1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Virus/Malware? Log of HijackThis

Discussion in 'Windows - Virus and spyware problems' started by PatHL, Apr 4, 2006.

  1. PatHL

    PatHL Member

    Joined:
    Apr 4, 2006
    Messages:
    12
    Likes Received:
    0
    Trophy Points:
    11
    Hi --

    When browsing the web, I forgot for some time to switch ZoneAlarm on, and as a result, I think my computer got infected with something. I ran Spybot and cleaned some spyware, but a pesky "red icon" your computer is infected remains at the bottom right corner in the icon-tray. Does anyone have more insights? Find below my log-file from HJT.

    Much obliged,

    -- PatHL




    Logfile of HijackThis v1.99.1
    Scan saved at 6:02:12 PM, on 4/4/06
    Platform: Windows 2000 SP3 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\System32\svchost.exe
    C:\WINNT\system32\spoolsv.exe
    C:\Program Files\NavNT\defwatch.exe
    C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe
    C:\WINNT\system32\hidserv.exe
    C:\Program Files\NavNT\rtvscan.exe
    C:\WINNT\system32\nvsvc32.exe
    C:\WINNT\system32\regsvc.exe
    C:\WINNT\system32\MSTask.exe
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\WINNT\System32\mspmspsv.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\Explorer.EXE
    C:\WINNT\System32\MsgSys.EXE
    C:\WINNT\system32\mobsync.exe
    C:\WINNT\System32\PRPCUI.exe
    C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
    C:\Program Files\Logitech\ImageStudio\LogiTray.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Daily Weather Forecast\weather.exe
    C:\Program Files\AutoUpdate\AutoUpdate.exe
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
    C:\Program Files\NavNT\vptray.exe
    C:\WINNT\System32\rundll32.exe
    C:\Program Files\Google\Gmail Notifier\gnotify.exe
    C:\WINNT\System32\usbtcpip.exe
    C:\winstall.exe
    C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
    C:\Program Files\stickies\stickies.exe
    C:\WINNT\system32\ZoneLabs\vsmon.exe
    C:\Program Files\Gigabyte\Gigabyte GN-WMAG 802.11g WLan (ATS)\G-EzLink.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\HJT\HijackThis.exe

    O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINNT\nem220.dll
    O2 - BHO: CM BHO - {6379A99A-9102-446C-A837-0623E1810D75} - C:\Program Files\Crystalys media\cm.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
    O3 - Toolbar: CM Band - {159C2E51-9823-11D2-8DDC-D84A1B4ACD4D} - C:\Program Files\Crystalys media\cm.dll
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [CP888M1] C:\PROGRA~1\EzButton\CP888M1.EXE
    O4 - HKLM\..\Run: [PRPCMonitor] PRPCUI.exe
    O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files\WordPerfect Office 11\Programs\QFSCHD110.EXE"
    O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
    O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
    O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Daily Weather Forecast] C:\Program Files\Daily Weather Forecast\weather.exe
    O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
    O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [CMLoader] rundll32.exe "c:\program files\crystalys media\cm.dll",MakeInjection
    O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
    O4 - HKCU\..\Run: [Zwq7RhJ8T] usbtcpip.exe
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
    O4 - Startup: Stickies.lnk = C:\Program Files\stickies\stickies.exe
    O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
    O4 - Global Startup: EPSON Status Monitor 3 Environment Check.lnk = C:\WINNT\system32\spool\drivers\w32x86\2\E_SRCV03.EXE
    O4 - Global Startup: GetRight - Tray Icon.lnk = C:\Program Files\GetRight\getright.exe
    O4 - Global Startup: GN-WMAG Utility.lnk = C:\Program Files\Gigabyte\Gigabyte GN-WMAG 802.11g WLan (ATS)\G-EzLink.exe
    O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
    O8 - Extra context menu item: Download with GetRight - C:\PROGRA~1\GetRight\GRdownload.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Open with GetRight Browser - C:\PROGRA~1\GetRight\GRbrowse.htm
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
    O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
    O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
    O12 - Plugin for .png: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {7C559105-9ECF-42B8-B3F7-832E75EDD959} (Installer Class) - http://www.xxxtoolbar.com/ist/softwares/v4.0/0006_regular.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0) -
    O16 - DPF: {CAFEEFAC-0014-0000-0004-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0) -
    O16 - DPF: {CAFEEFAC-0014-0001-0005-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_05) -
    O16 - DPF: {CAFEEFAC-0014-0001-0007-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_07) -
    O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
    O20 - AppInit_DLLs: NVDESK32.DLL C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
    O20 - Winlogon Notify: NavLogon - C:\WINNT\System32\NavLogon.dll
    O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
    O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
    O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe
    O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
    O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINNT\system32\ZoneLabs\vsmon.exe
     
    PatHL, Apr 4, 2006
    #1
  2. -kemisti-

    -kemisti- Active member

    Joined:
    Jun 6, 2005
    Messages:
    6,305
    Likes Received:
    0
    Trophy Points:
    96
    Hi PatHL

    You have smitfraud infection

    Download smitrem to the desktop (http://noahdfear.geekstogo.com/click%20counter/click.php?id=1)
    Doubleclick it and then Start -> you'll get smitrem folder to your desktop.

