Help - Search - Members - Calendar
Full Version: HjT Logfile~Pandy
Gladiator Security Forum > Malware Help Forum > HELP! Think you are Infected?
pandy
Mar 2 2006, 05:39 PM
Greetings Bobbi,
I have completed the Vundo fix by Atri. Also the Ewido Scan. Here is my sister's Hjt Logfile as per your instructions. There is no hurry as I have to run unexpectedly. Thank You for you previous help Bobbi. I hope I have done well.

Logfile of HijackThis v1.99.1
Scan saved at 12:34:21 PM, on 3/2/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Common Files\AOL\1132193613\ee\AOLSoftware.exe
C:\Program Files\iTunes\iTunesHelper.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\AOLCOM~2\ACCAgnt.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
c:\program files\common files\aol\1132193613\ee\services\antiSpywareApp\ver2_0_7\AOLSP Scheduler.exe
c:\program files\common files\aol\1132193613\ee\aolsoftware.exe
C:\Program Files\America Online 9.0\waol.exe
C:\Program Files\America Online 9.0\shellmon.exe
C:\Program Files\Common Files\Aol\aoltpspd.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywaybiz
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.myway.com/search/de_srchlft.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://as.starware.com/dp/search?x=wKX1ILE...VxBi3BNkPNJ8VpH
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {07a66875-05c8-485c-bb79-cd0d823bd3d8} - C:\WINDOWS\system32\ivngjwuv.dll
O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MyWebSearch Email Plugin]
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1132193613\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AOLCC] "C:\PROGRA~1\AOLCOM~2\ACCAgnt.exe" /startup
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [UltimateBuddy] C:\Program Files\UltimateBuddy\UltimateBuddy.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZCxdm528YYUS
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Program Files\Titan Poker\-- Look for another playground --.exe
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Program Files\Titan Poker\-- Look for another playground --.exe
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\AIM95_c0\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Absolute Poker - {EFFF8D47-D060-4108-B761-E8EC86622E56} - C:\Documents and Settings\All Users\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra 'Tools' menuitem: Absolute Poker - {EFFF8D47-D060-4108-B761-E8EC86622E56} - C:\Documents and Settings\All Users\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwe...tup1.0.0.15.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} (AOL Content Update) - http://esupport.aol.com/help/acp2/engine/aolcoach_core_1.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} (InstallShield Setup Player 2K2) - http://www.jetsetpoker.com/setup.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - https://objects.aol.com/mcafee/molbin/share...83/mcinsctl.cab
O16 - DPF: {AED98630-0251-4E83-917D-43A23D66D507} (Download Helper Class) - http://activex.microgaming.com/DLHelper/ve...n7/DLHelper.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - https://objects.aol.com/mcafee/molbin/share...,20/McGDMgr.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://fortuneroom.microgaming.com/fortuneroom/FlashAX.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{454A7AB9-3777-46DE-91CC-387CD115DF61}: NameServer = 205.188.146.145
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

And Then The Ewido Scan File

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 12:04:47 PM, 3/2/2006
+ Report-Checksum: 28398750

+ Scan result:

