Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan Taken Over


  • This topic is locked This topic is locked
12 replies to this topic

#1 Doughigh

Doughigh

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:44 PM

Posted 05 February 2006 - 10:55 AM

I think I have been hijacked. I have tried everythin I know (not that much) :thumbsup: and now need some help.

Here's the log file:

Logfile of HijackThis v1.99.1
Scan saved at 10:06:09 AM, on 2/5/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\PackethSvc.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
F:\Spyware Doctor\sdhelp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
D:\Netscape\Netscp.exe
C:\WINDOWS\system32\shell386.exe
F:\Spyware Doctor\swdoctor.exe
C:\WINDOWS\system32\mswinb32.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://d%3A%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\z6c6ro3j.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - F:\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: winapi32.MyBHO - {B439D5EB-0A61-4ED9-8C8F-EC4148BB23F7} - C:\WINDOWS\system32\winapi32.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - F:\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04b\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Mozilla Quick Launch] "d:\Netscape\Netscp.exe" -turbo
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
O4 - Global Startup: Wal-Mart Connect Tray Icon.lnk = C:\Program Files\wmconnect\wmtray.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - F:\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .avi: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINDOWS\system32\Brmfrmps.exe" -service (file missing)
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Virtual NIC Service (PackethSvc) - America Online, Inc. - C:\WINDOWS\system32\PackethSvc.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - F:\Spyware Doctor\sdhelp.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

Edited by Doughigh, 05 February 2006 - 10:57 AM.


BC AdBot (Login to Remove)

 


#2 Daemon

Daemon

    Security Expert


  • Members
  • 1,446 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:02:44 AM

Posted 05 February 2006 - 01:13 PM

Click here to download smitRem.exe and save the file to your desktop. Double click on the file to extract it to it's own folder on the desktop.

Click here to download ewido security suite - it is a trial version of the program.
  • Install ewido security suite
  • When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
  • Launch ewido, there should be an icon on your desktop double-click it.
  • The program will now go to the main screen
You will need to update ewido to the latest definition files.
  • On the left hand side of the main screen click update
  • Then click on Start Update
The update will start and a progress bar will show the updates being installed. Do NOT run a scan yet. Exit the program.

Click here to download Ad-Aware SE 1.06 and install' if you haven't already got it. Launch Ad-aware and click on "check for updates now" to make sure you have the latest reference file. Do NOT run a scan yet. Exit the program.

Next reboot into Safe Mode. You can get there by restarting your computer and continually tapping F8 until a menu appears. Use your arrow to highlight Safe Mode then hit enter.

Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen. Wait for the tool to complete and disk cleanup to finish. The tool will create a log named smitfiles.txt in the root of your drive (where your operating system is installed). You will need that log later.

Launch Ad-aware again:
  • Click "Start"
  • Select "Perform Full System scan"
  • Click "Next" to start the scan.
When the scan is finished, the screen will tell you if anything has been found.
  • Click "Next". The bad files will be listed.
  • Right click the pane and click "Select all objects" - this will put a check mark in the box at the side.
  • Click "Next" again
  • Click "OK" at the prompt "# objects will be removed. Continue?".
Exit the program.

Launch ewido again:
  • Click on scanner
  • Click on Complete System Scan and the scan will begin (do not open any folders or open the windows control panel while the scan is in progress).
  • While the scan is in progress you will be prompted to clean files, click OK
  • When it asks if you want to clean the first file, put a check in the lower left corner of the box that says "Perform action on all infections" then choose clean and click OK.
  • Once the scan has completed, there will be a button located on the bottom of the screen named Save report
  • Click Save report.
  • Save the report .txt file to your desktop.
Now close ewido.

Next click Start>Settings>Control Panel>Display>Desktop>Customize Desktop>Web and uncheck "Security Info" if present.

Reboot back into Normal Mode and click here to run ActiveScan.
  • Once you are on the Panda site click the Scan your PC button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When download is complete, click on My Computer to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.
Paste the contents of the Panda scan report, along with a new HijackThis Log, the contents of smitfiles.txt and the Ewido Log in your next reply.
Posted Image

Have I helped you? Please consider donating to help me continue with the fight against malware. Click here

#3 Doughigh

Doughigh
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:44 PM

Posted 11 February 2006 - 07:15 PM

Well, All seems to be well, Thanks a bunch for the help :thumbsup:

Incident Status Location

Adware:adware/cashdeluxe Not disinfected C:\WINDOWS\SYSTEM32\mswinf32.dll
Adware:adware/swimsuitnetwork Not disinfected C:\WINDOWS\SYSTEM32\MYDLL.dll
Adware:adware/ist.istbar Not disinfected C:\PROGRAM FILES\COMMON FILES\Totem Shared
Spyware:Cookie/2o7.net Not disinfected C:\Documents and Settings\Owner\Cookies\owner@2o7[1].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Owner\Cookies\owner@ad.yieldmanager[1].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Owner\Cookies\owner@ads.pointroll[2].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Owner\Cookies\owner@advertising[1].txt
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Owner\Cookies\owner@as-us.falkag[1].txt
Spyware:Cookie/Ask Not disinfected C:\Documents and Settings\Owner\Cookies\owner@ask[1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Owner\Cookies\owner@atdmt[1].txt
Spyware:Cookie/Bfast Not disinfected C:\Documents and Settings\Owner\Cookies\owner@bfast[2].txt
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Owner\Cookies\owner@casalemedia[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Owner\Cookies\owner@dist.belnk[2].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Owner\Cookies\owner@doubleclick[1].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Owner\Cookies\owner@fastclick[2].txt
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Owner\Cookies\owner@hitbox[1].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Owner\Cookies\owner@media.fastclick[2].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Owner\Cookies\owner@mediaplex[1].txt
Spyware:Cookie/SpywareStormer Not disinfected C:\Documents and Settings\Owner\Cookies\owner@spywarestormer[2].txt
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Owner\Cookies\owner@statse.webtrendslive[2].txt
Spyware:Cookie/Target Not disinfected C:\Documents and Settings\Owner\Cookies\owner@target[1].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Owner\Cookies\owner@tribalfusion[1].txt
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Administrator\troy fix\smitRem\Process.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Administrator\troy fix\smitRem.exe[Process.exe]
Spyware:Cookie/2o7.net Not disinfected C:\Documents and Settings\Owner\Cookies\owner@2o7[1].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Owner\Cookies\owner@ad.yieldmanager[1].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Owner\Cookies\owner@ads.pointroll[2].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Owner\Cookies\owner@advertising[1].txt
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Owner\Cookies\owner@as-us.falkag[1].txt
Spyware:Cookie/Ask Not disinfected C:\Documents and Settings\Owner\Cookies\owner@ask[1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Owner\Cookies\owner@atdmt[1].txt
Spyware:Cookie/Bfast Not disinfected C:\Documents and Settings\Owner\Cookies\owner@bfast[2].txt
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Owner\Cookies\owner@casalemedia[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Owner\Cookies\owner@dist.belnk[2].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Owner\Cookies\owner@doubleclick[1].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Owner\Cookies\owner@fastclick[2].txt
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Owner\Cookies\owner@hitbox[1].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Owner\Cookies\owner@media.fastclick[2].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Owner\Cookies\owner@mediaplex[1].txt
Spyware:Cookie/SpywareStormer Not disinfected C:\Documents and Settings\Owner\Cookies\owner@spywarestormer[2].txt
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Owner\Cookies\owner@statse.webtrendslive[2].txt
Spyware:Cookie/Target Not disinfected C:\Documents and Settings\Owner\Cookies\owner@target[1].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Owner\Cookies\owner@tribalfusion[1].txt
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Owner\Desktop\smitRem\Process.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Owner\Desktop\troy fix\smitRem.exe[Process.exe]
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\85a7s6y0.default\Cache\3EFBEAA3d01[Process.exe]
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Owner\smitRem\Process.exe
Potentially unwanted tool:Application/Processor Not disinfected E:\troy fix\smitRem.exe[Process.exe]
Adware:Adware/LocalNRD Not disinfected F:\undo\backup.cab[LOCALNRD.INF]
Spyware:Cookie/Rn11 Not disinfected F:\Documents and Settings\default\Local Settings\Temp\Cookies\default@rn11[2].txt
Spyware:Cookie/WinFixer Not disinfected F:\Documents and Settings\default\Local Settings\Temp\Cookies\default@winfixer[2].txt
Spyware:Cookie/OfferOptimizer Not disinfected F:\Documents and Settings\default\Local Settings\Temp\Cookies\default@offeroptimizer[1].txt
Spyware:Cookie/Belnk Not disinfected F:\Documents and Settings\default\Local Settings\Temp\Cookies\default@belnk[2].txt
Spyware:Cookie/Belnk Not disinfected F:\Documents and Settings\default\Local Settings\Temp\Cookies\default@dist.belnk[1].txt
Spyware:Cookie/Ask Not disinfected F:\Documents and Settings\default\Local Settings\Temp\Cookies\default@ask[1].txt
Spyware:Cookie/Belnk Not disinfected F:\Documents and Settings\default\Local Settings\Temp\Cookies\default@ath.belnk[2].txt
Spyware:Cookie/DelfinMedia Not disinfected F:\Documents and Settings\default\Local Settings\Temp\Cookies\default@delfinproject[1].txt
Spyware:Cookie/Btgrab Not disinfected F:\Documents and Settings\default\Local Settings\Temp\Cookies\default@btg.btgrab[1].txt
Spyware:Cookie/Belnk Not disinfected F:\Documents and Settings\default\Local Settings\Temp\Cookies\default@dist.belnk[2].txt
Spyware:Cookie/Belnk Not disinfected F:\Documents and Settings\default\Local Settings\Temp\Cookies\default@belnk[1].txt
Spyware:Cookie/Belnk Not disinfected F:\Documents and Settings\default\Local Settings\Temp\Cookies\default@ath.belnk[3].txt
Spyware:Cookie/Rn11 Not disinfected F:\Documents and Settings\default\Local Settings\Temp\Cookies\default@rn11[3].txt
Spyware:Cookie/Hbmediapro Not disinfected F:\Documents and Settings\default\Local Settings\Temp\Cookies\default@adopt.hbmediapro[2].txt
Spyware:Cookie/Azjmp Not disinfected F:\Documents and Settings\default\Local Settings\Temp\Cookies\default@azjmp[2].txt
Spyware:Cookie/Target Not disinfected F:\Documents and Settings\default\Local Settings\Temp\Cookies\default@target[2].txt
Spyware:Cookie/Btgrab Not disinfected F:\Documents and Settings\default\Local Settings\Temp\Cookies\default@btg.btgrab[3].txt
Spyware:Cookie/OfferOptimizer Not disinfected F:\Documents and Settings\default\Local Settings\Temp\Cookies\default@offeroptimizer[3].txt
Adware:Adware/Exact.BargainBuddy Not disinfected F:\Documents and Settings\default\Local Settings\Temp\Temporary Internet Files\Content.IE5\ILQ3SZOX\pivotal_5[1].htm
Adware:Adware/Exact.BargainBuddy Not disinfected F:\Documents and Settings\default\Local Settings\Temp\Temporary Internet Files\Content.IE5\Y52P4POR\pivotal_3[1].htm
Adware:Adware/Exact.BargainBuddy Not disinfected F:\Documents and Settings\default\Local Settings\Temp\Temporary Internet Files\Content.IE5\QB87UNI5\CACPER0X.HTM
Adware:Adware/EliteBar Not disinfected F:\Documents and Settings\default\Local Settings\Temp\65802_144_1664_1612_63.41.tmp1
Adware:Adware/EliteBar Not disinfected F:\Documents and Settings\default\Local Settings\Temp\65800_288_1704_1880_63.41.tmp1
Adware:Adware/EliteBar Not disinfected F:\Documents and Settings\default\Local Settings\Temp\65808_272_1712_804_63.41.tmp1
Adware:Adware/EliteBar Not disinfected F:\Documents and Settings\default\Local Settings\Temp\786698_3364_1584_2508_63.41.tmp1
Adware:Adware/EliteBar Not disinfected F:\Documents and Settings\default\Local Settings\Temp\1376890_1276_1712_2600_63.41.tmp1
Adware:Adware/EliteBar Not disinfected F:\Documents and Settings\default\Local Settings\Temp\7864782_3744_1716_3924_63.41.tmp1
Adware:Adware/EliteBar Not disinfected F:\Documents and Settings\default\Local Settings\Temp\197246_584_1688_3772_63.41.tmp1
Adware:Adware/EliteBar Not disinfected F:\Documents and Settings\default\Local Settings\Temp\393870_3744_1716_1632_63.41.tmp1
Adware:Adware/EliteBar Not disinfected F:\Documents and Settings\default\Local Settings\Temp\1049372_3744_1716_3440_63.41.tmp1
Adware:Adware/EliteBar Not disinfected F:\Documents and Settings\default\Local Settings\Temp\787254_3744_1716_924_63.41.tmp1
Adware:Adware/EliteBar Not disinfected F:\Documents and Settings\default\Local Settings\Temp\721544_3744_1716_2308_63.41.tmp1
Adware:Adware/EliteBar Not disinfected F:\Documents and Settings\default\Local Settings\Temp\1507760_3744_1716_3136_63.41.tmp1
Adware:Adware/EliteBar Not disinfected F:\Documents and Settings\default\Local Settings\Temp\394302_3744_1716_3044_63.41.tmp1
Adware:Adware/Maxifiles Not disinfected F:\Documents and Settings\default\Local Settings\Temporary Internet Files\Content.IE5\0PIB8LMZ\maxifilesdns[2].zip[cwebpage.dll]
Spyware:Cookie/Ask Not disinfected F:\Documents and Settings\default\Cookies\default@ask[1].txt
Spyware:Cookie/888 Not disinfected F:\Documents and Settings\default\Cookies\default@888[1].txt
Spyware:Cookie/Target Not disinfected F:\Documents and Settings\default\Cookies\default@target[1].txt
Spyware:Cookie/DelfinMedia Not disinfected F:\Documents and Settings\default\Cookies\default@delfinproject[1].txt
Spyware:Cookie/Btgrab Not disinfected F:\Documents and Settings\default\Cookies\default@btg.btgrab[2].txt
Spyware:Cookie/Belnk Not disinfected F:\Documents and Settings\default\Cookies\default@ath.belnk[1].txt
Spyware:Cookie/Belnk Not disinfected F:\Documents and Settings\default\Cookies\default@belnk[1].txt
Spyware:Cookie/Belnk Not disinfected F:\Documents and Settings\default\Cookies\default@dist.belnk[2].txt
Spyware:Cookie/Rn11 Not disinfected F:\Documents and Settings\default\Cookies\default@rn11[1].txt
Spyware:Cookie/Azjmp Not disinfected F:\Documents and Settings\default\Cookies\default@azjmp[2].txt
Spyware:Cookie/go Not disinfected F:\Documents and Settings\default\Cookies\default@go[2].txt
Spyware:Cookie/adultfriendfinder Not disinfected F:\Documents and Settings\default\Cookies\default@adultfriendfinder[2].txt
Spyware:Cookie/Searchportal Not disinfected F:\Documents and Settings\default\Cookies\default@searchportal.information[1].txt
Spyware:Cookie/Maxifiles Not disinfected F:\Documents and Settings\default\Cookies\default@www.maxifiles[1].txt
Spyware:Cookie/Hbmediapro Not disinfected F:\Documents and Settings\default\Cookies\default@adopt.hbmediapro[2].txt
Spyware:Cookie/OfferOptimizer Not disinfected F:\Documents and Settings\default\Cookies\default@offeroptimizer[1].txt
Spyware:Cookie/360i Not disinfected F:\Documents and Settings\default\Cookies\default@ct.360i[2].txt
Spyware:Cookie/Netster Not disinfected F:\Documents and Settings\default\Application Data\Mozilla\Profiles\Donnfamily\lf8d41ve.slt\cookies.txt[]
Spyware:Cookie/Ask Not disinfected F:\Documents and Settings\default\Application Data\Mozilla\Profiles\delder\d4dr8mdx.slt\cookies.txt[]
Spyware:Cookie/Ask Not disinfected F:\Documents and Settings\LocalService\Cookies\system@ask[1].txt
Spyware:Cookie/WinFixer Not disinfected F:\Documents and Settings\LocalService\Cookies\system@winfixer[2].txt
Spyware:Cookie/888 Not disinfected F:\Documents and Settings\LocalService\Cookies\system@888[2].txt
Spyware:Cookie/Media-motor Not disinfected F:\Documents and Settings\LocalService\Cookies\system@mmm.media-motor[1].txt
Spyware:Cookie/Maxifiles Not disinfected F:\Documents and Settings\LocalService\Cookies\system@www.maxifiles[1].txt
Spyware:Cookie/Hbmediapro Not disinfected F:\Documents and Settings\LocalService\Cookies\system@adopt.hbmediapro[2].txt
Spyware:Cookie/Media-motor Not disinfected F:\Documents and Settings\LocalService\Cookies\system@mmm.media-motor[2].txt
Spyware:Cookie/WinFixer Not disinfected F:\Documents and Settings\LocalService\Cookies\system@winfixer[1].txt
Spyware:Cookie/Azjmp Not disinfected F:\Documents and Settings\LocalService\Cookies\system@azjmp[2].txt


Logfile of HijackThis v1.99.1
Scan saved at 10:06:09 AM, on 2/5/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\PackethSvc.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
F:\Spyware Doctor\sdhelp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
D:\Netscape\Netscp.exe
C:\WINDOWS\system32\shell386.exe
F:\Spyware Doctor\swdoctor.exe
C:\WINDOWS\system32\mswinb32.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://d%3A%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\z6c6ro3j.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - F:\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: winapi32.MyBHO - {B439D5EB-0A61-4ED9-8C8F-EC4148BB23F7} - C:\WINDOWS\system32\winapi32.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - F:\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04b\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Mozilla Quick Launch] "d:\Netscape\Netscp.exe" -turbo
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
O4 - Global Startup: Wal-Mart Connect Tray Icon.lnk = C:\Program Files\wmconnect\wmtray.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - F:\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .avi: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINDOWS\system32\Brmfrmps.exe" -service (file missing)
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Virtual NIC Service (PackethSvc) - America Online, Inc. - C:\WINDOWS\system32\PackethSvc.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - F:\Spyware Doctor\sdhelp.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

Logfile of HijackThis v1.99.1
Scan saved at 10:06:09 AM, on 2/5/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\PackethSvc.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
F:\Spyware Doctor\sdhelp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
D:\Netscape\Netscp.exe
C:\WINDOWS\system32\shell386.exe
F:\Spyware Doctor\swdoctor.exe
C:\WINDOWS\system32\mswinb32.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://d%3A%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\z6c6ro3j.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - F:\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: winapi32.MyBHO - {B439D5EB-0A61-4ED9-8C8F-EC4148BB23F7} - C:\WINDOWS\system32\winapi32.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - F:\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04b\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Mozilla Quick Launch] "d:\Netscape\Netscp.exe" -turbo
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
O4 - Global Startup: Wal-Mart Connect Tray Icon.lnk = C:\Program Files\wmconnect\wmtray.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - F:\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .avi: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINDOWS\system32\Brmfrmps.exe" -service (file missi

Edited by Doughigh, 11 February 2006 - 07:17 PM.


#4 Daemon

Daemon

    Security Expert


  • Members
  • 1,446 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:02:44 AM

Posted 11 February 2006 - 09:55 PM

Could you repost the HJT log - that one is incomplete.

