Qoologic I can't shake it! Help Please!

Discussion in 'Windows - Virus and spyware problems' started by blksage, May 7, 2006.

Page 1 of 4
  1. blksage

    blksage Member

    Joined:
    May 7, 2006
    Messages:
    5
    Likes Received:
    0
    Trophy Points:
    11
    I have tried everything to get rid of this bug! It keeps loading sqiqt.exe and ioqmkrw.exe at startup. HJT finds the files, but soesn't delete them, Qoolfind fids them, but when I search for them on the hard drive, they are nowhere to be found.

    Can anyone help?
     
    blksage, May 7, 2006
    #1
  2. JaPK

    JaPK Regular member

    Joined:
    Feb 23, 2006
    Messages:
    1,269
    Likes Received:
    0
    Trophy Points:
    46
    JaPK, May 7, 2006
    #2
  3. blksage

    blksage Member

    Joined:
    May 7, 2006
    Messages:
    5
    Likes Received:
    0
    Trophy Points:
    11
    Here Ya Go! Thanks for the help!

    Logfile of HijackThis v1.99.1
    Scan saved at 8:20:19 PM, on 5/8/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\acs.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\$sys$filesystem\$sys$DRMServer.exe
    C:\WINDOWS\CDProxyServ.exe
    C:\WINDOWS\system32\CTsvcCDA.exe
    C:\Program Files\Microsoft SQL Server\MSSQL$ACT7\Binn\sqlservr.exe
    C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\WgaTray.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
    C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
    C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe
    C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\DropBox\DropBox\DropBox.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
    C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
    C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
    C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
    C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    C:\Program Files\NETGEAR\WG311T\wlancfg5.exe
    C:\Program Files\ScanSoft\NaturallySpeaking8\Program\natspeak.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Mozilla Thunderbird\thunderbird.exe
    C:\Program Files\Adobe\Acrobat 7.0\Acrobat\plug_ins\PaperCapture\Server\Roman\Capserve.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\WinRAR\WinRAR.exe
    C:\DOCUME~1\Mickey\LOCALS~1\Temp\Rar$EX00.016\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr6/*http://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr6/*http://www.yahoo.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://as.starware.com/dp/search?x=...104blaJFwnCDmycGBMCTJY6s0psiqX+1TakRiH80zrnQ=
    R3 - URLSearchHook: ScriptInocUI Class - - (no file)
    F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\sqiqt.exe
    F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM32\Userinit.exe,dmoueol.exe
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
    O2 - BHO: SDWin32 Class - {DE65D61F-D457-4007-9E72-82438E049080} - blank (file missing)
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
    O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe /r
    O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
    O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [TotalRecorderScheduler] "C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe"
    O4 - HKLM\..\Run: [HydraVisionDesktopManager] C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe
    O4 - HKLM\..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe -Embedding -boot
    O4 - HKLM\..\Run: [DNS7reminder] "C:\Program Files\ScanSoft\NaturallySpeaking8\Program\ereg.exe" -r "C:\Program Files\ScanSoft\NaturallySpeaking8\Program\ereg.ini"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [APL] "C:\Program Files\ACT\ACT for Win 7\APL.exe"
    O4 - HKLM\..\Run: [DropBoxUtility] "C:\Program Files\DropBox\DropBox\DropBox.exe" /s
    O4 - HKLM\..\Run: [winlog] winlog.exe
    O4 - HKLM\..\Run: [wa7784d9.dll] RUNDLL32.EXE wa7784d9.dll,I2 000c171a0a7784d9
    O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [w0dcc8b0.dll] RUNDLL32.EXE w0dcc8b0.dll,I2 000c171a00dcc8b0
    O4 - HKLM\..\RunServices: [winlog] winlog.exe
    O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
    O4 - Startup: Dragon NaturallySpeaking.lnk = C:\Program Files\ScanSoft\NaturallySpeaking8\Program\natspeak.exe
    O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
    O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
    O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    O4 - Global Startup: NETGEAR WG311T Wireless Assistant.lnk = C:\Program Files\NETGEAR\WG311T\wlancfg5.exe
    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
    O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: Attach Web page to ACT! contact - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll (file missing)
    O9 - Extra 'Tools' menuitem: Attach Web page to ACT! contact... - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll (file missing)
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1117865780742
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O18 - Filter: text/html - (no CLSID) - (no file)
    O20 - Winlogon Notify: DateTime - C:\WINDOWS\
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: Plug and Play Device Manager ($sys$DRMServer) - First 4 Internet Ltd - C:\WINDOWS\system32\$sys$filesystem\$sys$DRMServer.exe
    O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: XCP CD Proxy (CD_Proxy) - Unknown owner - C:\WINDOWS\CDProxyServ.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
    O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
    O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
    O23 - Service: Rio MSC Manager (RioMSC) - Digital Networks North America, Inc. - C:\WINDOWS\system32\RioMSC.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
     
