Mobile/PDA About Us Advertise here
User User name Password  
  Not registered yet? Register here.
Lost your password? Click here. 		 
  Home   News   Guides   Downloads   Glossary   Hardware   Profiles   Forums   v4  
 Advertise at AfterDawn.com     Link to us!     Private messages     Compose a private message     List of all updated threads     Threads without replies     Search messages
Sunday 24.11.2024 / 09:25
Search AfterDawn Forums:        In English   Suomeksi   På svenska
afterdawn.com > forums > software, operating systems and more > windows - virus and spyware problems > virus/malware? log of hijackthis
Show topics
 
Forums
Forums
Virus/Malware? Log of HijackThis
  Jump to:
 
Posted Message
PatHL
Newbie
_ 		4. April 2006 @ 14:04 _ Link to this message    Send private message to this user   
Hi --

When browsing the web, I forgot for some time to switch ZoneAlarm on, and as a result, I think my computer got infected with something. I ran Spybot and cleaned some spyware, but a pesky "red icon" your computer is infected remains at the bottom right corner in the icon-tray. Does anyone have more insights? Find below my log-file from HJT.

Much obliged,

-- PatHL




Logfile of HijackThis v1.99.1
Scan saved at 6:02:12 PM, on 4/4/06
Platform: Windows 2000 SP3 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe
C:\WINNT\system32\hidserv.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\MsgSys.EXE
C:\WINNT\system32\mobsync.exe
C:\WINNT\System32\PRPCUI.exe
C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Daily Weather Forecast\weather.exe
C:\Program Files\AutoUpdate\AutoUpdate.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\NavNT\vptray.exe
C:\WINNT\System32\rundll32.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\WINNT\System32\usbtcpip.exe
C:\winstall.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
C:\Program Files\stickies\stickies.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\Program Files\Gigabyte\Gigabyte GN-WMAG 802.11g WLan (ATS)\G-EzLink.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\HJT\HijackThis.exe

O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINNT\nem220.dll
O2 - BHO: CM BHO - {6379A99A-9102-446C-A837-0623E1810D75} - C:\Program Files\Crystalys media\cm.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: CM Band - {159C2E51-9823-11D2-8DDC-D84A1B4ACD4D} - C:\Program Files\Crystalys media\cm.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [CP888M1] C:\PROGRA~1\EzButton\CP888M1.EXE
O4 - HKLM\..\Run: [PRPCMonitor] PRPCUI.exe
O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files\WordPerfect Office 11\Programs\QFSCHD110.EXE"
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Daily Weather Forecast] C:\Program Files\Daily Weather Forecast\weather.exe
O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [CMLoader] rundll32.exe "c:\program files\crystalys media\cm.dll",MakeInjection
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKCU\..\Run: [Zwq7RhJ8T] usbtcpip.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 - Startup: Stickies.lnk = C:\Program Files\stickies\stickies.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check.lnk = C:\WINNT\system32\spool\drivers\w32x86\2\E_SRCV03.EXE
O4 - Global Startup: GetRight - Tray Icon.lnk = C:\Program Files\GetRight\getright.exe
O4 - Global Startup: GN-WMAG Utility.lnk = C:\Program Files\Gigabyte\Gigabyte GN-WMAG 802.11g WLan (ATS)\G-EzLink.exe
O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Download with GetRight - C:\PROGRA~1\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\PROGRA~1\GetRight\GRbrowse.htm
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O12 - Plugin for .png: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {7C559105-9ECF-42B8-B3F7-832E75EDD959} (Installer Class) - http://www.xxxtoolbar.com/ist/softwares/v4.0/0006_regular.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0) -
O16 - DPF: {CAFEEFAC-0014-0000-0004-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0) -
O16 - DPF: {CAFEEFAC-0014-0001-0005-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_05) -
O16 - DPF: {CAFEEFAC-0014-0001-0007-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_07) -
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O20 - AppInit_DLLs: NVDESK32.DLL C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O20 - Winlogon Notify: NavLogon - C:\WINNT\System32\NavLogon.dll
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINNT\system32\ZoneLabs\vsmon.exe
[ + quote]
Advertisement
_ 		__
-kemisti-
AfterDawn Addict
_ 		4. April 2006 @ 22:50 _ Link to this message    Send private message to this user   
Hi PatHL

You have smitfraud infection

Download smitrem to the desktop (http://noahdfear.geekstogo.com/click%20counter/click.php?id=1)
Doubleclick it and then Start -> you'll get smitrem folder to your desktop.

