I found the file thats been causing Windows Explorer, however when ever I try to delete the file the explorer automatically crashes. Ive tried running ati-virus programs, but they frezze whenever they scan the file.
Logfile of HijackThis v1.99.1 Scan saved at 7:38:47 AM, on 09/17/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe C:\Program Files\SigmaTel\C-Major Audio\WDM\Stacsv.exe C:\WINDOWS\System32\alg.exe C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE C:\WINDOWS\Explorer.EXE C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe C:\Program Files\Roxio\Roxio DVDMax Player\PDVDServ.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe C:\Program Files\Google\Web Accelerator\googlewebaccclient.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\BitLord\BitLord.exe C:\Program Files\Opera\Opera.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\Documents and Settings\Paul Nauman\Desktop\HijackThis_v1.99.1.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.accoona.com/search_assis...leftnav&utm_source=&utm_medium=&utm_campaign= R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.accoona.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://vgcats.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac R3 - URLSearchHook: (no name) - <default> - (no file) R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe O4 - HKLM\..\Run: [IntelAudioStudio] "C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" TRAY O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe" O4 - HKLM\..\Run: [RemoteControl] C:\Program Files\Roxio\Roxio DVDMax Player\PDVDServ.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [NAV CfgWiz] C:\Program Files\Common Files\Symantec Shared\SymProbe.exe -r "C:\Program Files\Norton AntiVirus\CfgWiz.exe" /GUID {0D7956A2-5A08-4ec2-A72C-DF8495A66016} /MODE CfgWiz /CMDLINE "REBOOT" O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [df94cf61.exe] C:\WINDOWS\system32\df94cf61.exe O4 - HKLM\..\Run: [NI.UWA6P_0001_N822M1605] "C:\Documents and Settings\Paul Nauman\Local Settings\Temporary Internet Files\Content.IE5\O1UV8TE3\WinAntiVirusPro2006FreeInstall[1].exe" -nag O4 - HKLM\..\Run: [LXCFCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCFtime.dll,_RunDLLEntry@16 O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 -noicon O4 - HKLM\..\Run: [dmunv.exe] C:\WINDOWS\system32\dmunv.exe O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitLord\BitLord.exe" O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Belkin Wireless USB Utility.lnk = C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: PlexTools Professional.lnk = C:\Program Files\Plextor\PlexTool.exe O4 - Global Startup: Run Google Web Accelerator.lnk = C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1140187251000 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1149288456140 O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{507B3355-8052-4535-A92F-1B235D2CC368}: NameServer = 85.255.115.2,85.255.112.6 O17 - HKLM\System\CCS\Services\Tcpip\..\{A7C4B920-A379-4F38-AFAE-7220D646F9FE}: NameServer = 85.255.115.2,85.255.112.6 O17 - HKLM\System\CCS\Services\Tcpip\..\{B4079CE4-1C16-452D-9929-E1892075D6C6}: NameServer = 85.255.115.2,85.255.112.6 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.2 85.255.112.6 O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.115.2 85.255.112.6 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.2 85.255.112.6 O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: lxcf_device - - C:\WINDOWS\system32\lxcfcoms.exe O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\Stacsv.exe O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe (file missing) O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
download FixWareout http://downloads.subratam.org/Fixwareout.exe Run it. Click Next, then Install, then make sure "Run fixit" is checked and click Finish. The fix will begin; follow the prompts. You will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal. When your system reboots, follow the prompts. Afterwards, Hijack This will launch. Close Hijack This, and click OK to proceed. ) Check these with HJT and click Fix checked [bold]O17 - HKLM\System\CCS\Services\Tcpip\..\{507B3355-8052-4535-A92F-1B235D2CC368}: NameServer = 85.255.115.2,85.255.112.6 O17 - HKLM\System\CCS\Services\Tcpip\..\{A7C4B920-A379-4F38-AFAE-7220D646F9FE}: NameServer = 85.255.115.2,85.255.112.6 O17 - HKLM\System\CCS\Services\Tcpip\..\{B4079CE4-1C16-452D-9929-E1892075D6C6}: NameServer = 85.255.115.2,85.255.112.6 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.2 85.255.112.6 O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.115.2 85.255.112.6 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.2 85.255.112.6 [/bold] If you have connection problems after this * Go to Control Panel. - If you are using Windows XP's Category View, select the Network and Internet Connections category. If you are in Classic View, go to the next step . · Double-click the Network Connections icon · Right-click the Local Area Connection icon and select Properties. · Hilight Internet Protocol (TCP/IP) and click the Properties button. · Be sure Obtain DNS server address automatically is selected. · OK your way out. * Go to Start > Run and type in cmd · Click OK. · This will open a commad prompt. · Type or copy and paste the following line in the command window: ipconfig /flushdns · Hit Enter · Exit the command window Do that before you restart. Finally, please post the contents of the logfile C:\fixwareout\report.txt, along with a new Hijack This log.
That fix it. Thx for the Help,Ill post the report here anyways: Fixwareout ver 1.003 Last edited 8/11/2006 Post this report in the forums please Reg Entries that were deleted HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}76D3F77125A8-F1AA-0434-87C2-4BBE7039{ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}8E006B076679-BFBA-A9D4-7015-1A9A1C93{ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\vnumd HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\1trap HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\2trap ... Microsoft (R) Windows Script Host Version 5.6 Random Runs removed from HKLM "dmunv.exe"=- ... PLEASE NOTE, There WILL be LEGITIMATE FILES LISTED. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE. »»»»» Searching by size/names... * csr.exe C:\WINDOWS\System32\CSPSG.EXE »»»»» Search five digit cs, dm and jb files. This WILL/CAN also list Legit Files, Submit them at Virustotal C:\WINDOWS\SYSTEM32\CSPSG.EXE 51,277 2006-07-19 C:\WINDOWS\SYSTEM32\DMUNV.EXE 61,974 2004-08-04 Other suspects. Directory of C:\WINDOWS\system32 »»»»» Misc files. »»»»» Checking for older varients covered by the Rem3 tool.
Logfile of HijackThis v1.99.1 Scan saved at 10:58:03 PM, on 09/17/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe C:\Program Files\SigmaTel\C-Major Audio\WDM\Stacsv.exe C:\WINDOWS\system32\qttask.exe C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe C:\Program Files\BitLord\BitLord.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Apex\Apex Video Converter Free\ApexVideoConvertFree.exe C:\Program Files\Google\Web Accelerator\googlewebaccwarden.exe C:\Program Files\Google\Web Accelerator\googlewebaccclient.exe C:\Program Files\Opera\Opera.exe C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\Documents and Settings\Paul Nauman\Desktop\HijackThis_v1.99.1.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://vgcats.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [NI.UWA6P_0001_N822M1605] "C:\Documents and Settings\Paul Nauman\Local Settings\Temporary Internet Files\Content.IE5\O1UV8TE3\WinAntiVirusPro2006FreeInstall[1].exe" -nag O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\system32\qttask.exe" -atboottime O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\ O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\Stacsv.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
go to Start - My computer Double click local disk C and create a folder inside called "HJT" Find your hijack this.exe here: C:\Documents and Settings\Paul Nauman\Desktop\HijackThis_v1.99.1.exe right click it and and rename it "scan.exe" Then move into the folder you have created so it will be this: C:\HJT\scan.exe Hijackthis needs a safe folder for backups and the reason for renaming is because it looks as if you have an infection that is hiding entries Post a new log from the newly named tool.
