0

My search engines have been giving me redirected results Please take a look at my HJT log Thank You

Logfile of HijackThis v1.99.1
Scan saved at 1:14:39 AM, on 12/20/2006
Platform : Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\Program Files\Norton Internet Security\Norton AntiVirus \navapsvc.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
C:\Program Files\HP\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
c:\windows\system\hpsysdrv.exe
c:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Compaq_Owner\My Documents\Fix\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TY...RIO&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TY...RIO&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TY...RIO&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TY...RIO&pf=desktop
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - c:\Program Files\Norton Internet Security \Norton AntiVirus\NavShExt.dll
O2 - BHO: HpWebHelper - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN= Hewlett-Packard ,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [ HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\HP\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe" -start
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: ReSchedHPSU.lnk = C:\hp\bin\CLOAKER.EXE
O8 - Extra context menu item: Add To Compaq Organize... - C:\PROGRA~1\HEWLET~1\COMPAQ~1\bin/module.main/favorites\ie_add_to.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O17 - HKLM\System\CCS\Services\Tcpip\..\{80443072-5384-4D29-A197-604ECE8884D8}: NameServer = 85.255.116.164,85.255.112.112
O17 - HKLM\System\CCS\Services\Tcpip\..\{9BA0A8FD-1333-4C07-AFAB-138EFD575599}: NameServer = 85.255.116.164,85.255.112.112
O17 - HKLM\System\CCS\Services\Tcpip\..\{C55FDA9D-75CB-4F59-9101-F51BB8DD5DDA}: NameServer = 85.255.116.164 85.255.112.112
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.164 85.255.112.112
O17 - HKLM\System\CS1\Services\Tcpip\..\{80443072-5384-4D29-A197-604ECE8884D8}: NameServer = 85.255.116.164,85.255.112.112
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.164 85.255.112.112
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

2
Contributors
6
Replies
7
Views
10 Years
Discussion Span
Last Post by PhilliePhan
0

My search engines have been giving me redirected results Please take a look at my HJT log Thank You

Hi Googen,

These are essentially the same instructions I posted for another poster with the same problem. Be sure to follow them exactly!

Anyhoo, here we go:
Please relocate HijackThis to a safer location. Most Forum volunteers expect to find it at C:\Program Files\HijackThis or C:\HijackThis.
If you are unable to move it on your own, please do the following:

FIRST: DELETE your current copy of HijackThis.
THEN: Download a fresh HijackThis from http://downloads.malwareremoval.com/hijackthis_sfx.exe

Save the setup file on your desktop.
Then, DoubleClick on it and by default it should install to C:\Program Files\HijackThis
Continue through the setup and allow it to create a desktop icon for you. Follow all the prompts, click Finish and just leave it for now.

NOW, on to the fix:

You may want to print out these instructions for reference, since you will have to restart your computer during the fix. Please download FixWareout from one of these sites:
http://downloads.subratam.org/Fixwareout.exe
http://www.bleepingcomputer.com/files/lonny/Fixwareout.exe

Save it to your desktop and run it.
Click Next, then Install, make sure "Run fixit" is checked and click Finish.

The fix will begin; follow the prompts. You will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal. When your system reboots, follow the prompts. Afterwards, HijackThis will launch (If Hijackthis does not launch then please start it yourself).

Please Scan with HJT, and check the boxes for the following items:

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O17 - HKLM\System\CCS\Services\Tcpip\..\{80443072-5384-4D29-A197-604ECE8884D8}: NameServer = 85.255.116.164,85.255.112.112
O17 - HKLM\System\CCS\Services\Tcpip\..\{9BA0A8FD-1333-4C07-AFAB-138EFD575599}: NameServer = 85.255.116.164,85.255.112.112
O17 - HKLM\System\CCS\Services\Tcpip\..\{C55FDA9D-75CB-4F59-9101-F51BB8DD5DDA}: NameServer = 85.255.116.164 85.255.112.112
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.164 85.255.112.112
O17 - HKLM\System\CS1\Services\Tcpip\..\{80443072-5384-4D29-A197-604ECE8884D8}: NameServer = 85.255.116.164,85.255.112.112
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.164 85.255.112.112

Be sure All Browser Windows are Closed and then Click Fix Checked.