    blksage, May 8, 2006
    #3
  4. JaPK

    JaPK Regular member

    Joined:
    Feb 23, 2006
    Messages:
    1,269
    Likes Received:
    0
    Trophy Points:
    46
    Hi again and sorry for the long wait, I've been really busy :)

    Ok, you got some infections....

    Cleaning instructions:

    1.Move HijackThis into its own folder C:\HJT

    2.Download and install Ewido, UPDATE it, but do NOT run a scan yet. -> http://www.ewido.net/en/download
    We'll use it later.

    3.Download ATF Cleaner by Atribune to your desktop -> http://www.atribune.org/ccount/click.php?id=1
    Do NOT run yet.

    4.Download Look2Me-Destroyer -> http://www.atribune.org/ccount/click.php?id=7 and save it on desktop

    5.IMPORTANT: Before continuing, you MUST do the following:

    ->Print this or save as a textfile
    ->Click start -> run -> services.msc -> ok
    ->Check that this service is running or its startuptype is automatic
    Secondary logon
    ->Disconnect from internet (unplug your network cable)
    ->Close ALL antivirus programs (this is essential!)
    ->Close all windows before continuing.
    ->Double-click Look2Me-Destroyer.exe to run it.
    ->Put a check next to Run this program as a task.
    ->You will receive a message saying Look2Me-Destroyer will close and re-open in approximately 10 seconds. Click OK
    ->When Look2Me-Destroyer re-opens, click the Scan for L2M button, your desktop icons will disappear, this is normal.
    ->Once it's done scanning, click the Remove L2M button.
    ->You will receive a Done Scanning message, click OK.
    ->When completed, you will receive this message: Done removing infected files! Look2Me-Destroyer will now shutdown your computer, click OK.
    ->Your computer will then shutdown.
    ->Turn your computer back on.

    If you receive a message from your firewall about this program accessing the internet please allow it.

    If you receive a runtime error '339' please download MSWINSCK.OCX from the link below and place it in your C:\Windows\System32 Directory.
    http://www.ascentive.com/support/new/images/lib/MSWINSCK.OCX

    6.Download BFU.zip to your desktop -> http://www.merijn.org/files/bfu.zip
    Then create a new folder named BFU to C:\ and unzip BFU.zip to that folder

    7.Then download qooFix.bat -> http://downloads.subratam.org/Lon/qooFix.bat
    Save it to folder C:\bfu (same folder you installed BFU)

    Close all other windows, including explorer folders.
    Go to C:\bfu and doubleclick the file QooFix.bat
    Choose option 1# (QoolFix autofix) and follow the instructions.
    Be patient, it takes about 5 minutes.

    8.Fix the following entries with HijackThis (run HijackThis, press "Do a system scan only", close all other windows, checkmark entries and press Fix checked):

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr6/...
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www...
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www...
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr6/...
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://as.starware.com/dp/search?x=wKX1ILEOi+UdWpSlz2q9Dzn13Emww/...
    R3 - URLSearchHook: ScriptInocUI Class - - (no file)
    O2 - BHO: SDWin32 Class - {DE65D61F-D457-4007-9E72-82438E049080} - blank (file missing)
    O4 - HKLM\..\Run: [winlog] winlog.exe
    O4 - HKLM\..\Run: [wa7784d9.dll] RUNDLL32.EXE wa7784d9.dll,I2 000c171a0a7784d9
    O4 - HKLM\..\Run: [w0dcc8b0.dll] RUNDLL32.EXE w0dcc8b0.dll,I2 000c171a00dcc8b0
    O4 - HKLM\..\RunServices: [winlog] winlog.exe
    O18 - Filter: text/html - (no CLSID) - (no file)
    O20 - Winlogon Notify: DateTime - C:\WINDOWS\

    9.Restart your computer to the safemode -> http://www.pchell.com/support/safemode.shtml

    10.Use the Windows "search" function
    -> Start
    -> Search
    -> All files and folders
    -> More advanced options

    Checkmark these options:
    - "Search system folders"
    - "Search hidden files and folders"
    - "Search subfolders"

    ->Search for this and delete if found: winlog.exe
    ->Search for this and delete if found: wa7784d9.dll
    ->Search for this and delete if found: w0dcc8b0.dll

    11.Run ATF Cleaner -> Check select all -> Press Empty selected

    12.Scan and clean your computer with Ewido and save the log file.