Get Ewido
http://www.ewido.net/en/download/
install and update it. Don't run it yet!

Boot into safemode (press F8 while booting)

Opoen HijackThis, click do a system scan only and checkmark these:

O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINNT\nem220.dll
O2 - BHO: CM BHO - {6379A99A-9102-446C-A837-0623E1810D75} - C:\Program Files\Crystalys media\cm.dll
O3 - Toolbar: CM Band - {159C2E51-9823-11D2-8DDC-D84A1B4ACD4D} - C:\Program Files\Crystalys media\cm.dll
O4 - HKLM\..\Run: [Daily Weather Forecast] C:\Program Files\Daily Weather Forecast\weather.exe
O4 - HKLM\..\Run: [CMLoader] rundll32.exe "c:\program files\crystalys media\cm.dll",MakeInjection
O4 - HKCU\..\Run: [Zwq7RhJ8T] usbtcpip.exe
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O16 - DPF: {7C559105-9ECF-42B8-B3F7-832E75EDD959} (Installer Class) - http://www.xxxtoolbar.com/ist/softwares/v4.0/0006_regular.cab
O16 - DPF: {CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0) -
O16 - DPF: {CAFEEFAC-0014-0000-0004-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0) -
O16 - DPF: {CAFEEFAC-0014-0001-0005-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_05) -
O16 - DPF: {CAFEEFAC-0014-0001-0007-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_07) -

Close all other windows and click fix checked.

Then open smitrem folder and doubleclick RunThis.bat. Follow the instructions.

After this do a full scan with Ewido and save log.

Delete if still found:

C:\WINNT\nem220.dll
C:\Program Files\Crystalys media
C:\Program Files\Daily Weather Forecast
C:\winstall.exe
C:\WINNT\web\related.htm

Boot back into normalmode. Send Ewido's log, a new HijackThis log and contents of C:\smitfiles.txt file.
[ + quote]

This message has been edited since posting. Last time this message was edited on 4. April 2006 @ 23:28
PatHL
Newbie
_ 		6. April 2006 @ 10:32 _ Link to this message    Send private message to this user   
kemisti --

Thanks a lot for your help analyzing the HjT log-file. Ewido got rid of alot of stuff so I hope my computer is far cleaner than b4.

-- PatHL.



Here are the logs you requested:

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 6:14:53 AM, 4/6/06
+ Report-Checksum: E12CB36F

+ Scan result:

HKLM\SOFTWARE\AutoLoader -> Adware.Apropos : Cleaned with backup
HKLM\SOFTWARE\Classes\DyFuCA_BH.SinkObj -> Adware.MoneyTree : Cleaned with backup
HKLM\SOFTWARE\Classes\DyFuCA_BH.SinkObj\CLSID -> Adware.MoneyTree : Cleaned with backup
HKLM\SOFTWARE\Classes\DyFuCA_BH.SinkObj\CurVer -> Adware.MoneyTree : Cleaned with backup
HKLM\SOFTWARE\Classes\DyFuCA_BH.SinkObj.1 -> Adware.MoneyTree : Cleaned with backup
HKLM\SOFTWARE\Classes\ISTbar.BarObj -> Adware.ISTBar : Cleaned with backup
HKLM\SOFTWARE\Classes\ISTbar.BarObj\CLSID -> Adware.ISTBar : Cleaned with backup
HKLM\SOFTWARE\Classes\MediaAccess.Installer -> Adware.WinAd : Cleaned with backup
HKLM\SOFTWARE\Classes\MediaAccess.Installer\CLSID -> Adware.WinAd : Cleaned with backup
HKLM\SOFTWARE\Classes\MediaAccess.Installer\CurVer -> Adware.WinAd : Cleaned with backup
HKLM\SOFTWARE\Classes\MediaAccX.Installer -> Adware.WinAd : Cleaned with backup
HKLM\SOFTWARE\Classes\MediaAccX.Installer\CLSID -> Adware.WinAd : Cleaned with backup
HKLM\SOFTWARE\Classes\TestContentMatchControl1.ContentMatchTag -> Adware.ISTBar : Cleaned with backup
HKLM\SOFTWARE\Classes\TestContentMatchControl1.ContentMatchTag\CLSID -> Adware.ISTBar : Cleaned with backup
HKLM\SOFTWARE\Classes\TestContentMatchControl1.ContentMatchTag\CurVer -> Adware.ISTBar : Cleaned with backup
HKLM\SOFTWARE\Classes\TestContentMatchControl1.ContentMatchTag.1 -> Adware.ISTBar : Cleaned with backup
HKLM\SOFTWARE\ISTbar -> Adware.ISTBar : Cleaned with backup
HKLM\SOFTWARE\ISTbar\Historyfiles -> Adware.ISTBar : Cleaned with backup
HKLM\SOFTWARE\ISTbar\Historystring -> Adware.ISTBar : Cleaned with backup
HKLM\SOFTWARE\Media Access -> Adware.WinAD : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\AMeOpt -> Adware.InternetOptimizer : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ISTbar -> Adware.ISTBar : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Kapabout -> Adware.InternetOptimizer : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Media Access -> Adware.WinAD : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Rotue -> Adware.InternetOptimizer : Cleaned with backup
HKLM\SOFTWARE\Policies\Avenue Media -> Adware.InternetOptimizer : Cleaned with backup
HKU\S-1-5-21-1614895754-484763869-854245398-1001\Software\IST -> Adware.ISTBar : Cleaned with backup
HKU\S-1-5-21-1614895754-484763869-854245398-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\GAIN -> Adware.Gator : Cleaned with backup
HKU\S-1-5-21-1614895754-484763869-854245398-1001\Software\Microsoft\Windows\CurrentVersion\Policies\AMeOpt -> Adware.InternetOptimizer : Cleaned with backup
HKU\S-1-5-21-1614895754-484763869-854245398-1001\Software\Policies\Avenue Media -> Adware.InternetOptimizer : Cleaned with backup
HKU\S-1-5-21-1614895754-484763869-854245398-1001\Software\Classes\CLSID\CLSID\{6379A99A-9102-446C-A837-0623E1810D75} -> Adware.Generic : Cleaned with backup
HKU\S-1-5-21-1614895754-484763869-854245398-1001_Classes\CLSID\CLSID\{6379A99A-9102-446C-A837-0623E1810D75} -> Adware.Generic : Cleaned with backup
:mozilla.42:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.43:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.44:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.45:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.46:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.47:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.48:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.49:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.50:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.51:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.53:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.54:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.55:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.56:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.57:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.58:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.59:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.60:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.61:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.62:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.63:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.64:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.65:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.66:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.67:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.69:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.70:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.71:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.90:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.91:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.92:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.93:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.95:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.96:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.97:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.98:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.100:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.101:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.123:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.124:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.125:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.126:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.127:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.160:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.169:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.170:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.171:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.172:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.173:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.178:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.179:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.180:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.181:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.182:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.183:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.184:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.185:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.186:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.214:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.215:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.227:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned with backup
:mozilla.234:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.240:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup
