PDA

View Full Version : Please help small business-thank you. 1/2



BHomeInc.
2006-08-27, 16:43
Hello, please help a small business that recently suffered an attack from some sort of adware.

Tried everything from WinVirus to spybot, and the problem keeps coming back. In addition, whenI start up, I receive a message: w027475b.dll - The specified module could not be found.

Please help, this is affecting a business and making things difficult. I nderstand you guys are busy, and greatly appreciate the help.

Regards,
BHome,Inc.

This is part one of logfile, part 2 posted shortly:

Logfile of HijackThis v1.99.1
Scan saved at 9:35:41 AM, on 8/27/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Creative\VoiceCenter\AndreaVC.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\Duce6.exe
C:\DOCUME~1\VINCEN~1.BOV\LOCALS~1\Temp\clclean.0001
C:\WINDOWS\win32102-206641452.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\PROGRA~1\PANICW~1\POP-UP~1\POPUPS~1.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Documents and Settings\Vincent J. Bova\Local Settings\Temp\Toolkit.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Namo\WebBoard\Bin\APMTool.exe
C:\Program Files\LIUtilities\SpeedUpMyPC\speedupmypc.exe
C:\Program Files\Namo\WebBoard\Server\mysql\bin\mysqld.exe
C:\Program Files\Namo\WebBoard\Server\apache\apache.exe
C:\Program Files\Namo\WebBoard\Server\apache\apache.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Vincent J. Bova\My Documents\My Downloads\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: IEFW Object - {B5141620-C2B2-4D95-9F0F-134D99C87AB0} - C:\Program Files\WinAntiVirus Pro 2006\iefwbho.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [MBMon] Rundll32 CTMBHA.DLL,MBMon
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [VoiceCenter] "C:\Program Files\Creative\VoiceCenter\AndreaVC.exe" /tray
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [EEventManager] C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [pop06apelt] C:\WINDOWS\thiselt.exe
O4 - HKLM\..\Run: [etw38a37] RUNDLL32.EXE w027475b.dll,n 00338a3400000002027475b
O4 - HKLM\..\Run: [TheMonitor] C:\WINDOWS\Duce6.exe
O4 - HKLM\..\Run: [win32102-206641452] C:\WINDOWS\win32102-206641452.exe
O4 - HKLM\..\Run: [WinAntiVirusPro2006] C:\Program Files\WinAntiVirus Pro 2006\winav.exe /min
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [ToolKit] "C:\Program Files\SeagateToolkit\Toolkit.exe" -L -S /silent
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [PopUpStopperProfessional] "C:\PROGRA~1\PANICW~1\POP-UP~1\POPUPS~1.EXE"
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Namo APM Manager.lnk = C:\Program Files\Namo\WebBoard\Bin\APMTool.exe
O4 - Global Startup: SpeedUpMyPC.lnk = C:\Program Files\LIUtilities\SpeedUpMyPC\speedupmypc.exe

BHomeInc.
2006-08-27, 16:45
Here is the second half of my log:


O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://www.drivecleaner.com/.freeware/installdrivecleanerstart.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Firewall service (FWSvc) - Unknown owner - C:\Program Files\WinAntiVirus Pro 2006\FWSvc.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

teacup61
2006-08-27, 18:24
Hello BHomeInc.,

Welcome to Safer Networking Forums :)

1. Download Ewido anti-spyware from HERE (http://www.ewido.net/en/download/) and save that file to your desktop.
This is a 30 day trial of the program
Once you have downloaded Ewido anti-spyware, locate the icon on the desktop and double-click it to launch the set up program.
Once the setup is complete, run Ewido and update the definition files.
On the main screen select the icon "Update" then select the "Update now" link.
Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.

Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
Under "Reports"
Select "Automatically generate report after every scan"
Un-Select "Only if threats were found"

Close Ewido anti-spyware, Do Not run a scan just yet

2. Please download Brute Force Uninstaller (http://www.merijn.org/files/bfu.zip) to your desktop.
Right click the BFU folder on your desktop, and choose Extract All
Click "Next"
In the box to choose where to extract the files to,
Click "Browse"
Click on the + sign next to "My Computer"
Click on "Local Disk (C:) or whatever your primary drive is
Click "Make New Folder"
Type in BFU
Click "Next", and Uncheck the "Show Extracted Files" box and then click "Finish".
3. RIGHT-CLICK HERE (http://metallica.geekstogo.com/alcanshorty.bfu) and choose "Save As" (in IE it's "Save Target As") in order to download Alcra PLUS Remover.
Save it in the same folder you made earlier (c:\BFU).

Do not do anything with these yet!

4. Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.

5. IMPORTANT: Do not open any other windows or programs while ewido is scanning, it may interfere with the scanning proccess:
Lauch ewido-anti-spyware by double-clicking the icon on your desktop.
Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
ewido will now begin the scanning process, be patient this may take a little time.
Once the scan is complete do the following:
If you have any infections you will prompted, then select "Apply all actions"
Next select the "Reports" icon at the top.
Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your desktop (This is important)
Close Ewido and reboot your system back into Normal Mode.

6. Then, please go to Start > My Computer and navigate to the C:\BFU folder.
Start the Brute Force Uninstaller by doubleclicking BFU.exe
Behind the scriptline to execute field click the folder icon http://metallica.geekstogo.com/foldericon.png and select alcanshorty.bfu
Press Execute and let it do it’s job. (You ought to see a progress bar if you did this correctly.)
Wait for the complete script execution box to pop up and press OK.
Press exit to terminate the BFU program.
Reboot into normal windows and post the contents of Ewido text report that you saved and a new HiJackThis log.

Thanks,
tea

BHomeInc.
2006-08-27, 21:36
Thank you for your preliminary instructions. I have done verything you have sent me, and here is my new hijackthis log and endiwo log :