NEXT:
Click Start > Run > type CMD > Enter
Type or Copy&Paste: ipconfig /flushdns > Press Enter
(Be sure to leave the space between the g and the / )

THEN:
Please download HOSTER and Extract it to your Desktop.
Click the Restore Original Hosts Button and then click OK and exit HOSTER.

NEXT:
Please Update your Java here ---> http://www.java.com/en
Then, look in Add/Remove Programs and Remove ALL traces of any older Java versions!
If you do not uninstall ALL older versions, you may remain at risk for a number of baddies.

Download ATF-Cleaner.exe by Atribune to your Desktop.
-- Click on ATF-Cleaner to run it
-- Where it says Select Files To Delete, Check the Select All Option (if you don’t want it to clean cookies, set it accordingly)
-- Click Empty Selected > OK > EXIT
This will flush TEMP files, etc... as well as clean the Java Cache.

NEXT:
Please download and Install AVG Anti-Spyware v7.5

THEN:
RightClick the AVG Anti-Spy Icon in your system tray and do the following:
-- Uncheck Resident Shield
-- Uncheck Automatic Updates
-- Uncheck Start with Windows
* You can reset the above to their defaults AFTER your machine has been deemed “clean,” if you so desire. For now, we need them disabled.

Click Run online update and allow it to run until you see the Update Successful message. If you are unable to do this, please let me know.

NOW, run a full scan:

-- Click on the Scanner button and choose the Settings Tab.
---> Under How to act?, click on Recommended action and choose Quarantine to set default action for detected malware.
--->Under Reports make sure Automatically generate report after every scan is selected and UNCHECK the Only if threats were found box.
-- Leave everything else at their default settings and Select the Scan tab and CLICK Complete System Scan to scan your machine.
-- Upon completion of the scan, Click Apply all actions to place any detected baddies in Quarantine.
-- AFTER clicking Apply all actions, Click on Save Report and select Save the report to your Desktop where you can find it easily.

LASTLY: Please locate c:\fixwareout\report.txt and post it here along with Fresh HijackThis Scanlog and the AVG Anti-Spy Log and we'll go from there.