:mozilla.241:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup
:mozilla.242:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup
:mozilla.253:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.254:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.268:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
:mozilla.269:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
:mozilla.332:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.333:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.334:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.335:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.336:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.338:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.339:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.340:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.341:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.342:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.343:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.344:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.346:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.363:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.365:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned with backup
:mozilla.366:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.369:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.372:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.Coremetrics : Cleaned with backup
:mozilla.389:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.390:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.391:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.392:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.393:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.401:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.406:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.418:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.425:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.426:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.427:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.465:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup
:mozilla.466:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup
:mozilla.475:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup
:mozilla.515:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup
:mozilla.516:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup
:mozilla.533:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.535:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.536:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.537:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.538:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.539:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.540:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.541:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.542:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.554:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.574:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.Adocean : Cleaned with backup
:mozilla.575:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.Adocean : Cleaned with backup
:mozilla.587:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
:mozilla.588:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.Estat : Cleaned with backup
:mozilla.604:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.613:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.I12 : Cleaned with backup
:mozilla.618:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned with backup
:mozilla.619:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned with backup
:mozilla.620:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned with backup
:mozilla.621:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned with backup
:mozilla.631:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned with backup
:mozilla.632:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned with backup
:mozilla.647:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.Clickbank : Cleaned with backup
:mozilla.648:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.664:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.Realtracker : Cleaned with backup
:mozilla.665:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.Realtracker : Cleaned with backup
:mozilla.685:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.688:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.Yadro : Cleaned with backup
:mozilla.689:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.Yadro : Cleaned with backup
:mozilla.690:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.691:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.Goldenpalace : Cleaned with backup
:mozilla.696:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup
:mozilla.697:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup
:mozilla.706:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.Centrport : Cleaned with backup
:mozilla.710:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
:mozilla.713:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.Bfast : Cleaned with backup
C:\Documents and Settings\cguser\Cookies\cguser@2o7[2].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\cguser\Cookies\cguser@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : Cleaned with backup
C:\Documents and Settings\cguser\Cookies\cguser@ads.addynamix[2].txt -> TrackingCookie.Addynamix : Cleaned with backup
C:\Documents and Settings\cguser\Cookies\cguser@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Cleaned with backup
C:\Documents and Settings\cguser\Cookies\cguser@banner.goldenpalace[2].txt -> TrackingCookie.Goldenpalace : Cleaned with backup
C:\Documents and Settings\cguser\Cookies\cguser@c4.zedo[1].txt -> TrackingCookie.Zedo : Cleaned with backup
C:\Documents and Settings\cguser\Cookies\cguser@casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\cguser\Cookies\cguser@centrport[1].txt -> TrackingCookie.Centrport : Cleaned with backup
C:\Documents and Settings\cguser\Cookies\cguser@com[2].txt -> TrackingCookie.Com : Cleaned with backup
C:\Documents and Settings\cguser\Cookies\cguser@edge.ru4[1].txt -> TrackingCookie.Ru4 : Cleaned with backup
C:\Documents and Settings\cguser\Cookies\cguser@goldenpalace[1].txt -> TrackingCookie.Goldenpalace : Cleaned with backup
C:\Documents and Settings\cguser\Cookies\cguser@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\cguser\Cookies\cguser@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\cguser\Cookies\cguser@server.iad.liveperson[2].txt -> TrackingCookie.Liveperson : Cleaned with backup