    13.Restart your computer normally, make your hidden files invisible again

    14.Download F-Secure Blacklight to your desktop -> http://www.europe.f-secure.com/exclude/blacklight/blbeta.exe

    Run a scan with Blacklight, a log named fsbl**********.log will appear to your desktop.
    DO not rename/remove anything with blacklight yet.

    15.Post the following logs to here:
    -> a fresh HijackThis log
    -> Ewido's log
    -> C:\Look2Me-Destroyer.txt
    -> contents of fsbl**********.log (from your desktop)
     
    Last edited: May 9, 2006
    JaPK, May 9, 2006
    #4
  5. blksage

    blksage Member

    Joined:
    May 7, 2006
    Messages:
    5
    Likes Received:
    0
    Trophy Points:
    11
    Followed Directions, Here are the logs! Thank you so much!

    S.

    Logfile of HijackThis v1.99.1
    Scan saved at 12:27:16 AM, on 5/10/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\acs.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
    C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
    C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe
    C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\DropBox\DropBox\DropBox.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
    C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
    C:\WINDOWS\system32\$sys$filesystem\$sys$DRMServer.exe
    C:\WINDOWS\CDProxyServ.exe
    C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
    C:\WINDOWS\system32\CTsvcCDA.exe
    C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
    C:\Program Files\ewido anti-malware\ewidoctrl.exe
    C:\Program Files\NETGEAR\WG311T\wlancfg5.exe
    C:\Program Files\ScanSoft\NaturallySpeaking8\Program\natspeak.exe
    C:\Program Files\ewido anti-malware\ewidoguard.exe
    C:\Program Files\Microsoft SQL Server\MSSQL$ACT7\Binn\sqlservr.exe
    C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
    C:\HJT\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\sqiqt.exe
    F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM32\Userinit.exe,dmoueol.exe
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
    O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe /r
    O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
    O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [TotalRecorderScheduler] "C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe"
    O4 - HKLM\..\Run: [HydraVisionDesktopManager] C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe
    O4 - HKLM\..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe -Embedding -boot
    O4 - HKLM\..\Run: [DNS7reminder] "C:\Program Files\ScanSoft\NaturallySpeaking8\Program\ereg.exe" -r "C:\Program Files\ScanSoft\NaturallySpeaking8\Program\ereg.ini"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [APL] "C:\Program Files\ACT\ACT for Win 7\APL.exe"
    O4 - HKLM\..\Run: [DropBoxUtility] "C:\Program Files\DropBox\DropBox\DropBox.exe" /s
    O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
    O4 - HKLM\..\Run: [byueth] C:\WINDOWS\system32\chqmtj.exe reg_run
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [xvcgu] C:\WINDOWS\system32\chqmtj.exe reg_run
    O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
    O4 - Startup: Dragon NaturallySpeaking.lnk = C:\Program Files\ScanSoft\NaturallySpeaking8\Program\natspeak.exe
    O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
    O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
    O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    O4 - Global Startup: NETGEAR WG311T Wireless Assistant.lnk = C:\Program Files\NETGEAR\WG311T\wlancfg5.exe
    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
    O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: Attach Web page to ACT! contact - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll (file missing)
    O9 - Extra 'Tools' menuitem: Attach Web page to ACT! contact... - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll (file missing)
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1117865780742
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
    O23 - Service: Plug and Play Device Manager ($sys$DRMServer) - First 4 Internet Ltd - C:\WINDOWS\system32\$sys$filesystem\$sys$DRMServer.exe
    O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: XCP CD Proxy (CD_Proxy) - Unknown owner - C:\WINDOWS\CDProxyServ.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
    O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
    O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
    O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
    O23 - Service: Rio MSC Manager (RioMSC) - Digital Networks North America, Inc. - C:\WINDOWS\system32\RioMSC.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe


    ---------------------------------------------------------
    ewido anti-malware - Scan report
    ---------------------------------------------------------

    + Created on: 12:17:51 AM, 5/10/2006
    + Report-Checksum: 69D523E6

    + Scan result:

    :mozilla.6:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
    :mozilla.7:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
    :mozilla.8:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
    :mozilla.9:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
    :mozilla.10:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
    :mozilla.11:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
    :mozilla.12:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
    :mozilla.13:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
    :mozilla.14:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
    :mozilla.15:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
    :mozilla.17:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
    :mozilla.18:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
    :mozilla.19:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
    :mozilla.20:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
    :mozilla.21:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
    :mozilla.22:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
    :mozilla.23:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
    :mozilla.24:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
    :mozilla.25:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
    :mozilla.26:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
    :mozilla.27:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
    :mozilla.28:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
    :mozilla.29:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
    :mozilla.30:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
    :mozilla.31:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
    :mozilla.32:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
    :mozilla.33:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
    :mozilla.34:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
    :mozilla.36:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
    :mozilla.37:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
    :mozilla.38:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
    :mozilla.39:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
    :mozilla.40:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
    :mozilla.41:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
    :mozilla.42:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
    :mozilla.43:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
    :mozilla.44:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
    :mozilla.45:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
    :mozilla.46:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
    :mozilla.47:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
    :mozilla.48:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
    :mozilla.49:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
    :mozilla.50:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
    :mozilla.51:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
    :mozilla.52:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
    :mozilla.53:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
    :mozilla.54:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
    :mozilla.55:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
    :mozilla.56:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
    :mozilla.57:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
    :mozilla.58:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
    :mozilla.98:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
    :mozilla.99:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
    :mozilla.100:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
    :mozilla.104:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
    :mozilla.105:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
    :mozilla.107:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
    :mozilla.113:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
    :mozilla.122:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
    :mozilla.123:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
    :mozilla.124:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
    :mozilla.125:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
    :mozilla.126:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
    :mozilla.127:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
    :mozilla.128:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
    :mozilla.129:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
    :mozilla.130:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
    :mozilla.132:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
    :mozilla.133:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
    :mozilla.134:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
    :mozilla.138:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
    :mozilla.147:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
    :mozilla.148:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
    :mozilla.153:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
    :mozilla.156:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup
    :mozilla.157:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup
    :mozilla.158:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
    :mozilla.159:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
    :mozilla.160:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
    :mozilla.161:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
    :mozilla.162:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
    :mozilla.164:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
    :mozilla.172:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
    :mozilla.173:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
    :mozilla.174:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
    :mozilla.175:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
    :mozilla.176:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
    :mozilla.177:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
    :mozilla.178:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
    :mozilla.180:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup
    :mozilla.181:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup
    :mozilla.187:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
    :mozilla.188:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
    :mozilla.189:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
    :mozilla.190:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
    :mozilla.191:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
    :mozilla.192:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
    :mozilla.193:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
    :mozilla.194:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
    :mozilla.195:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
    :mozilla.196:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
    :mozilla.218:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
    :mozilla.219:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
    :mozilla.220:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
    :mozilla.221:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
    :mozilla.222:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
    :mozilla.223:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
    :mozilla.229:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
    :mozilla.230:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
    :mozilla.231:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
    :mozilla.232:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
    :mozilla.233:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
    :mozilla.234:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
    :mozilla.235:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
    :mozilla.236:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
    :mozilla.237:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
    :mozilla.240:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
    :mozilla.241:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
    :mozilla.242:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
    :mozilla.243:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
    :mozilla.245:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
    :mozilla.246:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
    :mozilla.247:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
    :mozilla.248:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
    :mozilla.249:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned with backup
    :mozilla.272:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup
    :mozilla.273:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup
    :mozilla.281:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup
    :mozilla.282:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup
    :mozilla.287:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
    :mozilla.288:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