Best Luck :)
PP

0

I did everything that you said and this is what I got. Fixwareout Last edited 1/1/2006 Post this report in the forums please ... Prerun check »»»»» HKLM run and Winlogon System values C:\WINDOWS\system32\kdbuz.exe will be moved to C:\WINDOWS\temp\kdbuz.ren at reboot. »»»»» ... Reg Entries that were deleted ... Random Runs removed from HKLM ... PLEASE NOTE, There WILL be LEGITIMATE FILES LISTED. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE. »»»»» Searching by size/names... »»»»» Search five digit cs, dm kd and jb files. This WILL/CAN also list Legit Files, Submit them at Virustotal Other suspects. »»»»» Misc files. »»»»» Checking for older varients covered by the Rem3 tool. »»»»» Postrun check »»»»» HKLM run »»»»» Winlogon System value "system"="" »»»»» Logfile of HijackThis v1.99.1 Scan saved at 12:46:22 PM, on 1/5/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0011) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\tcpsvcs.exe C:\WINDOWS\System32\snmp.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe C:\Program Files\HP\Digital Imaging\bin\hpotdd01.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Windows Defender\MSASCui.exe C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Philips\Philips Device Manager\Bin\DeviceManager.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Philips\Philips Lime Service\bin\LimeAlive.exe C:\Program Files\Philips\Philips Lime Service\bin\Lime.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe c:\windows\system\hpsysdrv.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\HijackThis\HijackThis.exe --------------------------------------------------------- AVG Anti-Spyware - Scan Report --------------------------------------------------------- + Created at: 2:28:16 AM 1/5/2007 + Scan result: :mozilla.138:C:\Documents and Settings\Erica\Application Data\Mozilla\Firefox\Profiles\nyu1igbo.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.139:C:\Documents and Settings\Erica\Application Data\Mozilla\Firefox\Profiles\nyu1igbo.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.140:C:\Documents and Settings\Erica\Application Data\Mozilla\Firefox\Profiles\nyu1igbo.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.141:C:\Documents and Settings\Erica\Application Data\Mozilla\Firefox\Profiles\nyu1igbo.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.267:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\z5afpwnn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.31:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\z5afpwnn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.32:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\z5afpwnn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.33:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\z5afpwnn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.34:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\z5afpwnn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.81:C:\Documents and Settings\Daddy\Application Data\Mozilla\Firefox\Profiles\l2s7nlt9.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.82:C:\Documents and Settings\Daddy\Application Data\Mozilla\Firefox\Profiles\l2s7nlt9.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.83:C:\Documents and Settings\Daddy\Application Data\Mozilla\Firefox\Profiles\l2s7nlt9.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.84:C:\Documents and Settings\Daddy\Application Data\Mozilla\Firefox\Profiles\l2s7nlt9.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.203:C:\Documents and Settings\Erica\Application Data\Mozilla\Firefox\Profiles\nyu1igbo.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned. :mozilla.204:C:\Documents and Settings\Erica\Application Data\Mozilla\Firefox\Profiles\nyu1igbo.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned. :mozilla.29:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\z5afpwnn.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned. :mozilla.30:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\z5afpwnn.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned. :mozilla.113:C:\Documents and Settings\Erica\Application Data\Mozilla\Firefox\Profiles\nyu1igbo.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned. :mozilla.114:C:\Documents and Settings\Erica\Application Data\Mozilla\Firefox\Profiles\nyu1igbo.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned. :mozilla.115:C:\Documents and Settings\Erica\Application Data\Mozilla\Firefox\Profiles\nyu1igbo.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned. :mozilla.116:C:\Documents and Settings\Erica\Application Data\Mozilla\Firefox\Profiles\nyu1igbo.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned. :mozilla.117:C:\Documents and Settings\Erica\Application Data\Mozilla\Firefox\Profiles\nyu1igbo.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned. :mozilla.118:C:\Documents and Settings\Erica\Application Data\Mozilla\Firefox\Profiles\nyu1igbo.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned. :mozilla.226:C:\Documents and Settings\Erica\Application Data\Mozilla\Firefox\Profiles\nyu1igbo.