX ODBC Server - Unknown owner - C:\CFusionMX\db\slserver52\bin\swstrtr.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MpService - Canon Inc - C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security
Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WinTab Service (WinTabService) - Unknown owner - C:\WINDOWS\system32\DRIVERS\WtSrv.exe
-
Greetings,
I contacted the PC Support forum to help in figuring out a startup problem I was having. “TheTerrorist 75†was able to help fix the start-up issue, but he noticed some suspicious programs and suggested I work with the Malware forum to clean up things. Here is the linkt to the PC Topic discussion:
http://www.besttechie.net/forums/index.php?showtopic=9150
Another issue that I have noticed lately that makes me suspect some sort of Malware is that in web pages that have forms some of the form fields have a yellow background. I notice this both on pages I visit on the web, as well as pages I wrote myself (ColdFusion code) that are availabe only to my home "network" (two machines). I know the code does not define any color backgrounds for the fields.
I followed the recommendations from TheTerrorist 75 and below are the Ewido and Hijack This logs:
Thanks,
Andy
_______________________
Ewido Log
---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------
+ Created at: 11:20:21 AM 7/31/2006
+ Scan result:
C:\Documents and Settings\aghoffmann\Cookies\aghoffmann@atdmt[1].txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00699337.TXT -> TrackingCookie.Burstbeacon : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00699338.TXT -> TrackingCookie.Com : Cleaned with backup (quarantined).
::Report end
_______________________
Hijack This log
Logfile of HijackThis v1.99.1
Scan saved at 11:34:44 AM, on 7/31/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\CFusionMX\runtime\bin\jrunsvc.exe
C:\CFusionMX\db\slserver52\bin\swagent.exe
C:\CFusionMX\runtime\bin\jrun.exe
C:\CFusionMX\db\slserver52\bin\swstrtr.exe
C:\CFusionMX\db\slserver52\bin\swsoc.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
C:\PROGRA~1\MI6841~1\MSSQL\binn\sqlservr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Caere\OmniPagePro90\opware32.exe
C:\WINDOWS\system32\ntvdm.exe
C:\WINDOWS\System32\fxredir.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\msiexec.exe
C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\dllhost.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\explorer.exe
C:\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://andy/HoffmannPages/local.htm
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [inCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [OmniPage] C:\Program Files\Caere\OmniPagePro90\opware32.exe
O4 - HKLM\..\Run: [fxredir] C:\WINDOWS\System32\fxredir.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P30 "EPSON Stylus Photo R300 Series" /O6 "USB001" /M "Stylus Photo R300"
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NAV CfgWiz] "C:\Program Files\Norton AntiVirus\CfgWiz.exe" /GUID {0D7956A2-5A08-4ec2-A72C-DF8495A66016} /MODE CfgWiz /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://secure.photofinale.com/ImageUploade...geUploader3.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ColdFusion MX Application Server - Macromedia Inc. - C:\CFusionMX\runtime\bin\jrunsvc.exe
O23 - Service: ColdFusion MX ODBC Agent - Unknown owner - C:\CFusionMX\db\slserver52\bin\swagent.exe
O23 - Service: ColdFusion MX ODBC Server - Unknown owner - C:\CFusionMX\db\slserver52\bin\swstrtr.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MpService - Canon Inc - C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
-
Matt,
Things are looking good. The computer is working better than it has in a long time. It was litterally unusable when I finally discovered Besttechie.net. I was ready to format C and start over.
It has truly been a pleasure working with you on this. I'm impressed with your fast responses, patience with all my questions and thoroughness in getting the job done.
I have also learned a great deal from working with you.
You guys are truly the Super Heroes of Cyber Space, and the evils you fight are every bit as nasty as any conjured up by Hollywood... except the jerks you deal with are real. I really don't understand the mind of people that would intentionally cause such grief and expense for folks.
You certainly provide a valuable service. I think I could probably keep finding questions “’till the cows come home”, but I think we can call this Topic Closed
MANY THANKS,
Andy
-
Hi Matt,
Thanks for all your help; thing are going much smoother. As I continue to update and clean up I’m coming up with a few more questions.
