Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Nvctrl.exe & Mssearchnet.exe


  • This topic is locked This topic is locked
7 replies to this topic

#1 neotheinner

neotheinner

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:01:10 PM

Posted 04 March 2006 - 11:50 PM

ok here ya go, hope this will help you help me and others! I get switched outta HL2 to desktop to take a look at a stoopid ad, and also get kicked FROM GAME in BF2.


Logfile of HijackThis v1.99.1
Scan saved at 8:48:21 PM, on 3/4/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvctrl.exe
C:\WINDOWS\system32\mssearchnet.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Teamspeak2_RC2\TeamSpeak.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\Chad\LOCALS~1\Temp\Rar$EX00.406\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
O2 - BHO: HomepageBHO - {4da4616d-7e6e-4fd9-a2d5-b6c535733e22} - C:\WINDOWS\system32\hpC340.tmp
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [DhcnUo] C:\WINDOWS\kqvpl.exe
O4 - HKLM\..\Run: [Dh$vš/‚‘fNb‰C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\kqvpl.exe
O4 - HKLM\..\Run: [Spgfal] C:\Program Files\Vaehgi\Zqkm.exe
O4 - HKLM\..\Run: [# {"h'9œ3r WC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\kqvpl.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [HydraVisionDesktopManager] C:\Program Files\ATI Technologies\ATI HydraVision\HydraDM.exe
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LiveMonitor] C:\Program Files\MSI\Live Update 3\LMonitor.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Start WingMan Profiler] "C:\Program Files\Logitech\Profiler\lwemon.exe" /noui
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
O16 - DPF: {B9A296D4-38AC-4566-8168-F7ACAF7D35E6} (Eyeball Video Session Control) - http://imlive.com/ChatSource/gVideoContol.cab
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

Edited by neotheinner, 04 March 2006 - 11:53 PM.


BC AdBot (Login to Remove)

 


#2 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:11:10 PM

Posted 05 March 2006 - 03:16 AM

Hello,

It's better to print out the next instructions or save them in notepad, because you also have to work in safe mode without networking support, so this page wouldn't be available then.
It is also important you don't miss a step and perform everything in the right order!!

I see you don't have an antivirus and firewall installed. This is a real bad idea, because nothing prevents you from getting infected. I also see you never scanned with a decent antispyware scanner before, because I still see traces of old infections present and I know those scanners can delete them.

That's why I want you to install an antivirus and firewall first:

AVG, AntiVir OR Avast are good FREE antivirus.
Never install more than one antivirusscanner or firewall on your system! Several together can give problems and decrease the reliability of it seriously!
Zonealarm, Agnitum Outpost Free OR Kerio are FREE firewalls.

Understanding and using firewalls

* Download smitRem and save the file to your desktop.
Doubleclick it and choose install. This will create a new folder on your desktop with the name smitrem.

* Please download ewido security suite; it is a free version of the program.
  • Install ewido security suite
  • When installing, under "Additional Options" uncheck..
    • Install background guard
    • Install scan via context menu
  • Launch ewido by double-clicking on the icon on your desktop.
  • The program will now open to the main screen.
  • When you run ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment.
  • You will need to update ewido to the latest definition files.
    • On the left hand side of the main screen click update.
    • Then click on Start Update.
  • The update will start and a progress bar will show the updates being installed.
    (the status bar at the bottom will display ("Update successful")
If you are having problems with the updater, you can use this link to manually update ewido.
ewido manual updates
Don't run it yet.

* Please download ATF Cleaner by Atribune.
Do not run it yet.

* Reboot into Safe Mode`: ( without networking support !)
To get into the Safe mode as the computer is booting press and hold your "F8 Key". Use your arrow keys to move to "Safe Mode" and press your Enter key.

* Start HijackThis, close all open windows leaving only HijackThis running. Place a check against each of the following if still present:

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
O2 - BHO: HomepageBHO - {4da4616d-7e6e-4fd9-a2d5-b6c535733e22} - C:\WINDOWS\system32\hpC340.tmp
O4 - HKLM\..\Run: [DhcnUo] C:\WINDOWS\kqvpl.exe
O4 - HKLM\..\Run: [Dh$v/fNbC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\kqvpl.exe
O4 - HKLM\..\Run: [Spgfal] C:\Program Files\Vaehgi\Zqkm.exe
O4 - HKLM\..\Run: [# {"h'9Ӝ3r WC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\kqvpl.exe
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE


* Click on Fix Checked when finished and exit HijackThis.
Make sure your Internet Explorer is closed when you click Fix Checked!

* Using Windows Explorer, locate the following files/folders, and delete them if still present:

C:\WINDOWS\kqvpl.exe
C:\Program Files\Vaehgi <== folder
C:\Program Files\SurfSideKick 3 <== folder
C:\Program Files\ISTsvc <== folder

* Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen.
Wait for the tool to complete and disk cleanup to finish.Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.

* Now open Ewido Security Suite
Click on scanner

* Click Complete System Scan and the scan will begin.
* During the scan it will prompt you to clean files, click OK
* When the scan is finished, look at the bottom of the screen and click the Save report button.
* Save the report to your desktop

* Close Ewido

* Go to start > control panel > Display properties > Desktop > Customize Desktop... > Web tab > uncheck and delete everything you find in there. (except for "My current home page")

* Reboot back into Windows.

* Perform an onlinescan with panda: (please use this scanner instead of any other scanner!)
Panda Online
- Once you are on the Panda site click the Scan your PC button
- A new window will open...click the Check Now button
- Enter your Country
- Enter your State/Province
- Enter your e-mail address and click send
- Select either Home User or Company
- Click the big Scan Now button
- If it wants to install an ActiveX component allow it
- It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
- When download is complete, click on Local Disks to start the scan
- When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.
Post the contents of the Panda scan report in your next reply along with a new HijackThis Log, the contents of smitfiles.txt which is present on your Homedrive (C:\ in most cases)
and the Ewido Log by using Add Reply.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 neotheinner

neotheinner
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:01:10 PM

Posted 05 March 2006 - 10:22 AM

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 6:18:43 AM, 3/5/2006
+ Report-Checksum: BCD79C0E