C:\Documents and Settings\cguser\Cookies\cguser@stat.onestat[2].txt -> TrackingCookie.Onestat : Cleaned with backup
C:\Documents and Settings\cguser\Cookies\cguser@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Cleaned with backup
C:\Documents and Settings\cguser\Cookies\cguser@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\cguser\Cookies\cguser@www.goldenpalace[1].txt -> TrackingCookie.Goldenpalace : Cleaned with backup
C:\Documents and Settings\cguser\Cookies\cguser@xxxtoolbar[2].txt -> TrackingCookie.Xxxtoolbar : Cleaned with backup
C:\Documents and Settings\cguser\Cookies\cguser@yadro[2].txt -> TrackingCookie.Yadro : Cleaned with backup
C:\Documents and Settings\cguser\Cookies\cguser@z1.adserver[1].txt -> TrackingCookie.Adserver : Cleaned with backup
C:\Documents and Settings\cguser\Cookies\cguser@zedo[1].txt -> TrackingCookie.Zedo : Cleaned with backup
C:\Documents and Settings\cguser\Start Menu\Programs\Power Scan -> Adware.PowerScan : Cleaned with backup
C:\Documents and Settings\default\Cookies\default@admonitor[1].txt -> TrackingCookie.Admonitor : Cleaned with backup
C:\Documents and Settings\default\Cookies\default@ads.enliven[2].txt -> TrackingCookie.Enliven : Cleaned with backup
C:\Documents and Settings\default\Cookies\default@ads.link4ads[2].txt -> TrackingCookie.Link4ads : Cleaned with backup
C:\Documents and Settings\default\Cookies\default@ads.link4ads[3].txt -> TrackingCookie.Link4ads : Cleaned with backup
C:\Documents and Settings\default\Cookies\default@advertising[1].txt -> TrackingCookie.Advertising : Cleaned with backup
C:\Documents and Settings\default\Cookies\default@advertising[3].txt -> TrackingCookie.Advertising : Cleaned with backup
C:\Documents and Settings\default\Cookies\default@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup
C:\Documents and Settings\default\Cookies\default@bfast[1].txt -> TrackingCookie.Bfast : Cleaned with backup
C:\Documents and Settings\default\Cookies\default@bfast[3].txt -> TrackingCookie.Bfast : Cleaned with backup
C:\Documents and Settings\default\Cookies\default@bluestreak[2].txt -> TrackingCookie.Bluestreak : Cleaned with backup
C:\Documents and Settings\default\Cookies\default@centrport[2].txt -> TrackingCookie.Centrport : Cleaned with backup
C:\Documents and Settings\default\Cookies\default@citi.bridgetrack[2].txt -> TrackingCookie.Bridgetrack : Cleaned with backup
C:\Documents and Settings\default\Cookies\default@clickagents[1].txt -> TrackingCookie.Clickagents : Cleaned with backup
C:\Documents and Settings\default\Cookies\default@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\default\Cookies\default@estat[1].txt -> TrackingCookie.Estat : Cleaned with backup
C:\Documents and Settings\default\Cookies\default@fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned with backup
C:\Documents and Settings\default\Cookies\default@fastclick[3].txt -> TrackingCookie.Fastclick : Cleaned with backup
C:\Documents and Settings\default\Cookies\default@fastclick[4].txt -> TrackingCookie.Fastclick : Cleaned with backup
C:\Documents and Settings\default\Cookies\default@focalink[1].txt -> TrackingCookie.Focalink : Cleaned with backup
C:\Documents and Settings\default\Cookies\default@hg1.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\default\Cookies\default@hg1.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\default\Cookies\default@hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\default\Cookies\default@hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\default\Cookies\default@linksynergy[1].txt -> TrackingCookie.Linksynergy : Cleaned with backup
C:\Documents and Settings\default\Cookies\default@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\default\Cookies\default@mediaplex[3].txt -> TrackingCookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\default\Cookies\default@overture[1].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\default\Cookies\default@pointroll[1].txt -> TrackingCookie.Pointroll : Cleaned with backup
C:\Documents and Settings\default\Cookies\default@preferences[1].txt -> TrackingCookie.Preferences : Cleaned with backup
C:\Documents and Settings\default\Cookies\default@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\default\Cookies\default@rd.advertising[2].txt -> TrackingCookie.Advertising : Cleaned with backup
C:\Documents and Settings\default\Cookies\default@servedby.advertising[2].txt -> TrackingCookie.Advertising : Cleaned with backup
C:\Documents and Settings\default\Cookies\default@servedby.advertising[3].txt -> TrackingCookie.Advertising : Cleaned with backup
C:\Documents and Settings\default\Cookies\default@statse.webtrendslive[1].txt -> TrackingCookie.Webtrendslive : Cleaned with backup
C:\Documents and Settings\default\Cookies\default@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\default\Cookies\default@valueclick.ne[1].txt -> TrackingCookie.Ne : Cleaned with backup
C:\Documents and Settings\default\Cookies\default@valueclick[1].txt -> TrackingCookie.Valueclick : Cleaned with backup
C:\Documents and Settings\default\Cookies\default@www.commission-junction[1].txt -> TrackingCookie.Commission-junction : Cleaned with backup
C:\Documents and Settings\default\Cookies\default@www.qksrv[1].txt -> TrackingCookie.Qksrv : Cleaned with backup
C:\Documents and Settings\default\Cookies\default@x10[1].txt -> TrackingCookie.X10 : Cleaned with backup
C:\Downloads\MediaAccess.exe -> Adware.WinAD : Cleaned with backup
C:\HJT\backups\backup-20060404-174911-186.dll -> Adware.WinAD : Cleaned with backup
C:\HJT\backups\backup-20060405-121708-253.dll -> Downloader.Dyfuca : Cleaned with backup
C:\HJT\backups\backup-20060405-121708-739.dll -> Downloader.IstBar : Cleaned with backup
C:\possible_spyware.zip/winstall.e_e -> Not-A-Virus.Hoax.Win32.Renos.ad : Cleaned with backup
C:\Program Files\AutoUpdate -> Adware.Apropos : Cleaned with backup
C:\Program Files\AutoUpdate\AutoUpdate.exe -> Adware.Apropos : Cleaned with backup
C:\Program Files\AutoUpdate\libexpat.dll -> Adware.Apropos : Cleaned with backup
C:\Program Files\Ljjhe\Tjatq.exe -> Trojan.Small.cy : Cleaned with backup
C:\Program Files\Media Access -> Adware.MediaAccess : Cleaned with backup
C:\Program Files\Media Access\MediaAccess.exe -> Adware.MediaAccess : Cleaned with backup
C:\Program Files\Power Scan -> Adware.PowerScan : Cleaned with backup
C:\Program Files\SideFind -> Adware.SideFind : Cleaned with backup
C:\Program Files\SideFind\update -> Adware.SideFind : Cleaned with backup
C:\WINNT\system32\checkIn.dll -> Trojan.Dialer.ks : Cleaned with backup
C:\WINNT\system32\usbtcpip.exe -> Downloader.Apropo.t : Cleaned with backup
C:\WINNT\wsem303.dll -> Downloader.Dyfuca.dt : Cleaned with backup