Logfile of HijackThis v1.99.1 Scan saved at 9:07:45 AM, on 09/18/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe C:\Program Files\SigmaTel\C-Major Audio\WDM\Stacsv.exe C:\WINDOWS\system32\qttask.exe C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe C:\Program Files\BitLord\BitLord.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Apex\Apex Video Converter Free\ApexVideoConvertFree.exe C:\Program Files\Google\Web Accelerator\googlewebaccwarden.exe C:\Program Files\Google\Web Accelerator\googlewebaccclient.exe C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe C:\WINDOWS\system32\DllHost.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\Program Files\Opera\Opera.exe C:\HJT\scan.exe.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://vgcats.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [NI.UWA6P_0001_N822M1605] "C:\Documents and Settings\Paul Nauman\Local Settings\Temporary Internet Files\Content.IE5\O1UV8TE3\WinAntiVirusPro2006FreeInstall[1].exe" -nag O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\system32\qttask.exe" -atboottime O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\Stacsv.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
Download Ewido Anti-Spyware http://www.ewido.net/en/download/ · Install and run ewido · Click Scanner · select the "Settings" tab. · Once in the Settings screen click on "Recommended actions" and then select "Delete". · Select "Automatically generate report after every scan" · UnSelect "Only if threats were found" · Click Complete System Scan and the scan will begin. · When the scan is finished, Set all items to delete · Click Apply all actions · Click the Save report button. · Save the report to your C: Drive Reboot Run ActiveScan online virus scan: http://www.pandasoftware.com/products/activescan.htm When the scan is finished, save the results from the scan! Come back here and post a new Hijack This log along with the logs from the Ewido and Panda scans.
Incident Status Location Adware:adware/securityerror Not disinfected c:\windows\system32\ot.ico Potentially unwanted tool:application/regclean32 Not disinfected C:\Documents and Settings\Paul Nauman\Application Data\Registry Cleaner Potentially unwanted tool:application/winantivirus2006 Not disinfected hkey_local_machine\software\WinAntiVirus Pro 2006 Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Paul Nauman\Application Data\Mozilla\Firefox\Profiles\2a2saiyt.default\cookies.txt[.doubleclick.net/] Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Paul Nauman\Application Data\Mozilla\Firefox\Profiles\2a2saiyt.default\cookies.txt[.advertising.com/] Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Paul Nauman\Application Data\Mozilla\Firefox\Profiles\2a2saiyt.default\cookies.txt[.atdmt.com/] Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Paul Nauman\Application Data\Mozilla\Firefox\Profiles\2a2saiyt.default\cookies.txt[.as-eu.falkag.net/] Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Paul Nauman\Application Data\Mozilla\Firefox\Profiles\2a2saiyt.default\cookies.txt[.questionmarket.com/] Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Paul Nauman\Application Data\Mozilla\Firefox\Profiles\2a2saiyt.default\cookies.txt[.serving-sys.com/] Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Paul Nauman\Application Data\Mozilla\Firefox\Profiles\2a2saiyt.default\cookies.txt[.statcounter.com/] Spyware:Cookie/Hitslink Not disinfected C:\Documents and Settings\Paul Nauman\Application Data\Mozilla\Firefox\Profiles\2a2saiyt.default\cookies.txt[counter.hitslink.com/] Spyware:Cookie/OfferOptimizer Not disinfected C:\Documents and Settings\Paul Nauman\Application Data\Mozilla\Firefox\Profiles\2a2saiyt.default\cookies.txt[.offeroptimizer.com/] Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Paul Nauman\Application Data\Mozilla\Firefox\Profiles\2a2saiyt.default\cookies.txt[.belnk.com/] Spyware:Cookie/888 Not disinfected C:\Documents and Settings\Paul Nauman\Cookies\paul nauman@888[1].txt Spyware:Cookie/888 Not disinfected C:\Documents and Settings\Paul Nauman\Cookies\paul nauman@888[2].txt Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Paul Nauman\Cookies\paul nauman@adrevolver[1].txt Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Paul Nauman\Cookies\paul nauman@belnk[1].txt Spyware:Cookie/Cassava Not disinfected C:\Documents and Settings\Paul Nauman\Cookies\paul nauman@cassava[1].txt Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Paul Nauman\Cookies\paul nauman@dist.belnk[2].txt Spyware:Cookie/Malwarewipe Not disinfected C:\Documents and Settings\Paul Nauman\Cookies\paul nauman@malwarewipe[1].txt Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Paul Nauman\Cookies\paul nauman@statcounter[2].txt Spyware:Cookie/SecurityError Not disinfected C:\Documents and Settings\Paul Nauman\Cookies\paul nauman@www.systemuptodate[2].txt Virus:Trj/Ruins.MB Disinfected C:\WINDOWS\system32\dmunv.exe --------------------------------------------------------- ewido anti-spyware - Scan Report --------------------------------------------------------- + Created at: 1:46:50 PM 09/18/2006 + Scan result: HKU\S-1-5-21-235113891-561637946-2390752385-1006\Software\Classes\CLSID\{62eb0924-19d2-4226-b4b9-8ad1f70904c1} -> Adware.Generic : Cleaned. HKU\S-1-5-21-235113891-561637946-2390752385-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{736B5468-BDAD-41BE-92D0-22AE2DDF7BCB} -> Adware.Generic : Cleaned. HKU\S-1-5-21-235113891-561637946-2390752385-1006_Classes\CLSID\{62eb0924-19d2-4226-b4b9-8ad1f70904c1} -> Adware.Generic : Cleaned. C:\WINDOWS\NDNuninstall6_38.exe -> Adware.NewDotNet : Cleaned. HKU\S-1-5-21-235113891-561637946-2390752385-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E} -> Adware.NewDotNet : Cleaned. C:\Program Files\DAEMON Tools\SetupDTSB.exe -> Adware.SaveNow : Cleaned. C:\WINDOWS\system32\cspsg.exe -> Downloader.Agent.uj : Cleaned. :mozilla.148:C:\Documents and Settings\Paul Nauman\Application Data\Mozilla\Firefox\Profiles\2a2saiyt.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.149:C:\Documents and Settings\Paul Nauman\Application Data\Mozilla\Firefox\Profiles\2a2saiyt.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.150:C:\Documents and Settings\Paul Nauman\Application Data\Mozilla\Firefox\Profiles\2a2saiyt.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.151:C:\Documents and Settings\Paul Nauman\Application Data\Mozilla\Firefox\Profiles\2a2saiyt.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.152:C:\Documents and Settings\Paul Nauman\Application Data\Mozilla\Firefox\Profiles\2a2saiyt.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.153:C:\Documents and Settings\Paul Nauman\Application Data\Mozilla\Firefox\Profiles\2a2saiyt.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.154:C:\Documents and Settings\Paul Nauman\Application Data\Mozilla\Firefox\Profiles\2a2saiyt.