+ Scan result:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Rotue -> Adware.InternetOptimizer : Cleaned with backup
:mozilla.34:C:\Documents and Settings\Chad\Application Data\Mozilla\Firefox\Profiles\nz7ntwfc.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.35:C:\Documents and Settings\Chad\Application Data\Mozilla\Firefox\Profiles\nz7ntwfc.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.36:C:\Documents and Settings\Chad\Application Data\Mozilla\Firefox\Profiles\nz7ntwfc.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.37:C:\Documents and Settings\Chad\Application Data\Mozilla\Firefox\Profiles\nz7ntwfc.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.38:C:\Documents and Settings\Chad\Application Data\Mozilla\Firefox\Profiles\nz7ntwfc.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.39:C:\Documents and Settings\Chad\Application Data\Mozilla\Firefox\Profiles\nz7ntwfc.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.40:C:\Documents and Settings\Chad\Application Data\Mozilla\Firefox\Profiles\nz7ntwfc.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.41:C:\Documents and Settings\Chad\Application Data\Mozilla\Firefox\Profiles\nz7ntwfc.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.42:C:\Documents and Settings\Chad\Application Data\Mozilla\Firefox\Profiles\nz7ntwfc.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.43:C:\Documents and Settings\Chad\Application Data\Mozilla\Firefox\Profiles\nz7ntwfc.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.44:C:\Documents and Settings\Chad\Application Data\Mozilla\Firefox\Profiles\nz7ntwfc.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.45:C:\Documents and Settings\Chad\Application Data\Mozilla\Firefox\Profiles\nz7ntwfc.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.46:C:\Documents and Settings\Chad\Application Data\Mozilla\Firefox\Profiles\nz7ntwfc.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.47:C:\Documents and Settings\Chad\Application Data\Mozilla\Firefox\Profiles\nz7ntwfc.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.48:C:\Documents and Settings\Chad\Application Data\Mozilla\Firefox\Profiles\nz7ntwfc.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.49:C:\Documents and Settings\Chad\Application Data\Mozilla\Firefox\Profiles\nz7ntwfc.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.50:C:\Documents and Settings\Chad\Application Data\Mozilla\Firefox\Profiles\nz7ntwfc.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.51:C:\Documents and Settings\Chad\Application Data\Mozilla\Firefox\Profiles\nz7ntwfc.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.85:C:\Documents and Settings\Chad\Application Data\Mozilla\Firefox\Profiles\nz7ntwfc.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.86:C:\Documents and Settings\Chad\Application Data\Mozilla\Firefox\Profiles\nz7ntwfc.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.87:C:\Documents and Settings\Chad\Application Data\Mozilla\Firefox\Profiles\nz7ntwfc.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.88:C:\Documents and Settings\Chad\Application Data\Mozilla\Firefox\Profiles\nz7ntwfc.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.89:C:\Documents and Settings\Chad\Application Data\Mozilla\Firefox\Profiles\nz7ntwfc.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.90:C:\Documents and Settings\Chad\Application Data\Mozilla\Firefox\Profiles\nz7ntwfc.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.91:C:\Documents and Settings\Chad\Application Data\Mozilla\Firefox\Profiles\nz7ntwfc.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.92:C:\Documents and Settings\Chad\Application Data\Mozilla\Firefox\Profiles\nz7ntwfc.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.93:C:\Documents and Settings\Chad\Application Data\Mozilla\Firefox\Profiles\nz7ntwfc.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.94:C:\Documents and Settings\Chad\Application Data\Mozilla\Firefox\Profiles\nz7ntwfc.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.95:C:\Documents and Settings\Chad\Application Data\Mozilla\Firefox\Profiles\nz7ntwfc.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.96:C:\Documents and Settings\Chad\Application Data\Mozilla\Firefox\Profiles\nz7ntwfc.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.97:C:\Documents and Settings\Chad\Application Data\Mozilla\Firefox\Profiles\nz7ntwfc.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.98:C:\Documents and Settings\Chad\Application Data\Mozilla\Firefox\Profiles\nz7ntwfc.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.99:C:\Documents and Settings\Chad\Application Data\Mozilla\Firefox\Profiles\nz7ntwfc.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.100:C:\Documents and Settings\Chad\Application Data\Mozilla\Firefox\Profiles\nz7ntwfc.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.101:C:\Documents and Settings\Chad\Application Data\Mozilla\Firefox\Profiles\nz7ntwfc.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.102:C:\Documents and Settings\Chad\Application Data\Mozilla\Firefox\Profiles\nz7ntwfc.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.103:C:\Documents and Settings\Chad\Application Data\Mozilla\Firefox\Profiles\nz7ntwfc.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.104:C:\Documents and Settings\Chad\Application Data\Mozilla\Firefox\Profiles\nz7ntwfc.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.105:C:\Documents and Settings\Chad\Application Data\Mozilla\Firefox\Profiles\nz7ntwfc.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.106:C:\Documents and Settings\Chad\Application Data\Mozilla\Firefox\Profiles\nz7ntwfc.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.107:C:\Documents and Settings\Chad\Application Data\Mozilla\Firefox\Profiles\nz7ntwfc.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.108:C:\Documents and Settings\Chad\Application Data\Mozilla\Firefox\Profiles\nz7ntwfc.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.109:C:\Documents and Settings\Chad\Application Data\Mozilla\Firefox\Profiles\nz7ntwfc.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.110:C:\Documents and Settings\Chad\Application Data\Mozilla\Firefox\Profiles\nz7ntwfc.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.111:C:\Documents and Settings\Chad\Application Data\Mozilla\Firefox\Profiles\nz7ntwfc.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.112:C:\Documents and Settings\Chad\Application Data\Mozilla\Firefox\Profiles\nz7ntwfc.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.115:C:\Documents and Settings\Chad\Application Data\Mozilla\Firefox\Profiles\nz7ntwfc.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.116:C:\Documents and Settings\Chad\Application Data\Mozilla\Firefox\Profiles\nz7ntwfc.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.117:C:\Documents and Settings\Chad\Application Data\Mozilla\Firefox\Profiles\nz7ntwfc.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.118:C:\Documents and Settings\Chad\Application Data\Mozilla\Firefox\Profiles\nz7ntwfc.