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned. :mozilla.10:C:\Documents and Settings\Erica\Application Data\Mozilla\Firefox\Profiles\nyu1igbo.default\cookies.txt -> TrackingCookie.Advertising : Cleaned. :mozilla.49:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\z5afpwnn.default\cookies.txt -> TrackingCookie.Advertising : Cleaned. :mozilla.50:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\z5afpwnn.default\cookies.txt -> TrackingCookie.Advertising : Cleaned. :mozilla.51:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\z5afpwnn.default\cookies.txt -> TrackingCookie.Advertising : Cleaned. :mozilla.52:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\z5afpwnn.default\cookies.txt -> TrackingCookie.Advertising : Cleaned. :mozilla.53:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\z5afpwnn.default\cookies.txt -> TrackingCookie.Advertising : Cleaned. :mozilla.60:C:\Documents and Settings\Daddy\Application Data\Mozilla\Firefox\Profiles\l2s7nlt9.default\cookies.txt -> TrackingCookie.Advertising : Cleaned. :mozilla.61:C:\Documents and Settings\Daddy\Application Data\Mozilla\Firefox\Profiles\l2s7nlt9.default\cookies.txt -> TrackingCookie.Advertising : Cleaned. :mozilla.62:C:\Documents and Settings\Daddy\Application Data\Mozilla\Firefox\Profiles\l2s7nlt9.default\cookies.txt -> TrackingCookie.Advertising : Cleaned. :mozilla.63:C:\Documents and Settings\Daddy\Application Data\Mozilla\Firefox\Profiles\l2s7nlt9.default\cookies.txt -> TrackingCookie.Advertising : Cleaned. :mozilla.6:C:\Documents and Settings\Erica\Application Data\Mozilla\Firefox\Profiles\nyu1igbo.default\cookies.txt -> TrackingCookie.Advertising : Cleaned. :mozilla.7:C:\Documents and Settings\Erica\Application Data\Mozilla\Firefox\Profiles\nyu1igbo.default\cookies.txt -> TrackingCookie.Advertising : Cleaned. :mozilla.8:C:\Documents and Settings\Erica\Application Data\Mozilla\Firefox\Profiles\nyu1igbo.default\cookies.txt -> TrackingCookie.Advertising : Cleaned. :mozilla.9:C:\Documents and Settings\Erica\Application Data\Mozilla\Firefox\Profiles\nyu1igbo.default\cookies.txt -> TrackingCookie.Advertising : Cleaned. :mozilla.12:C:\Documents and Settings\Daddy\Application Data\Mozilla\Firefox\Profiles\l2s7nlt9.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned. :mozilla.36:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\z5afpwnn.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned. :mozilla.63:C:\Documents and Settings\Erica\Application Data\Mozilla\Firefox\Profiles\nyu1igbo.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned. :mozilla.73:C:\Documents and Settings\Erica\Application Data\Mozilla\Firefox\Profiles\nyu1igbo.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned. :mozilla.181:C:\Documents and Settings\Erica\Application Data\Mozilla\Firefox\Profiles\nyu1igbo.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned. :mozilla.171:C:\Documents and Settings\Daddy\Application Data\Mozilla\Firefox\Profiles\l2s7nlt9.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned. :mozilla.172:C:\Documents and Settings\Daddy\Application Data\Mozilla\Firefox\Profiles\l2s7nlt9.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned. :mozilla.173:C:\Documents and Settings\Daddy\Application Data\Mozilla\Firefox\Profiles\l2s7nlt9.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned. :mozilla.213:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\z5afpwnn.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned. :mozilla.214:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\z5afpwnn.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned. :mozilla.215:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\z5afpwnn.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned. :mozilla.216:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\z5afpwnn.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned. :mozilla.217:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\z5afpwnn.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned. :mozilla.218:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\z5afpwnn.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned. :mozilla.29:C:\Documents and Settings\Erica\Application Data\Mozilla\Firefox\Profiles\nyu1igbo.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned. :mozilla.30:C:\Documents and Settings\Erica\Application Data\Mozilla\Firefox\Profiles\nyu1igbo.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned. :mozilla.31:C:\Documents and Settings\Erica\Application Data\Mozilla\Firefox\Profiles\nyu1igbo.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned. :mozilla.32:C:\Documents and Settings\Erica\Application Data\Mozilla\Firefox\Profiles\nyu1igbo.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned. :mozilla.33:C:\Documents and Settings\Erica\Application Data\Mozilla\Firefox\Profiles\nyu1igbo.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned. :mozilla.34:C:\Documents and Settings\Erica\Application Data\Mozilla\Firefox\Profiles\nyu1igbo.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned. :mozilla.35:C:\Documents and Settings\Erica\Application Data\Mozilla\Firefox\Profiles\nyu1igbo.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned. :mozilla.36:C:\Documents and Settings\Erica\Application Data\Mozilla\Firefox\Profiles\nyu1igbo.