Logfile of HijackThis v1.99.1
Scan saved at 1:54:31 PM, on 8/27/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Creative\VoiceCenter\AndreaVC.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\DOCUME~1\VINCEN~1.BOV\LOCALS~1\Temp\clclean.0001
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\WINDOWS\system32\dllhost.exe
C:\Documents and Settings\Vincent J. Bova\Local Settings\Temp\Toolkit.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\Program Files\Namo\WebBoard\Bin\APMTool.exe
C:\Program Files\Namo\WebBoard\Server\mysql\bin\mysqld.exe
C:\Program Files\Namo\WebBoard\Server\apache\apache.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Namo\WebBoard\Server\apache\apache.exe
C:\Program Files\LIUtilities\SpeedUpMyPC\speedupmypc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Vincent J. Bova\My Documents\My Downloads\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: IEFW Object - {B5141620-C2B2-4D95-9F0F-134D99C87AB0} - C:\Program Files\WinAntiVirus Pro 2006\iefwbho.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [MBMon] Rundll32 CTMBHA.DLL,MBMon
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [VoiceCenter] "C:\Program Files\Creative\VoiceCenter\AndreaVC.exe" /tray
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [EEventManager] C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [etw38a37] RUNDLL32.EXE w027475b.dll,n 00338a3400000002027475b
O4 - HKLM\..\Run: [WinAntiVirusPro2006] C:\Program Files\WinAntiVirus Pro 2006\winav.exe /min
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [ToolKit] "C:\Program Files\SeagateToolkit\Toolkit.exe" -L -S /silent
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [PopUpStopperProfessional] "C:\PROGRA~1\PANICW~1\POP-UP~1\POPUPS~1.EXE"
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Namo APM Manager.lnk = C:\Program Files\Namo\WebBoard\Bin\APMTool.exe
O4 - Global Startup: SpeedUpMyPC.lnk = C:\Program Files\LIUtilities\SpeedUpMyPC\speedupmypc.exe

BHomeInc.
2006-08-27, 21:39
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://www.drivecleaner.com/.freeware/installdrivecleanerstart.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: Firewall service (FWSvc) - Unknown owner - C:\Program Files\WinAntiVirus Pro 2006\FWSvc.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

OTHER LOG:
---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 1:46:35 PM 8/27/2006

+ Scan result:



C:\WA6P\Quar\thaktyds -> Adware.Agent : Cleaned with backup (quarantined).
C:\Documents and Settings\Vincent J. Bova\Local Settings\Temp\Temporary Internet Files\Content.IE5\ORCHILCP\gtdownlr[1].cab/gtdownlr_118.ocx -> Adware.Gdown : Cleaned with backup (quarantined).
C:\i386\gtdownlr_118.ocx -> Adware.Gdown : Cleaned with backup (quarantined).
C:\WA6P\Quar\amoqqjpn -> Adware.MediaMotor : Cleaned with backup (quarantined).
C:\WA6P\Quar\87wxbdvq -> Adware.Mirar : Cleaned with backup (quarantined).
C:\WA6P\Quar\Wiyepolh -> Adware.Mirar : Cleaned with backup (quarantined).
C:\Documents and Settings\Vincent J. Bova\Local Settings\Temp\da29.tmp -> Adware.SurfSide : Cleaned with backup (quarantined).
C:\WA6P\Quar\i2tvjjiw -> Adware.SurfSide : Cleaned with backup (quarantined).
C:\WA6P\Quar\rebrvggm -> Adware.SurfSide : Cleaned with backup (quarantined).
HKU\S-1-5-21-1256270444-3269436463-3382073039-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2178F3FB-2560-458F-BDEE-631E2FE0DFE4} -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\WINDOWS\system32\etw38a37.dll -> Downloader.Small : Cleaned with backup (quarantined).
C:\WINDOWS\win32102-206641452.exe -> Downloader.VB.akq : Cleaned with backup (quarantined).
C:\WA6P\Quar\ssbgjymn -> Dropper.Small.qn : Cleaned with backup (quarantined).
C:\WA6P\Quar\XPcbvjfg -> Exploit.MS05-053-WMF : Cleaned with backup (quarantined).
C:\WA6P\Quar\XPchhmrt -> Exploit.MS05-053-WMF : Cleaned with backup (quarantined).
C:\WA6P\Quar\XPegswta -> Exploit.MS05-053-WMF : Cleaned with backup (quarantined).
C:\Documents and Settings\Vincent J. Bova\Application Data\winantiviruspro2006freeinstall[1].exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
:mozilla.8:C:\Documents and Settings\Vincent J. Bova\Application Data\Mozilla\Firefox\Profiles\oryl6pfy.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned with backup (quarantined).
:mozilla.10:C:\Documents and Settings\Vincent J. Bova\Application Data\Mozilla\Firefox\Profiles\oryl6pfy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.117:C:\Documents and Settings\Vincent J. Bova\Application Data\Mozilla\Firefox\Profiles\oryl6pfy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.118:C:\Documents and Settings\Vincent J. Bova\Application Data\Mozilla\Firefox\Profiles\oryl6pfy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.11:C:\Documents and Settings\Vincent J. Bova\Application Data\Mozilla\Firefox\Profiles\oryl6pfy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.12:C:\Documents and Settings\Vincent J. Bova\Application Data\Mozilla\Firefox\Profiles\oryl6pfy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.13:C:\Documents and Settings\Vincent J. Bova\Application Data\Mozilla\Firefox\Profiles\oryl6pfy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.14:C:\Documents and Settings\Vincent J. Bova\Application Data\Mozilla\Firefox\Profiles\oryl6pfy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.15:C:\Documents and Settings\Vincent J. Bova\Application Data\Mozilla\Firefox\Profiles\oryl6pfy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.16:C:\Documents and Settings\Vincent J. Bova\Application Data\Mozilla\Firefox\Profiles\oryl6pfy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.17:C:\Documents and Settings\Vincent J. Bova\Application Data\Mozilla\Firefox\Profiles\oryl6pfy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.18:C:\Documents and Settings\Vincent J. Bova\Application Data\Mozilla\Firefox\Profiles\oryl6pfy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.199:C:\Documents and Settings\Vincent J. Bova\Application Data\Mozilla\Firefox\Profiles\oryl6pfy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.19:C:\Documents and Settings\Vincent J. Bova\Application Data\Mozilla\Firefox\Profiles\oryl6pfy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.201:C:\Documents and Settings\Vincent J. Bova\Application Data\Mozilla\Firefox\Profiles\oryl6pfy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.20:C:\Documents and Settings\Vincent J. Bova\Application Data\Mozilla\Firefox\Profiles\oryl6pfy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.21:C:\Documents and Settings\Vincent J. Bova\Application Data\Mozilla\Firefox\Profiles\oryl6pfy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.22:C:\Documents and Settings\Vincent J. Bova\Application Data\Mozilla\Firefox\Profiles\oryl6pfy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.23:C:\Documents and Settings\Vincent J. Bova\Application Data\Mozilla\Firefox\Profiles\oryl6pfy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.24:C:\Documents and Settings\Vincent J. Bova\Application Data\Mozilla\Firefox\Profiles\oryl6pfy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.25:C:\Documents and Settings\Vincent J. Bova\Application Data\Mozilla\Firefox\Profiles\oryl6pfy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.26:C:\Documents and Settings\Vincent J. Bova\Application Data\Mozilla\Firefox\Profiles\oryl6pfy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.27:C:\Documents and Settings\Vincent J. Bova\Application Data\Mozilla\Firefox\Profiles\oryl6pfy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.28:C:\Documents and Settings\Vincent J. Bova\Application Data\Mozilla\Firefox\Profiles\oryl6pfy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.29:C:\Documents and Settings\Vincent J. Bova\Application Data\Mozilla\Firefox\Profiles\oryl6pfy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.355:C:\Documents and Settings\Vincent J. Bova\Application Data\Mozilla\Firefox\Profiles\oryl6pfy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.379:C:\Documents and Settings\Vincent J. Bova\Application Data\Mozilla\Firefox\Profiles\oryl6pfy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.97:C:\Documents and Settings\Vincent J. Bova\Application Data\Mozilla\Firefox\Profiles\oryl6pfy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.9:C:\Documents and Settings\Vincent J. Bova\Application Data\Mozilla\Firefox\Profiles\oryl6pfy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).