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.155:C:\Documents and Settings\Paul Nauman\Application Data\Mozilla\Firefox\Profiles\2a2saiyt.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.156:C:\Documents and Settings\Paul Nauman\Application Data\Mozilla\Firefox\Profiles\2a2saiyt.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.157:C:\Documents and Settings\Paul Nauman\Application Data\Mozilla\Firefox\Profiles\2a2saiyt.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.158:C:\Documents and Settings\Paul Nauman\Application Data\Mozilla\Firefox\Profiles\2a2saiyt.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.159:C:\Documents and Settings\Paul Nauman\Application Data\Mozilla\Firefox\Profiles\2a2saiyt.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.160:C:\Documents and Settings\Paul Nauman\Application Data\Mozilla\Firefox\Profiles\2a2saiyt.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.161:C:\Documents and Settings\Paul Nauman\Application Data\Mozilla\Firefox\Profiles\2a2saiyt.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.162:C:\Documents and Settings\Paul Nauman\Application Data\Mozilla\Firefox\Profiles\2a2saiyt.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.163:C:\Documents and Settings\Paul Nauman\Application Data\Mozilla\Firefox\Profiles\2a2saiyt.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.164:C:\Documents and Settings\Paul Nauman\Application Data\Mozilla\Firefox\Profiles\2a2saiyt.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.165:C:\Documents and Settings\Paul Nauman\Application Data\Mozilla\Firefox\Profiles\2a2saiyt.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.166:C:\Documents and Settings\Paul Nauman\Application Data\Mozilla\Firefox\Profiles\2a2saiyt.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.167:C:\Documents and Settings\Paul Nauman\Application Data\Mozilla\Firefox\Profiles\2a2saiyt.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.168:C:\Documents and Settings\Paul Nauman\Application Data\Mozilla\Firefox\Profiles\2a2saiyt.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.169:C:\Documents and Settings\Paul Nauman\Application Data\Mozilla\Firefox\Profiles\2a2saiyt.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.170:C:\Documents and Settings\Paul Nauman\Application Data\Mozilla\Firefox\Profiles\2a2saiyt.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.171:C:\Documents and Settings\Paul Nauman\Application Data\Mozilla\Firefox\Profiles\2a2saiyt.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.172:C:\Documents and Settings\Paul Nauman\Application Data\Mozilla\Firefox\Profiles\2a2saiyt.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.173:C:\Documents and Settings\Paul Nauman\Application Data\Mozilla\Firefox\Profiles\2a2saiyt.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.322:C:\Documents and Settings\Paul Nauman\Application Data\Mozilla\Firefox\Profiles\2a2saiyt.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.592:C:\Documents and Settings\Paul Nauman\Application Data\Mozilla\Firefox\Profiles\2a2saiyt.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.658:C:\Documents and Settings\Paul Nauman\Application Data\Mozilla\Firefox\Profiles\2a2saiyt.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.679:C:\Documents and Settings\Paul Nauman\Application Data\Mozilla\Firefox\Profiles\2a2saiyt.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.700:C:\Documents and Settings\Paul Nauman\Application Data\Mozilla\Firefox\Profiles\2a2saiyt.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.727:C:\Documents and Settings\Paul Nauman\Application Data\Mozilla\Firefox\Profiles\2a2saiyt.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.758:C:\Documents and Settings\Paul Nauman\Application Data\Mozilla\Firefox\Profiles\2a2saiyt.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. C:\Documents and Settings\Paul Nauman\Cookies\paul nauman@microsofteup.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned. C:\Documents and Settings\Paul Nauman\Cookies\paul nauman@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned. :mozilla.291:C:\Documents and Settings\Paul Nauman\Application Data\Mozilla\Firefox\Profiles\2a2saiyt.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned. :mozilla.292:C:\Documents and Settings\Paul Nauman\Application Data\Mozilla\Firefox\Profiles\2a2saiyt.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned. :mozilla.293:C:\Documents and Settings\Paul Nauman\Application Data\Mozilla\Firefox\Profiles\2a2saiyt.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned. :mozilla.294:C:\Documents and Settings\Paul Nauman\Application Data\Mozilla\Firefox\Profiles\2a2saiyt.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned. :mozilla.295:C:\Documents and Settings\Paul Nauman\Application Data\Mozilla\Firefox\Profiles\2a2saiyt.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned. :mozilla.296:C:\Documents and Settings\Paul Nauman\Application Data\Mozilla\Firefox\Profiles\2a2saiyt.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned. :mozilla.297:C:\Documents and Settings\Paul Nauman\Application Data\Mozilla\Firefox\Profiles\2a2saiyt.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned. :mozilla.298:C:\Documents and Settings\Paul Nauman\Application Data\Mozilla\Firefox\Profiles\2a2saiyt.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned. :mozilla.222:C:\Documents and Settings\Paul Nauman\Application Data\Mozilla\Firefox\Profiles\2a2saiyt.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned. :mozilla.223:C:\Documents and Settings\Paul Nauman\Application Data\Mozilla\Firefox\Profiles\2a2saiyt.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned. :mozilla.224:C:\Documents and Settings\Paul Nauman\Application Data\Mozilla\Firefox\Profiles\2a2saiyt.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned. :mozilla.468:C:\Documents and Settings\Paul Nauman\Application Data\Mozilla\Firefox\Profiles\2a2saiyt.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned. :mozilla.944:C:\Documents and Settings\Paul Nauman\Application Data\Mozilla\Firefox\Profiles\2a2saiyt.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned. :mozilla.336:C:\Documents and Settings\Paul Nauman\Application Data\Mozilla\Firefox\Profiles\2a2saiyt.default\cookies.txt -> TrackingCookie.Addynamix : Cleaned. :mozilla.557:C:\Documents and Settings\Paul Nauman\Application Data\Mozilla\Firefox\Profiles\2a2saiyt.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned. :mozilla.558:C:\Documents and Settings\Paul Nauman\Application Data\Mozilla\Firefox\Profiles\2a2saiyt.