Please post the other two logs I requested also.
Posted Image

Have I helped you? Please consider donating to help me continue with the fight against malware. Click here

#5 Doughigh

Doughigh
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:44 PM

Posted 12 February 2006 - 07:26 PM

I thought I had sent it all sorry

Incident Status Location

Adware:adware/cashdeluxe Not disinfected C:\WINDOWS\SYSTEM32\mswinf32.dll
Adware:adware/swimsuitnetwork Not disinfected C:\WINDOWS\SYSTEM32\MYDLL.dll
Adware:adware/ist.istbar Not disinfected C:\PROGRAM FILES\COMMON FILES\Totem Shared
Spyware:Cookie/2o7.net Not disinfected C:\Documents and Settings\Owner\Cookies\owner@2o7[1].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Owner\Cookies\owner@ad.yieldmanager[1].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Owner\Cookies\owner@ads.pointroll[2].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Owner\Cookies\owner@advertising[1].txt
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Owner\Cookies\owner@as-us.falkag[1].txt
Spyware:Cookie/Ask Not disinfected C:\Documents and Settings\Owner\Cookies\owner@ask[1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Owner\Cookies\owner@atdmt[1].txt
Spyware:Cookie/Bfast Not disinfected C:\Documents and Settings\Owner\Cookies\owner@bfast[2].txt
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Owner\Cookies\owner@casalemedia[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Owner\Cookies\owner@dist.belnk[2].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Owner\Cookies\owner@doubleclick[1].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Owner\Cookies\owner@fastclick[2].txt
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Owner\Cookies\owner@hitbox[1].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Owner\Cookies\owner@media.fastclick[2].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Owner\Cookies\owner@mediaplex[1].txt
Spyware:Cookie/SpywareStormer Not disinfected C:\Documents and Settings\Owner\Cookies\owner@spywarestormer[2].txt
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Owner\Cookies\owner@statse.webtrendslive[2].txt
Spyware:Cookie/Target Not disinfected C:\Documents and Settings\Owner\Cookies\owner@target[1].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Owner\Cookies\owner@tribalfusion[1].txt
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Administrator\troy fix\smitRem\Process.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Administrator\troy fix\smitRem.exe[Process.exe]
Spyware:Cookie/2o7.net Not disinfected C:\Documents and Settings\Owner\Cookies\owner@2o7[1].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Owner\Cookies\owner@ad.yieldmanager[1].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Owner\Cookies\owner@ads.pointroll[2].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Owner\Cookies\owner@advertising[1].txt
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Owner\Cookies\owner@as-us.falkag[1].txt
Spyware:Cookie/Ask Not disinfected C:\Documents and Settings\Owner\Cookies\owner@ask[1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Owner\Cookies\owner@atdmt[1].txt
Spyware:Cookie/Bfast Not disinfected C:\Documents and Settings\Owner\Cookies\owner@bfast[2].txt
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Owner\Cookies\owner@casalemedia[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Owner\Cookies\owner@dist.belnk[2].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Owner\Cookies\owner@doubleclick[1].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Owner\Cookies\owner@fastclick[2].txt
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Owner\Cookies\owner@hitbox[1].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Owner\Cookies\owner@media.fastclick[2].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Owner\Cookies\owner@mediaplex[1].txt
Spyware:Cookie/SpywareStormer Not disinfected C:\Documents and Settings\Owner\Cookies\owner@spywarestormer[2].txt
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Owner\Cookies\owner@statse.webtrendslive[2].txt
Spyware:Cookie/Target Not disinfected C:\Documents and Settings\Owner\Cookies\owner@target[1].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Owner\Cookies\owner@tribalfusion[1].txt
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Owner\Desktop\smitRem\Process.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Owner\Desktop\troy fix\smitRem.exe[Process.exe]
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\85a7s6y0.default\Cache\3EFBEAA3d01[Process.exe]
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Owner\smitRem\Process.exe
Potentially unwanted tool:Application/Processor Not disinfected E:\troy fix\smitRem.exe[Process.exe]
Adware:Adware/LocalNRD Not disinfected F:\undo\backup.cab[LOCALNRD.INF]
Spyware:Cookie/Rn11 Not disinfected F:\Documents and Settings\default\Local Settings\Temp\Cookies\default@rn11[2].txt
Spyware:Cookie/WinFixer Not disinfected F:\Documents and Settings\default\Local Settings\Temp\Cookies\default@winfixer[2].txt
Spyware:Cookie/OfferOptimizer Not disinfected F:\Documents and Settings\default\Local Settings\Temp\Cookies\default@offeroptimizer[1].txt
Spyware:Cookie/Belnk Not disinfected F:\Documents and Settings\default\Local Settings\Temp\Cookies\default@belnk[2].txt
Spyware:Cookie/Belnk Not disinfected F:\Documents and Settings\default\Local Settings\Temp\Cookies\default@dist.belnk[1].txt
Spyware:Cookie/Ask Not disinfected F:\Documents and Settings\default\Local Settings\Temp\Cookies\default@ask[1].txt
Spyware:Cookie/Belnk Not disinfected F:\Documents and Settings\default\Local Settings\Temp\Cookies\default@ath.belnk[2].txt
Spyware:Cookie/DelfinMedia Not disinfected F:\Documents and Settings\default\Local Settings\Temp\Cookies\default@delfinproject[1].txt
Spyware:Cookie/Btgrab Not disinfected F:\Documents and Settings\default\Local Settings\Temp\Cookies\default@btg.btgrab[1].txt
Spyware:Cookie/Belnk Not disinfected F:\Documents and Settings\default\Local Settings\Temp\Cookies\default@dist.belnk[2].txt
Spyware:Cookie/Belnk Not disinfected F:\Documents and Settings\default\Local Settings\Temp\Cookies\default@belnk[1].txt
Spyware:Cookie/Belnk Not disinfected F:\Documents and Settings\default\Local Settings\Temp\Cookies\default@ath.belnk[3].txt
Spyware:Cookie/Rn11 Not disinfected F:\Documents and Settings\default\Local Settings\Temp\Cookies\default@rn11[3].txt
Spyware:Cookie/Hbmediapro Not disinfected F:\Documents and Settings\default\Local Settings\Temp\Cookies\default@adopt.hbmediapro[2].txt
Spyware:Cookie/Azjmp Not disinfected F:\Documents and Settings\default\Local Settings\Temp\Cookies\default@azjmp[2].txt
Spyware:Cookie/Target Not disinfected F:\Documents and Settings\default\Local Settings\Temp\Cookies\default@target[2].txt
Spyware:Cookie/Btgrab Not disinfected F:\Documents and Settings\default\Local Settings\Temp\Cookies\default@btg.btgrab[3].txt
Spyware:Cookie/OfferOptimizer Not disinfected F:\Documents and Settings\default\Local Settings\Temp\Cookies\default@offeroptimizer[3].txt
Adware:Adware/Exact.BargainBuddy Not disinfected F:\Documents and Settings\default\Local Settings\Temp\Temporary Internet Files\Content.IE5\ILQ3SZOX\pivotal_5[1].htm
Adware:Adware/Exact.BargainBuddy Not disinfected F:\Documents and Settings\default\Local Settings\Temp\Temporary Internet Files\Content.IE5\Y52P4POR\pivotal_3[1].htm
Adware:Adware/Exact.BargainBuddy Not disinfected F:\Documents and Settings\default\Local Settings\Temp\Temporary Internet Files\Content.IE5\QB87UNI5\CACPER0X.HTM
Adware:Adware/EliteBar Not disinfected F:\Documents and Settings\default\Local Settings\Temp\65802_144_1664_1612_63.41.tmp1
Adware:Adware/EliteBar Not disinfected F:\Documents and Settings\default\Local Settings\Temp\65800_288_1704_1880_63.41.tmp1
Adware:Adware/EliteBar Not disinfected F:\Documents and Settings\default\Local Settings\Temp\65808_272_1712_804_63.41.tmp1
Adware:Adware/EliteBar Not disinfected F:\Documents and Settings\default\Local Settings\Temp\786698_3364_1584_2508_63.41.tmp1
Adware:Adware/EliteBar Not disinfected F:\Documents and Settings\default\Local Settings\Temp\1376890_1276_1712_2600_63.41.tmp1
Adware:Adware/EliteBar Not disinfected F:\Documents and Settings\default\Local Settings\Temp\7864782_3744_1716_3924_63.41.tmp1
Adware:Adware/EliteBar Not disinfected F:\Documents and Settings\default\Local Settings\Temp\197246_584_1688_3772_63.41.tmp1
Adware:Adware/EliteBar Not disinfected F:\Documents and Settings\default\Local Settings\Temp\393870_3744_1716_1632_63.41.tmp1
Adware:Adware/EliteBar Not disinfected F:\Documents and Settings\default\Local Settings\Temp\1049372_3744_1716_3440_63.41.tmp1
Adware:Adware/EliteBar Not disinfected F:\Documents and Settings\default\Local Settings\Temp\787254_3744_1716_924_63.41.tmp1
Adware:Adware/EliteBar Not disinfected F:\Documents and Settings\default\Local Settings\Temp\721544_3744_1716_2308_63.41.tmp1
Adware:Adware/EliteBar Not disinfected F:\Documents and Settings\default\Local Settings\Temp\1507760_3744_1716_3136_63.41.tmp1
Adware:Adware/EliteBar Not disinfected F:\Documents and Settings\default\Local Settings\Temp\394302_3744_1716_3044_63.41.tmp1
Adware:Adware/Maxifiles Not disinfected F:\Documents and Settings\default\Local Settings\Temporary Internet Files\Content.IE5\0PIB8LMZ\maxifilesdns[2].zip[cwebpage.dll]
Spyware:Cookie/Ask Not disinfected F:\Documents and Settings\default\Cookies\default@ask[1].txt
Spyware:Cookie/888 Not disinfected F:\Documents and Settings\default\Cookies\default@888[1].txt
Spyware:Cookie/Target Not disinfected F:\Documents and Settings\default\Cookies\default@target[1].txt
Spyware:Cookie/DelfinMedia Not disinfected F:\Documents and Settings\default\Cookies\default@delfinproject[1].txt
Spyware:Cookie/Btgrab Not disinfected F:\Documents and Settings\default\Cookies\default@btg.btgrab[2].txt
Spyware:Cookie/Belnk Not disinfected F:\Documents and Settings\default\Cookies\default@ath.belnk[1].txt
Spyware:Cookie/Belnk Not disinfected F:\Documents and Settings\default\Cookies\default@belnk[1].txt
Spyware:Cookie/Belnk Not disinfected F:\Documents and Settings\default\Cookies\default@dist.belnk[2].txt
Spyware:Cookie/Rn11 Not disinfected F:\Documents and Settings\default\Cookies\default@rn11[1].txt
Spyware:Cookie/Azjmp Not disinfected F:\Documents and Settings\default\Cookies\default@azjmp[2].txt
Spyware:Cookie/go Not disinfected F:\Documents and Settings\default\Cookies\default@go[2].txt
Spyware:Cookie/adultfriendfinder Not disinfected F:\Documents and Settings\default\Cookies\default@adultfriendfinder[2].txt
Spyware:Cookie/Searchportal Not disinfected F:\Documents and Settings\default\Cookies\default@searchportal.information[1].txt
Spyware:Cookie/Maxifiles Not disinfected F:\Documents and Settings\default\Cookies\default@www.maxifiles[1].txt
Spyware:Cookie/Hbmediapro Not disinfected F:\Documents and Settings\default\Cookies\default@adopt.hbmediapro[2].txt
Spyware:Cookie/OfferOptimizer Not disinfected F:\Documents and Settings\default\Cookies\default@offeroptimizer[1].txt
Spyware:Cookie/360i Not disinfected F:\Documents and Settings\default\Cookies\default@ct.360i[2].txt
Spyware:Cookie/Netster Not disinfected F:\Documents and Settings\default\Application Data\Mozilla\Profiles\Donnfamily\lf8d41ve.slt\cookies.txt[]
Spyware:Cookie/Ask Not disinfected F:\Documents and Settings\default\Application Data\Mozilla\Profiles\delder\d4dr8mdx.slt\cookies.txt[]
Spyware:Cookie/Ask Not disinfected F:\Documents and Settings\LocalService\Cookies\system@ask[1].txt
Spyware:Cookie/WinFixer Not disinfected F:\Documents and Settings\LocalService\Cookies\system@winfixer[2].txt
Spyware:Cookie/888 Not disinfected F:\Documents and Settings\LocalService\Cookies\system@888[2].txt
Spyware:Cookie/Media-motor Not disinfected F:\Documents and Settings\LocalService\Cookies\system@mmm.media-motor[1].txt
Spyware:Cookie/Maxifiles Not disinfected F:\Documents and Settings\LocalService\Cookies\system@www.maxifiles[1].txt
Spyware:Cookie/Hbmediapro Not disinfected F:\Documents and Settings\LocalService\Cookies\system@adopt.hbmediapro[2].txt
Spyware:Cookie/Media-motor Not disinfected F:\Documents and Settings\LocalService\Cookies\system@mmm.media-motor[2].txt
Spyware:Cookie/WinFixer Not disinfected F:\Documents and Settings\LocalService\Cookies\system@winfixer[1].txt
Spyware:Cookie/Azjmp Not disinfected F:\Documents and Settings\LocalService\Cookies\system@azjmp[2].txt



