Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help With Adware Deltion


  • This topic is locked This topic is locked
7 replies to this topic

#1 orpheusofpatrix2

orpheusofpatrix2

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:08:47 AM

Posted 19 June 2006 - 07:12 PM

Here's my HijackThis Logs, it would be great if you could help me figure out what is it I need to delete and how, thanks!

Logfile of HijackThis v1.99.1
Scan saved at 5:02:14 PM, on 6/19/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\McAfee\McAfee AntiSpyware\Msssrv.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wmiapsrv.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\zHotkey.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Common Files\AOL\1144977085\ee\AOLSoftware.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\McAfee\McAfee AntiSpyware\MssCli.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\iTunes\iTunes.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\ipwins\ipwins.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Plaxo\2.6.2.13\PlaxoHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\syvty.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,ducxjrs.exe
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1144977085\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [Mixersel] C:\Program Files\Realtek\InstallShield\mixersel.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [_AntiSpyware] C:\Program Files\McAfee\McAfee AntiSpyware\MssCli.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\\PSDrvCheck.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [IpWins] C:\Program Files\ipwins\ipwins.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\2.6.2.13\PlaxoHelper.exe -a
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0\AOL.EXE" -b
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: Install Pending Files.LNK = C:\Program Files\SIFXINST\SIFXINST.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll
O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (DownloadManager Control) - http://dlmanager.akamaitools.com.edgesuite...vex-2.0.5.0.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: IPConfTSP - C:\WINDOWS\system32\h44m0eh1eh4.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\IA\command.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: lxcg_device - Unknown owner - C:\WINDOWS\system32\lxcgcoms.exe
O23 - Service: McAfee AntiSpyware Real-Time Scanner (McAfeeAntiSpyware) - Network Associates, Inc. - C:\Program Files\McAfee\McAfee AntiSpyware\Msssrv.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Microsoft WMI Performance Adapter AddOn (WMIPerAddOn) - Unknown owner - C:\WINDOWS\wmiapsrv.exe

BC AdBot (Login to Remove)

 


#2 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:05:47 PM

Posted 20 June 2006 - 07:55 AM

Hello there,

It is a good idea to print off these instructions - they will be needed later when internet access is not available. You may also like to save these instructions in word/notepad to the desktop where they can be easily found for the same reasons as above.
It is important that you complete the following instructions in the correct order, and also that you don't miss anything out!

Click on start > run and type the following commands then press enter:

- sc delete cmdService (enter)

- sc delete "Network Monitor" (enter)

Click on start, then control panel, and then double-click on add/remove programs. From within add/remove program uninstall the following if they exist by double-clicking on the following entries:

Network Monitor
Command Service
Ipwins


Download Brute Force Uninstaller to your C:\
  • Unzip it to a folder of its own (C:\BFU). So BFU should be on your root. In most cases this is C:\
  • Download qoofix.bat (rightclick on this link and choose save as)
  • Place qoofix.bat in your C:\BFU - folder. (Important!)
  • Doubleclick qooFix.bat, Close all browsers and explorer folders.
  • Choose option 1 (Qoolfix autofix) and follow the prompts.
  • Please be patient, it will take about five minutes.
* Please download Ewido anti-malware ; it is a free version of the program.
  • Install ewido security suite
  • When installing, under "Additional Options" uncheck..
    • Install background guard
    • Install scan via context menu
  • Launch ewido by double-clicking on the icon on your desktop.
  • The program will now open to the main screen.
  • When you run ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment.
  • You will need to update ewido to the latest definition files.
    • On the left hand side of the main screen click update.
    • Then click on Start Update.
  • The update will start and a progress bar will show the updates being installed.
    (the status bar at the bottom will display ("Update successful")
If you are having problems with the updater, you can use this link to manually update ewido.
ewido manual updates
Don't run it yet.

Reboot into SAFE MODE
By pressing the F8 key right when Windows starts, usually right after you hear your computer
beep when you reboot it (some versions of windows will display 'Starting Windows' with a grey progress bar)
you will be brought to a menu where you can choose to boot into safe mode.

*Now start a new scan with HJT and place a checkmark next to each of the following items (if present):

R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\syvty.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,ducxjrs.exe
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [IpWins] C:\Program Files\ipwins\ipwins.exe
O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll
O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll
O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (DownloadManager Control) - http://dlmanager.akamaitools.com.edgesuite...vex-2.0.5.0.cab
O20 - Winlogon Notify: IPConfTSP - C:\WINDOWS\system32\h44m0eh1eh4.dll
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\IA\command.exe (file missing)
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)


* Make sure your Internet Explorer is closed and click on "Fix Checked" and exit HijackThis when finished.

* Using Windows Explorer, locate the following files/folders, and delete them if still present:

C:\Program Files\ipwins <--folder
C:\WINDOWS\system32\dmonwv.dll

* Open Ewido anti-malware
Click on scanner
  • Click Complete System Scan and the scan will begin.
  • During the scan it will prompt you to clean files, click OK
  • When the scan is finished, look at the bottom of the screen and click the Save report button.
  • Save the report to your desktop
Close Ewido

* Please reboot back to normal mode and post a new Hijackthis log and the ewido log.
David

Edited by D-Trojanator, 20 June 2006 - 07:56 AM.


#3 orpheusofpatrix2

orpheusofpatrix2
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:08:47 AM

Posted 21 June 2006 - 12:55 PM

Thanks! Very detailed and specific instructions were very helpful for me, and I think things are better, but here are the logs.