    :mozilla.289:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Addynamix : Cleaned with backup
    :mozilla.290:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
    :mozilla.291:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
    :mozilla.292:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
    :mozilla.293:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
    :mozilla.294:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup
    :mozilla.295:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup
    :mozilla.302:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
    :mozilla.306:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
    :mozilla.307:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
    :mozilla.308:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
    :mozilla.309:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
    :mozilla.310:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
    :mozilla.311:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
    :mozilla.312:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
    :mozilla.313:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
    :mozilla.314:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
    :mozilla.336:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
    :mozilla.337:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
    :mozilla.350:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup
    :mozilla.351:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup
    :mozilla.364:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned with backup
    :mozilla.389:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
    :mozilla.390:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
    :mozilla.427:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Starware : Cleaned with backup
    :mozilla.428:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Starware : Cleaned with backup
    :mozilla.538:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
    :mozilla.539:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
    :mozilla.542:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
    :mozilla.553:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
    :mozilla.587:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
    :mozilla.588:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
    :mozilla.589:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
    :mozilla.590:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
    :mozilla.591:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
    :mozilla.601:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup
    :mozilla.625:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
    :mozilla.629:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
    :mozilla.630:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
    :mozilla.631:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
    :mozilla.632:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
    :mozilla.633:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
    :mozilla.634:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
    :mozilla.635:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
    :mozilla.636:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
    :mozilla.637:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
    :mozilla.638:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
    :mozilla.639:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
    :mozilla.640:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
    :mozilla.641:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
    :mozilla.642:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
    :mozilla.643:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
    :mozilla.644:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
    :mozilla.645:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
    :mozilla.646:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
    :mozilla.647:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
    :mozilla.648:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
    :mozilla.649:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
    :mozilla.650:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
    :mozilla.651:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
    :mozilla.652:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
    :mozilla.653:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
    :mozilla.654:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
    :mozilla.655:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
    :mozilla.656:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
    :mozilla.657:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
    :mozilla.658:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
    :mozilla.659:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup
    :mozilla.660:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup
    :mozilla.661:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup
    :mozilla.666:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
    :mozilla.667:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
    :mozilla.668:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
    :mozilla.709:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
    :mozilla.710:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
    :mozilla.711:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
    :mozilla.712:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
    :mozilla.713:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
    :mozilla.714:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
    :mozilla.715:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
    :mozilla.716:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
    :mozilla.717:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
    :mozilla.718:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
    :mozilla.719:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
    :mozilla.723:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Clickhype : Cleaned with backup
    :mozilla.733:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
    :mozilla.737:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup
    :mozilla.738:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup
    :mozilla.795:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
    :mozilla.796:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
    :mozilla.797:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
    :mozilla.798:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
    :mozilla.801:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup
    :mozilla.802:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup
    :mozilla.803:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
    :mozilla.804:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
    :mozilla.805:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
    :mozilla.806:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
    :mozilla.807:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
    :mozilla.808:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
    :mozilla.809:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
    :mozilla.810:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
    :mozilla.820:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Starware : Cleaned with backup
    :mozilla.823:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Cqcounter : Cleaned with backup
    :mozilla.839:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Adtrak : Cleaned with backup
    :mozilla.840:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Adtrak : Cleaned with backup
    :mozilla.849:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned with backup
    :mozilla.925:C:\Documents and Settings\Mickey\Application Data\Mozilla\Firefox\Profiles\lw7kimlv.default\cookies.txt -> TrackingCookie.Starware : Cleaned with backup
    C:\Documents and Settings\Mickey\Local Settings\Temporary Internet Files\Content.IE5\UTVN46KC\NNSCAA638[1].EXE -> Adware.NewDotNet : Cleaned with backup
    C:\keyboard17.exe -> Downloader.VB.aci : Cleaned with backup
    C:\LottoFun.exe -> Dropper.Agent.hl : Cleaned with backup
    C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll -> Adware.Aws : Cleaned with backup
    C:\Program Files\ComPlus Applications\womeveq.dll -> Downloader.Small.ctp : Cleaned with backup
    C:\Program Files\Windows Media Player\wwmsetsdk.exe -> Adware.Agent : Cleaned with backup
    C:\WINDOWS\mousepad17.exe -> Downloader.VB.aci : Cleaned with backup
    C:\WINDOWS\NDNuninstall7_22.exe -> Adware.NewDotNet : Cleaned with backup
    C:\WINDOWS\SYSC00.ex$ -> Trojan.VB.tg : Cleaned with backup
    C:\WINDOWS\system32\explorer.exe -> Downloader.Small.cts : Cleaned with backup
    C:\WINDOWS\system32\hdaiyfg.vxd -> Trojan.Painwin.a : Cleaned with backup
    C:\WINDOWS\system32\repairs303169584.dll -> Adware.Surfside : Cleaned with backup
    C:\WINDOWS\system32\rwinkqaf.exe -> Adware.ZenoSearch : Cleaned with backup
    C:\WINDOWS\system32\s_install_ID8.exe -> Downloader.Small.aav : Cleaned with backup
    C:\WINDOWS\system32\unpack.exe -> Trojan.Painwin.a : Cleaned with backup