::Report End





Logfile of HijackThis v1.99.1
Scan saved at 7:06:43 AM, on 4/6/06
Platform: Windows 2000 SP3 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\WINNT\system32\hidserv.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\PRPCUI.exe
C:\WINNT\System32\MsgSys.EXE
C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\NavNT\vptray.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\GetRight\getright.exe
C:\Program Files\Gigabyte\Gigabyte GN-WMAG 802.11g WLan (ATS)\G-EzLink.exe
C:\Program Files\stickies\stickies.exe
C:\WINNT\System32\MsiExec.exe
C:\HJT\HijackThis.exe

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [CP888M1] C:\PROGRA~1\EzButton\CP888M1.EXE
O4 - HKLM\..\Run: [PRPCMonitor] PRPCUI.exe
O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files\WordPerfect Office 11\Programs\QFSCHD110.EXE"
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Startup: Stickies.lnk = C:\Program Files\stickies\stickies.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check.lnk = C:\WINNT\system32\spool\drivers\w32x86\2\E_SRCV03.EXE
O4 - Global Startup: GetRight - Tray Icon.lnk = C:\Program Files\GetRight\getright.exe
O4 - Global Startup: GN-WMAG Utility.lnk = C:\Program Files\Gigabyte\Gigabyte GN-WMAG 802.11g WLan (ATS)\G-EzLink.exe
O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Download with GetRight - C:\PROGRA~1\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\PROGRA~1\GetRight\GRbrowse.htm
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O12 - Plugin for .png: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O20 - AppInit_DLLs: NVDESK32.DLL C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O20 - Winlogon Notify: NavLogon - C:\WINNT\System32\NavLogon.dll
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINNT\system32\ZoneLabs\vsmon.exe






Logfile of HijackThis v1.99.1
Scan saved at 7:06:43 AM, on 4/6/06
Platform: Windows 2000 SP3 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\WINNT\system32\hidserv.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\PRPCUI.exe
C:\WINNT\System32\MsgSys.EXE
C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\NavNT\vptray.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\GetRight\getright.exe
C:\Program Files\Gigabyte\Gigabyte GN-WMAG 802.11g WLan (ATS)\G-EzLink.exe
C:\Program Files\stickies\stickies.exe
C:\WINNT\System32\MsiExec.exe
C:\HJT\HijackThis.exe