Ewido

---------------------------------------------------------
---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 10:38:40 AM 6/21/2006

+ Scan result:



C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\2XWVUHK5\AppWrap[1].exe -> Adware.AdURL : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\WDUNKXUJ\AppWrap[1].exe -> Adware.AdURL : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\bw2.com -> Adware.AdURL : Cleaned with backup (quarantined).
C:\WINDOWS\icont.exe -> Adware.AdURL : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\temp.fr2134 -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\temp.fr97C2 -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\temp.frA18D -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINDOWS\system32\dn2m01f1e.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINDOWS\system32\en4ul1h91.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINDOWS\system32\enj6l11s1.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINDOWS\system32\enr4l19q1.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINDOWS\system32\f00olad31d0.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINDOWS\system32\fn4021hmg.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINDOWS\system32\fpn0035me.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINDOWS\system32\g4jo0e13eh.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINDOWS\system32\guard.tmp -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINDOWS\system32\hrj4051qe.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINDOWS\system32\hrj8051ue.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINDOWS\system32\ir04l5dq1.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINDOWS\system32\j4l40e3qeh.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINDOWS\system32\l4r00e9meh.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINDOWS\system32\l62slgf7162.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINDOWS\system32\lv0q09d5e.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINDOWS\system32\lv0s09d7e.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINDOWS\system32\lv4209hoe.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINDOWS\system32\lvno0953e.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINDOWS\system32\lvp0097me.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINDOWS\system32\m0rmla911d.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINDOWS\system32\m2ls0c37ef.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINDOWS\system32\m6nqlg5516.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINDOWS\system32\o2840clqefqe0.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINDOWS\system32\o4ro0e93eh.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINDOWS\system32\q0nu0a59ed.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\X1KIGEUG\NNSCAA638[1].EXE -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\NNSCAA638.EXE -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\WINDOWS\NDNuninstall6_38.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\WINDOWS\NDNuninstall7_22.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\WINDOWS\system32\nyypmyad.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\iD9.tmp -> Adware.SurfSide : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\u23A.tmp -> Adware.SurfSide : Cleaned with backup (quarantined).
HKLM\SOFTWARE\SurfSideKick3 -> Adware.SurfSide : Cleaned with backup (quarantined).
HKLM\SOFTWARE\SurfSideKick3\Internet Explorer -> Adware.SurfSide : Cleaned with backup (quarantined).
HKU\.DEFAULT\Software\SurfSideKick3 -> Adware.SurfSide : Cleaned with backup (quarantined).
HKU\.DEFAULT\Software\SurfSideKick3\Internet Explorer -> Adware.SurfSide : Cleaned with backup (quarantined).
HKU\S-1-5-18\Software\SurfSideKick3 -> Adware.SurfSide : Cleaned with backup (quarantined).
HKU\S-1-5-18\Software\SurfSideKick3\Internet Explorer -> Adware.SurfSide : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\9U2A4S2Q\drsmartload45a[1].exe -> Downloader.Adload.bq : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\X1KIGEUG\drsmartload44a[1].exe -> Downloader.Adload.bq : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\XKTYQQU4\drsmartload46a[1].exe -> Downloader.Adload.bq : Cleaned with backup (quarantined).
C:\WINDOWS\drsmartload45a.exe -> Downloader.Adload.bq : Cleaned with backup (quarantined).
C:\WINDOWS\drsmartload46a.exe -> Downloader.Adload.bq : Cleaned with backup (quarantined).
C:\drsmartload45a.exe -> Downloader.Adload.bq : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\0T5Q5D4B\drsmartload[1].exe -> Downloader.Adload.br : Cleaned with backup (quarantined).
C:\drsmartload1.exe -> Downloader.Adload.br : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\0T5Q5D4B\!update-3820[1].0000 -> Downloader.PurityScan.cl : Cleaned with backup (quarantined).
C:\Program Files\Аdobe\arpa.exe -> Downloader.PurityScan.cl : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\!update.exe -> Downloader.PurityScan.cl : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\XKTYQQU4\installerwnus[1].exe -> Downloader.Qoologic.at : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\XKTYQQU4\104[1].avi -> Downloader.Small.buy : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\X1KIGEUG\103[1].avi -> Downloader.TSUpdate.o : Cleaned with backup (quarantined).
C:\WINDOWS\visfx500.exe -> Dropper.Agent.aie : Cleaned with backup (quarantined).
:mozilla.418:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.419:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.10:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\rmskypax.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.11:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\rmskypax.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.481:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.482:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.483:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.484:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.485:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.486:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.487:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.488:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.489:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.490:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.491:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.492:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.493:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.494:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.495:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.496:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.499:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.500:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.504:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.505:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.506:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.507:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.508:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.509:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.510:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.511:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.512:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.513:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.514:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.515:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.516:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.517:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.518:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.519:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.520:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.521:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.522:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.523:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.524:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.525:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.526:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.527:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.528:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.529:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.536:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.736:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.740:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@pinnaclesystems.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@partygaming.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\WINDOWS\Temp\Cookies\owner@partygaming.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.331:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.Addynamix : Cleaned.
:mozilla.332:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.Addynamix : Cleaned.
:mozilla.641:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.642:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.586:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.587:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.588:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.589:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.590:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.591:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.597:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.Adserver : Cleaned.
:mozilla.598:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.Adserver : Cleaned.
:mozilla.108:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.110:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.112:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.118:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.119:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.120:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.15:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\rmskypax.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.16:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\rmskypax.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.17:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\rmskypax.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.18:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\rmskypax.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@advertising[1].txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.14:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\rmskypax.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.63:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.760:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.Bfast : Cleaned.
:mozilla.477:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned.
:mozilla.364:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.365:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.366:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.462:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.465:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.466:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.187:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.188:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.189:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.190:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.191:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.192:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.193:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.196:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.757:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.Clickbank : Cleaned.
:mozilla.10:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.8:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.9:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned.
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned.
C:\WINDOWS\Temp\Cookies\owner@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.12:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\rmskypax.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.75:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@doubleclick[2].txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.687:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.Enhance : Cleaned.
:mozilla.344:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.Epilot : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Cleaned.
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.11:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.12:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.13:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.14:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.15:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.16:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.17:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.453:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.454:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.455:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.456:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.457:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.6:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.7:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.197:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.198:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.199:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.200:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.201:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.202:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.203:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.472:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.Findwhat : Cleaned.
:mozilla.616:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.Goclick : Cleaned.
:mozilla.617:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.Goclick : Cleaned.
:mozilla.292:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.293:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.294:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.389:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.624:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.683:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@kmpads[1].txt -> TrackingCookie.Kmpads : Cleaned.
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@kmpads[2].txt -> TrackingCookie.Kmpads : Cleaned.
C:\WINDOWS\Temp\Cookies\owner@kmpads[1].txt -> TrackingCookie.Kmpads : Cleaned.
:mozilla.209:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.210:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.211:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.212:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.35:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.36:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.37:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.38:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.645:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.646:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.351:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.352:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.227:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.Myaffiliateprogram : Cleaned.
:mozilla.228:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.Myaffiliateprogram : Cleaned.
:mozilla.229:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.Myaffiliateprogram : Cleaned.
:mozilla.230:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.Myaffiliateprogram : Cleaned.
:mozilla.232:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.Myaffiliateprogram : Cleaned.
:mozilla.233:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.Myaffiliateprogram : Cleaned.
:mozilla.234:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.Myaffiliateprogram : Cleaned.
:mozilla.467:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.468:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.469:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.64:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.65:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.66:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.67:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.68:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.225:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned.
:mozilla.226:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned.
:mozilla.22:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\rmskypax.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.23:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\rmskypax.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.435:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.437:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.438:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.439:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.370:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.371:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.374:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.375:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.377:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.378:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.72:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.73:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.74:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.76:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.77:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.78:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.79:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.80:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.81:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.337:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.338:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.339:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.340:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.341:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.342:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.678:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.679:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.680:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.681:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.305:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.306:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.661:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.662:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.537:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.538:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.539:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.540:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@adopt.specificclick[1].txt -> TrackingCookie.Specificclick : Cleaned.
C:\WINDOWS\Temp\Cookies\owner@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : Cleaned.
C:\WINDOWS\Temp\Cookies\owner@h.starware[1].txt -> TrackingCookie.Starware : Cleaned.
C:\WINDOWS\Temp\Cookies\owner@try.starware[1].txt -> TrackingCookie.Starware : Cleaned.
:mozilla.691:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.692:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.693:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.694:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.695:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.696:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.697:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.698:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.699:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.700:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.701:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.702:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.703:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.704:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.705:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.706:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.707:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.708:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.709:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.710:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.711:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.712:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.713:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.714:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.715:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.716:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.717:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.718:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.719:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.159:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.160:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.161:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.162:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.163:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.164:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.390:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.391:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.733:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@anad.tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@anat.tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.312:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.Tracking101 : Cleaned.
:mozilla.313:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.Tracking101 : Cleaned.
:mozilla.626:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.627:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.628:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.629:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.174:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.175:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.176:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.177:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.178:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.179:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.180:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.181:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.182:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.183:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.353:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.354:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.355:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.356:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.357:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.358:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.359:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.360:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.361:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.362:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.363:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.382:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.18:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.19:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.20:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox

Edited by orpheusofpatrix2, 21 June 2006 - 12:59 PM.


#4 orpheusofpatrix2

orpheusofpatrix2
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:08:47 AM

Posted 21 June 2006 - 01:01 PM

Cont..

:mozilla.21:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.22:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.23:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.24:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.25:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.27:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.28:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.29:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.30:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.31:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.32:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\WINDOWS\Temp\Cookies\owner@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.319:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.320:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.321:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.322:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.323:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.324:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.325:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mor5020f.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.


::Report end

Logfile of HijackThis v1.99.1
Scan saved at 10:50:41 AM, on 6/21/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\McAfee\McAfee AntiSpyware\Msssrv.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\Security Center\SymSCUI.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\zHotkey.exe
C:\Program Files\Common Files\AOL\1144977085\ee\AOLSoftware.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\McAfee\McAfee AntiSpyware\MssCli.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
c:\program files\common files\aol\1144977085\ee\aim6.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Plaxo\2.6.2.13\PlaxoHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1144977085\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [Mixersel] C:\Program Files\Realtek\InstallShield\mixersel.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [_AntiSpyware] C:\Program Files\McAfee\McAfee AntiSpyware\MssCli.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\\PSDrvCheck.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [chihyk] C:\WINDOWS\system32\cpepym.exe reg_run
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\2.6.2.13\PlaxoHelper.exe -a
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0\AOL.EXE" -b
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [xepia] C:\WINDOWS\system32\cpepym.exe reg_run
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: Install Pending Files.LNK = C:\Program Files\SIFXINST\SIFXINST.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: lxcg_device - Unknown owner - C:\WINDOWS\system32\lxcgcoms.exe
O23 - Service: McAfee AntiSpyware Real-Time Scanner (McAfeeAntiSpyware) - Network Associates, Inc. - C:\Program Files\McAfee\McAfee AntiSpyware\Msssrv.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Microsoft WMI Performance Adapter AddOn (WMIPerAddOn) - Unknown owner - C:\WINDOWS\wmiapsrv.exe (file missing)

#5 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:05:47 PM

Posted 21 June 2006 - 01:24 PM

Hey there,

Things are looking better but one infection is being stubbourn, so we need to run a few more scans to uncover the bad files:

Download FindQool.zip save it to your C:\.
http://downloads.subratam.org/Lon/FindQool.zip

Extract (unzip) the files inside into their own folder called FindQool.
Read here how to unzip/extract properly:
http://metallica.geekstogo.com/xpcompressedexplanation.html

This folder should be present on your C:\
In case it's not present there, move the FindQool folder to C:\ otherwise it won't work.
Then open the FindQool folder.
Locate and double-click the Qlocate.bat file to run it.