    Get Ewido
    http://www.ewido.net/en/download/
    install and update it. Don't run it yet!

    Boot into safemode (press F8 while booting)

    Opoen HijackThis, click do a system scan only and checkmark these:

    O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINNT\nem220.dll
    O2 - BHO: CM BHO - {6379A99A-9102-446C-A837-0623E1810D75} - C:\Program Files\Crystalys media\cm.dll
    O3 - Toolbar: CM Band - {159C2E51-9823-11D2-8DDC-D84A1B4ACD4D} - C:\Program Files\Crystalys media\cm.dll
    O4 - HKLM\..\Run: [Daily Weather Forecast] C:\Program Files\Daily Weather Forecast\weather.exe
    O4 - HKLM\..\Run: [CMLoader] rundll32.exe "c:\program files\crystalys media\cm.dll",MakeInjection
    O4 - HKCU\..\Run: [Zwq7RhJ8T] usbtcpip.exe
    O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
    O16 - DPF: {7C559105-9ECF-42B8-B3F7-832E75EDD959} (Installer Class) - http://www.xxxtoolbar.com/ist/softwares/v4.0/0006_regular.cab
    O16 - DPF: {CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0) -
    O16 - DPF: {CAFEEFAC-0014-0000-0004-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0) -
    O16 - DPF: {CAFEEFAC-0014-0001-0005-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_05) -
    O16 - DPF: {CAFEEFAC-0014-0001-0007-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_07) -

    Close all other windows and click fix checked.

    Then open smitrem folder and doubleclick RunThis.bat. Follow the instructions.

    After this do a full scan with Ewido and save log.

    Delete if still found:

    C:\WINNT\nem220.dll
    C:\Program Files\Crystalys media
    C:\Program Files\Daily Weather Forecast
    C:\winstall.exe
    C:\WINNT\web\related.htm

    Boot back into normalmode. Send Ewido's log, a new HijackThis log and contents of C:\smitfiles.txt file.
     
    Last edited: Apr 4, 2006
    -kemisti-, Apr 4, 2006
    #2
  3. PatHL

    PatHL Member

    Joined:
    Apr 4, 2006
    Messages:
    12
    Likes Received:
    0
    Trophy Points:
    11

    kemisti --

    Thanks a lot for your help analyzing the HJT log-file. Ewido got rid of alot of stuff so I hope my computer is far cleaner than b4.

    -- PatHL.



    Here are the logs you requested:

    ---------------------------------------------------------
    ewido anti-malware - Scan report
    ---------------------------------------------------------

    + Created on: 6:14:53 AM, 4/6/06
    + Report-Checksum: E12CB36F

    + Scan result:

    HKLM\SOFTWARE\AutoLoader -> Adware.Apropos : Cleaned with backup
    HKLM\SOFTWARE\Classes\DyFuCA_BH.SinkObj -> Adware.MoneyTree : Cleaned with backup
    HKLM\SOFTWARE\Classes\DyFuCA_BH.SinkObj\CLSID -> Adware.MoneyTree : Cleaned with backup
    HKLM\SOFTWARE\Classes\DyFuCA_BH.SinkObj\CurVer -> Adware.MoneyTree : Cleaned with backup
    HKLM\SOFTWARE\Classes\DyFuCA_BH.SinkObj.1 -> Adware.MoneyTree : Cleaned with backup
    HKLM\SOFTWARE\Classes\ISTbar.BarObj -> Adware.ISTBar : Cleaned with backup
    HKLM\SOFTWARE\Classes\ISTbar.BarObj\CLSID -> Adware.ISTBar : Cleaned with backup
    HKLM\SOFTWARE\Classes\MediaAccess.Installer -> Adware.WinAd : Cleaned with backup
    HKLM\SOFTWARE\Classes\MediaAccess.Installer\CLSID -> Adware.WinAd : Cleaned with backup
    HKLM\SOFTWARE\Classes\MediaAccess.Installer\CurVer -> Adware.WinAd : Cleaned with backup
    HKLM\SOFTWARE\Classes\MediaAccX.Installer -> Adware.WinAd : Cleaned with backup
    HKLM\SOFTWARE\Classes\MediaAccX.Installer\CLSID -> Adware.WinAd : Cleaned with backup
    HKLM\SOFTWARE\Classes\TestContentMatchControl1.ContentMatchTag -> Adware.ISTBar : Cleaned with backup
    HKLM\SOFTWARE\Classes\TestContentMatchControl1.ContentMatchTag\CLSID -> Adware.ISTBar : Cleaned with backup
    HKLM\SOFTWARE\Classes\TestContentMatchControl1.ContentMatchTag\CurVer -> Adware.ISTBar : Cleaned with backup
    HKLM\SOFTWARE\Classes\TestContentMatchControl1.ContentMatchTag.1 -> Adware.ISTBar : Cleaned with backup
    HKLM\SOFTWARE\ISTbar -> Adware.ISTBar : Cleaned with backup
    HKLM\SOFTWARE\ISTbar\Historyfiles -> Adware.ISTBar : Cleaned with backup
    HKLM\SOFTWARE\ISTbar\Historystring -> Adware.ISTBar : Cleaned with backup
    HKLM\SOFTWARE\Media Access -> Adware.WinAD : Cleaned with backup
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\AMeOpt -> Adware.InternetOptimizer : Cleaned with backup
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ISTbar -> Adware.ISTBar : Cleaned with backup
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Kapabout -> Adware.InternetOptimizer : Cleaned with backup
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Media Access -> Adware.WinAD : Cleaned with backup
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Rotue -> Adware.InternetOptimizer : Cleaned with backup
    HKLM\SOFTWARE\Policies\Avenue Media -> Adware.InternetOptimizer : Cleaned with backup
    HKU\S-1-5-21-1614895754-484763869-854245398-1001\Software\IST -> Adware.ISTBar : Cleaned with backup
    HKU\S-1-5-21-1614895754-484763869-854245398-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\GAIN -> Adware.Gator : Cleaned with backup
    HKU\S-1-5-21-1614895754-484763869-854245398-1001\Software\Microsoft\Windows\CurrentVersion\Policies\AMeOpt -> Adware.InternetOptimizer : Cleaned with backup
    HKU\S-1-5-21-1614895754-484763869-854245398-1001\Software\Policies\Avenue Media -> Adware.InternetOptimizer : Cleaned with backup
    HKU\S-1-5-21-1614895754-484763869-854245398-1001\Software\Classes\CLSID\CLSID\{6379A99A-9102-446C-A837-0623E1810D75} -> Adware.Generic : Cleaned with backup
    HKU\S-1-5-21-1614895754-484763869-854245398-1001_Classes\CLSID\CLSID\{6379A99A-9102-446C-A837-0623E1810D75} -> Adware.Generic : Cleaned with backup
    :mozilla.42:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
    :mozilla.43:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
    :mozilla.44:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
    :mozilla.45:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
    :mozilla.46:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
    :mozilla.47:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
    :mozilla.48:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
    :mozilla.49:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
    :mozilla.50:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
    :mozilla.51:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
    :mozilla.53:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
    :mozilla.54:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
    :mozilla.55:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
    :mozilla.56:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
    :mozilla.57:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
    :mozilla.58:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
    :mozilla.59:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
    :mozilla.60:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
    :mozilla.61:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
    :mozilla.62:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
    :mozilla.63:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
    :mozilla.64:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
    :mozilla.65:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
    :mozilla.66:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
    :mozilla.67:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
    :mozilla.69:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
    :mozilla.70:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
    :mozilla.71:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
    :mozilla.90:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
    :mozilla.91:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
    :mozilla.92:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
    :mozilla.93:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
    :mozilla.95:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
    :mozilla.96:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
    :mozilla.97:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
    :mozilla.98:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
    :mozilla.100:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
    :mozilla.101:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
    :mozilla.123:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
    :mozilla.124:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
    :mozilla.125:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
    :mozilla.126:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
    :mozilla.127:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
    :mozilla.160:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
    :mozilla.169:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
    :mozilla.170:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
    :mozilla.171:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
    :mozilla.172:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
    :mozilla.173:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
    :mozilla.178:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
    :mozilla.179:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
    :mozilla.180:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
    :mozilla.181:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
    :mozilla.182:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
    :mozilla.183:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
    :mozilla.184:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
    :mozilla.185:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
    :mozilla.186:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
    :mozilla.214:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup
    :mozilla.215:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup
    :mozilla.227:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned with backup