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned. :mozilla.337:C:\Documents and Settings\Paul Nauman\Application Data\Mozilla\Firefox\Profiles\2a2saiyt.default\cookies.txt -> TrackingCookie.Admarketplace : Cleaned. C:\Documents and Settings\Paul Nauman\Cookies\paul nauman@admarketplace[1].txt -> TrackingCookie.Admarketplace : Cleaned. :mozilla.242:C:\Documents and Settings\Paul Nauman\Application Data\Mozilla\Firefox\Profiles\2a2saiyt.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned. :mozilla.243:C:\Documents and Settings\Paul Nauman\Application Data\Mozilla\Firefox\Profiles\2a2saiyt.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned. :mozilla.244:C:\Documents and Settings\Paul Nauman\Application Data\Mozilla\Firefox\Profiles\2a2saiyt.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned. :mozilla.248:C:\Documents and Settings\Paul Nauman\Application Data\Mozilla\Firefox\Profiles\2a2saiyt.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned. :mozilla.249:C:\Documents and Settings\Paul Nauman\Application Data\Mozilla\Firefox\Profiles\2a2saiyt.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned. :mozilla.250:C:\Documents and Settings\Paul Nauman\Application Data\Mozilla\Firefox\Profiles\2a2saiyt.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned. :mozilla.251:C:\Documents and Settings\Paul Nauman\Application Data\Mozilla\Firefox\Profiles\2a2saiyt.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned. :mozilla.252:C:\Documents and Settings\Paul Nauman\Application Data\Mozilla\Firefox\Profiles\2a2saiyt.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned. C:\Documents and Settings\Paul Nauman\Cookies\paul nauman@adrevolver[3].txt -> TrackingCookie.Adrevolver : Cleaned. :mozilla.900:C:\Documents and Settings\Paul Nauman\Application Data\Mozilla\Firefox\Profiles\2a2saiyt.default\cookies.txt -> TrackingCookie.Adtech : Cleaned. :mozilla.901:C:\Documents and Settings\Paul Nauman\Application Data\Mozilla\Firefox\Profiles\2a2saiyt.default\cookies.txt -> TrackingCookie.Adtech : Cleaned. :mozilla.29:C:\Documents and Settings\Paul Nauman\Application Data\Mozilla\Firefox\Profiles\2a2saiyt.default\cookies.txt -> TrackingCookie.Advertising : Cleaned. :mozilla.30:C:\Documents and Settings\Paul Nauman\Application Data\Mozilla\Firefox\Profiles\2a2saiyt.default\cookies.txt -> TrackingCookie.Advertising : Cleaned. :mozilla.31:C:\Documents and Settings\Paul Nauman\Application Data\Mozilla\Firefox\Profiles\2a2saiyt.default\cookies.txt -> TrackingCookie.Advertising : Cleaned. :mozilla.32:C:\Documents and Settings\Paul Nauman\Application Data\Mozilla\Firefox\Profiles\2a2saiyt.default\cookies.txt -> TrackingCookie.Advertising : Cleaned. :mozilla.33:C:\Documents and Settings\Paul Nauman\Application Data\Mozilla\Firefox\Profiles\2a2saiyt.default\cookies.txt -> TrackingCookie.Advertising : Cleaned. :mozilla.21:C:\Documents and Settings\Paul Nauman\Application Data\Mozilla\Firefox\Profiles\2a2saiyt.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned. C:\Documents and Settings\Paul Nauman\Cookies\paul nauman@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned. :mozilla.730:C:\Documents and Settings\Paul Nauman\Application Data\Mozilla\Firefox\Profiles\2a2saiyt.default\cookies.txt -> TrackingCookie.Bfast : Cleaned. :mozilla.348:C:\Documents and Settings\Paul Nauman\Application Data\Mozilla\Firefox\Profiles\2a2saiyt.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned. :mozilla.876:C:\Documents and Settings\Paul Nauman\Application Data\Mozilla\Firefox\Profiles\2a2saiyt.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned. :mozilla.877:C:\Documents and Settings\Paul Nauman\Application Data\Mozilla\Firefox\Profiles\2a2saiyt.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned. :mozilla.95:C:\Documents and Settings\Paul Nauman\Application Data\Mozilla\Firefox\Profiles\2a2saiyt.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned. :mozilla.100:C:\Documents and Settings\Paul Nauman\Application Data\Mozilla\Firefox\Profiles\2a2saiyt.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned. :mozilla.101:C:\Documents and Settings\Paul Nauman\Application Data\Mozilla\Firefox\Profiles\2a2saiyt.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned. :mozilla.98:C:\Documents and Settings\Paul Nauman\Application Data\Mozilla\Firefox\Profiles\2a2saiyt.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned. :mozilla.99:C:\Documents and Settings\Paul Nauman\Application Data\Mozilla\Firefox\Profiles\2a2saiyt.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned. C:\Documents and Settings\Paul Nauman\Cookies\paul nauman@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned. :mozilla.22:C:\Documents and Settings\Paul Nauman\Application Data\Mozilla\Firefox\Profiles\2a2saiyt.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned. :mozilla.23:C:\Documents and Settings\Paul Nauman\Application Data\Mozilla\Firefox\Profiles\2a2saiyt.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned. :mozilla.24:C:\Documents and Settings\Paul Nauman\Application Data\Mozilla\Firefox\Profiles\2a2saiyt.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned. :mozilla.25:C:\Documents and Settings\Paul Nauman\Application Data\Mozilla\Firefox\Profiles\2a2saiyt.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned. :mozilla.511:C:\Documents and Settings\Paul Nauman\Application Data\Mozilla\Firefox\Profiles\2a2saiyt.default\cookies.txt -> TrackingCookie.Clickbank : Cleaned. :mozilla.807:C:\Documents and Settings\Paul Nauman\Application Data\Mozilla\Firefox\Profiles\2a2saiyt.default\cookies.txt -> TrackingCookie.Clickhype : Cleaned. :mozilla.911:C:\Documents and Settings\Paul Nauman\Application Data\Mozilla\Firefox\Profiles\2a2saiyt.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned. :mozilla.912:C:\Documents and Settings\Paul Nauman\Application Data\Mozilla\Firefox\Profiles\2a2saiyt.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned. :mozilla.340:C:\Documents and Settings\Paul Nauman\Application Data\Mozilla\Firefox\Profiles\2a2saiyt.default\cookies.txt -> TrackingCookie.Com : Cleaned. :mozilla.731:C:\Documents and Settings\Paul Nauman\Application Data\Mozilla\Firefox\Profiles\2a2saiyt.default\cookies.txt -> TrackingCookie.Commission-junction : Cleaned. :mozilla.732:C:\Documents and Settings\Paul Nauman\Application Data\Mozilla\Firefox\Profiles\2a2saiyt.default\cookies.txt -> TrackingCookie.Commission-junction : Cleaned. :mozilla.814:C:\Documents and Settings\Paul Nauman\Application Data\Mozilla\Firefox\Profiles\2a2saiyt.default\cookies.txt -> TrackingCookie.Coremetrics : Cleaned. :mozilla.470:C:\Documents and Settings\Paul Nauman\Application Data\Mozilla\Firefox\Profiles\2a2saiyt.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned. :mozilla.471:C:\Documents and Settings\Paul Nauman\Application Data\Mozilla\Firefox\Profiles\2a2saiyt.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned. :mozilla.472:C:\Documents and Settings\Paul Nauman\Application Data\Mozilla\Firefox\Profiles\2a2saiyt.