This will scan your system.
Wait until a text opens.
Post this in your next reply

Please download and Save blacklight to your C:\ Important!!.
F-Secure Blacklight: http://www.f-secure.com/blacklight/try.shtml
Then go to start > run and copy and paste next command in the field:

C:\blbeta.exe /expert

This should open your blacklight.
click > scan then > next,
You'll see a list of all items found.
Don't choose for rename yet! I want to see the log first, because legit items can also be present there...
There must be also a log on your C:\ with the name fsbl.xxxxxxx.log (the xxxxxxx stand for numbers)
Please post that in your next reply also.

* Download Combofix to your desktop.
Doubleclick combo.exe
Follow the prompts.
Don't click on the window while the fix is running, because that will cause your system to hang.
When finished, it should produce a log, combofix.txt.
Post this log in your next reply together with a new hijackthislog, the findqoo log and the blacklight log.

David

#6 orpheusofpatrix2

orpheusofpatrix2
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:08:47 AM

Posted 21 June 2006 - 03:04 PM

Thankss

The blacklight didn't work because it "could not acqure necassary privleges (SeDebugPrivilege) -You computer setting may prevent acquring these privileges. -A malicious program might have disabled these privileges..."

But here are the other two logs

Wed 06/21/2006
Running from: C:\FindQool
PLEASE NOTE: LEGIT FILES MIGHT BE LISTED. IF YOU ARE UNSURE OF WHAT IS LISTED LEAVE THEM ALONE.

Known file names

MD5 Check....

Files found with locate com.
Re-check using dir /a:-d
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
...

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\PowerISO]
@="{967B2D40-8B7D-4127-9049-61EA0C2C6DCE}"


...
Runs, Listed here as a Doublecheck for the locate com results
HKLM
HKCU
...

Files In Winlogon shell and userinit
Listed here as a Doublecheck for the locate com results
shell REG_SZ explorer.exe
userinit REG_SZ c:\windows\system32\userinit.exe,
...
SWReg utility
Written by Bobbi Flekman 2005
Findqool edited 17/05/2006

Start Time= Wed 06/21/2006 12:39:06.78
Running from: C:\DOCUME~1\OWNER\DESKTOP\COMBOFIX.EXE

(((((((((((((((((((((((((((((((((((((((((((((((( Qoologic's Log ))))))))))))))))))))))))))))))))))))))))))))))))))))))

12:43:21.95

* * * PRE-RUN - Filepaths from Locate * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


2006-03-23 12:13:40 77,824 "C:\WINDOWS\system32\hkcmd.exe"
2006-03-23 12:13:46 86,016 "C:\WINDOWS\system32\igfxdo.dll"
2006-03-23 13:32:42 3,053,568 "C:\WINDOWS\system32\mshtml.dll"
2006-04-21 22:15:42 339,968 "C:\WINDOWS\system32\pxwave.dll"
2006-03-23 12:16:24 450,560 "C:\WINDOWS\system32\igfxcfg.exe"
2006-03-23 12:17:42 94,208 "C:\WINDOWS\system32\igfxext.exe"
2006-04-10 13:00:28 186,672 "C:\WINDOWS\system32\WgaTray.exe"
2006-05-22 15:41:36 2 "C:\WINDOWS\system32\wnscptr.exe"
2006-05-15 18:24:34 466,944 "C:\WINDOWS\system32\capicom.dll"
2006-03-23 12:45:54 956,026 "C:\WINDOWS\system32\ialmdd5.dll"
2006-03-23 12:38:46 49,152 "C:\WINDOWS\system32\ialmrem.dll"
2006-03-23 12:12:42 139,264 "C:\WINDOWS\system32\igfxdev.dll"
2006-03-23 12:16:46 143,360 "C:\WINDOWS\system32\igfxpph.dll"
2006-03-23 12:12:48 139,264 "C:\WINDOWS\system32\igfxres.dll"
2006-03-30 02:16:04 1,492,480 "C:\WINDOWS\system32\shdocvw.dll"
2006-05-22 15:41:48 8,464 "C:\WINDOWS\system32\sporder.dll"
2006-04-21 22:15:42 28,672 "C:\WINDOWS\system32\vxblock.dll"
2006-04-13 19:33:08 278,528 "C:\WINDOWS\system32\pncrt.dll"
2006-04-21 22:15:42 417,792 "C:\WINDOWS\system32\pxdrv.dll"
2006-04-21 22:15:42 172,032 "C:\WINDOWS\system32\pxmas.dll"
2006-06-12 20:21:02 505 "C:\WINDOWS\bllwp.dll"
2006-04-13 20:01:34 2,934 "C:\WINDOWS\mozver.dat"
2006-05-22 15:41:54 53 "C:\WINDOWS\nwewbc.dat"


* * * POST-RUN - Files in the Quarantine folder * * * * * * * * * * * * * * * * * * * * * * * * *


05/22/2006 03:41 PM 53 nwewbc.dat.vir


DO NOT DELETE ANY FILES FROM THIS DIRECTORY UNLESS INSTRUCTED TO


* * * POST-RUN - Filepaths from Locate * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