Logfile of HijackThis v1.99.1
Scan saved at 10:06:09 AM, on 2/5/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\PackethSvc.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
F:\Spyware Doctor\sdhelp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
D:\Netscape\Netscp.exe
C:\WINDOWS\system32\shell386.exe
F:\Spyware Doctor\swdoctor.exe
C:\WINDOWS\system32\mswinb32.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://d%3A%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\z6c6ro3j.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - F:\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: winapi32.MyBHO - {B439D5EB-0A61-4ED9-8C8F-EC4148BB23F7} - C:\WINDOWS\system32\winapi32.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - F:\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04b\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Mozilla Quick Launch] "d:\Netscape\Netscp.exe" -turbo
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
O4 - Global Startup: Wal-Mart Connect Tray Icon.lnk = C:\Program Files\wmconnect\wmtray.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - F:\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .avi: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINDOWS\system32\Brmfrmps.exe" -service (file missing)
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Virtual NIC Service (PackethSvc) - America Online, Inc. - C:\WINDOWS\system32\PackethSvc.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - F:\Spyware Doctor\sdhelp.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe



--------------------------------------------------------਍ഀ
ewido anti-malware - Scan report਍ഀ
---------------------------------------------------------਍ഀ
਍ഀ
+ Created on: 9:24:00 PM, 2/8/2006਍ഀ
+ Report-Checksum: D2E67C4C਍ഀ
਍ഀ
+ Scan result:਍ഀ
਍ഀ
:mozilla.15:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\85a7s6y0.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup਍ഀ
:mozilla.16:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\85a7s6y0.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup਍ഀ
:mozilla.23:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\85a7s6y0.default\cookies.txt -> TrackingCookie.Coremetrics : Cleaned with backup਍ഀ
:mozilla.40:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\85a7s6y0.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup਍ഀ
:mozilla.41:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\85a7s6y0.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup਍ഀ
:mozilla.42:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\85a7s6y0.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup਍ഀ
:mozilla.43:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\85a7s6y0.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup਍ഀ
:mozilla.44:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\85a7s6y0.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup਍ഀ
:mozilla.6:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\z6c6ro3j.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup਍ഀ
:mozilla.7:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\z6c6ro3j.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup਍ഀ
:mozilla.8:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\z6c6ro3j.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup਍ഀ
:mozilla.9:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\z6c6ro3j.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup਍ഀ
:mozilla.10:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\z6c6ro3j.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup਍ഀ
:mozilla.11:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\z6c6ro3j.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup਍ഀ
:mozilla.12:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\z6c6ro3j.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup਍ഀ
:mozilla.18:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\z6c6ro3j.slt\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup਍ഀ
:mozilla.28:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\z6c6ro3j.slt\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup਍ഀ
:mozilla.29:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\z6c6ro3j.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup਍ഀ
:mozilla.30:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\z6c6ro3j.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup਍ഀ
:mozilla.31:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\z6c6ro3j.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup਍ഀ
:mozilla.32:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\z6c6ro3j.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup਍ഀ
:mozilla.33:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\z6c6ro3j.slt\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup਍ഀ
:mozilla.34:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\z6c6ro3j.slt\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup਍ഀ
:mozilla.36:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\z6c6ro3j.slt\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup਍ഀ
:mozilla.37:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\z6c6ro3j.slt\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup਍ഀ
:mozilla.38:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\z6c6ro3j.slt\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup਍ഀ
:mozilla.72:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\z6c6ro3j.slt\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup਍ഀ
:mozilla.73:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\z6c6ro3j.slt\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup਍ഀ
:mozilla.76:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\z6c6ro3j.slt\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup਍ഀ
:mozilla.85:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\z6c6ro3j.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup਍ഀ
:mozilla.86:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\z6c6ro3j.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup਍ഀ
:mozilla.90:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\z6c6ro3j.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup਍ഀ
:mozilla.91:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\z6c6ro3j.slt\cookies.txt -> TrackingCookie.Centrport : Cleaned with backup਍ഀ
:mozilla.92:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\z6c6ro3j.slt\cookies.txt -> TrackingCookie.Centrport : Cleaned with backup਍ഀ
:mozilla.94:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\z6c6ro3j.slt\cookies.txt -> TrackingCookie.Bluestreak : Cleaned with backup਍ഀ
:mozilla.104:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\z6c6ro3j.slt\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup਍ഀ
:mozilla.109:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\z6c6ro3j.slt\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup਍ഀ
:mozilla.110:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\z6c6ro3j.slt\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup਍ഀ
:mozilla.111:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\z6c6ro3j.slt\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup਍ഀ
:mozilla.112:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\z6c6ro3j.slt\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup਍ഀ
:mozilla.113:C:&#

#6 Doughigh

Doughigh
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:44 PM

Posted 12 February 2006 - 07:30 PM

I am addaing the last two again as they were cut short.