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned. :mozilla.13:C:\Documents and Settings\Daddy\Application Data\Mozilla\Firefox\Profiles\l2s7nlt9.default\cookies.txt -> TrackingCookie.Com : Cleaned. :mozilla.160:C:\Documents and Settings\Erica\Application Data\Mozilla\Firefox\Profiles\nyu1igbo.default\cookies.txt -> TrackingCookie.Com : Cleaned. :mozilla.271:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\z5afpwnn.default\cookies.txt -> TrackingCookie.Com : Cleaned. :mozilla.150:C:\Documents and Settings\Daddy\Application Data\Mozilla\Firefox\Profiles\l2s7nlt9.default\cookies.txt -> TrackingCookie.Coremetrics : Cleaned. :mozilla.150:C:\Documents and Settings\Erica\Application Data\Mozilla\Firefox\Profiles\nyu1igbo.default\cookies.txt -> TrackingCookie.Coremetrics : Cleaned. :mozilla.37:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\z5afpwnn.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned. :mozilla.59:C:\Documents and Settings\Daddy\Application Data\Mozilla\Firefox\Profiles\l2s7nlt9.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned. :mozilla.59:C:\Documents and Settings\Erica\Application Data\Mozilla\Firefox\Profiles\nyu1igbo.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned. :mozilla.132:C:\Documents and Settings\Erica\Application Data\Mozilla\Firefox\Profiles\nyu1igbo.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned. :mozilla.196:C:\Documents and Settings\Daddy\Application Data\Mozilla\Firefox\Profiles\l2s7nlt9.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned. :mozilla.204:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\z5afpwnn.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned. :mozilla.69:C:\Documents and Settings\Daddy\Application Data\Mozilla\Firefox\Profiles\l2s7nlt9.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned. :mozilla.75:C:\Documents and Settings\Erica\Application Data\Mozilla\Firefox\Profiles\nyu1igbo.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned. :mozilla.76:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\z5afpwnn.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned. :mozilla.76:C:\Documents and Settings\Erica\Application Data\Mozilla\Firefox\Profiles\nyu1igbo.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned. :mozilla.77:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\z5afpwnn.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned. :mozilla.78:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\z5afpwnn.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned. :mozilla.79:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\z5afpwnn.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned. :mozilla.80:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\z5afpwnn.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned. :mozilla.81:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\z5afpwnn.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned. :mozilla.82:C:\Documents and Settings\Erica\Application Data\Mozilla\Firefox\Profiles\nyu1igbo.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned. :mozilla.83:C:\Documents and Settings\Erica\Application Data\Mozilla\Firefox\Profiles\nyu1igbo.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned. :mozilla.19:C:\Documents and Settings\Daddy\Application Data\Mozilla\Firefox\Profiles\l2s7nlt9.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned. :mozilla.118:C:\Documents and Settings\Daddy\Application Data\Mozilla\Firefox\Profiles\l2s7nlt9.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned. :mozilla.119:C:\Documents and Settings\Daddy\Application Data\Mozilla\Firefox\Profiles\l2s7nlt9.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned. :mozilla.121:C:\Documents and Settings\Daddy\Application Data\Mozilla\Firefox\Profiles\l2s7nlt9.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned. :mozilla.123:C:\Documents and Settings\Daddy\Application Data\Mozilla\Firefox\Profiles\l2s7nlt9.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned. :mozilla.124:C:\Documents and Settings\Daddy\Application Data\Mozilla\Firefox\Profiles\l2s7nlt9.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned. :mozilla.125:C:\Documents and Settings\Daddy\Application Data\Mozilla\Firefox\Profiles\l2s7nlt9.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned. :mozilla.157:C:\Documents and Settings\Erica\Application Data\Mozilla\Firefox\Profiles\nyu1igbo.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned. :mozilla.158:C:\Documents and Settings\Erica\Application Data\Mozilla\Firefox\Profiles\nyu1igbo.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned. :mozilla.311:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\z5afpwnn.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned. :mozilla.322:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\z5afpwnn.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned. :mozilla.67:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\z5afpwnn.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned. :mozilla.68:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\z5afpwnn.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned. :mozilla.69:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\z5afpwnn.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned. :mozilla.186:C:\Documents and Settings\Erica\Application Data\Mozilla\Firefox\Profiles\nyu1igbo.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned. :mozilla.187:C:\Documents and Settings\Erica\Application Data\Mozilla\Firefox\Profiles\nyu1igbo.