2006-03-23 12:16:24 450,560 "C:\WINDOWS\system32\igfxcfg.exe"
2006-03-23 12:17:42 94,208 "C:\WINDOWS\system32\igfxext.exe"
2006-04-10 13:00:28 186,672 "C:\WINDOWS\system32\WgaTray.exe"
2006-05-22 15:41:36 2 "C:\WINDOWS\system32\wnscptr.exe"
2006-03-23 12:13:40 77,824 "C:\WINDOWS\system32\hkcmd.exe"
2006-05-15 18:24:34 466,944 "C:\WINDOWS\system32\capicom.dll"
2006-03-23 12:45:54 956,026 "C:\WINDOWS\system32\ialmdd5.dll"
2006-03-23 12:38:46 49,152 "C:\WINDOWS\system32\ialmrem.dll"
2006-03-23 12:12:42 139,264 "C:\WINDOWS\system32\igfxdev.dll"
2006-03-23 12:16:46 143,360 "C:\WINDOWS\system32\igfxpph.dll"
2006-03-23 12:12:48 139,264 "C:\WINDOWS\system32\igfxres.dll"
2006-03-30 02:16:04 1,492,480 "C:\WINDOWS\system32\shdocvw.dll"
2006-05-22 15:41:48 8,464 "C:\WINDOWS\system32\sporder.dll"
2006-04-21 22:15:42 28,672 "C:\WINDOWS\system32\vxblock.dll"
2006-03-23 12:13:46 86,016 "C:\WINDOWS\system32\igfxdo.dll"
2006-03-23 13:32:42 3,053,568 "C:\WINDOWS\system32\mshtml.dll"
2006-04-21 22:15:42 339,968 "C:\WINDOWS\system32\pxwave.dll"
2006-04-13 19:33:08 278,528 "C:\WINDOWS\system32\pncrt.dll"
2006-04-21 22:15:42 417,792 "C:\WINDOWS\system32\pxdrv.dll"
2006-04-21 22:15:42 172,032 "C:\WINDOWS\system32\pxmas.dll"
2006-06-12 20:21:02 505 "C:\WINDOWS\bllwp.dll"
2006-04-13 20:01:34 2,934 "C:\WINDOWS\mozver.dat"


((((((((((((((((((((((((((((((((((((((((((((((((((( Ssk's Log ))))))))))))))))))))))))))))))))))))))))))))))))))))))))


C:\Documents and Settings\Owner\Application Data\Sskknwrd.dll
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Ssk.log


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *



12:48:22.57
((((((((((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\newname.dat
C:\WINDOWS\keyboard221.dat
C:\WINDOWS\uninstall_nmon.vbs
C:\Program Files\network monitor
C:\Documents and Settings\LocalService\Application Data\NetMon