• I have updated Windows and activated Automatic Updates. Seems every time I reboot there are a few more updates. I figure that is because some updates are dependent on earlier updates being completed.• I was gong through Add/Remove Programs deleting old unused programs and discovered that SysProtect 1.3.148.0 is still listed. There is also a listing for SysProtect in the START>Programs menu. In the Start>Programs>SysProtect submenu there is an “uninstall†program. I didn’t dare click that one. How should those items be dealt with?• I noticed the Ewido seemed to be one of the primary tools you used for detecting malware. How does that fit into the list of tools you recommend? I realize its not free as the programs you listed. I like free, but I also don’t mind paying for good tools. Would Ewido compliment the list? Is it considered an “Anti-virus†and thus shouldn’t be used with other AV programs?• How often should the programs like SpyBot and AdAware (and Ewido) be run? Some of the programs can be scheduled for automatically scanning, what is a good interval?• The IE-SpyAd program that lists over 5000 sites. Is thatJUSTfor Internet Explore? Is there an equivalent for FireFox? If I use FireFox, do I need it?Thanks,
Andy
-
Hi Matt,
We’re still chipping away!!
A few observations
• At your suggestion I went to remove Avenger. I deleted the downloaded .zip file, however when I went to Add/Remove programs I could not find an entry for “Avengerâ€. Is there a special uninstall program somewhere?• A couple other cleanup programs to add to the list of programs I listed in my posting yesterday. I downloaded the limited version of “Avastâ€; there is a Home version too, which I didn’t use. I also downloaded several Iomatic programs: System Medic, Registry Medic and Ram Medic. How do these fit into the mix? Several of the downloaded trial versions of these and the other programs I listed earlier expire soon. I plan to purchase the full version, but probably can’t afford ALL the ones I’ve tried. I’ll await your recommendation.• You mentioned that Norton’s AV isn’t the greatest security software. My ISP recommended F-Secure because Norton is know to cause problems with my internet connection. How does F-Secure rate?• When I opened Ewido to run it, the “Resident Shield†as inactive. I activated it. Was that OK?• After running Ewido I clicked on the “fix†button. It gave me a message that a File can’t be quarantined because it is embedded in an archive. I chose the option to quarantine the whole archive. (The file was one of the SysProtect files).• I was surprised that Ewido found as many more nasties as it did!• FYI… for an example of how much better things are going already, Ewido only took a few hours to run, compared to literally a couple of days to run the first time. (CounterSpy took just 20 minutes shy of3 daysto run the first time!!!)• Another thing I try to do on a regular basis is Defragment my drive. I’ve been told that the Windows defragmenter isn’t that great. I’ve also use Norton’s “Speed Diskâ€. Do you know of other programs that work better? I realize this isn’t a Malware issue, but thought I’d ask cause it affects system performance and I plan to defrag as soon as I get "clean".• I opened a FireFox browser just now and started typing in the URL for BestTechie. As I typed a list of previously entered sites came up so I clicked on the listing for Besttechie.net. It took me to another site... do we still have something going on? I tried it again and it worked fine.Thanks,
Andy
Here are the new logs:
___________________________
Ewido Report
---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------
+ Created at: 6:34:56 PM 7/18/2006
+ Scan result:
C:\!KillBox\USYP_0001_N85M2606NetInstaller.exe -> Downloader.Agent.alr : Cleaned with backup (quarantined).
C:\Documents and Settings\Andy\Local Settings\Temp\ICD1.tmp\USYP_0001_N85M2606NetInstaller.exe -> Downloader.Agent.alr : Cleaned with backup (quarantined).
C:\Documents and Settings\Andy\Local Settings\Temporary Internet Files\Content.IE5\8HEJ4HI3\SysProtectScannerInstall[1].cab/USYP_0001_N85M2606NetInstaller.exe -> Downloader.Agent.alr : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\UWA6P_0001_N85M0307NetInstaller.exe -> Downloader.Agent.alr : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\CONFLICT.2\UWA6P_0001_N85M0307NetInstaller.exe -> Downloader.Agent.alr : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\CONFLICT.3\UWA6P_0001_N85M0307NetInstaller.exe -> Downloader.Agent.alr : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\CONFLICT.4\UWA6P_0001_N85M0307NetInstaller.exe -> Downloader.Agent.alr : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\UWA6P_0001_N85M0307NetInstaller.exe -> Downloader.Agent.alr : Cleaned with backup (quarantined).
C:\Documents and Settings\Andy\Local Settings\Temporary Internet Files\Content.IE5\QH8B6PML\popup[2].php -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\WINDOWS\system32\crrffybp.dll -> Logger.VBStat.c : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\UWA6P_0001_N73M0604NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.f : Ignored.