HKLM\SOFTWARE\Classes\CLSID\{EFDAC3FE-F44A-4030-8589-1E23BC6573D5} -> Hijacker.Morwillsearch : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EFDAC3FE-F44A-4030-8589-1E23BC6573D5} -> Hijacker.Morwillsearch : Cleaned with backup
C:\Documents and Settings\All Users\Application Data\Starware -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\All Users\Application Data\Starware\buttons -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\All Users\Application Data\Starware\buttons\cursorcafe.bmp -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\All Users\Application Data\Starware\buttons\cursorcafeA.bmp -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\All Users\Application Data\Starware\buttons\games.bmp -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\All Users\Application Data\Starware\buttons\gamesA.bmp -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\All Users\Application Data\Starware\buttons\screensaver.bmp -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\All Users\Application Data\Starware\buttons\screensaverA.bmp -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\All Users\Application Data\Starware\contexts -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\All Users\Application Data\Starware\contexts\error.xml -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\All Users\Application Data\Starware\contexts\related.xml -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\All Users\Application Data\Starware\contexts\travel.xml -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\All Users\Application Data\Starware\contexts\Travel.xml.backup -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\All Users\Application Data\Starware\SimpleUpdate -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\All Users\Application Data\Starware\SimpleUpdate\ProductMessagingConfig.xml -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\All Users\Application Data\Starware\SimpleUpdate\ProductMessagingConfig.xml.backup -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\All Users\Application Data\Starware\SimpleUpdate\SimpleUpdateConfig.xml -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\All Users\Application Data\Starware\SimpleUpdate\SimpleUpdateConfig.xml.backup -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\All Users\Application Data\Starware\SimpleUpdate\TimerManagerConfig.xml -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\All Users\Application Data\Starware\SimpleUpdate\TimerManagerConfig.xml.backup -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\Guest\Cookies\guest@2o7[2].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\LocalService\Application Data\Starware -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\LocalService\Application Data\Starware\BrowserSearch -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\LocalService\Application Data\Starware\BrowserSearch\BrowserSearch.xml -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\LocalService\Application Data\Starware\BrowserSearch\BrowserSearch.xml.backup -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\LocalService\Application Data\Starware\ErrorSearch -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\LocalService\Application Data\Starware\ErrorSearch\ErrorSearchOptions.xml -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\LocalService\Application Data\Starware\ErrorSearch\ErrorSearchOptions.xml.backup -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\LocalService\Application Data\Starware\Games -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\LocalService\Application Data\Starware\Games\GamesOptions.xml -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\LocalService\Application Data\Starware\Games\GamesOptions.xml.backup -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\LocalService\Application Data\Starware\Layouts -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\LocalService\Application Data\Starware\Layouts\PreferencesLayout.xml -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\LocalService\Application Data\Starware\Layouts\PreferencesLayout.xml.backup -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\LocalService\Application Data\Starware\Layouts\ToolbarLayout.xml -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\LocalService\Application Data\Starware\Layouts\ToolbarLayout.xml.backup -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\LocalService\Application Data\Starware\Manager -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\LocalService\Application Data\Starware\Manager\ManagerOptions.xml -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\LocalService\Application Data\Starware\Manager\ManagerOptions.xml.backup -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\LocalService\Application Data\Starware\PopupBlocker -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\LocalService\Application Data\Starware\PopupBlocker\PopupBlockerOptions.xml -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\LocalService\Application Data\Starware\PopupBlocker\PopupBlockerOptions.xml.backup -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\LocalService\Application Data\Starware\Reference -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\LocalService\Application Data\Starware\Reference\ReferenceOptions.xml -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\LocalService\Application Data\Starware\Reference\ReferenceOptions.xml.backup -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\LocalService\Application Data\Starware\RelatedSearch -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\LocalService\Application Data\Starware\RelatedSearch\RelatedSearchOptions.xml -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\LocalService\Application Data\Starware\RelatedSearch\RelatedSearchOptions.xml.backup -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\LocalService\Application Data\Starware\Screensavers -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\LocalService\Application Data\Starware\Screensavers\ScreensaversOptions.xml -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\LocalService\Application Data\Starware\Screensavers\ScreensaversOptions.xml.backup -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\LocalService\Application Data\Starware\ScreensaversMarketingSitePager -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\LocalService\Application Data\Starware\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\LocalService\Application Data\Starware\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml.backup -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\LocalService\Application Data\Starware\SearchAssistPlus -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\LocalService\Application Data\Starware\SearchAssistPlus\SearchAssistPlusOptions.xml -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\LocalService\Application Data\Starware\SearchAssistPlus\SearchAssistPlusOptions.xml.backup -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\LocalService\Application Data\Starware\SearchMatch -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\LocalService\Application Data\Starware\SearchMatch\SearchMatchOptions.xml -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\LocalService\Application Data\Starware\SearchMatch\SearchMatchOptions.xml.backup -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\LocalService\Application Data\Starware\Toolbar -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\LocalService\Application Data\Starware\Toolbar\TBProductsOptions.xml -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\LocalService\Application Data\Starware\Toolbar\TBProductsOptions.xml.backup -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\LocalService\Application Data\Starware\ToolbarLogo -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\LocalService\Application Data\Starware\ToolbarLogo\ToolbarLogoOptions.xml -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\LocalService\Application Data\Starware\ToolbarLogo\ToolbarLogoOptions.xml.backup -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\LocalService\Application Data\Starware\ToolbarSearch -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\LocalService\Application Data\Starware\ToolbarSearch\ToolbarSearchOptions.xml -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\LocalService\Application Data\Starware\ToolbarSearch\ToolbarSearchOptions.xml.backup -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\LocalService\Application Data\Starware\TravelSearch -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\LocalService\Application Data\Starware\TravelSearch\TravelSearchOptions.xml -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\LocalService\Application Data\Starware\TravelSearch\TravelSearchOptions.xml.backup -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\Rentway\Cookies\rentway@2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Rentway\Cookies\rentway@aavalue[1].txt -> TrackingCookie.Aavalue : Cleaned with backup
C:\Documents and Settings\Rentway\Cookies\rentway@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Rentway\Cookies\rentway@adopt.euroclick[1].txt -> TrackingCookie.Euroclick : Cleaned with backup
C:\Documents and Settings\Rentway\Cookies\rentway@adopt.specificclick[1].txt -> TrackingCookie.Specificclick : Cleaned with backup
C:\Documents and Settings\Rentway\Cookies\rentway@adrevolver[3].txt -> TrackingCookie.Adrevolver : Cleaned with backup
C:\Documents and Settings\Rentway\Cookies\rentway@ads.addynamix[2].txt -> TrackingCookie.Addynamix : Cleaned with backup
C:\Documents and Settings\Rentway\Cookies\rentway@ads.pointroll[1].txt -> TrackingCookie.Pointroll : Cleaned with backup
C:\Documents and Settings\Rentway\Cookies\rentway@ads.realcastmedia[1].txt -> TrackingCookie.Realcastmedia : Cleaned with backup
C:\Documents and Settings\Rentway\Cookies\rentway@advertising[1].txt -> TrackingCookie.Advertising : Cleaned with backup
C:\Documents and Settings\Rentway\Cookies\rentway@as-eu.falkag[2].txt -> TrackingCookie.Falkag : Cleaned with backup
C:\Documents and Settings\Rentway\Cookies\rentway@as-us.falkag[1].txt -> TrackingCookie.Falkag : Cleaned with backup
C:\Documents and Settings\Rentway\Cookies\rentway@as1.falkag[2].txt -> TrackingCookie.Falkag : Cleaned with backup
C:\Documents and Settings\Rentway\Cookies\rentway@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Rentway\Cookies\rentway@bfast[2].txt -> TrackingCookie.Bfast : Cleaned with backup
C:\Documents and Settings\Rentway\Cookies\rentway@bluestreak[2].txt -> TrackingCookie.Bluestreak : Cleaned with backup
C:\Documents and Settings\Rentway\Cookies\rentway@bs.serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\Rentway\Cookies\rentway@burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned with backup
C:\Documents and Settings\Rentway\Cookies\rentway@c.goclick[1].txt -> TrackingCookie.Goclick : Cleaned with backup
C:\Documents and Settings\Rentway\Cookies\rentway@c1.zedo[1].txt -> TrackingCookie.Zedo : Cleaned with backup
C:\Documents and Settings\Rentway\Cookies\rentway@casalemedia[2].txt -> TrackingCookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\Rentway\Cookies\rentway@centrport[2].txt -> TrackingCookie.Centrport : Cleaned with backup
C:\Documents and Settings\Rentway\Cookies\rentway@citi.bridgetrack[1].txt -> TrackingCookie.Bridgetrack : Cleaned with backup
C:\Documents and Settings\Rentway\Cookies\rentway@clickbank[2].txt -> TrackingCookie.Clickbank : Cleaned with backup
C:\Documents and Settings\Rentway\Cookies\rentway@commission-junction[2].txt -> TrackingCookie.Commission-junction : Cleaned with backup
C:\Documents and Settings\Rentway\Cookies\rentway@com[2].txt -> TrackingCookie.Com : Cleaned with backup
C:\Documents and Settings\Rentway\Cookies\rentway@counter.hitslink[1].txt -> TrackingCookie.Hitslink : Cleaned with backup
C:\Documents and Settings\Rentway\Cookies\rentway@counter6.-- The nicest hobby on Earth ;) --tracker[1].txt -> TrackingCookie.-- The nicest hobby on Earth ;) --tracker : Cleaned with backup
C:\Documents and Settings\Rentway\Cookies\rentway@cpvfeed[1].txt -> TrackingCookie.Cpvfeed : Cleaned with backup
C:\Documents and Settings\Rentway\Cookies\rentway@cs.-- The nicest hobby on Earth ;) --counter[2].txt -> TrackingCookie.-- The nicest hobby on Earth ;) --counter : Cleaned with backup
C:\Documents and Settings\Rentway\Cookies\rentway@cz3.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned with backup
