Mobile/PDA About Us Advertise here
User User name Password  
  Not registered yet? Register here.
Lost your password? Click here. 		 
  Home   News   Guides   Downloads   Glossary   Hardware   Profiles   Forums   v4  
 Advertise at AfterDawn.com     Link to us!     Private messages     Compose a private message     List of all updated threads     Threads without replies     Search messages
Sunday 24.11.2024 / 14:31
Search AfterDawn Forums:        In English   Suomeksi   På svenska
afterdawn.com > forums > software, operating systems and more > windows - virus and spyware problems > qoologic i can't shake it! help please!
Show topics
 
Forums
Forums
Qoologic I can't shake it! Help Please!
  Jump to:
 
Posted Message
Page:123Next >
blksage
Newbie
_ 		7. May 2006 @ 14:28 _ Link to this message    Send private message to this user   
I have tried everything to get rid of this bug! It keeps loading sqiqt.exe and ioqmkrw.exe at startup. HJT finds the files, but soesn't delete them, Qoolfind fids them, but when I search for them on the hard drive, they are nowhere to be found.

Can anyone help?
[ + quote]
Advertisement
_ 		__
JaPK
Senior Member
_ 		7. May 2006 @ 20:10 _ Link to this message    Send private message to this user   
Hi blksage, please post a HijackThis log to here and we'll help you out

Instructions for posting -> http://forums.afterdawn.com/thread_view.cfm/263784
(steps 3-5)
[ + quote]
I have moved from AD, I won''t be taking new HijackThis logs from here. Reason: The AD''s Unsupportive athmosphere.
blksage
Newbie
_ 		8. May 2006 @ 19:24 _ Link to this message    Send private message to this user   
Here Ya Go! Thanks for the help!

Logfile of HijackThis v1.99.1
Scan saved at 8:20:19 PM, on 5/8/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\$sys$filesystem\$sys$DRMServer.exe
C:\WINDOWS\CDProxyServ.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Microsoft SQL Server\MSSQL$ACT7\Binn\sqlservr.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe
C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\DropBox\DropBox\DropBox.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\NETGEAR\WG311T\wlancfg5.exe
C:\Program Files\ScanSoft\NaturallySpeaking8\Program\natspeak.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\Adobe\Acrobat 7.0\Acrobat\plug_ins\PaperCapture\Server\Roman\Capserve.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\Mickey\LOCALS~1\Temp\Rar$EX00.016\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr6/...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr6/...
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://as.starware.com/dp/search?x=wKX1ILEOi+UdWpSlz2q9Dzn13Emww/...
R3 - URLSearchHook: ScriptInocUI Class - - (no file)
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\sqiqt.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM32\Userinit.exe,dmoueol.exe
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O2 - BHO: SDWin32 Class - {DE65D61F-D457-4007-9E72-82438E049080} - blank (file missing)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [TotalRecorderScheduler] "C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe"
O4 - HKLM\..\Run: [HydraVisionDesktopManager] C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe -Embedding -boot
O4 - HKLM\..\Run: [DNS7reminder] "C:\Program Files\ScanSoft\NaturallySpeaking8\Program\ereg.exe" -r "C:\Program Files\ScanSoft\NaturallySpeaking8\Program\ereg.ini"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [APL] "C:\Program Files\ACT\ACT for Win 7\APL.exe"
O4 - HKLM\..\Run: [DropBoxUtility] "C:\Program Files\DropBox\DropBox\DropBox.exe" /s
O4 - HKLM\..\Run: [winlog] winlog.exe
O4 - HKLM\..\Run: [wa7784d9.dll] RUNDLL32.EXE wa7784d9.dll,I2 000c171a0a7784d9
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [w0dcc8b0.dll] RUNDLL32.EXE w0dcc8b0.dll,I2 000c171a00dcc8b0
O4 - HKLM\..\RunServices: [winlog] winlog.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
O4 - Startup: Dragon NaturallySpeaking.lnk = C:\Program Files\ScanSoft\NaturallySpeaking8\Program\natspeak.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: NETGEAR WG311T Wireless Assistant.lnk = C:\Program Files\NETGEAR\WG311T\wlancfg5.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Attach Web page to ACT! contact - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll (file missing)
O9 - Extra 'Tools' menuitem: Attach Web page to ACT! contact... - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x8...
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Filter: text/html - (no CLSID) - (no file)
O20 - Winlogon Notify: DateTime - C:\WINDOWS\
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Plug and Play Device Manager ($sys$DRMServer) - First 4 Internet Ltd - C:\WINDOWS\system32\$sys$filesystem\$sys$DRMServer.exe
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: XCP CD Proxy (CD_Proxy) - Unknown owner - C:\WINDOWS\CDProxyServ.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Rio MSC Manager (RioMSC) - Digital Networks North America, Inc. - C:\WINDOWS\system32\RioMSC.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
[ + quote]
JaPK
Senior Member
_ 		9. May 2006 @ 09:16 _ Link to this message    Send private message to this user   
Hi again and sorry for the long wait, I've been really busy :)