:mozilla.17:C:\RECYCLER\NPROTECT\05653057.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.19:C:\RECYCLER\NPROTECT\05653038.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.19:C:\RECYCLER\NPROTECT\05653067.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.19:C:\RECYCLER\NPROTECT\05660169.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.21:C:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\dxvm3tsr.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.21:C:\RECYCLER\NPROTECT\05660191.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.21:C:\RECYCLER\NPROTECT\05660207.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.21:C:\RECYCLER\NPROTECT\05660935.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.22:C:\RECYCLER\NPROTECT\05660212.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.22:C:\RECYCLER\NPROTECT\05660217.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.22:C:\RECYCLER\NPROTECT\05660932.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.18:C:\RECYCLER\NPROTECT\05653057.MOZ -> TrackingCookie.Atdmt : Cleaned.
:mozilla.20:C:\RECYCLER\NPROTECT\05653038.MOZ -> TrackingCookie.Atdmt : Cleaned.
:mozilla.20:C:\RECYCLER\NPROTECT\05653067.MOZ -> TrackingCookie.Atdmt : Cleaned.
:mozilla.20:C:\RECYCLER\NPROTECT\05660169.MOZ -> TrackingCookie.Atdmt : Cleaned.
:mozilla.22:C:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\dxvm3tsr.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.22:C:\RECYCLER\NPROTECT\05660191.MOZ -> TrackingCookie.Atdmt : Cleaned.
:mozilla.22:C:\RECYCLER\NPROTECT\05660207.MOZ -> TrackingCookie.Atdmt : Cleaned.
:mozilla.22:C:\RECYCLER\NPROTECT\05660935.MOZ -> TrackingCookie.Atdmt : Cleaned.
:mozilla.23:C:\RECYCLER\NPROTECT\05660212.MOZ -> TrackingCookie.Atdmt : Cleaned.
:mozilla.23:C:\RECYCLER\NPROTECT\05660217.MOZ -> TrackingCookie.Atdmt : Cleaned.
:mozilla.23:C:\RECYCLER\NPROTECT\05660932.MOZ -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Andy\Cookies\andy@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned.
C:\Documents and Settings\Andy\Cookies\[email protected][1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\RECYCLER\NPROTECT\05660701 -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Andy\Cookies\[email protected][2].txt -> TrackingCookie.Reliablestats : Cleaned.
C:\RECYCLER\NPROTECT\05660715 -> TrackingCookie.Zedo : Cleaned.
::Report end
_______________________________________
HJT log
Logfile of HijackThis v1.99.1
Scan saved at 6:40:51 PM, on 7/18/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunThreatEngine.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\SunProtectionServer.exe
C:\Program Files\Canon\MultiPASS4\monitr32.exe
C:\WINDOWS\System32\fxredir.exe
C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
C:\WINDOWS\MXOALDR.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MemTurbo\MemTurbo.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Andy\My Documents\Downloads\HiJackThis\HijackThis.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1.1\SDHelper.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [monitr32] C:\Program Files\Canon\MultiPASS4\monitr32.exe
O4 - HKLM\..\Run: [fxredir] C:\WINDOWS\System32\fxredir.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
O4 - HKLM\..\Run: [MXO Auto Loader] C:\WINDOWS\MXOALDR.EXE
O4 - HKLM\..\Run: [sSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [sunServer] C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Startup: MemTurbo.lnk = C:\Program Files\MemTurbo\MemTurbo.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst20040510.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200212...meInstaller.exe
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {928626A3-6B98-11CF-90B4-00AA00A4011F} (SurroundVideoCtrl Object) - http://autos.msn.com/Components/Ocx/SurVid/MSSurVid.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {BB47CA33-8B4D-11D0-9511-00C04FD9152D} (ExteriorSurround Object) - http://autos.msn.com/Components/Ocx/Exterior/Outside.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MpService - Canon Inc - C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
O23 - Service: Retrospect Helper - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\rthlpsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
-
Matt,
YAHOO!! We’re making progress now!
Observations:
• CWShredder opened fine and the update said we were running the most current version• Had trouble opening in Safe Mode. At one point something about a file ccapp.? flashed by, any ideas• Never got a “real†Safe mode screen, just a black screen with “Safe Mode†written in each corner. I finally ran CWShreadder as a “New Application†from Task Manager which did come up in the black SafeMode screen…• CWshredder found no problems, so I didn’t have anything to agree with.• I ran HJT to check the appropriate items, however the two references to the opppp.dll were not listed. Hmmm something must have worked!!!• Avenger ran smoothly and after it ran things REALLY sped up!Post cleaning observations
• The CPU is no longer maxed a 100%, however it does spike a lot going from 1-3% jumping to 50 to 70%, every couple of seconds with no applications running… Is there still some nasty there?• I noticed that winlogon.exe is still an active process, but it is not dominating the CPU usage… we must have the real thing back. The process that seems to be spiking the CPU performance is the SunProtectionServer.exe… is that part of CounterSpy? Should it take so much resources?• I tried running in Safe Mode after this round and it booted up into SafeMode fine.• Rebooted in Normal Made and for the first time in a long time I didn’t get any pop-ups blasting me!• I was going to open an Internet Explorer browser and see if I got attacked, but I thought I should probably wait till you had a chance to check over the logs before I opened that door again.What’s next?