C:\Documents and Settings\Rentway\Cookies\rentway@cz8.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned with backup
C:\Documents and Settings\Rentway\Cookies\rentway@data.coremetrics[1].txt -> TrackingCookie.Coremetrics : Cleaned with backup
C:\Documents and Settings\Rentway\Cookies\rentway@data1.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\Rentway\Cookies\rentway@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Rentway\Cookies\rentway@e-2dj6wfk4omczkep.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Rentway\Cookies\rentway@e-2dj6wfk4qlcpgco.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Rentway\Cookies\rentway@e-2dj6wfk4ujdpieo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Rentway\Cookies\rentway@e-2dj6wfkiapajslo.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Rentway\Cookies\rentway@e-2dj6wfkiapajwgp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Rentway\Cookies\rentway@e-2dj6wfkiegcpodp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Rentway\Cookies\rentway@e-2dj6wfkoegczedq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Rentway\Cookies\rentway@e-2dj6wfkoghc5afo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Rentway\Cookies\rentway@e-2dj6wfkoqid5gbo.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Rentway\Cookies\rentway@e-2dj6wfkosidpcfq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Rentway\Cookies\rentway@e-2dj6wfkycgczoeo.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Rentway\Cookies\rentway@e-2dj6wfkysoazwhq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Rentway\Cookies\rentway@e-2dj6wfkywmajieo.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Rentway\Cookies\rentway@e-2dj6wfl4emdzseo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Rentway\Cookies\rentway@e-2dj6wfligpd5aho.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Rentway\Cookies\rentway@e-2dj6wflikocpafp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Rentway\Cookies\rentway@e-2dj6wflykpajcho.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Rentway\Cookies\rentway@e-2dj6wflyukc5sbp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Rentway\Cookies\rentway@e-2dj6wfmiomajidp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Rentway\Cookies\rentway@e-2dj6wfmyemazkbo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Rentway\Cookies\rentway@e-2dj6wfmyohazsfo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Rentway\Cookies\rentway@e-2dj6wfmyqgcpeko.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Rentway\Cookies\rentway@e-2dj6wfmyqicpido.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Rentway\Cookies\rentway@e-2dj6wgk4cncjecq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Rentway\Cookies\rentway@e-2dj6wgk4kndpelq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Rentway\Cookies\rentway@e-2dj6wgk4sjdjcep.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Rentway\Cookies\rentway@e-2dj6wgkiahcziko.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Rentway\Cookies\rentway@e-2dj6wgkigjdpcco.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Rentway\Cookies\rentway@e-2dj6wgkiqjdjodp.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Rentway\Cookies\rentway@e-2dj6wgkocldzsgp.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Rentway\Cookies\rentway@e-2dj6wgkyakdjwgq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Rentway\Cookies\rentway@e-2dj6wgkyslcjkho.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Rentway\Cookies\rentway@e-2dj6wgkysnc5ego.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Rentway\Cookies\rentway@e-2dj6wjk4eodpiao.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Rentway\Cookies\rentway@e-2dj6wjk4klc5agp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Rentway\Cookies\rentway@e-2dj6wjkocodjsap.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Rentway\Cookies\rentway@e-2dj6wjkokncjieo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Rentway\Cookies\rentway@e-2dj6wjkosld5wgp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Rentway\Cookies\rentway@e-2dj6wjkosocjckp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Rentway\Cookies\rentway@e-2dj6wjkowgdpkcp.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Rentway\Cookies\rentway@e-2dj6wjkowndjsgq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Rentway\Cookies\rentway@e-2dj6wjkycoazskp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Rentway\Cookies\rentway@e-2dj6wjkyeiczodq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Rentway\Cookies\rentway@e-2dj6wjkyejdpilq.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Rentway\Cookies\rentway@e-2dj6wjkyeldjgdp.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Rentway\Cookies\rentway@e-2dj6wjkyggdzobp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Rentway\Cookies\rentway@e-2dj6wjkyghazclp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Rentway\Cookies\rentway@e-2dj6wjkykidjaho.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Rentway\Cookies\rentway@e-2dj6wjkyqhc5alo.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Rentway\Cookies\rentway@e-2dj6wjkyuhajgko.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Rentway\Cookies\rentway@e-2dj6wjl4agcpobp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Rentway\Cookies\rentway@e-2dj6wjl4kpazsgp.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Rentway\Cookies\rentway@e-2dj6wjl4onazmao.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Rentway\Cookies\rentway@e-2dj6wjl4umazaho.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Rentway\Cookies\rentway@e-2dj6wjlichajmbo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Rentway\Cookies\rentway@e-2dj6wjloalc5igp.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Rentway\Cookies\rentway@e-2dj6wjloamdzwlo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Rentway\Cookies\rentway@e-2dj6wjlogldjglq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Rentway\Cookies\rentway@e-2dj6wjlogndjwap.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Rentway\Cookies\rentway@e-2dj6wjlosodzcgo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Rentway\Cookies\rentway@e-2dj6wjlyapczsdq.