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [CP888M1] C:\PROGRA~1\EzButton\CP888M1.EXE
O4 - HKLM\..\Run: [PRPCMonitor] PRPCUI.exe
O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files\WordPerfect Office 11\Programs\QFSCHD110.EXE"
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Startup: Stickies.lnk = C:\Program Files\stickies\stickies.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check.lnk = C:\WINNT\system32\spool\drivers\w32x86\2\E_SRCV03.EXE
O4 - Global Startup: GetRight - Tray Icon.lnk = C:\Program Files\GetRight\getright.exe
O4 - Global Startup: GN-WMAG Utility.lnk = C:\Program Files\Gigabyte\Gigabyte GN-WMAG 802.11g WLan (ATS)\G-EzLink.exe
O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Download with GetRight - C:\PROGRA~1\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\PROGRA~1\GetRight\GRbrowse.htm
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O12 - Plugin for .png: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O20 - AppInit_DLLs: NVDESK32.DLL C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O20 - Winlogon Notify: NavLogon - C:\WINNT\System32\NavLogon.dll
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINNT\system32\ZoneLabs\vsmon.exe
[ + quote]
PatHL
Newbie
_ 		6. April 2006 @ 10:38 _ Link to this message    Send private message to this user   
[ + quote]

This message has been edited since posting. Last time this message was edited on 6. April 2006 @ 14:44
PatHL
Newbie
_ 		6. April 2006 @ 10:46 _ Link to this message    Send private message to this user   
[ + quote]

This message has been edited since posting. Last time this message was edited on 6. April 2006 @ 14:46
PatHL
Newbie
_ 		6. April 2006 @ 10:49 _ Link to this message    Send private message to this user   
[ + quote]

This message has been edited since posting. Last time this message was edited on 6. April 2006 @ 14:59
-kemisti-
AfterDawn Addict
_ 		6. April 2006 @ 22:40 _ Link to this message    Send private message to this user   
Hi PatHL

Those logs look good

However, I still need this: contents of C:\smitfiles.txt file

Also, please run aproposfix:

Donwload aproposfix:

http://swandog46.geekstogo.com/aproposfix.exe

Save it on desktop. Don't run it yet

Boot in safe mode (tap F8 while booting)

In safe mode doubleclick aproposfix.exe and extract it on desktop
in its own folder.

Doubleclick runthis.bat and follow instructions

Reboot, send log.txt from aproposfix folder and contents of C:\smitfiles.txt file.
[ + quote]
PatHL
Newbie
_ 		10. April 2006 @ 08:23 _ Link to this message    Send private message to this user   
Kemisti -

I appreciate your last note. See below the output of the smitfile and log from the aproposfix. By the way, I'd like to learn a bit more of how to interpret and understand better the output of HjT and malware related issues. Can you recommend a guide or place I could go to read up on such issues?

-- PatHL.




smitRem © log file
version 2.8

by noahdfear


Microsoft Windows 2000 [Version 5.00.2195]
The current date is: Wed 04/05/2006
The current time is: 15:04:36.81

Running from
C:\Documents and Settings\cguser\Desktop\smitRem

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Pre-run SharedTask Export

(GetSTS.exe) SharedTaskScheduler exporter by Lawrence Abrams (Grinler)
Copyright(C) 2006 BleepingComputer.com

Registry Pseudo-Format Mode (Not a valid reg file):

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32]
@="%SystemRoot%\System32\browseui.dll"


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32]
@="%SystemRoot%\System32\browseui.dll"


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

checking for ShudderLTD key

ShudderLTD key not present!

checking for PSGuard.com key


PSGuard.com key not present!


checking for WinHound.com key


WinHound.com key not present!

spyaxe uninstaller NOT present
Winhound uninstaller NOT present
SpywareStrike uninstaller NOT present

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Existing Pre-run Files


~~~ Program Files ~~~