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.119:C:\Documents and Settings\Chad\Application Data\Mozilla\Firefox\Profiles\nz7ntwfc.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.120:C:\Documents and Settings\Chad\Application Data\Mozilla\Firefox\Profiles\nz7ntwfc.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.121:C:\Documents and Settings\Chad\Application Data\Mozilla\Firefox\Profiles\nz7ntwfc.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.122:C:\Documents and Settings\Chad\Application Data\Mozilla\Firefox\Profiles\nz7ntwfc.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.123:C:\Documents and Settings\Chad\Application Data\Mozilla\Firefox\Profiles\nz7ntwfc.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.124:C:\Documents and Settings\Chad\Application Data\Mozilla\Firefox\Profiles\nz7ntwfc.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.125:C:\Documents and Settings\Chad\Application Data\Mozilla\Firefox\Profiles\nz7ntwfc.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.126:C:\Documents and Settings\Chad\Application Data\Mozilla\Firefox\Profiles\nz7ntwfc.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.127:C:\Documents and Settings\Chad\Application Data\Mozilla\Firefox\Profiles\nz7ntwfc.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.169:C:\Documents and Settings\Chad\Application Data\Mozilla\Firefox\Profiles\nz7ntwfc.default\cookies.txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup
:mozilla.170:C:\Documents and Settings\Chad\Application Data\Mozilla\Firefox\Profiles\nz7ntwfc.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.171:C:\Documents and Settings\Chad\Application Data\Mozilla\Firefox\Profiles\nz7ntwfc.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.190:C:\Documents and Settings\Chad\Application Data\Mozilla\Firefox\Profiles\nz7ntwfc.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.191:C:\Documents and Settings\Chad\Application Data\Mozilla\Firefox\Profiles\nz7ntwfc.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.223:C:\Documents and Settings\Chad\Application Data\Mozilla\Firefox\Profiles\nz7ntwfc.default\cookies.txt -> TrackingCookie.Sextracker : Cleaned with backup
:mozilla.224:C:\Documents and Settings\Chad\Application Data\Mozilla\Firefox\Profiles\nz7ntwfc.default\cookies.txt -> TrackingCookie.Sextracker : Cleaned with backup
:mozilla.225:C:\Documents and Settings\Chad\Application Data\Mozilla\Firefox\Profiles\nz7ntwfc.default\cookies.txt -> TrackingCookie.Sextracker : Cleaned with backup
:mozilla.226:C:\Documents and Settings\Chad\Application Data\Mozilla\Firefox\Profiles\nz7ntwfc.default\cookies.txt -> TrackingCookie.Sextracker : Cleaned with backup
:mozilla.230:C:\Documents and Settings\Chad\Application Data\Mozilla\Firefox\Profiles\nz7ntwfc.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.231:C:\Documents and Settings\Chad\Application Data\Mozilla\Firefox\Profiles\nz7ntwfc.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.232:C:\Documents and Settings\Chad\Application Data\Mozilla\Firefox\Profiles\nz7ntwfc.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.233:C:\Documents and Settings\Chad\Application Data\Mozilla\Firefox\Profiles\nz7ntwfc.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.234:C:\Documents and Settings\Chad\Application Data\Mozilla\Firefox\Profiles\nz7ntwfc.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.235:C:\Documents and Settings\Chad\Application Data\Mozilla\Firefox\Profiles\nz7ntwfc.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.236:C:\Documents and Settings\Chad\Application Data\Mozilla\Firefox\Profiles\nz7ntwfc.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.237:C:\Documents and Settings\Chad\Application Data\Mozilla\Firefox\Profiles\nz7ntwfc.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.238:C:\Documents and Settings\Chad\Application Data\Mozilla\Firefox\Profiles\nz7ntwfc.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.239:C:\Documents and Settings\Chad\Application Data\Mozilla\Firefox\Profiles\nz7ntwfc.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.240:C:\Documents and Settings\Chad\Application Data\Mozilla\Firefox\Profiles\nz7ntwfc.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.241:C:\Documents and Settings\Chad\Application Data\Mozilla\Firefox\Profiles\nz7ntwfc.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.242:C:\Documents and Settings\Chad\Application Data\Mozilla\Firefox\Profiles\nz7ntwfc.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.243:C:\Documents and Settings\Chad\Application Data\Mozilla\Firefox\Profiles\nz7ntwfc.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.244:C:\Documents and Settings\Chad\Application Data\Mozilla\Firefox\Profiles\nz7ntwfc.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.245:C:\Documents and Settings\Chad\Application Data\Mozilla\Firefox\Profiles\nz7ntwfc.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.246:C:\Documents and Settings\Chad\Application Data\Mozilla\Firefox\Profiles\nz7ntwfc.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.247:C:\Documents and Settings\Chad\Application Data\Mozilla\Firefox\Profiles\nz7ntwfc.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.248:C:\Documents and Settings\Chad\Application Data\Mozilla\Firefox\Profiles\nz7ntwfc.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.249:C:\Documents and Settings\Chad\Application Data\Mozilla\Firefox\Profiles\nz7ntwfc.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.250:C:\Documents and Settings\Chad\Application Data\Mozilla\Firefox\Profiles\nz7ntwfc.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.251:C:\Documents and Settings\Chad\Application Data\Mozilla\Firefox\Profiles\nz7ntwfc.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.252:C:\Documents and Settings\Chad\Application Data\Mozilla\Firefox\Profiles\nz7ntwfc.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.253:C:\Documents and Settings\Chad\Application Data\Mozilla\Firefox\Profiles\nz7ntwfc.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.254:C:\Documents and Settings\Chad\Application Data\Mozilla\Firefox\Profiles\nz7ntwfc.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.255:C:\Documents and Settings\Chad\Application Data\Mozilla\Firefox\Profiles\nz7ntwfc.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.256:C:\Documents and Settings\Chad\Application Data\Mozilla\Firefox\Profiles\nz7ntwfc.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.257:C:\Documents and Settings\Chad\Application Data\Mozilla\Firefox\Profiles\nz7ntwfc.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.270:C:\Documents and Settings\Chad\Application Data\Mozilla\Firefox\Profiles\nz7ntwfc.default\cookies.txt -> TrackingCookie.Sextracker : Cleaned with backup
:mozilla.271:C:\Documents and Settings\Chad\Application Data\Mozilla\Firefox\Profiles\nz7ntwfc.default\cookies.txt -> TrackingCookie.Masterstats : Cleaned with backup