    :mozilla.234:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
    :mozilla.240:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup
    :mozilla.241:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup
    :mozilla.242:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup
    :mozilla.253:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
    :mozilla.254:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
    :mozilla.268:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
    :mozilla.269:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
    :mozilla.332:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
    :mozilla.333:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
    :mozilla.334:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
    :mozilla.335:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
    :mozilla.336:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
    :mozilla.338:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
    :mozilla.339:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
    :mozilla.340:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
    :mozilla.341:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
    :mozilla.342:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
    :mozilla.343:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
    :mozilla.344:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
    :mozilla.346:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
    :mozilla.363:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
    :mozilla.365:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned with backup
    :mozilla.366:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
    :mozilla.369:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
    :mozilla.372:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.Coremetrics : Cleaned with backup
    :mozilla.389:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
    :mozilla.390:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
    :mozilla.391:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
    :mozilla.392:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
    :mozilla.393:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
    :mozilla.401:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
    :mozilla.406:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
    :mozilla.418:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
    :mozilla.425:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
    :mozilla.426:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
    :mozilla.427:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
    :mozilla.465:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup
    :mozilla.466:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup
    :mozilla.475:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup
    :mozilla.515:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup
    :mozilla.516:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup
    :mozilla.533:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
    :mozilla.535:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
    :mozilla.536:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
    :mozilla.537:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
    :mozilla.538:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
    :mozilla.539:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
    :mozilla.540:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
    :mozilla.541:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
    :mozilla.542:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
    :mozilla.554:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
    :mozilla.574:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.Adocean : Cleaned with backup
    :mozilla.575:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.Adocean : Cleaned with backup
    :mozilla.587:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
    :mozilla.588:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.Estat : Cleaned with backup
    :mozilla.604:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
    :mozilla.613:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.I12 : Cleaned with backup
    :mozilla.618:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned with backup
    :mozilla.619:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned with backup
    :mozilla.620:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned with backup
    :mozilla.621:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned with backup
    :mozilla.631:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned with backup
    :mozilla.632:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned with backup
    :mozilla.647:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.Clickbank : Cleaned with backup
    :mozilla.648:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
    :mozilla.664:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.Realtracker : Cleaned with backup
    :mozilla.665:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.Realtracker : Cleaned with backup
    :mozilla.685:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
    :mozilla.688:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.Yadro : Cleaned with backup
    :mozilla.689:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.Yadro : Cleaned with backup
    :mozilla.690:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
    :mozilla.691:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.Goldenpalace : Cleaned with backup
    :mozilla.696:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup
    :mozilla.697:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup
    :mozilla.706:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.Centrport : Cleaned with backup
    :mozilla.710:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
    :mozilla.713:C:\Documents and Settings\cguser\Application Data\Mozilla\Firefox\Profiles\wrlvp4mj.default\cookies.txt -> TrackingCookie.Bfast : Cleaned with backup
    C:\Documents and Settings\cguser\Cookies\cguser@2o7[2].txt -> TrackingCookie.2o7 : Cleaned with backup
    C:\Documents and Settings\cguser\Cookies\cguser@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : Cleaned with backup
    C:\Documents and Settings\cguser\Cookies\cguser@ads.addynamix[2].txt -> TrackingCookie.Addynamix : Cleaned with backup
    C:\Documents and Settings\cguser\Cookies\cguser@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Cleaned with backup
    C:\Documents and Settings\cguser\Cookies\cguser@banner.goldenpalace[2].txt -> TrackingCookie.Goldenpalace : Cleaned with backup
    C:\Documents and Settings\cguser\Cookies\cguser@c4.zedo[1].txt -> TrackingCookie.Zedo : Cleaned with backup
    C:\Documents and Settings\cguser\Cookies\cguser@casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned with backup
    C:\Documents and Settings\cguser\Cookies\cguser@centrport[1].txt -> TrackingCookie.Centrport : Cleaned with backup
    C:\Documents and Settings\cguser\Cookies\cguser@com[2].txt -> TrackingCookie.Com : Cleaned with backup
    C:\Documents and Settings\cguser\Cookies\cguser@edge.ru4[1].txt -> TrackingCookie.Ru4 : Cleaned with backup
    C:\Documents and Settings\cguser\Cookies\cguser@goldenpalace[1].txt -> TrackingCookie.Goldenpalace : Cleaned with backup
    C:\Documents and Settings\cguser\Cookies\cguser@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