BHomeInc.
2006-08-27, 21:41
C:\Documents and Settings\Vincent J. Bova\Cookies\vincent j. bova@2o7[5].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Vincent J. Bova\Cookies\vincent j. bova@buycom.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Vincent J. Bova\Cookies\vincent j. bova@cbs.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Vincent J. Bova\Cookies\vincent j. bova@entrepreneur.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Vincent J. Bova\Cookies\vincent j. bova@partygaming.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Vincent J. Bova\Cookies\vincent j. bova@paypal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Vincent J. Bova\Cookies\vincent j. bova@pch.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Vincent J. Bova\Local Settings\Temp\Cookies\vincent j. bova@gmgmacmortgage.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\WA6P\Quar\VIiigvvv -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\WA6P\Quar\VInfrzjc -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\WA6P\Quar\VIngrkfw -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\WA6P\Quar\VIngsqrw -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\WA6P\Quar\VIsrgusc -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\WA6P\Quar\VItttgik -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\WA6P\Quar\vitryefs -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Vincent J. Bova\Cookies\vincent j. bova@ads.addynamix[2].txt -> TrackingCookie.Addynamix : Cleaned with backup (quarantined).
:mozilla.50:C:\Documents and Settings\Vincent J. Bova\Application Data\Mozilla\Firefox\Profiles\oryl6pfy.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
C:\Documents and Settings\Vincent J. Bova\Cookies\vincent j. bova@adrevolver[2].txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.520:C:\Documents and Settings\Vincent J. Bova\Application Data\Mozilla\Firefox\Profiles\oryl6pfy.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup (quarantined).
:mozilla.521:C:\Documents and Settings\Vincent J. Bova\Application Data\Mozilla\Firefox\Profiles\oryl6pfy.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup (quarantined).
C:\WA6P\Quar\viuovrco -> TrackingCookie.Adtech : Cleaned with backup (quarantined).
C:\Documents and Settings\Vincent J. Bova\Local Settings\Temp\Cookies\vincent j. bova@advertising[1].txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
C:\WA6P\Quar\VIqvoiwz -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
C:\WA6P\Quar\VIrqbtys -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
C:\WA6P\Quar\VIsbdslr -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
C:\Documents and Settings\Vincent J. Bova\Local Settings\Temp\Cookies\vincent j. bova@atdmt[1].txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
C:\Documents and Settings\Vincent J. Bova\Cookies\vincent j. bova@bluestreak[2].txt -> TrackingCookie.Bluestreak : Cleaned with backup (quarantined).
C:\Documents and Settings\Vincent J. Bova\Local Settings\Temp\Cookies\vincent j. bova@bluestreak[2].txt -> TrackingCookie.Bluestreak : Cleaned with backup (quarantined).
C:\WA6P\Quar\VIwubtmr -> TrackingCookie.Bluestreak : Cleaned with backup (quarantined).
:mozilla.108:C:\Documents and Settings\Vincent J. Bova\Application Data\Mozilla\Firefox\Profiles\oryl6pfy.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup (quarantined).
:mozilla.109:C:\Documents and Settings\Vincent J. Bova\Application Data\Mozilla\Firefox\Profiles\oryl6pfy.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup (quarantined).
:mozilla.110:C:\Documents and Settings\Vincent J. Bova\Application Data\Mozilla\Firefox\Profiles\oryl6pfy.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup (quarantined).
:mozilla.111:C:\Documents and Settings\Vincent J. Bova\Application Data\Mozilla\Firefox\Profiles\oryl6pfy.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup (quarantined).
:mozilla.529:C:\Documents and Settings\Vincent J. Bova\Application Data\Mozilla\Firefox\Profiles\oryl6pfy.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup (quarantined).
:mozilla.530:C:\Documents and Settings\Vincent J. Bova\Application Data\Mozilla\Firefox\Profiles\oryl6pfy.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup (quarantined).
C:\Documents and Settings\Vincent J. Bova\Cookies\vincent j. bova@citi.bridgetrack[1].txt -> TrackingCookie.Bridgetrack : Cleaned with backup (quarantined).
C:\Documents and Settings\Vincent J. Bova\Local Settings\Temp\Cookies\vincent j. bova@citi.bridgetrack[1].txt -> TrackingCookie.Bridgetrack : Cleaned with backup (quarantined).
C:\WA6P\Quar\virapyhj -> TrackingCookie.Bridgetrack : Cleaned with backup (quarantined).
C:\Documents and Settings\Vincent J. Bova\Cookies\vincent j. bova@www.burstbeacon[1].txt -> TrackingCookie.Burstbeacon : Cleaned with backup (quarantined).
C:\Documents and Settings\Vincent J. Bova\Cookies\vincent j. bova@burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
C:\Documents and Settings\Vincent J. Bova\Cookies\vincent j. bova@www.burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
C:\WA6P\Quar\VIcmzmop -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
C:\WA6P\Quar\VIeweojk -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
C:\WA6P\Quar\VIhtmtxx -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
C:\WA6P\Quar\VIkjbpje -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
C:\WA6P\Quar\VItjcims -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
C:\Documents and Settings\Vincent J. Bova\Cookies\vincent j. bova@casinotropez[1].txt -> TrackingCookie.Casinotropez : Cleaned with backup (quarantined).
C:\Documents and Settings\Vincent J. Bova\Cookies\vincent j. bova@www.casinotropez[1].txt -> TrackingCookie.Casinotropez : Cleaned with backup (quarantined).
:mozilla.100:C:\Documents and Settings\Vincent J. Bova\Application Data\Mozilla\Firefox\Profiles\oryl6pfy.default\cookies.txt -> TrackingCookie.Centrport : Cleaned with backup (quarantined).
C:\Documents and Settings\Vincent J. Bova\Local Settings\Temp\Cookies\vincent j. bova@centrport[1].txt -> TrackingCookie.Centrport : Cleaned with backup (quarantined).
C:\Documents and Settings\Vincent J. Bova\Cookies\vincent j. bova@clickbank[1].txt -> TrackingCookie.Clickbank : Cleaned with backup (quarantined).
:mozilla.121:C:\Documents and Settings\Vincent J. Bova\Application Data\Mozilla\Firefox\Profiles\oryl6pfy.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup (quarantined).
:mozilla.122:C:\Documents and Settings\Vincent J. Bova\Application Data\Mozilla\Firefox\Profiles\oryl6pfy.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup (quarantined).
C:\Documents and Settings\Vincent J. Bova\Cookies\vincent j. bova@com[1].txt -> TrackingCookie.Com : Cleaned with backup (quarantined).
C:\Documents and Settings\Vincent J. Bova\Local Settings\Temp\Cookies\vincent j. bova@data.coremetrics[1].txt -> TrackingCookie.Coremetrics : Cleaned with backup (quarantined).
C:\Documents and Settings\Vincent J. Bova\Local Settings\Temp\Cookies\vincent j. bova@test.coremetrics[1].txt -> TrackingCookie.Coremetrics : Cleaned with backup (quarantined).
:mozilla.91:C:\Documents and Settings\Vincent J. Bova\Application Data\Mozilla\Firefox\Profiles\oryl6pfy.default\cookies.txt -> TrackingCookie.Counted : Cleaned with backup (quarantined).
C:\Documents and Settings\Vincent J. Bova\Cookies\vincent j. bova@cpvfeed[1].txt -> TrackingCookie.Cpvfeed : Cleaned with backup (quarantined).
C:\Documents and Settings\Vincent J. Bova\Local Settings\Temp\Cookies\vincent j. bova@doubleclick[2].txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
C:\WA6P\Quar\VIbfmvzf -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
C:\WA6P\Quar\VIblaaio -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
C:\WA6P\Quar\VIbnkkij -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
C:\WA6P\Quar\VIdistjy -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
C:\WA6P\Quar\VIekxwkd -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
C:\WA6P\Quar\VIhykcxu -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
C:\WA6P\Quar\VImmxsso -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
C:\WA6P\Quar\VIowfpaw -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
C:\WA6P\Quar\VIqlxyjz -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
C:\WA6P\Quar\VIuphllb -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
C:\WA6P\Quar\VIvdvsax -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
C:\WA6P\Quar\VIyboexf -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
C:\WA6P\Quar\VIzcxsrj -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
C:\WA6P\Quar\VIzwgtbo -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
C:\Documents and Settings\Vincent J. Bova\Cookies\vincent j. bova@c.enhance[2].txt -> TrackingCookie.Enhance : Cleaned with backup (quarantined).
:mozilla.155:C:\Documents and Settings\Vincent J. Bova\Application Data\Mozilla\Firefox\Profiles\oryl6pfy.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.156:C:\Documents and Settings\Vincent J. Bova\Application Data\Mozilla\Firefox\Profiles\oryl6pfy.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.157:C:\Documents and Settings\Vincent J. Bova\Application Data\Mozilla\Firefox\Profiles\oryl6pfy.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.158:C:\Documents and Settings\Vincent J. Bova\Application Data\Mozilla\Firefox\Profiles\oryl6pfy.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.159:C:\Documents and Settings\Vincent J. Bova\Application Data\Mozilla\Firefox\Profiles\oryl6pfy.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\Vincent J. Bova\Cookies\vincent j. bova@e-2dj6wjnyqkczefo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\Vincent J. Bova\Cookies\vincent j. bova@as-eu.falkag[1].txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
C:\Documents and Settings\Vincent J. Bova\Cookies\vincent j. bova@as-us.falkag[1].txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
C:\Documents and Settings\Vincent J. Bova\Cookies\vincent j. bova@fastclick[7].txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).