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned. :mozilla.132:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\z5afpwnn.default\cookies.txt -> TrackingCookie.Masterstats : Cleaned. :mozilla.141:C:\Documents and Settings\Daddy\Application Data\Mozilla\Firefox\Profiles\l2s7nlt9.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned. :mozilla.68:C:\Documents and Settings\Erica\Application Data\Mozilla\Firefox\Profiles\nyu1igbo.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned. :mozilla.149:C:\Documents and Settings\Erica\Application Data\Mozilla\Firefox\Profiles\nyu1igbo.default\cookies.txt -> TrackingCookie.Overture : Cleaned. :mozilla.14:C:\Documents and Settings\Daddy\Application Data\Mozilla\Firefox\Profiles\l2s7nlt9.default\cookies.txt -> TrackingCookie.Overture : Cleaned. :mozilla.231:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\z5afpwnn.default\cookies.txt -> TrackingCookie.Overture : Cleaned. :mozilla.145:C:\Documents and Settings\Daddy\Application Data\Mozilla\Firefox\Profiles\l2s7nlt9.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned. :mozilla.146:C:\Documents and Settings\Daddy\Application Data\Mozilla\Firefox\Profiles\l2s7nlt9.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned. :mozilla.147:C:\Documents and Settings\Daddy\Application Data\Mozilla\Firefox\Profiles\l2s7nlt9.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned. :mozilla.148:C:\Documents and Settings\Daddy\Application Data\Mozilla\Firefox\Profiles\l2s7nlt9.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned. :mozilla.149:C:\Documents and Settings\Daddy\Application Data\Mozilla\Firefox\Profiles\l2s7nlt9.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned. :mozilla.222:C:\Documents and Settings\Erica\Application Data\Mozilla\Firefox\Profiles\nyu1igbo.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned. :mozilla.223:C:\Documents and Settings\Erica\Application Data\Mozilla\Firefox\Profiles\nyu1igbo.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned. :mozilla.224:C:\Documents and Settings\Erica\Application Data\Mozilla\Firefox\Profiles\nyu1igbo.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned. :mozilla.225:C:\Documents and Settings\Erica\Application Data\Mozilla\Firefox\Profiles\nyu1igbo.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned. :mozilla.146:C:\Documents and Settings\Erica\Application Data\Mozilla\Firefox\Profiles\nyu1igbo.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned. :mozilla.147:C:\Documents and Settings\Erica\Application Data\Mozilla\Firefox\Profiles\nyu1igbo.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned. :mozilla.148:C:\Documents and Settings\Erica\Application Data\Mozilla\Firefox\Profiles\nyu1igbo.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned. :mozilla.211:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\z5afpwnn.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned. :mozilla.212:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\z5afpwnn.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned. :mozilla.119:C:\Documents and Settings\Erica\Application Data\Mozilla\Firefox\Profiles\nyu1igbo.default\cookies.txt -> TrackingCookie.Revenue : Cleaned. :mozilla.233:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\z5afpwnn.default\cookies.txt -> TrackingCookie.Revenue : Cleaned. :mozilla.223:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\z5afpwnn.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned. :mozilla.224:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\z5afpwnn.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned. :mozilla.225:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\z5afpwnn.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned. :mozilla.226:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\z5afpwnn.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned. :mozilla.70:C:\Documents and Settings\Daddy\Application Data\Mozilla\Firefox\Profiles\l2s7nlt9.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned. :mozilla.71:C:\Documents and Settings\Daddy\Application Data\Mozilla\Firefox\Profiles\l2s7nlt9.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned. :mozilla.72:C:\Documents and Settings\Daddy\Application Data\Mozilla\Firefox\Profiles\l2s7nlt9.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned. :mozilla.73:C:\Documents and Settings\Daddy\Application Data\Mozilla\Firefox\Profiles\l2s7nlt9.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned. :mozilla.74:C:\Documents and Settings\Daddy\Application Data\Mozilla\Firefox\Profiles\l2s7nlt9.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned. :mozilla.85:C:\Documents and Settings\Daddy\Application Data\Mozilla\Firefox\Profiles\l2s7nlt9.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned. :mozilla.260:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\z5afpwnn.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned. :mozilla.138:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\z5afpwnn.default\cookies.txt -> TrackingCookie.Targetnet : Cleaned. :mozilla.139:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\z5afpwnn.default\cookies.txt -> TrackingCookie.Targetnet : Cleaned. :mozilla.17:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\z5afpwnn.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned. :mozilla.18:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\z5afpwnn.