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Rentway\Cookies\rentway@e-2dj6wjlygndpahp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Rentway\Cookies\rentway@e-2dj6wjlysjd5sco.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Rentway\Cookies\rentway@e-2dj6wjlywjdjifq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Rentway\Cookies\rentway@e-2dj6wjlywnajggo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Rentway\Cookies\rentway@e-2dj6wjmiujd5ako.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Rentway\Cookies\rentway@e-2dj6wjmyckdjwhp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Rentway\Cookies\rentway@e-2dj6wjmykgdjchp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Rentway\Cookies\rentway@e-2dj6wjmyonc5odo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Rentway\Cookies\rentway@e-2dj6wjmyskcpgho.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Rentway\Cookies\rentway@e-2dj6wjmyumc5mfq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Rentway\Cookies\rentway@e-2dj6wjny-1nczik.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Rentway\Cookies\rentway@e-2dj6wjny-1sajoe.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Rentway\Cookies\rentway@e-2dj6wjnyapdjigo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Rentway\Cookies\rentway@e-2dj6wjnycodjscp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Rentway\Cookies\rentway@e-2dj6wjnygicpslo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Rentway\Cookies\rentway@e-2dj6wjnyglajwgp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Rentway\Cookies\rentway@e-2dj6wjnyqid5clo.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Rentway\Cookies\rentway@e-2dj6wjnyqkdjsgo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Rentway\Cookies\rentway@e-2dj6wjnysocjcdo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Rentway\Cookies\rentway@e-2dj6wjnyugcpelo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Rentway\Cookies\rentway@e-2dj6wjnywmd5mbp.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Rentway\Cookies\rentway@edge.ru4[2].txt -> TrackingCookie.Ru4 : Cleaned with backup
C:\Documents and Settings\Rentway\Cookies\rentway@ehg-accuweather.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Rentway\Cookies\rentway@ehg-advanceauto.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Rentway\Cookies\rentway@ehg-autozone.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Rentway\Cookies\rentway@ehg-cafepress.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Rentway\Cookies\rentway@ehg-communityconnect.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Rentway\Cookies\rentway@ehg-dig.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Rentway\Cookies\rentway@ehg-foxsports.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Rentway\Cookies\rentway@ehg-fxcm.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Rentway\Cookies\rentway@ehg-meguiarsinc.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Rentway\Cookies\rentway@ehg-neteller.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Rentway\Cookies\rentway@ehg-netquote.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Rentway\Cookies\rentway@ehg-osiris.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Rentway\Cookies\rentway@ehg-playboy.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Rentway\Cookies\rentway@ehg-samsungusa.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Rentway\Cookies\rentway@ehg-sbgeuro.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Rentway\Cookies\rentway@ehg-teococorp.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Rentway\Cookies\rentway@ehg-warnerbrothers.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Rentway\Cookies\rentway@ehg-worldwildlifefund.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Rentway\Cookies\rentway@ehg-yamahamotors.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Rentway\Cookies\rentway@ehg.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Rentway\Cookies\rentway@entrepreneur.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Rentway\Cookies\rentway@estat[1].txt -> TrackingCookie.Estat : Cleaned with backup
C:\Documents and Settings\Rentway\Cookies\rentway@eztracks.aavalue[2].txt -> TrackingCookie.Aavalue : Cleaned with backup
C:\Documents and Settings\Rentway\Cookies\rentway@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned with backup
C:\Documents and Settings\Rentway\Cookies\rentway@findwhat[1].txt -> TrackingCookie.Findwhat : Cleaned with backup
C:\Documents and Settings\Rentway\Cookies\rentway@hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Rentway\Cookies\rentway@hypertracker[1].txt -> TrackingCookie.Hypertracker : Cleaned with backup
C:\Documents and Settings\Rentway\Cookies\rentway@image.masterstats[1].txt -> TrackingCookie.Masterstats : Cleaned with backup
C:\Documents and Settings\Rentway\Cookies\rentway@kmpads[2].txt -> TrackingCookie.Kmpads : Cleaned with backup
C:\Documents and Settings\Rentway\Cookies\rentway@marketworksinc.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Rentway\Cookies\rentway@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\Rentway\Cookies\rentway@overture[2].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\Rentway\Cookies\rentway@partygaming.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Rentway\Cookies\rentway@paypopup[1].txt -> TrackingCookie.Paypopup : Cleaned with backup
C:\Documents and Settings\Rentway\Cookies\rentway@perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\Rentway\Cookies\rentway@phg.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Rentway\Cookies\rentway@qksrv[2].txt -> TrackingCookie.Qksrv : Cleaned with backup
C:\Documents and Settings\Rentway\Cookies\rentway@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\Rentway\Cookies\rentway@reduxads.valuead[1].txt -> TrackingCookie.Valuead : Cleaned with backup
C:\Documents and Settings\Rentway\Cookies\rentway@revenue[1].txt -> TrackingCookie.Revenue : Cleaned with backup
C:\Documents and Settings\Rentway\Cookies\rentway@roispy[1].txt -> TrackingCookie.Roispy : Cleaned with backup
C:\Documents and Settings\Rentway\Cookies\rentway@server.iad.liveperson[2].txt -> TrackingCookie.Liveperson : Cleaned with backup
C:\Documents and Settings\Rentway\Cookies\rentway@server.lon.liveperson[2].txt -> TrackingCookie.Liveperson : Cleaned with backup