BHomeInc.
2006-08-27, 21:43
C:\WA6P\Quar\VIarbvic -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
C:\WA6P\Quar\VIbfpdzc -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
C:\WA6P\Quar\VIblqhlh -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
C:\WA6P\Quar\VIbqzyhu -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
C:\WA6P\Quar\VIbxfqog -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
C:\WA6P\Quar\VIcinoat -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
C:\WA6P\Quar\VIdkeshw -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
C:\WA6P\Quar\VIdszkqh -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
C:\WA6P\Quar\VIdxdtth -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
C:\WA6P\Quar\VIdzijlm -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
C:\WA6P\Quar\VIdzretd -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
C:\WA6P\Quar\VIeawiav -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
C:\WA6P\Quar\VIegowfw -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
C:\WA6P\Quar\VIejvhxr -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
C:\WA6P\Quar\VIenivql -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
C:\WA6P\Quar\VIenjact -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
C:\WA6P\Quar\VIeptnrl -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
C:\WA6P\Quar\VIexzhbr -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
C:\WA6P\Quar\VIfgjqod -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
C:\WA6P\Quar\VIfngmky -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
C:\WA6P\Quar\VIfrllxv -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
C:\WA6P\Quar\VIgaivee -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
C:\WA6P\Quar\VIggetxn -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
C:\WA6P\Quar\VIggvoim -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
C:\WA6P\Quar\VIgrrcay -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
C:\WA6P\Quar\VIguigfy -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
C:\WA6P\Quar\VIguwglb -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
C:\WA6P\Quar\VIhvncqg -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
C:\WA6P\Quar\VIhyovyl -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
C:\WA6P\Quar\VIhzcenf -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
C:\WA6P\Quar\VIiiacjr -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
C:\WA6P\Quar\VIimshsc -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
C:\WA6P\Quar\VIixqhah -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
C:\WA6P\Quar\VIjdwunu -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
C:\WA6P\Quar\VIjulwub -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
C:\WA6P\Quar\VIjumbmb -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
C:\WA6P\Quar\VIjxravl -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
C:\WA6P\Quar\VIjyhbbn -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
C:\WA6P\Quar\VIjymzsv -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
C:\WA6P\Quar\VIkbdnfs -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
C:\WA6P\Quar\VIkfoixr -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
C:\WA6P\Quar\VIkhcwet -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
C:\WA6P\Quar\VIkrpilh -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
C:\WA6P\Quar\VIkwdidn -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
C:\WA6P\Quar\VIkwljfs -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
C:\WA6P\Quar\VIlaoyyg -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
C:\WA6P\Quar\VIlffdes -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
C:\WA6P\Quar\VIlhfkzc -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
C:\WA6P\Quar\VIlkpvpm -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
C:\WA6P\Quar\VIlmufao -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
C:\WA6P\Quar\VIlokqhy -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
C:\WA6P\Quar\VIlzdztu -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
C:\WA6P\Quar\VImeuxuk -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
C:\WA6P\Quar\VImxxzjg -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
C:\WA6P\Quar\VInbddsq -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
C:\WA6P\Quar\VIngwlsr -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
C:\WA6P\Quar\VIobhgzv -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
C:\WA6P\Quar\VIodctij -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
C:\WA6P\Quar\VIofwwfb -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
C:\WA6P\Quar\VIogtjms -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
C:\WA6P\Quar\VIonhgmn -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
C:\WA6P\Quar\VIoqenrc -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
C:\WA6P\Quar\VIowuzhe -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
C:\WA6P\Quar\VIpanfvs -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
C:\WA6P\Quar\VIpenput -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
C:\WA6P\Quar\VIpjwoya -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
C:\WA6P\Quar\VIpoevqj -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
C:\WA6P\Quar\VIppkrwl -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
C:\WA6P\Quar\VIpsdnkg -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
C:\WA6P\Quar\VIqadvim -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
C:\WA6P\Quar\VIqbegod -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
C:\WA6P\Quar\VIqemfxt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
C:\WA6P\Quar\VIrcsoxn -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
C:\WA6P\Quar\VIrlbywk -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
C:\WA6P\Quar\VIrncjfx -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
C:\WA6P\Quar\VIrvczdv -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
C:\WA6P\Quar\VIrwjyow -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
C:\WA6P\Quar\VIrzgbjz -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
C:\WA6P\Quar\VIsciosq -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
C:\WA6P\Quar\VIsisrdv -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
C:\WA6P\Quar\VIsnvgiz -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
C:\WA6P\Quar\VIspuudc -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
C:\WA6P\Quar\VIsunhwz -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
C:\WA6P\Quar\VItiokks -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
C:\WA6P\Quar\VItyhgng -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
C:\WA6P\Quar\VIuefbde -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
C:\WA6P\Quar\VIuqsuri -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
C:\WA6P\Quar\VIuvcbwc -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
C:\WA6P\Quar\VIuxplnn -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
C:\WA6P\Quar\VIuyurgl -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
C:\WA6P\Quar\VIvfylrl -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
C:\WA6P\Quar\VIvqlxal -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
C:\WA6P\Quar\VIvqwplb -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
C:\WA6P\Quar\VIvvctfh -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
C:\WA6P\Quar\VIwalpex -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
C:\WA6P\Quar\VIwnvson -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
C:\WA6P\Quar\VIwruutw -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
C:\WA6P\Quar\VIwwvqtb -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
C:\WA6P\Quar\VIwyansd -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
C:\WA6P\Quar\VIxbcuoa -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
C:\WA6P\Quar\VIxbocom -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
C:\WA6P\Quar\VIxbuabm -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
C:\WA6P\Quar\VIxfslzt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
C:\WA6P\Quar\VIxnmgau -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
C:\WA6P\Quar\VIxpavqa -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
C:\WA6P\Quar\VIxumxwj -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
C:\WA6P\Quar\VIxveeud -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
C:\WA6P\Quar\VIycfulm -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
C:\WA6P\Quar\VIyqdhcc -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
C:\WA6P\Quar\VIyvmrpn -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
C:\WA6P\Quar\VIywmkoh -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
C:\WA6P\Quar\VIyzzngb -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
C:\WA6P\Quar\VIzcepsn -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
C:\WA6P\Quar\VIzhxdrz -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
C:\Documents and Settings\Vincent J. Bova\Cookies\vincent j. bova@findwhat[1].txt -> TrackingCookie.Findwhat : Cleaned with backup (quarantined).
C:\WA6P\Quar\vioiytjh -> TrackingCookie.Findwhat : Cleaned with backup (quarantined).