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned. :mozilla.473:C:\Documents and Settings\Paul Nauman\Application Data\Mozilla\Firefox\Profiles\2a2saiyt.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned. :mozilla.370:C:\Documents and Settings\Paul Nauman\Application Data\Mozilla\Firefox\Profiles\2a2saiyt.default\cookies.txt -> TrackingCookie.Cqcounter : Cleaned. :mozilla.35:C:\Documents and Settings\Paul Nauman\Application Data\Mozilla\Firefox\Profiles\2a2saiyt.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned. C:\Documents and Settings\Paul Nauman\Cookies\paul nauman@doubleclick[2].txt -> TrackingCookie.Doubleclick : Cleaned. :mozilla.879:C:\Documents and Settings\Paul Nauman\Application Data\Mozilla\Firefox\Profiles\2a2saiyt.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned. C:\Documents and Settings\Paul Nauman\Cookies\paul nauman@adopt.euroclick[1].txt -> TrackingCookie.Euroclick : Cleaned. :mozilla.219:C:\Documents and Settings\Paul Nauman\Application Data\Mozilla\Firefox\Profiles\2a2saiyt.default\cookies.txt -> TrackingCookie.Falkag : Cleaned. :mozilla.220:C:\Documents and Settings\Paul Nauman\Application Data\Mozilla\Firefox\Profiles\2a2saiyt.default\cookies.txt -> TrackingCookie.Falkag : Cleaned. :mozilla.263:C:\Documents and Settings\Paul Nauman\Application Data\Mozilla\Firefox\Profiles\2a2saiyt.default\cookies.txt -> TrackingCookie.Falkag : Cleaned. :mozilla.264:C:\Documents and Settings\Paul Nauman\Application Data\Mozilla\Firefox\Profiles\2a2saiyt.default\cookies.txt -> TrackingCookie.Falkag : Cleaned. :mozilla.265:C:\Documents and Settings\Paul Nauman\Application Data\Mozilla\Firefox\Profiles\2a2saiyt.default\cookies.txt -> TrackingCookie.Falkag : Cleaned. :mozilla.266:C:\Documents and Settings\Paul Nauman\Application Data\Mozilla\Firefox\Profiles\2a2saiyt.default\cookies.txt -> TrackingCookie.Falkag : Cleaned. :mozilla.267:C:\Documents and Settings\Paul Nauman\Application Data\Mozilla\Firefox\Profiles\2a2saiyt.default\cookies.txt -> TrackingCookie.Falkag : Cleaned. :mozilla.66:C:\Documents and Settings\Paul Nauman\Application Data\Mozilla\Firefox\Profiles\2a2saiyt.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned. :mozilla.68:C:\Documents and Settings\Paul Nauman\Application Data\Mozilla\Firefox\Profiles\2a2saiyt.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned. :mozilla.70:C:\Documents and Settings\Paul Nauman\Application Data\Mozilla\Firefox\Profiles\2a2saiyt.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned. :mozilla.73:C:\Documents and Settings\Paul Nauman\Application Data\Mozilla\Firefox\Profiles\2a2saiyt.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned. :mozilla.74:C:\Documents and Settings\Paul Nauman\Application Data\Mozilla\Firefox\Profiles\2a2saiyt.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned. :mozilla.75:C:\Documents and Settings\Paul Nauman\Application Data\Mozilla\Firefox\Profiles\2a2saiyt.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned. :mozilla.504:C:\Documents and Settings\Paul Nauman\Application Data\Mozilla\Firefox\Profiles\2a2saiyt.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned. :mozilla.509:C:\Documents and Settings\Paul Nauman\Application Data\Mozilla\Firefox\Profiles\2a2saiyt.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned. :mozilla.512:C:\Documents and Settings\Paul Nauman\Application Data\Mozilla\Firefox\Profiles\2a2saiyt.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned. :mozilla.834:C:\Documents and Settings\Paul Nauman\Application Data\Mozilla\Firefox\Profiles\2a2saiyt.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned. :mozilla.835:C:\Documents and Settings\Paul Nauman\Application Data\Mozilla\Firefox\Profiles\2a2saiyt.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned. :mozilla.92:C:\Documents and Settings\Paul Nauman\Application Data\Mozilla\Firefox\Profiles\2a2saiyt.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned. :mozilla.935:C:\Documents and Settings\Paul Nauman\Application Data\Mozilla\Firefox\Profiles\2a2saiyt.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned. :mozilla.93:C:\Documents and Settings\Paul Nauman\Application Data\Mozilla\Firefox\Profiles\2a2saiyt.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned. :mozilla.94:C:\Documents and Settings\Paul Nauman\Application Data\Mozilla\Firefox\Profiles\2a2saiyt.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned. :mozilla.615:C:\Documents and Settings\Paul Nauman\Application Data\Mozilla\Firefox\Profiles\2a2saiyt.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned. :mozilla.616:C:\Documents and Settings\Paul Nauman\Application Data\Mozilla\Firefox\Profiles\2a2saiyt.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned. :mozilla.617:C:\Documents and Settings\Paul Nauman\Application Data\Mozilla\Firefox\Profiles\2a2saiyt.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned. :mozilla.618:C:\Documents and Settings\Paul Nauman\Application Data\Mozilla\Firefox\Profiles\2a2saiyt.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned. :mozilla.361:C:\Documents and Settings\Paul Nauman\Application Data\Mozilla\Firefox\Profiles\2a2saiyt.default\cookies.txt -> TrackingCookie.Hotlog : Cleaned. :mozilla.51:C:\Documents and Settings\Paul Nauman\Application Data\Mozilla\Firefox\Profiles\2a2saiyt.default\cookies.txt -> TrackingCookie.Linksynergy : Cleaned. :mozilla.52:C:\Documents and Settings\Paul Nauman\Application Data\Mozilla\Firefox\Profiles\2a2saiyt.default\cookies.txt -> TrackingCookie.Linksynergy : Cleaned. :mozilla.363:C:\Documents and Settings\Paul Nauman\Application Data\Mozilla\Firefox\Profiles\2a2saiyt.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned. :mozilla.364:C:\Documents and Settings\Paul Nauman\Application Data\Mozilla\Firefox\Profiles\2a2saiyt.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned. :mozilla.365:C:\Documents and Settings\Paul Nauman\Application Data\Mozilla\Firefox\Profiles\2a2saiyt.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned. :mozilla.506:C:\Documents and Settings\Paul Nauman\Application Data\Mozilla\Firefox\Profiles\2a2saiyt.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned. :mozilla.507:C:\Documents and Settings\Paul Nauman\Application Data\Mozilla\Firefox\Profiles\2a2saiyt.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned. :mozilla.722:C:\Documents and Settings\Paul Nauman\Application Data\Mozilla\Firefox\Profiles\2a2saiyt.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned. :mozilla.723:C:\Documents and Settings\Paul Nauman\Application Data\Mozilla\Firefox\Profiles\2a2saiyt.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned. :mozilla.913:C:\Documents and Settings\Paul Nauman\Application Data\Mozilla\Firefox\Profiles\2a2saiyt.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned. :mozilla.914:C:\Documents and Settings\Paul Nauman\Application Data\Mozilla\Firefox\Profiles\2a2saiyt.