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned. :mozilla.19:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\z5afpwnn.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned. :mozilla.20:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\z5afpwnn.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned. :mozilla.21:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\z5afpwnn.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned. :mozilla.22:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\z5afpwnn.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned. :mozilla.23:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\z5afpwnn.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned. :mozilla.24:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\z5afpwnn.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned. :mozilla.25:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\z5afpwnn.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned. :mozilla.41:C:\Documents and Settings\Erica\Application Data\Mozilla\Firefox\Profiles\nyu1igbo.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned. :mozilla.43:C:\Documents and Settings\Erica\Application Data\Mozilla\Firefox\Profiles\nyu1igbo.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned. :mozilla.44:C:\Documents and Settings\Erica\Application Data\Mozilla\Firefox\Profiles\nyu1igbo.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned. :mozilla.45:C:\Documents and Settings\Erica\Application Data\Mozilla\Firefox\Profiles\nyu1igbo.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned. :mozilla.57:C:\Documents and Settings\Daddy\Application Data\Mozilla\Firefox\Profiles\l2s7nlt9.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned. :mozilla.58:C:\Documents and Settings\Daddy\Application Data\Mozilla\Firefox\Profiles\l2s7nlt9.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned. :mozilla.177:C:\Documents and Settings\Erica\Application Data\Mozilla\Firefox\Profiles\nyu1igbo.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned. :mozilla.182:C:\Documents and Settings\Erica\Application Data\Mozilla\Firefox\Profiles\nyu1igbo.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned. :mozilla.167:C:\Documents and Settings\Daddy\Application Data\Mozilla\Firefox\Profiles\l2s7nlt9.default\cookies.txt -> TrackingCookie.Vortexmediagroup : Cleaned. :mozilla.193:C:\Documents and Settings\Erica\Application Data\Mozilla\Firefox\Profiles\nyu1igbo.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned. :mozilla.194:C:\Documents and Settings\Erica\Application Data\Mozilla\Firefox\Profiles\nyu1igbo.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned. :mozilla.195:C:\Documents and Settings\Erica\Application Data\Mozilla\Firefox\Profiles\nyu1igbo.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned. :mozilla.196:C:\Documents and Settings\Erica\Application Data\Mozilla\Firefox\Profiles\nyu1igbo.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned. :mozilla.197:C:\Documents and Settings\Erica\Application Data\Mozilla\Firefox\Profiles\nyu1igbo.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned. :mozilla.135:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\z5afpwnn.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned. :mozilla.136:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\z5afpwnn.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned. :mozilla.137:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\z5afpwnn.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned. :mozilla.67:C:\Documents and Settings\Daddy\Application Data\Mozilla\Firefox\Profiles\l2s7nlt9.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned. :mozilla.68:C:\Documents and Settings\Daddy\Application Data\Mozilla\Firefox\Profiles\l2s7nlt9.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned. :mozilla.74:C:\Documents and Settings\Erica\Application Data\Mozilla\Firefox\Profiles\nyu1igbo.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned. :mozilla.77:C:\Documents and Settings\Erica\Application Data\Mozilla\Firefox\Profiles\nyu1igbo.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned. :mozilla.78:C:\Documents and Settings\Erica\Application Data\Mozilla\Firefox\Profiles\nyu1igbo.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned. :mozilla.79:C:\Documents and Settings\Erica\Application Data\Mozilla\Firefox\Profiles\nyu1igbo.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned. :mozilla.80:C:\Documents and Settings\Erica\Application Data\Mozilla\Firefox\Profiles\nyu1igbo.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned. :mozilla.81:C:\Documents and Settings\Erica\Application Data\Mozilla\Firefox\Profiles\nyu1igbo.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned. :mozilla.129:C:\Documents and Settings\Daddy\Application Data\Mozilla\Firefox\Profiles\l2s7nlt9.default\cookies.txt -> TrackingCookie.Zedo : Cleaned. :mozilla.178:C:\Documents and Settings\Erica\Application Data\Mozilla\Firefox\Profiles\nyu1igbo.default\cookies.txt -> TrackingCookie.Zedo : Cleaned. :mozilla.179:C:\Documents and Settings\Erica\Application Data\Mozilla\Firefox\Profiles\nyu1igbo.default\cookies.txt -> TrackingCookie.Zedo : Cleaned. :mozilla.180:C:\Documents and Settings\Erica\Application Data\Mozilla\Firefox\Profiles\nyu1igbo.default\cookies.txt -> TrackingCookie.Zedo : Cleaned. ::Report end I think that's all of it