Ok, you got some infections....

Cleaning instructions:

1.Move HijackThis into its own folder C:\HJT

2.Download and install Ewido, UPDATE it, but do NOT run a scan yet. -> http://www.ewido.net/en/download
We'll use it later.

3.Download ATF Cleaner by Atribune to your desktop -> http://www.atribune.org/ccount/click.php?id=1
Do NOT run yet.

4.Download Look2Me-Destroyer -> http://www.atribune.org/ccount/click.php?id=7 and save it on desktop

5.IMPORTANT: Before continuing, you MUST do the following:

->Print this or save as a textfile
->Click start -> run -> services.msc -> ok
->Check that this service is running or its startuptype is automatic
Secondary logon
->Disconnect from internet (unplug your network cable)
->Close ALL antivirus programs (this is essential!)
->Close all windows before continuing.
->Double-click Look2Me-Destroyer.exe to run it.
->Put a check next to Run this program as a task.
->You will receive a message saying Look2Me-Destroyer will close and re-open in approximately 10 seconds. Click OK
->When Look2Me-Destroyer re-opens, click the Scan for L2M button, your desktop icons will disappear, this is normal.
->Once it's done scanning, click the Remove L2M button.
->You will receive a Done Scanning message, click OK.
->When completed, you will receive this message: Done removing infected files! Look2Me-Destroyer will now shutdown your computer, click OK.
->Your computer will then shutdown.
->Turn your computer back on.

If you receive a message from your firewall about this program accessing the internet please allow it.

If you receive a runtime error '339' please download MSWINSCK.OCX from the link below and place it in your C:\Windows\System32 Directory.
http://www.ascentive.com/support/new/images/lib/MSWINSCK.OCX

6.Download BFU.zip to your desktop -> http://www.merijn.org/files/bfu.zip
Then create a new folder named BFU to C:\ and unzip BFU.zip to that folder

7.Then download qooFix.bat -> http://downloads.subratam.org/Lon/qooFix.bat
Save it to folder C:\bfu (same folder you installed BFU)

Close all other windows, including explorer folders.
Go to C:\bfu and doubleclick the file QooFix.bat
Choose option 1# (QoolFix autofix) and follow the instructions.
Be patient, it takes about 5 minutes.

8.Fix the following entries with HijackThis (run HijackThis, press "Do a system scan only", close all other windows, checkmark entries and press Fix checked):

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr6/...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr6/...
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://as.starware.com/dp/search?x=wKX1ILEOi+UdWpSlz2q9Dzn13Emww/...
R3 - URLSearchHook: ScriptInocUI Class - - (no file)
O2 - BHO: SDWin32 Class - {DE65D61F-D457-4007-9E72-82438E049080} - blank (file missing)
O4 - HKLM\..\Run: [winlog] winlog.exe
O4 - HKLM\..\Run: [wa7784d9.dll] RUNDLL32.EXE wa7784d9.dll,I2 000c171a0a7784d9
O4 - HKLM\..\Run: [w0dcc8b0.dll] RUNDLL32.EXE w0dcc8b0.dll,I2 000c171a00dcc8b0
O4 - HKLM\..\RunServices: [winlog] winlog.exe
O18 - Filter: text/html - (no CLSID) - (no file)
O20 - Winlogon Notify: DateTime - C:\WINDOWS\