:mozilla.276:C:\Documents and Settings\Chad\Application Data\Mozilla\Firefox\Profiles\nz7ntwfc.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup
:mozilla.277:C:\Documents and Settings\Chad\Application Data\Mozilla\Firefox\Profiles\nz7ntwfc.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup
:mozilla.281:C:\Documents and Settings\Chad\Application Data\Mozilla\Firefox\Profiles\nz7ntwfc.default\cookies.txt -> TrackingCookie.Sextracker : Cleaned with backup
:mozilla.313:C:\Documents and Settings\Chad\Application Data\Mozilla\Firefox\Profiles\nz7ntwfc.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.314:C:\Documents and Settings\Chad\Application Data\Mozilla\Firefox\Profiles\nz7ntwfc.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.315:C:\Documents and Settings\Chad\Application Data\Mozilla\Firefox\Profiles\nz7ntwfc.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.336:C:\Documents and Settings\Chad\Application Data\Mozilla\Firefox\Profiles\nz7ntwfc.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned with backup
:mozilla.337:C:\Documents and Settings\Chad\Application Data\Mozilla\Firefox\Profiles\nz7ntwfc.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned with backup
:mozilla.338:C:\Documents and Settings\Chad\Application Data\Mozilla\Firefox\Profiles\nz7ntwfc.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned with backup
:mozilla.339:C:\Documents and Settings\Chad\Application Data\Mozilla\Firefox\Profiles\nz7ntwfc.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned with backup
:mozilla.340:C:\Documents and Settings\Chad\Application Data\Mozilla\Firefox\Profiles\nz7ntwfc.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned with backup
:mozilla.341:C:\Documents and Settings\Chad\Application Data\Mozilla\Firefox\Profiles\nz7ntwfc.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned with backup
:mozilla.342:C:\Documents and Settings\Chad\Application Data\Mozilla\Firefox\Profiles\nz7ntwfc.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned with backup
:mozilla.343:C:\Documents and Settings\Chad\Application Data\Mozilla\Firefox\Profiles\nz7ntwfc.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned with backup
:mozilla.344:C:\Documents and Settings\Chad\Application Data\Mozilla\Firefox\Profiles\nz7ntwfc.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned with backup
:mozilla.345:C:\Documents and Settings\Chad\Application Data\Mozilla\Firefox\Profiles\nz7ntwfc.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned with backup
:mozilla.359:C:\Documents and Settings\Chad\Application Data\Mozilla\Firefox\Profiles\nz7ntwfc.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup
:mozilla.360:C:\Documents and Settings\Chad\Application Data\Mozilla\Firefox\Profiles\nz7ntwfc.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup
:mozilla.394:C:\Documents and Settings\Chad\Application Data\Mozilla\Firefox\Profiles\nz7ntwfc.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
:mozilla.447:C:\Documents and Settings\Chad\Application Data\Mozilla\Firefox\Profiles\nz7ntwfc.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.449:C:\Documents and Settings\Chad\Application Data\Mozilla\Firefox\Profiles\nz7ntwfc.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.477:C:\Documents and Settings\Chad\Application Data\Mozilla\Firefox\Profiles\nz7ntwfc.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.479:C:\Documents and Settings\Chad\Application Data\Mozilla\Firefox\Profiles\nz7ntwfc.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.481:C:\Documents and Settings\Chad\Application Data\Mozilla\Firefox\Profiles\nz7ntwfc.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.545:C:\Documents and Settings\Chad\Application Data\Mozilla\Firefox\Profiles\nz7ntwfc.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.565:C:\Documents and Settings\Chad\Application Data\Mozilla\Firefox\Profiles\nz7ntwfc.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.566:C:\Documents and Settings\Chad\Application Data\Mozilla\Firefox\Profiles\nz7ntwfc.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.567:C:\Documents and Settings\Chad\Application Data\Mozilla\Firefox\Profiles\nz7ntwfc.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.570:C:\Documents and Settings\Chad\Application Data\Mozilla\Firefox\Profiles\nz7ntwfc.default\cookies.txt -> TrackingCookie.Clickbank : Cleaned with backup
:mozilla.571:C:\Documents and Settings\Chad\Application Data\Mozilla\Firefox\Profiles\nz7ntwfc.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.573:C:\Documents and Settings\Chad\Application Data\Mozilla\Firefox\Profiles\nz7ntwfc.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.574:C:\Documents and Settings\Chad\Application Data\Mozilla\Firefox\Profiles\nz7ntwfc.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.575:C:\Documents and Settings\Chad\Application Data\Mozilla\Firefox\Profiles\nz7ntwfc.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.576:C:\Documents and Settings\Chad\Application Data\Mozilla\Firefox\Profiles\nz7ntwfc.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.577:C:\Documents and Settings\Chad\Application Data\Mozilla\Firefox\Profiles\nz7ntwfc.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.578:C:\Documents and Settings\Chad\Application Data\Mozilla\Firefox\Profiles\nz7ntwfc.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.589:C:\Documents and Settings\Chad\Application Data\Mozilla\Firefox\Profiles\nz7ntwfc.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.590:C:\Documents and Settings\Chad\Application Data\Mozilla\Firefox\Profiles\nz7ntwfc.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.591:C:\Documents and Settings\Chad\Application Data\Mozilla\Firefox\Profiles\nz7ntwfc.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.592:C:\Documents and Settings\Chad\Application Data\Mozilla\Firefox\Profiles\nz7ntwfc.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.593:C:\Documents and Settings\Chad\Application Data\Mozilla\Firefox\Profiles\nz7ntwfc.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.594:C:\Documents and Settings\Chad\Application Data\Mozilla\Firefox\Profiles\nz7ntwfc.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.595:C:\Documents and Settings\Chad\Application Data\Mozilla\Firefox\Profiles\nz7ntwfc.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.596:C:\Documents and Settings\Chad\Application Data\Mozilla\Firefox\Profiles\nz7ntwfc.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.597:C:\Documents and Settings\Chad\Application Data\Mozilla\Firefox\Profiles\nz7ntwfc.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned with backup
:mozilla.598:C:\Documents and Settings\Chad\Application Data\Mozilla\Firefox\Profiles\nz7ntwfc.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.599:C:\Documents and Settings\Chad\Application Data\Mozilla\Firefox\Profiles\nz7ntwfc.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.610:C:\Documents and Settings\Chad\Application Data\Mozilla\Firefox\Profiles\nz7ntwfc.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.611:C:\Documents and Settings\Chad\Application Data\Mozilla\Firefox\Profiles\nz7ntwfc.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.612:C:\Documents and Settings\Chad\Application Data\Mozilla\Firefox\Profiles\nz7ntwfc.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup
:mozilla.613:C:\Documents and Settings\Chad\Application Data\Mozilla\Firefox\Profiles\nz7ntwfc.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.614:C:\Documents and Settings\Chad\Application Data\Mozilla\Firefox\Profiles\nz7ntwfc.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.615:C:\Documents and Settings\Chad\Application Data\Mozilla\Firefox\Profiles\nz7ntwfc.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.616:C:\Documents and Settings\Chad\Application Data\Mozilla\Firefox\Profiles\nz7ntwfc.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.617:C:\Documents and Settings\Chad\Application Data\Mozilla\Firefox\Profiles\nz7ntwfc.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.618:C:\Documents and Settings\Chad\Application Data\Mozilla\Firefox\Profiles\nz7ntwfc.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.619:C:\Documents and Settings\Chad\Application Data\Mozilla\Firefox\Profiles\nz7ntwfc.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.620:C:\Documents and Settings\Chad\Application Data\Mozilla\Firefox\Profiles\nz7ntwfc.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.621:C:\Documents and Settings\Chad\Application Data\Mozilla\Firefox\Profiles\nz7ntwfc.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.622:C:\Documents and Settings\Chad\Application Data\Mozilla\Firefox\Profiles\nz7ntwfc.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.623:C:\Documents and Settings\Chad\Application Data\Mozilla\Firefox\Profiles\nz7ntwfc.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.624:C:\Documents and Settings\Chad\Application Data\Mozilla\Firefox\Profiles\nz7ntwfc.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.626:C:\Documents and Settings\Chad\Application Data\Mozilla\Firefox\Profiles\nz7ntwfc.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.635:C:\Documents and Settings\Chad\Application Data\Mozilla\Firefox\Profiles\nz7ntwfc.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.636:C:\Documents and Settings\Chad\Application Data\Mozilla\Firefox\Profiles\nz7ntwfc.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.637:C:\Documents and Settings\Chad\Application Data\Mozilla\Firefox\Profiles\nz7ntwfc.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.638:C:\Documents and Settings\Chad\Application Data\Mozilla\Firefox\Profiles\nz7ntwfc.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.639:C:\Documents and Settings\Chad\Application Data\Mozilla\Firefox\Profiles\nz7ntwfc.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.640:C:\Documents and Settings\Chad\Application Data\Mozilla\Firefox\Profiles\nz7ntwfc.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.641:C:\Documents and Settings\Chad\Application Data\Mozilla\Firefox\Profiles\nz7ntwfc.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.644:C:\Documents and Settings\Chad\Application Data\Mozilla\Firefox\Profiles\nz7ntwfc.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.645:C:\Documents and Settings\Chad\Application Data\Mozilla\Firefox\Profiles\nz7ntwfc.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.646:C:\Documents and Settings\Chad\Application Data\Mozilla\Firefox\Profiles\nz7ntwfc.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.647:C:\Documents and Settings\Chad\Application Data\Mozilla\Firefox\Profiles\nz7ntwfc.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.648:C:\Documents and Settings\Chad\Application Data\Mozilla\Firefox\Profiles\nz7ntwfc.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.649:C:\Documents and Settings\Chad\Application Data\Mozilla\Firefox\Profiles\nz7ntwfc.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.650:C:\Documents and Settings\Chad\Application Data\Mozilla\Firefox\Profiles\nz7ntwfc.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.661:C:\Documents and Settings\Chad\Application Data\Mozilla\Firefox\Profiles\nz7ntwfc.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.662:C:\Documents and Settings\Chad\Application Data\Mozilla\Firefox\Profiles\nz7ntwfc.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.666:C:\Documents and Settings\Chad\Application Data\Mozilla\Firefox\Profiles\nz7ntwfc.default\cookies.txt -> TrackingCookie.Cqcounter : Cleaned with backup
:mozilla.669:C:\Documents and Settings\Chad\Application Data\Mozilla\Firefox\Profiles\nz7ntwfc.default\cookies.txt -> TrackingCookie.Bfast : Cleaned with backup
:mozilla.676:C:\Documents and Settings\Chad\Application Data\Mozilla\Firefox\Profiles\nz7ntwfc.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.684:C:\Documents and Settings\Chad\Application Data\Mozilla\Firefox\Profiles\nz7ntwfc.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup
:mozilla.696:C:\Documents and Settings\Chad\Application Data\Mozilla\Firefox\Profiles\nz7ntwfc.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.697:C:\Documents and Settings\Chad\Application Data\Mozilla\Firefox\Profiles\nz7ntwfc.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.698:C:\Documents and Settings\Chad\Application Data\Mozilla\Firefox\Profiles\nz7ntwfc.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.699:C:\Documents and Settings\Chad\Application Data\Mozilla\Firefox\Profiles\nz7ntwfc.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.700:C:\Documents and Settings\Chad\Application Data\Mozilla\Firefox\Profiles\nz7ntwfc.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.701:C:\Documents and Settings\Chad\Application Data\Mozilla\Firefox\Profiles\nz7ntwfc.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.702:C:\Documents and Settings\Chad\Application Data\Mozilla\Firefox\Profiles\nz7ntwfc.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.705:C:\Documents and Settings\Chad\Application Data\Mozilla\Firefox\Profiles\nz7ntwfc.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup
:mozilla.706:C:\Documents and Settings\Chad\Application Data\Mozilla\Firefox\Profiles\nz7ntwfc.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup
:mozilla.707:C:\Documents and Settings\Chad\Application Data\Mozilla\Firefox\Profiles\nz7ntwfc.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.708:C:\Documents and Settings\Chad\Application Data\Mozilla\Firefox\Profiles\nz7ntwfc.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.710:C:\Documents and Settings\Chad\Application Data\Mozilla\Firefox\Profiles\nz7ntwfc.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.711:C:\Documents and Settings\Chad\Application Data\Mozilla\Firefox\Profiles\nz7ntwfc.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.712:C:\Documents and Settings\Chad\Application Data\Mozilla\Firefox\Profiles\nz7ntwfc.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.713:C:\Documents and Settings\Chad\Application Data\Mozilla\Firefox\Profiles\nz7ntwfc.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.714:C:\Documents and Settings\Chad\Application Data\Mozilla\Firefox\Profiles\nz7ntwfc.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.715:C:\Documents and Settings\Chad\Application Data\Mozilla\Firefox\Profiles\nz7ntwfc.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.716:C:\Documents and Settings\Chad\Application Data\Mozilla\Firefox\Profiles\nz7ntwfc.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.717:C:\Documents and Settings\Chad\Application Data\Mozilla\Firefox\Profiles\nz7ntwfc.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.731:C:\Documents and Settings\Chad\Application Data\Mozilla\Firefox\Profiles\nz7ntwfc.default\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup
:mozilla.732:C:\Documents and Settings\Chad\Application Data\Mozilla\Firefox\Profiles\nz7ntwfc.default\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup
:mozilla.733:C:\Documents and Settings\Chad\Application Data\Mozilla\Firefox\Profiles\nz7ntwfc.default\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup
:mozilla.747:C:\Documents and Settings\Chad\Application Data\Mozilla\Firefox\Profiles\nz7ntwfc.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.748:C:\Documents and Settings\Chad\Application Data\Mozilla\Firefox\Profiles\nz7ntwfc.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.760:C:\Documents and Settings\Chad\Application Data\Mozilla\Firefox\Profiles\nz7ntwfc.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.767:C:\Documents and Settings\Chad\Application Data\Mozilla\Firefox\Profiles\nz7ntwfc.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.770:C:\Documents and Settings\Chad\Application Data\Mozilla\Firefox\Profiles\nz7ntwfc.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.777:C:\Documents and Settings\Chad\Application Data\Mozilla\Firefox\Profiles\nz7ntwfc.default\cookies.txt -> TrackingCookie.Cqcounter : Cleaned with backup
:mozilla.783:C:\Documents and Settings\Chad\Application Data\Mozilla\Firefox\Profiles\nz7ntwfc.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.791:C:\Documents and Settings\Chad\Application Data\Mozilla\Firefox\Profiles\nz7ntwfc.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.816:C:\Documents and Settings\Chad\Application Data\Mozilla\Firefox\Profiles\nz7ntwfc.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.817:C:\Documents and Settings\Chad\Application Data\Mozilla\Firefox\Profiles\nz7ntwfc.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.818:C:\Documents and Settings\Chad\Application Data\Mozilla\Firefox\Profiles\nz7ntwfc.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.825:C:\Documents and Settings\Chad\Application Data\Mozilla\Firefox\Profiles\nz7ntwfc.default\cookies.txt -> TrackingCookie.Paycounter : Cleaned with backup
:mozilla.827:C:\Documents and Settings\Chad\Application Data\Mozilla\Firefox\Profiles\nz7ntwfc.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup
:mozilla.828:C:\Documents and Settings\Chad\Application Data\Mozilla\Firefox\Profiles\nz7ntwfc.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup
:mozilla.837:C:\Documents and Settings\Chad\Application Data\Mozilla\Firefox\Profiles\nz7ntwfc.default\cookies.txt -> TrackingCookie.Coremetrics : Cleaned with backup
:mozilla.882:C:\Documents and Settings\Chad\Application Data\Mozilla\Firefox\Profiles\nz7ntwfc.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned with backup
:mozilla.883:C:\Documents and Settings\Chad\Application Data\Mozilla\Firefox\Profiles\nz7ntwfc.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned with backup
:mozilla.886:C:\Documents and Settings\Chad\Application Data\Mozilla\Firefox\Profiles\nz7ntwfc.default\cookies.txt -> TrackingCookie.Hypertracker : Cleaned with backup
:mozilla.889:C:\Documents and Settings\Chad\Application Data\Mozilla\Firefox\Profiles\nz7ntwfc.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup
:mozilla.890:C:\Documents and Settings\Chad\Application Data\Mozilla\Firefox\Profiles\nz7ntwfc.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup
:mozilla.891:C:\Documents and Settings\Chad\Application Data\Mozilla\Firefox\Profiles\nz7ntwfc.default\cookies.txt -> TrackingCookie.Coremetrics : Cleaned with backup
:mozilla.903:C:\Documents and Settings\Chad\Application Data\Mozilla\Firefox\Profiles\nz7ntwfc.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.919:C:\Documents and Settings\Chad\Application Data\Mozilla\Firefox\Profiles\nz7ntwfc.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.924:C:\Documents and Settings\Chad\Application Data\Mozilla\Firefox\Profiles\nz7ntwfc.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.925:C:\Documents and Settings\Chad\Application Data\Mozilla\Firefox\Profiles\nz7ntwfc.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.926:C:\Documents and Settings\Chad\Application Data\Mozilla\Firefox\Profiles\nz7ntwfc.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.936:C:\Documents and Settings\Chad\Application Data\Mozilla\Firefox\Profiles\nz7ntwfc.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup
:mozilla.937:C:\Documents and Settings\Chad\Application Data\Mozilla\Firefox\Profiles\nz7ntwfc.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup
:mozilla.954:C:\Documents and Settings\Chad\Application Data\Mozilla\Firefox\Profiles\nz7ntwfc.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.955:C:\Documents and Settings\Chad\Application Data\Mozilla\Firefox\Profiles\nz7ntwfc.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.976:C:\Documents and Settings\Chad\Application Data\Mozilla\Firefox\Profiles\nz7ntwfc.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.982:C:\Documents and Settings\Chad\Application Data\Mozilla\Firefox\Profiles\nz7ntwfc.default\cookies.txt -> TrackingCookie.Spylog : Cleaned with backup
:mozilla.987:C:\Documents and Settings\Chad\Application Data\Mozilla\Firefox\Profiles\nz7ntwfc.default\cookies.txt -> TrackingCookie.Centrport : Cleaned with backup
:mozilla.988:C:\Documents and Settings\Chad\Application Data\Mozilla\Firefox\Profiles\nz7ntwfc.default\cookies.txt -> TrackingCookie.Centrport : Cleaned with backup
:mozilla.992:C:\Documents and Settings\Chad\Application Data\Mozilla\Firefox\Profiles\nz7ntwfc.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\Chad\Cookies\chad@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Chad\Cookies\chad@ads.addynamix[1].txt -> TrackingCookie.Addynamix : Cleaned with backup
C:\Documents and Settings\Chad\Cookies\chad@trafficmp[2].txt -> TrackingCookie.Trafficmp : Cleaned with backup
C:\Program Files\Distpage\Cache\00006d69_43fe04f7_000a037a -> Not-A-Virus.Exploit.HTML.Mht : Cleaned with backup
C:\Program Files\YourSiteBar -> Adware.YourSiteBar : Cleaned with backup
C:\Program Files\YourSiteBar\imagemap_normal.bmp -> Adware.YourSiteBar : Cleaned with backup
C:\Program Files\YourSiteBar\version.txt -> Adware.YourSiteBar : Cleaned with backup