• I’ve had Norton AV running for years, I’ve used SpyBot and a-squared, for a long time too. Recently when thing started getting REALLY bad I discovered and added AdAware, CounterSpy and Ewido. Are these overkill? Do they work well together? Anything else I should have on board?• Should I delete the backup.zip in the C:\avenger\ subdirectory?• Should I enable CounterSpy?• Are we ready to install SP2? Windows “Automatic Updates†keeps telling me I have 2 updated to install… one of which I know is SP2Here are the files from this round:
THANKS!
Andy
____________________________________
Avenger.txt:
Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\fegtbywq
*******************
Script file located at: \??\C:\WINDOWS\mwfiktxg.txt
Script file opened successfully.
Script file read successfully
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
File C:\WINDOWS\System32\opppp.dll not found!
Deletion of file C:\WINDOWS\System32\opppp.dll failed!
Could not process line:
C:\WINDOWS\System32\opppp.dll
Status: 0xc0000034
File C:\WINDOWS\system32\tuspp.dll deleted successfully.
Completed script processing.
*******************
Finished! Terminate.
__________________________________________
Hi JackThis Log
Logfile of HijackThis v1.99.1
Scan saved at 10:04:09 PM, on 7/17/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Canon\MultiPASS4\monitr32.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\fxredir.exe
C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
C:\WINDOWS\MXOALDR.EXE
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MemTurbo\MemTurbo.exe
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunThreatEngine.exe
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\SunProtectionServer.exe
C:\Documents and Settings\Andy\My Documents\Downloads\HiJackThis\HijackThis.exe
C:\Program Files\Symantec\LiveUpdate\AUpdate.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\Program Files\Messenger\msmsgs.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1.1\SDHelper.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {BDF90A20-C0DA-4FAE-95A2-AAA4D4D32B08} - C:\WINDOWS\system32\tuspp.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [monitr32] C:\Program Files\Canon\MultiPASS4\monitr32.exe
O4 - HKLM\..\Run: [fxredir] C:\WINDOWS\System32\fxredir.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
O4 - HKLM\..\Run: [MXO Auto Loader] C:\WINDOWS\MXOALDR.EXE
O4 - HKLM\..\Run: [sSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [sunServer] C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Startup: MemTurbo.lnk = C:\Program Files\MemTurbo\MemTurbo.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst20040510.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200212...meInstaller.exe
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {928626A3-6B98-11CF-90B4-00AA00A4011F} (SurroundVideoCtrl Object) - http://autos.msn.com/Components/Ocx/SurVid/MSSurVid.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {BB47CA33-8B4D-11D0-9511-00C04FD9152D} (ExteriorSurround Object) - http://autos.msn.com/Components/Ocx/Exterior/Outside.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: tuspp - tuspp.dll (file missing)
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MpService - Canon Inc - C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
O23 - Service: Retrospect Helper - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\rthlpsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
-
Terrorist 75,
The quote form XPSP2 STOP DEVICE described my problem to a T. I went into Add/Remove programs and deleted the driver and rebooted. That stoped the notice from coming up and the card readers still work fine. I also noticed that GNRICXPK is no longer in my StartUp list
The USB2.0CardReader CF RW USB Device, and Combo USB Device are listed in the Device Manager, but I did NOT remove them yet. Do I still need to do that, or am I good since the notice is gone and the readers still work?
I use the readers a lot... I'm into digital photography so I use them almost daily and do I don't want to take any chances of messing them up.
I'll work on your other instruction next (I might not be able to untill tomorrow evening as I'll be out of town tomorrow)
Thanks for your help on this.