9.Restart your computer to the safemode -> http://www.pchell.com/support/safemode.shtml

10.Use the Windows "search" function
-> Start
-> Search
-> All files and folders
-> More advanced options

Checkmark these options:
- "Search system folders"
- "Search hidden files and folders"
- "Search subfolders"

->Search for this and delete if found: winlog.exe
->Search for this and delete if found: wa7784d9.dll
->Search for this and delete if found: w0dcc8b0.dll

11.Run ATF Cleaner -> Check select all -> Press Empty selected

12.Scan and clean your computer with Ewido and save the log file.

13.Restart your computer normally, make your hidden files invisible again

14.Download F-Secure Blacklight to your desktop -> http://www.europe.f-secure.com/exclude/blacklight/blbeta.exe

Run a scan with Blacklight, a log named fsbl**********.log will appear to your desktop.
DO not rename/remove anything with blacklight yet.

15.Post the following logs to here:
-> a fresh HijackThis log
-> Ewido's log
-> C:\Look2Me-Destroyer.txt
-> contents of fsbl**********.log (from your desktop)
[ + quote]
I have moved from AD, I won''t be taking new HijackThis logs from here. Reason: The AD''s Unsupportive athmosphere.

This message has been edited since posting. Last time this message was edited on 9. May 2006 @ 09:20
blksage
Newbie
_ 		9. May 2006 @ 23:31 _ Link to this message    Send private message to this user   
Followed Directions, Here are the logs! Thank you so much!

S.

Logfile of HijackThis v1.99.1
Scan saved at 12:27:16 AM, on 5/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe
C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\DropBox\DropBox\DropBox.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\WINDOWS\system32\$sys$filesystem\$sys$DRMServer.exe
C:\WINDOWS\CDProxyServ.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\NETGEAR\WG311T\wlancfg5.exe
C:\Program Files\ScanSoft\NaturallySpeaking8\Program\natspeak.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Microsoft SQL Server\MSSQL$ACT7\Binn\sqlservr.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\sqiqt.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM32\Userinit.exe,dmoueol.exe
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [TotalRecorderScheduler] "C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe"
O4 - HKLM\..\Run: [HydraVisionDesktopManager] C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe -Embedding -boot
O4 - HKLM\..\Run: [DNS7reminder] "C:\Program Files\ScanSoft\NaturallySpeaking8\Program\ereg.exe" -r "C:\Program Files\ScanSoft\NaturallySpeaking8\Program\ereg.ini"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [APL] "C:\Program Files\ACT\ACT for Win 7\APL.exe"
O4 - HKLM\..\Run: [DropBoxUtility] "C:\Program Files\DropBox\DropBox\DropBox.exe" /s
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKLM\..\Run: [byueth] C:\WINDOWS\system32\chqmtj.exe reg_run
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [xvcgu] C:\WINDOWS\system32\chqmtj.exe reg_run
O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
O4 - Startup: Dragon NaturallySpeaking.lnk = C:\Program Files\ScanSoft\NaturallySpeaking8\Program\natspeak.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: NETGEAR WG311T Wireless Assistant.lnk = C:\Program Files\NETGEAR\WG311T\wlancfg5.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Attach Web page to ACT! contact - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll (file missing)
O9 - Extra 'Tools' menuitem: Attach Web page to ACT! contact... - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x8...
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O23 - Service: Plug and Play Device Manager ($sys$DRMServer) - First 4 Internet Ltd - C:\WINDOWS\system32\$sys$filesystem\$sys$DRMServer.exe
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: XCP CD Proxy (CD_Proxy) - Unknown owner - C:\WINDOWS\CDProxyServ.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Rio MSC Manager (RioMSC) - Digital Networks North America, Inc. - C:\WINDOWS\system32\RioMSC.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe


---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 12:17:51 AM, 5/10/2006
+ Report-Checksum: 69D523E6

+ Scan result:

:mozilla.6:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.7:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.8:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.9:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.10:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.11:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.12:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.13:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.14:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.15:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.17:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.18:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.19:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.20:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.21:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.22:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.23:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.24:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.25:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.26:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.27:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.28:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.29:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.30:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.31:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.32:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.33:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.34:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.36:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.37:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.38:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.39:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.40:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.41:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.42:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.43:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.44:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.45:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.46:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.47:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.48:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.49:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.50:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.51:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.52:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.53:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.54:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.55:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.56:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.57:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.58:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.98:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.99:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.100:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.104:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.105:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.107:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.113:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.122:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.123:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.124:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.125:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.126:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.127:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.128:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.129:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.130:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.132:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.133:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.134:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.138:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.147:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.148:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.153:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.156:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup
:mozilla.157:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup
:mozilla.158:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.159:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.160:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.161:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.162:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.164:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.172:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.173:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.174:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.175:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.176:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.177:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.178:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.180:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup
:mozilla.181:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup
:mozilla.187:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.188:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.189:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.190:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.191:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.192:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.193:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.194:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.195:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.196:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.218:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.219:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.220:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.221:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.222:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.223:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.229:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.230:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.231:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.232:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.233:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.234:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.235:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.236:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.237:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.240:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.241:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.242:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.243:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.245:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.246:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.247:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.248:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.249:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned with backup
:mozilla.272:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup
:mozilla.273:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup
:mozilla.281:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup
:mozilla.282:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup
:mozilla.287:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.288:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.289:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Addynamix : Cleaned with backup
:mozilla.290:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.291:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.292:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.293:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.294:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup
:mozilla.295:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup
:mozilla.302:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.306:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.307:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.308:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.309:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.310:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.311:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.312:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.313:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.314:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.336:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.337:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.350:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup
:mozilla.351:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup
:mozilla.364:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned with backup
:mozilla.389:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.390:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.427:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Starware : Cleaned with backup
:mozilla.428:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Starware : Cleaned with backup
:mozilla.538:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.539:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.542:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.553:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.587:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.588:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.589:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.590:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.591:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.601:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup
:mozilla.625:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.629:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.630:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.631:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.632:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.633:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.634:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.635:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.636:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.637:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.638:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.639:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.640:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.641:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.642:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.643:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.644:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.645:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.646:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.647:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.648:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.649:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.650:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.651:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.652:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.653:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.654:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.655:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.656:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.657:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.658:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.659:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup
:mozilla.660:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup
:mozilla.661:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup
:mozilla.666:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.667:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.668:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.709:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.710:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.711:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.712:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.713:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.714:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.715:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.716:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.717:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.718:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.719:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.723:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Clickhype : Cleaned with backup
:mozilla.733:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.737:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup
:mozilla.738:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup
:mozilla.795:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.796:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.797:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.798:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.801:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup
:mozilla.802:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup
:mozilla.803:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.804:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.805:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.806:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.807:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.808:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.809:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.810:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.820:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Starware : Cleaned with backup
:mozilla.823:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Cqcounter : Cleaned with backup
:mozilla.839:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Adtrak : Cleaned with backup
:mozilla.840:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Adtrak : Cleaned with backup
:mozilla.849:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned with backup
:mozilla.925:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Starware : Cleaned with backup
C:\Documents and Settings\Mickey\Local Settings\Temporary Internet Files\Content.IE5\UTVN46KC\NNSCAA638[1].EXE -> Adware.NewDotNet : Cleaned with backup
C:\keyboard17.exe -> Downloader.VB.aci : Cleaned with backup
C:\LottoFun.exe -> Dropper.Agent.hl : Cleaned with backup
C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll -> Adware.Aws : Cleaned with backup
C:\Program Files\ComPlus Applications\womeveq.dll -> Downloader.Small.ctp : Cleaned with backup
C:\Program Files\Windows Media Player\wwmsetsdk.exe -> Adware.Agent : Cleaned with backup
C:\WINDOWS\mousepad17.exe -> Downloader.VB.aci : Cleaned with backup
C:\WINDOWS\NDNuninstall7_22.exe -> Adware.NewDotNet : Cleaned with backup
C:\WINDOWS\SYSC00.ex$ -> Trojan.VB.tg : Cleaned with backup
C:\WINDOWS\system32\explorer.exe -> Downloader.Small.cts : Cleaned with backup
C:\WINDOWS\system32\hdaiyfg.vxd -> Trojan.Painwin.a : Cleaned with backup
C:\WINDOWS\system32\repairs303169584.dll -> Adware.Surfside : Cleaned with backup
C:\WINDOWS\system32\rwinkqaf.exe -> Adware.ZenoSearch : Cleaned with backup
C:\WINDOWS\system32\s_install_ID8.exe -> Downloader.Small.aav : Cleaned with backup
C:\WINDOWS\system32\unpack.exe -> Trojan.Painwin.a : Cleaned with backup