    C:\Documents and Settings\cguser\Cookies\cguser@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned with backup
    C:\Documents and Settings\cguser\Cookies\cguser@server.iad.liveperson[2].txt -> TrackingCookie.Liveperson : Cleaned with backup
    C:\Documents and Settings\cguser\Cookies\cguser@stat.onestat[2].txt -> TrackingCookie.Onestat : Cleaned with backup
    C:\Documents and Settings\cguser\Cookies\cguser@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Cleaned with backup
    C:\Documents and Settings\cguser\Cookies\cguser@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned with backup
    C:\Documents and Settings\cguser\Cookies\cguser@www.goldenpalace[1].txt -> TrackingCookie.Goldenpalace : Cleaned with backup
    C:\Documents and Settings\cguser\Cookies\cguser@xxxtoolbar[2].txt -> TrackingCookie.Xxxtoolbar : Cleaned with backup
    C:\Documents and Settings\cguser\Cookies\cguser@yadro[2].txt -> TrackingCookie.Yadro : Cleaned with backup
    C:\Documents and Settings\cguser\Cookies\cguser@z1.adserver[1].txt -> TrackingCookie.Adserver : Cleaned with backup
    C:\Documents and Settings\cguser\Cookies\cguser@zedo[1].txt -> TrackingCookie.Zedo : Cleaned with backup
    C:\Documents and Settings\cguser\Start Menu\Programs\Power Scan -> Adware.PowerScan : Cleaned with backup
    C:\Documents and Settings\default\Cookies\default@admonitor[1].txt -> TrackingCookie.Admonitor : Cleaned with backup
    C:\Documents and Settings\default\Cookies\default@ads.enliven[2].txt -> TrackingCookie.Enliven : Cleaned with backup
    C:\Documents and Settings\default\Cookies\default@ads.link4ads[2].txt -> TrackingCookie.Link4ads : Cleaned with backup
    C:\Documents and Settings\default\Cookies\default@ads.link4ads[3].txt -> TrackingCookie.Link4ads : Cleaned with backup
    C:\Documents and Settings\default\Cookies\default@advertising[1].txt -> TrackingCookie.Advertising : Cleaned with backup
    C:\Documents and Settings\default\Cookies\default@advertising[3].txt -> TrackingCookie.Advertising : Cleaned with backup
    C:\Documents and Settings\default\Cookies\default@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup
    C:\Documents and Settings\default\Cookies\default@bfast[1].txt -> TrackingCookie.Bfast : Cleaned with backup
    C:\Documents and Settings\default\Cookies\default@bfast[3].txt -> TrackingCookie.Bfast : Cleaned with backup
    C:\Documents and Settings\default\Cookies\default@bluestreak[2].txt -> TrackingCookie.Bluestreak : Cleaned with backup
    C:\Documents and Settings\default\Cookies\default@centrport[2].txt -> TrackingCookie.Centrport : Cleaned with backup
    C:\Documents and Settings\default\Cookies\default@citi.bridgetrack[2].txt -> TrackingCookie.Bridgetrack : Cleaned with backup
    C:\Documents and Settings\default\Cookies\default@clickagents[1].txt -> TrackingCookie.Clickagents : Cleaned with backup
    C:\Documents and Settings\default\Cookies\default@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup
    C:\Documents and Settings\default\Cookies\default@estat[1].txt -> TrackingCookie.Estat : Cleaned with backup
    C:\Documents and Settings\default\Cookies\default@fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned with backup
    C:\Documents and Settings\default\Cookies\default@fastclick[3].txt -> TrackingCookie.Fastclick : Cleaned with backup
    C:\Documents and Settings\default\Cookies\default@fastclick[4].txt -> TrackingCookie.Fastclick : Cleaned with backup
    C:\Documents and Settings\default\Cookies\default@focalink[1].txt -> TrackingCookie.Focalink : Cleaned with backup
    C:\Documents and Settings\default\Cookies\default@hg1.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup
    C:\Documents and Settings\default\Cookies\default@hg1.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup
    C:\Documents and Settings\default\Cookies\default@hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup
    C:\Documents and Settings\default\Cookies\default@hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup
    C:\Documents and Settings\default\Cookies\default@linksynergy[1].txt -> TrackingCookie.Linksynergy : Cleaned with backup
    C:\Documents and Settings\default\Cookies\default@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned with backup
    C:\Documents and Settings\default\Cookies\default@mediaplex[3].txt -> TrackingCookie.Mediaplex : Cleaned with backup
    C:\Documents and Settings\default\Cookies\default@overture[1].txt -> TrackingCookie.Overture : Cleaned with backup
    C:\Documents and Settings\default\Cookies\default@pointroll[1].txt -> TrackingCookie.Pointroll : Cleaned with backup
    C:\Documents and Settings\default\Cookies\default@preferences[1].txt -> TrackingCookie.Preferences : Cleaned with backup
    C:\Documents and Settings\default\Cookies\default@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned with backup
    C:\Documents and Settings\default\Cookies\default@rd.advertising[2].txt -> TrackingCookie.Advertising : Cleaned with backup
    C:\Documents and Settings\default\Cookies\default@servedby.advertising[2].txt -> TrackingCookie.Advertising : Cleaned with backup
    C:\Documents and Settings\default\Cookies\default@servedby.advertising[3].txt -> TrackingCookie.Advertising : Cleaned with backup
    C:\Documents and Settings\default\Cookies\default@statse.webtrendslive[1].txt -> TrackingCookie.Webtrendslive : Cleaned with backup
    C:\Documents and Settings\default\Cookies\default@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned with backup
    C:\Documents and Settings\default\Cookies\default@valueclick.ne[1].txt -> TrackingCookie.Ne : Cleaned with backup
    C:\Documents and Settings\default\Cookies\default@valueclick[1].txt -> TrackingCookie.Valueclick : Cleaned with backup
    C:\Documents and Settings\default\Cookies\default@www.commission-junction[1].txt -> TrackingCookie.Commission-junction : Cleaned with backup
    C:\Documents and Settings\default\Cookies\default@www.qksrv[1].txt -> TrackingCookie.Qksrv : Cleaned with backup
    C:\Documents and Settings\default\Cookies\default@x10[1].txt -> TrackingCookie.X10 : Cleaned with backup
    C:\Downloads\MediaAccess.exe -> Adware.WinAD : Cleaned with backup
    C:\HJT\backups\backup-20060404-174911-186.dll -> Adware.WinAD : Cleaned with backup
    C:\HJT\backups\backup-20060405-121708-253.dll -> Downloader.Dyfuca : Cleaned with backup
    C:\HJT\backups\backup-20060405-121708-739.dll -> Downloader.IstBar : Cleaned with backup
    C:\possible_spyware.zip/winstall.e_e -> Not-A-Virus.Hoax.Win32.Renos.ad : Cleaned with backup
    C:\Program Files\AutoUpdate -> Adware.Apropos : Cleaned with backup
    C:\Program Files\AutoUpdate\AutoUpdate.exe -> Adware.Apropos : Cleaned with backup
    C:\Program Files\AutoUpdate\libexpat.dll -> Adware.Apropos : Cleaned with backup
    C:\Program Files\Ljjhe\Tjatq.exe -> Trojan.Small.cy : Cleaned with backup
    C:\Program Files\Media Access -> Adware.MediaAccess : Cleaned with backup
    C:\Program Files\Media Access\MediaAccess.exe -> Adware.MediaAccess : Cleaned with backup
    C:\Program Files\Power Scan -> Adware.PowerScan : Cleaned with backup
    C:\Program Files\SideFind -> Adware.SideFind : Cleaned with backup
    C:\Program Files\SideFind\update -> Adware.SideFind : Cleaned with backup
    C:\WINNT\system32\checkIn.dll -> Trojan.Dialer.ks : Cleaned with backup
    C:\WINNT\system32\usbtcpip.exe -> Downloader.Apropo.t : Cleaned with backup
    C:\WINNT\wsem303.dll -> Downloader.Dyfuca.dt : Cleaned with backup