Andy
-
Matt,
Here are the latest Panda Scan and HJT logs
It seems like we are making progress until I open Internet Explorer, then all the nasties start hammering away. I even saw a few new ones this time: “Vertical Response†and “The Shield Pro 2006†along with the standard WinAntiVirusPro, SysProtect and Trojan.Awax. Here are my observations on this round:
• The nasty dlls, opppp and tuspp, seen impervious to all our efforts• I notice that the CPU usage (as viewed through Task Manager, Performance tab) is ALWAYS at 100% even when I have no applications open… winlogon.exe seems to always be running as a process… any ideas?• I disabled Counter Spy with no problems• The HJT Fix went smoothly, though those darn persistent dlls, opppp and tuspp, are still there.• I already had hidden files and folders visible. When I tried deleting the dlls in Safe Mode I got an error notice: “Cannot delete: It is being used by another program or person. Close any programs that might be using the file and try againâ€. According to Task Manager, no “applications†were running, but lots of “processes†were going… including our nasty dlls• Deletion of the two folders worked.• When I rebooted after “Safe Mode†I got several pop-up: MPService application Error, and Ewido notice that Malware was detected, tuspp.dll (I cleaned and quarantined), Norton Antivirous finding Trojan.awax (tuspp.dll), Implementing the NT Services errors. Also CounterSpy updated its files. I subsequently deactivated CounterSpy again.• When the Norton Antivirus window opens notifying about the Trojan.awax, I click OK to get rid of it, but it just toggles between two nearly identical windows. One saying that the file was detected, and one saying that it could not be removed. However it never closes, I have to use Task Manager to get rid of it.• After running Killbox I did not get any messages this time and it did reboot automatically this time.• Panda requires that IE be used which appears to make us vulnerable to all the nasties. I mentioned earlier that I get the about:blank as the IE Home. I this because we’ve deleted the homepage definition?• I had to start Panda several times. I found when I try to close the browser windows opened by the hijackers, ALL the browser windows close, so I eventually had to run Panda with the other browsers windows open.Are these observations helpful, or can you tell as much from the logs.
I sure appreciate your patience and persistence!!
Thanks
Andy
_________________________________
New Panda Report
Incident Status Location
Potentially unwanted tool:application/winfixer2005 Not disinfected c:\windows\downloaded program files\UWA6P_0001_N73M0604NetInstaller.exe
Adware:adware/limeshop Not disinfected Windows Registry
Potentially unwanted tool:application/winantivirus2006 Not disinfected hkey_current_user\software\WinAntiVirus Pro 2006
Spyware:spyware/virtumonde Not disinfected Windows Registry
Potentially unwanted tool:application/sysprotect Not disinfected hkey_local_machine\software\classes\appid\CheckProduct2_1.DLL
Potentially unwanted tool:Application/ErrorSafe Not disinfected C:\!KillBox\FRec.dll
Potentially unwanted tool:Application/ErrorSafe Not disinfected C:\!KillBox\USYP_0001_N85M2606NetInstaller.exe
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\dxvm3tsr.default\cookies.txt[.microsofteup.112.2o7.net/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\dxvm3tsr.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\dxvm3tsr.default\cookies.txt[searchportal.information.com/]
Spyware:Cookie/Tucows Not disinfected C:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\dxvm3tsr.default\cookies.txt[.tucows.com/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Andy\Cookies\andy@hitbox[1].txt
Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\Andy\Cookies\[email protected][2].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Andy\Cookies\andy@zedo[1].txt
Potentially unwanted tool:Application/ErrorSafe Not disinfected C:\Documents and Settings\Andy\Local Settings\Application Data\Sunbelt Software\CounterSpy\Quarantine\35E93FDA-9E66-4B24-B751-223610\62331321-A76D-4731-9E16-1A3063
Potentially unwanted tool:Application/ErrorSafe Not disinfected C:\Documents and Settings\Andy\Local Settings\Application Data\Sunbelt Software\CounterSpy\Quarantine\35E93FDA-9E66-4B24-B751-223610\65EEAF63-7639-4A65-8F0C-A1C5B6
Potentially unwanted tool:Application/BrilliantDigital Not disinfected C:\Documents and Settings\Andy\Local Settings\Application Data\Sunbelt Software\CounterSpy\Quarantine\FF3F3369-85A0-419D-B2D0-96C77A\58D00DD5-F1D5-4FD4-8C71-24DCE6