0

That looks better, but it is a bit hard to read. You must've had word wrap on or something similar. . .. . .

Anyhoo, how are things running now?

-- Looks like you have a couple different User Accounts on that machine. Please give me a Fresh HJT log for EACH account.


PP :)

0

i've started to use firefox to avoid the problems with IE7. I just tried IE7 though and the search engine problem is gone. I am unable to run HJT on all user accounts right now since they are password protected and they are not available right now. I will post as soon as I can. Thank you for all of your help so far. I really appreciate it.

0

Here are all of the HJT logs for all the user accounts. User Account 1 Logfile of HijackThis v1.99.1 Scan saved at 4:34:44 PM, on 1/5/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0011) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\tcpsvcs.exe C:\WINDOWS\System32\snmp.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe C:\Program Files\HP\Digital Imaging\bin\hpotdd01.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Windows Defender\MSASCui.exe C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Philips\Philips Device Manager\Bin\DeviceManager.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Philips\Philips Lime Service\bin\LimeAlive.exe C:\Program Files\Philips\Philips Lime Service\bin\Lime.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe c:\windows\system\hpsysdrv.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PRESARIO&pf=desktop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PRESARIO&pf=desktop R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PRESARIO&pf=desktop R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PRESARIO&pf=desktop O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O2 - BHO: HpWebHelper - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\HP\Digital Imaging\bin\hpotdd01.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe" -start O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [PhilipsDM] "C:\Program Files\Philips\Philips Device Manager\Bin\DeviceManager.exe" O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [PhilipsLime] "C:\Program Files\Philips\Philips Lime Service\bin\LimeAlive.exe" O4 - Global Startup: ReSchedHPSU.lnk = C:\hp\bin\CLOAKER.EXE O8 - Extra context menu item: Add To Compaq Organize... - C:\PROGRA~1\HEWLET~1\COMPAQ~1\bin/module.main/favorites\ie_add_to.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O17 - HKLM\System\CCS\Services\Tcpip\..\{C55FDA9D-75CB-4F59-9101-F51BB8DD5DDA}: NameServer = 85.255.116.164 85.255.112.112 O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe User Account 2 Logfile of HijackThis v1.99.1 Scan saved at 4:00:07 PM, on 1/5/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0011) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\tcpsvcs.exe C:\WINDOWS\System32\snmp.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe C:\Program Files\HP\Digital Imaging\bin\hpotdd01.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Windows Defender\MSASCui.exe C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe C:\Program Files\Philips\Philips Device Manager\Bin\DeviceManager.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\WINDOWS\system32\ctfmon.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe C:\Program Files\HijackThis\HijackThis.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe c:\windows\system\hpsysdrv.exe C:\Program Files\iTunes\iTunesHelper.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PRESARIO&pf=desktop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PRESARIO&pf=desktop R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PRESARIO&pf=desktop R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PRESARIO&pf=desktop O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O2 - BHO: HpWebHelper - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\HP\Digital Imaging\bin\hpotdd01.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe" -start O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [PhilipsDM] "C:\Program Files\Philips\Philips Device Manager\Bin\DeviceManager.exe" O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - Global Startup: ReSchedHPSU.lnk = C:\hp\bin\CLOAKER.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe User Account 3 Logfile of HijackThis v1.99.1 Scan saved at 4:01:03 PM, on 1/5/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0011) Running processes: C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe C:\Program Files\Windows Defender\MSASCui.exe C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Philips\Philips Device Manager\Bin\DeviceManager.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe c:\windows\system\hpsysdrv.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PRESARIO&pf=desktop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PRESARIO&pf=desktop R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PRESARIO&pf=desktop R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PRESARIO&pf=desktop O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O2 - BHO: HpWebHelper - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\HP\Digital Imaging\bin\hpotdd01.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe" -start O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [PhilipsDM] "C:\Program Files\Philips\Philips Device Manager\Bin\DeviceManager.exe" O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: ReSchedHPSU.lnk = C:\hp\bin\CLOAKER.EXE O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

0

I really have a hard time reading that - Be sure to turn off "Word Wrap" in Notepad when you save the logs.

Account # 2 looks OK, but you should run the same procedure we did before on Acct.#1

-- It might even be best to redo Acct.# 2 as well. Get them one right after the other!

-- When you do the fix with HJT, fix ONLY these entries, if they exist --> O17 - HKLM\System\CCS\Services\Tcpip\..\{C55FDA9D-75CB-4F59-9101-F51BB8DD5DDA}: NameServer = 85.255.116.164 85.255.112.112

If anything else remains, we'll deal with it once I get a readable HJT log.

Hang in there - this procedure is 90% effective in removing this baddie...

Best Luck :)
PP

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.