::Report End


Look2Me-Destroyer V1.0.12

Scanning for infected files.....
Scan started at 5/9/2006 11:20:11 PM


Attempting to delete infected files...

Making registry repairs.

Removing: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\DateTime

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{FADAE73F-108F-434E-987C-3EBFF0966322}"
HKCR\Clsid\{FADAE73F-108F-434E-987C-3EBFF0966322}

Restoring Windows certificates.

Replaced hosts file with default windows hosts file


Restoring SeDebugPrivilege for Administrators - Succeeded


05/10/06 00:22:28 [Info]: BlackLight Engine 1.0.36 initialized
05/10/06 00:22:28 [Info]: OS: 5.1 build 2600 (Service Pack 2)
05/10/06 00:22:28 [Note]: 7019 4
05/10/06 00:22:28 [Note]: 7005 0
05/10/06 00:22:33 [Note]: 7006 0
05/10/06 00:22:33 [Note]: 7011 1864
05/10/06 00:22:33 [Note]: 7026 0
05/10/06 00:22:34 [Note]: 7026 0
05/10/06 00:22:41 [Note]: FSRAW library version 1.7.1015
05/10/06 00:26:21 [Note]: 2000 1006
05/10/06 00:26:31 [Note]: 7007 0
[ + quote]
aabbccdd
Suspended permanently
_ 		10. May 2006 @ 01:27 _ Link to this message    Send private message to this user   
heres mine ,hows it look

Logfile of HijackThis v1.99.1
Scan saved at 4:22:22 AM, on 5/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\SPOOLSV.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\PROGRAM FILES\EWIDO ANTI-MALWARE\EWIDOGUARD.EXE
C:\PROGRA~1\TRENDM~1\INTERN~2\PCCTLCOM.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
C:\PROGRAM FILES\SLYSOFT\ANYDVD\ANYDVD.EXE
C:\PROGRAM FILES\WINDOWS DEFENDER\MSASCUI.EXE
C:\WINDOWS\system32\MsPMSPSv.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\TMPFW.EXE
C:\PROGRAM FILES\WEBROOT\SPY SWEEPER\SPYSWEEPER.EXE
C:\Program Files\WinPortrait\wpctrl.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRAM FILES\MESSENGER\MSMSGS.EXE
C:\Program Files\WinPortrait\floater.exe
C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHMAISV.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHWEBSV.EXE
C:\PROGRA~1\TRENDM~1\INTERN~2\PccGuide.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Nero\Nero 7\Nero ShowTime\ShowTime.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\TMPROXY.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\SPYBOTSD.EXE
C:\Documents and Settings\Led Zeppelin\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [AnyDVD] "C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SpySweeper] "C:\PROGRAM FILES\WEBROOT\SPY SWEEPER\SPYSWEEPER.EXE" /startintray
O4 - HKLM\..\Run: [PivotSoftware] "C:\Program Files\WinPortrait\wpctrl.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Gadwin PrintScreen 3.1] C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe
[ + quote]