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-06-21 12:35:20 818744 ( A.... ) "C:\blbeta.exe"
2006-06-20 22:49:58 ( .D... ) "C:\Program Files\ewido anti-spyware 4.0"
2006-06-12 20:21:02 505 ( A.... ) "C:\WINDOWS\bllwp.dll"
2006-06-11 13:48:56 ( .D... ) "C:\Program Files\TClock"
2006-06-11 13:48:54 ( .D... ) "C:\Program Files\InetGet2"
2006-06-11 13:44:54 ( .D... ) "C:\Program Files\ToolBar888"
2006-06-11 13:44:48 ( .D... ) "C:\Program Files\Windows"
2006-06-11 13:44:48 ( .D... ) "C:\Program Files\Common Files\InetGet"
2006-05-30 23:18:22 105902 ( A.... ) "C:\WINDOWS\manager.exe"
2006-05-30 23:13:14 29251 ( A.... ) "C:\WINDOWS\mc-110-12-0000487.exe"
2006-05-23 16:07:00 ( .D... ) "C:\Documents and Settings\Owner\Application Data\Lavasoft"
2006-05-23 16:06:54 ( .D... ) "C:\Program Files\Lavasoft"
2006-05-22 15:41:48 8464 ( A.... ) "C:\WINDOWS\system32\sporder.dll"
2006-05-22 15:41:36 2 ( A.... ) "C:\WINDOWS\system32\wnscptr.exe"
2006-05-22 15:41:30 ( .D... ) "C:\Program Files\Common Files\zzuq"
2006-05-22 15:41:08 ( .D... ) "C:\Program Files\?dobe"
2006-05-22 15:36:52 ( .D... ) "C:\Program Files\MSXML 4.0"
2006-05-20 01:37:38 ( .D... ) "C:\Program Files\Steam"
2006-05-15 18:24:34 466944 ( A.... ) "C:\WINDOWS\system32\capicom.dll"
2006-05-05 15:44:24 ( .D... ) "C:\Documents and Settings\Owner\Application Data\AOL"
2006-05-03 21:26:22 5818784 ( A.... ) "C:\WINDOWS\system32\MRT.exe"
2006-05-02 19:28:52 ( .D... ) "C:\Program Files\Audacity"
2006-04-29 00:13:10 ( .D... ) "C:\Documents and Settings\Owner\Application Data\Google"
2006-04-26 00:00:40 ( .D... ) "C:\Program Files\Macromedia"
2006-04-26 00:00:40 ( .D... ) "C:\Program Files\Common Files\Macromedia"
2006-04-25 15:44:00 ( .D... ) "C:\Program Files\Plaxo"
2006-04-24 21:46:08 ( .D... ) "C:\Documents and Settings\Owner\Application Data\Autodesk"
2006-04-24 17:32:22 ( .D... ) "C:\Documents and Settings\Owner\Application Data\AdobeUM"
2006-04-24 16:59:02 ( .D... ) "C:\Documents and Settings\Owner\Application Data\Syntrillium"
2006-04-24 16:57:24 ( .D... ) "C:\Program Files\coolpro2"
2006-04-24 00:31:24 ( .D... ) "C:\Program Files\WinZip"
2006-04-23 20:32:20 717 ( A.... ) "C:\Program Files\INSTALL.LOG"
2006-04-22 17:17:40 53248 ( ..... ) "C:\WINDOWS\system32\pxhpinst.exe"
2006-04-22 14:41:14 ( .D... ) "C:\Program Files\PowerISO"
2006-04-21 22:30:00 ( .D... ) "C:\Program Files\DIFX"
2006-04-21 22:15:42 417792 ( ..... ) "C:\WINDOWS\system32\pxdrv.dll"
2006-04-21 22:15:42 339968 ( ..... ) "C:\WINDOWS\system32\pxwave.dll"
2006-04-21 22:15:42 172032 ( ..... ) "C:\WINDOWS\system32\pxmas.dll"
2006-04-21 22:15:42 28672 ( ..... ) "C:\WINDOWS\system32\vxblock.dll"
2006-04-21 22:15:40 372736 ( ..... ) "C:\WINDOWS\system32\px.dll"
2006-04-21 00:58:40 73728 ( A.... ) "C:\WINDOWS\ALCFDRTM.EXE"
2006-04-13 20:49:42 95 ( A.... ) "C:\AUTOEXEC.BAT"
2006-04-13 19:33:58 176167 ( A.... ) "C:\WINDOWS\system32\rmoc3260.dll"
2006-04-13 19:33:18 6656 ( A.... ) "C:\WINDOWS\system32\pndx5016.dll"
2006-04-13 19:33:18 5632 ( A.... ) "C:\WINDOWS\system32\pndx5032.dll"
2006-04-13 19:33:08 278528 ( A.... ) "C:\WINDOWS\system32\pncrt.dll"
2006-04-10 13:00:34 555824 ( ..... ) "C:\WINDOWS\system32\LegitCheckControl.dll"
2006-04-10 13:00:30 144688 ( ..... ) "C:\WINDOWS\system32\WgaLogon.dll"
2006-04-10 13:00:28 186672 ( ..... ) "C:\WINDOWS\system32\WgaTray.exe"
2006-03-30 02:16:04 1492480 ( A.... ) "C:\WINDOWS\system32\shdocvw.dll"
2006-03-29 18:00:14 16384 ( A.... ) "C:\WINDOWS\system32\xpsp3res.dll"
2006-03-23 13:32:42 3053568 ( A.... ) "C:\WINDOWS\system32\mshtml.dll"
2006-03-23 12:45:54 956026 ( A.... ) "C:\WINDOWS\system32\ialmdd5.dll"
2006-03-23 12:38:50 45694 ( A.... ) "C:\WINDOWS\system32\ialmrnt5.dll"
2006-03-23 12:38:46 49152 ( A.... ) "C:\WINDOWS\system32\ialmrem.dll"
2006-03-23 12:38:44 61440 ( A.... ) "C:\WINDOWS\system32\iAlmCoIn_v4543.dll"
2006-03-23 12:38:42 121467 ( A.... ) "C:\WINDOWS\system32\ialmdnt5.dll"
2006-03-23 12:38:30 238650 ( A.... ) "C:\WINDOWS\system32\ialmdev5.dll"
2006-03-23 12:31:34 524288 ( A.... ) "C:\WINDOWS\system32\igldev32.dll"
2006-03-23 12:29:56 2318336 ( A.... ) "C:\WINDOWS\system32\iglicd32.dll"
2006-03-23 12:24:12 40960 ( A.... ) "C:\WINDOWS\system32\ialmuTRK.dll"
2006-03-23 12:24:12 40960 ( A.... ) "C:\WINDOWS\system32\ialmuTHA.dll"
2006-03-23 12:24:12 40960 ( A.... ) "C:\WINDOWS\system32\ialmuSVE.dll"
2006-03-23 12:24:12 40960 ( A.... ) "C:\WINDOWS\system32\ialmuRUS.dll"
2006-03-23 12:24:12 40960 ( A.... ) "C:\WINDOWS\system32\ialmuHUN.dll"
2006-03-23 12:24:12 40960 ( A.... ) "C:\WINDOWS\system32\ialmuELL.dll"
2006-03-23 12:24:12 40960 ( A.... ) "C:\WINDOWS\system32\ialmuCSY.dll"
2006-03-23 12:24:10 40960 ( A.... ) "C:\WINDOWS\system32\ialmuPTG.dll"
2006-03-23 12:24:10 40960 ( A.... ) "C:\WINDOWS\system32\ialmuPTB.dll"
2006-03-23 12:24:10 40960 ( A.... ) "C:\WINDOWS\system32\ialmuPLK.dll"
2006-03-23 12:24:10 40960 ( A.... ) "C:\WINDOWS\system32\ialmuNOR.dll"
2006-03-23 12:24:10 40960 ( A.... ) "C:\WINDOWS\system32\ialmuNLD.dll"
2006-03-23 12:24:10 40960 ( A.... ) "C:\WINDOWS\system32\ialmuKOR.dll"
2006-03-23 12:24:10 40960 ( A.... ) "C:\WINDOWS\system32\ialmuJPN.dll"
2006-03-23 12:24:08 40960 ( A.... ) "C:\WINDOWS\system32\ialmuITA.dll"
2006-03-23 12:24:08 40960 ( A.... ) "C:\WINDOWS\system32\ialmuHEB.dll"
2006-03-23 12:24:08 40960 ( A.... ) "C:\WINDOWS\system32\ialmuFRC.dll"
2006-03-23 12:24:08 40960 ( A.... ) "C:\WINDOWS\system32\ialmuFRA.dll"
2006-03-23 12:24:08 40960 ( A.... ) "C:\WINDOWS\system32\ialmuFIN.dll"
2006-03-23 12:24:08 40960 ( A.... ) "C:\WINDOWS\system32\ialmuESP.dll"
2006-03-23 12:24:06 40960 ( A.... ) "C:\WINDOWS\system32\ialmuENG.dll"
2006-03-23 12:24:06 40960 ( A.... ) "C:\WINDOWS\system32\ialmuDEU.dll"
2006-03-23 12:24:06 40960 ( A.... ) "C:\WINDOWS\system32\ialmuDAN.dll"
2006-03-23 12:24:06 40960 ( A.... ) "C:\WINDOWS\system32\ialmuCHT.dll"
2006-03-23 12:24:06 40960 ( A.... ) "C:\WINDOWS\system32\ialmuCHS.dll"
2006-03-23 12:24:06 40960 ( A.... ) "C:\WINDOWS\system32\ialmuARB.dll"
2006-03-23 12:24:06 40960 ( A.... ) "C:\WINDOWS\system32\ialmuARA.dll"
2006-03-23 12:24:04 114688 ( A.... ) "C:\WINDOWS\system32\ialmudlg.exe"
2006-03-23 12:17:50 118784 ( A.... ) "C:\WINDOWS\system32\igfxpers.exe"
2006-03-23 12:17:44 40960 ( A.... ) "C:\WINDOWS\system32\igfxexps.dll"
2006-03-23 12:17:42 94208 ( A.... ) "C:\WINDOWS\system32\igfxext.exe"
2006-03-23 12:17:36 114688 ( A.... ) "C:\WINDOWS\system32\igfxzoom.exe"
2006-03-23 12:17:04 94208 ( A.... ) "C:\WINDOWS\system32\igfxtray.exe"
2006-03-23 12:16:50 1503232 ( A.... ) "C:\WINDOWS\system32\igfxress.dll"
2006-03-23 12:16:46 143360 ( A.... ) "C:\WINDOWS\system32\igfxpph.dll"
2006-03-23 12:16:24 450560 ( A.... ) "C:\WINDOWS\system32\igfxcfg.exe"
2006-03-23 12:13:46 86016 ( A.... ) "C:\WINDOWS\system32\igfxdo.dll"
2006-03-23 12:13:40 77824 ( A.... ) "C:\WINDOWS\system32\hkcmd.exe"
2006-03-23 12:13:32 61440 ( A.... ) "C:\WINDOWS\system32\igfxsrvc.dll"
2006-03-23 12:13:30 163840 ( A.... ) "C:\WINDOWS\system32\igfxsrvc.exe"
2006-03-23 12:12:48 139264 ( A.... ) "C:\WINDOWS\system32\igfxres.dll"
2006-03-23 12:12:42 139264 ( A.... ) "C:\WINDOWS\system32\igfxdev.dll"
2006-03-23 12:12:26 73728 ( A.... ) "C:\WINDOWS\system32\hccutils.dll"