-----------------------------------------------------਍ഀ
ewido anti-malware - Scan report਍ഀ
---------------------------------------------------------਍ഀ
਍ഀ
+ Created on: 9:24:00 PM, 2/8/2006਍ഀ
+ Report-Checksum: D2E67C4C਍ഀ
਍ഀ
+ Scan result:਍ഀ
਍ഀ
:mozilla.15:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\85a7s6y0.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup਍ഀ
:mozilla.16:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\85a7s6y0.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup਍ഀ
:mozilla.23:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\85a7s6y0.default\cookies.txt -> TrackingCookie.Coremetrics : Cleaned with backup਍ഀ
:mozilla.40:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\85a7s6y0.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup਍ഀ
:mozilla.41:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\85a7s6y0.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup਍ഀ
:mozilla.42:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\85a7s6y0.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup਍ഀ
:mozilla.43:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\85a7s6y0.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup਍ഀ
:mozilla.44:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\85a7s6y0.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup਍ഀ
:mozilla.6:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\z6c6ro3j.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup਍ഀ
:mozilla.7:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\z6c6ro3j.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup਍ഀ
:mozilla.8:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\z6c6ro3j.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup਍ഀ
:mozilla.9:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\z6c6ro3j.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup਍ഀ
:mozilla.10:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\z6c6ro3j.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup਍ഀ
:mozilla.11:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\z6c6ro3j.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup਍ഀ
:mozilla.12:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\z6c6ro3j.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup਍ഀ
:mozilla.18:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\z6c6ro3j.slt\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup਍ഀ
:mozilla.28:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\z6c6ro3j.slt\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup਍ഀ
:mozilla.29:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\z6c6ro3j.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup਍ഀ
:mozilla.30:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\z6c6ro3j.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup਍ഀ
:mozilla.31:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\z6c6ro3j.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup਍ഀ
:mozilla.32:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\z6c6ro3j.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup਍ഀ
:mozilla.33:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\z6c6ro3j.slt\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup਍ഀ
:mozilla.34:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\z6c6ro3j.slt\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup਍ഀ
:mozilla.36:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\z6c6ro3j.slt\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup਍ഀ
:mozilla.37:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\z6c6ro3j.slt\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup਍ഀ
:mozilla.38:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\z6c6ro3j.slt\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup਍ഀ
:mozilla.72:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\z6c6ro3j.slt\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup਍ഀ
:mozilla.73:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\z6c6ro3j.slt\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup਍ഀ
:mozilla.76:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\z6c6ro3j.slt\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup਍ഀ
:mozilla.85:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\z6c6ro3j.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup਍ഀ
:mozilla.86:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\z6c6ro3j.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup਍ഀ
:mozilla.90:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\z6c6ro3j.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup਍ഀ
:mozilla.91:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\z6c6ro3j.slt\cookies.txt -> TrackingCookie.Centrport : Cleaned with backup਍ഀ
:mozilla.92:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\z6c6ro3j.slt\cookies.txt -> TrackingCookie.Centrport : Cleaned with backup਍ഀ
:mozilla.94:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\z6c6ro3j.slt\cookies.txt -> TrackingCookie.Bluestreak : Cleaned with backup਍ഀ
:mozilla.104:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\z6c6ro3j.slt\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup਍ഀ
:mozilla.109:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\z6c6ro3j.slt\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup਍ഀ
:mozilla.110:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\z6c6ro3j.slt\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup਍ഀ
:mozilla.111:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\z6c6ro3j.slt\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup਍ഀ
:mozilla.112:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\z6c6ro3j.slt\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup਍ഀ
:mozilla.113:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\z6c6ro3j.slt\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup਍ഀ
:mozilla.114:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\z6c6ro3j.slt\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup਍ഀ
:mozilla.120:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\z6c6ro3j.slt\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup਍ഀ
:mozilla.121:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\z6c6ro3j.slt\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup਍ഀ
:mozilla.122:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\z6c6ro3j.slt\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup਍ഀ
:mozilla.137:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\z6c6ro3j.slt\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup਍ഀ
:mozilla.139:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\z6c6ro3j.slt\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup਍ഀ
:mozilla.144:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\z6c6ro3j.slt\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup਍ഀ
:mozilla.145:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\z6c6ro3j.slt\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup਍ഀ
:mozilla.146:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\z6c6ro3j.slt\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup਍ഀ
:mozilla.147:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\z6c6ro3j.slt\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup਍ഀ
:mozilla.148:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\z6c6ro3j.slt\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup਍ഀ
:mozilla.156:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\z6c6ro3j.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup਍ഀ
:mozilla.157:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\z6c6ro3j.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup਍ഀ
:mozilla.160:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\z6c6ro3j.slt\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup਍ഀ
:mozilla.162:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\z6c6ro3j.slt\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned with backup਍ഀ
:mozilla.167:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\z6c6ro3j.slt\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup਍ഀ
:mozilla.170:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\z6c6ro3j.slt\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup਍ഀ
:mozilla.171:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\z6c6ro3j.slt\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup਍ഀ
C:\Documents and Settings\Owner\Cookies\owner@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup਍ഀ
C:\Documents and Settings\Owner\Cookies\owner@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : Cleaned with backup਍ഀ
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wfk4kjdzwfo.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup਍ഀ
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wfl4qidpclq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup਍ഀ
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjkoupdjgcp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup਍ഀ
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjliaoc5meo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup਍ഀ
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjliwldjmao.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup਍ഀ
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjlycgd5ecp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup਍ഀ
C:\Documents and Settings\Owner\Cookies\owner@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned with backup਍ഀ
F:\Program Files\Netscape\Netscape\plugins\npzango.dll -> Adware.WinAD : Cleaned with backup਍ഀ
F:\Program Files\Microsoft AntiSpyware\Quarantine\027BC415-1D10-4A06-8333-838A65\FD43501B-1B37-434F-82DC-17AD38 -> Adware.Mirar : Cleaned with backup਍ഀ
F:\Program Files\Microsoft AntiSpyware\Microsoft AntiSpyware\Quarantine\027BC415-1D10-4A06-8333-838A65\FD43501B-1B37-434F-82DC-17AD38 -> Adware.Mirar : Cleaned with backup਍ഀ
F:\Old disk D\WIN95\MSN251.EXE/msnsetup.exe -> Heuristic.Win32.AVKiller : Cleaned with backup਍ഀ
F:\Old disk D\WIN95\MSN251.EXE/msnsetup.exe -> Heuristic.Win32.AVKiller : Cleaned with backup਍ഀ
F:\Documents and Settings\default\Local Settings\Temp\Cookies\default@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : Cleaned with backup਍ഀ
F:\Documents and Settings\default\Local Settings\Temp\Cookies\default@www.burstbeacon[1].txt -> TrackingCookie.Burstbeacon : Cleaned with backup਍ഀ
F:\Documents and Settings\default\Local Settings\Temp\Cookies\default@cpvfeed[1].txt -> TrackingCookie.Cpvfeed : Cleaned with backup਍ഀ
F:\Documents and Settings\default\Local Settings\Temp\Cookies\default@yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup਍ഀ
F:\Documents and Settings\default\Local Settings\Temp\Cookies\default@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup਍ഀ
F:\Documents and Settings\default\Local Settings\Temp\Cookies\default@ads.realcastmedia[2].txt -> TrackingCookie.Realcastmedia : Cleaned with backup਍ഀ
F:\Documents and Settings\default\Local Settings\Temp\Cookies\default@cliks[1].txt -> TrackingCookie.Cliks : Cleaned with backup਍ഀ
F:\Documents and Settings\default\Local Settings\Temp\Cookies\default@e-2dj6wfliehd5cao.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup਍ഀ
F:\Documents and Settings\default\Local Settings\Temp\Cookies\default@e-2dj6wfk4spczwgp.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup਍ഀ
F:\Documents and Settings\default\Local Settings\Temp\Cookies\default@bestoffersnetworks[1].txt -> TrackingCookie.Bestoffersnetworks : Cleaned with backup਍ഀ
F:\Documents and Settings\default\Local Settings\Temp\Cookies\default@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned with backup਍ഀ
F:\Documents and Settings\default\Local Settings\Temp\Cookies\default@cliks[3].txt -> TrackingCookie.Cliks : Cleaned with backup਍ഀ
F:\Documents and Settings\default\Local Settings\Temp\Cookies\default@2o7[3].txt -> TrackingCookie.2o7 : Cleaned with backup਍ഀ
F:\Documents and Settings\default\Local Settings\Temp\Cookies\default@bestoffersnetworks[3].txt -> TrackingCookie.Bestoffersnetworks : Cleaned with backup਍ഀ
F:\Documents and Settings\default\Local Settings\Temp\Cookies\default@yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup਍ഀ
F:\Documents and Settings\default\Local Settings\Temp\Cookies\default@media.top-banners[1].txt -> TrackingCookie.Top-banners : Cleaned with backup਍ഀ
F:\Documents and Settings\default\Local Settings\Temp\Cookies\default@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned with backup਍ഀ
F:\Documents and Settings\default\Local Settings\Temp\Cookies\default@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup਍ഀ
F:\Documents and Settings\default\Local Settings\Temp\9A.tmp -> Adware.Sahat : Cleaned with backup਍ഀ
F:\Documents and Settings\default\Local Settings\Temp\2F.tmp -> Downloader.Agent.lg : Cleaned with backup਍ഀ
F:\Documents and Settings\default\Cookies\default@c.enhance[1].txt -> TrackingCookie.Enhance : Cleaned with backup਍ഀ
F:\Documents and Settings\default\Cookies\default@trafficmp[1].txt -> TrackingCookie.Trafficmp : Cleaned with backup਍ഀ
F:\Documents and Settings\default\Cookies\default@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned with backup਍ഀ