This message has been edited since posting. Last time this message was edited on 10. May 2006 @ 01:28
JaPK
Senior Member
_ 		10. May 2006 @ 02:53 _ Link to this message    Send private message to this user   
@blksage

Ok good, lets clean the leftovers:

Fix the following entries with HijackThis:

F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\sqiqt.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM32\Userinit.exe,dmoueol.exe
O4 - HKLM\..\Run: [byueth] C:\WINDOWS\system32\chqmtj.exe reg_run
O4 - HKCU\..\Run: [xvcgu] C:\WINDOWS\system32\chqmtj.exe reg_run

Make your hidden files visible and delete this folder:
C:\Program Files\AWS

Make your hidden files invisible and post a fresh HijackThis log to here.

---------------------------------------------------------
@aabbccdd

Ok, that Trendmicro software is just a firewall, right?

Your log is clean, just a few leftovers. Fix the following entries with HijackThis (run HijackThis, press "Do a system scan only", close all other windows, checkmark entries and press Fix checked):

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

[ + quote]
I have moved from AD, I won''t be taking new HijackThis logs from here. Reason: The AD''s Unsupportive athmosphere.

This message has been edited since posting. Last time this message was edited on 10. May 2006 @ 02:53
aabbccdd
Suspended permanently
_ 		10. May 2006 @ 09:52 _ Link to this message    Send private message to this user   
i have Trend Mirco PC-cillin Internet Security 2006

thanks for the info. i checked and deleted them but i dont think its fixed heres a fresh log. the insightbb.com is my homepage though

Logfile of HijackThis v1.99.1
Scan saved at 1:05:53 PM, on 5/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\SPOOLSV.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\PROGRAM FILES\EWIDO ANTI-MALWARE\EWIDOGUARD.EXE
C:\PROGRA~1\TRENDM~1\INTERN~2\PCCTLCOM.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
C:\PROGRAM FILES\SLYSOFT\ANYDVD\ANYDVD.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\PROGRAM FILES\WEBROOT\SPY SWEEPER\SPYSWEEPER.EXE
C:\PROGRA~1\TRENDM~1\INTERN~2\TMPFW.EXE
C:\Program Files\WinPortrait\wpctrl.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRAM FILES\MESSENGER\MSMSGS.EXE
C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
C:\Program Files\WinPortrait\floater.exe
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHMAISV.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHWEBSV.EXE
C:\PROGRA~1\TRENDM~1\INTERN~2\PccGuide.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\TMPROXY.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\Documents and Settings\Led Zeppelin\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.insightbb.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [AnyDVD] "C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
[ + quote]

This message has been edited since posting. Last time this message was edited on 10. May 2006 @ 10:10
JaPK
Senior Member
_ 		10. May 2006 @ 10:26 _ Link to this message    Send private message to this user   
@aabbccdd

Ok, that entry wasn't whole in your first log but it is ok now.

You seem to have two antiviruses running at the same time, trendmicro and avast. (the TrendMicro is an internet security version, it includes firewall&antivirus)

Running two antiviruses at the same time is not recommended (might cause freezes, slowdowns etc.)

You should either disable trendmicros antivirus from its settings or remove avast through Control Panel -> Add/Remove Programs. (if you decide to remove the whole trendmicro software, you should install a new firewall too)
[ + quote]
I have moved from AD, I won''t be taking new HijackThis logs from here. Reason: The AD''s Unsupportive athmosphere.

This message has been edited since posting. Last time this message was edited on 10. May 2006 @ 10:27
aabbccdd
Suspended permanently
_ 		10. May 2006 @ 10:39 _ Link to this message    Send private message to this user   
yeah iam going to uninstall the avast ,my IE got highjacked early last week so i was trying different programs.

my Trend Mirco is Quarantining this TROJ_ZLOB.NU but my system seems to be running fine,iam i ok?

thanks for the help
[ + quote]

This message has been edited since posting. Last time this message was edited on 10. May 2006 @ 10:39
JaPK
Senior Member
_ 		10. May 2006 @ 10:39 _ Link to this message    Send private message to this user   
Ok lets see if you're clean:

Download SmitfraudFix.zip to your desktop -> http://siri.urz.free.fr/Fix/SmitfraudFix.zip

Unzip it (folder named SmitFraudFix) to your desktop:

Open the folder SmitfraudFix and doubleclick smitfraudfix.cmd
Choose option #1 - Search by typing 1 and pressing "Enter"; a textfile opens and lists the infected files (if those exist)

Post the contents of this textfile to here.