((((((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"ehTray"="C:\\WINDOWS\\ehome\\ehtray.exe"
"SunKistEM"="C:\\Program Files\\Digital Media Reader\\shwiconem.exe"
@=""
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"CHotkey"="zHotkey.exe"
"Recguard"=hex(2):25,57,49,4e,44,49,52,25,5c,53,4d,49,4e,53,54,5c,52,45,43,47,\
55,41,52,44,2e,45,58,45,00
"Reminder"=hex(2):25,57,49,4e,44,49,52,25,5c,43,72,65,61,74,6f,72,5c,52,65,6d,\
69,6e,64,5f,58,50,2e,65,78,65,00
"HostManager"="C:\\Program Files\\Common Files\\AOL\\1144977085\\ee\\AOLSoftware.exe"
"AOL Spyware Protection"="\"C:\\PROGRA~1\\COMMON~1\\AOL\\AOLSPY~1\\AOLSP Scheduler.exe\""
"RemoteControl"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\""
"High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe"
"Mixersel"="C:\\Program Files\\Realtek\\InstallShield\\mixersel.exe"
"MCAgentExe"="c:\\PROGRA~1\\mcafee.com\\agent\\mcagent.exe"
"MCUpdateExe"="c:\\PROGRA~1\\mcafee.com\\agent\\mcupdate.exe"
"_AntiSpyware"="C:\\Program Files\\McAfee\\McAfee AntiSpyware\\MssCli.exe"
"SoundMan"="SOUNDMAN.EXE"
"AlcWzrd"="ALCWZRD.EXE"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"Symantec NetDriver Monitor"="C:\\PROGRA~1\\SYMNET~1\\SNDMon.exe /Consumer"
"PinnacleDriverCheck"="C:\\WINDOWS\\system32\\\\PSDrvCheck.exe"
"igfxtray"="C:\\WINDOWS\\system32\\igfxtray.exe"
"igfxhkcmd"="C:\\WINDOWS\\system32\\hkcmd.exe"
"igfxpers"="C:\\WINDOWS\\system32\\igfxpers.exe"
"PWRISOVM.EXE"="C:\\Program Files\\PowerISO\\PWRISOVM.EXE"
"IPHSend"="C:\\Program Files\\Common Files\\AOL\\IPHSend\\IPHSend.exe"
"!ewido"="\"C:\\Program Files\\ewido anti-spyware 4.0\\ewido.exe\" /minimized"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonceex]
"flags"=dword:00000008