    ::Report End


    Look2Me-Destroyer V1.0.12

    Scanning for infected files.....
    Scan started at 5/9/2006 11:20:11 PM


    Attempting to delete infected files...

    Making registry repairs.

    Removing: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\DateTime

    Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{FADAE73F-108F-434E-987C-3EBFF0966322}"
    HKCR\Clsid\{FADAE73F-108F-434E-987C-3EBFF0966322}

    Restoring Windows certificates.

    Replaced hosts file with default windows hosts file


    Restoring SeDebugPrivilege for Administrators - Succeeded


    05/10/06 00:22:28 [Info]: BlackLight Engine 1.0.36 initialized
    05/10/06 00:22:28 [Info]: OS: 5.1 build 2600 (Service Pack 2)
    05/10/06 00:22:28 [Note]: 7019 4
    05/10/06 00:22:28 [Note]: 7005 0
    05/10/06 00:22:33 [Note]: 7006 0
    05/10/06 00:22:33 [Note]: 7011 1864
    05/10/06 00:22:33 [Note]: 7026 0
    05/10/06 00:22:34 [Note]: 7026 0
    05/10/06 00:22:41 [Note]: FSRAW library version 1.7.1015
    05/10/06 00:26:21 [Note]: 2000 1006
    05/10/06 00:26:31 [Note]: 7007 0
     
    blksage, May 9, 2006
    #5
  6. aabbccdd

    aabbccdd Guest

    heres mine ,hows it look

    Logfile of HijackThis v1.99.1
    Scan saved at 4:22:22 AM, on 5/10/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\SYSTEM32\SVCHOST.EXE
    C:\WINDOWS\SYSTEM32\SPOOLSV.EXE
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE
    C:\Program Files\ewido anti-malware\ewidoctrl.exe
    C:\PROGRAM FILES\EWIDO ANTI-MALWARE\EWIDOGUARD.EXE
    C:\PROGRA~1\TRENDM~1\INTERN~2\PCCTLCOM.EXE
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
    C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
    C:\PROGRAM FILES\SLYSOFT\ANYDVD\ANYDVD.EXE
    C:\PROGRAM FILES\WINDOWS DEFENDER\MSASCUI.EXE
    C:\WINDOWS\system32\MsPMSPSv.exe
    C:\PROGRA~1\TRENDM~1\INTERN~2\TMPFW.EXE
    C:\PROGRAM FILES\WEBROOT\SPY SWEEPER\SPYSWEEPER.EXE
    C:\Program Files\WinPortrait\wpctrl.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\PROGRAM FILES\MESSENGER\MSMSGS.EXE
    C:\Program Files\WinPortrait\floater.exe
    C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
    C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHMAISV.EXE
    C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHWEBSV.EXE
    C:\PROGRA~1\TRENDM~1\INTERN~2\PccGuide.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\Nero\Nero 7\Nero ShowTime\ShowTime.exe
    C:\PROGRA~1\TRENDM~1\INTERN~2\TMPROXY.EXE
    C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
    C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
    C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\SPYBOTSD.EXE
    C:\Documents and Settings\Led Zeppelin\Desktop\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http:
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O4 - HKLM\..\Run: [AnyDVD] "C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe"
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [SpySweeper] "C:\PROGRAM FILES\WEBROOT\SPY SWEEPER\SPYSWEEPER.EXE" /startintray
    O4 - HKLM\..\Run: [PivotSoftware] "C:\Program Files\WinPortrait\wpctrl.exe"
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Gadwin PrintScreen 3.1] C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash
    O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
    O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
    O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
    O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
    O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe
     
    Last edited by a moderator: May 10, 2006
    aabbccdd, May 10, 2006
    #6
  7. JaPK

    JaPK Regular member

    Joined:
    Feb 23, 2006
    Messages:
    1,269
    Likes Received:
    0
    Trophy Points:
    46
    @blksage

    Ok good, lets clean the leftovers:

    Fix the following entries with HijackThis:

    F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\sqiqt.exe
    F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM32\Userinit.exe,dmoueol.exe
    O4 - HKLM\..\Run: [byueth] C:\WINDOWS\system32\chqmtj.exe reg_run
    O4 - HKCU\..\Run: [xvcgu] C:\WINDOWS\system32\chqmtj.exe reg_run

    Make your hidden files visible and delete this folder:
    C:\Program Files\AWS

    Make your hidden files invisible and post a fresh HijackThis log to here.