Incident Status Location

Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Chad\Application Data\Mozilla\Firefox\Profiles\nz7ntwfc.default\Cache\0C4879FCd01[Process.exe]
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Chad\Application Data\Mozilla\Firefox\Profiles\nz7ntwfc.default\cookies.txt[]
Spyware:spyware/surfsidekick Not disinfected C:\Documents and Settings\Chad\Application Data\Sskcwrd.dll
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\Chad\Cookies\chad@888[1].txt
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\Chad\Cookies\chad@888[2].txt
Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\Chad\Cookies\chad@adopt.hbmediapro[2].txt
Spyware:Cookie/Cassava Not disinfected C:\Documents and Settings\Chad\Cookies\chad@cassava[1].txt
Spyware:Cookie/did-it Not disinfected C:\Documents and Settings\Chad\Cookies\chad@did-it[1].txt
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Chad\Cookies\chad@trafficmp[2].txt
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\Chad\Cookies\chad@z1.adserver[1].txt
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Chad\Desktop\smitRem\Process.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Chad\Desktop\smitRem.exe[Process.exe]

C:\Program Files\YourSiteBar\yoursitebar.xml -> Adware.YourSiteBar : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\movie.ocx -> Downloader.Agent.ex : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\ysbactivex.dll -> Downloader.IstBar : Cleaned with backup


::Report End



Logfile of HijackThis v1.99.1
Scan saved at 7:21:51 AM, on 3/5/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\ATI Technologies\ATI HydraVision\HydraDM.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Logitech\Profiler\lwemon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\DOCUME~1\Chad\LOCALS~1\Temp\Rar$EX00.562\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [Spgfal] C:\Program Files\Vaehgi\Zqkm.exe
O4 - HKLM\..\Run: [# {"h'9Ӝ3r WC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\kqvpl.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [HydraVisionDesktopManager] C:\Program Files\ATI Technologies\ATI HydraVision\HydraDM.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LiveMonitor] C:\Program Files\MSI\Live Update 3\LMonitor.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Start WingMan Profiler] "C:\Program Files\Logitech\Profiler\lwemon.exe" /noui
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B9A296D4-38AC-4566-8168-F7ACAF7D35E6} (Eyeball Video Session Control) - http://imlive.com/ChatSource/gVideoContol.cab
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - H+BEDV Datentechnik GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

#4 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:11:10 PM

Posted 05 March 2006 - 10:33 AM

Hello,

You forgot some steps. I see you didn't run ATF cleaner in the way it was asked and you forgot to check and fix some of the items in hijackthis.
Please extract your hijackthis first, because you are still running it from its unextracted folder.

* Start HijackThis, close all open windows leaving only HijackThis running. Place a check against each of the following:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
O4 - HKLM\..\Run: [Spgfal] C:\Program Files\Vaehgi\Zqkm.exe
O4 - HKLM\..\Run: [# {"h'9Ӝ3r WC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\kqvpl.exe
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe


* Click on Fix Checked when finished and exit HijackThis.
Make sure your Internet Explorer is closed when you click Fix Checked!

Delete this file: C:\Documents and Settings\Chad\Application Data\Sskcwrd.dll

Can you also post the log from smitrem please as I asked you before? You'll find it on your C:\ with the name smitfiles.txt

So post the smitfiles.txt and a new hijackthislog in your next reply.

Edited by miekiemoes, 05 March 2006 - 10:34 AM.

AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#5 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:11:10 PM

Posted 05 March 2006 - 12:04 PM

Extra instruction...
By the way, you are also still dealing with another infection though, which is responsible for popups all the time.

This entry in your Ewido log reveals it:
C:\Program Files\Distpage\Cache\00006d69_43fe04f7_000a037a -> Not-A-Virus.Exploit.HTML.Mht : Cleaned with backup

This is the apropos rootkit.

So perform next as well:

Please download AproposFix from here:
http://swandog46.geekstogo.com/aproposfix.exe

Save it to your desktop but do NOT run it yet.

Then please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.

I can't stress enough how important it is this has to be performed in safe mode, because this infection is only visible in safe mode.

Once in Safe Mode, please double-click aproposfix.exe.
This will create a new folder on your desktop called aproposfix.
Open the aproposfix folder on your desktop and run RunThis.bat. Follow the prompts.