BHomeInc.
2006-08-27, 21:44
C:\Documents and Settings\Vincent J. Bova\Local Settings\Temp\Cookies\vincent j. bova@ehg-dig.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\Documents and Settings\Vincent J. Bova\Local Settings\Temp\Cookies\vincent j. bova@ehg-espn.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\Documents and Settings\Vincent J. Bova\Local Settings\Temp\Cookies\vincent j. bova@hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.345:C:\Documents and Settings\Vincent J. Bova\Application Data\Mozilla\Firefox\Profiles\oryl6pfy.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).
:mozilla.356:C:\Documents and Settings\Vincent J. Bova\Application Data\Mozilla\Firefox\Profiles\oryl6pfy.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).
C:\Documents and Settings\Vincent J. Bova\Cookies\vincent j. bova@server.iad.liveperson[1].txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).
C:\Documents and Settings\Vincent J. Bova\Local Settings\Temp\Cookies\vincent j. bova@sales.liveperson[2].txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).
C:\Documents and Settings\Vincent J. Bova\Local Settings\Temp\Cookies\vincent j. bova@server.iad.liveperson[1].txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).
C:\Documents and Settings\Vincent J. Bova\Local Settings\Temp\Cookies\vincent j. bova@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned with backup (quarantined).
:mozilla.374:C:\Documents and Settings\Vincent J. Bova\Application Data\Mozilla\Firefox\Profiles\oryl6pfy.default\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup (quarantined).
:mozilla.375:C:\Documents and Settings\Vincent J. Bova\Application Data\Mozilla\Firefox\Profiles\oryl6pfy.default\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup (quarantined).
:mozilla.307:C:\Documents and Settings\Vincent J. Bova\Application Data\Mozilla\Firefox\Profiles\oryl6pfy.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
:mozilla.308:C:\Documents and Settings\Vincent J. Bova\Application Data\Mozilla\Firefox\Profiles\oryl6pfy.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
:mozilla.312:C:\Documents and Settings\Vincent J. Bova\Application Data\Mozilla\Firefox\Profiles\oryl6pfy.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
C:\Documents and Settings\Vincent J. Bova\Cookies\vincent j. bova@data1.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
C:\Documents and Settings\Vincent J. Bova\Cookies\vincent j. bova@data2.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
C:\Documents and Settings\Vincent J. Bova\Cookies\vincent j. bova@data3.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
C:\Documents and Settings\Vincent J. Bova\Cookies\vincent j. bova@overture[1].txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
C:\Documents and Settings\Vincent J. Bova\Cookies\vincent j. bova@perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
:mozilla.52:C:\Documents and Settings\Vincent J. Bova\Application Data\Mozilla\Firefox\Profiles\oryl6pfy.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
:mozilla.53:C:\Documents and Settings\Vincent J. Bova\Application Data\Mozilla\Firefox\Profiles\oryl6pfy.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
:mozilla.54:C:\Documents and Settings\Vincent J. Bova\Application Data\Mozilla\Firefox\Profiles\oryl6pfy.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
:mozilla.55:C:\Documents and Settings\Vincent J. Bova\Application Data\Mozilla\Firefox\Profiles\oryl6pfy.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
C:\Documents and Settings\Vincent J. Bova\Cookies\vincent j. bova@ads.pointroll[1].txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
C:\Documents and Settings\Vincent J. Bova\Local Settings\Temp\Cookies\vincent j. bova@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
:mozilla.321:C:\Documents and Settings\Vincent J. Bova\Application Data\Mozilla\Firefox\Profiles\oryl6pfy.default\cookies.txt -> TrackingCookie.Pro-market : Cleaned with backup (quarantined).
:mozilla.322:C:\Documents and Settings\Vincent J. Bova\Application Data\Mozilla\Firefox\Profiles\oryl6pfy.default\cookies.txt -> TrackingCookie.Pro-market : Cleaned with backup (quarantined).
C:\Documents and Settings\Vincent J. Bova\Cookies\vincent j. bova@qksrv[2].txt -> TrackingCookie.Qksrv : Cleaned with backup (quarantined).
:mozilla.323:C:\Documents and Settings\Vincent J. Bova\Application Data\Mozilla\Firefox\Profiles\oryl6pfy.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
:mozilla.324:C:\Documents and Settings\Vincent J. Bova\Application Data\Mozilla\Firefox\Profiles\oryl6pfy.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
C:\Documents and Settings\Vincent J. Bova\Cookies\vincent j. bova@questionmarket[5].txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
C:\WA6P\Quar\VIaxjaau -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
C:\WA6P\Quar\VIeepbhj -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
C:\WA6P\Quar\VIjfxrxa -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
C:\WA6P\Quar\VIrvdeeg -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
C:\WA6P\Quar\VIumvpop -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
C:\WA6P\Quar\VIvvbfkp -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
C:\WA6P\Quar\VIxzzxcy -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
C:\WA6P\Quar\vipbcovm -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
C:\Documents and Settings\Vincent J. Bova\Cookies\vincent j. bova@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
C:\Documents and Settings\Vincent J. Bova\Cookies\vincent j. bova@revenue[5].txt -> TrackingCookie.Revenue : Cleaned with backup (quarantined).
C:\WA6P\Quar\VIbblgpk -> TrackingCookie.Revenue : Cleaned with backup (quarantined).
C:\WA6P\Quar\VIefymsm -> TrackingCookie.Revenue : Cleaned with backup (quarantined).
C:\WA6P\Quar\VIibenms -> TrackingCookie.Revenue : Cleaned with backup (quarantined).
C:\WA6P\Quar\VIrhkyeq -> TrackingCookie.Revenue : Cleaned with backup (quarantined).
C:\WA6P\Quar\VIvejrqb -> TrackingCookie.Revenue : Cleaned with backup (quarantined).
C:\WA6P\Quar\VIwfwdsp -> TrackingCookie.Revenue : Cleaned with backup (quarantined).
C:\WA6P\Quar\VIxbykav -> TrackingCookie.Revenue : Cleaned with backup (quarantined).
C:\WA6P\Quar\VIyggytd -> TrackingCookie.Revenue : Cleaned with backup (quarantined).
:mozilla.165:C:\Documents and Settings\Vincent J. Bova\Application Data\Mozilla\Firefox\Profiles\oryl6pfy.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup (quarantined).
:mozilla.166:C:\Documents and Settings\Vincent J. Bova\Application Data\Mozilla\Firefox\Profiles\oryl6pfy.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup (quarantined).
C:\Documents and Settings\Vincent J. Bova\Cookies\vincent j. bova@edge.ru4[1].txt -> TrackingCookie.Ru4 : Cleaned with backup (quarantined).
:mozilla.358:C:\Documents and Settings\Vincent J. Bova\Application Data\Mozilla\Firefox\Profiles\oryl6pfy.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.359:C:\Documents and Settings\Vincent J. Bova\Application Data\Mozilla\Firefox\Profiles\oryl6pfy.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.360:C:\Documents and Settings\Vincent J. Bova\Application Data\Mozilla\Firefox\Profiles\oryl6pfy.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.361:C:\Documents and Settings\Vincent J. Bova\Application Data\Mozilla\Firefox\Profiles\oryl6pfy.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
C:\WA6P\Quar\vimklrwc -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.49:C:\Documents and Settings\Vincent J. Bova\Application Data\Mozilla\Firefox\Profiles\oryl6pfy.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup (quarantined).
C:\Documents and Settings\Vincent J. Bova\Cookies\vincent j. bova@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : Cleaned with backup (quarantined).
C:\Documents and Settings\Vincent J. Bova\Cookies\vincent j. bova@h.starware[1].txt -> TrackingCookie.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Vincent J. Bova\Cookies\vincent j. bova@try.starware[1].txt -> TrackingCookie.Starware : Cleaned with backup (quarantined).