F:\Documents and Settings\default\Cookies\default@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned with backup਍ഀ
F:\Documents and Settings\default\Cookies\default@webstat[1].txt -> TrackingCookie.Web-stat : Cleaned with backup਍ഀ
F:\Documents and Settings\default\Cookies\default@bestoffersnetworks[1].txt -> TrackingCookie.Bestoffersnetworks : Cleaned with backup਍ഀ
F:\Documents and Settings\default\Cookies\default@kmpads[1].txt -> TrackingCookie.Kmpads : Cleaned with backup਍ഀ
F:\Documents and Settings\default\Cookies\default@2o7[2].txt -> TrackingCookie.2o7 : Cleaned with backup਍ഀ
F:\Documents and Settings\default\Cookies\default@cliks[2].txt -> TrackingCookie.Cliks : Cleaned with backup਍ഀ
F:\Documents and Settings\default\Cookies\default@cpvfeed[1].txt -> TrackingCookie.Cpvfeed : Cleaned with backup਍ഀ
F:\Documents and Settings\default\Cookies\default@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup਍ഀ
F:\Documents and Settings\default\Cookies\default@abetterinternet[1].txt -> TrackingCookie.Abetterinternet : Cleaned with backup਍ഀ
F:\Documents and Settings\default\Cookies\default@rotator.adjuggler[2].txt -> TrackingCookie.Adjuggler : Cleaned with backup਍ഀ
F:\Documents and Settings\default\Cookies\default@www.burstbeacon[1].txt -> TrackingCookie.Burstbeacon : Cleaned with backup਍ഀ
F:\Documents and Settings\default\Cookies\default@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : Cleaned with backup਍ഀ
F:\Documents and Settings\default\Cookies\default@yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup਍ഀ
:mozilla.11:F:\Documents and Settings\default\Application Data\Mozilla\Profiles\Donnfamily\lf8d41ve.slt\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup਍ഀ
:mozilla.12:F:\Documents and Settings\default\Application Data\Mozilla\Profiles\Donnfamily\lf8d41ve.slt\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup਍ഀ
:mozilla.13:F:\Documents and Settings\default\Application Data\Mozilla\Profiles\Donnfamily\lf8d41ve.slt\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup਍ഀ
:mozilla.14:F:\Documents and Settings\default\Application Data\Mozilla\Profiles\Donnfamily\lf8d41ve.slt\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup਍ഀ
:mozilla.15:F:\Documents and Settings\default\Application Data\Mozilla\Profiles\Donnfamily\lf8d41ve.slt\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup਍ഀ
:mozilla.34:F:\Documents and Settings\default\Application Data\Mozilla\Profiles\Donnfamily\lf8d41ve.slt\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup਍ഀ
:mozilla.38:F:\Documents and Settings\default\Application Data\Mozilla\Profiles\Donnfamily\lf8d41ve.slt\cookies.txt -> TrackingCookie.Coremetrics : Cleaned with backup਍ഀ
:mozilla.44:F:\Documents and Settings\default\Application Data\Mozilla\Profiles\Donnfamily\lf8d41ve.slt\cookies.txt -> TrackingCookie.Paycounter : Cleaned with backup਍ഀ
:mozilla.45:F:\Documents and Settings\default\Application Data\Mozilla\Profiles\Donnfamily\lf8d41ve.slt\cookies.txt -> TrackingCookie.Sexlist : Cleaned with backup਍ഀ
:mozilla.47:F:\Documents and Settings\default\Application Data\Mozilla\Profiles\Donnfamily\lf8d41ve.slt\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup਍ഀ
:mozilla.49:F:\Documents and Settings\default\Application Data\Mozilla\Profiles\Donnfamily\lf8d41ve.slt\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup਍ഀ
:mozilla.50:F:\Documents and Settings\default\Application Data\Mozilla\Profiles\Donnfamily\lf8d41ve.slt\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup਍ഀ
:mozilla.51:F:\Documents and Settings\default\Application Data\Mozilla\Profiles\Donnfamily\lf8d41ve.slt\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup਍ഀ
:mozilla.52:F:\Documents and Settings\default\Application Data\Mozilla\Profiles\Donnfamily\lf8d41ve.slt\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup਍ഀ
:mozilla.66:F:\Documents and Settings\default\Application Data\Mozilla\Profiles\Donnfamily\lf8d41ve.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup਍ഀ
:mozilla.67:F:\Documents and Settings\default\Application Data\Mozilla\Profiles\Donnfamily\lf8d41ve.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup਍ഀ
:mozilla.68:F:\Documents and Settings\default\Application Data\Mozilla\Profiles\Donnfamily\lf8d41ve.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup਍ഀ
:mozilla.70:F:\Documents and Settings\default\Application Data\Mozilla\Profiles\Donnfamily\lf8d41ve.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup਍ഀ
:mozilla.71:F:\Documents and Settings\default\Application Data\Mozilla\Profiles\Donnfamily\lf8d41ve.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup਍ഀ
:mozilla.72:F:\Documents and Settings\default\Application Data\Mozilla\Profiles\Donnfamily\lf8d41ve.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup਍ഀ
:mozilla.73:F:\Documents and Settings\default\Application Data\Mozilla\Profiles\Donnfamily\lf8d41ve.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup਍ഀ
:mozilla.74:F:\Documents and Settings\default\Application Data\Mozilla\Profiles\Donnfamily\lf8d41ve.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup਍ഀ
:mozilla.75:F:\Documents and Settings\default\Application Data\Mozilla\Profiles\Donnfamily\lf8d41ve.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup਍ഀ
:mozilla.76:F:\Documents and Settings\default\Application Data\Mozilla\Profiles\Donnfamily\lf8d41ve.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup਍ഀ
:mozilla.77:F:\Documents and Settings\default\Application Data\Mozilla\Profiles\Donnfamily\lf8d41ve.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup਍ഀ
:mozilla.78:F:\Documents and Settings\default\Application Data\Mozilla\Profiles\Donnfamily\lf8d41ve.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup਍ഀ
:mozilla.79:F:\Documents and Settings\default\Application Data\Mozilla\Profiles\Donnfamily\lf8d41ve.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup਍ഀ
:mozilla.80:F:\Documents and Settings\default\Application Data\Mozilla\Profiles\Donnfamily\lf8d41ve.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup਍ഀ
:mozilla.81:F:\Documents and Settings\default\Application Data\Mozilla\Profiles\Donnfamily\lf8d41ve.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup਍ഀ
:mozilla.82:F:\Documents and Settings\default\Application Data\Mozilla\Profiles\Donnfamily\lf8d41ve.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup਍ഀ
:mozilla.83:F:\Documents and Settings\default\Application Data\Mozilla\Profiles\Donnfamily\lf8d41ve.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup਍ഀ
:mozilla.84:F:\Documents and Settings\default\Application Data\Mozilla\Profiles\Donnfamily\lf8d41ve.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup਍ഀ
:mozilla.85:F:\Documents and Settings\default\Application Data\Mozilla\Profiles\Donnfamily\lf8d41ve.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup਍ഀ
:mozilla.86:F:\Documents and Settings\default\Application Data\Mozilla\Profiles\Donnfamily\lf8d41ve.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup਍ഀ
:mozilla.87:F:\Documents and Settings\default\Application Data\Mozilla\Profiles\Donnfamily\lf8d41ve.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup਍ഀ
:mozilla.88:F:\Documents and Settings\default\Application Data\Mozilla\Profiles\Donnfamily\lf8d41ve.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup਍ഀ
:mozilla.89:F:\Documents and Settings\default\Application Data\Mozilla\Profiles\Donnfamily\lf8d41ve.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup਍ഀ
:mozilla.90:F:\Documents and Settings\default\Application Data\Mozilla\Profiles\Donnfamily\lf8d41ve.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup਍ഀ
:mozilla.103:F:\Documents and Settings\default\Application Data\Mozilla\Profiles\Donnfamily\lf8d41ve.slt\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup਍ഀ
:mozilla.111:F:\Documents and Settings\default\Application Data\Mozilla\Profiles\Donnfamily\lf8d41ve.slt\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup਍ഀ
:mozilla.112:F:\Documents and Settings\default\Application Data\Mozilla\Profiles\Donnfamily\lf8d41ve.slt\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup਍ഀ
:mozilla.113:F:\Documents and Settings\default\Application Data\Mozilla\Profiles\Donnfamily\lf8d41ve.slt\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup਍ഀ
:mozilla.114:F:\Documents and Settings\default\Application Data\Mozilla\Profiles\Donnfamily\lf8d41ve.slt\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup਍ഀ
:mozilla.115:F:\Documents and Settings\default\Application Data\Mozilla\Profiles\Donnfamily\lf8d41ve.slt\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup਍ഀ
:mozilla.121:F:\Documents and Settings\default\Application Data\Mozilla\Profiles\Donnfamily\lf8d41ve.slt\cookies.txt -> TrackingCookie.Overture : Cleaned with backup਍ഀ
:mozilla.122:F:\Documents and Settings\default\Application Data\Mozilla\Profiles\Donnfamily\lf8d41ve.slt\cookies.txt -> TrackingCookie.Overture : Cleaned with backup਍ഀ
:mozilla.123:F:\Documents and Settings\default\Application Data\Mozilla\Profiles\Donnfamily\lf8d41ve.slt\cookies.txt -> TrackingCookie.Overture : Cleaned with backup਍ഀ
:mozilla.154:F:\Documents and Settings\default\Application Data\Mozilla\Profiles\Donnfamily\lf8d41ve.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup਍ഀ
:mozilla.155:F:\Documents and Settings\default\Application Data\Mozilla\Profiles\Donnfamily\lf8d41ve.slt\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup਍ഀ
:mozilla.156:F:\Documents and Settings\default\Application Data\Mozilla\Profiles\Donnfamily\lf8d41ve.slt\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup਍ഀ
:mozilla.157:F:\Documents and Settings\default\Application Data\Mozilla\Profiles\Donnfamily\lf8d41ve.slt\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup਍ഀ
:mozilla.158:F:\Documents and Settings\default\Application Data\Mozilla\Profiles\Donnfamily\lf8d41ve.slt\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup਍ഀ
:mozilla.172:F:\Documents and Settings\default\Application Data\Mozilla\Profiles\Donnfamily\lf8d41ve.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup਍ഀ
:mozilla.173:F:\Documents and Settings\default\Application Data\Mozilla\Profiles\Donnfamily\lf8d41ve.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup਍ഀ
:mozilla.174:F:\Documents and Settings\default\Application Data\Mozilla\Profiles\Donnfamily\lf8d41ve.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup਍ഀ
:mozilla.176:F:\Documents and Settings\default\Application Data\Mozilla\Profiles\Donnfamily\lf8d41ve.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup਍ഀ
:mozilla.177:F:\Documents and Settings\default\Application Data\Mozilla\Profiles\Donnfamily\lf8d41ve.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup਍ഀ
:mozilla.178:F:\Documents and Settings\default\Application Data\Mozilla\Profiles\Donnfamily\lf8d41ve.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup਍ഀ
:mozilla.179:F:\Documents and Settings\default\Application Data\Mozilla\Profiles\Donnfamily\lf8d41ve.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup਍ഀ
:mozilla.180:F:\Documents and Settings\default\Application Data\Mozilla\Profiles\Donnfamily\lf8d41ve.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup਍ഀ
:mozilla.198:F:\Documents and Settings\default\Application Data\Mozilla\Profiles\Donnfamily\lf8d41ve.slt\cookies.txt -> TrackingCookie.Qksrv : Cleaned with backup਍ഀ
:mozilla.199:F:\Documents and Settings\default\Application Data\Mozilla\Profiles\Donnfamily\lf8d41ve.slt\cookies.txt -> TrackingCookie.Qksrv : Cleaned with backup਍ഀ
:mozilla.200:F:\Documents and Settings\default\Application Data\Mozilla\Profiles\Donnfamily\lf8d41ve.slt\cookies.txt -> TrackingCookie.Overture : Cleaned with backup਍ഀ
:mozilla.212:F:\Documents and Settings\default\Application Data\Mozilla\Profiles\Donnfamily\lf8d41ve.slt\cookies.txt -> TrackingCookie.Centrport : Cleaned with backup਍ഀ
:mozilla.213:F:\Documents and Settings\default\Application Data\Mozilla\Profiles\Donnfamily\lf8d41ve.slt\cookies.txt -> TrackingCookie.Centrport : Cleaned with backup਍ഀ
:mozilla.214:F:\Documents and Settings\default\Application Data\Mozilla\Profiles\Donnfamily\lf8d41ve.slt\cookies.txt -> TrackingCookie.Centrport : Cleaned with backup਍ഀ
:mozilla.226:F:\Documents and Settings\default\Application Data\Mozilla\Profiles\Donnfamily\lf8d41ve.slt\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup਍ഀ
:mozilla.227:F:\Documents and Settings\default\Application Data\Mozilla\Profiles\Donnfamily\lf8d41ve.slt\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup਍ഀ
:mozilla.228:F:\Documents and Settings\default\Application Data\Mozilla\Profiles\Donnfamily\lf8d41ve.slt\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup਍ഀ
:mozilla.229:F:\Documents and Settings\default\Application Data\Mozilla\Profiles\Donnfamily\lf8d41ve.slt\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup਍ഀ
:mozilla.230:F:\Documents and Settings\default\Application Data\Mozilla\Profiles\Donnfamily\lf8d41ve.slt\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup਍ഀ
:mozilla.231:F:\Documents and Settings\default\Application Data\Mozilla\Profiles\Donnfamily\lf8d41ve.slt\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup਍ഀ