C:\Documents and Settings\Rentway\Cookies\rentway@serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\Rentway\Cookies\rentway@-- The nicest hobby on Earth ;) --tracker[1].txt -> TrackingCookie.-- The nicest hobby on Earth ;) --tracker : Cleaned with backup
C:\Documents and Settings\Rentway\Cookies\rentway@snagajob.122.2o7[2].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Rentway\Cookies\rentway@sonycorporate.122.2o7[2].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Rentway\Cookies\rentway@statcounter[2].txt -> TrackingCookie.Statcounter : Cleaned with backup
C:\Documents and Settings\Rentway\Cookies\rentway@stats.adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned with backup
C:\Documents and Settings\Rentway\Cookies\rentway@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : Cleaned with backup
C:\Documents and Settings\Rentway\Cookies\rentway@statse.webtrendslive[1].txt -> TrackingCookie.Webtrendslive : Cleaned with backup
C:\Documents and Settings\Rentway\Cookies\rentway@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned with backup
C:\Documents and Settings\Rentway\Cookies\rentway@targetnet[1].txt -> TrackingCookie.Targetnet : Cleaned with backup
C:\Documents and Settings\Rentway\Cookies\rentway@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Cleaned with backup
C:\Documents and Settings\Rentway\Cookies\rentway@trafficmp[2].txt -> TrackingCookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\Rentway\Cookies\rentway@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\Rentway\Cookies\rentway@twci.coremetrics[1].txt -> TrackingCookie.Coremetrics : Cleaned with backup
C:\Documents and Settings\Rentway\Cookies\rentway@valuead[2].txt -> TrackingCookie.Valuead : Cleaned with backup
C:\Documents and Settings\Rentway\Cookies\rentway@valueclick[1].txt -> TrackingCookie.Valueclick : Cleaned with backup
C:\Documents and Settings\Rentway\Cookies\rentway@valueclick[2].txt -> TrackingCookie.Valueclick : Cleaned with backup
C:\Documents and Settings\Rentway\Cookies\rentway@www.burstbeacon[2].txt -> TrackingCookie.Burstbeacon : Cleaned with backup
C:\Documents and Settings\Rentway\Cookies\rentway@www.girlporn.com.22545.fb.dbbsrv[1].txt -> TrackingCookie.Dbbsrv : Cleaned with backup
C:\Documents and Settings\Rentway\Cookies\rentway@www.goldenpalace[1].txt -> TrackingCookie.Goldenpalace : Cleaned with backup
C:\Documents and Settings\Rentway\Cookies\rentway@www.xxxporn.com.22545.fb.dbbsrv[1].txt -> TrackingCookie.Dbbsrv : Cleaned with backup
C:\Documents and Settings\Rentway\Cookies\rentway@yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Rentway\Cookies\rentway@z1.adserver[1].txt -> TrackingCookie.Adserver : Cleaned with backup
C:\Documents and Settings\Rentway\Cookies\rentway@zedo[2].txt -> TrackingCookie.Zedo : Cleaned with backup
C:\Documents and Settings\Rentway\Local Settings\Temp\Cookies\rentway@2o7[2].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Rentway\Local Settings\Temp\Cookies\rentway@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Rentway\Local Settings\Temp\Cookies\rentway@adrevolver[1].txt -> TrackingCookie.Adrevolver : Cleaned with backup
C:\Documents and Settings\Rentway\Local Settings\Temp\Cookies\rentway@ads.addynamix[1].txt -> TrackingCookie.Addynamix : Cleaned with backup
C:\Documents and Settings\Rentway\Local Settings\Temp\Cookies\rentway@advertising[1].txt -> TrackingCookie.Advertising : Cleaned with backup
C:\Documents and Settings\Rentway\Local Settings\Temp\Cookies\rentway@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Rentway\Local Settings\Temp\Cookies\rentway@casalemedia[2].txt -> TrackingCookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\Rentway\Local Settings\Temp\Cookies\rentway@centrport[1].txt -> TrackingCookie.Centrport : Cleaned with backup
C:\Documents and Settings\Rentway\Local Settings\Temp\Cookies\rentway@counter7.-- The nicest hobby on Earth ;) --tracker[1].txt -> TrackingCookie.-- The nicest hobby on Earth ;) --tracker : Cleaned with backup
C:\Documents and Settings\Rentway\Local Settings\Temp\Cookies\rentway@e-2dj6wjk4ehazkcp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Rentway\Local Settings\Temp\Cookies\rentway@e-2dj6wjkoogc5iaq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Rentway\Local Settings\Temp\Cookies\rentway@e-2dj6wjnyondjaap.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Rentway\Local Settings\Temp\Cookies\rentway@edge.ru4[2].txt -> TrackingCookie.Ru4 : Cleaned with backup
C:\Documents and Settings\Rentway\Local Settings\Temp\Cookies\rentway@ehg-neteller.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Rentway\Local Settings\Temp\Cookies\rentway@ehg-traderpublishing.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Rentway\Local Settings\Temp\Cookies\rentway@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned with backup
C:\Documents and Settings\Rentway\Local Settings\Temp\Cookies\rentway@hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Rentway\Local Settings\Temp\Cookies\rentway@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\Rentway\Local Settings\Temp\Cookies\rentway@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\Rentway\Local Settings\Temp\Cookies\rentway@server.iad.liveperson[2].txt -> TrackingCookie.Liveperson : Cleaned with backup
C:\Documents and Settings\Rentway\Local Settings\Temp\Cookies\rentway@server.lon.liveperson[2].txt -> TrackingCookie.Liveperson : Cleaned with backup
C:\Documents and Settings\Rentway\Local Settings\Temp\Cookies\rentway@-- The nicest hobby on Earth ;) --tracker[1].txt -> TrackingCookie.-- The nicest hobby on Earth ;) --tracker : Cleaned with backup
C:\Documents and Settings\Rentway\Local Settings\Temp\Cookies\rentway@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Cleaned with backup
C:\Documents and Settings\Rentway\Local Settings\Temp\Cookies\rentway@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned with backup
C:\Documents and Settings\Rentway\Local Settings\Temp\Cookies\rentway@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Cleaned with backup
C:\Documents and Settings\Rentway\Local Settings\Temp\Cookies\rentway@trafficmp[2
Bobbi Flekman
Mar 2 2006, 05:49 PM
Hey Panda!