Potentially unwanted tool:Application/BrilliantDigital Not disinfected C:\Documents and Settings\Andy\Local Settings\Application Data\Sunbelt Software\CounterSpy\Quarantine\FF3F3369-85A0-419D-B2D0-96C77A\718AE7B9-3150-4FB9-A4BA-FB9294
Potentially unwanted tool:Application/ErrorSafe Not disinfected C:\Documents and Settings\Andy\Local Settings\Temp\ICD1.tmp\USYP_0001_N85M2606NetInstaller.exe
Virus:Trj/Downloader.MM Disinfected C:\Documents and Settings\Andy\Local Settings\Temporary Internet Files\Content.IE5\05EN4LQN\QDow_AS2[1].cab
Virus:Trj/Downloader.MM Disinfected C:\Documents and Settings\Andy\Local Settings\Temporary Internet Files\Content.IE5\05EN4LQN\QDow_AS2[2].cab
Virus:Trj/Downloader.MM Disinfected C:\Documents and Settings\Andy\Local Settings\Temporary Internet Files\Content.IE5\27WV34XW\QDow_AS2[1].cab
Virus:Trj/Downloader.MM Disinfected C:\Documents and Settings\Andy\Local Settings\Temporary Internet Files\Content.IE5\27WV34XW\QDow_AS2[2].cab
Virus:Trj/Downloader.MM Disinfected C:\Documents and Settings\Andy\Local Settings\Temporary Internet Files\Content.IE5\27WV34XW\QDow_AS2[3].cab
Virus:Trj/Downloader.MM Disinfected C:\Documents and Settings\Andy\Local Settings\Temporary Internet Files\Content.IE5\27WV34XW\QDow_AS2[4].cab
Virus:Trj/Downloader.MM Disinfected C:\Documents and Settings\Andy\Local Settings\Temporary Internet Files\Content.IE5\27WV34XW\QDow_AS2[5].cab
Virus:Trj/Downloader.MM Disinfected C:\Documents and Settings\Andy\Local Settings\Temporary Internet Files\Content.IE5\833B64TH\QDow_AS2[1].cab
Virus:Trj/Downloader.MM Disinfected C:\Documents and Settings\Andy\Local Settings\Temporary Internet Files\Content.IE5\833B64TH\QDow_AS2[2].cab
Virus:Trj/Downloader.MM Disinfected C:\Documents and Settings\Andy\Local Settings\Temporary Internet Files\Content.IE5\8DUZ4DEJ\QDow_AS2[1].cab
_______________________________
New HJT log:
Logfile of HijackThis v1.99.1
Scan saved at 4:19:11 PM, on 7/16/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\fxredir.exe
C:\WINDOWS\System32\wuauclt.exe
C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
C:\WINDOWS\MXOALDR.EXE
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MemTurbo\MemTurbo.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Andy\My Documents\Downloads\HiJackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///C:/Documents%20and%20Settings/Andy/My%20Documents/LocalHome.htm
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DosSpecFolder Object - {3496D13A-609A-407B-B181-8F47B4F28AE9} - C:\WINDOWS\System32\opppp.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1.1\SDHelper.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {BDF90A20-C0DA-4FAE-95A2-AAA4D4D32B08} - C:\WINDOWS\system32\tuspp.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [monitr32] C:\Program Files\Canon\MultiPASS4\monitr32.exe
O4 - HKLM\..\Run: [fxredir] C:\WINDOWS\System32\fxredir.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
O4 - HKLM\..\Run: [MXO Auto Loader] C:\WINDOWS\MXOALDR.EXE
O4 - HKLM\..\Run: [sSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [sunServer] C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Startup: MemTurbo.lnk = C:\Program Files\MemTurbo\MemTurbo.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst20040510.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200212...meInstaller.exe
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {928626A3-6B98-11CF-90B4-00AA00A4011F} (SurroundVideoCtrl Object) - http://autos.msn.com/Components/Ocx/SurVid/MSSurVid.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {BB47CA33-8B4D-11D0-9511-00C04FD9152D} (ExteriorSurround Object) - http://autos.msn.com/Components/Ocx/Exterior/Outside.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: opppp - C:\WINDOWS\System32\opppp.dll
O20 - Winlogon Notify: tuspp - C:\WINDOWS\SYSTEM32\tuspp.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MpService - Canon Inc - C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
O23 - Service: Retrospect Helper - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\rthlpsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
-
The Terrorist 75 and Liz,
Thanks for the info on figuring our start up Start up files. I downloaded MikeLins Startup Control Panel and have been learning a lot.
• Many of the entries are pretty obvious by the file name.• There are several that I could probably do without because I don’t use the programs much if at all.(ie Nero, iTunes, maybe the Adobe Gamma Loader)o What are the benefits of “unchecking†these entries?o Do they move to the Deleted list?o Can they be restored?• There is one that I can’t figure out in the “HKLM / Run†tab: GNRICXPK… any ideas?
• I didn’t see any others that might be causing the “Stop Device†message, any ideas? I’ve listed the contents by tabs below if you'd like to browse it.