:mozilla.376:C:\Documents and Settings\Vincent J. Bova\Application Data\Mozilla\Firefox\Profiles\oryl6pfy.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.377:C:\Documents and Settings\Vincent J. Bova\Application Data\Mozilla\Firefox\Profiles\oryl6pfy.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
C:\Documents and Settings\Vincent J. Bova\Cookies\vincent j. bova@statcounter[5].txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
C:\WA6P\Quar\VIdsazqm -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
C:\WA6P\Quar\VIesjden -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
C:\WA6P\Quar\VIjtfrkk -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
C:\WA6P\Quar\VIkemvuw -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
C:\WA6P\Quar\VIkmznhf -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
C:\WA6P\Quar\VIlmfpoq -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
C:\WA6P\Quar\VImurisx -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
C:\WA6P\Quar\VInbpvdf -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
C:\WA6P\Quar\VIojtsdl -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
C:\WA6P\Quar\VIpmttij -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
C:\WA6P\Quar\VIpuqutd -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
C:\WA6P\Quar\VIrncupd -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
C:\WA6P\Quar\VIstnqtz -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
C:\WA6P\Quar\VIuoiyfl -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
C:\WA6P\Quar\VIupzhrj -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
C:\WA6P\Quar\VIwgjmfn -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
C:\WA6P\Quar\VIwntmip -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
C:\WA6P\Quar\VIymcxbq -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
C:\WA6P\Quar\VIzjnuwe -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.385:C:\Documents and Settings\Vincent J. Bova\Application Data\Mozilla\Firefox\Profiles\oryl6pfy.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
:mozilla.386:C:\Documents and Settings\Vincent J. Bova\Application Data\Mozilla\Firefox\Profiles\oryl6pfy.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
C:\Documents and Settings\Vincent J. Bova\Cookies\vincent j. bova@anad.tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
C:\Documents and Settings\Vincent J. Bova\Cookies\vincent j. bova@anat.tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
C:\Documents and Settings\Vincent J. Bova\Cookies\vincent j. bova@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
C:\WA6P\Quar\VIacqcyr -> TrackingCookie.Targetnet : Cleaned with backup (quarantined).
:mozilla.392:C:\Documents and Settings\Vincent J. Bova\Application Data\Mozilla\Firefox\Profiles\oryl6pfy.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.393:C:\Documents and Settings\Vincent J. Bova\Application Data\Mozilla\Firefox\Profiles\oryl6pfy.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.394:C:\Documents and Settings\Vincent J. Bova\Application Data\Mozilla\Firefox\Profiles\oryl6pfy.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
C:\Documents and Settings\Vincent J. Bova\Cookies\vincent j. bova@trafficmp[5].txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
C:\Documents and Settings\Vincent J. Bova\Local Settings\Temp\Cookies\vincent j. bova@trafficmp[1].txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
C:\WA6P\Quar\VIalihxb -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
C:\WA6P\Quar\VIazvoix -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
C:\WA6P\Quar\VIcbmpoe -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
C:\WA6P\Quar\VIcugnck -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
C:\WA6P\Quar\VIdczrhk -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
C:\WA6P\Quar\VIihjyjp -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
C:\WA6P\Quar\VIrpqvci -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
C:\WA6P\Quar\VIumkhfn -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.395:C:\Documents and Settings\Vincent J. Bova\Application Data\Mozilla\Firefox\Profiles\oryl6pfy.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
C:\Documents and Settings\Vincent J. Bova\Cookies\vincent j. bova@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
C:\WA6P\Quar\VIeonwnn -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
C:\WA6P\Quar\VIfaqhte -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
C:\WA6P\Quar\VIvfhrjw -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
C:\WA6P\Quar\vihbegir -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
C:\Documents and Settings\Vincent J. Bova\Cookies\vincent j. bova@reduxads.valuead[1].txt -> TrackingCookie.Valuead : Cleaned with backup (quarantined).
:mozilla.413:C:\Documents and Settings\Vincent J. Bova\Application Data\Mozilla\Firefox\Profiles\oryl6pfy.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned with backup (quarantined).
:mozilla.414:C:\Documents and Settings\Vincent J. Bova\Application Data\Mozilla\Firefox\Profiles\oryl6pfy.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned with backup (quarantined).
:mozilla.415:C:\Documents and Settings\Vincent J. Bova\Application Data\Mozilla\Firefox\Profiles\oryl6pfy.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned with backup (quarantined).
C:\Documents and Settings\Vincent J. Bova\Cookies\vincent j. bova@web-stat[2].txt -> TrackingCookie.Web-stat : Cleaned with backup (quarantined).
:mozilla.42:C:\Documents and Settings\Vincent J. Bova\Application Data\Mozilla\Firefox\Profiles\oryl6pfy.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.43:C:\Documents and Settings\Vincent J. Bova\Application Data\Mozilla\Firefox\Profiles\oryl6pfy.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.44:C:\Documents and Settings\Vincent J. Bova\Application Data\Mozilla\Firefox\Profiles\oryl6pfy.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.45:C:\Documents and Settings\Vincent J. Bova\Application Data\Mozilla\Firefox\Profiles\oryl6pfy.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.46:C:\Documents and Settings\Vincent J. Bova\Application Data\Mozilla\Firefox\Profiles\oryl6pfy.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.524:C:\Documents and Settings\Vincent J. Bova\Application Data\Mozilla\Firefox\Profiles\oryl6pfy.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.525:C:\Documents and Settings\Vincent J. Bova\Application Data\Mozilla\Firefox\Profiles\oryl6pfy.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\Documents and Settings\Vincent J. Bova\Cookies\vincent j. bova@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\Documents and Settings\Vincent J. Bova\Cookies\vincent j. bova@yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.522:C:\Documents and Settings\Vincent J. Bova\Application Data\Mozilla\Firefox\Profiles\oryl6pfy.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
:mozilla.523:C:\Documents and Settings\Vincent J. Bova\Application Data\Mozilla\Firefox\Profiles\oryl6pfy.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
C:\Documents and Settings\Vincent J. Bova\Cookies\vincent j. bova@c5.zedo[1].txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
C:\Documents and Settings\Vincent J. Bova\Cookies\vincent j. bova@zedo[6].txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
C:\WA6P\Quar\VIdowvjp -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
C:\WA6P\Quar\VIjhynxr -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
C:\WA6P\Quar\VInlfnaq -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
C:\WA6P\Quar\VInthgxy -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
C:\WA6P\Quar\VIoqfhgt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
C:\WA6P\Quar\VIqvpmsu -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
C:\WA6P\Quar\VIrdgfpp -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
C:\WA6P\Quar\VIxcvurj -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
C:\WA6P\Quar\VIxuyjjp -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
C:\WA6P\Quar\VIywnfed -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
C:\WINDOWS\uni_ehhhh.exe -> Trojan.VB.tg : Cleaned with backup (quarantined).
C:\WINDOWS\uninst104.exe -> Trojan.VB.tg : Cleaned with backup (quarantined).