:mozilla.232:F:\Documents and Settings\default\Application Data\Mozilla\Profiles\Donnfamily\lf8d41ve.slt\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup਍ഀ
:mozilla.234:F:\Documents and Settings\default\Application Data\Mozilla\Profiles\Donnfamily\lf8d41ve.slt\cookies.txt -> TrackingCookie.Linksynergy : Cleaned with backup਍ഀ
:mozilla.235:F:\Documents and Settings\default\Application Data\Mozilla\Profiles\Donnfamily\lf8d41ve.slt\cookies.txt -> TrackingCookie.Linksynergy : Cleaned with backup਍ഀ
:mozilla.240:F:\Documents and Settings\default\Application Data\Mozilla\Profiles\Donnfamily\lf8d41ve.slt\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup਍ഀ
:mozilla.241:F:\Documents and Settings\default\Application Data\Mozilla\Profiles\Donnfamily\lf8d41ve.slt\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup਍ഀ
:mozilla.6:F:\Documents and Settings\default\Application Data\Mozilla\Profiles\delder\d4dr8mdx.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup਍ഀ
:mozilla.7:F:\Documents and Settings\default\Application Data\Mozilla\Profiles\delder\d4dr8mdx.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup਍ഀ
:mozilla.12:F:\Documents and Settings\default\Application Data\Mozilla\Profiles\delder\d4dr8mdx.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup਍ഀ
:mozilla.13:F:\Documents and Settings\default\Application Data\Mozilla\Profiles\delder\d4dr8mdx.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup਍ഀ
:mozilla.14:F:\Documents and Settings\default\Application Data\Mozilla\Profiles\delder\d4dr8mdx.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup਍ഀ
:mozilla.15:F:\Documents and Settings\default\Application Data\Mozilla\Profiles\delder\d4dr8mdx.slt\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup਍ഀ
:mozilla.22:F:\Documents and Settings\default\Application Data\Mozilla\Profiles\delder\d4dr8mdx.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup਍ഀ
:mozilla.23:F:\Documents and Settings\default\Application Data\Mozilla\Profiles\delder\d4dr8mdx.slt\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup਍ഀ
:mozilla.25:F:\Documents and Settings\default\Application Data\Mozilla\Profiles\delder\d4dr8mdx.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup਍ഀ
:mozilla.26:F:\Documents and Settings\default\Application Data\Mozilla\Profiles\delder\d4dr8mdx.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup਍ഀ
:mozilla.27:F:\Documents and Settings\default\Application Data\Mozilla\Profiles\delder\d4dr8mdx.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup਍ഀ
:mozilla.28:F:\Documents and Settings\default\Application Data\Mozilla\Profiles\delder\d4dr8mdx.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup਍ഀ
:mozilla.29:F:\Documents and Settings\default\Application Data\Mozilla\Profiles\delder\d4dr8mdx.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup਍ഀ
:mozilla.30:F:\Documents and Settings\default\Application Data\Mozilla\Profiles\delder\d4dr8mdx.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup਍ഀ
:mozilla.31:F:\Documents and Settings\default\Application Data\Mozilla\Profiles\delder\d4dr8mdx.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup਍ഀ
:mozilla.32:F:\Documents and Settings\default\Application Data\Mozilla\Profiles\delder\d4dr8mdx.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup਍ഀ
:mozilla.33:F:\Documents and Settings\default\Application Data\Mozilla\Profiles\delder\d4dr8mdx.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup਍ഀ
:mozilla.34:F:\Documents and Settings\default\Application Data\Mozilla\Profiles\delder\d4dr8mdx.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup਍ഀ
:mozilla.35:F:\Documents and Settings\default\Application Data\Mozilla\Profiles\delder\d4dr8mdx.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup਍ഀ
:mozilla.36:F:\Documents and Settings\default\Application Data\Mozilla\Profiles\delder\d4dr8mdx.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup਍ഀ
:mozilla.37:F:\Documents and Settings\default\Application Data\Mozilla\Profiles\delder\d4dr8mdx.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup਍ഀ
:mozilla.38:F:\Documents and Settings\default\Application Data\Mozilla\Profiles\delder\d4dr8mdx.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup਍ഀ
:mozilla.46:F:\Documents and Settings\default\Application Data\Mozilla\Profiles\delder\d4dr8mdx.slt\cookies.txt -> TrackingCookie.Hitslink : Cleaned with backup਍ഀ
:mozilla.47:F:\Documents and Settings\default\Application Data\Mozilla\Profiles\delder\d4dr8mdx.slt\cookies.txt -> TrackingCookie.Hitslink : Cleaned with backup਍ഀ
:mozilla.48:F:\Documents and Settings\default\Application Data\Mozilla\Profiles\delder\d4dr8mdx.slt\cookies.txt -> TrackingCookie.Hitslink : Cleaned with backup਍ഀ
:mozilla.49:F:\Documents and Settings\default\Application Data\Mozilla\Profiles\delder\d4dr8mdx.slt\cookies.txt -> TrackingCookie.Hitslink : Cleaned with backup਍ഀ
:mozilla.55:F:\Documents and Settings\default\Application Data\Mozilla\Profiles\delder\d4dr8mdx.slt\cookies.txt -> TrackingCookie.Bluestreak : Cleaned with backup਍ഀ
:mozilla.59:F:\Documents and Settings\default\Application Data\Mozilla\Profiles\delder\d4dr8mdx.slt\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup਍ഀ
:mozilla.63:F:\Documents and Settings\default\Application Data\Mozilla\Profiles\delder\d4dr8mdx.slt\cookies.txt -> TrackingCookie.Overture : Cleaned with backup਍ഀ
:mozilla.78:F:\Documents and Settings\default\Application Data\Mozilla\Profiles\delder\d4dr8mdx.slt\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup਍ഀ
:mozilla.79:F:\Documents and Settings\default\Application Data\Mozilla\Profiles\delder\d4dr8mdx.slt\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup਍ഀ
:mozilla.80:F:\Documents and Settings\default\Application Data\Mozilla\Profiles\delder\d4dr8mdx.slt\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup਍ഀ
:mozilla.81:F:\Documents and Settings\default\Application Data\Mozilla\Profiles\delder\d4dr8mdx.slt\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup਍ഀ
:mozilla.84:F:\Documents and Settings\default\Application Data\Mozilla\Profiles\delder\d4dr8mdx.slt\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup਍ഀ
:mozilla.85:F:\Documents and Settings\default\Application Data\Mozilla\Profiles\delder\d4dr8mdx.slt\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup਍ഀ
:mozilla.86:F:\Documents and Settings\default\Application Data\Mozilla\Profiles\delder\d4dr8mdx.slt\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup਍ഀ
:mozilla.87:F:\Documents and Settings\default\Application Data\Mozilla\Profiles\delder\d4dr8mdx.slt\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup਍ഀ
:mozilla.92:F:\Documents and Settings\default\Application Data\Mozilla\Profiles\delder\d4dr8mdx.slt\cookies.txt -> TrackingCookie.Bfast : Cleaned with backup਍ഀ
:mozilla.94:F:\Documents and Settings\default\Application Data\Mozilla\Profiles\delder\d4dr8mdx.slt\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup਍ഀ
:mozilla.97:F:\Documents and Settings\default\Application Data\Mozilla\Profiles\delder\d4dr8mdx.slt\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup਍ഀ
:mozilla.98:F:\Documents and Settings\default\Application Data\Mozilla\Profiles\delder\d4dr8mdx.slt\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup਍ഀ
:mozilla.99:F:\Documents and Settings\default\Application Data\Mozilla\Profiles\delder\d4dr8mdx.slt\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup਍ഀ
:mozilla.124:F:\Documents and Settings\default\Application Data\Mozilla\Profiles\delder\d4dr8mdx.slt\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup਍ഀ
:mozilla.130:F:\Documents and Settings\default\Application Data\Mozilla\Profiles\delder\d4dr8mdx.slt\cookies.txt -> TrackingCookie.Coremetrics : Cleaned with backup਍ഀ
:mozilla.10:F:\Documents and Settings\default\Application Data\Mozilla\Profiles\Troy\676runo4.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup਍ഀ
:mozilla.11:F:\Documents and Settings\default\Application Data\Mozilla\Profiles\Troy\676runo4.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup਍ഀ
:mozilla.13:F:\Documents and Settings\default\Application Data\Mozilla\Profiles\Troy\676runo4.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup਍ഀ
:mozilla.14:F:\Documents and Settings\default\Application Data\Mozilla\Profiles\Troy\676runo4.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup਍ഀ
:mozilla.15:F:\Documents and Settings\default\Application Data\Mozilla\Profiles\Troy\676runo4.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup਍ഀ
:mozilla.16:F:\Documents and Settings\default\Application Data\Mozilla\Profiles\Troy\676runo4.slt\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup਍ഀ
:mozilla.18:F:\Documents and Settings\default\Application Data\Mozilla\Profiles\Troy\676runo4.slt\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned with backup਍ഀ
:mozilla.19:F:\Documents and Settings\default\Application Data\Mozilla\Profiles\Troy\676runo4.slt\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup਍ഀ
:mozilla.20:F:\Documents and Settings\default\Application Data\Mozilla\Profiles\Troy\676runo4.slt\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup਍ഀ
:mozilla.21:F:\Documents and Settings\default\Application Data\Mozilla\Profiles\Troy\676runo4.slt\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup਍ഀ
:mozilla.28:F:\Documents and Settings\default\Application Data\Mozilla\Profiles\Troy\676runo4.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup਍ഀ
:mozilla.29:F:\Documents and Settings\default\Application Data\Mozilla\Profiles\Troy\676runo4.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup਍ഀ
:mozilla.30:F:\Documents and Settings\default\Application Data\Mozilla\Profiles\Troy\676runo4.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup਍ഀ
:mozilla.31:F:\Documents and Settings\default\Application Data\Mozilla\Profiles\Troy\676runo4.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup਍ഀ
:mozilla.32:F:\Documents and Settings\default\Application Data\Mozilla\Profiles\Troy\676runo4.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup਍ഀ
:mozilla.33:F:\Documents and Settings\default\Application Data\Mozilla\Profiles\Troy\676runo4.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup਍ഀ
:mozilla.34:F:\Documents and Settings\default\Application Data\Mozilla\Profiles\Troy\676runo4.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup਍ഀ
:mozilla.40:F:\Documents and Settings\default\Application Data\Mozilla\Profiles\Troy\676runo4.slt\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup਍ഀ
:mozilla.41:F:\Documents and Settings\default\Application Data\Mozilla\Profiles\Troy\676runo4.slt\cookies.txt -> TrackingCookie.Coremetrics : Cleaned with backup਍ഀ
:mozilla.42:F:\Documents and Settings\default\Application Data\Mozilla\Profiles\Troy\676runo4.slt\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup਍ഀ
:mozilla.43:F:\Documents and Settings\default\Application Data\Mozilla\Profiles\Troy\676runo4.slt\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup਍ഀ
:mozilla.44:F:\Documents and Settings\default\Application Data\Mozilla\Profiles\Troy\676runo4.slt\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup਍ഀ
:mozilla.45:F:\Documents and Settings\default\Application Data\Mozilla\Profiles\Troy\676runo4.slt\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup਍ഀ
:mozilla.46:F:\Documents and Settings\default\Application Data\Mozilla\Profiles\Troy\676runo4.slt\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup਍ഀ
:mozilla.49:F:\Documents and Settings\default\Application Data\Mozilla\Profiles\Troy\676runo4.slt\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup਍ഀ
F:\Documents and Settings\LocalService\Cookies\system@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned with backup਍ഀ
F:\Documents and Settings\LocalService\Cookies\system@paypopup[1].txt -> TrackingCookie.Paypopup : Cleaned with backup਍ഀ
F:\Documents and Settings\LocalService\Cookies\system@www.burstbeacon[2].txt -> TrackingCookie.Burstbeacon : Cleaned with backup਍ഀ
F:\Documents and Settings\LocalService\Cookies\system@cpvfeed[1].txt -> TrackingCookie.Cpvfeed : Cleaned with backup਍ഀ
F:\Documents and Settings\LocalService\Cookies\system@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup਍ഀ
F:\Documents and Settings\LocalService\Cookies\system@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned with backup਍ഀ
F:\Documents and Settings\LocalService\Cookies\system@hypertracker[2].txt -> TrackingCookie.Hypertracker : Cleaned with backup਍ഀ
F:\Documents and Settings\LocalService\Cookies\system@rotator.adjuggler[2].txt -> TrackingCookie.Adjuggler : Cleaned with backup਍ഀ
F:\Documents and Settings\LocalService\Cookies\system@vaclick.epilot[2].txt -> TrackingCookie.Epilot : Cleaned with backup਍ഀ
F:\Documents and Settings\LocalService\Cookies\system@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup਍ഀ
F:\Documents and Settings\LocalService\Cookies\system@paypopup[3].txt -> TrackingCookie.Paypopup : Cleaned with backup਍ഀ
F:\Documents and Settings\LocalService\Cookies\system@tacoda[3].txt -> TrackingCookie.Tacoda : Cleaned with backup਍ഀ
਍ഀ
਍ഀ
::Report End