Thanks,
Andy
_______________________________________
Here are all the files listed in Mike Lins Start up, listed by tab:
Startup (users)
• No filesStartup (common)
• Acrobat Assistant - C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe• Adobe Gamma Loader - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe• InterVideo WinCinema Manager - C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe• Service Manager - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe• WinZip Quick Pick - C:\Program Files\WinZip\WZQKPICK.EXEHKLM / Run
• ATIPTA - C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe• ccApp - "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"• EPSON Stylus Photo ... C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P30 "EPSON Stylus Photo R300 Series" /O6 "USB001" /M "Stylus Photo R300"• Fxredir - C:\WINDOWS\System32\fxredir.exe• GNRICXPK - C:\PROGRA~1\FLASHC~1\GNRICXPK.exe• InCD - C:\Program Files\Ahead\InCD\InCD.exe• IntelliPoint - "C:\Program Files\Microsoft IntelliPoint\point32.exe"• iTunesHelper - C:\Program Files\iTunes\iTunesHelper.exe• NeroFilterCheck - C:\WINDOWS\system32\NeroCheck.exe• OmniPage - C:\Program Files\Caere\OmniPagePro90\opware32.exe• Picasa Media Detector - C:\Program Files\Picasa2\PicasaMediaDetector.exe• QD FastAndSafe• QuickTime Task - "C:\Program Files\QuickTime\qttask.exe" -atboottime• SoundMan - SOUNDMAN.EXE• SunJavaUpdateSched - C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe• Symantec NetDriver Monitor - C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer• type32 - "C:\Program Files\Microsoft IntelliType Pro\type32.exe"HKCU / Run
• MsnMsgr - "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background• PhotoShow Deluxe Media Manager - C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exeRun Once
• No FilesDeleted
• No Files -
Hi Matt,
That was sure a fast turn around at your end. Thanks. Things are much slower at my end still. Seems like after the ATF scan things really slowed down. Her are my observation and notes:
• The HJT “Fix†went smoothly. After the fix I got 8 “CounterSpy†notices saying that something was fooling around with IE. I allowed it.• Killbox went well too, and yes I did get the message “Pending File Rename Operations…Registery Data has been Removed by External Processâ€.• I had to restart it manually afterwards• I initially tried downloading ATF with an IE browser, but it opened with a blank screen with the title “about:blankâ€, and seemed to freeze, so I downloaded using FireFox.• AFT seemed to run fine.• Based on the above experience I initially tried running Panda ActiveScan from a FireFox browser, but I got a notice that it only worked using IE 5 or later.• I opened an IE browser and got the “about:blank†page again. I then pasted in the link and eventually got to the Panda page. I was unmercifully harassed by the WinAntiVirus and SysProtect pop-ups. Things started really slowing down at this point.• After the Panda scan I opened My Documents to get to where I could run HJT and things seemed to lock up. I tried a couple of times. Eventually needing to hit the reset button cause nothing responded. What seemed to work after restarting a second time was disconnecting the network cable so I wasn’t connected to the Internet.• After that I was able to run HJT.Below are the Panda and HJT logs
Thanks,
Andy
________________________________
Latest HJT log
Logfile of HijackThis v1.99.1
Scan saved at 4:10:07 PM, on 7/15/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunThreatEngine.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\SunProtectionServer.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\fxredir.exe
C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
C:\WINDOWS\MXOALDR.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MemTurbo\MemTurbo.exe
C:\Documents and Settings\Andy\My Documents\Downloads\HiJackThis\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DosSpecFolder Object - {3496D13A-609A-407B-B181-8F47B4F28AE9} - C:\WINDOWS\System32\opppp.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1.1\SDHelper.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {BDF90A20-C0DA-4FAE-95A2-AAA4D4D32B08} - C:\WINDOWS\system32\tuspp.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [monitr32] C:\Program Files\Canon\MultiPASS4\monitr32.exe
O4 - HKLM\..\Run: [fxredir] C:\WINDOWS\System32\fxredir.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
O4 - HKLM\..\Run: [MXO Auto Loader] C:\WINDOWS\MXOALDR.EXE
O4 - HKLM\..\Run: [sSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [sunServer] C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Startup: MemTurbo.lnk = C:\Program Files\MemTurbo\MemTurbo.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst20040510.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200212...meInstaller.exe
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {928626A3-6B98-11CF-90B4-00AA00A4011F} (SurroundVideoCtrl Object) - http://autos.msn.com/Components/Ocx/SurVid/MSSurVid.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {BB47CA33-8B4D-11D0-9511-00C04FD9152D} (ExteriorSurround Object) - http://autos.msn.com/Components/Ocx/Exterior/Outside.cab