from what I see you did great. Only it didn't all fit in one post. Can you post the rest as well.

Please create a list of programs that can be removed using Add/Remove Programs
Start HiJackThis. Click "Config"->"Misc Tools"->"Open Uninstall Manager" ->"Save List".
Save the log to a convenient location, and copy it into this thread.

I see a few things left in the HijackThis log that can be easily solved through Add/Remove. So we'll try that first before doing it the manual way through HijackThis.
pandy
Mar 3 2006, 04:56 AM
hello.gif Bobbi sorry about the missing part. I hope this is it.

C:\Documents and Settings\Rentway\Local Settings\Temp\Cookies\rentway@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Cleaned with backup
C:\Documents and Settings\Rentway\Local Settings\Temp\Cookies\rentway@trafficmp[2].txt -> TrackingCookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\Rentway\Local Settings\Temp\Cookies\rentway@valueclick[2].txt -> TrackingCookie.Valueclick : Cleaned with backup
C:\Documents and Settings\Rentway\Local Settings\Temp\Cookies\rentway@z1.adserver[1].txt -> TrackingCookie.Adserver : Cleaned with backup
C:\Documents and Settings\Rentway\Local Settings\Temporary Internet Files\Content.IE5\8HUBOLYR\WinAntiSpyware2006FreeInstall[1].exe -> Not-A-Virus.Downloader.Win32.WinFixer.d : Cleaned with backup
C:\Documents and Settings\Rentway\Start Menu\Programs\WhenU -> Adware.SaveNow : Cleaned with backup
C:\Documents and Settings\Rentway\Start Menu\Programs\WhenU\Learn More About WhenU Save.url -> Adware.SaveNow : Cleaned with backup
C:\Documents and Settings\Rentway\Start Menu\Programs\WhenU\Learn More About WhenU SaveNow.url -> Adware.SaveNow : Cleaned with backup
C:\Documents and Settings\Rentway\Start Menu\Programs\WhenU\WhenU.com Website.url -> Adware.SaveNow : Cleaned with backup
C:\Program Files\Common Files\WinSoftware\CrXML.dll -> Adware.Winfixer : Cleaned with backup
C:\Program Files\Common Files\WinSoftware\PCheck.dll -> Adware.Winfixer : Cleaned with backup
C:\WINDOWS\SYSTEM32\DRIVERS\df_kmd.sys -> Rootkit.Agent.af : Cleaned with backup
C:\WINDOWS\SYSTEM32\ssttq.dll -> Adware.Virtumonde : Cleaned with backup
C:\WINDOWS\SYSTEM32\__delete_on_reboot__iuewnotu.dll -> Adware.BHO : Cleaned with backup