(Some antiviruses recognises process.exe as a malware. It is not malware, it is a program that stops processes)
[ + quote]
I have moved from AD, I won''t be taking new HijackThis logs from here. Reason: The AD''s Unsupportive athmosphere.
aabbccdd
Suspended permanently
_ 		10. May 2006 @ 23:37 _ Link to this message    Send private message to this user   
i open it and dont see an option 1 ,this is what iam getting ,says press any key after i press a key it(the box) disappears. does this mean iam clean?

[ + quote]

This message has been edited since posting. Last time this message was edited on 10. May 2006 @ 23:46
JaPK
Senior Member
_ 		11. May 2006 @ 03:39 _ Link to this message    Send private message to this user   
Ok, your antivirus seems to remove this process.exe file (it thinks that it is malware)

Did you get any warning about this process.exe file when you downloaded the smitfraudfix.zip? I you got one, you should download smitfraudfix again and this time, allow it.

[ + quote]
I have moved from AD, I won''t be taking new HijackThis logs from here. Reason: The AD''s Unsupportive athmosphere.
aabbccdd
Suspended permanently
_ 		11. May 2006 @ 10:52 _ Link to this message    Send private message to this user   
i have try it 20 times thats all i get , i will post some screen shots later. iam not going to turn off the trend mirco to do it since ive had to many problems , iam going to re-format in a month or so anyway.
[ + quote]

This message has been edited since posting. Last time this message was edited on 11. May 2006 @ 10:53
JaPK
Senior Member
_ 		11. May 2006 @ 21:09 _ Link to this message    Send private message to this user   
Ok it doesn't work because it is missing a component (process.exe file).

But TrendMicro has propably deleted that trojan infection...

You could update your Ewido and run a scan with it, save the log and post it to here when ready.
[ + quote]
I have moved from AD, I won''t be taking new HijackThis logs from here. Reason: The AD''s Unsupportive athmosphere.
aabbccdd
Suspended permanently
_ 		11. May 2006 @ 23:35 _ Link to this message    Send private message to this user   
Trend Mirco is Quarantining the virus TROJ_ZLOB.NU NOT cleaning it. the Ewido comes up clean on a scan
[ + quote]
JaPK
Senior Member
_ 		12. May 2006 @ 10:04 _ Link to this message    Send private message to this user   
Ok good, are you having any other problems?
[ + quote]
I have moved from AD, I won''t be taking new HijackThis logs from here. Reason: The AD''s Unsupportive athmosphere.
aabbccdd
Suspended permanently
_ 		12. May 2006 @ 10:57 _ Link to this message    Send private message to this user   
everything seems to be running fine ,other than i have lost 2 gigs of harddrive space for no reason ,running "Necrofile" now to see if i can get it back will let you know ,thanks for the help
[ + quote]
JaPK
Senior Member
_ 		12. May 2006 @ 11:02 _ Link to this message    Send private message to this user   
You're welcome :)
[ + quote]
I have moved from AD, I won''t be taking new HijackThis logs from here. Reason: The AD''s Unsupportive athmosphere.
aabbccdd
Suspended permanently
_ 		13. May 2006 @ 01:16 _ Link to this message    Send private message to this user   
JaPAK i cant seem to boot into safe mode without crashing windows to do it lol. when i finally got into safe mode i did a couple scans ewido came up clean but spysweeper came up with trojan agent winlogon hook is this stuff reinstalling when i reboot? and can i get rid of all this stuff for good without reformatting? bheres a fresh HJT log