O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} - http://locator1.cdn.imagesrvr.com/sites/sy...nnerInstall.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: opppp - C:\WINDOWS\System32\opppp.dll
O20 - Winlogon Notify: tuspp - C:\WINDOWS\SYSTEM32\tuspp.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MpService - Canon Inc - C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
O23 - Service: Retrospect Helper - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\rthlpsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
_________________________________________
Panda Report
Incident Status Location
Potentially unwanted tool:Application/ErrorSafe Not disinfected C:\Program Files\SysProtect Free\FRec.dll
Potentially unwanted tool:application/winfixer2005 Not disinfected c:\windows\downloaded program files\USYP_0001_N85M2606NetInstaller.exe
Adware:adware/dyfuca Not disinfected c:\windows\STWSI
Potentially unwanted tool:application/winantivirus2006 Not disinfected c:\documents and settings\all users\application data\WinAntiVirus Pro 2006
Adware:adware/limeshop Not disinfected Windows Registry
Spyware:spyware/virtumonde Not disinfected Windows Registry
Potentially unwanted tool:application/sysprotect Not disinfected hkey_local_machine\software\classes\appid\CheckProduct2_1.DLL
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\dxvm3tsr.default\cookies.txt[.microsofteup.112.2o7.net/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\dxvm3tsr.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\dxvm3tsr.default\cookies.txt[searchportal.information.com/]
Spyware:Cookie/Tucows Not disinfected C:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\dxvm3tsr.default\cookies.txt[.tucows.com/]
Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\Andy\Cookies\[email protected][1].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Andy\Cookies\andy@zedo[1].txt
Virus:W32/Disemboweler Disinfected Personal Folders\Inbox\***11317130 ***1302015032649\ACTMOVIE.EXE
Potentially unwanted tool:Application/ErrorSafe Not disinfected C:\Documents and Settings\Andy\Local Settings\Application Data\Sunbelt Software\CounterSpy\Quarantine\35E93FDA-9E66-4B24-B751-223610\62331321-A76D-4731-9E16-1A3063
Potentially unwanted tool:Application/ErrorSafe Not disinfected C:\Documents and Settings\Andy\Local Settings\Application Data\Sunbelt Software\CounterSpy\Quarantine\35E93FDA-9E66-4B24-B751-223610\65EEAF63-7639-4A65-8F0C-A1C5B6
Potentially unwanted tool:Application/BrilliantDigital Not disinfected C:\Documents and Settings\Andy\Local Settings\Application Data\Sunbelt Software\CounterSpy\Quarantine\FF3F3369-85A0-419D-B2D0-96C77A\58D00DD5-F1D5-4FD4-8C71-24DCE6
Potentially unwanted tool:Application/BrilliantDigital Not disinfected C:\Documents and Settings\Andy\Local Settings\Application Data\Sunbelt Software\CounterSpy\Quarantine\FF3F3369-85A0-419D-B2D0-96C77A\718AE7B9-3150-4FB9-A4BA-FB9294
Virus:Trj/Downloader.MM Disinfected C:\Documents and Settings\Andy\Local Settings\Temporary Internet Files\Content.IE5\01GPI3O5\QDow_AS2[1].cab
Outlook issues and more
in Windows 10, 8, 7, Vista, and XP
Posted
I have a number of issues that have recently cropped up with my PC. Most seem to be associated with when Outlook started acting up. When I click to open Outlook it will more times than not display the splash screen, then start to open. The main screen opens and tool bars will open, and usually the Folder List will open, but the email window remains blank and Outlook locks up. I will leave the machine and come back in an hour or so and the hour glass is still there and the program is still locked up. I then open task manager and shut it down. The next time it opens it gives the option to open in Safe Mode, which I do.
Also, when Outlook does work and closes properly, it leaves a "ghost" of part of its task bar. I have duel monitors. I always have Outlook open in the right monitor, but the ghost appears in the upper left corner of the left monitor. Attached is a screen capture of the ghost.
I have cleared the deleted files, archived, and compacted the file, but still get the same behavior. Any thoughts?
Along with the Outlook issue, my pc (windows XP 3) has slowed down significantly. I have "cleaned" the pc and I defragment regularly. I use the purchased version of AVG and have Spy-bot resident operating. I recently ran A2-free and it did find one Trogan, which I quarantined, but it had no effect on the PCs performance.
Perhaps this should be a different topic, but I'll ask it here. Are there any Driver updating programs you recommend? I installed "Driver Robot". I used it to scan and it found outdated drivers, but I haven't made any changes with it yet. Could this be messing with my machine? Also, I see many "Registry cleaners" out there. I've never used or even downloaded any, but I wonder what your thoughts are about those types of programs or if you can recommend any.