When the tool is finished, please reboot back into normal mode, and post a new HijackThis log, along with the entire contents of the log.txt file in the aproposfix folder and the log from smitrem (C:\smitfiles.txt)
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#6 neotheinner

neotheinner
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:01:10 PM

Posted 05 March 2006 - 12:23 PM

Log of AproposFix v1.1

************

Running from directory:
C:\Documents and Settings\Chad\Desktop\aproposfix

************



Registry entries found:

[HKEY_LOCAL_MACHINE\Software\CtTe9AHrYR59]
@="7NJP3SWbccbccdcx3p68sbccbrec7x.s:73cTZTUFNihcESJWFSTcUPTZEDBNdTZT"
"Device"="\\\\.\\ISAVXD"
"DriverPath"="C:\\WINDOWS\\system32\\drivers\\tosydcam.sys"
"DriverName"="WmioSrv"
"HideUninstallerName"="C:\\Program Files\\Distpage\\uspdap32.exe"
"HDll"="C:\\WINDOWS\\system32\\tapnwcfg.dll"
"ServerAddress"="adchannel.contextplus.net"
"LegalNote"="http://adchannel.contextplus.net/legal-note/nonbranded.html"
"PartnerId"="WB.OLD"
"InstallationId"="{H4b1ebe4-9158-7a55-3e20-f0d0d8ab9dba}"
"PageFiltering"=dword:00000001
"ClientName"="C:\\Program Files\\Distpage\\bitquota.exe"
"AutoUpdater"="C:\\WINDOWS\\system32\\wininben.exe"
"Version"="2.0.131"
"CrMnTmt"=dword:0036ee80
--
[HKEY_LOCAL_MACHINE\Software\CtTe9AHrYR59]
@="7NJP3SWbccbccdcx3p68sbccbrec7x.s:73cTZTUFNihcESJWFSTcUPTZEDBNdTZT"
"Device"="\\\\.\\ISAVXD"
"DriverPath"="C:\\WINDOWS\\system32\\drivers\\tosydcam.sys"
"DriverName"="WmioSrv"
"HideUninstallerName"="C:\\Program Files\\Distpage\\uspdap32.exe"
"HDll"="C:\\WINDOWS\\system32\\tapnwcfg.dll"
"ServerAddress"="adchannel.contextplus.net"
"LegalNote"="http://adchannel.contextplus.net/legal-note/nonbranded.html"
"PartnerId"="WB.OLD"
"InstallationId"="{H4b1ebe4-9158-7a55-3e20-f0d0d8ab9dba}"
"PageFiltering"=dword:00000001
"ClientName"="C:\\Program Files\\Distpage\\bitquota.exe"
"AutoUpdater"="C:\\WINDOWS\\system32\\wininben.exe"
"Version"="2.0.131"
"CrMnTmt"=dword:0036ee80

************

Removing hidden service:
Service WmioSrv removed.

Removing hidden folder:



didn't run smitrem again but here's the log....


smitRem log file
version 2.8

by noahdfear


Microsoft Windows XP [Version 5.1.2600]
The current date is: Sun 03/05/2006
The current time is: 1:27:01.46

Running from
C:\Documents and Settings\Chad\Desktop\smitRem

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Pre-run SharedTask Export

(GetSTS.exe) SharedTaskScheduler exporter by Lawrence Abrams (Grinler)
Copyright© 2006 BleepingComputer.com

Registry Pseudo-Format Mode (Not a valid reg file):

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32]
@="%SystemRoot%\System32\browseui.dll"


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32]
@="%SystemRoot%\System32\browseui.dll"


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

checking for ShudderLTD key

ShudderLTD key not present!

checking for PSGuard.com key


PSGuard.com key not present!


checking for WinHound.com key


WinHound.com key not present!

spyaxe uninstaller NOT present
Winhound uninstaller NOT present
SpywareStrike uninstaller NOT present

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Existing Pre-run Files


~~~ Program Files ~~~



~~~ Shortcuts ~~~



~~~ Favorites ~~~



~~~ system32 folder ~~~

1024 dir
msvol.tlb
ld****.tmp
ncompat.tlb
hp***.tmp


~~~ Icons in System32 ~~~



~~~ Windows directory ~~~



~~~ Drive root ~~~


~~~ Miscellaneous Files/folders ~~~




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 784 'explorer.exe'

Starting registry repairs

Registry repairs complete

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

SharedTask Export after registry fix

(GetSTS.exe) SharedTaskScheduler exporter by Lawrence Abrams (Grinler)
Copyright© 2006 BleepingComputer.com

Registry Pseudo-Format Mode (Not a valid reg file):

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32]
@="%SystemRoot%\System32\browseui.dll"


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32]
@="%SystemRoot%\System32\browseui.dll"


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Deleting files

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Remaining Post-run Files


~~~ Program Files ~~~



~~~ Shortcuts ~~~



~~~ Favorites ~~~



~~~ system32 folder ~~~



~~~ Icons in System32 ~~~



~~~ Windows directory ~~~



~~~ Drive root ~~~


~~~ Miscellaneous Files/folders ~~~


~~~ Wininet.dll ~~~

CLEAN! :thumbsup:





Logfile of HijackThis v1.99.1
Scan saved at 9:22:24 AM, on 3/5/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI HydraVision\HydraDM.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Logitech\Profiler\lwemon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\DOCUME~1\Chad\LOCALS~1\Temp\Rar$EX00.719\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [Spgfal] C:\Program Files\Vaehgi\Zqkm.exe
O4 - HKLM\..\Run: [# {"h'9Ӝ3r WC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\kqvpl.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [HydraVisionDesktopManager] C:\Program Files\ATI Technologies\ATI HydraVision\HydraDM.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LiveMonitor] C:\Program Files\MSI\Live Update 3\LMonitor.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Start WingMan Profiler] "C:\Program Files\Logitech\Profiler\lwemon.exe" /noui
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B9A296D4-38AC-4566-8168-F7ACAF7D35E6} (Eyeball Video Session Control) - http://imlive.com/ChatSource/gVideoContol.cab
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - H+BEDV Datentechnik GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

#7 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:11:10 PM

Posted 05 March 2006 - 12:34 PM

Hi,

I have a question, when you use hijackthis, did you click on fix checked below? Because I still see those entries present in your log. You also didn't extract hijackthis to a permanent folder as I asked you.

Please perform next again:

* Start HijackThis, close all open windows leaving only HijackThis running. Place a check against each of the following:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
O4 - HKLM\..\Run: [Spgfal] C:\Program Files\Vaehgi\Zqkm.exe
O4 - HKLM\..\Run: [# {"h'9Ӝ3r WC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\kqvpl.exe
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe

* Click on Fix Checked when finished and exit HijackThis.
Make sure your Internet Explorer is closed when you click Fix Checked!


Post a new hijackthis -log afterwards.
When you click fix checked in hijackthis after checking above entries, is there a program in the background giving an alert? Because I see Spyware doctor present there, that can prevent the hijackthisfixes, so, if any program gives an alert, you have to allow it instead of blocking it.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#8 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:11:10 PM

Posted 12 March 2006 - 04:05 PM

Due to the lack of feedback, this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users