    ---------------------------------------------------------
    @aabbccdd

    Ok, that Trendmicro software is just a firewall, right?

    Your log is clean, just a few leftovers. Fix the following entries with HijackThis (run HijackThis, press "Do a system scan only", close all other windows, checkmark entries and press Fix checked):

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http:
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
     
    Last edited: May 10, 2006
    JaPK, May 10, 2006
    #7
  8. aabbccdd

    aabbccdd Guest

    i have Trend Mirco PC-cillin Internet Security 2006

    thanks for the info. i checked and deleted them but i dont think its fixed heres a fresh log. the insightbb.com is my homepage though

    Logfile of HijackThis v1.99.1
    Scan saved at 1:05:53 PM, on 5/10/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\SYSTEM32\SVCHOST.EXE
    C:\WINDOWS\SYSTEM32\SPOOLSV.EXE
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\Program Files\ewido anti-malware\ewidoctrl.exe
    C:\PROGRAM FILES\EWIDO ANTI-MALWARE\EWIDOGUARD.EXE
    C:\PROGRA~1\TRENDM~1\INTERN~2\PCCTLCOM.EXE
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
    C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
    C:\PROGRAM FILES\SLYSOFT\ANYDVD\ANYDVD.EXE
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\WINDOWS\system32\MsPMSPSv.exe
    C:\PROGRAM FILES\WEBROOT\SPY SWEEPER\SPYSWEEPER.EXE
    C:\PROGRA~1\TRENDM~1\INTERN~2\TMPFW.EXE
    C:\Program Files\WinPortrait\wpctrl.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\PROGRAM FILES\MESSENGER\MSMSGS.EXE
    C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
    C:\Program Files\WinPortrait\floater.exe
    C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHMAISV.EXE
    C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHWEBSV.EXE
    C:\PROGRA~1\TRENDM~1\INTERN~2\PccGuide.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\PROGRA~1\TRENDM~1\INTERN~2\TMPROXY.EXE
    C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
    C:\Documents and Settings\Led Zeppelin\Desktop\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.insightbb.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O4 - HKLM\..\Run: [AnyDVD] "C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe"
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
     
    Last edited by a moderator: May 10, 2006
    aabbccdd, May 10, 2006
    #8
  9. JaPK

    JaPK Regular member

    Joined:
    Feb 23, 2006
    Messages:
    1,269
    Likes Received:
    0
    Trophy Points:
    46
    @aabbccdd

    Ok, that entry wasn't whole in your first log but it is ok now.

    You seem to have two antiviruses running at the same time, trendmicro and avast. (the TrendMicro is an internet security version, it includes firewall&antivirus)

    Running two antiviruses at the same time is not recommended (might cause freezes, slowdowns etc.)

    You should either disable trendmicros antivirus from its settings or remove avast through Control Panel -> Add/Remove Programs. (if you decide to remove the whole trendmicro software, you should install a new firewall too)
     
    Last edited: May 10, 2006
    JaPK, May 10, 2006
    #9
  10. aabbccdd

    aabbccdd Guest

    yeah iam going to uninstall the avast ,my IE got highjacked early last week so i was trying different programs.

    my Trend Mirco is Quarantining this[bold] TROJ_ZLOB.NU[/bold] but my system seems to be running fine,iam i ok?

    thanks for the help
     
    Last edited by a moderator: May 10, 2006
    aabbccdd, May 10, 2006
    #10
  11. JaPK

    JaPK Regular member

    Joined:
    Feb 23, 2006
    Messages:
    1,269
    Likes Received:
    0
    Trophy Points:
    46
    Ok lets see if you're clean:

    Download SmitfraudFix.zip to your desktop -> http://siri.urz.free.fr/Fix/SmitfraudFix.zip

    Unzip it (folder named SmitFraudFix) to your desktop:

    Open the folder SmitfraudFix and doubleclick smitfraudfix.cmd
    Choose option #1 - Search by typing 1 and pressing "Enter"; a textfile opens and lists the infected files (if those exist)

    Post the contents of this textfile to here.

    (Some antiviruses recognises process.exe as a malware. It is not malware, it is a program that stops processes)
     
    JaPK, May 10, 2006
    #11
  12. aabbccdd

    aabbccdd Guest

    i open it and dont see an option 1 ,this is what iam getting ,says press any key after i press a key it(the box) disappears. does this mean iam clean?