smitRem log file
version 2.8

by noahdfear


Microsoft Windows XP [Version 5.1.2600]
The current date is: Wed 02/08/2006
The current time is: 19:42:19.84

Running from
C:\Documents and Settings\Administrator\troy fix\smitRem

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Pre-run SharedTask Export

(GetSTS.exe) SharedTaskScheduler exporter by Lawrence Abrams (Grinler)
Copyright© 2006 BleepingComputer.com

Registry Pseudo-Format Mode (Not a valid reg file):

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32]
@="%SystemRoot%\system32\browseui.dll"


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32]
@="%SystemRoot%\system32\browseui.dll"


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

checking for ShudderLTD key

ShudderLTD key not present!

checking for PSGuard.com key


PSGuard.com key not present!


checking for WinHound.com key


WinHound.com key not present!

spyaxe uninstaller NOT present
Winhound uninstaller NOT present
SpywareStrike uninstaller NOT present

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Existing Pre-run Files


~~~ Program Files ~~~



~~~ Shortcuts ~~~



~~~ Favorites ~~~



~~~ system32 folder ~~~



~~~ Icons in System32 ~~~



~~~ Windows directory ~~~



~~~ Drive root ~~~


~~~ Miscellaneous Files/folders ~~~




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 760 'explorer.exe'
Killing PID 760 'explorer.exe'

Starting registry repairs

Registry repairs complete

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

SharedTask Export after registry fix

(GetSTS.exe) SharedTaskScheduler exporter by Lawrence Abrams (Grinler)
Copyright© 2006 BleepingComputer.com

Registry Pseudo-Format Mode (Not a valid reg file):

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32]
@="%SystemRoot%\system32\browseui.dll"


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32]
@="%SystemRoot%\system32\browseui.dll"


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Deleting files

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Remaining Post-run Files


~~~ Program Files ~~~



~~~ Shortcuts ~~~



~~~ Favorites ~~~



~~~ system32 folder ~~~



~~~ Icons in System32 ~~~



~~~ Windows directory ~~~



~~~ Drive root ~~~


~~~ Miscellaneous Files/folders ~~~


~~~ Wininet.dll ~~~

CLEAN!

#7 Daemon

Daemon

    Security Expert


  • Members
  • 1,446 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:02:44 AM

Posted 13 February 2006 - 02:07 AM

You are running HijackThis from the Desktop; please create a new folder for it and move the program into the new folder

[*]Make sure that you have no browser windows open as this could prevent the fix from working properly. Open HijackThis, scan and when complete, remove the following entries by checking the box to the left and clicking 'fixed checked':

O2 - BHO: winapi32.MyBHO - {B439D5EB-0A61-4ED9-8C8F-EC4148BB23F7} - C:\WINDOWS\system32\winapi32.dll

Exit HijackThis when done. Reboot, rescan with HijackThis and post a new log here.

Also, go to Jotti's malware scan

Copy and paste the following file path into the "File to upload & scan" box on the top of the page:

C:\WINDOWS\system32\shell386.exe

Click on the submit button. Please post the results in your next reply.
Posted Image

Have I helped you? Please consider donating to help me continue with the fight against malware. Click here

#8 Doughigh

Doughigh
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:44 PM

Posted 13 February 2006 - 09:03 PM

Ok, done

Logfile of HijackThis v1.99.1
Scan saved at 8:49:25 PM, on 2/13/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\PackethSvc.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
F:\Spyware Doctor\sdhelp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\wuauclt.exe
C:\highjackthis\HijackThis.exe

N3 - Netscape 7: user_pref("browser.search.defaultengine", "http://www.google.com/"); (C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\z6c6ro3j.slt\prefs.js)
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINDOWS\system32\Brmfrmps.exe" -service (file missing)
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Virtual NIC Service (PackethSvc) - America Online, Inc. - C:\WINDOWS\system32\PackethSvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - F:\Spyware Doctor\sdhelp.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

#9 Daemon

Daemon

    Security Expert


  • Members
  • 1,446 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:02:44 AM

Posted 25 February 2006 - 10:58 AM

Please post a new HJT log - that one has a lot of entries missing that shouldn't be.

Edited by Daemon, 25 February 2006 - 10:59 AM.

Posted Image

Have I helped you? Please consider donating to help me continue with the fight against malware. Click here

#10 Doughigh

Doughigh
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:44 PM

Posted 25 February 2006 - 09:21 PM

Logfile of HijackThis v1.99.1
Scan saved at 9:09:05 PM, on 2/25/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\PackethSvc.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
F:\Spyware Doctor\sdhelp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Messenger\msmsgs.exe
F:\Spyware Doctor\swdoctor.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\spider.exe
C:\highjackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost;
N3 - Netscape 7: user_pref("browser.search.defaultengine", "http://www.google.com/"); (C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\z6c6ro3j.slt\prefs.js)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINDOWS\system32\Brmfrmps.exe" -service (file missing)
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Virtual NIC Service (PackethSvc) - America Online, Inc. - C:\WINDOWS\system32\PackethSvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - F:\Spyware Doctor\sdhelp.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

#11 Daemon

Daemon

    Security Expert


  • Members
  • 1,446 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:02:44 AM

Posted 26 February 2006 - 04:25 AM

That's clean. Looks like you fixed a lot more with HJT than I told you to but if it's running OK then you are good to go.
Posted Image

Have I helped you? Please consider donating to help me continue with the fight against malware. Click here

#12 Doughigh

Doughigh
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:44 PM

Posted 27 February 2006 - 01:59 PM

It's been flawless since doing your first "fix". I really appreciate what your are doing.

#13 Daemon

Daemon

    Security Expert


  • Members
  • 1,446 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:02:44 AM

Posted 27 February 2006 - 03:23 PM

You're welcome - glad to help :D

To help keep you clean follow the recommendations in the article here:

So how did I get infected?



As this problem has been resolved the topic will be closed. If you need this topic reopened, please email the moderating team - be sure to include the address of the thread and the name you posted under.
Posted Image

Have I helped you? Please consider donating to help me continue with the fight against malware. Click here




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users