    ::Report End





    Logfile of HijackThis v1.99.1
    Scan saved at 7:06:43 AM, on 4/6/06
    Platform: Windows 2000 SP3 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\System32\svchost.exe
    C:\WINNT\system32\spoolsv.exe
    C:\Program Files\NavNT\defwatch.exe
    C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe
    C:\Program Files\ewido anti-malware\ewidoctrl.exe
    C:\Program Files\ewido anti-malware\ewidoguard.exe
    C:\WINNT\system32\hidserv.exe
    C:\Program Files\NavNT\rtvscan.exe
    C:\WINNT\system32\nvsvc32.exe
    C:\WINNT\system32\regsvc.exe
    C:\WINNT\system32\MSTask.exe
    C:\WINNT\Explorer.EXE
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\WINNT\System32\mspmspsv.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\System32\PRPCUI.exe
    C:\WINNT\System32\MsgSys.EXE
    C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
    C:\Program Files\Logitech\ImageStudio\LogiTray.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
    C:\Program Files\NavNT\vptray.exe
    C:\Program Files\Google\Gmail Notifier\gnotify.exe
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
    C:\Program Files\GetRight\getright.exe
    C:\Program Files\Gigabyte\Gigabyte GN-WMAG 802.11g WLan (ATS)\G-EzLink.exe
    C:\Program Files\stickies\stickies.exe
    C:\WINNT\System32\MsiExec.exe
    C:\HJT\HijackThis.exe

    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [CP888M1] C:\PROGRA~1\EzButton\CP888M1.EXE
    O4 - HKLM\..\Run: [PRPCMonitor] PRPCUI.exe
    O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files\WordPerfect Office 11\Programs\QFSCHD110.EXE"
    O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
    O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
    O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
    O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - Startup: Stickies.lnk = C:\Program Files\stickies\stickies.exe
    O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
    O4 - Global Startup: EPSON Status Monitor 3 Environment Check.lnk = C:\WINNT\system32\spool\drivers\w32x86\2\E_SRCV03.EXE
    O4 - Global Startup: GetRight - Tray Icon.lnk = C:\Program Files\GetRight\getright.exe
    O4 - Global Startup: GN-WMAG Utility.lnk = C:\Program Files\Gigabyte\Gigabyte GN-WMAG 802.11g WLan (ATS)\G-EzLink.exe
    O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
    O8 - Extra context menu item: Download with GetRight - C:\PROGRA~1\GetRight\GRdownload.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Open with GetRight Browser - C:\PROGRA~1\GetRight\GRbrowse.htm
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
    O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
    O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
    O12 - Plugin for .png: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
    O20 - AppInit_DLLs: NVDESK32.DLL C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
    O20 - Winlogon Notify: NavLogon - C:\WINNT\System32\NavLogon.dll
    O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
    O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe
    O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
    O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
    O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINNT\system32\ZoneLabs\vsmon.exe