::Report end

Thank you so much for all your efforts. You have made a hard business run much smoother and I will surely remember to donate.

Regards

teacup61
2006-08-28, 09:14
Hello,

Did you actually pay for WinAntiVirus Pro? If you did, you've been duped my friend. That is the very program that's causing the worst of this.:( Uninstall it, if it's there, in Add/Remove Programs. http://www.spywarewarrior.com/rogue_anti-spyware.htm

Please reboot your computer into Safe Mode. To boot into Safe Mode, please restart your computer. Tap F8 before Windows loads. Select Safe Mode on the screen that appears.

Please run HijackThis! and click "Scan." Place checks next to the following entries, if present:

O2 - BHO: IEFW Object - {B5141620-C2B2-4D95-9F0F-134D99C87AB0} - C:\Program Files\WinAntiVirus Pro 2006\iefwbho.dll (file missing)
O4 - HKLM\..\Run: [etw38a37] RUNDLL32.EXE w027475b.dll,n 00338a3400000002027475b
O4 - HKLM\..\Run: [WinAntiVirusPro2006] C:\Program Files\WinAntiVirus Pro 2006\winav.exe /min
O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://www.drivecleaner.com/.freewar...eanerstart.cab
O23 - Service: Firewall service (FWSvc) - Unknown owner - C:\Program Files\WinAntiVirus Pro 2006\FWSvc.exe (file missing)

Close all browsers and other windows except for HijackThis!, and click "Fix Checked".