    [​IMG]
     
    Last edited by a moderator: May 10, 2006
    aabbccdd, May 10, 2006
    #12
  13. JaPK

    JaPK Regular member

    Joined:
    Feb 23, 2006
    Messages:
    1,269
    Likes Received:
    0
    Trophy Points:
    46
    Ok, your antivirus seems to remove this process.exe file (it thinks that it is malware)

    Did you get any warning about this process.exe file when you downloaded the smitfraudfix.zip? I you got one, you should download smitfraudfix again and this time, allow it.
     
    JaPK, May 11, 2006
    #13
  14. aabbccdd

    aabbccdd Guest

    i have try it 20 times thats all i get , i will post some screen shots later. iam not going to turn off the trend mirco to do it since ive had to many problems , iam going to re-format in a month or so anyway.
     
    Last edited by a moderator: May 11, 2006
    aabbccdd, May 11, 2006
    #14
  15. JaPK

    JaPK Regular member

    Joined:
    Feb 23, 2006
    Messages:
    1,269
    Likes Received:
    0
    Trophy Points:
    46
    Ok it doesn't work because it is missing a component (process.exe file).

    But TrendMicro has propably deleted that trojan infection...

    You could update your Ewido and run a scan with it, save the log and post it to here when ready.
     
    JaPK, May 11, 2006
    #15
  16. aabbccdd

    aabbccdd Guest

    Trend Mirco is Quarantining the virus[bold] TROJ_ZLOB.NU[/bold] NOT cleaning it. the Ewido comes up clean on a scan
     
    aabbccdd, May 11, 2006
    #16
  17. JaPK

    JaPK Regular member

    Joined:
    Feb 23, 2006
    Messages:
    1,269
    Likes Received:
    0
    Trophy Points:
    46
    Ok good, are you having any other problems?
     
    JaPK, May 12, 2006
    #17
  18. aabbccdd

    aabbccdd Guest

    everything seems to be running fine ,other than i have lost 2 gigs of harddrive space for no reason ,running "Necrofile" now to see if i can get it back will let you know ,thanks for the help
     
    aabbccdd, May 12, 2006
    #18
  19. JaPK

    JaPK Regular member

    Joined:
    Feb 23, 2006
    Messages:
    1,269
    Likes Received:
    0
    Trophy Points:
    46
    You're welcome :)
     
    JaPK, May 12, 2006
    #19
  20. aabbccdd

    aabbccdd Guest

    JaPAK i cant seem to boot into safe mode without crashing windows to do it lol. when i finally got into safe mode i did a couple scans ewido came up clean but spysweeper came up with [bold] trojan agent winlogon hook [/bold] is this stuff reinstalling when i reboot? and can i get rid of all this stuff for good without reformatting? bheres a fresh HJT log

    Logfile of HijackThis v1.99.1
    Scan saved at 4:17:32 AM, on 5/13/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\SYSTEM32\SVCHOST.EXE
    C:\WINDOWS\SYSTEM32\SPOOLSV.EXE
    C:\Program Files\ewido anti-malware\ewidoctrl.exe
    C:\PROGRAM FILES\EWIDO ANTI-MALWARE\EWIDOGUARD.EXE
    C:\PROGRA~1\TRENDM~1\INTERN~2\PCCTLCOM.EXE
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
    C:\PROGRA~1\TRENDM~1\INTERN~2\TMPROXY.EXE
    C:\WINDOWS\system32\MsPMSPSv.exe
    C:\PROGRA~1\TRENDM~1\INTERN~2\TMPFW.EXE
    C:\PROGRAM FILES\SLYSOFT\ANYDVD\ANYDVD.EXE
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\Program Files\WinPortrait\wpctrl.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\PROGRAM FILES\MESSENGER\MSMSGS.EXE
    C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
    C:\Program Files\WinPortrait\floater.exe
    C:\PROGRA~1\TRENDM~1\INTERN~2\PccGuide.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
    C:\Documents and Settings\Led Zeppelin\Desktop\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.insightbb.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O4 - HKLM\..\Run: [AnyDVD] "C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe"
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
    O4 - HKLM\..\Run: [PivotSoftware] "C:\Program Files\WinPortrait\wpctrl.exe"
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Gadwin PrintScreen 3.1] C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash
    O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
    O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
    O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
    O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
    O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe
     
    Last edited by a moderator: May 13, 2006
    aabbccdd, May 13, 2006
    #20
Page 1 of 4

Share This Page