~~~ Shortcuts ~~~

Crystalys Media folder


~~~ Favorites ~~~



~~~ system32 folder ~~~



~~~ Icons in System32 ~~~



~~~ Windows directory ~~~



~~~ Drive root ~~~


~~~ Miscellaneous Files/folders ~~~




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 184 'explorer.exe'

Starting registry repairs

Registry repairs complete

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

SharedTask Export after registry fix

(GetSTS.exe) SharedTaskScheduler exporter by Lawrence Abrams (Grinler)
Copyright(C) 2006 BleepingComputer.com

Registry Pseudo-Format Mode (Not a valid reg file):

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32]
@="%SystemRoot%\System32\browseui.dll"


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32]
@="%SystemRoot%\System32\browseui.dll"


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Deleting files

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Remaining Post-run Files


~~~ Program Files ~~~



~~~ Shortcuts ~~~

Crystalys Media folder


~~~ Favorites ~~~



~~~ system32 folder ~~~



~~~ Icons in System32 ~~~



~~~ Windows directory ~~~



~~~ Drive root ~~~


~~~ Miscellaneous Files/folders ~~~


~~~ Wininet.dll ~~~

CLEAN! :)








Log of AproposFix v1.1

************

Running from directory:
C:\Documents and Settings\cguser\Desktop\aproposfix

************



Registry entries found:


************

No service found!

Removing hidden folder:
No folder found!

Deleting files:


Backing up files:
Done!

Removing registry entries:

REGEDIT4


Done!

Finished!
[ + quote]
-kemisti-
AfterDawn Addict
_ 		10. April 2006 @ 09:35 _ Link to this message    Send private message to this user   
[ + quote]
PatHL
Newbie
_ 		10. April 2006 @ 10:12 _ Link to this message    Send private message to this user   
Kemisti --

Strange. I followed the instruction (from the link you sent me), but my "Program Files" folder has no trace of the Crystals media folder. Indeed, I did a search for that folder name on my entire HD, but couldn't find it anywhere.

What am I doing wrong?

-- PatHL.
[ + quote]
Advertisement
_ 		__
 
_
-kemisti-
AfterDawn Addict
_ 		10. April 2006 @ 21:46 _ Link to this message    Send private message to this user   
Ok, that's just a shortcut. Check your desktop for a crystalys media icon and delete it if found.
[ + quote]
Related links
Download the latest version of HijackThis now!
 
Related forum topics Posts Last post Forum room
HijackThis 101 1 11. September 2013 Windows - Virus and spyware problems
Had Department of Justice money pack virus. Now computer is acting strange. Could someone take a look at my hijackthis log? 64 6. January 2013 Windows - Virus and spyware problems
ComboFix/HIJackThis Log Help 9 10. April 2012 Windows - Virus and spyware problems
Please review HiJackThis log and help 1 11. November 2011 Windows - Virus and spyware problems
HijackThis Log File! 3 27. June 2011 Windows - Virus and spyware problems
please help read hijackthis log 1 7. April 2011 Windows - Virus and spyware problems
HijackThis Log, Please Help ! 5 4. April 2011 Windows - Virus and spyware problems
HiJackThis log...pls help 1 2. April 2011 Windows - Virus and spyware problems
My Hijackthis log file, please help 2 20. February 2011 Windows - Virus and spyware problems
Malware help! hijackthis log provided. 6 29. September 2010 Windows - Virus and spyware problems

 
afterdawn.com > forums > software, operating systems and more > windows - virus and spyware problems > virus/malware? log of hijackthis
 

Digital video: AfterDawn.com | AfterDawn Forums
Music: MP3Lizard.com
Gaming: Blasteroids.com | Blasteroids Forums | Compare game prices
Software: Software downloads
Blogs: User profile pages
RSS feeds: AfterDawn.com News | Software updates | AfterDawn Forums
International: AfterDawn in Finnish | AfterDawn in Swedish | AfterDawn in Norwegian | download.fi
Navigate: Search | Site map
About us: About AfterDawn Ltd | Advertise on our sites | Rules, Restrictions, Legal disclaimer & Privacy policy
Contact us: Send feedback | Contact our media sales team
 
  © 1999-2024 by AfterDawn Ltd.

  IDG TechNetwork