    Logfile of HijackThis v1.99.1
    Scan saved at 7:06:43 AM, on 4/6/06
    Platform: Windows 2000 SP3 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\System32\svchost.exe
    C:\WINNT\system32\spoolsv.exe
    C:\Program Files\NavNT\defwatch.exe
    C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe
    C:\Program Files\ewido anti-malware\ewidoctrl.exe
    C:\Program Files\ewido anti-malware\ewidoguard.exe
    C:\WINNT\system32\hidserv.exe
    C:\Program Files\NavNT\rtvscan.exe
    C:\WINNT\system32\nvsvc32.exe
    C:\WINNT\system32\regsvc.exe
    C:\WINNT\system32\MSTask.exe
    C:\WINNT\Explorer.EXE
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\WINNT\System32\mspmspsv.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\System32\PRPCUI.exe
    C:\WINNT\System32\MsgSys.EXE
    C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
    C:\Program Files\Logitech\ImageStudio\LogiTray.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
    C:\Program Files\NavNT\vptray.exe
    C:\Program Files\Google\Gmail Notifier\gnotify.exe
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
    C:\Program Files\GetRight\getright.exe
    C:\Program Files\Gigabyte\Gigabyte GN-WMAG 802.11g WLan (ATS)\G-EzLink.exe
    C:\Program Files\stickies\stickies.exe
    C:\WINNT\System32\MsiExec.exe
    C:\HJT\HijackThis.exe

    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [CP888M1] C:\PROGRA~1\EzButton\CP888M1.EXE
    O4 - HKLM\..\Run: [PRPCMonitor] PRPCUI.exe
    O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files\WordPerfect Office 11\Programs\QFSCHD110.EXE"
    O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
    O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
    O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
    O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - Startup: Stickies.lnk = C:\Program Files\stickies\stickies.exe
    O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
    O4 - Global Startup: EPSON Status Monitor 3 Environment Check.lnk = C:\WINNT\system32\spool\drivers\w32x86\2\E_SRCV03.EXE
    O4 - Global Startup: GetRight - Tray Icon.lnk = C:\Program Files\GetRight\getright.exe
    O4 - Global Startup: GN-WMAG Utility.lnk = C:\Program Files\Gigabyte\Gigabyte GN-WMAG 802.11g WLan (ATS)\G-EzLink.exe
    O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
    O8 - Extra context menu item: Download with GetRight - C:\PROGRA~1\GetRight\GRdownload.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Open with GetRight Browser - C:\PROGRA~1\GetRight\GRbrowse.htm
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
    O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
    O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
    O12 - Plugin for .png: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
    O20 - AppInit_DLLs: NVDESK32.DLL C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
    O20 - Winlogon Notify: NavLogon - C:\WINNT\System32\NavLogon.dll
    O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
    O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe
    O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
    O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
    O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINNT\system32\ZoneLabs\vsmon.exe





     
    PatHL, Apr 6, 2006
    #3
  4. PatHL

    PatHL Member

    Joined:
    Apr 4, 2006
    Messages:
    12
    Likes Received:
    0
    Trophy Points:
    11

     
    Last edited: Apr 6, 2006
    PatHL, Apr 6, 2006
    #4
  5. PatHL

    PatHL Member

    Joined:
    Apr 4, 2006
    Messages:
    12
    Likes Received:
    0
    Trophy Points:
    11



     
    Last edited: Apr 6, 2006
    PatHL, Apr 6, 2006
    #5
  6. PatHL

    PatHL Member

    Joined:
    Apr 4, 2006
    Messages:
    12
    Likes Received:
    0
    Trophy Points:
    11

     
    Last edited: Apr 6, 2006
    PatHL, Apr 6, 2006
    #6
  7. -kemisti-

    -kemisti- Active member

    Joined:
    Jun 6, 2005
    Messages:
    6,305
    Likes Received:
    0
    Trophy Points:
    96
    Hi PatHL

    Those logs look good

    However, I still need this: contents of C:\smitfiles.txt file

    Also, please run aproposfix:

    Donwload aproposfix:

    http://swandog46.geekstogo.com/aproposfix.exe

    Save it on desktop. Don't run it yet

    Boot in safe mode (tap F8 while booting)

    In safe mode doubleclick aproposfix.exe and extract it on desktop
    in its own folder.

    Doubleclick runthis.bat and follow instructions

    Reboot, send log.txt from aproposfix folder and contents of C:\smitfiles.txt file.