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned. :mozilla.440:C:\Documents and Settings\Paul Nauman\Application Data\Mozilla\Firefox\Profiles\2a2saiyt.default\cookies.txt -> TrackingCookie.Masterstats : Cleaned. :mozilla.14:C:\Documents and Settings\Paul Nauman\Application Data\Mozilla\Firefox\Profiles\2a2saiyt.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned. :mozilla.15:C:\Documents and Settings\Paul Nauman\Application Data\Mozilla\Firefox\Profiles\2a2saiyt.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned. :mozilla.652:C:\Documents and Settings\Paul Nauman\Application Data\Mozilla\Firefox\Profiles\2a2saiyt.default\cookies.txt -> TrackingCookie.Onestat : Cleaned. :mozilla.653:C:\Documents and Settings\Paul Nauman\Application Data\Mozilla\Firefox\Profiles\2a2saiyt.default\cookies.txt -> TrackingCookie.Onestat : Cleaned. :mozilla.654:C:\Documents and Settings\Paul Nauman\Application Data\Mozilla\Firefox\Profiles\2a2saiyt.default\cookies.txt -> TrackingCookie.Onestat : Cleaned. :mozilla.117:C:\Documents and Settings\Paul Nauman\Application Data\Mozilla\Firefox\Profiles\2a2saiyt.default\cookies.txt -> TrackingCookie.Overture : Cleaned. :mozilla.118:C:\Documents and Settings\Paul Nauman\Application Data\Mozilla\Firefox\Profiles\2a2saiyt.default\cookies.txt -> TrackingCookie.Overture : Cleaned. :mozilla.135:C:\Documents and Settings\Paul Nauman\Application Data\Mozilla\Firefox\Profiles\2a2saiyt.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned. :mozilla.136:C:\Documents and Settings\Paul Nauman\Application Data\Mozilla\Firefox\Profiles\2a2saiyt.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned. :mozilla.137:C:\Documents and Settings\Paul Nauman\Application Data\Mozilla\Firefox\Profiles\2a2saiyt.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned. :mozilla.138:C:\Documents and Settings\Paul Nauman\Application Data\Mozilla\Firefox\Profiles\2a2saiyt.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned. :mozilla.282:C:\Documents and Settings\Paul Nauman\Application Data\Mozilla\Firefox\Profiles\2a2saiyt.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned. :mozilla.283:C:\Documents and Settings\Paul Nauman\Application Data\Mozilla\Firefox\Profiles\2a2saiyt.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned. :mozilla.190:C:\Documents and Settings\Paul Nauman\Application Data\Mozilla\Firefox\Profiles\2a2saiyt.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned. :mozilla.191:C:\Documents and Settings\Paul Nauman\Application Data\Mozilla\Firefox\Profiles\2a2saiyt.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned. :mozilla.192:C:\Documents and Settings\Paul Nauman\Application Data\Mozilla\Firefox\Profiles\2a2saiyt.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned. C:\Documents and Settings\Paul Nauman\Cookies\paul nauman@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned. :mozilla.973:C:\Documents and Settings\Paul Nauman\Application Data\Mozilla\Firefox\Profiles\2a2saiyt.default\cookies.txt -> TrackingCookie.Realtracker : Cleaned. :mozilla.810:C:\Documents and Settings\Paul Nauman\Application Data\Mozilla\Firefox\Profiles\2a2saiyt.default\cookies.txt -> TrackingCookie.Revenue : Cleaned. C:\Documents and Settings\Paul Nauman\Cookies\paul nauman@ads1.revenue[1].txt -> TrackingCookie.Revenue : Cleaned. :mozilla.349:C:\Documents and Settings\Paul Nauman\Application Data\Mozilla\Firefox\Profiles\2a2saiyt.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned. :mozilla.350:C:\Documents and Settings\Paul Nauman\Application Data\Mozilla\Firefox\Profiles\2a2saiyt.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned. :mozilla.351:C:\Documents and Settings\Paul Nauman\Application Data\Mozilla\Firefox\Profiles\2a2saiyt.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned. :mozilla.352:C:\Documents and Settings\Paul Nauman\Application Data\Mozilla\Firefox\Profiles\2a2saiyt.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned. :mozilla.353:C:\Documents and Settings\Paul Nauman\Application Data\Mozilla\Firefox\Profiles\2a2saiyt.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned. :mozilla.354:C:\Documents and Settings\Paul Nauman\Application Data\Mozilla\Firefox\Profiles\2a2saiyt.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned. :mozilla.355:C:\Documents and Settings\Paul Nauman\Application Data\Mozilla\Firefox\Profiles\2a2saiyt.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned. :mozilla.424:C:\Documents and Settings\Paul Nauman\Application Data\Mozilla\Firefox\Profiles\2a2saiyt.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned. :mozilla.425:C:\Documents and Settings\Paul Nauman\Application Data\Mozilla\Firefox\Profiles\2a2saiyt.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned. :mozilla.426:C:\Documents and Settings\Paul Nauman\Application Data\Mozilla\Firefox\Profiles\2a2saiyt.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned. :mozilla.427:C:\Documents and Settings\Paul Nauman\Application Data\Mozilla\Firefox\Profiles\2a2saiyt.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned. :mozilla.428:C:\Documents and Settings\Paul Nauman\Application Data\Mozilla\Firefox\Profiles\2a2saiyt.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned. :mozilla.563:C:\Documents and Settings\Paul Nauman\Application Data\Mozilla\Firefox\Profiles\2a2saiyt.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned. :mozilla.564:C:\Documents and Settings\Paul Nauman\Application Data\Mozilla\Firefox\Profiles\2a2saiyt.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned. :mozilla.565:C:\Documents and Settings\Paul Nauman\Application Data\Mozilla\Firefox\Profiles\2a2saiyt.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned. :mozilla.566:C:\Documents and Settings\Paul Nauman\Application Data\Mozilla\Firefox\Profiles\2a2saiyt.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned. :mozilla.567:C:\Documents and Settings\Paul Nauman\Application Data\Mozilla\Firefox\Profiles\2a2saiyt.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned. :mozilla.568:C:\Documents and Settings\Paul Nauman\Application Data\Mozilla\Firefox\Profiles\2a2saiyt.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned. :mozilla.569:C:\Documents and Settings\Paul Nauman\Application Data\Mozilla\Firefox\Profiles\2a2saiyt.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned. :mozilla.570:C:\Documents and Settings\Paul Nauman\Application Data\Mozilla\Firefox\Profiles\2a2saiyt.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned. :mozilla.571:C:\Documents and Settings\Paul Nauman\Application Data\Mozilla\Firefox\Profiles\2a2saiyt.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned. :mozilla.572:C:\Documents and Settings\Paul Nauman\Application Data\Mozilla\Firefox\Profiles\2a2saiyt.