Navigate to and delete the following folder:

C:\Program Files\WinAntiVirus Pro 2006

copy and paste next command via start > run

sc delete FWSvc

Click okay


In Safe Mode, load Ewido and click on the Scanner tab at the top and then click on Complete System Scan. This scan can take quite a while to run, so be prepared.
Ewido will list any infections found on the left hand side. When the scan has finished, it will automatically set the recommended action. Click the Apply all actions button. Ewido will display "All actions have been applied" on the right hand side.
Click on "Save Report", then "Save Report As". This will create a text file. Make sure you know where to find this file again (like on the Desktop).
Restart back into Normal Mode.


In your reply, please post the Ewido report and a new HijackThis log. Please let me know hwo it's running. :)

Thanks,
tea

BHomeInc.
2006-08-29, 05:12
Thanks for your help, here is the second round of logs:

---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 9:50:17 PM 8/28/2006

+ Scan result:



C:\Documents and Settings\Vincent J. Bova\Cookies\vincent j. bova@2o7[5].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Vincent J. Bova\Cookies\vincent j. bova@edge.ru4[1].txt -> TrackingCookie.Ru4 : Cleaned with backup (quarantined).
C:\Documents and Settings\Vincent J. Bova\Cookies\vincent j. bova@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).


::Report end





HIJACK LOG:

Logfile of HijackThis v1.99.1
Scan saved at 10:11:37 PM, on 8/28/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Creative\VoiceCenter\AndreaVC.exe
C:\DOCUME~1\VINCEN~1.BOV\LOCALS~1\Temp\clclean.0001
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\PROGRA~1\PANICW~1\POP-UP~1\POPUPS~1.EXE
C:\Documents and Settings\Vincent J. Bova\Local Settings\Temp\Toolkit.exe
C:\Program Files\Namo\WebBoard\Bin\APMTool.exe
C:\Program Files\Namo\WebBoard\Server\mysql\bin\mysqld.exe
C:\Program Files\Namo\WebBoard\Server\apache\apache.exe
C:\Program Files\Namo\WebBoard\Server\apache\apache.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Vincent J. Bova\My Documents\My Downloads\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [MBMon] Rundll32 CTMBHA.DLL,MBMon
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [VoiceCenter] "C:\Program Files\Creative\VoiceCenter\AndreaVC.exe" /tray
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [EEventManager] C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [ToolKit] "C:\Program Files\SeagateToolkit\Toolkit.exe" -L -S /silent
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [PopUpStopperProfessional] "C:\PROGRA~1\PANICW~1\POP-UP~1\POPUPS~1.EXE"
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Namo APM Manager.lnk = C:\Program Files\Namo\WebBoard\Bin\APMTool.exe

BHomeInc.
2006-08-29, 05:13
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe


THanks again for all your efforts. I don't know ho to thank you.... I hope this is it... Let me know.

Regards,
Vincent J. Bova
BHomeInc.

teacup61
2006-08-29, 06:59
Hello Vincent,

You're welcome.:)

Looks like a clean log here. :)

I notice that you do not seem to be running Antivirus software or a Firewall. This is somewhat suicidal in today's digital world.
That's why I want you to install them!!

AVG (http://free.grisoft.com/freeweb.php/doc/2/), Avira (http://www.free-av.com/) OR Avast (http://www.avast.com/) are good FREE antivirus.Some good free firewalls are ZoneAlarm (http://www.zonelabs.com/store/content/catalog/products/sku_list_za.jsp?lid=dbtopnav_za), or Outpost (http://www.agnitum.com/products/outpostfree/download.php)
A tutorial on understanding and using firewalls may be found here (http://www.bleepingcomputer.com/forums/tutorial60.html).
Never install more than one antivirus scanner or firewall on your system! Several together can give you problems and decrease the reliability of it seriously!

Below I have included a number of recommendations on how to protect your computer in order to prevent future malware infections. Please take these recommendations seriously! These few simple steps can stave off the vast majority of spyware problems.

Regularly go to http://windowsupdate.microsoft.com and download all the "critical updates" for Windows, including the latest version of Internet Explorer. This can patch many of the security holes through which attackers can gain access to your computer. You should also turn on the Windows automatic update feature.

It is very important to maintain your Firewall.
A tutorial on understanding and using firewalls may be found here (http://www.bleepingcomputer.com/forums/tutorial60.html).

In order to protect yourself against spyware, you should consider installing and running the following free programs:

SpywareBlaster (http://www.javacoolsoftware.com/spywareblaster.html)
A tutorial on using SpywareBlaster to prevent spyware from ever installing on your computer may be found here (http://www.bleepingcomputer.com/forums/tutorial49.html).

SpywareGuard (http://www.javacoolsoftware.com/spywareguard.html)
A tutorial on using SpywareGuard for realtime protection against spyware and hijackers may be found here (http://www.bleepingcomputer.com/forums/tutorial50.html).

Ad-Aware SE (http://www.lavasoftusa.com/software/adaware)
A tutorial on using Ad-Aware to remove spyware from your computer may be found here (http://www.bleepingcomputer.com/forums/tutorial48.html).

A tutorial on using Spybot to remove spyware from your computer may be found here (http://www.bleepingcomputer.com/forums/tutorial43.html). Please also remember to enable Spybot's "Immunize" and "TeaTimer" features.

IE/Spyad:
It places over 5000 malicious websites and domains in your IE's restricted zone.
IE/Spyad (http://www.spywarewarrior.com/uiuc/resource.htm)

Make sure to keep these programs up-to-date and to run them regularly, as this can prevent a great deal of spyware hassle.

* Avoid illegal sites, because that's where most malware is present.
* Don't click on links inside popups.
* Don't click on links in spam messages claiming to offer anti-spyware software; because most of these so called removers ARE spyware.
* Download free software only from sites you know and trust. A lot of free software can bundle other software, including spyware.

Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in popup blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from here:
http://www.mozilla.org/products/firefox/

Please make sure to run your antivirus software regularly, and to keep it up-to-date.

Take care!
tea

tashi
2006-09-03, 00:54
As the problem appears to be resolved this topic has been archived. :)

If you need it re-opened please send me or your helper a private message (pm) and provide a link to the thread; this applies only to the original topic starter.

Glad we could help, cheers.