     
    -kemisti-, Apr 6, 2006
    #7
  8. PatHL

    PatHL Member

    Joined:
    Apr 4, 2006
    Messages:
    12
    Likes Received:
    0
    Trophy Points:
    11
    Kemisti -

    I appreciate your last note. See below the output of the smitfile and log from the aproposfix. By the way, I'd like to learn a bit more of how to interpret and understand better the output of HJT and malware related issues. Can you recommend a guide or place I could go to read up on such issues?

    -- PatHL.




    smitRem © log file
    version 2.8

    by noahdfear


    Microsoft Windows 2000 [Version 5.00.2195]
    The current date is: Wed 04/05/2006
    The current time is: 15:04:36.81

    Running from
    C:\Documents and Settings\cguser\Desktop\smitRem

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    Pre-run SharedTask Export

    (GetSTS.exe) SharedTaskScheduler exporter by Lawrence Abrams (Grinler)
    Copyright(C) 2006 BleepingComputer.com

    Registry Pseudo-Format Mode (Not a valid reg file):

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
    "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32]
    @="%SystemRoot%\System32\browseui.dll"


    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32]
    @="%SystemRoot%\System32\browseui.dll"


    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    checking for ShudderLTD key

    ShudderLTD key not present!

    checking for PSGuard.com key


    PSGuard.com key not present!


    checking for WinHound.com key


    WinHound.com key not present!

    spyaxe uninstaller NOT present
    Winhound uninstaller NOT present
    SpywareStrike uninstaller NOT present

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    Existing Pre-run Files


    ~~~ Program Files ~~~



    ~~~ Shortcuts ~~~

    Crystalys Media folder


    ~~~ Favorites ~~~



    ~~~ system32 folder ~~~



    ~~~ Icons in System32 ~~~



    ~~~ Windows directory ~~~



    ~~~ Drive root ~~~


    ~~~ Miscellaneous Files/folders ~~~




    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
    Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
    Killing PID 184 'explorer.exe'

    Starting registry repairs

    Registry repairs complete

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    SharedTask Export after registry fix

    (GetSTS.exe) SharedTaskScheduler exporter by Lawrence Abrams (Grinler)
    Copyright(C) 2006 BleepingComputer.com

    Registry Pseudo-Format Mode (Not a valid reg file):

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
    "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32]
    @="%SystemRoot%\System32\browseui.dll"


    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32]
    @="%SystemRoot%\System32\browseui.dll"


    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    Deleting files

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    Remaining Post-run Files


    ~~~ Program Files ~~~



    ~~~ Shortcuts ~~~

    Crystalys Media folder


    ~~~ Favorites ~~~



    ~~~ system32 folder ~~~



    ~~~ Icons in System32 ~~~



    ~~~ Windows directory ~~~



    ~~~ Drive root ~~~


    ~~~ Miscellaneous Files/folders ~~~


    ~~~ Wininet.dll ~~~

    CLEAN! :)








    Log of AproposFix v1.1

    ************

    Running from directory:
    C:\Documents and Settings\cguser\Desktop\aproposfix

    ************



    Registry entries found:


    ************

    No service found!

    Removing hidden folder:
    No folder found!

    Deleting files:


    Backing up files:
    Done!

    Removing registry entries:

    REGEDIT4


    Done!

    Finished!
     
    PatHL, Apr 10, 2006
    #8
  9. -kemisti-

    -kemisti- Active member

    Joined:
    Jun 6, 2005
    Messages:
    6,305
    Likes Received:
    0
    Trophy Points:
    96
    Delete this folder:

    C:\Program Files\Crystalys media

    If you can't find it, make your hidden and system files/folders visible -> http://www.xtra.co.nz/help/0,,4155-1916458,00.html

    Otherwise looking good :)

    Well, there are several HjT schools you can enroll:

    http://forum.malwareremoval.com/viewtopic.php?t=233
    http://forums.spywareinfo.com/index.php?showtopic=34
    http://forums.tomcoyote.org/index.php?showtopic=1421
    http://www.geekstogo.com/forum/index.php?showtopic=4817
    http://www.bleepingcomputer.com/forums/Help-Wanted-t4970.html



     
    -kemisti-, Apr 10, 2006
    #9
  10. PatHL

    PatHL Member

    Joined:
    Apr 4, 2006
    Messages:
    12
    Likes Received:
    0
    Trophy Points:
    11
    Kemisti --

    Strange. I followed the instruction (from the link you sent me), but my "Program Files" folder has no trace of the Crystals media folder. Indeed, I did a search for that folder name on my entire HD, but couldn't find it anywhere.

    What am I doing wrong?

    -- PatHL.
     
    PatHL, Apr 10, 2006
    #10
  11. -kemisti-

    -kemisti- Active member

    Joined:
    Jun 6, 2005
    Messages:
    6,305
    Likes Received:
    0
    Trophy Points:
    96
    Ok, that's just a shortcut. Check your desktop for a crystalys media icon and delete it if found.
     
    -kemisti-, Apr 10, 2006
    #11

Share This Page