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned. :mozilla.573:C:\Documents and Settings\Paul Nauman\Application Data\Mozilla\Firefox\Profiles\2a2saiyt.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned. :mozilla.574:C:\Documents and Settings\Paul Nauman\Application Data\Mozilla\Firefox\Profiles\2a2saiyt.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned. :mozilla.575:C:\Documents and Settings\Paul Nauman\Application Data\Mozilla\Firefox\Profiles\2a2saiyt.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned. :mozilla.576:C:\Documents and Settings\Paul Nauman\Application Data\Mozilla\Firefox\Profiles\2a2saiyt.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned. :mozilla.577:C:\Documents and Settings\Paul Nauman\Application Data\Mozilla\Firefox\Profiles\2a2saiyt.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned. :mozilla.578:C:\Documents and Settings\Paul Nauman\Application Data\Mozilla\Firefox\Profiles\2a2saiyt.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned. :mozilla.579:C:\Documents and Settings\Paul Nauman\Application Data\Mozilla\Firefox\Profiles\2a2saiyt.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned. :mozilla.580:C:\Documents and Settings\Paul Nauman\Application Data\Mozilla\Firefox\Profiles\2a2saiyt.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned. :mozilla.581:C:\Documents and Settings\Paul Nauman\Application Data\Mozilla\Firefox\Profiles\2a2saiyt.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned. :mozilla.582:C:\Documents and Settings\Paul Nauman\Application Data\Mozilla\Firefox\Profiles\2a2saiyt.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned. :mozilla.253:C:\Documents and Settings\Paul Nauman\Application Data\Mozilla\Firefox\Profiles\2a2saiyt.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned. :mozilla.254:C:\Documents and Settings\Paul Nauman\Application Data\Mozilla\Firefox\Profiles\2a2saiyt.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned. :mozilla.255:C:\Documents and Settings\Paul Nauman\Application Data\Mozilla\Firefox\Profiles\2a2saiyt.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned. :mozilla.256:C:\Documents and Settings\Paul Nauman\Application Data\Mozilla\Firefox\Profiles\2a2saiyt.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned. :mozilla.257:C:\Documents and Settings\Paul Nauman\Application Data\Mozilla\Firefox\Profiles\2a2saiyt.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned. :mozilla.258:C:\Documents and Settings\Paul Nauman\Application Data\Mozilla\Firefox\Profiles\2a2saiyt.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned. :mozilla.867:C:\Documents and Settings\Paul Nauman\Application Data\Mozilla\Firefox\Profiles\2a2saiyt.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned. :mozilla.868:C:\Documents and Settings\Paul Nauman\Application Data\Mozilla\Firefox\Profiles\2a2saiyt.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned. :mozilla.811:C:\Documents and Settings\Paul Nauman\Application Data\Mozilla\Firefox\Profiles\2a2saiyt.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned. C:\Documents and Settings\Paul Nauman\Cookies\paul nauman@adopt.specificclick[1].txt -> TrackingCookie.Specificclick : Cleaned. :mozilla.360:C:\Documents and Settings\Paul Nauman\Application Data\Mozilla\Firefox\Profiles\2a2saiyt.default\cookies.txt -> TrackingCookie.Spylog : Cleaned. :mozilla.434:C:\Documents and Settings\Paul Nauman\Application Data\Mozilla\Firefox\Profiles\2a2saiyt.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned. :mozilla.435:C:\Documents and Settings\Paul Nauman\Application Data\Mozilla\Firefox\Profiles\2a2saiyt.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned. :mozilla.436:C:\Documents and Settings\Paul Nauman\Application Data\Mozilla\Firefox\Profiles\2a2saiyt.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned. :mozilla.437:C:\Documents and Settings\Paul Nauman\Application Data\Mozilla\Firefox\Profiles\2a2saiyt.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned. :mozilla.438:C:\Documents and Settings\Paul Nauman\Application Data\Mozilla\Firefox\Profiles\2a2saiyt.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned. C:\Documents and Settings\Paul Nauman\Cookies\paul nauman@statcounter[2].txt -> TrackingCookie.Statcounter : Cleaned. :mozilla.102:C:\Documents and Settings\Paul Nauman\Application Data\Mozilla\Firefox\Profiles\2a2saiyt.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned. :mozilla.103:C:\Documents and Settings\Paul Nauman\Application Data\Mozilla\Firefox\Profiles\2a2saiyt.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned. :mozilla.104:C:\Documents and Settings\Paul Nauman\Application Data\Mozilla\Firefox\Profiles\2a2saiyt.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned. :mozilla.221:C:\Documents and Settings\Paul Nauman\Application Data\Mozilla\Firefox\Profiles\2a2saiyt.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned. C:\Documents and Settings\Paul Nauman\Cookies\paul nauman@anat.tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned. C:\Documents and Settings\Paul Nauman\Cookies\paul nauman@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned. :mozilla.794:C:\Documents and Settings\Paul Nauman\Application Data\Mozilla\Firefox\Profiles\2a2saiyt.default\cookies.txt -> TrackingCookie.Targetnet : Cleaned. :mozilla.878:C:\Documents and Settings\Paul Nauman\Application Data\Mozilla\Firefox\Profiles\2a2saiyt.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned. :mozilla.194:C:\Documents and Settings\Paul Nauman\Application Data\Mozilla\Firefox\Profiles\2a2saiyt.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned. :mozilla.195:C:\Documents and Settings\Paul Nauman\Application Data\Mozilla\Firefox\Profiles\2a2saiyt.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned. :mozilla.196:C:\Documents and Settings\Paul Nauman\Application Data\Mozilla\Firefox\Profiles\2a2saiyt.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned. :mozilla.197:C:\Documents and Settings\Paul Nauman\Application Data\Mozilla\Firefox\Profiles\2a2saiyt.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned. :mozilla.198:C:\Documents and Settings\Paul Nauman\Application Data\Mozilla\Firefox\Profiles\2a2saiyt.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned. :mozilla.199:C:\Documents and Settings\Paul Nauman\Application Data\Mozilla\Firefox\Profiles\2a2saiyt.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned. :mozilla.200:C:\Documents and Settings\Paul Nauman\Application Data\Mozilla\Firefox\Profiles\2a2saiyt.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned. :mozilla.76:C:\Documents and Settings\Paul Nauman\Application Data\Mozilla\Firefox\Profiles\2a2saiyt.