Logfile of HijackThis v1.99.1
Scan saved at 4:17:32 AM, on 5/13/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\SPOOLSV.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\PROGRAM FILES\EWIDO ANTI-MALWARE\EWIDOGUARD.EXE
C:\PROGRA~1\TRENDM~1\INTERN~2\PCCTLCOM.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\TMPROXY.EXE
C:\WINDOWS\system32\MsPMSPSv.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\TMPFW.EXE
C:\PROGRAM FILES\SLYSOFT\ANYDVD\ANYDVD.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\WinPortrait\wpctrl.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\PROGRAM FILES\MESSENGER\MSMSGS.EXE
C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
C:\Program Files\WinPortrait\floater.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\PccGuide.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\Documents and Settings\Led Zeppelin\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.insightbb.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [AnyDVD] "C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [PivotSoftware] "C:\Program Files\WinPortrait\wpctrl.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Gadwin PrintScreen 3.1] C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe
[ + quote]

This message has been edited since posting. Last time this message was edited on 13. May 2006 @ 01:21
JaPK
Senior Member
_ 		13. May 2006 @ 02:47 _ Link to this message    Send private message to this user   
Ok, your log looks clean.

Does the SpySweeper give you a location of that trojan ?
[ + quote]
I have moved from AD, I won''t be taking new HijackThis logs from here. Reason: The AD''s Unsupportive athmosphere.
aabbccdd
Suspended permanently
_ 		13. May 2006 @ 10:15 _ Link to this message    Send private message to this user   
no ,spysweeper is Quarantining it. guess i need to figure out a way to run SmitfraudFix to fix whatever this is right
[ + quote]
JaPK
Senior Member
_ 		13. May 2006 @ 10:53 _ Link to this message    Send private message to this user   
Ok. Check from the TrendMicros settings if there is a option not to scan inzide packed files (.zip files). If there is one, disable the packed files scanning and then download smitfraudfix.zip again to your desktop.

Then unplug your internet cable and disable the whole trendmicro.

Unzip smitfraudfix.zip (folder named SmitFraudFix) to your desktop:

Open the folder SmitfraudFix and doubleclick smitfraudfix.cmd
Choose option #1 - Search by typing 1 and pressing "Enter"; a textfile opens and lists the infected files (if those exist)

Save the contents of that textfile to your desktop.

Enable/Restart Trendmicro and enable the packed files scanning.

Re-plug your internet cable.

Post the contents of that smitfraudfix textfile to here.
[ + quote]
I have moved from AD, I won''t be taking new HijackThis logs from here. Reason: The AD''s Unsupportive athmosphere.
aabbccdd
Suspended permanently
_ 		13. May 2006 @ 13:02 _ Link to this message    Send private message to this user   
i disabled EVERYTHING and SmitfraudFix still wont run ,iam going to have to figure it out on my end i guess sorry to waste your time JaPAK ,thanks for all the great help
[ + quote]
Advertisement
_ 		__
 
_
JaPK
Senior Member
_ 		13. May 2006 @ 21:10 _ Link to this message    Send private message to this user   
Ok, did you try disable antivirus it before downloading smitfraudfix? If not, trendmicro has propably once again deleted that one file that belongs to the fix.
[ + quote]
I have moved from AD, I won''t be taking new HijackThis logs from here. Reason: The AD''s Unsupportive athmosphere.
 
Page:123Next >
afterdawn.com > forums > software, operating systems and more > windows - virus and spyware problems > qoologic i can't shake it! help please!
 

Digital video: AfterDawn.com | AfterDawn Forums
Music: MP3Lizard.com
Gaming: Blasteroids.com | Blasteroids Forums | Compare game prices
Software: Software downloads
Blogs: User profile pages
RSS feeds: AfterDawn.com News | Software updates | AfterDawn Forums
International: AfterDawn in Finnish | AfterDawn in Swedish | AfterDawn in Norwegian | download.fi
Navigate: Search | Site map
About us: About AfterDawn Ltd | Advertise on our sites | Rules, Restrictions, Legal disclaimer & Privacy policy
Contact us: Send feedback | Contact our media sales team
 
  © 1999-2024 by AfterDawn Ltd.

  IDG TechNetwork