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonceex\000]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"Aim6"="\"C:\\Program Files\\Common Files\\AOL\\Launch\\AOLLaunch.exe\" /d locale=en-US ee://aol/imApp"
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"PlaxoUpdate"="C:\\Program Files\\Plaxo\\2.6.2.13\\PlaxoHelper.exe -a"
"AOL Fast Start"="\"C:\\Program Files\\America Online 9.0\\AOL.EXE\" -b"
"Steam"="\"C:\\Program Files\\Steam\\Steam.exe\" -silent"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"googletalk"="\"C:\\Program Files\\Google\\Google Talk\\googletalk.exe\" /autostart"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,c2,01,00,00,00,00,00,00,3e,03,00,00,e2,03,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,12,03,00,00,23,00,00,00,dc,00,00,00,d2,00,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="\"C:\\PROGRA~1\\COMMON~1\\MICROS~1\\DW\\dwtrig20.exe\" -t"
"Ealb"="\"C:\\PROGRA~1\\DOBE~1\\arpa.exe\" -vt yazr"
"Hvtgykyb"="C:\\WINDOWS\\system32\\?dobe\\?ti2evxx.exe"
"zzuq"="C:\\PROGRA~1\\COMMON~1\\zzuq\\zzuqm.exe"
"xepia"="C:\\WINDOWS\\system32\\cpepym.exe reg_run"
"TClock.exe"="C:\\Program Files\\TClock\\tclock_install.exe"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=dword:00000000

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer\Run]
"WinUpdate.exe"="C:\\Program Files\\Windows\\WinUpdate.exe"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="\"C:\\PROGRA~1\\COMMON~1\\MICROS~1\\DW\\dwtrig20.exe\" -t"
"Ealb"="\"C:\\PROGRA~1\\DOBE~1\\arpa.exe\" -vt yazr"
"Hvtgykyb"="C:\\WINDOWS\\system32\\?dobe\\?ti2evxx.exe"
"zzuq"="C:\\PROGRA~1\\COMMON~1\\zzuq\\zzuqm.exe"
"xepia"="C:\\WINDOWS\\system32\\cpepym.exe reg_run"
"TClock.exe"="C:\\Program Files\\TClock\\tclock_install.exe"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=dword:00000000

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer\Run]
"WinUpdate.exe"="C:\\Program Files\\Windows\\WinUpdate.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{F2A0229A-C4CA-4789-B606-973D24DCDD1C}"="McAfee AntiSpyware Shell Extension"
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="ewido anti-spyware 4.0"


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\McAfee AntiSpyware.job
C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer - Owner.job
C:\WINDOWS\tasks\Symantec NetDetect.job

Completion time: Wed 06/21/2006 12:48:28.79
ComboFix ver 06.06.19 - This logfile is located at C:\ComboFix.txt

Logfile of HijackThis v1.99.1
Scan saved at 1:02:52 PM, on 6/21/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\McAfee\McAfee AntiSpyware\Msssrv.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymSCUI.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\zHotkey.exe
C:\Program Files\Common Files\AOL\1144977085\ee\AOLSoftware.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\McAfee\McAfee AntiSpyware\MssCli.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Plaxo\2.6.2.13\PlaxoHelper.exe
C:\Program Files\Steam\Steam.exe
C:\WINDOWS\system32\ctfmon.exe
c:\program files\common files\aol\1144977085\ee\aim6.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1144977085\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [Mixersel] C:\Program Files\Realtek\InstallShield\mixersel.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [_AntiSpyware] C:\Program Files\McAfee\McAfee AntiSpyware\MssCli.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\\PSDrvCheck.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\2.6.2.13\PlaxoHelper.exe -a
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0\AOL.EXE" -b
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: Install Pending Files.LNK = C:\Program Files\SIFXINST\SIFXINST.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: lxcg_device - Unknown owner - C:\WINDOWS\system32\lxcgcoms.exe
O23 - Service: McAfee AntiSpyware Real-Time Scanner (McAfeeAntiSpyware) - Network Associates, Inc. - C:\Program Files\McAfee\McAfee AntiSpyware\Msssrv.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Microsoft WMI Performance Adapter AddOn (WMIPerAddOn) - Unknown owner - C:\WINDOWS\wmiapsrv.exe (file missing)

#7 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:05:47 PM

Posted 21 June 2006 - 03:10 PM

Let's repair the SeDebugPrivilege next.

Please download Look2Me-Destroyer.exe to your desktop.
  • Close all windows before continuing.
  • Double-click Look2Me-Destroyer.exe to run it.
  • Put a check next to Run this program as a task.
  • You will receive a message saying Look2Me-Destroyer will close and re-open in approximately 10 seconds. Click OK
  • When Look2Me-Destroyer re-opens, click the Scan for L2M button, your desktop icons will disappear, this is normal.
  • Once it's done scanning, click the Remove L2M button.
  • You will receive a Done Scanning message, click OK.
  • When completed, you will receive this message: Done removing infected files! Look2Me-Destroyer will now shutdown your computer, click OK.
  • Your computer will then shutdown.
  • Turn your computer back on.
  • Please post the contents of C:\Look2Me-Destroyer.txt and a new HiJackThis log.
If Look2Me-Destroyer does not reopen automatically, reboot and try again.
If you receive a message from your firewall about this program accessing the internet please allow it.

Please post back with the blacklight log which should work now.
David

#8 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:05:47 PM

Posted 01 July 2006 - 01:22 PM

Due to the lack of feedback, this Topic is closed.

If you need this topic reopened, please request this by sending me
a PM with the address of the thread using the link here. This applies only to the original topic starter.

Everyone else please begin a New Topic.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users