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned. :mozilla.761:C:\Documents and Settings\Paul Nauman\Application Data\Mozilla\Firefox\Profiles\2a2saiyt.default\cookies.txt -> TrackingCookie.Valuead : Cleaned. :mozilla.762:C:\Documents and Settings\Paul Nauman\Application Data\Mozilla\Firefox\Profiles\2a2saiyt.default\cookies.txt -> TrackingCookie.Valuead : Cleaned. :mozilla.763:C:\Documents and Settings\Paul Nauman\Application Data\Mozilla\Firefox\Profiles\2a2saiyt.default\cookies.txt -> TrackingCookie.Valuead : Cleaned. :mozilla.764:C:\Documents and Settings\Paul Nauman\Application Data\Mozilla\Firefox\Profiles\2a2saiyt.default\cookies.txt -> TrackingCookie.Valuead : Cleaned. :mozilla.765:C:\Documents and Settings\Paul Nauman\Application Data\Mozilla\Firefox\Profiles\2a2saiyt.default\cookies.txt -> TrackingCookie.Valuead : Cleaned. :mozilla.766:C:\Documents and Settings\Paul Nauman\Application Data\Mozilla\Firefox\Profiles\2a2saiyt.default\cookies.txt -> TrackingCookie.Valuead : Cleaned. :mozilla.559:C:\Documents and Settings\Paul Nauman\Application Data\Mozilla\Firefox\Profiles\2a2saiyt.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned. :mozilla.560:C:\Documents and Settings\Paul Nauman\Application Data\Mozilla\Firefox\Profiles\2a2saiyt.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned. :mozilla.503:C:\Documents and Settings\Paul Nauman\Application Data\Mozilla\Firefox\Profiles\2a2saiyt.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned. :mozilla.505:C:\Documents and Settings\Paul Nauman\Application Data\Mozilla\Firefox\Profiles\2a2saiyt.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned. :mozilla.374:C:\Documents and Settings\Paul Nauman\Application Data\Mozilla\Firefox\Profiles\2a2saiyt.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned. :mozilla.968:C:\Documents and Settings\Paul Nauman\Application Data\Mozilla\Firefox\Profiles\2a2saiyt.default\cookies.txt -> TrackingCookie.Xhit : Cleaned. :mozilla.123:C:\Documents and Settings\Paul Nauman\Application Data\Mozilla\Firefox\Profiles\2a2saiyt.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned. :mozilla.124:C:\Documents and Settings\Paul Nauman\Application Data\Mozilla\Firefox\Profiles\2a2saiyt.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned. :mozilla.125:C:\Documents and Settings\Paul Nauman\Application Data\Mozilla\Firefox\Profiles\2a2saiyt.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned. :mozilla.126:C:\Documents and Settings\Paul Nauman\Application Data\Mozilla\Firefox\Profiles\2a2saiyt.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned. C:\Documents and Settings\Paul Nauman\Cookies\paul nauman@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned. C:\Documents and Settings\Paul Nauman\Cookies\paul nauman@yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned. :mozilla.341:C:\Documents and Settings\Paul Nauman\Application Data\Mozilla\Firefox\Profiles\2a2saiyt.default\cookies.txt -> TrackingCookie.Zedo : Cleaned. :mozilla.342:C:\Documents and Settings\Paul Nauman\Application Data\Mozilla\Firefox\Profiles\2a2saiyt.default\cookies.txt -> TrackingCookie.Zedo : Cleaned. :mozilla.343:C:\Documents and Settings\Paul Nauman\Application Data\Mozilla\Firefox\Profiles\2a2saiyt.default\cookies.txt -> TrackingCookie.Zedo : Cleaned. C:\WINDOWS\system32\1024 -> Trojan.Small : Cleaned. C:\WINDOWS\system32\1024\ld2D7.tmp -> Trojan.Small : Cleaned. ::Report end Logfile of HijackThis v1.99.1 Scan saved at 6:07:21 PM, on 09/18/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\ewido anti-spyware 4.0\guard.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe C:\Program Files\SigmaTel\C-Major Audio\WDM\Stacsv.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe C:\Program Files\Sony\SonicStage\SsAAD.exe C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe C:\Program Files\BitLord\BitLord.exe C:\Program Files\Opera\Opera.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\Program Files\Sony\SonicStage\Omgjbox.exe C:\Program Files\Common Files\Sony Shared\AVLib\SsDbConnection.exe C:\HJT\scan.exe.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://vgcats.com/ O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [NI.UWA6P_0001_N822M1605] "C:\Documents and Settings\Paul Nauman\Local Settings\Temporary Internet Files\Content.IE5\O1UV8TE3\WinAntiVirusPro2006FreeInstall[1].exe" -nag O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\Stacsv.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
rescan with Hijackthis and check this, make sure all browser are closed and click Fix checked O4 - HKLM\..\Run: [NI.UWA6P_0001_N822M1605] "C:\Documents and Settings\Paul Nauman\Local Settings\Temporary Internet Files\Content.IE5\O1UV8TE3\WinAntiVirusPro2006FreeInstall[1].exe" -nag DownLoad http://www.downloads.subratam.org/KillBox.zip Copy these instructions to Notepad for safe mode. Restart your computer into safe mode now. (keep tapping F8 on startup) Double-click on Killbox.exe to run it. Now put a tick by Standard File Kill. In the "Full Path of File to Delete" box, copy and paste each of the following lines one at a time then click on the X button after you enter each file. It will ask for confimation to delete the file. Click Yes. Note: It is possible that Killbox will tell you that one or more files do not exist. If that happens, just continue on with all the files. c:\windows\system32\ot.ico C:\Documents and Settings\Paul Nauman\Local Settings\Temporary Internet Files\Content.IE5\O1UV8TE3 post another hijackthis log
Logfile of HijackThis v1.99.1 Scan saved at 4:56:04 PM, on 09/19/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe C:\Program Files\SigmaTel\C-Major Audio\WDM\Stacsv.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe C:\Program Files\BitLord\BitLord.exe C:\Program Files\Opera\Opera.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\HJT\scan.exe.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://vgcats.com/ O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [NI.UWA6P_0001_N822M1605] "C:\Documents and Settings\Paul Nauman\Local Settings\Temporary Internet Files\Content.IE5\O1UV8TE3\WinAntiVirusPro2006FreeInstall[1].exe" -nag O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\Stacsv.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
Open Notepad. copy and paste all the text [bold]inside[/bold] the quote box below , Paste into Notepad and save as [bold]newfix.reg[/bold] and save as type "All Files" to your desktop Now double click on newfix.reg on the desktop.When it asks to add to the registry, click yes. Turn off System Restore: click Start. Right-click My Computer, and then click Properties. On the System Restore tab, check Turn off System Restore Click Apply and Ok Turn back on System Restore: click Start. Right-click My Computer, and then click Properties. On the System Restore tab, uncheck Turn off System Restore. Click Apply and Ok This will create a new clean restore point. Let me know if you have any problems after that