::Report End

And here is the saved Add/Remove programs list from HjT

7Sultans Online -- Look for another playground --
Absolute Poker
Adobe Acrobat - Reader 6.0.2 Update
Adobe Reader 6.0.1
AIM+ (remove only)
Americas Cardroom (remove only)
AOL Coach Version 1.0(Build:20040229.1 en)
AOL Coach Version 2.0(Build:20041026.5 en)
AOL Computer Check-Up
AOL Connectivity Services
AOL Instant Messenger
AOL Toolbar
AOL Uninstaller (Choose which Products to Remove)
AOL You've Got Pictures Screensaver
Banctec Service Agreement
Conexant D850 56K V.9x DFVc Modem
Dell Digital Jukebox Driver
Dell Driver Reset Tool
Dell Support 5.0.0 (630)
Digital Line Detect
ewido anti-malware
HijackThis 1.99.1
HollywoodPoker.com (remove only)
Intel® Extreme Graphics 2 Driver
Intel® PRO Network Adapters and Drivers
Intel® PROSet for Wired Connections
Internet Explorer Default Page
iPod for Windows 2005-06-26
iTunes
Jasc Paint Shop Photo Album
Jasc Paint Shop Pro 8 Dell Edition
Java 2 Runtime Environment, SE v1.4.2_03
JetSetPoker
lamborghini ScreenSaver
Learn2 Player (Uninstall Only)
Lyra Jukebox Applications
Macromedia Shockwave Player
McAfee SecurityCenter
McAfee VirusScan
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Modem Helper
Musicmatch® Jukebox
My Way Search Assistant
NetWaiting
Pacific Poker
PartyPoker
Poker World
POKER4EVER
PokerHost
PowerDVD 5.3
Pure Networks Port Magic
QuickTime
RealPlayer Basic
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Sonic DLA
Sonic RecordNow!
Sonic Update Manager
SoundMAX
Titan Poker
Total Poker
UBNet
UltimateBet
UltimateBuddy
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB910437)
Vegas Palms Online -- Look for another playground --
Viewpoint Media Player
WildTangent Web Driver
Windows Genuine Advantage v1.3.0254.0
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows Media Player 10
Windows Media Player 10
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893086
WordPerfect Office 12
Yahoo! extras
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Messenger
Yahoo! Toolbar
Bobbi Flekman
Mar 3 2006, 01:10 PM
Hey Pandy,

Java 2 Runtime Environment, SE v1.4.2_03 <-- This is really old... An accident waiting to happen. Please update this to 1.5.

Is your sister a gambler? I see an awful lot of gambling programs. Seems Poker is a favorite... If she installed them leave them be, otherwise you can uninstall the following programs.
  • 7Sultans Online Casino
  • Absolute Poker
  • Americas Cardroom (remove only)
  • HollywoodPoker.com (remove only)
  • JetSetPoker
  • Pacific Poker
  • PartyPoker
  • Poker World
  • POKER4EVER
  • PokerHost
  • Titan Poker
  • Total Poker
  • UBNet
  • UltimateBet
  • UltimateBuddy
  • Vegas Palms Online Casino

Open "Add/Remove Programs" in the Control Panel. Select the following items:
  • My Way Search Assistant
and click "Remove" for each of them. If one of the uninstallers wants to download stuff or needs an Internet connection, skip that one and report them to me.

Afterwards I would like to see a new log from HijackThis. How's the system running?
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
Invision Power Board © 2001-2010 Invision Power Services, Inc.